1What: /sys/bus/thunderbolt/devices/.../domainX/boot_acl 2Date: Jun 2018 3KernelVersion: 4.17 4Contact: thunderbolt-software@lists.01.org 5Description: Holds a comma separated list of device unique_ids that 6 are allowed to be connected automatically during system 7 startup (e.g boot devices). The list always contains 8 maximum supported number of unique_ids where unused 9 entries are empty. This allows the userspace software 10 to determine how many entries the controller supports. 11 If there are multiple controllers, each controller has 12 its own ACL list and size may be different between the 13 controllers. 14 15 System BIOS may have an option "Preboot ACL" or similar 16 that needs to be selected before this list is taken into 17 consideration. 18 19 Software always updates a full list in each write. 20 21 If a device is authorized automatically during boot its 22 boot attribute is set to 1. 23 24What: /sys/bus/thunderbolt/devices/.../domainX/iommu_dma_protection 25Date: Mar 2019 26KernelVersion: 4.21 27Contact: thunderbolt-software@lists.01.org 28Description: This attribute tells whether the system uses IOMMU 29 for DMA protection. Value of 1 means IOMMU is used 0 means 30 it is not (DMA protection is solely based on Thunderbolt 31 security levels). 32 33What: /sys/bus/thunderbolt/devices/.../domainX/security 34Date: Sep 2017 35KernelVersion: 4.13 36Contact: thunderbolt-software@lists.01.org 37Description: This attribute holds current Thunderbolt security level 38 set by the system BIOS. Possible values are: 39 40 none: All devices are automatically authorized 41 user: Devices are only authorized based on writing 42 appropriate value to the authorized attribute 43 secure: Require devices that support secure connect at 44 minimum. User needs to authorize each device. 45 dponly: Automatically tunnel Display port (and USB). No 46 PCIe tunnels are created. 47 usbonly: Automatically tunnel USB controller of the 48 connected Thunderbolt dock (and Display Port). All 49 PCIe links downstream of the dock are removed. 50 51What: /sys/bus/thunderbolt/devices/.../authorized 52Date: Sep 2017 53KernelVersion: 4.13 54Contact: thunderbolt-software@lists.01.org 55Description: This attribute is used to authorize Thunderbolt devices 56 after they have been connected. If the device is not 57 authorized, no devices such as PCIe and Display port are 58 available to the system. 59 60 Contents of this attribute will be 0 when the device is not 61 yet authorized. 62 63 Possible values are supported: 64 1: The device will be authorized and connected 65 66 When key attribute contains 32 byte hex string the possible 67 values are: 68 1: The 32 byte hex string is added to the device NVM and 69 the device is authorized. 70 2: Send a challenge based on the 32 byte hex string. If the 71 challenge response from device is valid, the device is 72 authorized. In case of failure errno will be ENOKEY if 73 the device did not contain a key at all, and 74 EKEYREJECTED if the challenge response did not match. 75 76What: /sys/bus/thunderbolt/devices/.../boot 77Date: Jun 2018 78KernelVersion: 4.17 79Contact: thunderbolt-software@lists.01.org 80Description: This attribute contains 1 if Thunderbolt device was already 81 authorized on boot and 0 otherwise. 82 83What: /sys/bus/thunderbolt/devices/.../key 84Date: Sep 2017 85KernelVersion: 4.13 86Contact: thunderbolt-software@lists.01.org 87Description: When a devices supports Thunderbolt secure connect it will 88 have this attribute. Writing 32 byte hex string changes 89 authorization to use the secure connection method instead. 90 Writing an empty string clears the key and regular connection 91 method can be used again. 92 93What: /sys/bus/thunderbolt/devices/.../device 94Date: Sep 2017 95KernelVersion: 4.13 96Contact: thunderbolt-software@lists.01.org 97Description: This attribute contains id of this device extracted from 98 the device DROM. 99 100What: /sys/bus/thunderbolt/devices/.../device_name 101Date: Sep 2017 102KernelVersion: 4.13 103Contact: thunderbolt-software@lists.01.org 104Description: This attribute contains name of this device extracted from 105 the device DROM. 106 107What: /sys/bus/thunderbolt/devices/.../vendor 108Date: Sep 2017 109KernelVersion: 4.13 110Contact: thunderbolt-software@lists.01.org 111Description: This attribute contains vendor id of this device extracted 112 from the device DROM. 113 114What: /sys/bus/thunderbolt/devices/.../vendor_name 115Date: Sep 2017 116KernelVersion: 4.13 117Contact: thunderbolt-software@lists.01.org 118Description: This attribute contains vendor name of this device extracted 119 from the device DROM. 120 121What: /sys/bus/thunderbolt/devices/.../unique_id 122Date: Sep 2017 123KernelVersion: 4.13 124Contact: thunderbolt-software@lists.01.org 125Description: This attribute contains unique_id string of this device. 126 This is either read from hardware registers (UUID on 127 newer hardware) or based on UID from the device DROM. 128 Can be used to uniquely identify particular device. 129 130What: /sys/bus/thunderbolt/devices/.../nvm_version 131Date: Sep 2017 132KernelVersion: 4.13 133Contact: thunderbolt-software@lists.01.org 134Description: If the device has upgradeable firmware the version 135 number is available here. Format: %x.%x, major.minor. 136 If the device is in safe mode reading the file returns 137 -ENODATA instead as the NVM version is not available. 138 139What: /sys/bus/thunderbolt/devices/.../nvm_authenticate 140Date: Sep 2017 141KernelVersion: 4.13 142Contact: thunderbolt-software@lists.01.org 143Description: When new NVM image is written to the non-active NVM 144 area (through non_activeX NVMem device), the 145 authentication procedure is started by writing 1 to 146 this file. If everything goes well, the device is 147 restarted with the new NVM firmware. If the image 148 verification fails an error code is returned instead. 149 150 When read holds status of the last authentication 151 operation if an error occurred during the process. This 152 is directly the status value from the DMA configuration 153 based mailbox before the device is power cycled. Writing 154 0 here clears the status. 155 156What: /sys/bus/thunderbolt/devices/<xdomain>.<service>/key 157Date: Jan 2018 158KernelVersion: 4.15 159Contact: thunderbolt-software@lists.01.org 160Description: This contains name of the property directory the XDomain 161 service exposes. This entry describes the protocol in 162 question. Following directories are already reserved by 163 the Apple XDomain specification: 164 165 network: IP/ethernet over Thunderbolt 166 targetdm: Target disk mode protocol over Thunderbolt 167 extdisp: External display mode protocol over Thunderbolt 168 169What: /sys/bus/thunderbolt/devices/<xdomain>.<service>/modalias 170Date: Jan 2018 171KernelVersion: 4.15 172Contact: thunderbolt-software@lists.01.org 173Description: Stores the same MODALIAS value emitted by uevent for 174 the XDomain service. Format: tbtsvc:kSpNvNrN 175 176What: /sys/bus/thunderbolt/devices/<xdomain>.<service>/prtcid 177Date: Jan 2018 178KernelVersion: 4.15 179Contact: thunderbolt-software@lists.01.org 180Description: This contains XDomain protocol identifier the XDomain 181 service supports. 182 183What: /sys/bus/thunderbolt/devices/<xdomain>.<service>/prtcvers 184Date: Jan 2018 185KernelVersion: 4.15 186Contact: thunderbolt-software@lists.01.org 187Description: This contains XDomain protocol version the XDomain 188 service supports. 189 190What: /sys/bus/thunderbolt/devices/<xdomain>.<service>/prtcrevs 191Date: Jan 2018 192KernelVersion: 4.15 193Contact: thunderbolt-software@lists.01.org 194Description: This contains XDomain software version the XDomain 195 service supports. 196 197What: /sys/bus/thunderbolt/devices/<xdomain>.<service>/prtcstns 198Date: Jan 2018 199KernelVersion: 4.15 200Contact: thunderbolt-software@lists.01.org 201Description: This contains XDomain service specific settings as 202 bitmask. Format: %x 203