What: /sys/bus/thunderbolt/devices/.../domainX/security Date: Sep 2017 KernelVersion: 4.13 Contact: thunderbolt-software@lists.01.org Description: This attribute holds current Thunderbolt security level set by the system BIOS. Possible values are: none: All devices are automatically authorized user: Devices are only authorized based on writing appropriate value to the authorized attribute secure: Require devices that support secure connect at minimum. User needs to authorize each device. dponly: Automatically tunnel Display port (and USB). No PCIe tunnels are created. What: /sys/bus/thunderbolt/devices/.../authorized Date: Sep 2017 KernelVersion: 4.13 Contact: thunderbolt-software@lists.01.org Description: This attribute is used to authorize Thunderbolt devices after they have been connected. If the device is not authorized, no devices such as PCIe and Display port are available to the system. Contents of this attribute will be 0 when the device is not yet authorized. Possible values are supported: 1: The device will be authorized and connected When key attribute contains 32 byte hex string the possible values are: 1: The 32 byte hex string is added to the device NVM and the device is authorized. 2: Send a challenge based on the 32 byte hex string. If the challenge response from device is valid, the device is authorized. In case of failure errno will be ENOKEY if the device did not contain a key at all, and EKEYREJECTED if the challenge response did not match. What: /sys/bus/thunderbolt/devices/.../key Date: Sep 2017 KernelVersion: 4.13 Contact: thunderbolt-software@lists.01.org Description: When a devices supports Thunderbolt secure connect it will have this attribute. Writing 32 byte hex string changes authorization to use the secure connection method instead. Writing an empty string clears the key and regular connection method can be used again. What: /sys/bus/thunderbolt/devices/.../device Date: Sep 2017 KernelVersion: 4.13 Contact: thunderbolt-software@lists.01.org Description: This attribute contains id of this device extracted from the device DROM. What: /sys/bus/thunderbolt/devices/.../device_name Date: Sep 2017 KernelVersion: 4.13 Contact: thunderbolt-software@lists.01.org Description: This attribute contains name of this device extracted from the device DROM. What: /sys/bus/thunderbolt/devices/.../vendor Date: Sep 2017 KernelVersion: 4.13 Contact: thunderbolt-software@lists.01.org Description: This attribute contains vendor id of this device extracted from the device DROM. What: /sys/bus/thunderbolt/devices/.../vendor_name Date: Sep 2017 KernelVersion: 4.13 Contact: thunderbolt-software@lists.01.org Description: This attribute contains vendor name of this device extracted from the device DROM. What: /sys/bus/thunderbolt/devices/.../unique_id Date: Sep 2017 KernelVersion: 4.13 Contact: thunderbolt-software@lists.01.org Description: This attribute contains unique_id string of this device. This is either read from hardware registers (UUID on newer hardware) or based on UID from the device DROM. Can be used to uniquely identify particular device. What: /sys/bus/thunderbolt/devices/.../nvm_version Date: Sep 2017 KernelVersion: 4.13 Contact: thunderbolt-software@lists.01.org Description: If the device has upgradeable firmware the version number is available here. Format: %x.%x, major.minor. If the device is in safe mode reading the file returns -ENODATA instead as the NVM version is not available. What: /sys/bus/thunderbolt/devices/.../nvm_authenticate Date: Sep 2017 KernelVersion: 4.13 Contact: thunderbolt-software@lists.01.org Description: When new NVM image is written to the non-active NVM area (through non_activeX NVMem device), the authentication procedure is started by writing 1 to this file. If everything goes well, the device is restarted with the new NVM firmware. If the image verification fails an error code is returned instead. When read holds status of the last authentication operation if an error occurred during the process. This is directly the status value from the DMA configuration based mailbox before the device is power cycled. Writing 0 here clears the status.