GitLab

The bolt daemon uses the uuid of the host controller, i.e. the thunderbolt switch, to uniquely identify the domain across reboots. The main reason for this was the boot acl, which can change in the absence of the domain: in older tbt hardware, the controller was powered in hardware when no device was attached. If a user then wanted to remove a device from the controller, that needed to be recorded and synced back to the boot acl when the controller later became available again.

All this relies on the fact that the uuid of the controller is stable, i.e. does not change across reboots. This sadly, is not true for integrated TBT, like e.g. on ice lake (ICL) and tiger lake (TGL).

In the manager, the stability of the domain's uuid is now detected via the PCI id of the native host interface. If it is in fact not stable, or if the PCI id is unknown, the domain will not be stored. As a result, removing devices from the boot acl while the controller is offline, will not properly be synced to the controller. Since modern controllers are actually not powered down, but use runtime PM, i.e. they go to D3 cold state, this should indeed not matter much. Additionally, modern systems use the IOMMU to secure device access and there the firmware can and will indeed authorize the device during boot. Therefore the boot acl becomes less important, and there seems indeed to be no boot acl entries slots on ICL even.

Part of issue #162 (closed)