Tags give the ability to mark specific points in history as being important
  • 0.9   This is bolt 0.9 'Four comes after Three'
    Release 0.9
    • New Features:

      • Add 'Generation' attribute for the Manager [!197]
      • Ability to change the policy of a stored device [!202]
      • The BootACL Domain property is now writable [!184]
      • Support for systemd's service watchdog [!185]
      • Expose Link Speed sysfs attributes [!214]
    • Improvements:

      • boltclt: show timestamps in 'monitor' call [!208]
      • Persist the host device [!194]
    • Bug fixes:

      • Fix a flaky test [!217, #161]
      • Plug small memory leaks in error conditions [!217]
      • Ignore spurious wakeup device uevents for probing [!209]
      • Preserve keystate when updating devices [!192]
  • 0.8   This is bolt 0.8 'I owe it to the MM U!'
    Release 0.8
    • New Features:

      • IOMMU support: adapt behavior iommu support is present and active [#128]
        • automatically enroll new devices with the new iommu policy when iommu is active
        • automatically authorize devices with the iommu policy if iommu is active
      • boltctl config command to describe, get and set global, device and domain properties.
      • Chain authorization and enrollment via boltctl {enroll, authorize} --chain [!153, !154]
      • bolt-mock script for interactively testing boltd [!152]
    • Improvements:

      • Automatically import devices that were authorized at boot [#137]
      • Make tests installable [#140]
      • Honour STATE_DIRECTORY [!159] and RUNTIME_DIRECTORY [!161]
      • Profiling support via gprof [!168]
    • Bug fixes:

      • Better handling of random data generation [#132, !165]
      • Fix double free in case of client creation failure [!148]
      • Fix invalid format string in warning [!14]
    • NB for packagers:

      • The dbus configuration is now installed in $datadir/dbus-1/system.d instead of $sysconfdir [!177].
      • To install tests, configure with -Dinstall-tests=true.
  • 0.7   This is bolt 0.7 'The Known Unknowns'
    Release 0.7
    • Features:

      • announce status to systemd via sd_notify (using a simple custom implementation) [!143]
    • Bug fixes:

      • properly update global security level status [#131 via !141]
      • adapt to systemd 240 not sending bind/unbind uevents [#133 via !145]
      • fix compilation on musl [#126 via !140]
      • daemon: use g_unix_signal_source… to catch signals [#127, #129 via !138]
    • Improvements

      • precondition checks cleanup and completion [#124 via !139]
      • error cleanup [#125, !142]
      • fix some leaks and issues uncovered by coverity [!144]
  • 0.6   This is bolt 0.6 'Make the firmware do it!'
    Release 0.6

    New Features:

    • pre-boot access control list, aka. BootACL support [!119]

      • domains objects are now persistent
        • new Uid (dbus) / uid (object) property derived from the uuid of the device representing the root switch
        • sysfs and id attribute will be set/unset on connects and disconnects
        • domains are now stored in the boltd database
      • domains got the BootACL (dbus) / bootacl (object) property
        • uuids can be added, removed or set in batch
        • when domain is online: changes are written to the sysfs boot_acl attribute directly
        • when domain is offline: changes are written to a journal and then reapplied in order when the domain is connected
      • newly enrolled devices get added to all bootacls of all domains if the policy is BOLT_POLICY_AUTO
      • removed devices get deleted from all bootacls of all domains
      • boltacl domain command will show the bootacl slots and their content
    • boltctl gained the -U, --uuid option, to control how uuids are printed [!124]

    Improvements and fixes:

    • Testing [!127]

      • The test coverage increased to 84.80% overall and to 90.0% for the boltd source
      • Coverage is reported for merge requests via the fedora ci image [!126]
      • boltctl is now included in the tests [!132]
      • Fedora 29 is used for the fedora ci image
    • Bugs and robustness:

      • The device state is verified in Device.Authorize [!120]
      • Handle empty 'keys' sysfs device attribute [!129]
      • Properly adjust policies when enrolling already authorized devices [!136]
      • Fix potential crasher when logging assertions g_return_if_fail [!121]
  • 0.5   This is bolt 0.5 'You've got the Power'
    Release 0.5

    New Features:

    • Force-Power DBus API (!101)
      • A new interface to boltd to control the (force) power mechanism (#106)
      • Switch off power with a delay so we don't run into races (#104)
    • Add representation of thunderbolt domains
      This is a preparation for the boot acl support
    • Authorizing devices, after upgrading from USER to SECURE security level, will lead to key upgrades (!107)
    • Connection and Authorization times are now stored (!105)
    • Systemd dependency is now optional (!106, !103)
    • Company and brand names are cleaned up for the display name (#102)

    Bug fixes and cleanups:

    • Emit proper notification for security-level property changes (!100)
    • Auto generate the object path for BoltDevice (!102)

    NB for packagers:

    • -Ddb-path is DEPRECATED, use -Ddb-name instead (!113)
    • meson >= 0.44.0 is required.
    • systemd unit files got updated:
      • After=polkit.service (!116)
      • Use systemd for runtime and state directory management (!113)
      • Sandbox is tightened (!97)
  • 0.4   Release bolt 0.4 'The Race Is Over'
    Release 0.4

    New features:

    • auto import of devices authorized during boot !90
    • allow enrolling of already authorized devices, i.e. importing of devices !86
    • label new devices and detect duplicates !91

    Be more robust:

    • Handle NULL errors in logging code better !89
    • Properly handle empty device database entries !87
    • Better authentication errors and logging !85
    • More tests

    Internal changes:

    • Make sure we don't miss device status changes !82
    • Rework property change notification dispatching !83
  • 0.3   Release bolt 0.3 'Capture The Flags'
    Release 0.3

    Prepare for upcoming kernel changes:

    • Support for usbonly (SL4) security level (#75)
    • Support for boot sysfs device attribute (#76)

    DBus API changes:

    • BoltStatus was split (#81), so that:
      • Device.Status does not report authorized-xxx anymore
      • Device.AuthFlags added to indicate auth details, e.g. secure, nopci, boot, nokey (#76)
    • BoltSecurity and thus Manager.SecurityLevel can report usbonly (#75)


    • async versions for many function calls
    • more efficient getters, resulting in reduced allocations
    • boltctl reports Device.AuthFlags
    • boltctl prints more and better version info via boltctl monitor

    Other bugfixes and improvements include:

    • more robust flags/enum conversion
  • 0.2   Release bolt 0.2 'I broke the Bus'
    Release 0.2

    Lots of changes, the most significant:

    • database location moved (now in /var/lib/boltd)
      • devices enrolled with bolt 0.1 need to be re-enrolled (or the database moved from the old location)
    • DBus API changed (lots of strings)
      • Enums are transmitted as strings
      • Device.Security property is gone; replaced by authorized-dponly status and Manager.SecurityLevel ( #37, #38, #62)
      • Various timestamps got added: Device.ConnectTime, Device.StoreTime and Device.AuthorizeTime (#46 #57)
      • Device.Label (readwrite) was added so devices can be given custom names (#46)
      • Device.Type added, to differentiate between host and peripherals
      • Manager.AuthMode (readwrite) was added to control (auto) authorization (#48)

    Other bugfixes and improvements include:

    • Ensure we get a DeviceAdded signal on startup (#58)
    • Support for legacy devices that have no key sysfs attribute (#67)
    • Use structured logging and avoid printing UUIDs in non-debug log code (#36 #60)
    • Other internal restructuring for cleaner code (#43)
  • 0.1   Release bolt 0.1 "Accidentally Working"
    Release 0.1

    This is the first release of bolt. The daemon is fully functional, supports enrolling of new devices, (auto) authorization and the removal of existing devices. A command line tool boltctl can be used to interact with the daemon. For more information see the supplied man page boltctl(1).

    Special thanks to: Alberto Ruiz, Benjamin Berg, Hans de Goede, Harald Hoyer, Javier Martinez Canillas, Jaroslav Lichtblau, Jakub Steiner, Richard Hughes