Tags give the ability to mark specific points in history as being important
  • 0.8   This is bolt 0.8 'I owe it to the MM U!'
    • New Features:

      • IOMMU support: adapt behavior iommu support is present and active [#128]
        • automatically enroll new devices with the new iommu policy when iommu is active
        • automatically authorize devices with the iommu policy if iommu is active
      • boltctl config command to describe, get and set global, device and domain properties.
      • Chain authorization and enrollment via boltctl {enroll, authorize} --chain [!153, !154]
      • bolt-mock script for interactively testing boltd [!152]
    • Improvements:

      • Automatically import devices that were authorized at boot [#137]
      • Make tests installable [#140]
      • Honour STATE_DIRECTORY [!159] and RUNTIME_DIRECTORY [!161]
      • Profiling support via gprof [!168]
    • Bug fixes:

      • Better handling of random data generation [#132, !165]
      • Fix double free in case of client creation failure [!148]
      • Fix invalid format string in warning [!14]
    • NB for packagers:

      • The dbus configuration is now installed in $datadir/dbus-1/system.d instead of $sysconfdir [!177].
      • To install tests, configure with -Dinstall-tests=true.
  • 0.7   This is bolt 0.7 'The Known Unknowns'
    • Features:

      • announce status to systemd via sd_notify (using a simple custom implementation) [!143]
    • Bug fixes:

      • properly update global security level status [#131 via !141]
      • adapt to systemd 240 not sending bind/unbind uevents [#133 via !145]
      • fix compilation on musl [#126 via !140]
      • daemon: use g_unix_signal_source… to catch signals [#127, #129 via !138]
    • Improvements

      • precondition checks cleanup and completion [#124 via !139]
      • error cleanup [#125, !142]
      • fix some leaks and issues uncovered by coverity [!144]
  • 0.6   This is bolt 0.6 'Make the firmware do it!'

    New Features:

    • pre-boot access control list, aka. BootACL support [!119]

      • domains objects are now persistent
        • new Uid (dbus) / uid (object) property derived from the uuid of the device representing the root switch
        • sysfs and id attribute will be set/unset on connects and disconnects
        • domains are now stored in the boltd database
      • domains got the BootACL (dbus) / bootacl (object) property
        • uuids can be added, removed or set in batch
        • when domain is online: changes are written to the sysfs boot_acl attribute directly
        • when domain is offline: changes are written to a journal and then reapplied in order when the domain is connected
      • newly enrolled devices get added to all bootacls of all domains if the policy is BOLT_POLICY_AUTO
      • removed devices get deleted from all bootacls of all domains
      • boltacl domain command will show the bootacl slots and their content
    • boltctl gained the -U, --uuid option, to control how uuids are printed [!124]

    Improvements and fixes:

    • Testing [!127]

      • The test coverage increased to 84.80% overall and to 90.0% for the boltd source
      • Coverage is reported for merge requests via the fedora ci image [!126]
      • boltctl is now included in the tests [!132]
      • Fedora 29 is used for the fedora ci image
    • Bugs and robustness:

      • The device state is verified in Device.Authorize [!120]
      • Handle empty 'keys' sysfs device attribute [!129]
      • Properly adjust policies when enrolling already authorized devices [!136]
      • Fix potential crasher when logging assertions g_return_if_fail [!121]
  • 0.5   This is bolt 0.5 'You've got the Power'

    New Features:

    • Force-Power DBus API (!101)
      • A new interface to boltd to control the (force) power mechanism (#106)
      • Switch off power with a delay so we don't run into races (#104)
    • Add representation of thunderbolt domains
      This is a preparation for the boot acl support
    • Authorizing devices, after upgrading from USER to SECURE security level, will lead to key upgrades (!107)
    • Connection and Authorization times are now stored (!105)
    • Systemd dependency is now optional (!106, !103)
    • Company and brand names are cleaned up for the display name (#102)

    Bug fixes and cleanups:

    • Emit proper notification for security-level property changes (!100)
    • Auto generate the object path for BoltDevice (!102)

    NB for packagers:

    • -Ddb-path is DEPRECATED, use -Ddb-name instead (!113)
    • meson >= 0.44.0 is required.
    • systemd unit files got updated:
      • After=polkit.service (!116)
      • Use systemd for runtime and state directory management (!113)
      • Sandbox is tightened (!97)
  • 0.4   Release bolt 0.4 'The Race Is Over'

    New features:

    • auto import of devices authorized during boot !90
    • allow enrolling of already authorized devices, i.e. importing of devices !86
    • label new devices and detect duplicates !91

    Be more robust:

    • Handle NULL errors in logging code better !89
    • Properly handle empty device database entries !87
    • Better authentication errors and logging !85
    • More tests

    Internal changes:

    • Make sure we don't miss device status changes !82
    • Rework property change notification dispatching !83
  • 0.3   Release bolt 0.3 'Capture The Flags'

    Prepare for upcoming kernel changes:

    • Support for usbonly (SL4) security level (#75)
    • Support for boot sysfs device attribute (#76)

    DBus API changes:

    • BoltStatus was split (#81), so that:
      • Device.Status does not report authorized-xxx anymore
      • Device.AuthFlags added to indicate auth details, e.g. secure, nopci, boot, nokey (#76)
    • BoltSecurity and thus Manager.SecurityLevel can report usbonly (#75)


    • async versions for many function calls
    • more efficient getters, resulting in reduced allocations
    • boltctl reports Device.AuthFlags
    • boltctl prints more and better version info via boltctl monitor

    Other bugfixes and improvements include:

    • more robust flags/enum conversion
  • 0.2   Release bolt 0.2 'I broke the Bus'

    Lots of changes, the most significant:

    • database location moved (now in /var/lib/boltd)
      • devices enrolled with bolt 0.1 need to be re-enrolled (or the database moved from the old location)
    • DBus API changed (lots of strings)
      • Enums are transmitted as strings
      • Device.Security property is gone; replaced by authorized-dponly status and Manager.SecurityLevel ( #37, #38, #62)
      • Various timestamps got added: Device.ConnectTime, Device.StoreTime and Device.AuthorizeTime (#46 #57)
      • Device.Label (readwrite) was added so devices can be given custom names (#46)
      • Device.Type added, to differentiate between host and peripherals
      • Manager.AuthMode (readwrite) was added to control (auto) authorization (#48)

    Other bugfixes and improvements include:

    • Ensure we get a DeviceAdded signal on startup (#58)
    • Support for legacy devices that have no key sysfs attribute (#67)
    • Use structured logging and avoid printing UUIDs in non-debug log code (#36 #60)
    • Other internal restructuring for cleaner code (#43)
  • 0.1   Release bolt 0.1 "Accidentally Working"

    This is the first release of bolt. The daemon is fully functional, supports enrolling of new devices, (auto) authorization and the removal of existing devices. A command line tool boltctl can be used to interact with the daemon. For more information see the supplied man page boltctl(1).

    Special thanks to: Alberto Ruiz, Benjamin Berg, Hans de Goede, Harald Hoyer, Javier Martinez Canillas, Jaroslav Lichtblau, Jakub Steiner, Richard Hughes