Four comes after Three

• New Features:

  • Add 'Generation' attribute for the Manager [!197]
  • Ability to change the policy of a stored device [!202]
  • The BootACL Domain property is now writable [!184]
  • Support for systemd's service watchdog [!185]
  • Expose Link Speed sysfs attributes [!214]

• Improvements:

  • boltclt: show timestamps in 'monitor' call [!208]
  • Persist the host device [!194]

• Bug fixes:

  • Fix a flaky test [!217, #161]
  • Plug small memory leaks in error conditions [!217]
  • Ignore spurious wakeup device uevents for probing [!209]
  • Preserve keystate when updating devices [!192]

I owe it to the MM U

From the official 0.8 Release Notes:

• New Features:

  • IOMMU support: adapt behavior iommu support is present and active [#128]
    • automatically enroll new devices with the new iommu policy when iommu is active
    • automatically authorize devices with the iommu policy if iommu is active
  • boltctl config command to describe, get and set global, device and domain properties.
  • Chain authorization and enrollment via boltctl {enroll, authorize} --chain [!153, !154]
  • bolt-mock script for interactively testing boltd [!152]

• Improvements:

  • Automatically import devices that were authorized at boot [#137]
  • Make tests installable [#140]
  • Honour STATE_DIRECTORY [!159] and RUNTIME_DIRECTORY [!161]
  • Profiling support via gprof [!168]

• Bug fixes:

  • Better handling of random data generation [#132, !165]
  • Fix double free in case of client creation failure [!148]
  • Fix invalid format string in warning [!14]

• NB for packagers:

  • The dbus configuration is now installed in $datadir/dbus-1/system.d instead of $sysconfdir [!177].
  • To install tests, configure with -Dinstall-tests=true.

Make the firmware do it!

From the official 0.6 Release Notes:

New Features:

• pre-boot access control list, aka. BootACL support [!119]

  • domains objects are now persistent
    • new Uid (dbus) / uid (object) property derived from the uuid of the device representing the root switch
    • sysfs and id attribute will be set/unset on connects and disconnects
    • domains are now stored in the boltd database
  • domains got the BootACL (dbus) / bootacl (object) property
    • uuids can be added, removed or set in batch
    • when domain is online: changes are written to the sysfs boot_acl attribute directly
    • when domain is offline: changes are written to a journal and then reapplied in order when the domain is connected
  • newly enrolled devices get added to all bootacls of all domains if the policy is BOLT_POLICY_AUTO
  • removed devices get deleted from all bootacls of all domains
  • boltacl domain command will show the bootacl slots and their content

• boltctl gained the -U, --uuid option, to control how uuids are printed [!124]

Improvements and fixes:

• Testing [!127]

  • The test coverage increased to 84.80% overall and to 90.0% for the boltd source
  • Coverage is reported for merge requests via the fedora ci image [!126]
  • boltctl is now included in the tests [!132]
  • Fedora 29 is used for the fedora ci image

• Bugs and robustness:

  • The device state is verified in Device.Authorize [!120]
  • Handle empty 'keys' sysfs device attribute [!129]
  • Properly adjust policies when enrolling already authorized devices [!136]
  • Fix potential crasher when logging assertions g_return_if_fail [!121]

You've got the Power

Head over to gitlab repo for the 0.5 Release Notes.

The Race Is Over

New features:

• auto import of devices authorized during boot !90
• allow enrolling of already authorized devices, i.e. importing of devices !86
• label new devices and detect duplicates !91

Be more robust:

• Handle NULL errors in logging code better !89
• Properly handle empty device database entries !87
• Better authentication errors and logging !85
• More tests

Internal changes:

• Make sure we don't miss device status changes !82
• Rework property change notification dispatching !83

Capture the Flags

Prepare for upcoming kernel changes:

• Support for usbonly security level
• Support for boot sysfs device attribute

DBus API changes:

• BoltStatus was split, so that:
  • Device.Status does not report authorized-xxx anymore
  • Device.AuthFlags added to indicate auth details, e.g. secure, nopci, boot, nokey
• BoltSecurity and thus Manager.SecurityLevel can report usbonly

client/boltctl:

• async versions for many function calls
• more efficient getters, resulting in reduced allocations
• boltctl reports Device.AuthFlags
• boltctl prints more and better version info via boltctl monitor

Other bugfixes and improvements include:

• more robust flags/enum conversion

I broke the Bus ⚡🚌⚡

Lots of changes, the most significant:

• database location moved (now in /var/lib/boltd)
  • ⚠ devices enrolled with bolt 0.1 need to be re-enrolled (or the database moved from the old location)
• DBus API changed (lots of strings)
  • Enums are transmitted as strings
  • Device.Security property is gone; replaced by authorized-dponly status and Manager.SecurityLevel ( #37, #38, #62)
  • Various timestamps got added: Device.ConnectTime, Device.StoreTime and Device.AuthorizeTime (#46 #57)
  • Device.Label (readwrite) was added so devices can be given custom names (#46)
  • Device.Type added, to differentiate between host and peripherals
  • Manager.AuthMode (readwrite) was added to control (auto) authorization (#48)

Other bugfixes and improvements include:

• Ensure we get a DeviceAdded signal on startup (#58)
• Support for legacy devices that have no key sysfs attribute (#67)
• Use structured logging and avoid printing UUIDs in non-debug log code (#36 #60)
• Other internal restructuring for cleaner code (#43)

Accidentally Working

This is the first release of bolt. The daemon is fully functional, supports enrolling of new devices, (auto) authorization and the removal of existing devices. A command line tool boltctl can be used to interact with the daemon. For more information see the supplied man page boltctl(1).

Special thanks to: Alberto Ruiz, Benjamin Berg, Hans de Goede, Harald Hoyer, Javier Martinez Canillas, Jaroslav Lichtblau, Jakub Steiner, Richard Hughes