Releases: gicmo/bolt
Releases · gicmo/bolt
Four comes after Three
-
New Features:
- Add 'Generation' attribute for the Manager [!197]
- Ability to change the policy of a stored device [!202]
- The BootACL Domain property is now writable [!184]
- Support for systemd's service watchdog [!185]
- Expose Link Speed sysfs attributes [!214]
-
Improvements:
- boltclt: show timestamps in 'monitor' call [!208]
- Persist the host device [!194]
-
Bug fixes:
- Fix a flaky test [!217, #161]
- Plug small memory leaks in error conditions [!217]
- Ignore spurious wakeup device uevents for probing [!209]
- Preserve keystate when updating devices [!192]
I owe it to the MM U
From the official 0.8 Release Notes:
-
New Features:
- IOMMU support: adapt behavior iommu support is present and active [#128]
- automatically enroll new devices with the new
iommupolicy when iommu is active - automatically authorize devices with the
iommupolicy if iommu is active
- automatically enroll new devices with the new
boltctl configcommand to describe, get and set global, device and domain properties.- Chain authorization and enrollment via
boltctl {enroll, authorize} --chain[!153, !154] bolt-mockscript for interactively testingboltd[!152]
- IOMMU support: adapt behavior iommu support is present and active [#128]
-
Improvements:
- Automatically import devices that were authorized at boot [#137]
- Make tests installable [#140]
- Honour
STATE_DIRECTORY[!159] andRUNTIME_DIRECTORY[!161] - Profiling support via gprof [!168]
-
Bug fixes:
- Better handling of random data generation [#132, !165]
- Fix double free in case of client creation failure [!148]
- Fix invalid format string in warning [!14]
-
NB for packagers:
- The dbus configuration is now installed in
$datadir/dbus-1/system.dinstead of$sysconfdir[!177]. - To install tests, configure with
-Dinstall-tests=true.
- The dbus configuration is now installed in
Make the firmware do it!
From the official 0.6 Release Notes:
New Features:
-
pre-boot access control list, aka.
BootACLsupport [!119]- domains objects are now persistent
- new
Uid(dbus) /uid(object) property derived from the uuid of the device representing the root switch sysfsandidattribute will be set/unset on connects and disconnects- domains are now stored in the boltd database
- new
- domains got the
BootACL(dbus) /bootacl(object) property- uuids can be added, removed or set in batch
- when domain is online: changes are written to the sysfs
boot_aclattribute directly - when domain is offline: changes are written to a journal and then reapplied in order when the domain is connected
- newly enrolled devices get added to all bootacls of all domains if the
policyisBOLT_POLICY_AUTO - removed devices get deleted from all bootacls of all domains
boltacl domaincommand will show the bootacl slots and their content
- domains objects are now persistent
-
boltctlgained the-U, --uuidoption, to control how uuids are printed [!124]
Improvements and fixes:
-
Testing [!127]
- The test coverage increased to
84.80%overall and to90.0%for theboltdsource - Coverage is reported for merge requests via the fedora ci image [!126]
boltctlis now included in the tests [!132]- Fedora 29 is used for the fedora ci image
- The test coverage increased to
-
Bugs and robustness:
- The device state is verified in
Device.Authorize[!120] - Handle empty 'keys' sysfs device attribute [!129]
- Properly adjust policies when enrolling already authorized devices [!136]
- Fix potential crasher when logging assertions
g_return_if_fail[!121]
- The device state is verified in
You've got the Power
Head over to gitlab repo for the 0.5 Release Notes.
The Race Is Over
New features:
- auto import of devices authorized during boot !90
- allow enrolling of already authorized devices, i.e. importing of devices !86
- label new devices and detect duplicates !91
Be more robust:
- Handle NULL errors in logging code better !89
- Properly handle empty device database entries !87
- Better authentication errors and logging !85
- More tests
Internal changes:
Capture the Flags
Prepare for upcoming kernel changes:
- Support for
usbonlysecurity level - Support for
bootsysfs device attribute
DBus API changes:
BoltStatuswas split, so that:Device.Statusdoes not reportauthorized-xxxanymoreDevice.AuthFlagsadded to indicate auth details, e.g.secure,nopci,boot,nokey
BoltSecurityand thusManager.SecurityLevelcan reportusbonly
client/boltctl:
- async versions for many function calls
- more efficient getters, resulting in reduced allocations
- boltctl reports
Device.AuthFlags - boltctl prints more and better version info via
boltctl monitor
Other bugfixes and improvements include:
- more robust flags/enum conversion
I broke the Bus ⚡🚌⚡
Lots of changes, the most significant:
- database location moved (now in
/var/lib/boltd)- ⚠ devices enrolled with bolt 0.1 need to be re-enrolled (or the database moved from the old location)
- DBus API changed (lots of strings)
- Enums are transmitted as strings
Device.Securityproperty is gone; replaced byauthorized-dponlystatus andManager.SecurityLevel( #37, #38, #62)- Various timestamps got added:
Device.ConnectTime,Device.StoreTimeandDevice.AuthorizeTime(#46 #57) Device.Label(readwrite) was added so devices can be given custom names (#46)Device.Typeadded, to differentiate between host and peripheralsManager.AuthMode(readwrite) was added to control (auto) authorization (#48)
Other bugfixes and improvements include:
Accidentally Working
This is the first release of bolt. The daemon is fully functional, supports enrolling of new devices, (auto) authorization and the removal of existing devices. A command line tool boltctl can be used to interact with the daemon. For more information see the supplied man page boltctl(1).
Special thanks to: Alberto Ruiz, Benjamin Berg, Hans de Goede, Harald Hoyer, Javier Martinez Canillas, Jaroslav Lichtblau, Jakub Steiner, Richard Hughes