By default, when setting up a Raspberry PI, Bluetooth and Wifi are enabled. This is not always what you want, especially when you don’t need either of them. So, time to disable them, because having them enabled and probably unsecured is a potential attack vector into your network.
Change Boot Configuration
First, we need to edit the boot configuration file
/boot/config.txt and add the following lines (edit if they are already there):
# Disable Bluetooth dtoverlay=disable-bt # Disable Wifi dtoverlay=disable-wifi
This will disable the Bluetooth and Wifi interfaces on start-up.
Unfortunately, it is not that easy. Would be nice, wouldn’t it?
The services are still running, the kernel modules are still loaded. Both are completely unnecessary at this point, so let’s take care of that.
Disable the Services
To disable the services run the following commands:
sudo systemctl disable wpa_supplicant.service sudo systemctl disable hciuart.service sudo systemctl disable bluealsa.service sudo systemctl disable bluetooth.service
Blacklist the Kernel Modules
Now that the services are deactivated, it’s time to blacklist the kernel modules. To do so, open
/etc/modprobe.d/raspi-blacklist.conf in an editor of your choice and add:
# Disable Bluetooth blacklist btbcm blacklist bnep blacklist bluetooth # Disable Wifi blacklist 8192cu
As you might have guessed by the file name, this will blacklist the modules and prevent them from being loaded during the system start.
(Optional) Remove Unused Software
Now that we have disabled Bluetooth and Wifi, we can also remove the software for it. This step is completely optional, but if you like a clean system, go ahead.
sudo apt purge bluez bluez-firmware wpasupplicant sudo apt-get autoremove
To apply all these changes, the Raspberry PI needs to be rebooted.