By default, when setting up a Raspberry PI, Bluetooth and WiFi are enabled. This is not always what you want, especially when you don’t need either of them. So, time to disable them, because having them enabled and probably unsecured is a potential attack vector into your network.
Change Boot Configuration
First, we need to edit the boot configuration file
/boot/config.txt and add the following lines (edit if they are already there):
# Disable Bluetooth dtoverlay=disable-bt # Disable WiFi dtoverlay=disable-wifi
This will disable the Bluetooth and WiFi interfaces on start-up.
Unfortunately, it is not that easy. Would be nice, wouldn’t it?
The services are still running, the kernel modules are still loaded. Both are completely unnecessary at this point, so let’s take care of that.
Disable the Services
To disable the services run the following commands:
sudo systemctl disable wpa_supplicant.service sudo systemctl disable hciuart.service sudo systemctl disable bluealsa.service sudo systemctl disable bluetooth.service
Blacklist the Kernel Modules
Now that the services are deactivated, it’s time to blacklist the kernel modules. To do so, open
/etc/modprobe.d/raspi-blacklist.conf in an editor of your choice and add:
# Disable Bluetooth blacklist btbcm blacklist bnep blacklist bluetooth # Disable WiFi blacklist 8192cu
As you might have guessed by the file name, this will blacklist the modules and prevent them from being loaded during the system start.
Disable WiFi Check
Now, with the next login you might see a message like this:
rfkill: cannot open /dev/rfkill: Permission denied rfkill: cannot read /dev/rfkill: Bad file descriptor
This is generally nothing to be worried about, as it is just the WiFi check telling you it can’t check the status of the WiFi interface. What a surprise!
There are 2 ways to go about it. Ignore it, which you can happily do, but if you’re like me and get annoyed by it, you might want to disable the WiFi check.
To do so, open
/etc/profile.d/wifi-check.sh in an editor of your choice and add
exit 0 right after the first opening bracket. The file should then look like this:
( exit 0 export TEXTDOMAIN=wifi-check . gettext.sh if [ ! -x /usr/sbin/rfkill ] || [ ! -c /dev/rfkill ]; then exit 0 fi if ! /usr/sbin/rfkill list wifi | grep -q "Soft blocked: yes" ; then exit 0 fi echo /usr/bin/gettext -s "Wi-Fi is currently blocked by rfkill." /usr/bin/gettext -s "Use raspi-config to set the country before use." echo )
If for whatever reason, you don’t feel like editing yet another file, you can just throw this command in your console, and it will do exactly that:
sudo sed -i '2i\ \ \ \ \ \ \ \ exit 0' /etc/profile.d/wifi-check.sh
Now, log out and back in and the warning message should be gone. Just don’t forget to reverse this change if you ever need to activate WiFi again.
(Optional) Remove Unused Software
Now that we have disabled Bluetooth and WiFi, we can also remove the software for it. This step is entirely optional, but if you like a clean system, go ahead.
sudo apt purge bluez bluez-firmware wpasupplicant sudo apt-get autoremove
To apply all these changes, the Raspberry PI needs to be rebooted.