X-Git-Url: http://git.ipfire.org/?a=blobdiff_plain;f=man%2Fsystemd-cryptenroll.xml;h=a3a2c610eeb2375f9669777af02d1ed853d2d757;hb=9bfabe14e5bbf2077acaecb75edcf1e38ecde330;hp=c687ac31bb1daf2bf2dabce877732ca5c6c910ba;hpb=1976b1d86dbe9912a70f124ebc57502cc35b69b7;p=thirdparty%2Fsystemd.git
diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml
index c687ac31bb1..a3a2c610eeb 100644
--- a/man/systemd-cryptenroll.xml
+++ b/man/systemd-cryptenroll.xml
@@ -287,7 +287,7 @@
- PATH
+ Use a file instead of a password/passphrase read from stdin to unlock the volume.
Expects the PATH to the file containing your key to unlock the volume. Currently there is nothing like
@@ -298,7 +298,7 @@
- PATH
+ Use a FIDO2 device instead of a password/passphrase read from stdin to unlock the
volume. Expects a hidraw device referring to the FIDO2 device (e.g.
@@ -311,7 +311,7 @@
- PATH
+ Use a TPM2 device instead of a password/passhprase read from stdin to unlock the
volume. Expects a device node path referring to the TPM2 chip (e.g. /dev/tpmrm0).
@@ -323,7 +323,7 @@
- URI
+ Enroll a PKCS#11 security token or smartcard (e.g. a YubiKey). Expects a PKCS#11 URI
that allows to find an X.509 certificate or a public key on the token. The URI must also be suitable
@@ -356,7 +356,7 @@
- STRING
+ Specify COSE algorithm used in credential generation. The default value is
es256. Supported values are es256, rs256
and eddsa.
@@ -371,7 +371,7 @@
- PATH
+ Enroll a FIDO2 security token that implements the hmac-secret
extension (e.g. a YubiKey). Expects a hidraw device referring to the FIDO2
@@ -397,7 +397,7 @@
- BOOL
+ When enrolling a FIDO2 security token, controls whether to require the user to enter
a PIN when unlocking the volume (the FIDO2 clientPin feature). Defaults to
@@ -409,7 +409,7 @@
- BOOL
+ When enrolling a FIDO2 security token, controls whether to require the user to
verify presence (tap the token, the FIDO2 up feature) when unlocking the volume.
@@ -421,7 +421,7 @@
- BOOL
+ When enrolling a FIDO2 security token, controls whether to require user verification
when unlocking the volume (the FIDO2 uv feature). Defaults to
@@ -432,7 +432,7 @@
- PATH
+ Enroll a TPM2 security chip. Expects a device node path referring to the TPM2 chip
(e.g. /dev/tpmrm0). Alternatively the special value auto may
@@ -457,7 +457,7 @@
- PATH
+ Enroll a TPM2 security chip using its public key. Expects a path referring to the
TPM2 public key in TPM2B_PUBLIC format. This cannot be used with , as
@@ -485,7 +485,7 @@
- HANDLE
+ Configures which parent key to use for sealing, using the TPM handle (index) of the
key. This is used to "seal" (encrypt) a secret and must be used later to "unseal" (decrypt) the
@@ -507,7 +507,7 @@
- PCR+PCR...
+ Configures the TPM2 PCRs (Platform Configuration Registers) to bind to when
enrollment is requested via . Takes a list of PCR entries, where each
@@ -532,7 +532,7 @@
- BOOL
+ When enrolling a TPM2 device, controls whether to require the user to enter a PIN
when unlocking the volume in addition to PCR binding, based on TPM2 policy authentication. Defaults
@@ -553,9 +553,9 @@
- PATH
- PCR+PCR...
- PATH
+
+
+ Configures a TPM2 signed PCR policy to bind encryption to. The
option accepts a path to a PEM encoded RSA public key, to bind
@@ -593,7 +593,7 @@
- PATH
+ Configures a TPM2 pcrlock policy to bind encryption to. Expects a path to a pcrlock
policy file as generated by the
@@ -607,7 +607,7 @@
- SLOT,SLOT...
+ Wipes one or more LUKS2 key slots. Takes a comma separated list of numeric slot
indexes, or the special strings all (for wiping all key slots),