]> git.ipfire.org Git - thirdparty/systemd.git/blame - man/systemd-cryptenroll.xml
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
tpm2: update test-tpm2 for tpm2_calculate_seal()
[thirdparty/systemd.git] / man / systemd-cryptenroll.xml
CommitLineData
cf1e172d
LP		 1<?xml version="1.0"?>
2<!--*-nxml-*-->
3<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
4 "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
5<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
6<refentry id="systemd-cryptenroll" xmlns:xi="http://www.w3.org/2001/XInclude" conditional='HAVE_LIBCRYPTSETUP'>
7
8 <refentryinfo>
9 <title>systemd-cryptenroll</title>
10 <productname>systemd</productname>
11 </refentryinfo>
12
13 <refmeta>
14 <refentrytitle>systemd-cryptenroll</refentrytitle>
15 <manvolnum>1</manvolnum>
16 </refmeta>
17
18 <refnamediv>
19 <refname>systemd-cryptenroll</refname>
20 <refpurpose>Enroll PKCS#11, FIDO2, TPM2 token/devices to LUKS2 encrypted volumes</refpurpose>
21 </refnamediv>
22
23 <refsynopsisdiv>
24 <cmdsynopsis>
38e3c61d
ZJS		 25 <command>systemd-cryptenroll</command>
26 <arg choice="opt" rep="repeat">OPTIONS</arg>
27 <arg choice="opt">DEVICE</arg>
cf1e172d
LP		 28 </cmdsynopsis>
29 </refsynopsisdiv>
30
31 <refsect1>
32 <title>Description</title>
33
880e1e07
ZJS		 34 <para><command>systemd-cryptenroll</command> is a tool for enrolling hardware security tokens and devices
35 into a LUKS2 encrypted volume, which may then be used to unlock the volume during boot. Specifically, it
36 supports tokens and credentials of the following kind to be enrolled:</para>
cf1e172d
LP		 37
38 <orderedlist>
880e1e07
ZJS		 39 <listitem><para>PKCS#11 security tokens and smartcards that may carry an RSA key pair (e.g. various
40 YubiKeys)</para></listitem>
cf1e172d 41
880e1e07
ZJS		 42 <listitem><para>FIDO2 security tokens that implement the <literal>hmac-secret</literal> extension (most
43 FIDO2 keys, including YubiKeys)</para></listitem>
cf1e172d
LP		 44
45 <listitem><para>TPM2 security devices</para></listitem>
46
a587a16a
ZJS		 47 <listitem><para>Regular passphrases</para></listitem>
48
cf1e172d 49 <listitem><para>Recovery keys. These are similar to regular passphrases, however are randomly generated
880e1e07 50 on the computer and thus generally have higher entropy than user-chosen passphrases. Their character
cf1e172d
LP		 51 set has been designed to ensure they are easy to type in, while having high entropy. They may also be
52 scanned off screen using QR codes. Recovery keys may be used for unlocking LUKS2 volumes wherever
53 passphrases are accepted. They are intended to be used in combination with an enrolled hardware
54 security token, as a recovery option when the token is lost.</para></listitem>
cf1e172d
LP		 55 </orderedlist>
56
57 <para>In addition, the tool may be used to enumerate currently enrolled security tokens and wipe a subset
58 of them. The latter may be combined with the enrollment operation of a new security token, in order to
59 update or replace enrollments.</para>
60
61 <para>The tool supports only LUKS2 volumes, as it stores token meta-information in the LUKS2 JSON token
62 area, which is not available in other encryption formats.</para>
10fa7251
ZJS		 63
64 <refsect2>
65 <title>TPM2 PCRs and policies</title>
66
67 <para>PCRs allow binding of the encryption of secrets to specific software versions and system state,
68 so that the enrolled key is only accessible (may be "unsealed") if specific trusted software and/or
69 configuration is used. Such bindings may be created with the option <option>--tpm2-pcrs=</option>
70 described below.</para>
71
72 <para>Secrets may also be bound indirectly: a signed policy for a state of some combination of PCR
73 values is provided, and the secret is bound to the public part of the key used to sign this policy.
74 This means that the owner of a key can generate a sequence of signed policies, for specific software
75 versions and system states, and the secret can be decrypted as long as the machine state matches one of
76 those policies. For example, a vendor may provide such a policy for each kernel+initrd update, allowing
77 users to encrypt secrets so that they can be decrypted when running any kernel+initrd signed by the
78 vendor. Such bindings may be created with the options <option>--tpm2-public-key=</option>,
79 <option>--tpm2-public-key-pcrs=</option>, <option>--tpm2-signature=</option> described below.
80 </para>
81
82 <para>See <ulink url="https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/">Linux TPM
83 PCR Registry</ulink> for an authoritative list of PCRs and how they are updated. The table below
84 contains a quick reference, describing in particular the PCRs modified by systemd.</para>
85
86 <table>
87 <title>Well-known PCR Definitions</title>
88
89 <!-- See: https://trustedcomputinggroup.org/resource/pc-client-specific-platform-firmware-profile-specification/ -->
90 <!-- See: https://github.com/rhboot/shim/blob/main/README.tpm -->
91 <!-- See: https://www.gnu.org/software/grub/manual/grub/html_node/Measured-Boot.html -->
92 <!-- See: https://sourceforge.net/p/linux-ima/wiki/Home/ -->
93 <!-- See: https://github.com/tianocore-docs/edk2-TrustedBootChain/blob/main/4_Other_Trusted_Boot_Chains.md -->
94 <!-- See: https://wiki.archlinux.org/title/Trusted_Platform_Module#Accessing_PCR_registers -->
95
96 <tgroup cols='3' align='left' colsep='1' rowsep='1'>
97 <colspec colname="pcr" />
98 <colspec colname="name" />
99 <colspec colname="definition" />
100
101 <thead>
102 <row>
103 <entry>PCR</entry>
104 <entry>name</entry>
105 <entry>Explanation</entry>
106 </row>
107 </thead>
108
109 <tbody>
110 <row>
111 <entry>0</entry>
112 <entry>platform-code</entry>
113 <entry>Core system firmware executable code; changes on firmware updates</entry>
114 </row>
115
116 <row>
117 <entry>1</entry>
118 <entry>platform-config</entry>
119 <entry>Core system firmware data/host platform configuration; typically contains serial and model numbers, changes on basic hardware/CPU/RAM replacements</entry>
120 </row>
121
122 <row>
123 <entry>2</entry>
124 <entry>external-code</entry>
125 <entry>Extended or pluggable executable code; includes option ROMs on pluggable hardware</entry>
126 </row>
127
128 <row>
129 <entry>3</entry>
130 <entry>external-config</entry>
131 <entry>Extended or pluggable firmware data; includes information about pluggable hardware</entry>
132 </row>
133
134 <row>
135 <entry>4</entry>
136 <entry>boot-loader-code</entry>
137 <entry>Boot loader and additional drivers, PE binaries invoked by the boot loader; changes on boot loader updates. <citerefentry><refentrytitle>sd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry> measures system extension images read from the ESP here too (see <citerefentry><refentrytitle>systemd-sysext</refentrytitle><manvolnum>8</manvolnum></citerefentry>).</entry>
138 </row>
139
140 <row>
141 <entry>5</entry>
142 <entry>boot-loader-config</entry>
143 <entry>GPT/Partition table; changes when the partitions are added, modified, or removed</entry>
144 </row>
145
146 <row>
147 <entry>7</entry>
148 <entry>secure-boot-policy</entry>
149 <entry>Secure Boot state; changes when UEFI SecureBoot mode is enabled/disabled, or firmware certificates (PK, KEK, db, dbx, …) changes.</entry>
150 </row>
151
152 <row>
153 <entry>9</entry>
154 <entry>kernel-initrd</entry>
155 <entry>The Linux kernel measures all initrds it receives into this PCR.</entry>
156 <!-- Strictly speaking only Linux >= 5.17 using the LOAD_FILE2 protocol, see https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=f046fff8bc4c4d8f8a478022e76e40b818f692df -->
157 </row>
158
159 <row>
160 <entry>10</entry>
161 <entry>ima</entry>
162 <entry>The IMA project measures its runtime state into this PCR.</entry>
163 </row>
164
165 <row>
166 <entry>11</entry>
167 <entry>kernel-boot</entry>
168 <entry><citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry> measures the ELF kernel image, embedded initrd and other payload of the PE image it is placed in into this PCR. <citerefentry><refentrytitle>systemd-pcrphase.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> measures boot phase strings into this PCR at various milestones of the boot process.</entry>
169 </row>
170
171 <row>
172 <entry>12</entry>
173 <entry>kernel-config</entry>
174 <entry><citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry> measures the kernel command line into this PCR. <citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry> measures any manually specified kernel command line (i.e. a kernel command line that overrides the one embedded in the unified PE image) and loaded credentials into this PCR.</entry>
175 </row>
176
177 <row>
178 <entry>13</entry>
179 <entry>sysexts</entry>
180 <entry><citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry> measures any <citerefentry><refentrytitle>systemd-sysext</refentrytitle><manvolnum>8</manvolnum></citerefentry> images it passes to the booted kernel into this PCR.</entry>
181 </row>
182
183 <row>
184 <entry>14</entry>
185 <entry>shim-policy</entry>
186 <entry>The shim project measures its "MOK" certificates and hashes into this PCR.</entry>
187 </row>
188
189 <row>
190 <entry>15</entry>
191 <entry>system-identity</entry>
94d82b59 192 <entry><citerefentry><refentrytitle>systemd-cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry> optionally measures the volume key of activated LUKS volumes into this PCR. <citerefentry><refentrytitle>systemd-pcrmachine.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> measures the <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> into this PCR. <citerefentry><refentrytitle>systemd-pcrfs@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> measures mount points, file system UUIDs, labels, partition UUIDs of the root and <filename>/var/</filename> filesystems into this PCR.</entry>
10fa7251
ZJS		 193 </row>
194
195 <row>
196 <entry>16</entry>
197 <entry>debug</entry>
198 <entry>Debug</entry>
199 </row>
200
201 <row>
202 <entry>23</entry>
203 <entry>application-support</entry>
204 <entry>Application Support</entry>
205 </row>
206 </tbody>
207 </tgroup>
208 </table>
209
210 <para>In general, encrypted volumes would be bound to some combination of PCRs 7, 11, and 14 (if
211 shim/MOK is used). In order to allow firmware and OS version updates, it is typically not advisable to
212 use PCRs such as 0 and 2, since the program code they cover should already be covered indirectly
213 through the certificates measured into PCR 7. Validation through certificates hashes is typically
214 preferable over validation through direct measurements as it is less brittle in context of OS/firmware
215 updates: the measurements will change on every update, but signatures should remain unchanged. See the
216 <ulink url="https://uapi-group.org/specifications/specs/linux_tpm_pcr_registry/">Linux TPM PCR
217 Registry</ulink> for more discussion.</para>
218 </refsect2>
cf1e172d 219 </refsect1>
0bada3f8
LP		 220
221 <refsect1>
222 <title>Limitations</title>
223
224 <para>Note that currently when enrolling a new key of one of the five supported types listed above, it is
820c66dc
PC		 225 required to first provide a passphrase, a recovery key or a FIDO2 token. It's currently not supported to
226 unlock a device with a TPM2/PKCS#11 key in order to enroll a new TPM2/PKCS#11 key. Thus, if in future key
227 roll-over is desired it's generally recommended to ensure a passphrase, a recovery key or a FIDO2 token
228 is always enrolled.</para>
229
230 <para>Also note that support for enrolling multiple FIDO2 tokens is currently limited. When multiple FIDO2
231 tokens are enrolled, <command>systemd-cryptseup</command> will perform pre-flight requests to attempt to
232 identify which of the enrolled tokens are currently plugged in. However, this is not possible for FIDO2
233 tokens with user verification (UV, usually via biometrics), in which case it will fall back to attempting
234 each enrolled token one by one. This will result in multiple prompts for PIN and user verification. This
235 limitation does not apply to PKCS#11 tokens.</para>
0bada3f8 236 </refsect1>
cf1e172d
LP		 237
238 <refsect1>
239 <title>Options</title>
240
241 <para>The following options are understood:</para>
242
243 <variablelist>
244 <varlistentry>
245 <term><option>--password</option></term>
246
247 <listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
248 <command>cryptsetup luksAddKey</command>, however may be combined with
ec07c3c8
AK		 249 <option>--wipe-slot=</option> in one call, see below.</para>
250
251 <xi:include href="version-info.xml" xpointer="v248"/></listitem>
cf1e172d
LP		 252 </varlistentry>
253
254 <varlistentry>
255 <term><option>--recovery-key</option></term>
256
880e1e07
ZJS		 257 <listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
258 computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
259 key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
ec07c3c8
AK		 260 </para>
261
262 <xi:include href="version-info.xml" xpointer="v248"/></listitem>
cf1e172d
LP		 263 </varlistentry>
264
1f419024
J		 265 <varlistentry>
266 <term><option>--unlock-key-file=</option><replaceable>PATH</replaceable></term>
267
268 <listitem><para>Use a file instead of a password/passphrase read from stdin to unlock the volume.
269 Expects the PATH to the file containing your key to unlock the volume. Currently there is nothing like
270 <option>--key-file-offset=</option> or <option>--key-file-size=</option> so this file has to only
ec07c3c8
AK		 271 contain the full key.</para>
272
273 <xi:include href="version-info.xml" xpointer="v252"/></listitem>
1f419024
J		 274 </varlistentry>
275
d8c5bd04
AAF		 276 <varlistentry>
277 <term><option>--unlock-fido2-device=</option><replaceable>PATH</replaceable></term>
278
279 <listitem><para>Use a FIDO2 device instead of a password/passphrase read from stdin to unlock the
280 volume. Expects a <filename>hidraw</filename> device referring to the FIDO2 device (e.g.
281 <filename>/dev/hidraw1</filename>). Alternatively the special value <literal>auto</literal> may be
282 specified, in order to automatically determine the device node of a currently plugged in security
283 token (of which there must be exactly one). This automatic discovery is unsupported if
ec07c3c8
AK		 284 <option>--fido2-device=</option> option is also specified.</para>
285
286 <xi:include href="version-info.xml" xpointer="v253"/></listitem>
d8c5bd04
AAF		 287 </varlistentry>
288
cf1e172d
LP		 289 <varlistentry>
290 <term><option>--pkcs11-token-uri=</option><replaceable>URI</replaceable></term>
291
292 <listitem><para>Enroll a PKCS#11 security token or smartcard (e.g. a YubiKey). Expects a PKCS#11
be0d27ee 293 smartcard URI referring to the token. Alternatively the special value <literal>auto</literal> may
cf1e172d
LP		 294 be specified, in order to automatically determine the URI of a currently plugged in security token
295 (of which there must be exactly one). The special value <literal>list</literal> may be used to
296 enumerate all suitable PKCS#11 tokens currently plugged in. The security token must contain an RSA
297 key pair which is used to encrypt the randomly generated key that is used to unlock the LUKS2
298 volume. The encrypted key is then stored in the LUKS2 JSON token header area.</para>
299
300 <para>In order to unlock a LUKS2 volume with an enrolled PKCS#11 security token, specify the
301 <option>pkcs11-uri=</option> option in the respective <filename>/etc/crypttab</filename> line:</para>
302
303 <programlisting>myvolume /dev/sda1 - pkcs11-uri=auto</programlisting>
304
305 <para>See
306 <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry> for a
307 more comprehensive example of a <command>systemd-cryptenroll</command> invocation and its matching
ec07c3c8
AK		 308 <filename>/etc/crypttab</filename> line.</para>
309
310 <xi:include href="version-info.xml" xpointer="v248"/></listitem>
cf1e172d
LP		 311 </varlistentry>
312
70e723c0
M		 313 <varlistentry>
314 <term><option>--fido2-credential-algorithm=</option><replaceable>STRING</replaceable></term>
315 <listitem><para>Specify COSE algorithm used in credential generation. The default value is
316 <literal>es256</literal>. Supported values are <literal>es256</literal>, <literal>rs256</literal>
317 and <literal>eddsa</literal>.</para>
318
319 <para><literal>es256</literal> denotes ECDSA over NIST P-256 with SHA-256. <literal>rs256</literal>
320 denotes 2048-bit RSA with PKCS#1.5 padding and SHA-256. <literal>eddsa</literal> denotes
321 EDDSA over Curve25519 with SHA-512.</para>
322
ec07c3c8
AK		 323 <para>Note that your authenticator may not support some algorithms.</para>
324
325 <xi:include href="version-info.xml" xpointer="v251"/></listitem>
70e723c0
M		 326 </varlistentry>
327
cf1e172d
LP		 328 <varlistentry>
329 <term><option>--fido2-device=</option><replaceable>PATH</replaceable></term>
330
331 <listitem><para>Enroll a FIDO2 security token that implements the <literal>hmac-secret</literal>
332 extension (e.g. a YubiKey). Expects a <filename>hidraw</filename> device referring to the FIDO2
333 device (e.g. <filename>/dev/hidraw1</filename>). Alternatively the special value
334 <literal>auto</literal> may be specified, in order to automatically determine the device node of a
d8c5bd04
AAF		 335 currently plugged in security token (of which there must be exactly one). This automatic discovery
336 is unsupported if <option>--unlock-fido2-device=</option> option is also specified. The special value
cf1e172d
LP		 337 <literal>list</literal> may be used to enumerate all suitable FIDO2 tokens currently plugged in. Note
338 that many hardware security tokens that implement FIDO2 also implement the older PKCS#11
339 standard. Typically FIDO2 is preferable, given it's simpler to use and more modern.</para>
340
341 <para>In order to unlock a LUKS2 volume with an enrolled FIDO2 security token, specify the
342 <option>fido2-device=</option> option in the respective <filename>/etc/crypttab</filename> line:</para>
343
344 <programlisting>myvolume /dev/sda1 - fido2-device=auto</programlisting>
345
346 <para>See
347 <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry> for a
348 more comprehensive example of a <command>systemd-cryptenroll</command> invocation and its matching
ec07c3c8
AK		 349 <filename>/etc/crypttab</filename> line.</para>
350
351 <xi:include href="version-info.xml" xpointer="v248"/></listitem>
cf1e172d
LP		 352 </varlistentry>
353
cde2f860
LB		 354 <varlistentry>
355 <term><option>--fido2-with-client-pin=</option><replaceable>BOOL</replaceable></term>
356
72c15422
LP		 357 <listitem><para>When enrolling a FIDO2 security token, controls whether to require the user to enter
358 a PIN when unlocking the volume (the FIDO2 <literal>clientPin</literal> feature). Defaults to
359 <literal>yes</literal>. (Note: this setting is without effect if the security token does not support
360 the <literal>clientPin</literal> feature at all, or does not allow enabling or disabling
ec07c3c8
AK		 361 it.)</para>
362
363 <xi:include href="version-info.xml" xpointer="v249"/></listitem>
cde2f860
LB		 364 </varlistentry>
365
06f08719
LB		 366 <varlistentry>
367 <term><option>--fido2-with-user-presence=</option><replaceable>BOOL</replaceable></term>
368
369 <listitem><para>When enrolling a FIDO2 security token, controls whether to require the user to
370 verify presence (tap the token, the FIDO2 <literal>up</literal> feature) when unlocking the volume.
72c15422
LP		 371 Defaults to <literal>yes</literal>. (Note: this setting is without effect if the security token does not support
372 the <literal>up</literal> feature at all, or does not allow enabling or disabling it.)
ec07c3c8
AK		 373 </para>
374
375 <xi:include href="version-info.xml" xpointer="v249"/></listitem>
06f08719
LB		 376 </varlistentry>
377
896cc0da
LB		 378 <varlistentry>
379 <term><option>--fido2-with-user-verification=</option><replaceable>BOOL</replaceable></term>
380
381 <listitem><para>When enrolling a FIDO2 security token, controls whether to require user verification
72c15422
LP		 382 when unlocking the volume (the FIDO2 <literal>uv</literal> feature). Defaults to
383 <literal>no</literal>. (Note: this setting is without effect if the security token does not support
ec07c3c8
AK		 384 the <literal>uv</literal> feature at all, or does not allow enabling or disabling it.)</para>
385
386 <xi:include href="version-info.xml" xpointer="v249"/></listitem>
896cc0da
LB		 387 </varlistentry>
388
cf1e172d
LP		 389 <varlistentry>
390 <term><option>--tpm2-device=</option><replaceable>PATH</replaceable></term>
391
392 <listitem><para>Enroll a TPM2 security chip. Expects a device node path referring to the TPM2 chip
393 (e.g. <filename>/dev/tpmrm0</filename>). Alternatively the special value <literal>auto</literal> may
394 be specified, in order to automatically determine the device node of a currently discovered TPM2
395 device (of which there must be exactly one). The special value <literal>list</literal> may be used to
396 enumerate all suitable TPM2 devices currently discovered.</para>
397
398 <para>In order to unlock a LUKS2 volume with an enrolled TPM2 security chip, specify the
399 <option>tpm2-device=</option> option in the respective <filename>/etc/crypttab</filename> line:</para>
400
401 <programlisting>myvolume /dev/sda1 - tpm2-device=auto</programlisting>
402
403 <para>See
404 <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry> for a
405 more comprehensive example of a <command>systemd-cryptenroll</command> invocation and its matching
406 <filename>/etc/crypttab</filename> line.</para>
407
408 <para>Use <option>--tpm2-pcrs=</option> (see below) to configure which TPM2 PCR indexes to bind the
ec07c3c8
AK		 409 enrollment to.</para>
410
411 <xi:include href="version-info.xml" xpointer="v248"/></listitem>
cf1e172d
LP		 412 </varlistentry>
413
382bfd90
DS		 414 <varlistentry>
415 <term><option>--tpm2-seal-key-handle=</option><replaceable>HANDLE</replaceable></term>
416
417 <listitem><para>Configures which parent key to use for sealing, using the TPM handle (index) of the
418 key. This is used to "seal" (encrypt) a secret and must be used later to "unseal" (decrypt) the
419 secret. Expects a hexadecimal 32bit integer, optionally prefixed with
420 <literal>0x</literal>. Allowable values are any handle index in the persistent
421 (<literal>0x81000000</literal>-<literal>0x81ffffff</literal>) or transient
422 (<literal>0x80000000</literal>-<literal>0x80ffffff</literal>) ranges. Since transient handles are
423 lost after a TPM reset, and may be flushed during TPM context switching, they should not be used
424 except for very specific use cases, e.g. testing.</para>
425
426 <para>The default is the Storage Root Key (SRK) handle index <literal>0x81000001</literal>. A value
427 of 0 will use the default. For the SRK handle, a new key will be created and stored in the TPM if one
428 does not already exist; for any other handle, the key must already exist in the TPM at the specified
429 handle index.</para>
430
431 <para>This should not be changed unless you know what you are doing.</para>
432
433 <xi:include href="version-info.xml" xpointer="v255"/></listitem>
434 </varlistentry>
435
cf1e172d
LP		 436 <varlistentry>
437 <term><option>--tpm2-pcrs=</option><arg rep="repeat">PCR</arg></term>
438
10fa7251 439 <listitem><para>Configures the TPM2 PCRs (Platform Configuration Registers) to bind to when
1782b0b8
DS		 440 enrollment is requested via <option>--tpm2-device=</option>. Takes a list of PCR entries, where each
441 entry starts with a name or numeric index in the range 0…23, optionally followed by
442 <literal>:</literal> and a hash algorithm name (specifying the PCR bank), optionally followed by
443 <literal>=</literal> and a hash digest value. Multiple PCR entries are separated by
444 <literal>+</literal>. If not specified, the default is to use PCR 7 only. If an empty string is
445 specified, binds the enrollment to no PCRs at all. See the table above for a list of available
446 PCRs.</para>
10fa7251
ZJS		 447
448 <para>Example: <option>--tpm2-pcrs=boot-loader-code+platform-config+boot-loader-config</option>
449 specifies that PCR registers 4, 1, and 5 should be used.</para>
1782b0b8
DS		 450 <para>Example: <option>--tpm2-pcrs=7:sha256</option> specifies that PCR register 7 from the SHA256
451 bank should be used.</para>
a11a2e05 452 <para>Example: <option>--tpm2-pcrs=4:sha1=3a3f780f11a4b49969fcaa80cd6e3957c33b2275</option>
1782b0b8 453 specifies that PCR register 4 from the SHA1 bank should be used, and a hash digest value of
a11a2e05 454 3a3f780f11a4b49969fcaa80cd6e3957c33b2275 will be used instead of reading the current PCR
1782b0b8 455 value.</para>
ec07c3c8
AK		 456
457 <xi:include href="version-info.xml" xpointer="v248"/>
10fa7251 458 </listitem>
cf1e172d
LP		 459 </varlistentry>
460
caeb5604
GG		 461 <varlistentry>
462 <term><option>--tpm2-with-pin=</option><replaceable>BOOL</replaceable></term>
463
464 <listitem><para>When enrolling a TPM2 device, controls whether to require the user to enter a PIN
465 when unlocking the volume in addition to PCR binding, based on TPM2 policy authentication. Defaults
466 to <literal>no</literal>. Despite being called PIN, any character can be used, not just numbers.
467 </para>
468
f0f4fcae
LP		 469 <para>Note that incorrect PIN entry when unlocking increments the TPM dictionary attack lockout
470 mechanism, and may lock out users for a prolonged time, depending on its configuration. The lockout
471 mechanism is a global property of the TPM, <command>systemd-cryptenroll</command> does not control or
472 configure the lockout mechanism. You may use tpm2-tss tools to inspect or configure the dictionary
473 attack lockout, with <citerefentry
474 project='mankier'><refentrytitle>tpm2_getcap</refentrytitle><manvolnum>1</manvolnum></citerefentry>
475 and <citerefentry
476 project='mankier'><refentrytitle>tpm2_dictionarylockout</refentrytitle><manvolnum>1</manvolnum></citerefentry>
ec07c3c8
AK		 477 commands, respectively.</para>
478
479 <xi:include href="version-info.xml" xpointer="v251"/></listitem>
caeb5604
GG		 480 </varlistentry>
481
f0f4fcae
LP		 482 <varlistentry>
483 <term><option>--tpm2-public-key=</option><arg>PATH</arg></term>
484 <term><option>--tpm2-public-key-pcrs=</option><arg rep="repeat">PCR</arg></term>
485 <term><option>--tpm2-signature=</option><arg>PATH</arg></term>
486
487 <listitem><para>Configures a TPM2 signed PCR policy to bind encryption to. The
488 <option>--tpm2-public-key=</option> option accepts a path to a PEM encoded RSA public key, to bind
489 the encryption to. If this is not specified explicitly, but a file
490 <filename>tpm2-pcr-public-key.pem</filename> exists in one of the directories
491 <filename>/etc/systemd/</filename>, <filename>/run/systemd/</filename>,
492 <filename>/usr/lib/systemd/</filename> (searched in this order), it is automatically used. The
493 <option>--tpm2-public-key-pcrs=</option> option takes a list of TPM2 PCR indexes to bind to (same
494 syntax as <option>--tpm2-pcrs=</option> described above). If not specified defaults to 11 (i.e. this
495 binds the policy to any unified kernel image for which a PCR signature can be provided).</para>
496
497 <para>Note the difference between <option>--tpm2-pcrs=</option> and
498 <option>--tpm2-public-key-pcrs=</option>: the former binds decryption to the current, specific PCR
499 values; the latter binds decryption to any set of PCR values for which a signature by the specified
500 public key can be provided. The latter is hence more useful in scenarios where software updates shell
10fa7251
ZJS		 501 be possible without losing access to all previously encrypted LUKS2 volumes. Like with
502 <option>--tpm2-pcrs=</option>, names defined in the table above can also be used to specify the
503 registers, for instance
504 <option>--tpm2-public-key-pcrs=boot-loader-code+system-identity</option>.</para>
f0f4fcae 505
10fa7251
ZJS		 506 <para>The <option>--tpm2-signature=</option> option takes a path to a TPM2 PCR signature file as
507 generated by the
f0f4fcae 508 <citerefentry><refentrytitle>systemd-measure</refentrytitle><manvolnum>1</manvolnum></citerefentry>
10fa7251 509 tool. If this is not specified explicitly, a suitable signature file
f0f4fcae 510 <filename>tpm2-pcr-signature.json</filename> is searched for in <filename>/etc/systemd/</filename>,
10fa7251
ZJS		 511 <filename>/run/systemd/</filename>, <filename>/usr/lib/systemd/</filename> (in this order) and used.
512 If a signature file is specified or found it is used to verify if the volume can be unlocked with it
513 given the current PCR state, before the new slot is written to disk. This is intended as safety net
514 to ensure that access to a volume is not lost if a public key is enrolled for which no valid
515 signature for the current PCR state is available. If the supplied signature does not unlock the
f0f4fcae 516 current PCR state and public key combination, no slot is enrolled and the operation will fail. If no
ec07c3c8
AK		 517 signature file is specified or found no such safety verification is done.</para>
518
519 <xi:include href="version-info.xml" xpointer="v252"/></listitem>
f0f4fcae
LP		 520 </varlistentry>
521
e2062109
LP		 522 <varlistentry>
523 <term><option>--tpm2-pcrlock=</option><arg>PATH</arg></term>
524
525 <listitem><para>Configures a TPM2 pcrlock policy to bind encryption to. Expects a path to a pcrlock
526 policy file as generated by the
527 <citerefentry><refentrytitle>systemd-pcrlock</refentrytitle><manvolnum>1</manvolnum></citerefentry>
528 tool. If a TPM2 device is enrolled and this option is not used but a file
529 <filename>pcrlock.json</filename> is found in <filename>/run/systemd/</filename> or
530 <filename>/var/lib/systemd/</filename> it is automatically used. Assign an empty string to turn this
531 behaviour off.</para>
532
533 <xi:include href="version-info.xml" xpointer="v255"/></listitem>
534 </varlistentry>
535
cf1e172d
LP		 536 <varlistentry>
537 <term><option>--wipe-slot=</option><arg rep="repeat">SLOT</arg></term>
538
539 <listitem><para>Wipes one or more LUKS2 key slots. Takes a comma separated list of numeric slot
540 indexes, or the special strings <literal>all</literal> (for wiping all key slots),
541 <literal>empty</literal> (for wiping all key slots that are unlocked by an empty passphrase),
542 <literal>password</literal> (for wiping all key slots that are unlocked by a traditional passphrase),
543 <literal>recovery</literal> (for wiping all key slots that are unlocked by a recovery key),
544 <literal>pkcs11</literal> (for wiping all key slots that are unlocked by a PKCS#11 token),
545 <literal>fido2</literal> (for wiping all key slots that are unlocked by a FIDO2 token),
546 <literal>tpm2</literal> (for wiping all key slots that are unlocked by a TPM2 chip), or any
547 combination of these strings or numeric indexes, in which case all slots matching either are
548 wiped. As safety precaution an operation that wipes all slots without exception (so that the volume
549 cannot be unlocked at all anymore, unless the volume key is known) is refused.</para>
550
551 <para>This switch may be used alone, in which case only the requested wipe operation is executed. It
552 may also be used in combination with any of the enrollment options listed above, in which case the
553 enrollment is completed first, and only when successful the wipe operation executed — and the newly
554 added slot is always excluded from the wiping. Combining enrollment and slot wiping may thus be used to
555 update existing enrollments:</para>
556
557 <programlisting>systemd-cryptenroll /dev/sda1 --wipe-slot=tpm2 --tpm2-device=auto</programlisting>
558
45861042 559 <para>The above command will enroll the TPM2 chip, and then wipe all previously created TPM2
cf1e172d
LP		 560 enrollments on the LUKS2 volume, leaving only the newly created one. Combining wiping and enrollment
561 may also be used to replace enrollments of different types, for example for changing from a PKCS#11
562 enrollment to a FIDO2 one:</para>
563
564 <programlisting>systemd-cryptenroll /dev/sda1 --wipe-slot=pkcs11 --fido2-device=auto</programlisting>
565
566 <para>Or for replacing an enrolled empty password by TPM2:</para>
567
568 <programlisting>systemd-cryptenroll /dev/sda1 --wipe-slot=empty --tpm2-device=auto</programlisting>
ec07c3c8
AK		 569
570 <xi:include href="version-info.xml" xpointer="v248"/>
cf1e172d
LP		 571 </listitem>
572 </varlistentry>
573
574 <xi:include href="standard-options.xml" xpointer="help" />
575 <xi:include href="standard-options.xml" xpointer="version" />
576 </variablelist>
577
578 </refsect1>
579
580 <refsect1>
581 <title>Exit status</title>
582
583 <para>On success, 0 is returned, a non-zero failure code otherwise.</para>
584 </refsect1>
585
38e3c61d
ZJS		 586 <refsect1>
587 <title>Examples</title>
588
589 <para><citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry> and
590 <citerefentry><refentrytitle>systemd-measure</refentrytitle><manvolnum>1</manvolnum></citerefentry>
591 contain various examples employing <command>systemd-cryptenroll</command>.</para>
592 </refsect1>
593
cf1e172d
LP		 594 <refsect1>
595 <title>See Also</title>
596 <para>
597 <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
598 <citerefentry><refentrytitle>systemd-cryptsetup@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
599 <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
f0f4fcae
LP		 600 <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
601 <citerefentry><refentrytitle>systemd-measure</refentrytitle><manvolnum>1</manvolnum></citerefentry>
cf1e172d
LP		 602 </para>
603 </refsect1>
604
605</refentry>
Unnamed repository; edit this file 'description' to name the repository.