man: document cryptenroll limitations

Let's document this for now. We should be able to lift these limitations
sooner or later, at which point we can drop this documentation again.

These two limitations are a pitfall that people should be aware of,
before going FIDO2-only.

See: #20230 #19208

diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml
index f763a19149511e75080d947e9f17a6f8490523ac..3b140c37cdde1674de488ab8af6784b66a7523e0 100644 (file)
--- a/man/systemd-cryptenroll.xml
+++ b/man/systemd-cryptenroll.xml
@@ -60,6 +60,23 @@
     area, which is not available in other encryption formats.</para>
   </refsect1>
 
+  <refsect1>
+    <title>Limitations</title>
+
+    <para>Note that currently when enrolling a new key of one of the five supported types listed above, it is
+    required to first provide a passphrase or recovery key (i.e. one of the latter two key types). For
+    example, it's currently not possible to unlock a device with a FIDO2 key in order to enroll a new FIDO2
+    key. Instead, in order to enroll a new FIDO2 key, it is necessary to provide an already enrolled regular
+    passphrase or recovery key. Thus, if in future key roll-over is desired it's generally recommended to
+    combine TPM2, FIDO2, PKCS#11 key enrollment with enrolling a regular passphrase or recovery key.</para>
+
+    <para>Also note that support for enrolling multiple FIDO2 tokens is currently not too useful, as while
+    unlocking <command>systemd-cryptsetup</command> cannot identify which token is currently plugged in and
+    thus does not know which authentication request to send to the device. This limitation does not apply to
+    tokens enrolled via PKCS#11 — because tokens of this type may be identified immediately, before
+    authentication.</para>
+  </refsect1>
+
   <refsect1>
     <title>Options</title>