The TPM2 enrollment is the only of the three token enrollments where the
user picks a PIN at enrollment time (the others have a PIN set for the
token, not for the enrollment). Let's make sure it uses a different
credential for retrieving this PIN, in order to make sure people can
programmatically change PINs via credentials (in which case they need to
supply both).
.message = "Please enter TPM2 PIN:",
.icon = "drive-harddisk",
.keyring = "tpm2-pin",
- .credential = "cryptenroll.tpm2-pin",
+ .credential = "cryptenroll.new-tpm2-pin",
};
pin = strv_free_erase(pin);