the dropped in certs and encrypted with machine pubkey, and pass to machine.
Machine is then able to authenticate you, and confidentiality is guaranteed.
-- systemd-cryptenroll: add --firstboot or so, that will interactively ask user
- whether recovery key shall be enrolled and do so
-
- systemd-dissect: add --cat switch for dumping files such as /etc/os-release
- systemd-dissect: show available versions inside of a disk image, i.e. if
- coredumpctl
- systemd-bless-boot
- systemd-measure
- - systemd-cryptenroll (to allow UIs to enroll FIDO2 keys and such)
- systemd-dissect
- systemd-sysupdate
- systemd-analyze