From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 5 Jun 2025 12:40:42 +0000 (+0200)
Subject: man: suggest using --unlock-tpm2-device=auto in cryptenroll example
X-Git-Tag: v258-rc1~381
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=c91f1a3db864650166d1b635470119b5072d7c41;p=thirdparty%2Fsystemd.git

man: suggest using --unlock-tpm2-device=auto in cryptenroll example

When refreshing a tpm2 enrollment, it makes sense to use tpm2 to unlock
the device.

Fixes: #35279
---

diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml
index 5572510e1ff..e27ae4288e0 100644
--- a/man/systemd-cryptenroll.xml
+++ b/man/systemd-cryptenroll.xml
@@ -699,7 +699,7 @@
         added slot is always excluded from the wiping. Combining enrollment and slot wiping may thus be used to
         update existing enrollments:</para>
 
-        <programlisting>systemd-cryptenroll /dev/sda1 --wipe-slot=tpm2 --tpm2-device=auto</programlisting>
+        <programlisting>systemd-cryptenroll /dev/sda1 --wipe-slot=tpm2 --tpm2-device=auto --unlock-tpm2-device=auto</programlisting>
 
         <para>The above command will enroll the TPM2 chip, and then wipe all previously created TPM2
         enrollments on the LUKS2 volume, leaving only the newly created one. Combining wiping and enrollment