</refsect1>
<refsect1>
- <title>Options</title>
+ <title>Unlocking</title>
- <para>The following options are understood:</para>
+ <para>The following options are understood that may be used to unlock the device in preparation of the enrollment operations:</para>
<variablelist>
- <varlistentry>
- <term><option>--password</option></term>
-
- <listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
- <command>cryptsetup luksAddKey</command>, however may be combined with
- <option>--wipe-slot=</option> in one call, see below.</para>
-
- <xi:include href="version-info.xml" xpointer="v248"/></listitem>
- </varlistentry>
-
- <varlistentry>
- <term><option>--recovery-key</option></term>
-
- <listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
- computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
- key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
- </para>
-
- <xi:include href="version-info.xml" xpointer="v248"/></listitem>
- </varlistentry>
-
<varlistentry>
<term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
</varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>Simple Enrollment</title>
+
+ <para>The following options are understood that may be used to enroll simple user input based
+ unlocking:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>--password</option></term>
+
+ <listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
+ <command>cryptsetup luksAddKey</command>, however may be combined with
+ <option>--wipe-slot=</option> in one call, see below.</para>
+
+ <xi:include href="version-info.xml" xpointer="v248"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--recovery-key</option></term>
+
+ <listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
+ computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
+ key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
+ </para>
+
+ <xi:include href="version-info.xml" xpointer="v248"/></listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+ <refsect1>
+ <title>PKCS#11 Enrollment</title>
+
+ <para>The following option is understood that may be used to enroll PKCS#11 tokens:</para>
+
+ <variablelist>
<varlistentry>
<term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
</varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>FIDO2 Enrollment</title>
+
+ <para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
+ <variablelist>
<varlistentry>
<term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
<listitem><para>Specify COSE algorithm used in credential generation. The default value is
<xi:include href="version-info.xml" xpointer="v249"/></listitem>
</varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>TPM2 Enrollment</title>
+
+ <para>The following options are understood that may be used to enroll TPM2 devices:</para>
+ <variablelist>
<varlistentry>
<term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
</varlistentry>
+ </variablelist>
+ </refsect1>
+ <refsect1>
+ <title>Other Options</title>
+
+ <para>The following additional options are understood:</para>
+
+ <variablelist>
<varlistentry>
<term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>
projects / thirdparty / systemd.git / commitdiff
