<programlisting>systemd-cryptenroll /dev/sda1 --wipe-slot=tpm2 --tpm2-device=auto</programlisting>
- <para>The above command will enroll the TPM2 chip, and then wipe all previously crated TPM2
+ <para>The above command will enroll the TPM2 chip, and then wipe all previously created TPM2
enrollments on the LUKS2 volume, leaving only the newly created one. Combining wiping and enrollment
may also be used to replace enrollments of different types, for example for changing from a PKCS#11
enrollment to a FIDO2 one:</para>
return log_oom();
}
- /* And of course, als remember the tokens to remove. */
+ /* And of course, also remember the tokens to remove. */
if (shall_wipe)
if (set_put(wipe_tokens, INT_TO_PTR(token)) < 0)
return log_oom();
" --tpm2-device=PATH\n"
" Enroll a TPM2 device\n"
" --tpm2-pcrs=PCR1,PCR2,PCR3,…\n"
- " Specifiy TPM2 PCRs to seal against\n"
+ " Specify TPM2 PCRs to seal against\n"
" --wipe-slot=SLOT1,SLOT2,…\n"
" Wipe specified slots\n"
"\nSee the %s for details.\n"
password,
strlen(password));
if (r < 0)
- return log_error_errno(r, "Password from environent variable $PASSWORD did not work.");
+ return log_error_errno(r, "Password from environment variable $PASSWORD did not work.");
} else {
AskPasswordFlags ask_password_flags = ASK_PASSWORD_PUSH_CACHE|ASK_PASSWORD_ACCEPT_CACHED;
_cleanup_free_ char *question = NULL, *disk_path = NULL;
r = ask_password_auto("Please enter security token PIN:", "drive-harddisk", NULL, "fido2-pin", until, flags, &pins);
if (r < 0)
- return log_error_errno(r, "Failed to ask for user pasword: %m");
+ return log_error_errno(r, "Failed to ask for user password: %m");
flags &= ~ASK_PASSWORD_ACCEPT_CACHED;
}
&keyslot,
&token);
if (r == -ENXIO) {
- /* No futher TPM2 tokens found in the LUKS2 header.*/
+ /* No further TPM2 tokens found in the LUKS2 header.*/
if (found_some)
return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN),
"No TPM2 metadata matching the current system state found in LUKS2 header, falling back to traditional unlocking.");
return sd_netlink_message_close_container(m); /* NFTA_LIST_ELEM */
}
-/* -t nat -A POSTROUTING -p protocol -s source/pflen -o out_interface -d destionation/pflen -j MASQUERADE */
static int sd_nfnl_message_new_masq_rule(sd_netlink *nfnl, sd_netlink_message **ret, int family,
const char *chain) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
int r;
+ /* -t nat -A POSTROUTING -p protocol -s source/pflen -o out_interface -d destination/pflen -j MASQUERADE */
+
r = sd_nfnl_nft_message_new_rule(nfnl, &m, family, NFT_SYSTEMD_TABLE_NAME, chain);
if (r < 0)
return r;
return 0;
}
-/* -t nat -A PREROUTING -p protocol --dport local_port -i in_interface -s source/pflen -d destionation/pflen -j DNAT --to-destination remote_addr:remote_port */
static int sd_nfnl_message_new_dnat_rule_pre(sd_netlink *nfnl, sd_netlink_message **ret, int family,
const char *chain) {
_cleanup_(sd_netlink_message_unrefp) sd_netlink_message *m = NULL;
uint32_t local = RTN_LOCAL;
int r;
+ /* -t nat -A PREROUTING -p protocol --dport local_port -i in_interface -s source/pflen
+ * -d destination/pflen -j DNAT --to-destination remote_addr:remote_port */
+
r = sd_nfnl_nft_message_new_rule(nfnl, &m, family, NFT_SYSTEMD_TABLE_NAME, chain);
if (r < 0)
return r;
return r;
/* 4th statement: dnat connection to address/port retrieved by the
- * preceeding expression. */
+ * preceding expression. */
proto_reg = NFT_REG32_02;
r = nfnl_add_expr_dnat(m, family, NFT_REG32_01, proto_reg);
if (r < 0)
* In the nftables case, everything gets removed. The next add operation
* will yield -ENOENT.
*
- * If we see -ENOENT on add, replay the inital table setup.
+ * If we see -ENOENT on add, replay the initial table setup.
* If that works, re-do the add operation.
*
* Note that this doesn't protect against external sabotage such as a
assert_se(fd_is_mount_point(fd, "proc", 0) > 0);
assert_se(fd_is_mount_point(fd, "proc/", 0) > 0);
- /* /root's entire raison d'etre is to be on the root file system (i.e. not in /home/ which might be
- * split off), so that the user can always log in, so it cannot be a mount point unless the system is
- * borked. Let's allow for it to be missing though. */
+ /* /root's entire reason for being is to be on the root file system (i.e. not in /home/ which
+ * might be split off), so that the user can always log in, so it cannot be a mount point unless
+ * the system is borked. Let's allow for it to be missing though. */
assert_se(IN_SET(fd_is_mount_point(fd, "root", 0), -ENOENT, 0));
assert_se(IN_SET(fd_is_mount_point(fd, "root/", 0), -ENOENT, 0));
}
/*
* When reading from sysfs or from a dump file, the file may be
- * shorter than announced. For SMBIOS v3 this is expcted, as we
+ * shorter than announced. For SMBIOS v3 this is expected, as we
* only know the maximum table size, not the actual table size.
* For older implementations (and for SMBIOS v3 too), this
* would be the result of the kernel truncating the table on
buf[0x06], 0x18U);
if (!verify_checksum(buf, buf[0x06]))
- return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Faied to verify checksum.");
+ return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Failed to verify checksum.");
offset = QWORD(buf + 0x10);
if (!no_file_offset && (offset >> 32) != 0 && sizeof(int64_t) < 8)
projects / thirdparty / systemd.git / commitdiff
