docs: document $SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE

author Lennart Poettering <lennart@poettering.net>

Mon, 11 Oct 2021 09:15:08 +0000 (11:15 +0200)

committer Lennart Poettering <lennart@poettering.net>

Mon, 11 Oct 2021 09:15:08 +0000 (11:15 +0200)
author Lennart Poettering <lennart@poettering.net>
Mon, 11 Oct 2021 09:15:08 +0000 (11:15 +0200)
committer Lennart Poettering <lennart@poettering.net>
Mon, 11 Oct 2021 09:15:08 +0000 (11:15 +0200)
diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md

index 5b7c01d149043ed6fbe4a17fdb15713a9cabed31..175bb8a8193ce11e76b89c0d41f82ec8b7cbd14c 100644 (file)
--- a/docs/ENVIRONMENT.md
+++ b/docs/ENVIRONMENT.md
@@ -364,3 +364,10 @@ disk images with `--image=` or similar:
    against any of the certificates in `/etc/verity.d/*.crt` (and similar
    directores in `/usr/lib/`, `/run`, …) or passed to the kernel for validation
    against its built-in certificates.
+
+`systemd-cryptsetup`:
+
+* `$SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE` – takes a boolean, which controls
+  whether to use the libcryptsetup "token" plugin module logic even when
+  activating via FIDO2, PKCS#11, TPM2, i.e. mechanisms natively supported by
+  `systemd-cryptsetup`. Defaults to enabled.
author	Lennart Poettering <lennart@poettering.net>
	Mon, 11 Oct 2021 09:15:08 +0000 (11:15 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Mon, 11 Oct 2021 09:15:08 +0000 (11:15 +0200)