man: document new has-tpm2 verb

author Lennart Poettering <lennart@poettering.net>

Tue, 19 Apr 2022 13:08:23 +0000 (15:08 +0200)

committer Lennart Poettering <lennart@poettering.net>

Wed, 20 Apr 2022 14:58:18 +0000 (16:58 +0200)
author Lennart Poettering <lennart@poettering.net>
Tue, 19 Apr 2022 13:08:23 +0000 (15:08 +0200)
committer Lennart Poettering <lennart@poettering.net>
Wed, 20 Apr 2022 14:58:18 +0000 (16:58 +0200)
diff --git a/man/systemd-creds.xml b/man/systemd-creds.xml

index d3c0295d64cfd5f5d6b08dcec1536b66df7d2347..2d6a4fd577221f1f7240832a67caa46b0577d012 100644 (file)
--- a/man/systemd-creds.xml
+++ b/man/systemd-creds.xml
@@ -163,6 +163,20 @@
          and thus decryption is entirely automatic.</para></listitem>
        </varlistentry>
  
+      <varlistentry>
+        <term><command>has-tpm2</command></term>
+
+        <listitem><para>Reports whether the system is equipped with a TPM2 device usable for protecting
+        credentials. If the a TPM2 device has been discovered, is supported, and is being used by firmware,
+        by the OS kernel drivers and by userspace (i.e. systemd) this prints <literal>yes</literal> and exits
+        with exit status zero. If no such device is discovered/supported/used, prints
+        <literal>no</literal>. Otherwise prints <literal>partial</literal>. In either of these two cases
+        exits with non-zero exit status. It also shows three lines indicating separately whether drivers,
+        firmware and the system discovered/support/use TPM2.</para>
+
+        <para>Combine with <option>--quiet</option> to suppress the output.</para></listitem>
+      </varlistentry>
+
        <xi:include href="standard-options.xml" xpointer="help" />
        <xi:include href="standard-options.xml" xpointer="version" />
      </variablelist>
@@ -305,6 +319,14 @@
          <citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para></listitem>
        </varlistentry>
  
+      <varlistentry>
+        <term><option>--quiet</option></term>
+        <term><option>-q</option></term>
+
+        <listitem><para>When used with <command>has-tpm2</command> suppresses the output, and only returns an
+        exit status indicating support for TPM2.</para></listitem>
+      </varlistentry>
+
        <xi:include href="standard-options.xml" xpointer="no-pager" />
        <xi:include href="standard-options.xml" xpointer="no-legend" />
        <xi:include href="standard-options.xml" xpointer="json" />
@@ -315,6 +337,12 @@
      <title>Exit status</title>
  
      <para>On success, 0 is returned.</para>
+
+    <para>In case of the <command>has-tpm2</command> command returns 0 if a TPM2 device is discovered,
+    supported and used by firmware, driver, and userspace (i.e. systemd). Otherwise returns the OR
+    combination of the value 1 (in case firmware support is missing), 2 (in case driver support is missing)
+    and 4 (in case userspace support is missing). If no TPM2 support is available at all, value 7 is hence
+    returned.</para>
    </refsect1>
  
    <refsect1>
author	Lennart Poettering <lennart@poettering.net>
	Tue, 19 Apr 2022 13:08:23 +0000 (15:08 +0200)
committer	Lennart Poettering <lennart@poettering.net>
	Wed, 20 Apr 2022 14:58:18 +0000 (16:58 +0200)