tpm2: support "+" as separator for TPM PCR lists

Previously, we supported only "," as separator. This adds support for
"+" and makes it the documented choice.

This is to make specifying PCRs in crypttab easier, since commas are
already used there for separating volume options, and needless escaping
sucks.

"," continues to be supported, but in order to keep things minimal not
documented.

Fixe: #19205

1 files changed, 3 insertions, 3 deletions

diff --git a/man/crypttab.xml b/man/crypttab.xml
index 8f0ed5b77d..c048cd64c2 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -659,9 +659,9 @@
       <varlistentry>
         <term><option>tpm2-pcrs=</option></term>
 
-        <listitem><para>Takes a comma separated list of numeric TPM2 PCR (i.e. "Platform Configuration
-        Register") indexes to bind the TPM2 volume unlocking to. This option is only useful when TPM2
-        enrollment metadata is not available in the LUKS2 JSON token header already, the way
+        <listitem><para>Takes a <literal>+</literal> separated list of numeric TPM2 PCR (i.e. "Platform
+        Configuration Register") indexes to bind the TPM2 volume unlocking to. This option is only useful
+        when TPM2 enrollment metadata is not available in the LUKS2 JSON token header already, the way
         <command>systemd-cryptenroll</command> writes it there. If not used (and no metadata in the LUKS2
         JSON token header defines it), defaults to a list of a single entry: PCR 7. Assign an empty string to
         encode a policy that binds the key to no PCRs, making the key accessible to local programs regardless