cryptsetup: add manual TPM2 PIN configuration

Handle the case where TPM2 metadata is not available and explicitly provided in crypttab. This adds a new "tpm2-pin" option to crypttab options for this purpose.
author: Grigori Goronzy <greg@chown.ath.cx> 2022-02-18 21:13:41 +0100
committer: Grigori Goronzy <greg@chown.ath.cx> 2022-03-15 21:17:00 +0100
commit: 4005d41ef0d007021deb0536800fc782ff670420 (patch)
tree: f661dd820a67cc68765d6e34816780805464206a /man/crypttab.xml
parent: caeb5604f9fd8e7aa43c7a1c853f8a7597240b17 (diff)
download: systemd-4005d41ef0d007021deb0536800fc782ff670420.tar.gz
1 files changed, 8 insertions, 0 deletions
diff --git a/man/crypttab.xml b/man/crypttab.xml
index ac5c6ef666..22411166a8 100644
--- a/man/crypttab.xml
+++ b/man/crypttab.xml
@@ -678,6 +678,14 @@
       </varlistentry>
 
       <varlistentry>
+        <term><option>tpm2-pin=</option></term>
+
+        <listitem><para>Takes a boolean argument, defaults to <literal>false</literal>. Controls whether
+        TPM2 volume unlocking is bound to a PIN in addition to PCRs. Similarly, this option is only useful
+        when TPM2 enrollment metadata is not available.</para></listitem>
+      </varlistentry>
+
+      <varlistentry>
         <term><option>token-timeout=</option></term>
 
         <listitem><para>Specifies how long to wait at most for configured security devices (i.e. FIDO2,
author	Grigori Goronzy <greg@chown.ath.cx>	2022-02-18 21:13:41 +0100
committer	Grigori Goronzy <greg@chown.ath.cx>	2022-03-15 21:17:00 +0100
commit	4005d41ef0d007021deb0536800fc782ff670420 (patch)
tree	f661dd820a67cc68765d6e34816780805464206a /man/crypttab.xml
parent	caeb5604f9fd8e7aa43c7a1c853f8a7597240b17 (diff)
download	systemd-4005d41ef0d007021deb0536800fc782ff670420.tar.gz