diff options
author | Luca Boccassi <luca.boccassi@microsoft.com> | 2021-04-13 13:12:46 +0100 |
---|---|---|
committer | Luca Boccassi <bluca@debian.org> | 2021-05-07 21:36:27 +0100 |
commit | 896cc0da986f85980c4377d3f7073ce1f1cae778 (patch) | |
tree | e678cb598fddf587c83ec6f4e7d9c02339825c69 /man/systemd-cryptenroll.xml | |
parent | 06f087192d27d6bbb237f8966c2fa2d6b790f7f2 (diff) | |
download | systemd-896cc0da986f85980c4377d3f7073ce1f1cae778.tar.gz |
FIDO2: ask and record whether user verification was used to lock the volume
Some tokens support authorization via fingerprint or other biometric
ID. Add support for "user verification" to cryptenroll and cryptsetup.
Disable by default, as it is still quite uncommon.
Diffstat (limited to 'man/systemd-cryptenroll.xml')
-rw-r--r-- | man/systemd-cryptenroll.xml | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml index 5b1b60db64..c7f4e63f60 100644 --- a/man/systemd-cryptenroll.xml +++ b/man/systemd-cryptenroll.xml @@ -142,6 +142,14 @@ </varlistentry> <varlistentry> + <term><option>--fido2-with-user-verification=</option><replaceable>BOOL</replaceable></term> + + <listitem><para>When enrolling a FIDO2 security token, controls whether to require user verification + when unlocking the volume (the FIDO2 <literal>uv</literal> feature)). Defaults to <literal>no</literal>. + </para></listitem> + </varlistentry> + + <varlistentry> <term><option>--tpm2-device=</option><replaceable>PATH</replaceable></term> <listitem><para>Enroll a TPM2 security chip. Expects a device node path referring to the TPM2 chip |