man: document new features

author: Lennart Poettering <lennart@poettering.net> 2020-12-07 17:18:52 +0100
committer: Lennart Poettering <lennart@poettering.net> 2020-12-17 20:02:32 +0100
commit: cf1e172d58b0c0fb3e09ba9b5e6c60093b5b896c (patch)
tree: 5c18a7fd9a5a26e7ca16b2b7d17698e8955ddae4 /man/systemd-cryptsetup@.service.xml
parent: 1abaa197814f21fa452eee2f9cf32cfc770908f4 (diff)
download: systemd-cf1e172d58b0c0fb3e09ba9b5e6c60093b5b896c.tar.gz
1 files changed, 5 insertions, 3 deletions
diff --git a/man/systemd-cryptsetup@.service.xml b/man/systemd-cryptsetup@.service.xml
index 216db7467c..c70d6a9d3e 100644
--- a/man/systemd-cryptsetup@.service.xml
+++ b/man/systemd-cryptsetup@.service.xml
@@ -50,13 +50,14 @@
 
     <orderedlist>
       <listitem><para>If a key file is explicitly configured (via the third column in
-      <filename>/etc/crypttab</filename>), a key read from it is used. If a PKCS#11 token is configured
-      (using the <varname>pkcs11-uri=</varname> option) the key is decrypted before use.</para></listitem>
+      <filename>/etc/crypttab</filename>), a key read from it is used. If a PKCS#11 token, FIDO2 token or
+      TPM2 device is configured (using the <varname>pkcs11-uri=</varname>, <varname>fido2-device=</varname>,
+      <varname>tpm2-device=</varname> options) the key is decrypted before use.</para></listitem>
 
       <listitem><para>If no key file is configured explicitly this way, a key file is automatically loaded
       from <filename>/etc/cryptsetup-keys.d/<replaceable>volume</replaceable>.key</filename> and
       <filename>/run/cryptsetup-keys.d/<replaceable>volume</replaceable>.key</filename>, if present. Here
-      too, if a PKCS#11 token is configured, any key found this way is decrypted before
+      too, if a PKCS#11/FIDO2/TPM2 token/device is configured, any key found this way is decrypted before
       use.</para></listitem>
 
       <listitem><para>If the <varname>try-empty-password</varname> option is specified it is then attempted
@@ -77,6 +78,7 @@
       <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
       <citerefentry><refentrytitle>crypttab</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemd-cryptenroll</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
       <citerefentry project='die-net'><refentrytitle>cryptsetup</refentrytitle><manvolnum>8</manvolnum></citerefentry>
      </para>
   </refsect1>
author	Lennart Poettering <lennart@poettering.net>	2020-12-07 17:18:52 +0100
committer	Lennart Poettering <lennart@poettering.net>	2020-12-17 20:02:32 +0100
commit	cf1e172d58b0c0fb3e09ba9b5e6c60093b5b896c (patch)
tree	5c18a7fd9a5a26e7ca16b2b7d17698e8955ddae4 /man/systemd-cryptsetup@.service.xml
parent	1abaa197814f21fa452eee2f9cf32cfc770908f4 (diff)
download	systemd-cf1e172d58b0c0fb3e09ba9b5e6c60093b5b896c.tar.gz