diff options
author | Grigori Goronzy <greg@chown.ath.cx> | 2022-02-18 21:13:41 +0100 |
---|---|---|
committer | Grigori Goronzy <greg@chown.ath.cx> | 2022-03-15 21:17:00 +0100 |
commit | 4005d41ef0d007021deb0536800fc782ff670420 (patch) | |
tree | f661dd820a67cc68765d6e34816780805464206a /man | |
parent | caeb5604f9fd8e7aa43c7a1c853f8a7597240b17 (diff) | |
download | systemd-4005d41ef0d007021deb0536800fc782ff670420.tar.gz |
cryptsetup: add manual TPM2 PIN configuration
Handle the case where TPM2 metadata is not available and explicitly
provided in crypttab. This adds a new "tpm2-pin" option to crypttab
options for this purpose.
Diffstat (limited to 'man')
-rw-r--r-- | man/crypttab.xml | 8 |
1 files changed, 8 insertions, 0 deletions
diff --git a/man/crypttab.xml b/man/crypttab.xml index ac5c6ef666..22411166a8 100644 --- a/man/crypttab.xml +++ b/man/crypttab.xml @@ -678,6 +678,14 @@ </varlistentry> <varlistentry> + <term><option>tpm2-pin=</option></term> + + <listitem><para>Takes a boolean argument, defaults to <literal>false</literal>. Controls whether + TPM2 volume unlocking is bound to a PIN in addition to PCRs. Similarly, this option is only useful + when TPM2 enrollment metadata is not available.</para></listitem> + </varlistentry> + + <varlistentry> <term><option>token-timeout=</option></term> <listitem><para>Specifies how long to wait at most for configured security devices (i.e. FIDO2, |