diff options
Diffstat (limited to 'src/cryptenroll/cryptenroll-fido2.c')
-rw-r--r-- | src/cryptenroll/cryptenroll-fido2.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/src/cryptenroll/cryptenroll-fido2.c b/src/cryptenroll/cryptenroll-fido2.c index 1b3ae8d67c..213b7795b6 100644 --- a/src/cryptenroll/cryptenroll-fido2.c +++ b/src/cryptenroll/cryptenroll-fido2.c @@ -11,7 +11,8 @@ int enroll_fido2( struct crypt_device *cd, const void *volume_key, size_t volume_key_size, - const char *device) { + const char *device, + Fido2EnrollFlags lock_with) { _cleanup_(erase_and_freep) void *salt = NULL, *secret = NULL; _cleanup_(erase_and_freep) char *base64_encoded = NULL; @@ -40,6 +41,7 @@ int enroll_fido2( /* user_display_name= */ node, /* user_icon_name= */ NULL, /* askpw_icon_name= */ "drive-harddisk", + lock_with, &cid, &cid_size, &salt, &salt_size, &secret, &secret_size, @@ -75,7 +77,8 @@ int enroll_fido2( JSON_BUILD_PAIR("keyslots", JSON_BUILD_ARRAY(JSON_BUILD_STRING(keyslot_as_string))), JSON_BUILD_PAIR("fido2-credential", JSON_BUILD_BASE64(cid, cid_size)), JSON_BUILD_PAIR("fido2-salt", JSON_BUILD_BASE64(salt, salt_size)), - JSON_BUILD_PAIR("fido2-rp", JSON_BUILD_STRING("io.systemd.cryptsetup")))); + JSON_BUILD_PAIR("fido2-rp", JSON_BUILD_STRING("io.systemd.cryptsetup")), + JSON_BUILD_PAIR("fido2-clientPin-required", JSON_BUILD_BOOLEAN(FLAGS_SET(lock_with, FIDO2ENROLL_PIN))))); if (r < 0) return log_error_errno(r, "Failed to prepare PKCS#11 JSON token object: %m"); |