1 files changed, 5 insertions, 2 deletions

diff --git a/src/cryptenroll/cryptenroll-fido2.c b/src/cryptenroll/cryptenroll-fido2.c
index 1b3ae8d67c..213b7795b6 100644
--- a/src/cryptenroll/cryptenroll-fido2.c
+++ b/src/cryptenroll/cryptenroll-fido2.c
@@ -11,7 +11,8 @@ int enroll_fido2(
                 struct crypt_device *cd,
                 const void *volume_key,
                 size_t volume_key_size,
-                const char *device) {
+                const char *device,
+                Fido2EnrollFlags lock_with) {
 
         _cleanup_(erase_and_freep) void *salt = NULL, *secret = NULL;
         _cleanup_(erase_and_freep) char *base64_encoded = NULL;
@@ -40,6 +41,7 @@ int enroll_fido2(
                         /* user_display_name= */ node,
                         /* user_icon_name= */ NULL,
                         /* askpw_icon_name= */ "drive-harddisk",
+                        lock_with,
                         &cid, &cid_size,
                         &salt, &salt_size,
                         &secret, &secret_size,
@@ -75,7 +77,8 @@ int enroll_fido2(
                                        JSON_BUILD_PAIR("keyslots", JSON_BUILD_ARRAY(JSON_BUILD_STRING(keyslot_as_string))),
                                        JSON_BUILD_PAIR("fido2-credential", JSON_BUILD_BASE64(cid, cid_size)),
                                        JSON_BUILD_PAIR("fido2-salt", JSON_BUILD_BASE64(salt, salt_size)),
-                                       JSON_BUILD_PAIR("fido2-rp", JSON_BUILD_STRING("io.systemd.cryptsetup"))));
+                                       JSON_BUILD_PAIR("fido2-rp", JSON_BUILD_STRING("io.systemd.cryptsetup")),
+                                       JSON_BUILD_PAIR("fido2-clientPin-required", JSON_BUILD_BOOLEAN(FLAGS_SET(lock_with, FIDO2ENROLL_PIN)))));
         if (r < 0)
                 return log_error_errno(r, "Failed to prepare PKCS#11 JSON token object: %m");