diff options
| author | Luca Boccassi <bluca@debian.org> | 2023-01-25 14:15:13 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2023-01-25 14:15:13 +0100 |
| commit | 6ec7a722ba9d8a15a66f678766f426c2e18cd184 (patch) | |
| tree | 56f783e8e61d8c3edc6e34e2ada4c0921c712430 | |
| parent | update TODO (diff) | |
| parent | man: add missing --unlock-fido2-device to systemd-cryptenroll (diff) | |
| download | systemd-6ec7a722ba9d8a15a66f678766f426c2e18cd184.tar.xz systemd-6ec7a722ba9d8a15a66f678766f426c2e18cd184.zip | |
Merge pull request #26193 from aafeijoo-suse/cryptenroll-unlock-fido2-device-man-and-bash-completion-fix
Add missing --unlock-fido2-device to systemd-cryptenroll man and bash-completion
| -rw-r--r-- | man/systemd-cryptenroll.xml | 14 | ||||
| -rw-r--r-- | shell-completion/bash/systemd-cryptenroll | 4 |
2 files changed, 17 insertions, 1 deletions
diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml index a654d492a1..1e9a4457c2 100644 --- a/man/systemd-cryptenroll.xml +++ b/man/systemd-cryptenroll.xml @@ -110,6 +110,17 @@ </varlistentry> <varlistentry> + <term><option>--unlock-fido2-device=</option><replaceable>PATH</replaceable></term> + + <listitem><para>Use a FIDO2 device instead of a password/passphrase read from stdin to unlock the + volume. Expects a <filename>hidraw</filename> device referring to the FIDO2 device (e.g. + <filename>/dev/hidraw1</filename>). Alternatively the special value <literal>auto</literal> may be + specified, in order to automatically determine the device node of a currently plugged in security + token (of which there must be exactly one). This automatic discovery is unsupported if + <option>--fido2-device=</option> option is also specified.</para></listitem> + </varlistentry> + + <varlistentry> <term><option>--pkcs11-token-uri=</option><replaceable>URI</replaceable></term> <listitem><para>Enroll a PKCS#11 security token or smartcard (e.g. a YubiKey). Expects a PKCS#11 @@ -151,7 +162,8 @@ extension (e.g. a YubiKey). Expects a <filename>hidraw</filename> device referring to the FIDO2 device (e.g. <filename>/dev/hidraw1</filename>). Alternatively the special value <literal>auto</literal> may be specified, in order to automatically determine the device node of a - currently plugged in security token (of which there must be exactly one). The special value + currently plugged in security token (of which there must be exactly one). This automatic discovery + is unsupported if <option>--unlock-fido2-device=</option> option is also specified. The special value <literal>list</literal> may be used to enumerate all suitable FIDO2 tokens currently plugged in. Note that many hardware security tokens that implement FIDO2 also implement the older PKCS#11 standard. Typically FIDO2 is preferable, given it's simpler to use and more modern.</para> diff --git a/shell-completion/bash/systemd-cryptenroll b/shell-completion/bash/systemd-cryptenroll index 5953814159..66c6524fe8 100644 --- a/shell-completion/bash/systemd-cryptenroll +++ b/shell-completion/bash/systemd-cryptenroll @@ -51,6 +51,7 @@ _systemd-cryptenroll() { [STANDALONE]='-h --help --version --password --recovery-key' [ARG]='--unlock-key-file + --unlock-fido2-device --pkcs11-token-uri --fido2-credential-algorithm --fido2-device @@ -74,6 +75,9 @@ _systemd-cryptenroll() { comps=$(compgen -A file -- "$cur") compopt -o filenames ;; + --unlock-fido2-device) + comps="auto $(__get_fido2_devices)" + ;; --pkcs11-token-uri) comps='auto list pkcs11:' ;; |