diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-04-18 21:11:27 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-04-18 21:11:27 +0200 |
| commit | dd37963affade1938db73df25f8c1b4892dcd2d1 (patch) | |
| tree | 353193324aa1e88b6e076d17bd192929dc5085b6 /man | |
| parent | Merge pull request #32121 from CodethinkLabs/basic-mkosi-integration-tests (diff) | |
| parent | ci: update tests to showcase new option a bit (diff) | |
| download | systemd-dd37963affade1938db73df25f8c1b4892dcd2d1.tar.xz systemd-dd37963affade1938db73df25f8c1b4892dcd2d1.zip | |
Merge pull request #31790 from poettering/pcrlock-policy-fix
Replace PolicyAuthValue by PolicySigned as access policy for pcrlock policy nvindex
Diffstat (limited to 'man')
| -rw-r--r-- | man/systemd-pcrlock.xml | 17 |
1 files changed, 10 insertions, 7 deletions
diff --git a/man/systemd-pcrlock.xml b/man/systemd-pcrlock.xml index 2c674a34b4..e2e861b246 100644 --- a/man/systemd-pcrlock.xml +++ b/man/systemd-pcrlock.xml @@ -504,13 +504,16 @@ <varlistentry> <term><option>--recovery-pin=</option></term> - <listitem><para>Takes a boolean. Defaults to false. Honoured by <command>make-policy</command>. If - true, will query the user for a PIN to unlock the TPM2 NV index with. If no policy was created before - this PIN is used to protect the newly allocated NV index. If a policy has been created before the PIN - is used to unlock write access to the NV index. If this option is not used a PIN is automatically - generated. Regardless if user supplied or automatically generated, it is stored in encrypted form in - the policy metadata file. The recovery PIN may be used to regain write access to an NV index in case - the access policy became out of date.</para> + <listitem><para>Takes one of <literal>hide</literal>, <literal>show</literal> or + <literal>query</literal>. Defaults to <literal>hide</literal>. Honoured by + <command>make-policy</command>. If <literal>query</literal>, will query the user for a PIN to unlock + the TPM2 NV index with. If no policy was created before, this PIN is used to protect the newly + allocated NV index. If a policy has been created before, the PIN is used to unlock write access to + the NV index. If either <literal>hide</literal> or <literal>show</literal> is used, a PIN is + automatically generated, and — only in case of <literal>show</literal> — displayed on + screen. Regardless if user supplied or automatically generated, it is stored in encrypted form in the + policy metadata file. The recovery PIN may be used to regain write access to an NV index in case the + access policy became out of date.</para> <xi:include href="version-info.xml" xpointer="v255"/></listitem> </varlistentry> |