From ccd25f41f52e72846ea7940769076094e4601ec3 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Mon, 11 Oct 2021 11:15:08 +0200 Subject: [PATCH] docs: document $SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE --- docs/ENVIRONMENT.md | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md index 5b7c01d149..175bb8a819 100644 --- a/docs/ENVIRONMENT.md +++ b/docs/ENVIRONMENT.md @@ -364,3 +364,10 @@ disk images with `--image=` or similar: against any of the certificates in `/etc/verity.d/*.crt` (and similar directores in `/usr/lib/`, `/run`, …) or passed to the kernel for validation against its built-in certificates. + +`systemd-cryptsetup`: + +* `$SYSTEMD_CRYPTSETUP_USE_TOKEN_MODULE` – takes a boolean, which controls + whether to use the libcryptsetup "token" plugin module logic even when + activating via FIDO2, PKCS#11, TPM2, i.e. mechanisms natively supported by + `systemd-cryptsetup`. Defaults to enabled.