diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml index 63d378fbc62..8ac98a6cf7f 100644 --- a/man/systemd-cryptenroll.xml +++ b/man/systemd-cryptenroll.xml @@ -265,32 +265,11 @@ - Options + Unlocking - The following options are understood: + The following options are understood that may be used to unlock the device in preparation of the enrollment operations: - - - - Enroll a regular password/passphrase. This command is mostly equivalent to - cryptsetup luksAddKey, however may be combined with - in one call, see below. - - - - - - - - Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are - computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The - key uses a character set that is easy to type in, and may be scanned off screen via a QR code. - - - - - @@ -328,7 +307,45 @@ + + + + Simple Enrollment + + The following options are understood that may be used to enroll simple user input based + unlocking: + + + + + + Enroll a regular password/passphrase. This command is mostly equivalent to + cryptsetup luksAddKey, however may be combined with + in one call, see below. + + + + + + + + Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are + computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The + key uses a character set that is easy to type in, and may be scanned off screen via a QR code. + + + + + + + + + PKCS#11 Enrollment + + The following option is understood that may be used to enroll PKCS#11 tokens: + + @@ -361,7 +378,15 @@ + + + + FIDO2 Enrollment + + The following options are understood that may be used to enroll PKCS#11 tokens: + + Specify COSE algorithm used in credential generation. The default value is @@ -461,7 +486,15 @@ + + + + TPM2 Enrollment + + The following options are understood that may be used to enroll TPM2 devices: + + @@ -636,7 +669,15 @@ + + + + Other Options + + The following additional options are understood: + +