1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00

Merge pull request #26193 from aafeijoo-suse/cryptenroll-unlock-fido2-device-man-and-bash-completion-fix

Add missing --unlock-fido2-device to systemd-cryptenroll man and bash-completion
This commit is contained in:
Luca Boccassi 2023-01-25 13:15:13 +00:00 committed by GitHub
commit 6ec7a722ba
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 1 deletions

View File

@ -109,6 +109,17 @@
contain the full key.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--unlock-fido2-device=</option><replaceable>PATH</replaceable></term>
<listitem><para>Use a FIDO2 device instead of a password/passphrase read from stdin to unlock the
volume. Expects a <filename>hidraw</filename> device referring to the FIDO2 device (e.g.
<filename>/dev/hidraw1</filename>). Alternatively the special value <literal>auto</literal> may be
specified, in order to automatically determine the device node of a currently plugged in security
token (of which there must be exactly one). This automatic discovery is unsupported if
<option>--fido2-device=</option> option is also specified.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--pkcs11-token-uri=</option><replaceable>URI</replaceable></term>
@ -151,7 +162,8 @@
extension (e.g. a YubiKey). Expects a <filename>hidraw</filename> device referring to the FIDO2
device (e.g. <filename>/dev/hidraw1</filename>). Alternatively the special value
<literal>auto</literal> may be specified, in order to automatically determine the device node of a
currently plugged in security token (of which there must be exactly one). The special value
currently plugged in security token (of which there must be exactly one). This automatic discovery
is unsupported if <option>--unlock-fido2-device=</option> option is also specified. The special value
<literal>list</literal> may be used to enumerate all suitable FIDO2 tokens currently plugged in. Note
that many hardware security tokens that implement FIDO2 also implement the older PKCS#11
standard. Typically FIDO2 is preferable, given it's simpler to use and more modern.</para>

View File

@ -51,6 +51,7 @@ _systemd-cryptenroll() {
[STANDALONE]='-h --help --version
--password --recovery-key'
[ARG]='--unlock-key-file
--unlock-fido2-device
--pkcs11-token-uri
--fido2-credential-algorithm
--fido2-device
@ -74,6 +75,9 @@ _systemd-cryptenroll() {
comps=$(compgen -A file -- "$cur")
compopt -o filenames
;;
--unlock-fido2-device)
comps="auto $(__get_fido2_devices)"
;;
--pkcs11-token-uri)
comps='auto list pkcs11:'
;;