From 72c154226753cb9b0cfad1552c1b958d3889118c Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 28 May 2021 16:45:12 +0200 Subject: [PATCH] man: document that FIDO2 uv/up/clientPin feature support is now handled gracefully --- man/systemd-cryptenroll.xml | 15 ++++++++++----- 1 file changed, 10 insertions(+), 5 deletions(-) diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml index 097cf7518be..d5719bc4635 100644 --- a/man/systemd-cryptenroll.xml +++ b/man/systemd-cryptenroll.xml @@ -128,8 +128,11 @@ BOOL - When enrolling a FIDO2 security token, controls whether to require the user to - enter a PIN when unlocking the volume. Defaults to yes. + When enrolling a FIDO2 security token, controls whether to require the user to enter + a PIN when unlocking the volume (the FIDO2 clientPin feature). Defaults to + yes. (Note: this setting is without effect if the security token does not support + the clientPin feature at all, or does not allow enabling or disabling + it.) @@ -137,7 +140,8 @@ When enrolling a FIDO2 security token, controls whether to require the user to verify presence (tap the token, the FIDO2 up feature) when unlocking the volume. - Defaults to yes. + Defaults to yes. (Note: this setting is without effect if the security token does not support + the up feature at all, or does not allow enabling or disabling it.) @@ -145,8 +149,9 @@ BOOL When enrolling a FIDO2 security token, controls whether to require user verification - when unlocking the volume (the FIDO2 uv feature)). Defaults to no. - + when unlocking the volume (the FIDO2 uv feature). Defaults to + no. (Note: this setting is without effect if the security token does not support + the uv feature at all, or does not allow enabling or disabling it.)