1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

8 Commits

Author SHA1 Message Date
Lennart Poettering
fe672fe539 doc: add new markdown docs for credentials 2022-04-28 18:12:00 +02:00
Lennart Poettering
d43ea6c8ff man: make clear that encrypted credentials are also authenticated
We use authenticated encryption, and that deserves mention. This in
particular relevant as the fact they are authenticated makes the
credentials useful as initrd parameterization items.
2022-04-21 23:23:14 +02:00
Lennart Poettering
231a1caf5e
Merge pull request #23122 from poettering/creds-has-tpm2
tpm2: beef up tpm2 support checks
2022-04-20 23:18:02 +02:00
Lennart Poettering
b6553329c0 creds-util: permit credentials encrypted/signed by fixed zero length keys as fallback for systems lacking TPM2
This is supposed to be useful when generating credentials for immutable
initrd environments, where it is is relevant to support credentials even
on systems lacking a TPM2 chip.

With this, if `systemd-creds encrypt --with-key=auto-initrd` is used a
credential will be encrypted/signed with the TPM2 if it is available and
recognized by the firmware. Otherwise it will be encrypted/signed with
the fixed empty key, thus providing no confidentiality or authenticity.

The idea is that distributions use this mode to generically create
credentials that are as locked down as possible on the specific
platform.
2022-04-20 17:49:17 +02:00
Lennart Poettering
eb81249e8a man: document new has-tpm2 verb 2022-04-20 16:58:18 +02:00
Morten Linderud
921e1bae16 man: correct minor mistakes in systemd-creds
Signed-off-by: Morten Linderud <morten@linderud.pw>
2022-01-07 16:07:28 +01:00
Zbigniew Jędrzejewski-Szmek
ecc5d0c008 man: make systemd-creds man page a bit easier to read 2021-12-13 15:01:44 +01:00
Lennart Poettering
c1017f6b7b man: add man page for "systemd-creds" 2021-07-08 09:31:18 +02:00