mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
e262205eb7
systemd-cryptsetup supports a FIDO2 mode with manual parameters, where the user provides all the information necessary for recreating the secret, such as: credential ID, relaying party ID and the salt. This feature works great for implementing 2FA schemes, where the salt file is for example a secret unsealed from the TPM or some other source. While the unlocking part is quite straightforward to set up, enrolling such a keyslot - not so easy. There is no clearly documented way on how to set this up and online resources are scarce on this topic too. By implementing a straightforward way to enroll such a keyslot directly from systemd-cryptenroll we streamline the enrollment process and reduce chances for user error when doing such things manually. |
||
---|---|---|
.. | ||
bash | ||
zsh |