diff options
Diffstat (limited to 'upstream/opensuse-tumbleweed/man1/grub2-protect.1')
| -rw-r--r-- | upstream/opensuse-tumbleweed/man1/grub2-protect.1 | 85 |
1 files changed, 85 insertions, 0 deletions
diff --git a/upstream/opensuse-tumbleweed/man1/grub2-protect.1 b/upstream/opensuse-tumbleweed/man1/grub2-protect.1 new file mode 100644 index 00000000..f4bea4d7 --- /dev/null +++ b/upstream/opensuse-tumbleweed/man1/grub2-protect.1 @@ -0,0 +1,85 @@ +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.49.3. +.TH GRUB-PROTECT "1" "May 2024" "GRUB2 2.12" "User Commands" +.SH NAME +grub-protect \- protect a disk key with a key protector +.SH SYNOPSIS +.B grub-protect +[\fI\,OPTION\/\fR...] +.SH DESCRIPTION +grub-protect helps to pretect a disk encryption key with a specified key protector. +.PP +Protect a cleartext key using a GRUB key protector that can retrieve the key +during boot to unlock fully\-encrypted disks automatically. +.TP +\fB\-a\fR, \fB\-\-action\fR=\fI\,add\/\fR|remove +Add or remove a key protector to or from a key. +.TP +\fB\-p\fR, \fB\-\-protector\fR=\fI\,tpm2\/\fR +Key protector to use (only tpm2 is currently +supported). +.TP +\fB\-\-tpm2\-asymmetric\fR=\fI\,TYPE\/\fR The type of SRK: RSA (RSA2048), RSA3072, RSA4096, +and ECC (ECC_NIST_P256). (default: ECC) +.TP +\fB\-\-tpm2\-bank\fR=\fI\,ALG\/\fR +Bank of PCRs used to authorize key release: SHA1, +SHA256, SHA384, or SHA512. (default: SHA256) +.TP +\fB\-\-tpm2\-device\fR=\fI\,FILE\/\fR +Path to the TPM2 device. (default: \fI\,/dev/tpm0\/\fP) +.TP +\fB\-\-tpm2\-evict\fR +Evict a previously persisted SRK from the TPM, if +any. +.TP +\fB\-\-tpm2\-keyfile\fR=\fI\,FILE\/\fR +Path to a file that contains the cleartext key to +protect. +.TP +\fB\-\-tpm2\-outfile\fR=\fI\,FILE\/\fR +Path to the file that will contain the key after +sealing (must be accessible to GRUB during boot). +.TP +\fB\-\-tpm2\-pcrs\fR=\fI\,0[\/\fR,1]... +Comma\-separated list of PCRs used to authorize +key release e.g., '7,11'. Please be aware that +PCR 0~7 are used by the firmware and the +measurement result may change after a firmware +update (for baremetal systems) or a package +(OVMF/SeaBIOS/SLOF) update in the VM host. This +may lead tothe failure of key unsealing. +(default: 7) +.TP +\fB\-\-tpm2\-srk\fR=\fI\,NUM\/\fR +The SRK handle if the SRK is to be made +persistent. +.TP +\fB\-\-tpm2key\fR +Use TPM 2.0 Key File format instead of the raw +format. +.TP +\-?, \fB\-\-help\fR +give this help list +.TP +\fB\-\-usage\fR +give a short usage message +.TP +\fB\-V\fR, \fB\-\-version\fR +print program version +.PP +Mandatory or optional arguments to long options are also mandatory or optional +for any corresponding short options. +.SH "REPORTING BUGS" +Report bugs to <bug\-grub@gnu.org>. +.SH "SEE ALSO" +The full documentation for +.B grub-protect +is maintained as a Texinfo manual. If the +.B info +and +.B grub-protect +programs are properly installed at your site, the command +.IP +.B info grub-protect +.PP +should give you access to the complete manual. |