From 0fceb5539d59e5d8bc0b8a387a686059483de174 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Mon, 19 Feb 2024 18:22:49 +0100
Subject: [PATCH] man: now that the crdentials used by systemd-cryptenroll are
 in order, document them

Replaces: #31370
---
 man/systemd-cryptenroll.xml | 45 +++++++++++++++++++++++++++++++++++++
 1 file changed, 45 insertions(+)

diff --git a/man/systemd-cryptenroll.xml b/man/systemd-cryptenroll.xml
index dfc6d31cf4b..c687ac31bb1 100644
--- a/man/systemd-cryptenroll.xml
+++ b/man/systemd-cryptenroll.xml
@@ -650,6 +650,51 @@
 
   </refsect1>
 
+  <refsect1>
+    <title>Credentials</title>
+
+    <para><command>systemd-cryptenroll</command> supports the service credentials logic as implemented by
+    <varname>ImportCredential=</varname>/<varname>LoadCredential=</varname>/<varname>SetCredential=</varname>
+    (see <citerefentry><refentrytitle>systemd.exec</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
+    details). The following credentials are used when passed in:</para>
+
+    <variablelist class='system-credentials'>
+      <varlistentry>
+        <term><varname>cryptenroll.passphrase</varname></term>
+        <term><varname>cryptenroll.new-passphrase</varname></term>
+
+        <listitem><para>May contain the passphrase to unlock the volume with/to newly enroll.</para>
+
+        <xi:include href="version-info.xml" xpointer="v256"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>cryptenroll.tpm2-pin</varname></term>
+        <term><varname>cryptenroll.new-tpm2-pin</varname></term>
+
+        <listitem><para>May contain the TPM2 PIN to unlock the volume with/to newly enroll.</para>
+
+        <xi:include href="version-info.xml" xpointer="v256"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>cryptenroll.fido2-pin</varname></term>
+
+        <listitem><para>If a FIDO2 token is enrolled this may contain the PIN of the token.</para>
+
+        <xi:include href="version-info.xml" xpointer="v256"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>cryptenroll.pkcs11-pin</varname></term>
+
+        <listitem><para>If a PKCS#11 token is enrolled this may contain the PIN of the token.</para>
+
+        <xi:include href="version-info.xml" xpointer="v256"/></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
   <refsect1>
     <title>Exit status</title>