clevis-luks-list - Man Page

Lists pins bound to a LUKS device

Synopsis

clevis luks list -d DEV [-s SLT]

Overview

The clevis luks list command list the pins bound to LUKS device. For example:

clevis luks list -d /dev/sda1

Options

Examples

clevis luks list -d /dev/sda1
1: sss '{"t":1,"pins":{"tang":[{"url":"addr1"},{"url":"addr2"}],"tpm2":[{"hash":"sha256","key":"ecc"}],"sss":{"t":1,"pins":{"tang":[{"url":"addr3"}]}}}}'
2: tang '{"url":"addr"}'
3: tpm2 '{"hash":"sha256","key":"ecc","pcr_bank":"sha1","pcr_ids":"7"}'

As we can see in the example above, /dev/sda1 has three slots bound each with a different pin.

Note that the output of clevis luks list can be used with the clevis luks bind command, such as:

clevis luks bind -d /dev/sda1 tpm2 '{"hash":"sha256","key":"ecc","pcr_bank":"sha1","pcr_ids":"7"}'

And we will bind another slot with a policy similar to the one we have in slot #3. Also note that if you are interested in a particular slot, you can pass the -s SLT argument to clevis luks list:

clevis luks list -d /dev/sda1 -s 2
2: tang '{"url":"addr"}'

In the above example, we listed only the pin bound to slot #2.

See Also

clevis-luks-bind(1), clevis-encrypt-tang(1), clevis-encrypt-tpm2(1), clevis-encrypt-sss(1),

Info

08/31/2020