clevis/src/luks/clevis-luks-list.1.adoc

CLEVIS-LUKS-LIST(1)
===================
:doctype: manpage


== NAME

clevis-luks-list - Lists pins bound to a LUKS device

== SYNOPSIS

*clevis luks list* -d DEV [-s SLT]

== OVERVIEW

The *clevis luks list* command list the pins bound to LUKS device.
For example:

    clevis luks list -d /dev/sda1

== OPTIONS

* *-d* _DEV_ :
  The LUKS device on which to list bound pins

* *-s* _SLT_ :
  The slot to use for listing the pin from

== EXAMPLES

    clevis luks list -d /dev/sda1
    1: sss '{"t":1,"pins":{"tang":[{"url":"addr1"},{"url":"addr2"}],"tpm2":[{"hash":"sha256","key":"ecc"}],"sss":{"t":1,"pins":{"tang":[{"url":"addr3"}]}}}}'
    2: tang '{"url":"addr"}'
    3: tpm2 '{"hash":"sha256","key":"ecc","pcr_bank":"sha1","pcr_ids":"7"}'

As we can see in the example above, */dev/sda1* has three slots bound each with a different pin.

- Slot #1 is bound with the _sss_ pin, and uses also tang and tpm2 pins in its policy.
- Slot #2 is bound using the _tang_ pin
- Slot #3 is bound with the _tpm2_ pin

Note that the output of *clevis luks list* can be used with the *clevis luks bind* command, such as:

    clevis luks bind -d /dev/sda1 tpm2 '{"hash":"sha256","key":"ecc","pcr_bank":"sha1","pcr_ids":"7"}'

And we will bind another slot with a policy similar to the one we have in slot #3.
Also note that if you are interested in a particular slot, you can pass the _-s SLT_ argument to *clevis luks list*:

  clevis luks list -d /dev/sda1 -s 2
  2: tang '{"url":"addr"}'

In the above example, we listed only the pin bound to slot #2.

== SEE ALSO

link:clevis-luks-bind.1.adoc[*clevis-luks-bind*(1)],
link:clevis-encrypt-tang.1.adoc[*clevis-encrypt-tang*(1)],
link:clevis-encrypt-tpm2.1.adoc[*clevis-encrypt-tpm2*(1)],
link:clevis-encrypt-sss.1.adoc[*clevis-encrypt-sss*(1)],