clevis-luks-regen.1.adoc 1.4 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051
  1. CLEVIS-LUKS-REGEN(1)
  2. =====================
  3. :doctype: manpage
  4. == NAME
  5. clevis-luks-regen - Regenerates a clevis binding
  6. == SYNOPSIS
  7. *clevis luks regen* [-q] -d DEV -s SLT
  8. == OVERVIEW
  9. The *clevis luks regen* command regenerates the clevis binding for a given slot in a LUKS device, using the same configuration of the
  10. existing binding. Its operation can be compared to performing *clevis luks unbind* and *clevis luks bind* for rebinding said slot and device.
  11. This is useful when rotating tang keys.
  12. == OPTIONS
  13. * *-d* _DEV_ :
  14. The bound LUKS device
  15. * *-s* _SLT_ :
  16. The slot or key slot number for rebinding. Note that it requires that such slot is currently bound by clevis.
  17. * *-q*:
  18. Do not prompt for confirmation.
  19. == EXAMPLE
  20. Let's start by using clevis luks list to see the current binding configuration in /dev/sda1:
  21. # clevis luks list -d /dev/sda1
  22. 1: tang '{"url":"http://tang.server"}'
  23. 2: tpm2 '{"hash":"sha256","key":"ecc"}'
  24. We see that slot 1 in /dev/sda1 has a tang binding with the following configuration:
  25. '{"url":"http://tang.server"}'
  26. Now let's do the rebinding of slot 1:
  27. # clevis luks regen -d /dev/sda1 -s 1
  28. After a successful operation, we will have the new binding using the same configuration that was already in place.
  29. == SEE ALSO
  30. link:clevis-luks-list.1.adoc[*clevis-luks-list*(1)]
  31. link:clevis-luks-bind.1.adoc[*clevis-luks-bind*(1)]
  32. link:clevis-luks-unbind.1.adoc[*clevis-luks-unbind*(1)]