internet/community.crypto
3
0
Fork 0
mirror of https://github.com/ansible-collections/community.crypto.git synced 2026-03-26 21:33:25 +00:00
Code Issues Packages Projects Releases Wiki Activity

deploy: 663d1a1321

Browse Source
This commit is contained in:
kaysond
2025-12-11 04:10:50 +00:00
parent dc58a41044
commit c3e6649c49
1 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

28
pr/972/luks_device_module.html
View File

@@ -211,7 +211,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-lu
<li><p>wipefs (when <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-state"><span class="std std-ref"><span class="pre">state</span></span></a></strong></code> is <code class="ansible-value docutils literal notranslate"><span class="pre">absent</span></code>)</p></li>
<li><p>lsblk</p></li>
<li><p>blkid (when <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-label"><span class="std std-ref"><span class="pre">label</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-uuid"><span class="std std-ref"><span class="pre">uuid</span></span></a></strong></code> options are used)</p></li>
<li><p>systemd-cryptsetup (for tpm2 and fido2 only)</p></li>
<li><p>systemd-cryptsetup (for TPM2 and FIDO2 only)</p></li>
</ul>
</section>
<section id="parameters">
@@ -262,7 +262,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-lu
<td><div class="ansible-option-cell"><p>Used to unlock the container, but can not be used for container creation. A hidraw device referring to the FIDO2 device (for example <code class="ansible-value docutils literal notranslate"><span class="pre">/dev/hidraw1</span></code>). Alternatively the special value <code class="ansible-value docutils literal notranslate"><span class="pre">auto</span></code> may be specified, in order to automatically determine the device node of a currently currently plugged in security token (of which there must be exactly one).</p>
<p><strong>Note</strong> that only LUKS2 containers are supported</p>
<p><strong>Note</strong> that systemd-cryptsetup (v253 or newer) is required.</p>
<p><strong>Note</strong> that user presence confirmation (e.g. touching the security token) may be required.</p>
<p><strong>Note</strong> that user presence confirmation (for example touching the security token) may be required.</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
@@ -334,11 +334,11 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-lu
<a class="ansibleOptionLink" href="#parameter-new_fido2" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 3.1.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Adds a FIDO2 security token that implements the “hmac-secret” extension (e.g. a YubiKey) to given container on <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code>. Expects a hidraw device referring to the FIDO2 device (e.g. <code class="ansible-value docutils literal notranslate"><span class="pre">/dev/hidraw1</span></code>). Alternatively the special value <code class="ansible-value docutils literal notranslate"><span class="pre">auto</span></code> may be specified, in order to automatically determine the device node of a currently plugged in security token (of which there must be exactly one).</p>
<p><strong>Note</strong> that <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-new-keyslot"><span class="std std-ref"><span class="pre">new_keyslot</span></span></a></strong></code> does not affect the keyslot for fido2 enrollment.</p>
<td><div class="ansible-option-cell"><p>Adds a FIDO2 security token that implements the <code class="docutils literal notranslate"><span class="pre">hmac-secret</span></code> extension (for example a YubiKey) to given container on <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code>. Expects a hidraw device referring to the FIDO2 device (e.g. <code class="ansible-value docutils literal notranslate"><span class="pre">/dev/hidraw1</span></code>). Alternatively the special value <code class="ansible-value docutils literal notranslate"><span class="pre">auto</span></code> may be specified, in order to automatically determine the device node of a currently plugged in security token (of which there must be exactly one).</p>
<p><strong>Note</strong> that <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-new-keyslot"><span class="std std-ref"><span class="pre">new_keyslot</span></span></a></strong></code> does not affect the keyslot for FIDO2 enrollment.</p>
<p><strong>Note</strong> that systemd-cryptsetup (v248 or newer) is required.</p>
<p><strong>Note</strong> that user presence confirmation (e.g. touching the security token) may be required.</p>
<p><strong>Note</strong> that the enrollment operation is NOT idempotent (because systemd-cryptenroll does not support idempotency).</p>
<p><strong>Note</strong> that user presence confirmation (for example touching the security token) may be required.</p>
<p><strong>Note</strong> that the enrollment operation is <strong>NOT idempotent</strong> (because systemd-cryptenroll does not support idempotency).</p>
</div></td>
</tr>
<tr class="row-even"><td><div class="ansible-option-cell">
@@ -375,7 +375,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-lu
<p><em class="ansible-option-versionadded">added in community.crypto 3.1.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Adds a TPM2 security chip to given container on <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code>. Expects a device node path referring to the TPM2 chip (e.g. <code class="ansible-value docutils literal notranslate"><span class="pre">/dev/tpmrm0</span></code>). Alternatively the special value <code class="ansible-value docutils literal notranslate"><span class="pre">auto</span></code> may be specified, in order to automatically determine the device node of a currently discovered TPM2 device (of which there must be exactly one). Requires <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-new-tpm2-pcrs"><span class="std std-ref"><span class="pre">new_tpm2_pcrs</span></span></a></strong></code>.</p>
<p><strong>Note</strong> that <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-new-keyslot"><span class="std std-ref"><span class="pre">new_keyslot</span></span></a></strong></code> does not affect the keyslot for tpm2 enrollment.</p>
<p><strong>Note</strong> that <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-new-keyslot"><span class="std std-ref"><span class="pre">new_keyslot</span></span></a></strong></code> does not affect the keyslot for TPM2 enrollment.</p>
<p><strong>Note</strong> that only LUKS2 containers are supported.</p>
<p><strong>Note</strong> that systemd-cryptsetup (v248 or newer) is required.</p>
</div></td>
@@ -385,7 +385,7 @@ see <a class="reference internal" href="#ansible-collections-community-crypto-lu
<a class="ansibleOptionLink" href="#parameter-new_tpm2_pcrs" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">string</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 3.1.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>TPM2 PCRs (Platform Configuration Registers) to bind to. See systemd-cryptenroll documentation for details (--tpm2-pcrs argument).</p>
<td><div class="ansible-option-cell"><p>TPM2 PCRs (Platform Configuration Registers) to bind to. See systemd-cryptenroll documentation for details (<code class="docutils literal notranslate"><span class="pre">--tpm2-pcrs</span></code> argument).</p>
</div></td>
</tr>
<tr class="row-odd"><td><div class="ansible-option-cell">
@@ -549,7 +549,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
<a class="ansibleOptionLink" href="#parameter-remove_fido2" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 3.1.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Removes <strong>all</strong> key slots on <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> that are unlocked by a fido2 device. Needs <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-tpm2-device"><span class="std std-ref"><span class="pre">tpm2_device</span></span></a></strong></code>, or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-fido2-device"><span class="std std-ref"><span class="pre">fido2_device</span></span></a></strong></code> for authorization.</p>
<td><div class="ansible-option-cell"><p>Removes <strong>all</strong> key slots on <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> that are unlocked by a FIDO2 device. Needs <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-tpm2-device"><span class="std std-ref"><span class="pre">tpm2_device</span></span></a></strong></code>, or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-fido2-device"><span class="std std-ref"><span class="pre">fido2_device</span></span></a></strong></code> for authorization.</p>
<p><strong>Note</strong> that systemd-cryptsetup (v248 or newer) is required.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
@@ -594,7 +594,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
<a class="ansibleOptionLink" href="#parameter-remove_tpm2" title="Permalink to this option"></a><p class="ansible-option-type-line"><span class="ansible-option-type">boolean</span></p>
<p><em class="ansible-option-versionadded">added in community.crypto 3.1.0</em></p>
</div></td>
<td><div class="ansible-option-cell"><p>Removes <strong>all</strong> key slots on <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> that are unlocked by a tpm2 device. Needs <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-tpm2-device"><span class="std std-ref"><span class="pre">tpm2_device</span></span></a></strong></code>, or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-fido2-device"><span class="std std-ref"><span class="pre">fido2_device</span></span></a></strong></code> for authorization.</p>
<td><div class="ansible-option-cell"><p>Removes <strong>all</strong> key slots on <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> that are unlocked by a TPM2 device. Needs <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-tpm2-device"><span class="std std-ref"><span class="pre">tpm2_device</span></span></a></strong></code>, or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-fido2-device"><span class="std std-ref"><span class="pre">fido2_device</span></span></a></strong></code> for authorization.</p>
<p><strong>Note</strong> that systemd-cryptsetup (v248 or newer) is required.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
@@ -619,7 +619,7 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
<td><div class="ansible-option-cell"><p>Desired state of the LUKS container. Based on its value creates, destroys, opens or closes the LUKS container on a given device.</p>
<p><code class="ansible-value docutils literal notranslate"><span class="pre">present</span></code> will create LUKS container unless already present. Requires <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> and either <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code> options to be provided.</p>
<p><code class="ansible-value docutils literal notranslate"><span class="pre">absent</span></code> will remove existing LUKS container if it exists. Requires <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-name"><span class="std std-ref"><span class="pre">name</span></span></a></strong></code> to be specified.</p>
<p><code class="ansible-value docutils literal notranslate"><span class="pre">opened</span></code> will unlock the LUKS container. Requires <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> and <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-tpm2-device"><span class="std std-ref"><span class="pre">tpm2_device</span></span></a></strong></code>, or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-fido2-device"><span class="std std-ref"><span class="pre">fido2_device</span></span></a></strong></code> to be specified. If the container does not exist it will be created first, however <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-tpm2-device"><span class="std std-ref"><span class="pre">tpm2_device</span></span></a></strong></code> and <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-fido2-device"><span class="std std-ref"><span class="pre">fido2_device</span></span></a></strong></code> can not be used for creation. Use the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-name"><span class="std std-ref"><span class="pre">name</span></span></a></strong></code> option to set the name of the opened container. Otherwise the name will be generated automatically and returned as a part of the result.</p>
<p><code class="ansible-value docutils literal notranslate"><span class="pre">opened</span></code> will unlock the LUKS container. Requires <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> and one of <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code>, <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-tpm2-device"><span class="std std-ref"><span class="pre">tpm2_device</span></span></a></strong></code>, or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-fido2-device"><span class="std std-ref"><span class="pre">fido2_device</span></span></a></strong></code> to be specified. If the container does not exist it will be created first, however <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-tpm2-device"><span class="std std-ref"><span class="pre">tpm2_device</span></span></a></strong></code> and <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-fido2-device"><span class="std std-ref"><span class="pre">fido2_device</span></span></a></strong></code> can not be used for creation. Use the <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-name"><span class="std std-ref"><span class="pre">name</span></span></a></strong></code> option to set the name of the opened container. Otherwise the name will be generated automatically and returned as a part of the result.</p>
<p><code class="ansible-value docutils literal notranslate"><span class="pre">closed</span></code> will lock the LUKS container. However if the container does not exist it will be created. Requires <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> and either <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-keyfile"><span class="std std-ref"><span class="pre">keyfile</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-passphrase"><span class="std std-ref"><span class="pre">passphrase</span></span></a></strong></code> options to be provided. If container does already exist <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-device"><span class="std std-ref"><span class="pre">device</span></span></a></strong></code> or <code class="ansible-option docutils literal notranslate"><strong><a class="reference internal" href="#ansible-collections-community-crypto-luks-device-module-parameter-name"><span class="std std-ref"><span class="pre">name</span></span></a></strong></code> will suffice.</p>
<p class="ansible-option-line"><strong class="ansible-option-choices">Choices:</strong></p>
<ul class="simple">
@@ -824,18 +824,18 @@ The passphrase is provided as UTF-8 encoded text.</p></li>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="w"> </span><span class="nt">remove_keyslot</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">4</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Enroll a tpm2 device using a keyfile to unlock the container</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Enroll a TPM2 device using a keyfile to unlock the container</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">keyfile</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;/vault/keyfile&quot;</span>
<span class="w"> </span><span class="nt">new_tpm2</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;auto&quot;</span>
<span class="w"> </span><span class="nt">new_tpm2_pcrs</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;1+3+5+7+11+12+14&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Enroll a fido2 device using a tpm2 device to unlock the container</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Enroll a fido2 device using a TPM2 device to unlock the container</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">tpm2_device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;auto&quot;</span>
<span class="w"> </span><span class="nt">new_fido2</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;auto&quot;</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Remove all enrolled tpm2 devices</span>
<span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Remove all enrolled TPM2 devices</span>
<span class="w"> </span><span class="nt">community.crypto.luks_device</span><span class="p">:</span>
<span class="w"> </span><span class="nt">tpm2_device</span><span class="p">:</span><span class="w"> </span><span class="s">&quot;auto&quot;</span>
<span class="w"> </span><span class="nt">remove_tpm2</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">true</span>