1CLEVIS-LUKS-REGEN(1)                                      CLEVIS-LUKS-REGEN(1)
2
3
4

NAME

6       clevis-luks-regen - Regenerates a clevis binding
7

SYNOPSIS

9       clevis luks regen [-q] -d DEV -s SLT
10

OVERVIEW

12       The clevis luks regen command regenerates the clevis binding for a
13       given slot in a LUKS device, using the same configuration of the
14       existing binding. Its operation can be compared to performing clevis
15       luks unbind and clevis luks bind for rebinding said slot and device.
16       This is useful when rotating tang keys.
17

OPTIONS

19-d DEV : The bound LUKS device
20
21-s SLT : The slot or key slot number for rebinding. Note that it
22           requires that such slot is currently bound by clevis.
23
24-q: Do not prompt for confirmation.
25

EXAMPLE

27           Let's start by using clevis luks list to see the current binding configuration in /dev/sda1:
28
29           # clevis luks list -d /dev/sda1
30           1: tang '{"url":"http://tang.server"}'
31           2: tpm2 '{"hash":"sha256","key":"ecc"}'
32
33           We see that slot 1 in /dev/sda1 has a tang binding with the following configuration:
34           '{"url":"http://tang.server"}'
35
36           Now let's do the rebinding of slot 1:
37           # clevis luks regen -d /dev/sda1 -s 1
38
39           After a successful operation, we will have the new binding using the same configuration that was already in place.
40

SEE ALSO

42       clevis-luks-list(1) clevis-luks-bind(1) clevis-luks-unbind(1)
43
44
45
46                                  07/19/2023              CLEVIS-LUKS-REGEN(1)
Impressum