1CLEVIS-LUKS-LIST(1)                                        CLEVIS-LUKS-LIST(1)
2
3
4

NAME

6       clevis-luks-list - Lists pins bound to a LUKS device
7

SYNOPSIS

9       clevis luks list -d DEV [-s SLT]
10

OVERVIEW

12       The clevis luks list command list the pins bound to LUKS device. For
13       example:
14
15           clevis luks list -d /dev/sda1
16

OPTIONS

18-d DEV : The LUKS device on which to list bound pins
19
20-s SLT : The slot to use for listing the pin from
21

EXAMPLES

23           clevis luks list -d /dev/sda1
24           1: sss '{"t":1,"pins":{"tang":[{"url":"addr1"},{"url":"addr2"}],"tpm2":[{"hash":"sha256","key":"ecc"}],"sss":{"t":1,"pins":{"tang":[{"url":"addr3"}]}}}}'
25           2: tang '{"url":"addr"}'
26           3: tpm2 '{"hash":"sha256","key":"ecc","pcr_bank":"sha1","pcr_ids":"7"}'
27
28       As we can see in the example above, /dev/sda1 has three slots bound
29       each with a different pin.
30
31       •   Slot #1 is bound with the sss pin, and uses also tang and tpm2 pins
32           in its policy.
33
34       •   Slot #2 is bound using the tang pin
35
36       •   Slot #3 is bound with the tpm2 pin
37
38       Note that the output of clevis luks list can be used with the clevis
39       luks bind command, such as:
40
41           clevis luks bind -d /dev/sda1 tpm2 '{"hash":"sha256","key":"ecc","pcr_bank":"sha1","pcr_ids":"7"}'
42
43       And we will bind another slot with a policy similar to the one we have
44       in slot #3. Also note that if you are interested in a particular slot,
45       you can pass the -s SLT argument to clevis luks list:
46
47           clevis luks list -d /dev/sda1 -s 2
48           2: tang '{"url":"addr"}'
49
50       In the above example, we listed only the pin bound to slot #2.
51

SEE ALSO

53       clevis-luks-bind(1), clevis-encrypt-tang(1), clevis-encrypt-tpm2(1),
54       clevis-encrypt-sss(1),
55
56
57
58                                  07/08/2022               CLEVIS-LUKS-LIST(1)
Impressum