mirror of
https://gitlab.com/cryptsetup/cryptsetup.git
synced 2026-01-06 07:25:29 +01:00
98cd52c8d7
Currently, token import and token add actions will fail if you use the --token-id option to specify a token ID that is already in use, but there are scenarios where you might genuinely want to replace an existing token in a single atomic operation. A use case for this might be for a keyslot that is protected by a TPM, where you store the TPM sealed key and associated metadata as a token and you want to update the PCR policy associated with the sealed object or make other changes to it. Currently this requires importing a new token and then removing the old token. Instead, add a --token-replace option to allow token import and token add to replace an existing token if you try to add or import one with an ID that is already in use.