mirror of
https://git.kernel.org/pub/scm/network/wireless/iwd.git
synced 2024-12-22 21:22:37 +01:00
doc: document SystemdEncrypt
This commit is contained in:
parent
e8e9c68dea
commit
1157e0a184
@ -188,6 +188,22 @@ The group ``[General]`` contains general settings.
|
|||||||
by the kernel so if kernels/drivers exist which don't support OCV it can
|
by the kernel so if kernels/drivers exist which don't support OCV it can
|
||||||
be disabled here.
|
be disabled here.
|
||||||
|
|
||||||
|
* - SystemdEncrypt
|
||||||
|
- Value: Systemd key ID
|
||||||
|
|
||||||
|
Enables network profile encryption using a systemd provided secret key.
|
||||||
|
Once enabled all PSK/8021x network profiles will be encrypted
|
||||||
|
automatically. Once the profile is encrypted there is no way of going
|
||||||
|
back using IWD alone. A tool, **iwd-decrypt-profile**, is provided
|
||||||
|
assuming the secret is known which will decrypt a profile. This
|
||||||
|
decrypted profile could manually be set to /var/lib/iwd to 'undo' any
|
||||||
|
profile encryption, but its going to be a manual process.
|
||||||
|
|
||||||
|
Setting up systemd to provide the secret is left up to the user as IWD
|
||||||
|
has no way of performing this automatically. The systemd options
|
||||||
|
required are LoadCredentialEncrypted or SetCredentialEncrypted, and the
|
||||||
|
secret identifier should be named whatever SystemdEncrypt is set to.
|
||||||
|
|
||||||
Network
|
Network
|
||||||
-------
|
-------
|
||||||
|
|
||||||
|
@ -179,7 +179,11 @@ Network Authentication Settings
|
|||||||
-------------------------------
|
-------------------------------
|
||||||
|
|
||||||
The group ``[Security]`` contains settings for Wi-Fi security and
|
The group ``[Security]`` contains settings for Wi-Fi security and
|
||||||
authentication configuration.
|
authentication configuration. This group can be encrypted by enabling
|
||||||
|
``SystemdEncrypt``, see *iwd.config* for details on this option. If this
|
||||||
|
section is encrypted (only contains EncryptedSalt/EncryptedSecurity) it should
|
||||||
|
not be modified. Modifying these values will result in the inability to
|
||||||
|
connect to that network.
|
||||||
|
|
||||||
.. list-table::
|
.. list-table::
|
||||||
:header-rows: 0
|
:header-rows: 0
|
||||||
|
Loading…
Reference in New Issue
Block a user