All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH v2 4/5] doc: document SystemdEncrypt
@ 2022-02-02 18:47 James Prestwood
  0 siblings, 0 replies; only message in thread
From: James Prestwood @ 2022-02-02 18:47 UTC (permalink / raw)
  To: iwd

[-- Attachment #1: Type: text/plain, Size: 2096 bytes --]

---
 src/iwd.config.rst  | 16 ++++++++++++++++
 src/iwd.network.rst |  6 +++++-
 2 files changed, 21 insertions(+), 1 deletion(-)

diff --git a/src/iwd.config.rst b/src/iwd.config.rst
index 54943702..a3d19fe5 100644
--- a/src/iwd.config.rst
+++ b/src/iwd.config.rst
@@ -188,6 +188,22 @@ The group ``[General]`` contains general settings.
        by the kernel so if kernels/drivers exist which don't support OCV it can
        be disabled here.
 
+   * - SystemdEncrypt
+     - Value: Systemd key ID
+
+       Enables network profile encryption using a systemd provided secret key.
+       Once enabled all PSK/8021x network profiles will be encrypted
+       automatically. Once the profile is encrypted there is no way of going
+       back using IWD alone. A tool, decrypt-profile, is provided assuming the
+       secret is known which will decrypt a profile. This decrypted profile
+       could manually be set to /var/lib/iwd to 'undo' any profile encryption,
+       but its going to be a manual process.
+
+       Setting up systemd to provide the secret is left up to the user as IWD
+       has no way of performing this automatically. The systemd options required
+       are LoadCredentialEncrypted or SetCredentialEncrypted, and the secret
+       identifier should be named whatever SystemdEncrypt is set to.
+
 Network
 -------
 
diff --git a/src/iwd.network.rst b/src/iwd.network.rst
index e3d1a90a..34f8de1a 100644
--- a/src/iwd.network.rst
+++ b/src/iwd.network.rst
@@ -179,7 +179,11 @@ Network Authentication Settings
 -------------------------------
 
 The group ``[Security]`` contains settings for Wi-Fi security and
-authentication configuration.
+authentication configuration. This group can be encrypted by enabling
+``SystemdEncrypt``, see *iwd.config* for details on this option. If this section
+is encrypted (only contains EncryptedSalt/EncryptedSecurity) it should not be
+modified. Modifying these values will result in the inability to connect to that
+network.
 
 .. list-table::
    :header-rows: 0
-- 
2.31.1

^ permalink raw reply related	[flat|nested] only message in thread
only message in thread, other threads:[~2022-02-02 18:47 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2022-02-02 18:47 [PATCH v2 4/5] doc: document SystemdEncrypt James Prestwood

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.