'\" t
.\"     Title: clevis-luks-regen
.\"    Author: [see the "AUTHOR(S)" section]
.\" Generator: Asciidoctor 2.0.12
.\"    Manual: \ \&
.\"    Source: \ \&
.\"  Language: English
.\"
.TH "CLEVIS\-LUKS\-REGEN" "1" "" "\ \&" "\ \&"
.ie \n(.g .ds Aq \(aq
.el       .ds Aq '
.ss \n[.ss] 0
.nh
.ad l
.de URL
\fI\\$2\fP <\\$1>\\$3
..
.als MTO URL
.if \n[.g] \{\
.  mso www.tmac
.  am URL
.    ad l
.  .
.  am MTO
.    ad l
.  .
.  LINKSTYLE blue R < >
.\}
.SH "NAME"
clevis\-luks\-regen \- Regenerates a clevis binding
.SH "SYNOPSIS"
.sp
\fBclevis luks regen\fP [\-q] \-d DEV \-s SLT
.SH "OVERVIEW"
.sp
The \fBclevis luks regen\fP command regenerates the clevis binding for a given slot in a LUKS device, using the same configuration of the
existing binding. Its operation can be compared to performing \fBclevis luks unbind\fP and \fBclevis luks bind\fP for rebinding said slot and device.
This is useful when rotating tang keys.
.SH "OPTIONS"
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fB\-d\fP \fIDEV\fP :
The bound LUKS device
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fB\-s\fP \fISLT\fP :
The slot or key slot number for rebinding. Note that it requires that such slot is currently bound by clevis.
.RE
.sp
.RS 4
.ie n \{\
\h'-04'\(bu\h'+03'\c
.\}
.el \{\
.  sp -1
.  IP \(bu 2.3
.\}
\fB\-q\fP:
Do not prompt for confirmation.
.RE
.SH "EXAMPLE"
.sp
.if n .RS 4
.nf
.fam C
Let\(aqs start by using clevis luks list to see the current binding configuration in /dev/sda1:
.fam
.fi
.if n .RE
.sp
.if n .RS 4
.nf
.fam C
# clevis luks list \-d /dev/sda1
1: tang \(aq{"url":"http://tang.server"}\(aq
2: tpm2 \(aq{"hash":"sha256","key":"ecc"}\(aq
.fam
.fi
.if n .RE
.sp
.if n .RS 4
.nf
.fam C
We see that slot 1 in /dev/sda1 has a tang binding with the following configuration:
\(aq{"url":"http://tang.server"}\(aq
.fam
.fi
.if n .RE
.sp
.if n .RS 4
.nf
.fam C
Now let\(aqs do the rebinding of slot 1:
# clevis luks regen \-d /dev/sda1 \-s 1
.fam
.fi
.if n .RE
.sp
.if n .RS 4
.nf
.fam C
After a successful operation, we will have the new binding using the same configuration that was already in place.
.fam
.fi
.if n .RE
.SH "SEE ALSO"
.sp
\c
.URL "clevis\-luks\-list.1.adoc" "\fBclevis\-luks\-list\fP(1)"
\c
.URL "clevis\-luks\-bind.1.adoc" "\fBclevis\-luks\-bind\fP(1)"
.URL "clevis\-luks\-unbind.1.adoc" "\fBclevis\-luks\-unbind\fP(1)" ""