docs(tpm-disk-unlock): separate setup into steps

brckd · Dec 10, 2024 · 1e56404 · 1e56404
1 parent 4eada91
commit 1e56404
Showing 1 changed file with 19 additions and 5 deletions.
diff --git a/docs/src/content/docs/features/tpm-disk-unlock.mdx b/docs/src/content/docs/features/tpm-disk-unlock.mdx
@@ -12,9 +12,20 @@ import { Aside, Steps, Tabs, TabItem } from "@astrojs/starlight/components";
 ## Setup
 
 With secure boot in place, TPM can be used to automatically unlock encrypted
-partitions. After enabling this feature in the BIOS, setup your partitions. For
-each encrypted partition, setup disk unlock by replacing `<encrypted-partion>`
-with its identifier, e.g. `nvme0n1p1`, `sda1` or `disk/by-label/NIXOS`.
+partitions.
+
+<Steps>
+<ol>
+<li>
+
+Enable TPM in the BIOS.
+
+</li>
+<li>
+
+For each encrypted partition, setup disk unlock by replacing
+`<encrypted-partion>` with its identifier, e.g. `nvme0n1p1`, `sda1` or
+`disk/by-label/NIXOS`.
 
 <Tabs syncKey="nix-environment">
 <TabItem label="NixOS">
@@ -26,6 +37,10 @@ sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+7+12 /dev/<encrypted
 </TabItem>
 </Tabs>
 
+</li>
+</ol>
+</Steps>
+
 ## Troubleshooting
 
 ### Outdated TPM disk unlock
@@ -39,8 +54,7 @@ boot. The following steps might resolve this issue.
 <li>
 
 For each encrypted partition, remove disk unlock by replacing
-`<encrypted-partion>` with its identifier, e.g. `nvme0n1p1`, `sda1` or
-`disk/by-label/NIXOS`.
+`<encrypted-partion>` with its identifier.
 
 <Tabs syncKey="nix-environment">
 <TabItem label="NixOS">