From f45d5007227a8a163066d6cdbbbcdd0b1ba1d254 Mon Sep 17 00:00:00 2001
From: Emil Senan <1826511+emilsenan@users.noreply.github.com>
Date: Wed, 25 Dec 2024 19:55:15 +0100
Subject: [PATCH] the value for tpm2-pin switch should be either yes or no

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8c97e13..8abac41 100644
--- a/README.md
+++ b/README.md
@@ -588,7 +588,7 @@ We'll now enroll our system firmware and secure boot state.
 This would allow our TPM to unlock our encrypted drive, as long as the state hasn't changed.
 
 ```
-$ sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --tpm2-public-key /etc/kernel/pcr-initrd.pub.pem --tpm2-with-pin=BOOL /dev/nvme0n1p2
+$ sudo systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+7 --tpm2-public-key /etc/kernel/pcr-initrd.pub.pem --tpm2-with-pin=yes /dev/nvme0n1p2
 ```
 **Warning**: It is recommended to use a pin to unlock the TPM, instead of allowing it to unlock automatically, for more security.