Hi, in contrast to this post I like the Idea of requiring an elevated mode for making changes to the configuration in general and the current feature of setting the slot only in config mode is a good step in this direction.
However I found that I still could wipe the slot after I put the onlykey in sysadmin mode.
I have to switch to config mode to set the slot, but not to wipe it.
It would be great if you could fix this. should I open an issue in github for that?
i understand your reasoning, but In my opinion it’s half baked.
I don’t think anyone would expect it to work like that from what’s given by the documentation.
Also based on the scenario you described the system admin would be very happy when he/she returns to the computer finding the login-phrase has been deleted.