diff --git a/content/posts/linux/Desktop-Linux-Hardening.md b/content/posts/linux/Desktop-Linux-Hardening.md
index 258eacd..900d722 100644
--- a/content/posts/linux/Desktop-Linux-Hardening.md
+++ b/content/posts/linux/Desktop-Linux-Hardening.md
@@ -45,7 +45,7 @@ Check your encrypted volumes :
 
 Then, you can finally enroll your encrypted volumes :
 ```
-# systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 /dev/sdX
+# systemd-cryptenroll --tpm2-device=auto --tpm2-pcrs=0+2+4+7 /dev/sdX --tpm2-with-pin=yes
 ```
 
 Replace sdX with the right volume.
@@ -72,6 +72,8 @@ SLOT TYPE
    2 recovery
 ```
 
+When booting, it will ask you the password for LUKS, then the TPM2 PIN.
+
 Note that with secure boot enabled, you should manually sign your NVidia drivers with [akmod](https://github.com/larsks/akmod-sign-modules).
 
 ### Encrypted Swap