ZFS-TPM1X-LOAD-KEY(8) System Manager's Manual ZFS-TPM1X-LOAD-KEY(8)

zfs-tpm1x-load-keyload TPM1.X-encrypted ZFS dataset key

zfs-tpm1x-load-key [-n] dataset

After verifying dataset was encrypted with tzpfms backend will unseal the key and load it into dataset.

The user is first prompted for the SRK passphrase, set when taking ownership, if not "well-known" (all zeroes); then for the additional passphrase, set when creating the key, if one was set.

See zfs-tpm1x-change-key(8) for a detailed description.

Do a no-op/dry run, can be used even if the key is already loaded. Equivalent to zfs load-key's -n option.

If set and nonempty, will be run via /bin/sh -c to provide a passphrase, instead of reading from the standard input stream.

The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any. The arguments are:

Pre-formatted noun phrase with all the information below, like "Passphrase for tarta-zoot" or "New passphrase for tarta-zoot (again)"
Either the dataset name or the element of the TPM hierarchy
"new" if this is for a new passphrase
"again" if it's the second prompt for that passphrase

If the helper doesn't exist (the shell exits with ), a diagnostic is issued and the normal prompt is used as fall-back. If it fails for any other reason, the prompting is aborted.

The tzpfms suite connects to a local tcsd(8) process (at localhost:30003) by default. Use the environment variable TZPFMS_TPM1X to specify a remote TCS hostname.

The TrouSerS tcsd(8) daemon will try /dev/tpm0, then /udev/tpm0, then /dev/tpm; by occupying one of the earlier ones with, for example, shell redirection, a later one can be selected.

The TrouSerS project page at https://sourceforge.net/projects/trousers.

The TPM 1.2 main specification index at https://trustedcomputinggroup.org/resource/tpm-main-specification.

To all who support further development, in particular:

https://todo.sr.ht/~nabijaczleweli/tzpfms

~nabijaczleweli/tzpfms@lists.sr.ht, archived at https://lists.sr.ht/~nabijaczleweli/tzpfms.

https://git.sr.ht/~nabijaczleweli/tzpfms

November 20, 2021 tzpfms 0.1-18