diff --git a/tzpfms.pdf b/tzpfms.pdf new file mode 100644 index 0000000..e027e84 Binary files /dev/null and b/tzpfms.pdf differ diff --git a/tzpfms.ps b/tzpfms.ps new file mode 100644 index 0000000..1128d2c --- /dev/null +++ b/tzpfms.ps @@ -0,0 +1,803 @@ +%!PS-Adobe-3.0 +%%Creator: groff version 1.22.4 +%%CreationDate: Fri Oct 15 21:38:47 2021 +%%DocumentNeededResources: font Times-Roman +%%+ font Times-Bold +%%+ font Courier-Bold +%%+ font Courier-Oblique +%%+ font Courier +%%+ font Symbol +%%+ font Times-Italic +%%DocumentSuppliedResources: procset grops 1.22 4 +%%Pages: 10 +%%PageOrder: Ascend +%%DocumentMedia: Default 595 842 0 () () +%%Orientation: Portrait +%%EndComments +%%BeginDefaults +%%PageMedia: Default +%%EndDefaults +%%BeginProlog +%%BeginResource: procset grops 1.22 4 +%!PS-Adobe-3.0 Resource-ProcSet +/setpacking where{ +pop +currentpacking +true setpacking +}if +/grops 120 dict dup begin +/SC 32 def +/A/show load def +/B{0 SC 3 -1 roll widthshow}bind def +/C{0 exch ashow}bind def +/D{0 exch 0 SC 5 2 roll awidthshow}bind def +/E{0 rmoveto show}bind def +/F{0 rmoveto 0 SC 3 -1 roll widthshow}bind def +/G{0 rmoveto 0 exch ashow}bind def +/H{0 rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def +/I{0 exch rmoveto show}bind def +/J{0 exch rmoveto 0 SC 3 -1 roll widthshow}bind def +/K{0 exch rmoveto 0 exch ashow}bind def +/L{0 exch rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def +/M{rmoveto show}bind def +/N{rmoveto 0 SC 3 -1 roll widthshow}bind def +/O{rmoveto 0 exch ashow}bind def +/P{rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def +/Q{moveto show}bind def +/R{moveto 0 SC 3 -1 roll widthshow}bind def +/S{moveto 0 exch ashow}bind def +/T{moveto 0 exch 0 SC 5 2 roll awidthshow}bind def +/SF{ +findfont exch +[exch dup 0 exch 0 exch neg 0 0]makefont +dup setfont +[exch/setfont cvx]cvx bind def +}bind def +/MF{ +findfont +[5 2 roll +0 3 1 roll +neg 0 0]makefont +dup setfont +[exch/setfont cvx]cvx bind def +}bind def +/level0 0 def +/RES 0 def +/PL 0 def +/LS 0 def +/MANUAL{ +statusdict begin/manualfeed true store end +}bind def +/PLG{ +gsave newpath clippath pathbbox grestore +exch pop add exch pop +}bind def +/BP{ +/level0 save def +1 setlinecap +1 setlinejoin +DEFS/BPhook known{DEFS begin BPhook end}if +72 RES div dup scale +LS{ +90 rotate +}{ +0 PL translate +}ifelse +1 -1 scale +}bind def +/EP{ +level0 restore +showpage +}def +/DA{ +newpath arcn stroke +}bind def +/SN{ +transform +.25 sub exch .25 sub exch +round .25 add exch round .25 add exch +itransform +}bind def +/DL{ +SN +moveto +SN +lineto stroke +}bind def +/DC{ +newpath 0 360 arc closepath +}bind def +/TM matrix def +/DE{ +TM currentmatrix pop +translate scale newpath 0 0 .5 0 360 arc closepath +TM setmatrix +}bind def +/RC/rcurveto load def +/RL/rlineto load def +/ST/stroke load def +/MT/moveto load def +/CL/closepath load def +/Fr{ +setrgbcolor fill +}bind def +/setcmykcolor where{ +pop +/Fk{ +setcmykcolor fill +}bind def +}if +/Fg{ +setgray fill +}bind def +/FL/fill load def +/LW/setlinewidth load def +/Cr/setrgbcolor load def +/setcmykcolor where{ +pop +/Ck/setcmykcolor load def +}if +/Cg/setgray load def +/RE{ +findfont +dup maxlength 1 index/FontName known not{1 add}if dict begin +{ +1 index/FID ne +2 index/UniqueID ne +and +{def}{pop pop}ifelse +}forall +/Encoding exch def +dup/FontName exch def +currentdict end definefont pop +}bind def +/DEFS 0 def +/EBEGIN{ +moveto +DEFS begin +}bind def +/EEND/end load def +/CNT 0 def +/level1 0 def +/PBEGIN{ +/level1 save def +translate +div 3 1 roll div exch scale +neg exch neg exch translate +0 setgray +0 setlinecap +1 setlinewidth +0 setlinejoin +10 setmiterlimit +[]0 setdash +/setstrokeadjust where{ +pop +false setstrokeadjust +}if +/setoverprint where{ +pop +false setoverprint +}if +newpath +/CNT countdictstack def +userdict begin +/showpage{}def +/setpagedevice{}def +mark +}bind def +/PEND{ +cleartomark +countdictstack CNT sub{end}repeat +level1 restore +}bind def +end def +/setpacking where{ +pop +setpacking +}if +%%EndResource +%%EndProlog +%%BeginSetup +%%BeginFeature: *PageSize Default +<< /PageSize [ 595 842 ] /ImagingBBox null >> setpagedevice +%%EndFeature +%%IncludeResource: font Times-Roman +%%IncludeResource: font Times-Bold +%%IncludeResource: font Courier-Bold +%%IncludeResource: font Courier-Oblique +%%IncludeResource: font Courier +%%IncludeResource: font Symbol +%%IncludeResource: font Times-Italic +grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72 +def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron +/Zcaron/scaron/zcaron/Ydieresis/trademark/quotesingle/Euro/.notdef +/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef +/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef +/.notdef/.notdef/.notdef/space/exclam/quotedbl/numbersign/dollar/percent +/ampersand/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen +/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon +/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O +/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/circumflex +/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y +/z/braceleft/bar/braceright/tilde/.notdef/quotesinglbase/guillemotleft +/guillemotright/bullet/florin/fraction/perthousand/dagger/daggerdbl +/endash/emdash/ff/fi/fl/ffi/ffl/dotlessi/dotlessj/grave/hungarumlaut +/dotaccent/breve/caron/ring/ogonek/quotedblleft/quotedblright/oe/lslash +/quotedblbase/OE/Lslash/.notdef/exclamdown/cent/sterling/currency/yen +/brokenbar/section/dieresis/copyright/ordfeminine/guilsinglleft +/logicalnot/minus/registered/macron/degree/plusminus/twosuperior +/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior +/ordmasculine/guilsinglright/onequarter/onehalf/threequarters +/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE +/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex +/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis +/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn +/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla +/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis +/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash +/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]def +/Times-Italic@0 ENC0/Times-Italic RE/Courier@0 ENC0/Courier RE +/Courier-Oblique@0 ENC0/Courier-Oblique RE/Courier-Bold@0 ENC0 +/Courier-Bold RE/Times-Bold@0 ENC0/Times-Bold RE/Times-Roman@0 ENC0 +/Times-Roman RE +%%EndSetup +%%Page: 1 1 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF -.834(ZFS-TPM-LIST \(8\))72 48 R +(System Manager')102.759 E 2.5(sM)-.55 G 97.759(anual ZFS-TPM-LIST)-2.5 +F(\(8\))1.666 E/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E/F2 10 +/Courier-Bold@0 SF(zfs-tpm-list)102 108 Q F0 2.5<8a70>2.5 G +(rint dataset tzpfms metadata)-2.5 E F1(SYNOPSIS)72 132 Q F2 +(zfs-tpm-list)102 144 Q F0([)3.333 E F22.499 E F0 3.333(][).833 G +F2-.834 E F0(|)A F21.666 E/F3 10/Courier-Oblique@0 SF(depth) +6 E F0 3.333(][).833 G F2-.834 E F0(|)A F21.666 E F3 +(back-end)6 E F0 3.333(][).833 G F2-.834 E F0(|)A F21.666 E +F0 2.5(][).833 G F3(filesystem)-2.5 E F0(|)A F3(volume)A F0 1.666(]...)C +F1(DESCRIPTION)72 168 Q F0(Lists the follo)102 180 Q +(wing properties on encryption roots:)-.25 E/F4 10/Courier@0 SF(name)132 +192 Q(back-end)132 204 Q F0(the)191 204 Q F2(tzpfms)4.153 E F0 3.318 +(back-end \()4.153 F(e.g.)1.666 E F1(TPM2)4.152 E F0(for)4.152 E F4 +(zfs-tpm2-change-key)4.152 E F0 1.652(\(8\) or)B F1(TPM1.X)4.152 E F0 +(for)191 216 Q F4(zfs-tpm1x-change-key)2.5 E F0 -.834(\(8\) \) ,)B(or ") +2.5 E F1(-)A F0 2.5("i)C 2.5(fn)-2.5 G(one is con\214gured)-2.5 E F4 +(keystatus)132 228 Q F1 -2.1 -.25(av a)191 228 T(ilable).25 E F0(or)2.5 +E F1(una)2.5 E -.1(va)-.25 G(ilable).1 E F4(coherent)132 240 Q F1 -.1 +(ye)191 240 S(s).1 E F0 12.834(if either both)15.334 F F4 +(xyz.nabijaczleweli:tzpfms.backend)15.334 E F0(and)15.334 E F4 +(xyz.nabijaczleweli:tzpfms.key)191 252 Q F0(are present or missing,)2.5 +E F1(no)2.5 E F0(otherwise)2.5 E 11.268(Incoherent datasets require imm\ +ediate operator attention, with either the appropriate)102 270 R F2 +(zfs-tpm)102 282 Q/F5 10/Symbol SF(*)A F2(-clear-key)A F0 .462 +(program or)2.962 F F2 .462(zfs change-key)2.962 F F0(and)2.962 E F2 +.462(zfs inherit)2.962 F F0 2.962<8a69>2.962 G 2.963(ft)-2.962 G .463 +(he k)-2.963 F .763 -.15(ey b)-.1 H .463(ecomes un-).15 F 1.642 +(loaded, the)102 294 R 4.142(yw)-.15 G 1.642 +(ill require restoration from back-up.)-4.142 F(Ho)6.642 E(we)-.25 E +-.15(ve)-.25 G 2.441 -.4(r, t).15 H(he).4 E 4.141(ys)-.15 G 1.641 +(hould ne)-4.141 F -.15(ve)-.25 G 4.141(ro).15 G(ccur)-4.141 E 4.141(,u) +-.4 G 1.641(nless something)-4.141 F +(went terribly wrong with the dataset properties.)102 306 Q .468 +(If no datasets are speci\214ed, lists all matching encryption roots.) +102 324 R .468(The def)5.468 F .468 +(ault \214lter is to list all roots managed)-.1 F(by)102 336 Q F2 +(tzpfms)2.5 E F0(.)A F2(\255ab)6.666 E F0 +(can be used to either list all roots or only ones back)2.5 E +(ed by a particular end, respecti)-.1 E -.15(ve)-.25 G(ly).15 E(.)-.65 E +F1(OPTIONS)72 360 Q F2103.666 372 Q F0 .093(Scripting mode \212 d\ +o not print headers and separate \214elds by a single tab instead of co\ +lum-)173 372 R(nating with spaces.)173 384 Q F2103.666 402 Q F0 +(Recurse into all descendants of speci\214ed datasets.)173 402 Q F2 +103.666 414 Q F3(depth)6 E F0(Recurse at most)173 414 Q F3(depth) +2.5 E F0(datasets deep.)2.5 E(Def)5 E(ault:)-.1 E F1(0)2.5 E F0(.)A F2 +103.666 432 Q F0(List all encryption roots, e)173 432 Q -.15(ve) +-.25 G 2.5(no).15 G(nes not managed by)-2.5 E F2(tzpfms)2.5 E F0(.)A F2 +103.666 444 Q F3(back-end)6 E F0(List only encryption roots with) +173 456 Q F3(tzpfms)2.5 E F0(back-end)2.5 E F3(back-end)2.5 E F0(.)A F2 +103.666 474 Q F0(List only encryption roots whose k)173 474 Q -.15 +(ey)-.1 G 2.5(sa).15 G(re a)-2.5 E -.25(va)-.2 G(ilable.).25 E F2 +103.666 486 Q F0(List only encryption roots whose k)173 486 Q -.15(ey) +-.1 G 2.5(sa).15 G(re una)-2.5 E -.25(va)-.2 G(ilable.).25 E F1 +(EXAMPLES)72 510 Q F4($)102 522 Q F2(zfs-tpm-list)6 E F4 +(NAME BACK-END KEYSTATUS COHERENT)102 534 Q +(owo/venc TPM2 unavailable yes)102 546 Q(owo/enc TPM1.X available yes) +102 558 Q($)102 582 Q F2 1.666(zfs-tpm-list \255ad0)6 F F4 +(NAME BACK-END KEYSTATUS COHERENT)102 594 Q(awa - available yes)102 606 +Q($)102 630 Q F2 1.666(zfs-tpm-list \255b)6 F F1(TPM2)6 E F4 +(NAME BACK-END KEYSTATUS COHERENT)102 642 Q +(owo/venc TPM2 unavailable yes)102 654 Q($)102 678 Q F2 1.666 +(zfs-tpm-list \255ra)6 F F3(owo)6 E F4(NAME BACK-END KEYSTATUS COHERENT) +102 690 Q(owo/venc TPM2 unavailable yes)102 702 Q F0(tzpfms 0.1-6)72 750 +Q(October 15, 2021)148.595 E(1)194.145 E 0 Cg EP +%%Page: 2 2 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF -.834(ZFS-TPM-LIST \(8\))72 48 R +(System Manager')102.759 E 2.5(sM)-.55 G 97.759(anual ZFS-TPM-LIST)-2.5 +F(\(8\))1.666 E/F1 10/Courier@0 SF(owo/vtnc - available yes)102 96 Q +(owo/v nc - available yes)102 108 Q(owo/enc TPM1.X available yes)102 120 +Q($)102 144 Q/F2 10/Courier-Bold@0 SF 1.666(zfs-tpm-list \255al)6 F F1 +(NAME BACK-END KEYSTATUS COHERENT)102 156 Q(awa - available yes)102 168 +Q(owo/vtnc - available yes)102 180 Q(owo/v nc - available yes)102 192 Q +(owo/enc TPM1.X available yes)102 204 Q/F3 10/Times-Bold@0 SF 1.666 +(SPECIAL THANKS)72 228 R F0 1.6 -.8(To a)102 240 T +(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:) +.15 E F3<83>122 252 Q F0(ThePhD)2.5 E F3<83>122 264 Q F0(Embark Studios) +2.5 E F3(REPOR)72 288 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 +300 Q(.ht/~nabijaczleweli/tzpfms)-1 E F1 +(~nabijaczleweli/tzpfms@lists.sr.ht)102 318 Q F0 2.5(,a)C(rchi)-2.5 E +-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F3(https://lists.sr)2.5 E +(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F3 1.666(SEE ALSO)72 342 R +(https://git.sr)102 354 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 +(tzpfms 0.1-6)72 750 Q(October 15, 2021)148.595 E(2)194.145 E 0 Cg EP +%%Page: 3 3 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF -.834(ZFS-TPM1X-CHANGE-KEY \(8\))72 48 R +(System Manager')46.109 E 2.5(sM)-.55 G 41.109 +(anual ZFS-TPM1X-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF +-.2(NA)72 96 S(ME).2 E/F2 10/Courier-Bold@0 SF(zfs-tpm1x-change-key)102 +108 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)-2.5 E .3 -.15(ey t)-.1 H +2.5(oo).15 G(ne stored on the TPM)-2.5 E F1(SYNOPSIS)72 132 Q F2 +(zfs-tpm1x-change-key)102 144 Q F0([)3.333 E F22.499 E/F3 10 +/Courier-Oblique@0 SF(backup-file)6 E F0(]).833 E F3(dataset)2.5 E F1 +(DESCRIPTION)72 168 Q F0 4.76 -.8(To n)102 180 T 3.16(ormalise the).8 F +F3(dataset)5.66 E F0(,)A F2(zfs-tpm1x-change-key)5.66 E F0 3.16 +(will open its encryption root in its stead.)5.66 F F2 +(zfs-tpm1x-change-key)102 192 Q F0(will)3.264 E/F4 10/Times-Italic@0 SF +(ne)3.264 E(ver)-.15 E F0 .764(create or destro)3.264 F 3.264(ye)-.1 G +.764(ncryption roots; use)-3.264 F/F5 10/Courier@0 SF(zfs-change-key) +3.264 E F0 .764(\(8\) for)B(that.)102 204 Q +(First, a connection is made to the TPM, which)102 222 Q F4(must)2.5 E +F0(be TPM-1.X-compatible.)2.5 E(If)102 240 Q F3(dataset)2.553 E F0 -.1 +(wa)2.553 G 2.553(sp).1 G(re)-2.553 E .053(viously encrypted with)-.25 F +F2(tzpfms)2.553 E F0 .053(and the)2.553 F F1(TPM1.X)2.553 E F0 .054 +(back-end w)2.553 F .054(as used, the metadata will)-.1 F .203 +(be silently cleared.)102 252 R .203(Otherwise, or in case of an error) +5.203 F 2.703(,d)-.4 G .203(ata required for manual interv)-2.703 F .202 +(ention will be printed to)-.15 F(the standard error stream.)102 264 Q +(Ne)102 282 Q .519(xt, a ne)-.15 F 3.019(ww)-.25 G .519(rapping k)-3.019 +F .819 -.15(ey i)-.1 H 3.019(sb).15 G 3.019(eg)-3.019 G .519 +(enerated on the TPM, optionally back)-3.019 F .519(ed up)-.1 F 1.666 +(\(s)4.685 G(ee)-1.666 E F1(OPTIONS)3.02 E F0 -2.812 1.666(\), a)1.666 H +.52(nd sealed)-1.666 F 1.782(on the TPM; the user is prompted for an op\ +tional passphrase to protect the k)102 294 R 2.081 -.15(ey w)-.1 H 1.781 +(ith, and for the SRK).15 F(passphrase, set when taking o)102 306 Q +(wnership, if it is not "well-kno)-.25 E(wn" \(all zeroes\).)-.25 E +(The follo)102 324 Q(wing properties are set on)-.25 E F3(dataset)2.5 E +F0(:)A F1<83>122 336 Q F5(xyz.nabijaczleweli:tzpfms.backend)2.5 E F0(=)A +F1(TPM1.X)A<83>122 348 Q F5(xyz.nabijaczleweli:tzpfms.key)2.5 E F0(=)A +F3(parent-key-blob)A F2(:)A F3(sealed-object-blob)A F5(tzpfms.backend) +102 366 Q F0 2.231(identi\214es this dataset for w)4.73 F 2.231 +(ork with)-.1 F F1(TPM1.X)4.731 E F0(-back-ended)A F2(tzpfms)4.731 E F0 +3.897(tools \()4.731 F(namely)1.666 E F5(zfs-tpm1x-change-key)102 378 Q +F0(\(8\),)A F5(zfs-tpm1x-load-key)2.5 E F0(\(8\), and)A F5 +(zfs-tpm1x-clear-key)2.5 E F0 -.834(\(8\) \) .)B F5(tzpfms.key)102 396 Q +F0 .334(is a colon-separated pair of he)2.834 F .333 +(xadecimal-string \(i.e. "4F7730" for "Ow0"\) blobs; the \214rst one) +-.15 F .676(represents the RSA k)102 408 R .976 -.15(ey p)-.1 H .676 +(rotecting the blob, and it is protected with either the passw).15 F +.676(ord, if pro)-.1 F .677(vided, or the)-.15 F .236(SHA1 constant)102 +420 R F5(CE4CF677875B5EB8993591D5A9AF1ED24A3A8736)2.736 E F0 2.736(;t)C +.236(he second represents the sealed)-2.736 F 11.923 +(object containing the wrapping k)102 432 R -.15(ey)-.1 G 14.424(,a)-.5 +G 11.924(nd is protected with the SHA1 constant)-14.424 F F5 +(B9EE715DBE4B243FAA81EA04306E063710383E35)102 444 Q F0 7.438(.T)C 2.438 +(here e)-7.438 F 2.438(xists no other user)-.15 F 2.437 +(-land tool for de-)-.2 F(crypting this; perhaps there should be.)102 +456 Q(Finally)102 474 Q 4.14(,t)-.65 G 1.641(he equi)-4.14 F -.25(va) +-.25 G 1.641(lent of).25 F F2 1.641(zfs change-key)4.141 F9.307 E +F5(keylocation=prompt)7.641 E F29.307 E F5(keyformat=raw)7.641 E +F3(dataset)102 486 Q F0 .118(is performed with the ne)2.618 F 2.618(wk) +-.25 G -.15(ey)-2.718 G 5.118(.I)-.5 G 2.617(fa)-5.118 G 2.617(ne)-2.617 +G .117(rror occurred, best ef)-2.617 F .117 +(fort is made to clean up the properties,)-.25 F +(or to issue a note for manual interv)102 498 Q +(ention into the standard error stream.)-.15 E 3.911<418c>102 516 S +1.411(nal v)-3.911 F 1.411(eri\214cation should be made by running)-.15 +F F2 3.077(zfs-tpm1x-load-key \255n)3.911 F F3(dataset)7.411 E F0 6.411 +(.I)C 3.911(ft)-6.411 G 1.412(hat com-)-3.911 F 2.176 +(mand succeeds, all is well, b)102 528 R 2.175 +(ut otherwise the dataset can be manually rolled back to a passw)-.2 F +2.175(ord with)-.1 F F2(zfs-tpm1x-clear-key)102 540 Q F3(dataset)12.878 +E F0 1.666(\(o)11.044 G 7.678 -.4(r, i)-1.666 H 9.378(ft).4 G 6.878 +(hat f)-9.378 F 6.878(ails to w)-.1 F(ork,)-.1 E F2 6.879 +(zfs change-key)9.378 F14.545 E F5(keyformat=passphrase)102 552 Q +F3(dataset)6 E F0 -3.332 1.666(\), a)1.666 H(nd you are hereby ask) +-1.666 E(ed to report a b)-.1 E(ug, please.)-.2 E F2 +(zfs-tpm1x-clear-key)102 570 Q F3(dataset)6 E F0 +(can be used to clear the properties and go back to using a passw)2.5 E +(ord.)-.1 E F1(OPTIONS)72 594 Q F2103.666 606 Q F3(backup-file)6 E +F0(Sa)191 618 Q .806 -.15(ve a b)-.2 H .506(ack-up of the k).15 F .805 +-.15(ey t)-.1 H(o).15 E F3(backup-file)3.005 E F0 3.005(,w)C .505 +(hich must not e)-3.005 F .505(xist beforehand.)-.15 F(This)5.505 E +(back-up)191 630 Q F4(must)3.181 E F0 .681(be stored securely)3.181 F +3.181(,o)-.65 G -.25(ff)-3.181 G 3.181(-site. In).25 F .682 +(case of a catastrophic e)3.181 F -.15(ve)-.25 G .682(nt, the k).15 F +.982 -.15(ey c)-.1 H(an).15 E(be loaded by running)191 642 Q F2 +(zfs load-key)221 654 Q F3(dataset)6 E F5(<)6 E F3(backup-file)6 E F1 +1.666(TPM1.X back-end con\214guration)72 678 R F0(tzpfms 0.1-6)72 750 Q +(October 15, 2021)148.595 E(3)194.145 E 0 Cg EP +%%Page: 4 4 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF -.834(ZFS-TPM1X-CHANGE-KEY \(8\))72 48 R +(System Manager')46.109 E 2.5(sM)-.55 G 41.109 +(anual ZFS-TPM1X-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF +.625(TPM selection)84 96 R F0(The)102 108 Q/F2 10/Courier-Bold@0 SF +(tzpfms)2.768 E F0 .267(suite connects to a local)2.767 F/F3 10 +/Courier@0 SF(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t) +-1.666 E F3(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 +G(ef)-2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102 +120 Q(ariable)-.25 E F3(TZPFMS_TPM1X)2.5 E F0 +(to specify a remote TCS hostname.)2.5 E .391(The T)102 138 R(rouSerS) +-.35 E F3(tcsd)2.891 E F0 .391(\(8\) daemon will try)B F3(/dev/tpm0) +2.892 E F0 2.892(,t)C(hen)-2.892 E F3(/udev/tpm0)2.892 E F0 2.892(,t)C +(hen)-2.892 E F3(/dev/tpm)2.892 E F0 2.892(;b)C 2.892(yo)-2.892 G(ccup) +-2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 150 Q +(xample, shell redirection, a later one can be selected.)-.15 E F1 .625 +(See also)84 174 R F0(The T)102 186 Q(rouSerS project page at)-.35 E F1 +(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18 +E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102 +204 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E +(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E +(speci\214cation)102 216 Q F0(.)A F1 1.666(SPECIAL THANKS)72 240 R F0 +1.6 -.8(To a)102 252 T(ll who support further de).8 E -.15(ve)-.25 G +(lopment, in particular:).15 E F1<83>122 264 Q F0(ThePhD)2.5 E F1<83>122 +276 Q F0(Embark Studios)2.5 E F1(REPOR)72 300 Q 1.666(TING B)-.4 F(UGS) +-.1 E(https://todo.sr)102 312 Q(.ht/~nabijaczleweli/tzpfms)-1 E F3 +(~nabijaczleweli/tzpfms@lists.sr.ht)102 330 Q F0 2.5(,a)C(rchi)-2.5 E +-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E +(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 354 R +(https://git.sr)102 366 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 +(tzpfms 0.1-6)72 750 Q(October 15, 2021)148.595 E(4)194.145 E 0 Cg EP +%%Page: 5 5 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF -.834(ZFS-TPM1X-CLEAR-KEY \(8\))72 48 R +(System Manager')54.989 E 2.5(sM)-.55 G 49.989 +(anual ZFS-TPM1X-CLEAR-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF +-.2(NA)72 96 S(ME).2 E/F2 10/Courier-Bold@0 SF(zfs-tpm1x-clear-key)102 +108 Q F0 2.5<8a72>2.5 G -.25(ew)-2.5 G(rap ZFS dataset k).25 E .3 -.15 +(ey i)-.1 H 2.5(np).15 G(asssw)-2.5 E +(ord and clear tzpfms TPM1.X metadata)-.1 E F1(SYNOPSIS)72 132 Q F2 +(zfs-tpm1x-clear-key)102 144 Q/F3 10/Courier-Oblique@0 SF(dataset)2.5 E +F1(DESCRIPTION)72 168 Q F0(After v)102 180 Q(erifying)-.15 E F3(dataset) +2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E F2(tzpfms)2.5 E +F0(back)2.5 E(end)-.1 E F1(TPM1.X)2.5 E F0(:)A 6.984 +(1. performs the equi)122 192 R -.25(va)-.25 G 6.984(lent of).25 F F2 +6.984(zfs change-key)9.484 F14.65 E/F4 10/Courier@0 SF +(keylocation=prompt)12.985 E F214.651 E F4(keyformat=passphrase) +127 204 Q F3(dataset)6 E F0(,)A(2. remo)122 216 Q -.15(ve)-.15 G 2.5(st) +.15 G(he)-2.5 E F4(xyz.nabijaczleweli:tzpfms.)2.5 E F0({)A F4(backend)A +F0(,)A F4(key)6 E F0 2.5(}p)C(roperties from)-2.5 E F3(dataset)2.5 E F0 +(.)A(See)102 234 Q F4(zfs-tpm1x-change-key)2.5 E F0 +(\(8\) for a detailed description.)A F1 1.666 +(TPM1.X back-end con\214guration)72 258 R .625(TPM selection)84 270 R F0 +(The)102 282 Q F2(tzpfms)2.768 E F0 .267(suite connects to a local)2.767 +F F4(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E +F4(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef) +-2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102 294 +Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0 +(to specify a remote TCS hostname.)2.5 E .391(The T)102 312 R(rouSerS) +-.35 E F4(tcsd)2.891 E F0 .391(\(8\) daemon will try)B F4(/dev/tpm0) +2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.892(,t)C +(hen)-2.892 E F4(/dev/tpm)2.892 E F0 2.892(;b)C 2.892(yo)-2.892 G(ccup) +-2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 324 Q +(xample, shell redirection, a later one can be selected.)-.15 E F1 .625 +(See also)84 348 R F0(The T)102 360 Q(rouSerS project page at)-.35 E F1 +(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18 +E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102 +378 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E +(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E +(speci\214cation)102 390 Q F0(.)A F1 1.666(SPECIAL THANKS)72 414 R F0 +1.6 -.8(To a)102 426 T(ll who support further de).8 E -.15(ve)-.25 G +(lopment, in particular:).15 E F1<83>122 438 Q F0(ThePhD)2.5 E F1<83>122 +450 Q F0(Embark Studios)2.5 E F1(REPOR)72 474 Q 1.666(TING B)-.4 F(UGS) +-.1 E(https://todo.sr)102 486 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4 +(~nabijaczleweli/tzpfms@lists.sr.ht)102 504 Q F0 2.5(,a)C(rchi)-2.5 E +-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E +(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 528 R +(https://git.sr)102 540 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 +(tzpfms 0.1-6)72 750 Q(October 15, 2021)148.595 E(5)194.145 E 0 Cg EP +%%Page: 6 6 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF(ZFS-TPM1X-LO)72 48 Q -.834(AD-KEY \(8\))-.35 F +(System Manager')60.349 E 2.5(sM)-.55 G 55.349(anual ZFS-TPM1X-LO)-2.5 F +-.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E +/F2 10/Courier-Bold@0 SF(zfs-tpm1x-load-key)102 108 Q F0 2.5<8a6c>2.5 G +(oad tzpfms TPM1.X-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1 +(SYNOPSIS)72 132 Q F2(zfs-tpm1x-load-key)102 144 Q F0([)3.333 E F2 +2.499 E F0(]).833 E/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1 +(DESCRIPTION)72 168 Q F0 1.155(After v)102 180 R(erifying)-.15 E F3 +(dataset)3.655 E F0 -.1(wa)3.655 G 3.655(se).1 G 1.155(ncrypted with) +-3.655 F F2(tzpfms)3.655 E F0(back)3.655 E(end)-.1 E F1(TPM1.X)3.655 E +F0 1.156(will unseal the k)3.655 F 1.456 -.15(ey a)-.1 H 1.156 +(nd load it).15 F(into)102 192 Q F3(dataset)2.5 E F0(.)A .422 +(The user is prompted for)102 210 R 2.922<2c8c>-.4 G .422 +(rst, the SRK passphrase, set when taking o)-2.922 F .422 +(wnership, if it')-.25 F 2.921(sn)-.55 G .421(ot "well-kno)-2.921 F .421 +(wn" \(all)-.25 F +(zeroes\), then the additional passphrase set when creating the k)102 +222 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5(fi)-2.5 G 2.5(tw)-2.5 G(as pro)-2.6 +E(vided.)-.15 E(See)102 240 Q/F4 10/Courier@0 SF(zfs-tpm1x-change-key) +2.5 E F0(\(8\) for a detailed description.)A F1(OPTIONS)72 264 Q F2 +103.666 276 Q F0 .178(Do a no-op/dry run, can be used e)119 288 R +-.15(ve)-.25 G 2.678(ni).15 G 2.679(ft)-2.678 G .179(he k)-2.679 F .479 +-.15(ey i)-.1 H 2.679(sa).15 G .179(lready loaded.)-2.679 F(Equi)5.179 E +-.25(va)-.25 G .179(lent to).25 F F2 .179(zfs load-key)2.679 F F0 -.55 +('s)C F24.895 E F0(option.)119 300 Q F1 1.666 +(TPM1.X back-end con\214guration)72 324 R .625(TPM selection)84 336 R F0 +(The)102 348 Q F2(tzpfms)2.768 E F0 .267(suite connects to a local)2.767 +F F4(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E +F4(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef) +-2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102 360 +Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0 +(to specify a remote TCS hostname.)2.5 E .391(The T)102 378 R(rouSerS) +-.35 E F4(tcsd)2.891 E F0 .391(\(8\) daemon will try)B F4(/dev/tpm0) +2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.892(,t)C +(hen)-2.892 E F4(/dev/tpm)2.892 E F0 2.892(;b)C 2.892(yo)-2.892 G(ccup) +-2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 390 Q +(xample, shell redirection, a later one can be selected.)-.15 E F1 .625 +(See also)84 414 R F0(The T)102 426 Q(rouSerS project page at)-.35 E F1 +(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18 +E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102 +444 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E +(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E +(speci\214cation)102 456 Q F0(.)A F1 1.666(SPECIAL THANKS)72 480 R F0 +1.6 -.8(To a)102 492 T(ll who support further de).8 E -.15(ve)-.25 G +(lopment, in particular:).15 E F1<83>122 504 Q F0(ThePhD)2.5 E F1<83>122 +516 Q F0(Embark Studios)2.5 E F1(REPOR)72 540 Q 1.666(TING B)-.4 F(UGS) +-.1 E(https://todo.sr)102 552 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4 +(~nabijaczleweli/tzpfms@lists.sr.ht)102 570 Q F0 2.5(,a)C(rchi)-2.5 E +-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E +(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 594 R +(https://git.sr)102 606 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 +(tzpfms 0.1-6)72 750 Q(October 15, 2021)148.595 E(6)194.145 E 0 Cg EP +%%Page: 7 7 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R +(System Manager')53.329 E 2.5(sM)-.55 G 48.329 +(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF +-.2(NA)72 96 S(ME).2 E/F2 10/Courier-Bold@0 SF(zfs-tpm2-change-key)102 +108 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)-2.5 E .3 -.15(ey t)-.1 H +2.5(oo).15 G(ne stored on the TPM)-2.5 E F1(SYNOPSIS)72 132 Q F2 +(zfs-tpm2-change-key)102 144 Q F0([)3.333 E F22.499 E/F3 10 +/Courier-Oblique@0 SF(backup-file)6 E F0(]).833 E F3(dataset)2.5 E F1 +(DESCRIPTION)72 168 Q F0 6.93 -.8(To n)102 180 T(ormalise).8 E F3 +(dataset)7.831 E F0(,)A F2(zfs-tpm2-change-key)7.831 E F0 5.331 +(will open its encryption root in its stead.)7.831 F F2 +(zfs-tpm2-change-key)102 192 Q F0(will)3.864 E/F4 10/Times-Italic@0 SF +(ne)3.864 E(ver)-.15 E F0 1.364(create or destro)3.864 F 3.864(ye)-.1 G +1.364(ncryption roots; use)-3.864 F/F5 10/Courier@0 SF(zfs-change-key) +3.864 E F0 1.364(\(8\) for)B(that.)102 204 Q +(First, a connection is made to the TPM, which)102 222 Q F4(must)2.5 E +F0(be TPM-2.0-compatible.)2.5 E(If)102 240 Q F3(dataset)3.42 E F0 -.1 +(wa)3.42 G 3.42(sp).1 G(re)-3.42 E .92(viously encrypted with)-.25 F F2 +(tzpfms)3.42 E F0 .92(and the)3.42 F F1(TPM2)3.42 E F0 .92(back-end w) +3.42 F .92(as used, the pre)-.1 F .92(vious k)-.25 F -.15(ey)-.1 G .382 +(will be freed from the TPM.)102 252 R .382 +(Otherwise, or in case of an error)5.382 F 2.882(,d)-.4 G .382 +(ata required for manual interv)-2.882 F .382(ention will be)-.15 F +(printed to the standard error stream.)102 264 Q(Ne)102 282 Q .519 +(xt, a ne)-.15 F 3.019(ww)-.25 G .519(rapping k)-3.019 F .819 -.15(ey i) +-.1 H 3.019(sb).15 G 3.019(eg)-3.019 G .519 +(enerated on the TPM, optionally back)-3.019 F .519(ed up)-.1 F 1.666 +(\(s)4.685 G(ee)-1.666 E F1(OPTIONS)3.02 E F0 -2.812 1.666(\), a)1.666 H +.52(nd sealed)-1.666 F .248 +(to a persistent object on the TPM under the o)102 294 R .248 +(wner hierarch)-.25 F .248(y; if there is a passphrase set on the o)-.05 +F .248(wner hierar)-.25 F(-)-.2 E(ch)102 306 Q 1.772 -.65(y, t)-.05 H +.472(he user is prompted for it; the user is al).65 F -.1(wa)-.1 G .472 +(ys prompted for an optional passphrase to protect the sealed).1 F +(object with.)102 318 Q(The follo)102 336 Q(wing properties are set on) +-.25 E F3(dataset)2.5 E F0(:)A F1<83>122 348 Q F5 +(xyz.nabijaczleweli:tzpfms.backend)2.5 E F0(=)A F1(TPM2)A<83>122 360 Q +F5(xyz.nabijaczleweli:tzpfms.key)2.5 E F0(=)A F3 +(ID of persistent object)A F5(tzpfms.backend)102 378 Q F0 3.203 +(identi\214es this dataset for w)5.703 F 3.203(ork with)-.1 F F1(TPM2) +5.703 E F0(-back-ended)A F2(tzpfms)5.703 E F0 4.868(tools \()5.702 F +(namely)1.666 E F5(zfs-tpm2-change-key)102 390 Q F0(\(8\),)A F5 +(zfs-tpm2-load-key)2.5 E F0(\(8\), and)A F5(zfs-tpm2-clear-key)2.5 E F0 +-.834(\(8\) \) .)B F5(tzpfms.key)102 408 Q F0 1.11(is an inte)3.61 F +1.111 +(ger representing the sealed object; if needed, it can be passed to)-.15 +F F2(tpm2_unseal)3.611 E103.666 420 Q F5(${tzpfms.key})6.032 E F0 +([)6.865 E F22.499 E F5(${password})6.032 E F0 2.532(]o).833 G +2.532(re)-2.532 G(qui)-2.532 E -.25(va)-.25 G .032(lent for back-up).25 +F 1.666(\(s)4.198 G(ee)-1.666 E F1(OPTIONS)2.532 E F0 -.8 1.666(\). I) +1.666 H 2.532(fy)-1.666 G .032(ou ha)-2.532 F .331 -.15(ve a)-.2 H .434 +(sealed k)102 432 R .734 -.15(ey y)-.1 H .434 +(ou can access with that or equi).15 F -.25(va)-.25 G .435 +(lent tool and set both of these properties, it will funxion seam-).25 F +(lessly)102 444 Q(.)-.65 E(Finally)102 462 Q 4.141(,t)-.65 G 1.641 +(he equi)-4.141 F -.25(va)-.25 G 1.641(lent of).25 F F2 1.641 +(zfs change-key)4.141 F9.307 E F5(keylocation=prompt)7.641 E F2 +9.307 E F5(keyformat=raw)7.64 E F3(dataset)102 474 Q F0 .336 +(is performed with the ne)2.836 F 2.836(wk)-.25 G -.15(ey)-2.936 G 5.336 +(.I)-.5 G 2.836(fa)-5.336 G 2.836(ne)-2.836 G .336 +(rror occurred, best ef)-2.836 F .337 +(fort is made to clean up the persistent)-.25 F +(object and properties, or to issue a note for manual interv)102 486 Q +(ention into the standard error stream.)-.15 E 2.92<418c>102 504 S .42 +(nal v)-2.92 F .42(eri\214cation should be made by running)-.15 F F2 +2.085(zfs-tpm2-load-key \255n)2.919 F F3(dataset)6.419 E F0 5.419(.I)C +2.919(ft)-5.419 G .419(hat command)-2.919 F 3.856 +(succeeds, all is well, b)102 516 R 3.856 +(ut otherwise the dataset can be manually rolled back to a passw)-.2 F +3.857(ord with)-.1 F F2(zfs-tpm2-clear-key)102 528 Q F3(dataset)13.479 E +F0 1.666(\(o)11.645 G 8.278 -.4(r, i)-1.666 H 9.978(ft).4 G 7.478(hat f) +-9.978 F 7.478(ails to w)-.1 F(ork,)-.1 E F2 7.478(zfs change-key)9.978 +F15.144 E F5(keyformat=passphrase)102 540 Q F3(dataset)6 E F0 +-3.332 1.666(\), a)1.666 H(nd you are hereby ask)-1.666 E +(ed to report a b)-.1 E(ug, please.)-.2 E F2(zfs-tpm2-clear-key)102 558 +Q F3(dataset)6.423 E F0 .423 +(can be used to free the TPM persistent object and go back to using a) +2.923 F(passw)102 570 Q(ord.)-.1 E F1(OPTIONS)72 594 Q F2103.666 +606 Q F3(backup-file)6 E F0(Sa)191 618 Q .806 -.15(ve a b)-.2 H .506 +(ack-up of the k).15 F .805 -.15(ey t)-.1 H(o).15 E F3(backup-file)3.005 +E F0 3.005(,w)C .505(hich must not e)-3.005 F .505(xist beforehand.)-.15 +F(This)5.505 E(back-up)191 630 Q F4(must)3.181 E F0 .681 +(be stored securely)3.181 F 3.181(,o)-.65 G -.25(ff)-3.181 G 3.181 +(-site. In).25 F .682(case of a catastrophic e)3.181 F -.15(ve)-.25 G +.682(nt, the k).15 F .982 -.15(ey c)-.1 H(an).15 E(be loaded by running) +191 642 Q F2(zfs load-key)221 654 Q F3(dataset)6 E F5(<)6 E F3 +(backup-file)6 E F1 1.666(TPM2 back-end con\214guration)72 678 R F0 +(tzpfms 0.1-6)72 750 Q(October 15, 2021)148.595 E(7)194.145 E 0 Cg EP +%%Page: 8 8 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R +(System Manager')53.329 E 2.5(sM)-.55 G 48.329 +(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF +(En)84 96 Q(vir)-.4 E .625(onment v)-.18 F(ariables)-.1 E/F2 10 +/Courier@0 SF(TSS2_LOG)102 108 Q F0(An)155 108 Q 2.5(yo)-.15 G(f:)-2.5 E +F1(NONE)2.5 E F0(,)A F1(ERR)2.5 E(OR)-.3 E F0(,)A F1 -1.2(WA)2.5 G +(RNING)1.2 E F0(,)A F1(INFO)2.5 E F0(,)A F1(DEB)2.5 E(UG)-.1 E F0(,)A F1 +(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E F1 -1.2(WA)2.5 G +(RNING)1.2 E F0(.)A F1 .625(TPM selection)84 132 R F0 .517(The library) +102 144 R/F3 10/Courier-Bold@0 SF(libtss2-tcti-default.so)3.017 E F0 +.517(can be link)3.017 F .516(ed to an)-.1 F 3.016(yo)-.15 G 3.016(ft) +-3.016 G(he)-3.016 E F2(libtss2-tcti-)3.016 E/F4 10/Symbol SF(*)A F2 +(.so)A F0(libraries)3.016 E .575(to select the def)102 156 R .576 +(ault, otherwise)-.1 F F2(/dev/tpmrm0)3.076 E F0 3.076(,t)C(hen)-3.076 E +F2(/dev/tpm0)3.076 E F0 3.076(,t)C(hen)-3.076 E F2(localhost:2321)3.076 +E F0 .576(will be tried,)3.076 F(in order)102 168 Q 1.666(\(s)4.166 G +(ee)-1.666 E F2(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F1 .625 +(See also)84 192 R F0 3.488(The tpm2-tss git repository at)102 204 R F1 +(https://github)5.988 E(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0 +3.487(and the documentation at)5.988 F F1(https://tpm2-tss.r)102 216 Q +(eadthedocs.io)-.18 E F0(.)A 3.092 +(The TPM 2.0 speci\214cations, mainly at)102 234 R F1 +(https://trustedcomputinggr)5.592 E(oup.or)-.18 E +(g/wp-content/uploads/TPM-)-.1 E(Re)102 246 Q(v-2.0-P)-.15 E(art-1-Ar) +-.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0(and related pages.)2.5 E F1 +1.666(SPECIAL THANKS)72 270 R F0 1.6 -.8(To a)102 282 T +(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:) +.15 E F1<83>122 294 Q F0(ThePhD)2.5 E F1<83>122 306 Q F0(Embark Studios) +2.5 E F1(REPOR)72 330 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 +342 Q(.ht/~nabijaczleweli/tzpfms)-1 E F2 +(~nabijaczleweli/tzpfms@lists.sr.ht)102 360 Q F0 2.5(,a)C(rchi)-2.5 E +-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E +(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 384 R F2 +(tpm2_unseal)102 396 Q F0(\(1\))A F1(https://git.sr)102 414 Q +(.ht/~nabijaczleweli/tzpfms)-1 E F0(tzpfms 0.1-6)72 750 Q +(October 15, 2021)148.595 E(8)194.145 E 0 Cg EP +%%Page: 9 9 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CLEAR-KEY \(8\))72 48 R +(System Manager')62.209 E 2.5(sM)-.55 G 57.209(anual ZFS-TPM2-CLEAR-KEY) +-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E/F2 10 +/Courier-Bold@0 SF(zfs-tpm2-clear-key)102 108 Q F0 2.5<8a72>2.5 G -.25 +(ew)-2.5 G(rap ZFS dataset k).25 E .3 -.15(ey i)-.1 H 2.5(np).15 G +(asssw)-2.5 E(ord and clear tzpfms TPM2 metadata)-.1 E F1(SYNOPSIS)72 +132 Q F2(zfs-tpm2-clear-key)102 144 Q/F3 10/Courier-Oblique@0 SF +(dataset)2.5 E F1(DESCRIPTION)72 168 Q F0(After v)102 180 Q(erifying) +-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E +F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM2)2.5 E F0(:)A 6.985 +(1. performs the equi)122 192 R -.25(va)-.25 G 6.984(lent of).25 F F2 +6.984(zfs change-key)9.484 F14.65 E/F4 10/Courier@0 SF +(keylocation=prompt)12.984 E F214.65 E F4(keyformat=passphrase)127 +204 Q F3(dataset)6 E F0(,)A(2. frees the sealed k)122 216 Q .3 -.15 +(ey p)-.1 H(re).15 E(viously used to encrypt)-.25 E F3(dataset)2.5 E F0 +(,)A(3. remo)122 228 Q -.15(ve)-.15 G 2.5(st).15 G(he)-2.5 E F4 +(xyz.nabijaczleweli:tzpfms.)2.5 E F0({)A F4(backend)A F0(,)A F4(key)6 E +F0 2.5(}p)C(roperties from)-2.5 E F3(dataset)2.5 E F0(.)A(See)102 246 Q +F4(zfs-tpm2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1 +1.666(TPM2 back-end con\214guration)72 270 R(En)84 282 Q(vir)-.4 E .625 +(onment v)-.18 F(ariables)-.1 E F4(TSS2_LOG)102 294 Q F0(An)155 294 Q +2.5(yo)-.15 G(f:)-2.5 E F1(NONE)2.5 E F0(,)A F1(ERR)2.5 E(OR)-.3 E F0(,) +A F1 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F1(INFO)2.5 E F0(,)A F1(DEB)2.5 E +(UG)-.1 E F0(,)A F1(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E F1 +-1.2(WA)2.5 G(RNING)1.2 E F0(.)A F1 .625(TPM selection)84 318 R F0 .516 +(The library)102 330 R F2(libtss2-tcti-default.so)3.016 E F0 .516 +(can be link)3.016 F .516(ed to an)-.1 F 3.017(yo)-.15 G 3.017(ft)-3.017 +G(he)-3.017 E F4(libtss2-tcti-)3.017 E/F5 10/Symbol SF(*)A F4(.so)A F0 +(libraries)3.017 E .576(to select the def)102 342 R .576 +(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.076 E F0 3.076(,t)C(hen)-3.076 E +F4(/dev/tpm0)3.076 E F0 3.076(,t)C(hen)-3.076 E F4(localhost:2321)3.076 +E F0 .575(will be tried,)3.076 F(in order)102 354 Q 1.666(\(s)4.166 G +(ee)-1.666 E F4(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F1 .625 +(See also)84 378 R F0 3.487(The tpm2-tss git repository at)102 390 R F1 +(https://github)5.988 E(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0 +3.488(and the documentation at)5.988 F F1(https://tpm2-tss.r)102 402 Q +(eadthedocs.io)-.18 E F0(.)A 3.092 +(The TPM 2.0 speci\214cations, mainly at)102 420 R F1 +(https://trustedcomputinggr)5.591 E(oup.or)-.18 E +(g/wp-content/uploads/TPM-)-.1 E(Re)102 432 Q(v-2.0-P)-.15 E(art-1-Ar) +-.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0(and related pages.)2.5 E F1 +1.666(SPECIAL THANKS)72 456 R F0 1.6 -.8(To a)102 468 T +(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:) +.15 E F1<83>122 480 Q F0(ThePhD)2.5 E F1<83>122 492 Q F0(Embark Studios) +2.5 E F1(REPOR)72 516 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 +528 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4 +(~nabijaczleweli/tzpfms@lists.sr.ht)102 546 Q F0 2.5(,a)C(rchi)-2.5 E +-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E +(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 570 R +(https://git.sr)102 582 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 +(tzpfms 0.1-6)72 750 Q(October 15, 2021)148.595 E(9)194.145 E 0 Cg EP +%%Page: 10 10 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF(ZFS-TPM2-LO)72 48 Q -.834(AD-KEY \(8\))-.35 F +(System Manager')67.569 E 2.5(sM)-.55 G 62.569(anual ZFS-TPM2-LO)-2.5 F +-.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E +/F2 10/Courier-Bold@0 SF(zfs-tpm2-load-key)102 108 Q F0 2.5<8a6c>2.5 G +(oad tzpfms TPM2-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1 +(SYNOPSIS)72 132 Q F2(zfs-tpm2-load-key)102 144 Q F0([)3.333 E F2 +2.499 E F0(]).833 E/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1 +(DESCRIPTION)72 168 Q F0 1.118(After v)102 180 R(erifying)-.15 E F3 +(dataset)3.618 E F0 -.1(wa)3.618 G 3.618(se).1 G 1.118(ncrypted with) +-3.618 F F2(tzpfms)3.618 E F0(back)3.618 E(end)-.1 E F1(TPM2)3.618 E F0 +3.618(,u)C 1.118(nseals the k)-3.618 F 1.418 -.15(ey a)-.1 H 1.118 +(nd loads it into).15 F F3(dataset)102 192 Q F0(.)A(See)102 210 Q/F4 10 +/Courier@0 SF(zfs-tpm2-change-key)2.5 E F0 +(\(8\) for a detailed description.)A F1(OPTIONS)72 234 Q F2103.666 +246 Q F0 .179(Do a no-op/dry run, can be used e)119 258 R -.15(ve)-.25 G +2.679(ni).15 G 2.679(ft)-2.679 G .179(he k)-2.679 F .478 -.15(ey i)-.1 H +2.678(sa).15 G .178(lready loaded.)-2.678 F(Equi)5.178 E -.25(va)-.25 G +.178(lent to).25 F F2 .178(zfs load-key)2.678 F F0 -.55('s)C F2 +4.894 E F0(option.)119 270 Q F1 1.666(TPM1.X back-end con\214guration)72 +294 R .625(TPM selection)84 306 R F0(The)102 318 Q F2(tzpfms)2.767 E F0 +.267(suite connects to a local)2.767 F F4(tcsd)2.767 E F0 .267 +(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E F4(localhost:30003)2.767 E +F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)-2.767 E 2.767(ault. Use)-.1 F +.268(the en-)2.767 F(vironment v)102 330 Q(ariable)-.25 E F4 +(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .392 +(The T)102 348 R(rouSerS)-.35 E F4(tcsd)2.892 E F0 .392 +(\(8\) daemon will try)B F4(/dev/tpm0)2.892 E F0 2.892(,t)C(hen)-2.892 E +F4(/udev/tpm0)2.892 E F0 2.891(,t)C(hen)-2.891 E F4(/dev/tpm)2.891 E F0 +2.891(;b)C 2.891(yo)-2.891 G(ccup)-2.891 E(ying)-.1 E +(one of the earlier ones with, for e)102 360 Q +(xample, shell redirection, a later one can be selected.)-.15 E F1 .625 +(See also)84 384 R F0(The T)102 396 Q(rouSerS project page at)-.35 E F1 +(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18 +E(ousers)-.18 E F0(.)A 5.108(The TPM 1.2 main speci\214cation inde)102 +414 R 7.609(xa)-.15 G(t)-7.609 E F1(https://trustedcomputinggr)7.609 E +(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E +(speci\214cation)102 426 Q F0(.)A F1 1.666(SPECIAL THANKS)72 450 R F0 +1.6 -.8(To a)102 462 T(ll who support further de).8 E -.15(ve)-.25 G +(lopment, in particular:).15 E F1<83>122 474 Q F0(ThePhD)2.5 E F1<83>122 +486 Q F0(Embark Studios)2.5 E F1(REPOR)72 510 Q 1.666(TING B)-.4 F(UGS) +-.1 E(https://todo.sr)102 522 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4 +(~nabijaczleweli/tzpfms@lists.sr.ht)102 540 Q F0 2.5(,a)C(rchi)-2.5 E +-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E +(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 564 R +(https://git.sr)102 576 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 +(tzpfms 0.1-6)72 750 Q(October 15, 2021)148.595 E(10)189.145 E 0 Cg EP +%%Trailer +end +%%EOF diff --git a/zfs-tpm-list.8 b/zfs-tpm-list.8 index a6d2585..5c674a4 100644 --- a/zfs-tpm-list.8 +++ b/zfs-tpm-list.8 @@ -1,7 +1,7 @@ .Dd October 15, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM-LIST 8 -.Os tzpfms 0.1-5 +.Os tzpfms 0.1-6 . .Sh NAME .Nm zfs-tpm-list diff --git a/zfs-tpm-list.8.html b/zfs-tpm-list.8.html index 9a7169e..c6049f8 100644 --- a/zfs-tpm-list.8.html +++ b/zfs-tpm-list.8.html @@ -168,7 +168,7 @@ owo/enc TPM1.X available yes - +
October 15, 2021tzpfms 0.1-5tzpfms 0.1-6
diff --git a/zfs-tpm1x-change-key.8 b/zfs-tpm1x-change-key.8 index ee728df..564aa9b 100644 --- a/zfs-tpm1x-change-key.8 +++ b/zfs-tpm1x-change-key.8 @@ -1,7 +1,7 @@ .Dd October 15, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM1X-CHANGE-KEY 8 -.Os tzpfms 0.1-5 +.Os tzpfms 0.1-6 . .Sh NAME .Nm zfs-tpm1x-change-key diff --git a/zfs-tpm1x-change-key.8.html b/zfs-tpm1x-change-key.8.html index 8aef343..4619974 100644 --- a/zfs-tpm1x-change-key.8.html +++ b/zfs-tpm1x-change-key.8.html @@ -163,7 +163,7 @@ - +
October 15, 2021tzpfms 0.1-5tzpfms 0.1-6
diff --git a/zfs-tpm1x-clear-key.8 b/zfs-tpm1x-clear-key.8 index e5b985e..07c2f7c 100644 --- a/zfs-tpm1x-clear-key.8 +++ b/zfs-tpm1x-clear-key.8 @@ -1,7 +1,7 @@ .Dd October 15, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM1X-CLEAR-KEY 8 -.Os tzpfms 0.1-5 +.Os tzpfms 0.1-6 . .Sh NAME .Nm zfs-tpm1x-clear-key diff --git a/zfs-tpm1x-clear-key.8.html b/zfs-tpm1x-clear-key.8.html index 7b6c534..9b4766f 100644 --- a/zfs-tpm1x-clear-key.8.html +++ b/zfs-tpm1x-clear-key.8.html @@ -103,7 +103,7 @@ - +
October 15, 2021tzpfms 0.1-5tzpfms 0.1-6
diff --git a/zfs-tpm1x-load-key.8 b/zfs-tpm1x-load-key.8 index 3c99490..36e9e20 100644 --- a/zfs-tpm1x-load-key.8 +++ b/zfs-tpm1x-load-key.8 @@ -1,7 +1,7 @@ .Dd October 15, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM1X-LOAD-KEY 8 -.Os tzpfms 0.1-5 +.Os tzpfms 0.1-6 . .Sh NAME .Nm zfs-tpm1x-load-key diff --git a/zfs-tpm1x-load-key.8.html b/zfs-tpm1x-load-key.8.html index 1b921cd..09bd067 100644 --- a/zfs-tpm1x-load-key.8.html +++ b/zfs-tpm1x-load-key.8.html @@ -104,7 +104,7 @@ - +
October 15, 2021tzpfms 0.1-5tzpfms 0.1-6
diff --git a/zfs-tpm2-change-key.8 b/zfs-tpm2-change-key.8 index 69ee7e4..fe399c3 100644 --- a/zfs-tpm2-change-key.8 +++ b/zfs-tpm2-change-key.8 @@ -1,7 +1,7 @@ .Dd October 15, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM2-CHANGE-KEY 8 -.Os tzpfms 0.1-5 +.Os tzpfms 0.1-6 . .Sh NAME .Nm zfs-tpm2-change-key diff --git a/zfs-tpm2-change-key.8.html b/zfs-tpm2-change-key.8.html index 152df30..1e71fc5 100644 --- a/zfs-tpm2-change-key.8.html +++ b/zfs-tpm2-change-key.8.html @@ -176,7 +176,7 @@ - +
October 15, 2021tzpfms 0.1-5tzpfms 0.1-6
diff --git a/zfs-tpm2-clear-key.8 b/zfs-tpm2-clear-key.8 index ca0bf51..362141f 100644 --- a/zfs-tpm2-clear-key.8 +++ b/zfs-tpm2-clear-key.8 @@ -1,7 +1,7 @@ .Dd October 15, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM2-CLEAR-KEY 8 -.Os tzpfms 0.1-5 +.Os tzpfms 0.1-6 . .Sh NAME .Nm zfs-tpm2-clear-key diff --git a/zfs-tpm2-clear-key.8.html b/zfs-tpm2-clear-key.8.html index f1b6a73..396ea65 100644 --- a/zfs-tpm2-clear-key.8.html +++ b/zfs-tpm2-clear-key.8.html @@ -118,7 +118,7 @@ - +
October 15, 2021tzpfms 0.1-5tzpfms 0.1-6
diff --git a/zfs-tpm2-load-key.8 b/zfs-tpm2-load-key.8 index 1fe6b24..6ad8753 100644 --- a/zfs-tpm2-load-key.8 +++ b/zfs-tpm2-load-key.8 @@ -1,7 +1,7 @@ .Dd October 15, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM2-LOAD-KEY 8 -.Os tzpfms 0.1-5 +.Os tzpfms 0.1-6 . .Sh NAME .Nm zfs-tpm2-load-key diff --git a/zfs-tpm2-load-key.8.html b/zfs-tpm2-load-key.8.html index 1ed3a35..159a41c 100644 --- a/zfs-tpm2-load-key.8.html +++ b/zfs-tpm2-load-key.8.html @@ -101,7 +101,7 @@ - +
October 15, 2021tzpfms 0.1-5tzpfms 0.1-6