third-party-mirrors/tzpfms
1
0
Fork 0
mirror of https://git.sr.ht/~nabijaczleweli/tzpfms synced 2025-04-11 09:30:02 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Document /usr/share/tzpfms/. Ported to zfs 2.2

Browse Source
This commit is contained in:
наб 2024-03-02 20:51:50 +01:00
parent f5996ad11a
commit 31f4ef215c
No known key found for this signature in database
GPG Key ID: BCFD0B018D2658F1
1 changed files with 15 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
README.md
View File

@ -1,7 +1,7 @@
# tzpfms [![builds.sr.ht badge](//builds.sr.ht/~nabijaczleweli/tzpfms.svg)](//builds.sr.ht/~nabijaczleweli/tzpfms)
TPM-based encryption keys for ZFS datasets.
See also [fsifdso](//git.sr.ht/~nabijaczleweli/fzifdso) for FIDO2/WebAuthn-based (YubiKey, Somu, &c.) keys.
See also [fzifdso](//git.sr.ht/~nabijaczleweli/fzifdso) for FIDO2/WebAuthn-based (YubiKey, Somu, &c.) keys.
## [Manpages](//srhtcdn.githack.com/~nabijaczleweli/tzpfms/blob/man/zfs-tpm-list.8.html) ([PDF](//srhtcdn.githack.com/~nabijaczleweli/tzpfms/blob/man/tzpfms.pdf))
@ -28,7 +28,7 @@ and initramfs-tools (with/without Plymouth) are supported for [ZFS-on-root](//na
### Building
You'll need `pkg-config`, `shellcheck`, `libzfslinux-dev` (0.8.x and 2.[01].x work), `libtss2-dev`, `libtspi-dev`, `libssl-dev`, and `make` should hopefully Just Work™ if you have a C++17-capable compiler.
You'll need `pkgconf`, `shellcheck`, `libzfslinux-dev` (0.8.x and 2.[012].x work), `libtss2-dev`, `libtspi-dev`, `libssl-dev`, and `make` should hopefully Just Work™ if you have a C++17-capable compiler.
The output binaries are trimmed of extraneous dependencies, so they're all just libc + libzfs and friends + the chosen TPM back-end, if any + libcrypto for TPM2 PCR handling.
`mandoc` is required for HTML manuals. Set `MANDOC=true` to forgo this.
@ -132,6 +132,19 @@ Send a patch inline, as an attachment, or a git link and a ref to pull from to
[the list](//lists.sr.ht/~nabijaczleweli/tzpfms) ([~nabijaczleweli/tzpfms@lists.sr.ht](mailto:~nabijaczleweli/tzpfms@lists.sr.ht)) or [me](mailto:nabijaczleweli@nabijaczleweli.xyz)
directly. I'm not picky, just please include the repo name in the subject prefix.
### "Ecosystem"
Put a line containing the `zfs-{...}-load-key` program name followed by a list of required services (if any) into `/usr/share/tzpfms/${tzpfms.backend}`
and the `zfs-load-key@.service` drop-in will understand it and use it to load.
Known compatible backends:
| `/usr/share/tzpfms/` | data | from | for |
| -------------------- | ------------------------------------- | ---------------------------------------------- | -------------- |
| `TPM1.X` | `zfs-tpm1x-load-key trousers.service` | [tzpfms](//sr.ht/~nabijaczleweli/tzpfms) | TPM |
| `TPM2` | `zfs-tpm2-load-key` | [tzpfms](//sr.ht/~nabijaczleweli/tzpfms) | TPM |
| `FIDO2` | `zfs-fido2-load-key` | [fzifdso](//git.sr.ht/~nabijaczleweli/fzifdso) | FIDO2/WebAuthn |
## Discussion
Please use the tracker, the list, or [mastussy](//101010.pl/@nabijaczleweli) (formerly [Twitter](//lfs.nabijaczleweli.xyz/0017-twitter-export#1315137083380559873)).