diff --git a/tzpfms.pdf b/tzpfms.pdf
index df9dff2..37ec31a 100644
Binary files a/tzpfms.pdf and b/tzpfms.pdf differ
diff --git a/tzpfms.ps b/tzpfms.ps
index 7c4b564..0e658b9 100644
--- a/tzpfms.ps
+++ b/tzpfms.ps
@@ -1,15 +1,15 @@
 %!PS-Adobe-3.0
-%%Creator: groff version 1.22.4
-%%CreationDate: Mon Jun 12 17:50:53 2023
-%%DocumentNeededResources: font Times-Roman
+%%Creator: groff version 1.23.0
+%%CreationDate: Sun Jul 16 17:06:45 2023
+%%DocumentNeededResources: font Times-Italic
+%%+ font Times-Roman
 %%+ font Times-Bold
 %%+ font Courier-Bold
-%%+ font Courier-Oblique
 %%+ font Courier
+%%+ font Courier-Oblique
 %%+ font Symbol
-%%+ font Times-Italic
-%%DocumentSuppliedResources: procset grops 1.22 4
-%%Pages: 13
+%%DocumentSuppliedResources: procset grops 1.23 0
+%%Pages: 10
 %%PageOrder: Ascend
 %%DocumentMedia: Default 595 842 0 () ()
 %%Orientation: Portrait
@@ -18,7 +18,7 @@
 %%PageMedia: Default
 %%EndDefaults
 %%BeginProlog
-%%BeginResource: procset grops 1.22 4
+%%BeginResource: procset grops 1.23 0
 %!PS-Adobe-3.0 Resource-ProcSet
 /setpacking where{
 pop
@@ -26,6 +26,7 @@ currentpacking
 true setpacking
 }if
 /grops 120 dict dup begin
+% The ASCII code of the space character.
 /SC 32 def
 /A/show load def
 /B{0 SC 3 -1 roll widthshow}bind def
@@ -47,16 +48,18 @@ true setpacking
 /R{moveto 0 SC 3 -1 roll widthshow}bind def
 /S{moveto 0 exch ashow}bind def
 /T{moveto 0 exch 0 SC 5 2 roll awidthshow}bind def
+% name size font SF -
 /SF{
 findfont exch
 [exch dup 0 exch 0 exch neg 0 0]makefont
 dup setfont
 [exch/setfont cvx]cvx bind def
 }bind def
+% name a c d font MF -
 /MF{
 findfont
 [5 2 roll
-0 3 1 roll
+0 3 1 roll % b
 neg 0 0]makefont
 dup setfont
 [exch/setfont cvx]cvx bind def
@@ -65,13 +68,19 @@ dup setfont
 /RES 0 def
 /PL 0 def
 /LS 0 def
+% Enable manual feed.
+% MANUAL -
 /MANUAL{
 statusdict begin/manualfeed true store end
 }bind def
+% Guess the page length.
+% This assumes that the imageable area is vertically centered on the page.
+% PLG - length
 /PLG{
 gsave newpath clippath pathbbox grestore
 exch pop add exch pop
 }bind def
+% BP -
 /BP{
 /level0 save def
 1 setlinecap
@@ -89,47 +98,61 @@ LS{
 level0 restore
 showpage
 }def
+% centerx centery radius startangle endangle DA -
 /DA{
 newpath arcn stroke
 }bind def
+% x y SN - x' y'
+% round a position to nearest (pixel + (.25,.25))
 /SN{
 transform
 .25 sub exch .25 sub exch
 round .25 add exch round .25 add exch
 itransform
 }bind def
+% endx endy startx starty DL -
+% we round the endpoints of the line, so that parallel horizontal
+% and vertical lines will appear even
 /DL{
 SN
 moveto
 SN
 lineto stroke
 }bind def
+% centerx centery radius DC -
 /DC{
 newpath 0 360 arc closepath
 }bind def
 /TM matrix def
+%  width height centerx centery DE -
 /DE{
 TM currentmatrix pop
 translate scale newpath 0 0 .5 0 360 arc closepath
 TM setmatrix
 }bind def
+% these are for splines
 /RC/rcurveto load def
 /RL/rlineto load def
 /ST/stroke load def
 /MT/moveto load def
 /CL/closepath load def
+% fill the last path
+% r g b Fr -
 /Fr{
 setrgbcolor fill
 }bind def
+% c m y k Fk -
 /setcmykcolor where{
 pop
 /Fk{
 setcmykcolor fill
 }bind def
 }if
+% g Fg -
 /Fg{
 setgray fill
 }bind def
+% fill with the "current color"
 /FL/fill load def
 /LW/setlinewidth load def
 /Cr/setrgbcolor load def
@@ -138,6 +161,7 @@ pop
 /Ck/setcmykcolor load def
 }if
 /Cg/setgray load def
+% new_font_name encoding_vector old_font_name RE -
 /RE{
 findfont
 dup maxlength 1 index/FontName known not{1 add}if dict begin
@@ -152,6 +176,7 @@ dup/FontName exch def
 currentdict end definefont pop
 }bind def
 /DEFS 0 def
+% hpos vpos EBEGIN -
 /EBEGIN{
 moveto
 DEFS begin
@@ -159,11 +184,13 @@ DEFS begin
 /EEND/end load def
 /CNT 0 def
 /level1 0 def
+% llx lly newwid wid newht ht newllx newlly PBEGIN -
 /PBEGIN{
 /level1 save def
 translate
 div 3 1 roll div exch scale
 neg exch neg exch translate
+% set the graphics state to default values
 0 setgray
 0 setlinecap
 1 setlinewidth
@@ -182,6 +209,10 @@ newpath
 /CNT countdictstack def
 userdict begin
 /showpage{}def
+%
+%  Any included setpagedevice should be ignored.
+%  See: http://www.w-beer.de/doc/ps/.
+%
 /setpagedevice{}def
 mark
 }bind def
@@ -201,13 +232,13 @@ setpacking
 %%BeginFeature: *PageSize Default
 << /PageSize [ 595 842 ] /ImagingBBox null >> setpagedevice
 %%EndFeature
+%%IncludeResource: font Times-Italic
 %%IncludeResource: font Times-Roman
 %%IncludeResource: font Times-Bold
 %%IncludeResource: font Courier-Bold
-%%IncludeResource: font Courier-Oblique
 %%IncludeResource: font Courier
+%%IncludeResource: font Courier-Oblique
 %%IncludeResource: font Symbol
-%%IncludeResource: font Times-Italic
 grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72
 def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron
 /Zcaron/scaron/zcaron/Ydieresis/trademark/quotesingle/Euro/.notdef
@@ -236,771 +267,751 @@ def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron
 /egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis
 /eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash
 /ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]def
-/Times-Italic@0 ENC0/Times-Italic RE/Courier@0 ENC0/Courier RE
-/Courier-Oblique@0 ENC0/Courier-Oblique RE/Courier-Bold@0 ENC0
-/Courier-Bold RE/Times-Bold@0 ENC0/Times-Bold RE/Times-Roman@0 ENC0
-/Times-Roman RE
+/Courier-Oblique@0 ENC0/Courier-Oblique RE/Courier@0 ENC0/Courier RE
+/Courier-Bold@0 ENC0/Courier-Bold RE/Times-Bold@0 ENC0/Times-Bold RE
+/Times-Roman@0 ENC0/Times-Roman RE/Times-Italic@0 ENC0/Times-Italic RE
 %%EndSetup
 %%Page: 1 1
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(ZFS-TPM-LIST \(8\))72 48 R
-(System Manager')102.759 E 2.5(sM)-.55 G 97.759(anual ZFS-TPM-LIST)-2.5
-F(\(8\))1.666 E/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E/F2 10
-/Courier-Bold@0 SF(zfs-tpm-list)102 108 Q F0 2.5<8a70>2.5 G
-(rint dataset tzpfms metadata)-2.5 E F1(SYNOPSIS)72 132 Q F2
-(zfs-tpm-list)102 144 Q F0([)3.333 E F2<ad48>2.499 E F0 3.333(][).833 G
-F2<ad72>-.834 E F0(|)A F2<ad64>1.666 E/F3 10/Courier-Oblique@0 SF(depth)
-6 E F0 3.333(][).833 G F2<ad61>-.834 E F0(|)A F2<ad62>1.666 E F3
-(back-end)6 E F0 3.333(][).833 G F2<ad75>-.834 E F0(|)A F2<ad6c>1.666 E
-F0(]).833 E([)180 156 Q F3(filesystem)A F0(|)A F3(volume)A F0 1.666
-(]...)C F1(DESCRIPTION)72 180 Q F0(Lists the follo)102 192 Q
-(wing properties on encryption roots:)-.25 E/F4 10/Courier@0 SF(name)122
-204 Q(back-end)122 216 Q F0(the)181 216 Q F2(tzpfms)3.311 E F0 2.477
-(back-end \()3.311 F(e.g.)1.666 E F1(TPM2)3.312 E F0(for)3.312 E F4
-(zfs-tpm2-change-key)3.312 E F0 .812(\(8\) or)B F1(TPM1.X)3.312 E F0
-(for)181 228 Q F4(zfs-tpm1x-change-key)2.5 E F0 -.834(\(8\) \) ,)B(or ")
-2.5 E F1(-)A F0 2.5("i)C 2.5(fn)-2.5 G(one is con\214gured)-2.5 E F4
-(keystatus)122 240 Q F1 -2.1 -.25(av a)181 240 T(ilable).25 E F0(or)2.5
-E F1(una)2.5 E -.1(va)-.25 G(ilable).1 E F4(coherent)122 252 Q F1 -.1
-(ye)181 252 S(s).1 E F0 11.489(if either both)13.989 F F4
-(xyz.nabijaczleweli:tzpfms.backend)13.989 E F0(and)13.989 E F4
-(xyz.nabijaczleweli:tzpfms.key)181 264 Q F0(are present or missing,)2.5
-E F1(no)2.5 E F0(otherwise)2.5 E 9.409(Incoherent datasets require imme\
-diate operator attention, with either the appropriate)102 282 R F2
-(zfs-tpm)102 294 Q/F5 10/Symbol SF(*)A F2(-clear-key)A F0 .427
-(program or)2.927 F F2 .426(zfs change-key)2.927 F F0(and)2.926 E F2
-.426(zfs inherit)2.926 F F0 2.926<8a69>2.926 G 2.926(ft)-2.926 G .426
-(he k)-2.926 F .726 -.15(ey b)-.1 H(ecomes).15 E 1.112(unloaded, the)102
-306 R 3.612(yw)-.15 G 1.112(ill require restoration from back-up.)-3.612
-F(Ho)6.113 E(we)-.25 E -.15(ve)-.25 G 1.913 -.4(r, t).15 H 1.113
-(his should ne).4 F -.15(ve)-.25 G 3.613(ro).15 G(ccur)-3.613 E 3.613
-(,u)-.4 G 1.113(nless some-)-3.613 F
-(thing went horribly wrong with the dataset properties.)102 318 Q 1.34(\
-If no datasets are speci\214ed, all matching encryption roots are liste\
-d \212 by def)102 336 R 1.34(ault, those managed by)-.1 F F2(tzpfms)102
-348 Q F0(.)A F1(OPTIONS)72 372 Q F2<ad48>103.666 384 Q F0 2.044
-(Scripting mode \212 remo)179 384 R 2.344 -.15(ve h)-.15 H 2.044
+/F0 10/Times-Italic@0 SF(ZFS-TPM-LIST)72 48 Q/F1 10/Times-Roman@0 SF
+96.343(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G(anual)-2.5 E F0
+(ZFS-TPM-LIST)96.342 E F1(\(8\))A/F2 10/Times-Bold@0 SF -.2(NA)72 84 S
+(ME).2 E F1(zfs-tpm-list \212 print dataset tzpfms metadata)108 96 Q F2
+(SYNOPSIS)72 112.8 Q/F3 10/Courier-Bold@0 SF(zfs-tpm-list)108 124.8 Q F1
+([)2.5 E/F4 10/Courier@0 SF<ad48>1.666 E F1 2.5(][)C F4<ad72>-.834 E F1
+(|)A F4<ad64>1.666 E/F5 10/Courier-Oblique@0 SF(depth)6 E F1 2.5(][)C F4
+<ad61>-.834 E F1(|)A F4<ad62>1.666 E F5(back-end)6 E F1 2.5(][)C F4
+<ad75>-.834 E F1(|)A F4<ad6c>1.666 E F1(])A([)186 136.8 Q F5(filesystem)
+A F1(|)A F5(volume)A F1 1.666(]...)C F2(DESCRIPTION)72 153.6 Q F1
+(Lists the follo)108 165.6 Q(wing properties on encryption roots:)-.25 E
+F4(name)128 177.6 Q(back-end)128 189.6 Q F1(the)187 189.6 Q F3(tzpfms)
+4.897 E F1 2.396(back-end \(e.g.)4.896 F F2(TPM2)4.896 E F1(for)4.896 E
+F0(zfs-tpm2-c)4.896 E(hang)-.15 E(e-k)-.1 E -.3(ey)-.1 G F1 2.396
+(\(8\) or).3 F F2(TPM1.X)4.896 E F1(for)4.896 E F0(zfs-tpm1x-c)187 201.6
+Q(hang)-.15 E(e-k)-.1 E -.3(ey)-.1 G F1(\(8\)\), or ").3 E F2(-)A F1 2.5
+("i)C 2.5(fn)-2.5 G(one is con\214gured)-2.5 E F4(keystatus)128 213.6 Q
+F2 -2.1 -.25(av a)187 213.6 T(ilable).25 E F1(or)2.5 E F2(una)2.5 E -.1
+(va)-.25 G(ilable).1 E F4(coherent)128 225.6 Q F2 -.1(ye)187 225.6 S(s)
+.1 E F1 10.289(if either both)12.789 F F4
+(xyz.nabijaczleweli:tzpfms.backend)12.789 E F1(and)12.789 E F4
+(xyz.nabijaczleweli:tzpfms.key)187 237.6 Q F1(are present or missing,)
+2.5 E F2(no)2.5 E F1(otherwise)2.5 E 8.743(Incoherent datasets require \
+immediate operator attention, with either the appropriate)108 254.4 R F3
+(zfs-tpm)108 266.4 Q/F6 10/Symbol SF(*)A F3(-clear-key)A F1 1.778
+(program or)4.277 F F3(zfs)4.278 E F4(change-key)7.778 E F1(and)4.278 E
+F3(zfs)4.278 E F4(inherit)7.778 E F1 4.278<8a69>4.278 G 4.278(ft)-4.278
+G 1.778(he k)-4.278 F 2.078 -.15(ey b)-.1 H(e-).15 E .566
+(comes unloaded, the)108 278.4 R 3.066(yw)-.15 G .566
+(ill require restoration from back-up.)-3.066 F(Ho)5.566 E(we)-.25 E
+-.15(ve)-.25 G 1.366 -.4(r, t).15 H .566(his should ne).4 F -.15(ve)-.25
+G 3.065(ro).15 G(ccur)-3.065 E 3.065(,u)-.4 G(nless)-3.065 E
+(something went horribly wrong with the dataset properties.)108 290.4 Q
+.965(If no datasets are speci\214ed, all matching encryption roots are \
+listed \212 by def)108 307.2 R .966(ault, those managed by)-.1 F F3
+(tzpfms)108 319.2 Q F1(.)A F2(OPTIONS)72 336 Q F4<ad48>109.666 348 Q F1
+1.583(Scripting mode \212 remo)185 348 R 1.883 -.15(ve h)-.15 H 1.583
 (eaders and separate \214elds by a single tab instead of).15 F
-(columnating them with spaces.)179 396 Q F2<ad72>103.666 414 Q F0
-(Recurse into all descendants of speci\214ed datasets.)179 414 Q F2
-<ad64>103.666 426 Q F3(depth)6 E F0(Recurse at most)179 426 Q F3(depth)
-2.5 E F0(datasets deep.)2.5 E(Def)5 E(ault:)-.1 E F1(0)2.5 E F0(.)A F2
-<ad61>103.666 444 Q F0(List all encryption roots, e)179 444 Q -.15(ve)
--.25 G 2.5(no).15 G(nes not managed by)-2.5 E F2(tzpfms)2.5 E F0(.)A F2
-<ad62>103.666 456 Q F3(back-end)6 E F0
-(List only encryption roots with the speci\214ed)179 456 Q F2(tzpfms)2.5
-E F3(back-end)2.5 E F0(.)A F2<ad75>103.666 474 Q F0
-(List only encryption roots whose k)179 474 Q -.15(ey)-.1 G 2.5(sa).15 G
-(re una)-2.5 E -.25(va)-.2 G(ilable.).25 E F2<ad6c>103.666 486 Q F0
-(List only encryption roots whose k)179 486 Q -.15(ey)-.1 G 2.5(sa).15 G
-(re a)-2.5 E -.25(va)-.2 G(ilable.).25 E F1(EXAMPLES)72 510 Q F4($)102
-522 Q F2(zfs-tpm-list)6 E F4 72(NAME BACK-END)102 534 R 18
-(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)102 546 R 18
-(available yes)24 F 6(tarta-zoot/home TPM2)102 558 R 6(unavailable yes)
-36 F($)102 582 Q F2 1.666(zfs-tpm-list \255ad0)6 F F4 24(NAME BACK-END)
-102 594 R 6(KEYSTATUS COHERENT)12 F 6(filling -)102 606 R 6
-(available yes)54 F($)102 630 Q F2 1.666(zfs-tpm-list \255b)6 F F1(TPM2)
-6 E F4 72(NAME BACK-END)102 642 R 18(KEYSTATUS COHERENT)12 F 6
-(tarta-zoot/home TPM2)102 654 R 6(unavailable yes)36 F($)102 678 Q F2
-1.666(zfs-tpm-list \255ra)6 F F3(tarta-zoot)6 E F4 72(NAME BACK-END)102
-690 R 18(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)102 702 R 18
-(available yes)24 F 6(tarta-zoot/home TPM2)102 714 R 6(unavailable yes)
-36 F 12(tarta-zoot/bkp -)102 726 R 18(available yes)54 F 18
-(tarta-zoot/vm -)102 738 R 18(available yes)54 F($)102 762 Q F2 1.666
-(zfs-tpm-list \255al)6 F F0(tzpfms 0.3.3)72 810 Q(June 12, 2023)156.365
-E(1)201.085 E 0 Cg EP
+(columnating them with spaces.)185 360 Q F4<ad72>109.666 376.8 Q F1
+(Recurse into all descendants of speci\214ed datasets.)185 376.8 Q F4
+<ad64>109.666 388.8 Q F5(depth)6 E F1(Recurse at most)185 388.8 Q F5
+(depth)2.5 E F1(datasets deep.)2.5 E(Def)5 E(ault:)-.1 E F2(0)2.5 E F1
+(.)A F4<ad61>109.666 405.6 Q F1(List all encryption roots, e)185 405.6 Q
+-.15(ve)-.25 G 2.5(no).15 G(nes not managed by)-2.5 E F3(tzpfms)2.5 E F1
+(.)A F4<ad62>109.666 417.6 Q F5(back-end)6 E F1
+(List only encryption roots with the speci\214ed)185 417.6 Q F3(tzpfms)
+2.5 E F5(back-end)2.5 E F1(.)A F4<ad75>109.666 434.4 Q F1
+(List only encryption roots whose k)185 434.4 Q -.15(ey)-.1 G 2.5(sa).15
+G(re una)-2.5 E -.25(va)-.2 G(ilable.).25 E F4<ad6c>109.666 446.4 Q F1
+(List only encryption roots whose k)185 446.4 Q -.15(ey)-.1 G 2.5(sa).15
+G(re a)-2.5 E -.25(va)-.2 G(ilable.).25 E F2(EXAMPLES)72 463.2 Q F4($)
+108 475.2 Q F3(zfs-tpm-list)6 E F4 72(NAME BACK-END)108 487.2 R 18
+(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)108 499.2 R 18
+(available yes)24 F 6(tarta-zoot/home TPM2)108 511.2 R 6
+(unavailable yes)36 F($)108 535.2 Q F3(zfs-tpm-list)6 E F4(\255ad0)7.666
+E 24(NAME BACK-END)108 547.2 R 6(KEYSTATUS COHERENT)12 F 6(filling -)108
+559.2 R 6(available yes)54 F($)108 583.2 Q F3(zfs-tpm-list)6 E F4<ad62>
+7.666 E F2(TPM2)6 E F4 72(NAME BACK-END)108 595.2 R 18
+(KEYSTATUS COHERENT)12 F 6(tarta-zoot/home TPM2)108 607.2 R 6
+(unavailable yes)36 F($)108 631.2 Q F3(zfs-tpm-list)6 E F4(\255ra)7.666
+E F5(tarta-zoot)6 E F4 72(NAME BACK-END)108 643.2 R 18
+(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)108 655.2 R 18
+(available yes)24 F 6(tarta-zoot/home TPM2)108 667.2 R 6
+(unavailable yes)36 F 12(tarta-zoot/bkp -)108 679.2 R 18(available yes)
+54 F 18(tarta-zoot/vm -)108 691.2 R 18(available yes)54 F($)108 715.2 Q
+F3(zfs-tpm-list)6 E F4(\255al)7.666 E 72(NAME BACK-END)108 727.2 R 6
+(KEYSTATUS COHERENT)12 F 54(filling -)108 739.2 R 6(available yes)54 F
+36(tarta-zoot TPM1.X)108 751.2 R 6(available yes)24 F 12
+(tarta-zoot/bkp -)108 763.2 R 6(available yes)54 F 18(tarta-zoot/vm -)
+108 775.2 R 6(available yes)54 F F1(tzpfms 0.3.3-1-g)72 817.889 Q 98.073
+(aa1c21f July)-.05 F(16, 2023)2.5 E(1)193.552 E 0 Cg EP
 %%Page: 2 2
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(ZFS-TPM-LIST \(8\))72 48 R
-(System Manager')102.759 E 2.5(sM)-.55 G 97.759(anual ZFS-TPM-LIST)-2.5
-F(\(8\))1.666 E/F1 10/Courier@0 SF 72(NAME BACK-END)102 96 R 6
-(KEYSTATUS COHERENT)12 F 54(filling -)102 108 R 6(available yes)54 F 36
-(tarta-zoot TPM1.X)102 120 R 6(available yes)24 F 12(tarta-zoot/bkp -)
-102 132 R 6(available yes)54 F 18(tarta-zoot/vm -)102 144 R 6
-(available yes)54 F/F2 10/Times-Bold@0 SF 1.666(SPECIAL THANKS)72 168 R
-F0 1.6 -.8(To a)102 180 T(ll who support further de).8 E -.15(ve)-.25 G
-(lopment, in particular:).15 E F2<83>122 192 Q F0(ThePhD)7.5 E F2<83>122
-204 Q F0(Embark Studios)7.5 E F2<83>122 216 Q F0(Lars Strojn)7.5 E(y)
--.15 E F2(REPOR)72 240 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)
-102 252 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F1
-(\001nabijaczleweli/tzpfms@lists.sr.ht)102 270 Q F0 86.763(,a)C(rchi)
--86.763 E -.15(ve)-.25 G 86.762(da).15 G(t)-86.762 E F2
-(https://lists.sr)102 282 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A
-(tzpfms 0.3.3)72 799.889 Q(June 12, 2023)156.365 E(2)201.085 E 0 Cg EP
-%%Page: 3 3
+/F0 10/Times-Italic@0 SF(ZFS-TPM-LIST)72 48 Q/F1 10/Times-Roman@0 SF
+96.343(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G(anual)-2.5 E F0
+(ZFS-TPM-LIST)96.342 E F1(\(8\))A/F2 10/Times-Bold@0 SF 1.666
+(SPECIAL THANKS)72 84 R F1 1.6 -.8(To a)108 96 T
+(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
+.15 E F2<83>128 108 Q F1(ThePhD)7.5 E F2<83>128 120 Q F1(Embark Studios)
+7.5 E F2<83>128 132 Q F1(Lars Strojn)7.5 E(y)-.15 E F2(REPOR)72 148.8 Q
+1.666(TING B)-.4 F(UGS)-.1 E F1(https://todo.sr)108 160.8 Q
+(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F0(\001nabijaczle)108
+177.6 Q(weli/tzpfms@lists.sr)-.15 E(.ht)-1.11 E F1 2.5(,a)C(rchi)-2.5 E
+-.15(ve)-.25 G 2.5(da).15 G 2.5(th)-2.5 G(ttps://lists.sr)-2.5 E
+(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(tzpfms 0.3.3-1-g)72
+817.889 Q 98.073(aa1c21f July)-.05 F(16, 2023)2.5 E(2)193.552 E 0 Cg EP
+%%Page: 1 3
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(ZFS-TPM1X-CHANGE-KEY \(8\))72 48 R
-(System Manager')46.109 E 2.5(sM)-.55 G 41.109
-(anual ZFS-TPM1X-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF
--.2(NA)72 96 S(ME).2 E/F2 10/Courier-Bold@0 SF(zfs-tpm1x-change-key)102
-108 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)-2.5 E .3 -.15(ey t)-.1 H
-2.5(oo).15 G(ne stored on the TPM)-2.5 E F1(SYNOPSIS)72 132 Q F2
-(zfs-tpm1x-change-key)102 144 Q F0([)3.333 E F2<ad62>2.499 E/F3 10
-/Courier-Oblique@0 SF(backup-file)6 E F0 3.333(][).833 G F2<ad50>-.834 E
-F3(PCR)6 E F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C(])-.833 E F3(dataset)
-2.5 E F1(DESCRIPTION)72 168 Q F0 3.366 -.8(To n)102 180 T 1.766
-(ormalise the).8 F F3(dataset)4.266 E F0(,)A F2(zfs-tpm1x-change-key)
-4.266 E F0 1.766(will open its encryption root in its stead.)4.266 F F2
-(zfs-tpm1x-change-key)102 192 Q F0(will)3.064 E/F4 10/Times-Italic@0 SF
-(ne)3.064 E(ver)-.15 E F0 .564(create or destro)3.064 F 3.064(ye)-.1 G
-.564(ncryption roots; use)-3.064 F/F5 10/Courier@0 SF(zfs-change-key)
-3.063 E F0(\(8\))A(for that.)102 204 Q
-(First, a connection is made to the TPM, which)102 222 Q F4(must)2.5 E
-F0(be TPM-1.X-compatible.)2.5 E(If)102 240 Q F3(dataset)2.652 E F0 -.1
-(wa)2.652 G 2.652(sp).1 G(re)-2.652 E .152(viously encrypted with)-.25 F
-F2(tzpfms)2.652 E F0 .153(and the)2.652 F F1(TPM1.X)2.653 E F0 .153
-(back-end w)2.653 F .153(as used, the metadata)-.1 F .587
-(will be silently cleared.)102 252 R .587
-(Otherwise, or in case of an error)5.587 F 3.087(,d)-.4 G .587
-(ata required for manual interv)-3.087 F .586(ention will be)-.15 F
-(printed to the standard error stream.)102 264 Q(Ne)102 282 Q .252
-(xt, a ne)-.15 F 2.752(ww)-.25 G .252(rapping k)-2.752 F .552 -.15(ey i)
--.1 H 2.752(sg).15 G .253(enerated on the TPM, optionally back)-2.752 F
-.253(ed up)-.1 F 1.666(\(s)4.419 G(ee)-1.666 E F1(OPTIONS)2.753 E F0
--3.079 1.666(\), a)1.666 H .253(nd sealed)-1.666 F .901(on the TPM; the\
- user is prompted for an optional passphrase to protect the k)102 294 R
-1.201 -.15(ey w)-.1 H .901(ith, and for the SRK).15 F
-(passphrase, set when taking o)102 306 Q(wnership, if not "well-kno)-.25
-E(wn" \(all zeroes\).)-.25 E(The follo)102 324 Q
-(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1<83>122 336
-Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(TPM1.X)A<83>122
-348 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3(parent-key-blob)A
-F2(:)A F3(sealed-object-blob)A F5(tzpfms.backend)102 366 Q F0 .558
-(identi\214es this dataset for w)3.058 F .558(ork with)-.1 F F1(TPM1.X)
-3.058 E F0(-back-ended)A F2(tzpfms)3.059 E F0 2.225(tools \()3.059 F
-(namely)1.666 E F5(zfs-tpm1x-change-key)102 378 Q F0(\(8\),)A F5
-(zfs-tpm1x-load-key)2.5 E F0(\(8\), and)A F5(zfs-tpm1x-clear-key)2.5 E
-F0 -.834(\(8\) \) .)B F5(tzpfms.key)102 396 Q F0 .376
-(is a colon-separated pair of he)2.876 F .376
-(xadecimal-string \(i.e. "4F7730" for "Ow0"\) blobs; the \214rst)-.15 F
-1.155(one represents the RSA k)102 408 R 1.455 -.15(ey p)-.1 H 1.156(ro\
-tecting the blob, and it is protected with either the passphrase, if pr\
-o-).15 F 2.487(vided, or the SHA1 constant)102 420 R F5
-(CE4CF677875B5EB8993591D5A9AF1ED24A3A8736)4.986 E F0 4.986(;t)C 2.486
-(he second)-4.986 F 2.084
-(represents the sealed object containing the wrapping k)102 432 R -.15
-(ey)-.1 G 4.585(,a)-.5 G 2.085(nd is protected with the SHA1 constant)
--4.585 F F5(B9EE715DBE4B243FAA81EA04306E063710383E35)102 444 Q F0 5.347
-(.T)C .347(here e)-5.347 F .347(xists no other user)-.15 F .347
-(-land tool for de-)-.2 F(crypting this; perhaps there should be.)102
-456 Q(Finally)102 474 Q 12.755(,t)-.65 G 10.255(he equi)-12.755 F -.25
-(va)-.25 G 10.255(lent of).25 F F2 10.255(zfs change-key)12.755 F<ad6f>
-17.922 E F5(keylocation=prompt)16.256 E F2<ad6f>17.922 E F5
-(keyformat=raw)102 486 Q F3(dataset)6.507 E F0 .507
-(is performed with the ne)3.007 F 3.006(wk)-.25 G -.15(ey)-3.106 G 5.506
-(.I)-.5 G 3.006(fa)-5.506 G 3.006(ne)-3.006 G .506
-(rror occurred, best ef)-3.006 F .506(fort is made)-.25 F
-(to clean up the properties, or to issue a note for manual interv)102
-498 Q(ention into the standard error stream.)-.15 E 2.624<418c>102 516 S
-.124(nal v)-2.624 F .124(eri\214cation should be made by running)-.15 F
-F2 1.791(zfs-tpm1x-load-key \255n)2.625 F F3(dataset)6.125 E F0 5.125
-(.I)C 2.625(ft)-5.125 G .125(hat com-)-2.625 F .859
-(mand succeeds, all is well, b)102 528 R .859(ut otherwise the dataset \
-can be manually rolled back to a passphrase with)-.2 F F2
-(zfs-tpm1x-clear-key)102 540 Q F3(dataset)11.205 E F0 1.666(\(o)9.371 G
-6.005 -.4(r, i)-1.666 H 7.706(ft).4 G 5.206(hat f)-7.706 F 5.206
-(ails to w)-.1 F(ork,)-.1 E F2 5.206(zfs change-key)7.706 F<ad6f>12.872
-E F5(keyformat=passphrase)102 552 Q F3(dataset)6 E F0 -3.332 1.666
-(\), a)1.666 H(nd you are hereby ask)-1.666 E(ed to report a b)-.1 E
-(ug, please.)-.2 E F2(zfs-tpm1x-clear-key)102 570 Q F3(dataset)8.036 E
-F0 2.035(can be used to clear the properties and go back to using a)
-4.536 F(passphrase.)102 582 Q F1(OPTIONS)72 606 Q F2<ad62>103.666 618 Q
-F3(backup-file)6 E F0(Sa)197 618 Q .852 -.15(ve a b)-.2 H .552
-(ack-up of the k).15 F .852 -.15(ey t)-.1 H(o).15 E F3(backup-file)3.052
-E F0 3.052(,w)C .552(hich must not e)-3.052 F .553(xist beforehand.)-.15
-F 1.194(This back-up)197 630 R F4(must)3.694 E F0 1.194
-(be stored securely)3.694 F 3.694(,o)-.65 G -.25(ff)-3.694 G 3.694
-(-site. In).25 F 1.193(case of a catastrophic e)3.694 F -.15(ve)-.25 G
-(nt,).15 E(the k)197 642 Q .3 -.15(ey c)-.1 H(an be loaded by running)
-.15 E F2(zfs load-key)227 654 Q F3(dataset)6 E F5(<)6 E F3(backup-file)6
-E F2<ad50>103.666 672 Q F3(PCR)6 E F0([)A F2(,)A F3(PCR)A F0 1.666(]...)
-C 1.1(Bind the k)197 672 R 1.4 -.15(ey t)-.1 H 3.6(os).15 G 1.1
-(pace- or comma-separated)-3.6 F F3(PCR)3.6 E F0 -6.099 3.6(s\212 i)D
-3.601(ft)-3.6 G(he)-3.601 E 3.601(yc)-.15 G 1.101(hange, the wrap-)
--3.601 F .863(ping k)197 684 R 1.163 -.15(ey w)-.1 H .863
-(ill not be able to be unsealed.).15 F .862
-(The minimum number of PCRs for a)5.862 F(PC TPM is)197 696 Q F1(24)2.5
-E F0 1.666(\(n)4.166 G .833(umbered [)-1.666 F F1(0).833 E F0(,)A F1(23)
-2.5 E F0 -.832 1.666(]\). F).833 H(or most, this is also the maximum.)
--1.816 E F1(ENVIR)72 720 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F0
-(tzpfms 0.3.3)72 799.889 Q(June 12, 2023)156.365 E(3)201.085 E 0 Cg EP
-%%Page: 4 4
+/F0 10/Times-Italic@0 SF(ZFS-TPM1X-CHANGE-KEY)72 48 Q/F1 10
+/Times-Roman@0 SF 43.013(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G
+(anual)-2.5 E F0(ZFS-TPM1X-CHANGE-KEY)43.012 E F1(\(8\))A/F2 10
+/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E F1(zfs-tpm1x-change-k)108 96 Q
+.3 -.15(ey \212 c)-.1 H(hange ZFS dataset k).15 E .3 -.15(ey t)-.1 H 2.5
+(oo).15 G(ne stored on the TPM)-2.5 E F2(SYNOPSIS)72 112.8 Q/F3 10
+/Courier-Bold@0 SF(zfs-tpm-list)108 124.8 Q F1([)2.5 E/F4 10/Courier@0
+SF<ad62>1.666 E/F5 10/Courier-Oblique@0 SF(backup-file)6 E F1 2.5(][)C
+F4<ad50>-.834 E F5(PCR)6 E F1([)A F4(,)A F5(PCR)A F1 1.666(]...)C(])
+-1.666 E F5(dataset)2.5 E F2(DESCRIPTION)72 141.6 Q F1 6.866 -.8(To n)
+108 153.6 T 5.266(ormalise the).8 F F5(dataset)7.766 E F1(,)A F3
+(zfs-tpm-list)7.766 E F1 5.266
+(will open its encryption root in its stead.)7.766 F F3(zfs-tpm-list)108
+165.6 Q F1(will)2.5 E F0(ne)2.5 E(ver)-.15 E F1(create or destro)2.5 E
+2.5(ye)-.1 G(ncryption roots; use)-2.5 E F0(zfs-c)2.5 E(hang)-.15 E(e-k)
+-.1 E -.3(ey)-.1 G F1(\(8\) for that.).3 E
+(First, a connection is made to the TPM, which)108 182.4 Q F0(must)2.5 E
+F1(be TPM-1.X-compatible.)2.5 E(If)108 199.2 Q F5(dataset)3.177 E F1 -.1
+(wa)3.176 G 3.176(sp).1 G(re)-3.176 E .676(viously encrypted with)-.25 F
+F3(tzpfms)3.176 E F1 .676(and the)3.176 F F2(TPM1.X)3.176 E F1 .676
+(back-end w)3.176 F .676(as used, the meta-)-.1 F .926
+(data will be silently cleared.)108 211.2 R .926
+(Otherwise, or in case of an error)5.926 F 3.426(,d)-.4 G .926
+(ata required for manual interv)-3.426 F(ention)-.15 E
+(will be printed to the standard error stream.)108 223.2 Q(Ne)108 240 Q
+1.741(xt, a ne)-.15 F 4.241(ww)-.25 G 1.741(rapping k)-4.241 F 2.041
+-.15(ey i)-.1 H 4.24(sg).15 G 1.74(enerated on the TPM, optionally back)
+-4.24 F 1.74(ed up \(see \231OPTIONS\232\), and)-.1 F .294(sealed on th\
+e TPM; the user is prompted for an optional passphrase to protect the k)
+108 252 R .594 -.15(ey w)-.1 H .294(ith, and for the).15 F
+(SRK passphrase, set when taking o)108 264 Q(wnership, if not "well-kno)
+-.25 E(wn" \(all zeroes\).)-.25 E(The follo)108 280.8 Q
+(wing properties are set on)-.25 E F5(dataset)2.5 E F1(:)A F2<83>128
+292.8 Q F4(xyz.nabijaczleweli:tzpfms.backend)7.5 E F1(=)A F2(TPM1.X)A
+<83>128 304.8 Q F4(xyz.nabijaczleweli:tzpfms.key)7.5 E F1(=)A F5
+(parent-key-blob)A F4(:)A F5(sealed-object-blob)A F4(tzpfms.backend)108
+321.6 Q F1 .292(identi\214es this dataset for w)2.792 F .291(ork with)
+-.1 F F2(TPM1.X)2.791 E F1(-back-ended)A F3(tzpfms)2.791 E F1 .291
+(tools \(namely)2.791 F F0(zfs-tpm1x-c)108 333.6 Q(hang)-.15 E(e-k)-.1 E
+-.3(ey)-.1 G F1(\(8\),).3 E F0(zfs-tpm1x-load-k)2.5 E -.3(ey)-.1 G F1
+(\(8\), and).3 E F0(zfs-tpm1x-clear)2.5 E(-k)-.2 E -.3(ey)-.1 G F1
+(\(8\)\).).3 E F4(tzpfms.key)108 350.4 Q F1 1.412
+(is a colon-separated pair of he)3.912 F 1.412
+(xadecimal-string \(i.e. "4F7730" for "Ow0"\) blobs; the)-.15 F .868
+(\214rst one represents the RSA k)108 362.4 R 1.168 -.15(ey p)-.1 H .867
+(rotecting the blob, and it is protected with either the passphrase, if)
+.15 F(pro)108 374.4 Q 1.413(vided, or the SHA1 constant)-.15 F F4
+(CE4CF677875B5EB8993591D5A9AF1ED24A3A8736)3.914 E F1 3.914(;t)C 1.414
+(he sec-)-3.914 F .379
+(ond represents the sealed object containing the wrapping k)108 386.4 R
+-.15(ey)-.1 G 2.879(,a)-.5 G .379
+(nd is protected with the SHA1 constant)-2.879 F F4
+(B9EE715DBE4B243FAA81EA04306E063710383E35)108 398.4 Q F1 6.72(.T)C 1.72
+(here e)-6.72 F 1.721(xists no other user)-.15 F 1.721(-land tool for)
+-.2 F(decrypting this; perhaps there should be.)108 410.4 Q(Finally)108
+427.2 Q 12.006(,t)-.65 G 9.506(he equi)-12.006 F -.25(va)-.25 G 9.506
+(lent of).25 F F3(zfs)12.005 E F4 11.171(change-key \255o)15.505 F
+11.171(keylocation=prompt \255o)15.505 F(keyformat=raw)108 439.2 Q F5
+(dataset)6.106 E F1 .106(is performed with the ne)2.606 F 2.606(wk)-.25
+G -.15(ey)-2.706 G 5.106(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606 G
+.107(rror occurred, best ef)-2.606 F .107(fort is made)-.25 F
+(to clean up the properties, or to issue a note for manual interv)108
+451.2 Q(ention into the standard error stream.)-.15 E 4.056<418c>108 468
+S 1.556(nal v)-4.056 F 1.556(eri\214cation should be made by running)
+-.15 F F3(zfs-tpm1x-load-key)4.056 E F4<ad6e>9.222 E F5(dataset)7.555 E
+F1 6.555(.I)C 4.055(ft)-6.555 G(hat)-4.055 E .729
+(command succeeds, all is well, b)108 480 R .729
+(ut otherwise the dataset can be manually rolled back to a passphrase)
+-.2 F(with)108 492 Q F3(zfs-tpm1x-clear-key)5.147 E F5(dataset)8.647 E
+F1(\(or)5.147 E 5.146(,i)-.4 G 5.146(ft)-5.146 G 2.646(hat f)-5.146 F
+2.646(ails to w)-.1 F(ork,)-.1 E F3(zfs)5.146 E F4 4.312
+(change-key \255o)8.646 F(keyformat=passphrase)108 504 Q F5(dataset)6 E
+F1(\), and you are hereby ask)A(ed to report a b)-.1 E(ug, please.)-.2 E
+F3(zfs-tpm1x-clear-key)108 520.8 Q F5(dataset)7.606 E F1 1.607
+(can be used to clear the properties and go back to using a)4.106 F
+(passphrase.)108 532.8 Q F2(OPTIONS)72 549.6 Q F4<ad62>109.666 561.6 Q
+F5(backup-file)6 E F1(Sa)203 561.6 Q .353 -.15(ve a b)-.2 H .052
+(ack-up of the k).15 F .352 -.15(ey t)-.1 H(o).15 E F5(backup-file)2.552
+E F1 2.552(,w)C .052(hich must not e)-2.552 F .052(xist beforehand.)-.15
+F .693(This back-up)203 573.6 R F0(must)3.193 E F1 .694
+(be stored securely)3.193 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
+(-site. In).25 F .694(case of a catastrophic e)3.194 F -.15(ve)-.25 G
+(nt,).15 E(the k)203 585.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
+.15 E F3(zfs)233 597.6 Q F4(load-key)6 E F5(dataset)6 E F4(<)6 E F5
+(backup-file)6 E F4<ad50>109.666 614.4 Q F5(PCR)6 E F1([)A F4(,)A F5
+(PCR)A F1 1.666(]...)C .639(Bind the k)203 614.4 R .939 -.15(ey t)-.1 H
+3.139(os).15 G .639(pace- or comma-separated)-3.139 F F5(PCR)3.139 E F1
+3.139(s\212i)C 3.139(ft)-3.139 G(he)-3.139 E 3.139(yc)-.15 G .638
+(hange, the wrap-)-3.139 F .462(ping k)203 626.4 R .762 -.15(ey w)-.1 H
+.462(ill not be able to be unsealed.).15 F .463
+(The minimum number of PCRs for a)5.462 F(PC TPM is)203 638.4 Q F2(24)
+2.5 E F1(\(numbered [)2.5 E F2(0)A F1(,)A F2(23)2.5 E F1 2.5(]\). F)B
+(or most, this is also the maximum.)-.15 E F2(ENVIR)72 655.2 Q 1.666
+(ONMENT V)-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 667.2 Q
+F1 .046(By def)133 679.2 R .045(ault, passphrases are prompted for and \
+read in on the standard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 691.2 Q F1 .896(is set and nonempty)3.396
+F 3.396(,i)-.65 G 3.396(tw)-3.396 G .896(ill be run via)-3.396 F F0
+(/bin/)3.396 E F3(sh)A F4<ad63>8.562 E F1 .897(to pro-)3.396 F
+(vide each passphrase, instead.)133 703.2 Q .643
+(The standard output stream of the helper is tied to an anon)133 720 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 732 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 744 Q F1
+(Pre-formatted noun phrase with all the information belo)160 744 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E(tzpfms 0.3.3-1-g)72 817.889 Q
+98.073(aa1c21f July)-.05 F(16, 2023)2.5 E(1)193.552 E 0 Cg EP
+%%Page: 2 4
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(ZFS-TPM1X-CHANGE-KEY \(8\))72 48 R
-(System Manager')46.109 E 2.5(sM)-.55 G 41.109
-(anual ZFS-TPM1X-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Courier@0 SF
-(TZPFMS_PASSPHRASE_HELPER)102 96 Q F0 .42(By def)127 108 R .42(ault, pa\
-ssphrases are prompted for and read in on the standard output and input\
- streams.)-.1 F(If)5.421 E F1(TZPFMS_PASSPHRASE_HELPER)127 120 Q F0 .461
-(is set and nonempty)2.961 F 2.961(,i)-.65 G 2.961(tw)-2.961 G .461
-(ill be run via)-2.961 F F1(/bin/)2.96 E/F2 10/Courier-Bold@0 SF 2.126
-(sh \255c)B F0 .46(to pro-)2.96 F(vide each passphrase, instead.)127 132
-Q .15(The standard output stream of the helper is tied to an anon)127
-150 R .151(ymous \214le and used in its entirety as the)-.15 F
-(passphrase, e)127 162 Q(xcept for a trailing ne)-.15 E(w-line, if an)
--.25 E 3.8 -.65(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F1($1)137
-174 Q F0(Pre-formatted noun phrase with all the information belo)154 174
-Q 1.3 -.65(w, f)-.25 H(or use as a prompt).65 E F1($2)137 186 Q F0
-(Either the dataset name or the element of the TPM hierarch)154 186 Q
-2.5(yb)-.05 G(eing prompted for)-2.5 E F1($3)137 198 Q F0("ne)154 198 Q
+/F0 10/Times-Italic@0 SF(ZFS-TPM1X-CHANGE-KEY)72 48 Q/F1 10
+/Times-Roman@0 SF 43.013(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G
+(anual)-2.5 E F0(ZFS-TPM1X-CHANGE-KEY)43.012 E F1(\(8\))A/F2 10
+/Courier@0 SF($2)143 84 Q F1
+(Either the dataset name or the element of the TPM hierarch)160 84 Q 2.5
+(yb)-.05 G(eing prompted for)-2.5 E F2($3)143 96 Q F1("ne)160 96 Q
 (w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
--2.5 E F1($4)137 210 Q F0("ag)154 210 Q(ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .139
-(If the helper doesn')127 228 R 2.639(te)-.18 G 1.805(xist \()-2.789 F
-.138(the shell e)1.666 F .138(xits with)-.15 F/F3 10/Times-Bold@0 SF
-(127)2.638 E F0 -3.194 1.666(\), a d)1.666 H .138
-(iagnostic is issued and the normal prompt)-1.666 F(is used as f)127 240
-Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15 G
-(ther reason, the prompting is aborted.)-2.5 E F3 1.666
-(TPM1.X back-end con\214guration)72 264 R .625(TPM selection)84 276 R F0
-(The)102 288 Q F2(tzpfms)2.682 E F0 .182(suite connects to a local)2.682
-F F1(tcsd)2.682 E F0 .182(\(8\) process)B 1.666(\(a)4.348 G(t)-1.666 E
-F1(localhost:30003)2.682 E F0 4.348(\)b)1.666 G 2.683(yd)-4.348 G(ef)
--2.683 E 2.683(ault. Use)-.1 F(the)2.683 E(en)102 300 Q(vironment v)-.4
-E(ariable)-.25 E F1(TZPFMS_TPM1X)2.5 E F0
-(to specify a remote TCS hostname.)2.5 E .611(The T)102 318 R(rouSerS)
--.35 E F1(tcsd)3.111 E F0 .611(\(8\) daemon will try)B F1(/dev/tpm0)3.11
-E F0 3.11(,t)C(hen)-3.11 E F1(/udev/tpm0)3.11 E F0 3.11(,t)C(hen)-3.11 E
-F1(/dev/tpm)3.11 E F0 3.11(;b)C 3.11(yo)-3.11 G(ccu-)-3.11 E -.1(py)102
-330 S(ing one of the earlier ones with, for e).1 E
+-2.5 E F2($4)143 108 Q F1("ag)160 108 Q(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 124.8 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F/F3 10/Times-Bold@0 SF
+(127)2.677 E F1 .178(\), a diagnostic is issued and the normal prompt)B
+(is used as f)133 136.8 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)
+-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)-2.5 E F3
+1.666(TPM1.X back-end con\214guration)72 153.6 R .625(TPM selection)87
+165.6 R F1(The)108 177.6 Q/F4 10/Courier-Bold@0 SF(tzpfms)2.509 E F1
+.009(suite connects to a local)2.509 F F0(tcsd)2.508 E F1 .008
+(\(8\) process \(at)B F0(localhost:30003)2.508 E F1 2.508(\)b)C 2.508
+(yd)-2.508 G(ef)-2.508 E 2.508(ault. Use)-.1 F .008(the en)2.508 F
+(viron-)-.4 E(ment v)108 189.6 Q(ariable)-.25 E F2(TZPFMS_TPM1X)2.5 E F1
+(to specify a remote TCS hostname.)2.5 E .444(The T)108 206.4 R(rouSerS)
+-.35 E F0(tcsd)2.944 E F1 .444(\(8\) daemon will try)B F0(/de)2.945 E
+(v/tpm0)-.15 E F1 2.945(,t)C(hen)-2.945 E F0(/ude)2.945 E(v/tpm0)-.15 E
+F1 2.945(,t)C(hen)-2.945 E F0(/de)2.945 E(v/tpm)-.15 E F1 2.945(;b)C
+2.945(yo)-2.945 G(ccup)-2.945 E .445(ying one of)-.1 F
+(the earlier ones with, for e)108 218.4 Q
 (xample, shell redirection, a later one can be selected.)-.15 E F3 .625
-(See also)84 354 R F0(The T)102 366 Q(rouSerS project page at)-.35 E F3
-(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
-E(ousers)-.18 E F0(.)A 2.719(The TPM 1.2 main speci\214cation inde)102
-384 R 5.22(xa)-.15 G(t)-5.22 E F3(https://trustedcomputinggr)5.22 E
-(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
-(speci\214cation)102 396 Q F0(.)A F3 1.666(SPECIAL THANKS)72 420 R F0
-1.6 -.8(To a)102 432 T(ll who support further de).8 E -.15(ve)-.25 G
-(lopment, in particular:).15 E F3<83>122 444 Q F0(ThePhD)7.5 E F3<83>122
-456 Q F0(Embark Studios)7.5 E F3<83>122 468 Q F0(Lars Strojn)7.5 E(y)
--.15 E F3(REPOR)72 492 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)
-102 504 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F1
-(\001nabijaczleweli/tzpfms@lists.sr.ht)102 522 Q F0 86.763(,a)C(rchi)
--86.763 E -.15(ve)-.25 G 86.762(da).15 G(t)-86.762 E F3
-(https://lists.sr)102 534 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A F3
-1.666(SEE ALSO)72 558 R F0(PCR allocations:)102 570 Q F3
-(https://wiki.ar)102 582 Q(chlinux.or)-.18 E(g/title/T)-.1 E
-(rusted_Platf)-.74 E(orm_Module#Accessing_PCR_r)-.25 E(egisters)-.18 E
-F0(and)2.5 E F3(https://trustedcomputinggr)102 594 Q(oup.or)-.18 E
-(g/wp-content/uploads/PC-)-.1 E(ClientSpeci\214c_Platf)102 606 Q(orm_Pr)
--.25 E(o\214le_f)-.18 E(or_TPM_2p0_Systems_v51.pdf)-.25 E F0 2.5(,S)C
-(ection 2.3.4 "PCR Usage", T)-2.5 E(able)-.8 E(1.)102 618 Q
-(tzpfms 0.3.3)72 799.889 Q(June 12, 2023)156.365 E(4)201.085 E 0 Cg EP
-%%Page: 5 5
+(See also)87 235.2 R F1(The T)108 247.2 Q
+(rouSerS project page at https://sourcefor)-.35 E
+(ge.net/projects/trousers.)-.18 E 4.415
+(The TPM 1.2 main speci\214cation inde)108 264 R 6.915(xa)-.15 G 6.915
+(th)-6.915 G(ttps://trustedcomputinggroup.or)-6.915 E
+(g/resource/tpm-main-)-.18 E(speci\214cation.)108 276 Q F3 1.666
+(SPECIAL THANKS)72 292.8 R F1 1.6 -.8(To a)108 304.8 T
+(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
+.15 E F3<83>128 316.8 Q F1(ThePhD)7.5 E F3<83>128 328.8 Q F1
+(Embark Studios)7.5 E F3<83>128 340.8 Q F1(Lars Strojn)7.5 E(y)-.15 E F3
+(REPOR)72 357.6 Q 1.666(TING B)-.4 F(UGS)-.1 E F1(https://todo.sr)108
+369.6 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F0(\001nabijaczle)
+108 386.4 Q(weli/tzpfms@lists.sr)-.15 E(.ht)-1.11 E F1 2.5(,a)C(rchi)
+-2.5 E -.15(ve)-.25 G 2.5(da).15 G 2.5(th)-2.5 G(ttps://lists.sr)-2.5 E
+(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E F3 1.666(SEE ALSO)72
+403.2 R F1(PCR allocations: https://wiki.archlinux.or)108 415.2 Q
+(g/title/T)-.18 E(rusted_Platform_Module#Accessing_PCR_re)-.35 E
+(gisters)-.15 E(and https://trustedcomputinggroup.or)108 427.2 Q
+(g/wp-content/uploads/PC-)-.18 E(ClientSpeci\214c_Platform_Pro\214le_fo\
+r_TPM_2p0_Systems_v51.pdf, Section 2.3.4 "PCR Usage", T)108 439.2 Q
+(able)-.8 E(1.)108 451.2 Q(tzpfms 0.3.3-1-g)72 817.889 Q 98.073
+(aa1c21f July)-.05 F(16, 2023)2.5 E(2)193.552 E 0 Cg EP
+%%Page: 1 5
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(ZFS-TPM1X-CLEAR-KEY \(8\))72 48 R
-(System Manager')54.989 E 2.5(sM)-.55 G 49.989
-(anual ZFS-TPM1X-CLEAR-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF
--.2(NA)72 96 S(ME).2 E/F2 10/Courier-Bold@0 SF(zfs-tpm1x-clear-key)102
-108 Q F0 3.508<8a72>3.507 G -.25(ew)-3.508 G 1.008(rap ZFS dataset k).25
-F 1.308 -.15(ey i)-.1 H 3.508(np).15 G(asssw)-3.508 E 1.008
-(ord and clear tzpfms TPM1.X meta-)-.1 F(data)102 120 Q F1(SYNOPSIS)72
-144 Q F2(zfs-tpm1x-clear-key)102 156 Q/F3 10/Courier-Oblique@0 SF
-(dataset)2.5 E F1(DESCRIPTION)72 180 Q F0(After v)102 192 Q(erifying)
--.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E
-F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM1.X)2.5 E F0(:)A 5
-(1. performs)112 204 R 6.392(the equi)8.892 F -.25(va)-.25 G 6.392
-(lent of).25 F F2 6.392(zfs change-key)8.892 F<ad6f>14.057 E/F4 10
-/Courier@0 SF(keylocation=prompt)12.391 E F2<ad6f>14.057 E F4
-(keyformat=passphrase)127 216 Q F3(dataset)6 E F0(,)A 5(2. remo)112 228
-R -.15(ve)-.15 G 11.889(st).15 G(he)-11.889 E F4
-(xyz.nabijaczleweli:tzpfms.)11.889 E F0({)A F4(backend)A F0(,)A F4(key)
-15.389 E F0 11.889(}p)C 9.389(roperties from)-11.889 F F3(dataset)127
-240 Q F0(.)A(See)102 258 Q F4(zfs-tpm1x-change-key)2.5 E F0
-(\(8\) for a detailed description.)A F1 1.666
-(TPM1.X back-end con\214guration)72 282 R .625(TPM selection)84 294 R F0
-(The)102 306 Q F2(tzpfms)2.683 E F0 .182(suite connects to a local)2.683
-F F4(tcsd)2.682 E F0 .182(\(8\) process)B 1.666(\(a)4.348 G(t)-1.666 E
-F4(localhost:30003)2.682 E F0 4.348(\)b)1.666 G 2.682(yd)-4.348 G(ef)
--2.682 E 2.682(ault. Use)-.1 F(the)2.682 E(en)102 318 Q(vironment v)-.4
-E(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0
-(to specify a remote TCS hostname.)2.5 E .61(The T)102 336 R(rouSerS)
--.35 E F4(tcsd)3.11 E F0 .61(\(8\) daemon will try)B F4(/dev/tpm0)3.11 E
-F0 3.11(,t)C(hen)-3.11 E F4(/udev/tpm0)3.111 E F0 3.111(,t)C(hen)-3.111
-E F4(/dev/tpm)3.111 E F0 3.111(;b)C 3.111(yo)-3.111 G(ccu-)-3.111 E -.1
-(py)102 348 S(ing one of the earlier ones with, for e).1 E
-(xample, shell redirection, a later one can be selected.)-.15 E F1 .625
-(See also)84 372 R F0(The T)102 384 Q(rouSerS project page at)-.35 E F1
-(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
-E(ousers)-.18 E F0(.)A 2.719(The TPM 1.2 main speci\214cation inde)102
-402 R 5.219(xa)-.15 G(t)-5.219 E F1(https://trustedcomputinggr)5.219 E
-(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
-(speci\214cation)102 414 Q F0(.)A F1 1.666(SPECIAL THANKS)72 438 R F0
-1.6 -.8(To a)102 450 T(ll who support further de).8 E -.15(ve)-.25 G
-(lopment, in particular:).15 E F1<83>122 462 Q F0(ThePhD)7.5 E F1<83>122
-474 Q F0(Embark Studios)7.5 E F1<83>122 486 Q F0(Lars Strojn)7.5 E(y)
--.15 E F1(REPOR)72 510 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)
-102 522 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F4
-(\001nabijaczleweli/tzpfms@lists.sr.ht)102 540 Q F0 86.762(,a)C(rchi)
--86.762 E -.15(ve)-.25 G 86.763(da).15 G(t)-86.763 E F1
-(https://lists.sr)102 552 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A
-(tzpfms 0.3.3)72 799.889 Q(June 12, 2023)156.365 E(5)201.085 E 0 Cg EP
-%%Page: 6 6
+/F0 10/Times-Italic@0 SF(ZFS-TPM1X-CLEAR-KEY)72 48 Q/F1 10/Times-Roman@0
+SF 52.453(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G(anual)-2.5 E F0
+(ZFS-TPM1X-CLEAR-KEY)52.452 E F1(\(8\))A/F2 10/Times-Bold@0 SF -.2(NA)72
+84 S(ME).2 E F1(zfs-tpm1x-clear)108 96 Q(-k)-.2 E .3 -.15(ey \212 r)-.1
+H -.25(ew).15 G(rap ZFS dataset k).25 E .3 -.15(ey i)-.1 H 2.5(np).15 G
+(asssw)-2.5 E(ord and clear tzpfms TPM1.X metadata)-.1 E F2(SYNOPSIS)72
+112.8 Q/F3 10/Courier-Bold@0 SF(zfs-tpm-list)108 124.8 Q/F4 10
+/Courier-Oblique@0 SF(dataset)2.5 E F2(DESCRIPTION)72 141.6 Q F1
+(After v)108 153.6 Q(erifying)-.15 E F4(dataset)2.5 E F1 -.1(wa)2.5 G
+2.5(se).1 G(ncrypted with)-2.5 E F3(tzpfms)2.5 E F1(back)2.5 E(end)-.1 E
+F2(TPM1.X)2.5 E F1(:)A 5(1. performs)118 165.6 R 5.641(the equi)8.141 F
+-.25(va)-.25 G 5.641(lent of).25 F F3(zfs)8.142 E/F5 10/Courier@0 SF
+7.308(change-key \255o)11.642 F 7.308(keylocation=prompt \255o)11.642 F
+(keyformat=passphrase)133 177.6 Q F4(dataset)6 E F1(,)A 5(2. remo)118
+189.6 R -.15(ve)-.15 G 10.689(st).15 G(he)-10.689 E F5
+(xyz.nabijaczleweli:tzpfms.)10.689 E F1({)A F5(backend)A F1(,)A F5(key)
+14.189 E F1 10.689(}p)C 8.189(roperties from)-10.689 F F4(dataset)133
+201.6 Q F1(.)A(See)108 218.4 Q F0(zfs-tpm1x-c)2.5 E(hang)-.15 E(e-k)-.1
+E -.3(ey)-.1 G F1(\(8\) for a detailed description.).3 E F2 1.666
+(TPM1.X back-end con\214guration)72 235.2 R .625(TPM selection)87 247.2
+R F1(The)108 259.2 Q F3(tzpfms)2.508 E F1 .008
+(suite connects to a local)2.508 F F0(tcsd)2.508 E F1 .008
+(\(8\) process \(at)B F0(localhost:30003)2.508 E F1 2.509(\)b)C 2.509
+(yd)-2.509 G(ef)-2.509 E 2.509(ault. Use)-.1 F .009(the en)2.509 F
+(viron-)-.4 E(ment v)108 271.2 Q(ariable)-.25 E F5(TZPFMS_TPM1X)2.5 E F1
+(to specify a remote TCS hostname.)2.5 E .445(The T)108 288 R(rouSerS)
+-.35 E F0(tcsd)2.945 E F1 .445(\(8\) daemon will try)B F0(/de)2.945 E
+(v/tpm0)-.15 E F1 2.945(,t)C(hen)-2.945 E F0(/ude)2.945 E(v/tpm0)-.15 E
+F1 2.945(,t)C(hen)-2.945 E F0(/de)2.944 E(v/tpm)-.15 E F1 2.944(;b)C
+2.944(yo)-2.944 G(ccup)-2.944 E .444(ying one of)-.1 F
+(the earlier ones with, for e)108 300 Q
+(xample, shell redirection, a later one can be selected.)-.15 E F2 .625
+(See also)87 316.8 R F1(The T)108 328.8 Q
+(rouSerS project page at https://sourcefor)-.35 E
+(ge.net/projects/trousers.)-.18 E 4.415
+(The TPM 1.2 main speci\214cation inde)108 345.6 R 6.915(xa)-.15 G 6.915
+(th)-6.915 G(ttps://trustedcomputinggroup.or)-6.915 E
+(g/resource/tpm-main-)-.18 E(speci\214cation.)108 357.6 Q F2 1.666
+(SPECIAL THANKS)72 374.4 R F1 1.6 -.8(To a)108 386.4 T
+(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
+.15 E F2<83>128 398.4 Q F1(ThePhD)7.5 E F2<83>128 410.4 Q F1
+(Embark Studios)7.5 E F2<83>128 422.4 Q F1(Lars Strojn)7.5 E(y)-.15 E F2
+(REPOR)72 439.2 Q 1.666(TING B)-.4 F(UGS)-.1 E F1(https://todo.sr)108
+451.2 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F0(\001nabijaczle)
+108 468 Q(weli/tzpfms@lists.sr)-.15 E(.ht)-1.11 E F1 2.5(,a)C(rchi)-2.5
+E -.15(ve)-.25 G 2.5(da).15 G 2.5(th)-2.5 G(ttps://lists.sr)-2.5 E
+(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(tzpfms 0.3.3-1-g)72
+817.889 Q 98.073(aa1c21f July)-.05 F(16, 2023)2.5 E(1)193.552 E 0 Cg EP
+%%Page: 1 6
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Roman@0 SF(ZFS-TPM1X-LO)72 48 Q -.834(AD-KEY \(8\))-.35 F
-(System Manager')60.349 E 2.5(sM)-.55 G 55.349(anual ZFS-TPM1X-LO)-2.5 F
--.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E
-/F2 10/Courier-Bold@0 SF(zfs-tpm1x-load-key)102 108 Q F0 2.5<8a6c>2.5 G
-(oad TPM1.X-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72
-132 Q F2(zfs-tpm1x-load-key)102 144 Q F0([)3.333 E F2<ad6e>2.499 E F0(])
-.833 E/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 168 Q
-F0 .041(After v)102 180 R(erifying)-.15 E F3(dataset)2.541 E F0 -.1(wa)
-2.541 G 2.541(se).1 G .041(ncrypted with)-2.541 F F2(tzpfms)2.54 E F0
-(back)2.54 E(end)-.1 E F1(TPM1.X)2.54 E F0 .04(will unseal the k)2.54 F
-.34 -.15(ey a)-.1 H .04(nd load it).15 F(into)102 192 Q F3(dataset)2.5 E
-F0(.)A .611
+/F0 10/Times-Italic@0 SF(ZFS-TPM1X-LO)72 48 Q(AD-KEY)-.55 E/F1 10
+/Times-Roman@0 SF 57.453(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G
+(anual)-2.5 E F0(ZFS-TPM1X-LO)57.452 E(AD-KEY)-.55 E F1(\(8\))A/F2 10
+/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E F1(zfs-tpm1x-load-k)108 96 Q .3
+-.15(ey \212 l)-.1 H(oad TPM1.X-encrypted ZFS dataset k).15 E -.15(ey)
+-.1 G F2(SYNOPSIS)72 112.8 Q/F3 10/Courier-Bold@0 SF(zfs-tpm-list)108
+124.8 Q F1([)2.5 E/F4 10/Courier@0 SF<ad6e>1.666 E F1(])A/F5 10
+/Courier-Oblique@0 SF(dataset)2.5 E F2(DESCRIPTION)72 141.6 Q F1 .191
+(After v)108 153.6 R(erifying)-.15 E F5(dataset)2.691 E F1 -.1(wa)2.691
+G 2.691(se).1 G .191(ncrypted with)-2.691 F F3(tzpfms)2.69 E F1(back)
+2.69 E(end)-.1 E F2(TPM1.X)2.69 E F1 .19(will unseal the k)2.69 F .49
+-.15(ey a)-.1 H .19(nd load).15 F(it into)108 165.6 Q F5(dataset)2.5 E
+F1(.)A .236
 (The user is \214rst prompted for the SRK passphrase, set when taking o)
-102 210 R .611(wnership, if not "well-kno)-.25 F .611(wn" \(all)-.25 F
+108 182.4 R .236(wnership, if not "well-kno)-.25 F .236(wn" \(all)-.25 F
 (zeroes\); then for the additional passphrase, set when creating the k)
-102 222 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5(fo)-2.5 G(ne w)-2.5 E(as set.)
--.1 E(See)102 240 Q/F4 10/Courier@0 SF(zfs-tpm1x-change-key)2.5 E F0
-(\(8\) for a detailed description.)A F1(OPTIONS)72 264 Q F2<ad6e>103.666
-276 Q F0 3.583(Do a no-op/dry run, can be used e)125 276 R -.15(ve)-.25
-G 6.083(ni).15 G 6.083(ft)-6.083 G 3.583(he k)-6.083 F 3.883 -.15(ey i)
--.1 H 6.083(sa).15 G 3.583(lready loaded.)-6.083 F(Equi)8.582 E -.25(va)
--.25 G 3.582(lent to).25 F F2(zfs)6.082 E(load-key)125 288 Q F0 -.55('s)
-C F2<ad6e>4.716 E F0(option.)2.5 E F1(ENVIR)72 312 Q 1.666(ONMENT V)-.3
-F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)102 324 Q F0 .42(By def)
-127 336 R .42(ault, passphrases are prompted for and read in on the sta\
-ndard output and input streams.)-.1 F(If)5.421 E F4
-(TZPFMS_PASSPHRASE_HELPER)127 348 Q F0 .461(is set and nonempty)2.961 F
-2.961(,i)-.65 G 2.961(tw)-2.961 G .461(ill be run via)-2.961 F F4(/bin/)
-2.96 E F2 2.126(sh \255c)B F0 .46(to pro-)2.96 F
-(vide each passphrase, instead.)127 360 Q .15
-(The standard output stream of the helper is tied to an anon)127 378 R
-.151(ymous \214le and used in its entirety as the)-.15 F(passphrase, e)
-127 390 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
-(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)137 402 Q F0
-(Pre-formatted noun phrase with all the information belo)154 402 Q 1.3
--.65(w, f)-.25 H(or use as a prompt).65 E F4($2)137 414 Q F0
-(Either the dataset name or the element of the TPM hierarch)154 414 Q
-2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)137 426 Q F0("ne)154 426 Q
-(w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
--2.5 E F4($4)137 438 Q F0("ag)154 438 Q(ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .139
-(If the helper doesn')127 456 R 2.639(te)-.18 G 1.805(xist \()-2.789 F
-.138(the shell e)1.666 F .138(xits with)-.15 F F1(127)2.638 E F0 -3.194
-1.666(\), a d)1.666 H .138(iagnostic is issued and the normal prompt)
--1.666 F(is used as f)127 468 Q 2.5(all-back. If)-.1 F(it f)2.5 E
-(ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)
--2.5 E F1 1.666(TPM1.X back-end con\214guration)72 492 R .625
-(TPM selection)84 504 R F0(The)102 516 Q F2(tzpfms)2.682 E F0 .182
-(suite connects to a local)2.682 F F4(tcsd)2.682 E F0 .182
-(\(8\) process)B 1.666(\(a)4.348 G(t)-1.666 E F4(localhost:30003)2.682 E
-F0 4.348(\)b)1.666 G 2.683(yd)-4.348 G(ef)-2.683 E 2.683(ault. Use)-.1 F
-(the)2.683 E(en)102 528 Q(vironment v)-.4 E(ariable)-.25 E F4
-(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .611
-(The T)102 546 R(rouSerS)-.35 E F4(tcsd)3.111 E F0 .611
-(\(8\) daemon will try)B F4(/dev/tpm0)3.11 E F0 3.11(,t)C(hen)-3.11 E F4
-(/udev/tpm0)3.11 E F0 3.11(,t)C(hen)-3.11 E F4(/dev/tpm)3.11 E F0 3.11
-(;b)C 3.11(yo)-3.11 G(ccu-)-3.11 E -.1(py)102 558 S
-(ing one of the earlier ones with, for e).1 E
-(xample, shell redirection, a later one can be selected.)-.15 E F1 .625
-(See also)84 582 R F0(The T)102 594 Q(rouSerS project page at)-.35 E F1
-(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
-E(ousers)-.18 E F0(.)A 2.719(The TPM 1.2 main speci\214cation inde)102
-612 R 5.22(xa)-.15 G(t)-5.22 E F1(https://trustedcomputinggr)5.22 E
-(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
-(speci\214cation)102 624 Q F0(.)A F1 1.666(SPECIAL THANKS)72 648 R F0
-1.6 -.8(To a)102 660 T(ll who support further de).8 E -.15(ve)-.25 G
-(lopment, in particular:).15 E F1<83>122 672 Q F0(ThePhD)7.5 E F1<83>122
-684 Q F0(Embark Studios)7.5 E F1<83>122 696 Q F0(Lars Strojn)7.5 E(y)
--.15 E F1(REPOR)72 720 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)
-102 732 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(tzpfms 0.3.3)72 799.889
-Q(June 12, 2023)156.365 E(6)201.085 E 0 Cg EP
-%%Page: 7 7
+108 194.4 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5(fo)-2.5 G(ne w)-2.5 E
+(as set.)-.1 E(See)108 211.2 Q F0(zfs-tpm1x-c)2.5 E(hang)-.15 E(e-k)-.1
+E -.3(ey)-.1 G F1(\(8\) for a detailed description.).3 E F2(OPTIONS)72
+228 Q F4<ad6e>109.666 240 Q F1 3.208(Do a no-op/dry run, can be used e)
+131 240 R -.15(ve)-.25 G 5.708(ni).15 G 5.708(ft)-5.708 G 3.208(he k)
+-5.708 F 3.508 -.15(ey i)-.1 H 5.708(sa).15 G 3.208(lready loaded.)
+-5.708 F(Equi)8.207 E -.25(va)-.25 G 3.207(lent to).25 F F3(zfs)5.707 E
+F4(load-key)131 252 Q F1 -.55('s)C F4<ad6e>4.716 E F1(option.)2.5 E F2
+(ENVIR)72 268.8 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F4
+(TZPFMS_PASSPHRASE_HELPER)108 280.8 Q F1 .045(By def)133 292.8 R .045(a\
+ult, passphrases are prompted for and read in on the standard output an\
+d input streams.)-.1 F(If)5.046 E F4(TZPFMS_PASSPHRASE_HELPER)133 304.8
+Q F1 .896(is set and nonempty)3.397 F 3.396(,i)-.65 G 3.396(tw)-3.396 G
+.896(ill be run via)-3.396 F F0(/bin/)3.396 E F3(sh)A F4<ad63>8.562 E F1
+.896(to pro-)3.396 F(vide each passphrase, instead.)133 316.8 Q .643
+(The standard output stream of the helper is tied to an anon)133 333.6 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 345.6 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 357.6 Q F1
+(Pre-formatted noun phrase with all the information belo)160 357.6 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 369.6 Q F1
+(Either the dataset name or the element of the TPM hierarch)160 369.6 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 381.6 Q F1("ne)160
+381.6 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
+(assphrase, otherwise blank)-2.5 E F4($4)143 393.6 Q F1("ag)160 393.6 Q
+(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .178
+(If the helper doesn')133 410.4 R 2.678(te)-.18 G .178
+(xist \(the shell e)-2.828 F .177(xits with)-.15 F F2(127)2.677 E F1
+.177(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+422.4 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
+G(ther reason, the prompting is aborted.)-2.5 E F2 1.666
+(TPM1.X back-end con\214guration)72 439.2 R .625(TPM selection)87 451.2
+R F1(The)108 463.2 Q F3(tzpfms)2.508 E F1 .008
+(suite connects to a local)2.508 F F0(tcsd)2.508 E F1 .008
+(\(8\) process \(at)B F0(localhost:30003)2.508 E F1 2.509(\)b)C 2.509
+(yd)-2.509 G(ef)-2.509 E 2.509(ault. Use)-.1 F .009(the en)2.509 F
+(viron-)-.4 E(ment v)108 475.2 Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F1
+(to specify a remote TCS hostname.)2.5 E .445(The T)108 492 R(rouSerS)
+-.35 E F0(tcsd)2.945 E F1 .445(\(8\) daemon will try)B F0(/de)2.945 E
+(v/tpm0)-.15 E F1 2.945(,t)C(hen)-2.945 E F0(/ude)2.945 E(v/tpm0)-.15 E
+F1 2.945(,t)C(hen)-2.945 E F0(/de)2.944 E(v/tpm)-.15 E F1 2.944(;b)C
+2.944(yo)-2.944 G(ccup)-2.944 E .444(ying one of)-.1 F
+(the earlier ones with, for e)108 504 Q
+(xample, shell redirection, a later one can be selected.)-.15 E F2 .625
+(See also)87 520.8 R F1(The T)108 532.8 Q
+(rouSerS project page at https://sourcefor)-.35 E
+(ge.net/projects/trousers.)-.18 E 4.415
+(The TPM 1.2 main speci\214cation inde)108 549.6 R 6.915(xa)-.15 G 6.915
+(th)-6.915 G(ttps://trustedcomputinggroup.or)-6.915 E
+(g/resource/tpm-main-)-.18 E(speci\214cation.)108 561.6 Q F2 1.666
+(SPECIAL THANKS)72 578.4 R F1 1.6 -.8(To a)108 590.4 T
+(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
+.15 E F2<83>128 602.4 Q F1(ThePhD)7.5 E F2<83>128 614.4 Q F1
+(Embark Studios)7.5 E F2<83>128 626.4 Q F1(Lars Strojn)7.5 E(y)-.15 E F2
+(REPOR)72 643.2 Q 1.666(TING B)-.4 F(UGS)-.1 E F1(https://todo.sr)108
+655.2 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F0(\001nabijaczle)
+108 672 Q(weli/tzpfms@lists.sr)-.15 E(.ht)-1.11 E F1 2.5(,a)C(rchi)-2.5
+E -.15(ve)-.25 G 2.5(da).15 G 2.5(th)-2.5 G(ttps://lists.sr)-2.5 E
+(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(tzpfms 0.3.3-1-g)72
+817.889 Q 98.073(aa1c21f July)-.05 F(16, 2023)2.5 E(1)193.552 E 0 Cg EP
+%%Page: 1 7
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Roman@0 SF(ZFS-TPM1X-LO)72 48 Q -.834(AD-KEY \(8\))-.35 F
-(System Manager')60.349 E 2.5(sM)-.55 G 55.349(anual ZFS-TPM1X-LO)-2.5 F
--.834(AD-KEY \(8\))-.35 F/F1 10/Courier@0 SF
-(\001nabijaczleweli/tzpfms@lists.sr.ht)102 96 Q F0 86.763(,a)C(rchi)
--86.763 E -.15(ve)-.25 G 86.762(da).15 G(t)-86.762 E/F2 10/Times-Bold@0
-SF(https://lists.sr)102 108 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A
-(tzpfms 0.3.3)72 799.889 Q(June 12, 2023)156.365 E(7)201.085 E 0 Cg EP
-%%Page: 8 8
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R
-(System Manager')53.329 E 2.5(sM)-.55 G 48.329
-(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF
--.2(NA)72 96 S(ME).2 E/F2 10/Courier-Bold@0 SF(zfs-tpm2-change-key)102
-108 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)-2.5 E .3 -.15(ey t)-.1 H
-2.5(oo).15 G(ne stored on the TPM)-2.5 E F1(SYNOPSIS)72 132 Q F2
-(zfs-tpm2-change-key)102 144 Q F0([)3.333 E F2<ad62>2.499 E/F3 10
-/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][).833 G F2<ad50>-.834 E
-F3(algorithm)6 E F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C
-([)222 156 Q F2(+)A F3(algorithm)A F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)
-A F0 1.666(]...)C -2.499 1.666(]... [)-1.666 H F2<ad41>.833 E F0(]]).833
-E F3(dataset)2.5 E F1(DESCRIPTION)72 180 Q F0 5.411 -.8(To n)102 192 T
-(ormalise).8 E F3(dataset)6.311 E F0(,)A F2(zfs-tpm2-change-key)6.311 E
-F0 3.81(will open its encryption root in its stead.)6.311 F F2
-(zfs-tpm2-change-key)102 204 Q F0(will)3.73 E/F4 10/Times-Italic@0 SF
-(ne)3.73 E(ver)-.15 E F0 1.23(create or destro)3.73 F 3.731(ye)-.1 G
-1.231(ncryption roots; use)-3.731 F/F5 10/Courier@0 SF(zfs-change-key)
-3.731 E F0(\(8\))A(for that.)102 216 Q
-(First, a connection is made to the TPM, which)102 234 Q F4(must)2.5 E
-F0(be TPM-2.0-compatible.)2.5 E(If)102 252 Q F3(dataset)3.484 E F0 -.1
-(wa)3.484 G 3.484(sp).1 G(re)-3.484 E .983(viously encrypted with)-.25 F
-F2(tzpfms)3.483 E F0 .983(and the)3.483 F F1(TPM2)3.483 E F0 .983
-(back-end w)3.483 F .983(as used, the pre)-.1 F(vious)-.25 E -.1(ke)102
-264 S 2.713(yw)-.05 G .213(ill be freed from the TPM.)-2.713 F .214
-(Otherwise, or in case of an error)5.213 F 2.714(,d)-.4 G .214
-(ata required for manual interv)-2.714 F(ention)-.15 E
-(will be printed to the standard error stream.)102 276 Q(Ne)102 294 Q
-.253(xt, a ne)-.15 F 2.753(ww)-.25 G .253(rapping k)-2.753 F .553 -.15
-(ey i)-.1 H 2.753(sg).15 G .253(enerated on the TPM, optionally back)
--2.753 F .252(ed up)-.1 F 1.666(\(s)4.418 G(ee)-1.666 E F1(OPTIONS)2.752
-E F0 -3.08 1.666(\), a)1.666 H .252(nd sealed)-1.666 F .178
-(to a persistent object on the TPM under the o)102 306 R .179
-(wner hierarch)-.25 F .179(y; if there is a passphrase set on the o)-.05
-F .179(wner hi-)-.25 F(erarch)102 318 Q 1.534 -.65(y, t)-.05 H .233
-(he user is prompted for it; the user is al).65 F -.1(wa)-.1 G .233
-(ys prompted for an optional passphrase to protect the).1 F
-(sealed object with.)102 330 Q(The follo)102 348 Q
-(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1<83>122 360
-Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(TPM2)A<83>122 372
-Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3(persistent-object-ID)
-A F0([)133.833 384 Q F2(;).833 E F3(algorithm)A F2(:)A F3(PCR)A F0([)A
-F2(,)A F3(PCR)A F0 1.666(]...)C([)-1.666 E F2(+)A F3(algorithm)A F2(:)A
-F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C 1.666(]...)-1.666 G(])
--.833 E F5(tzpfms.backend)102 402 Q F0 1.531
-(identi\214es this dataset for w)4.031 F 1.53(ork with)-.1 F F1(TPM2)
-4.03 E F0(-back-ended)A F2(tzpfms)4.03 E F0 3.196(tools \()4.03 F
-(namely)1.666 E F5(zfs-tpm2-change-key)102 414 Q F0(\(8\),)A F5
-(zfs-tpm2-load-key)2.5 E F0(\(8\), and)A F5(zfs-tpm2-clear-key)2.5 E F0
--.834(\(8\) \) .)B F5(tzpfms.key)102 432 Q F0 .301(is an inte)2.801 F
-.301(ger representing the sealed object, optionally follo)-.15 F .301
-(wed by a semicolon and PCR)-.25 F 2.012(list as speci\214ed with)102
-444 R F2<ad50>6.178 E F0 4.512(,n)C 2.012(ormalised to be)-4.512 F F2
-(tpm-tools)4.511 E F0 2.011(-toolchain-compatible; if needed, it can be)
-B 1.063(passed to)102 456 R F2 2.729(tpm2_unseal \255c)3.563 F F5
-(${tzpfms.key)7.063 E F2(%%)A F5(;)A/F6 10/Symbol SF(*)A F5(})A F0(with)
-3.563 E F2<ad70>5.229 E F0(")7.063 E F5(str:${passphrase})A F0 3.563("o)
-C(r)-3.563 E F2<ad70>5.229 E F0(")102 468 Q F5(pcr:${tzpfms.key)A F2(#)A
-F6(*)A F5(;})A F0 1.339(", as the case may be, or equi)B -.25(va)-.25 G
-1.339(lent, for back-up).25 F 1.666(\(s)5.505 G(ee)-1.666 E F1(OPTIONS)
-3.839 E F0 .507 1.666(\). I)1.666 H(f)-1.666 E .302(you ha)102 480 R
-.602 -.15(ve a s)-.2 H .302(ealed k).15 F .602 -.15(ey y)-.1 H .303
-(ou can access with that or equi).15 F -.25(va)-.25 G .303
-(lent tool and set both of these properties, it will).25 F
-(funxion seamlessly)102 492 Q(.)-.65 E(Finally)102 510 Q 12.756(,t)-.65
-G 10.256(he equi)-12.756 F -.25(va)-.25 G 10.256(lent of).25 F F2 10.255
-(zfs change-key)12.755 F<ad6f>17.921 E F5(keylocation=prompt)16.255 E F2
-<ad6f>17.921 E F5(keyformat=raw)102 522 Q F3(dataset)6.506 E F0 .506
-(is performed with the ne)3.006 F 3.006(wk)-.25 G -.15(ey)-3.106 G 5.506
-(.I)-.5 G 3.006(fa)-5.506 G 3.006(ne)-3.006 G .507
-(rror occurred, best ef)-3.006 F .507(fort is made)-.25 F .623(to clean\
+/F0 10/Times-Italic@0 SF(ZFS-TPM2-CHANGE-KEY)72 48 Q/F1 10/Times-Roman@0
+SF 49.123(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G(anual)-2.5 E F0
+(ZFS-TPM2-CHANGE-KEY)49.122 E F1(\(8\))A/F2 10/Times-Bold@0 SF -.2(NA)72
+84 S(ME).2 E F1(zfs-tpm2-change-k)108 96 Q .3 -.15(ey \212 c)-.1 H
+(hange ZFS dataset k).15 E .3 -.15(ey t)-.1 H 2.5(oo).15 G
+(ne stored on the TPM)-2.5 E F2(SYNOPSIS)72 112.8 Q/F3 10/Courier-Bold@0
+SF(zfs-tpm-list)108 124.8 Q F1([)2.5 E/F4 10/Courier@0 SF<ad62>1.666 E
+/F5 10/Courier-Oblique@0 SF(backup-file)6 E F1 2.5(][)C F4<ad50>-.834 E
+F5(algorithm)6 E F4(:)A F5(PCR)A F1([)A F4(,)A F5(PCR)A F1 1.666(]...)C
+([)186 136.8 Q F4(+)A F5(algorithm)A F4(:)A F5(PCR)A F1([)A F4(,)A F5
+(PCR)A F1 1.666(]...)C -3.332 1.666(]... [)-1.666 H F4<ad41>A F1(]])A F5
+(dataset)2.5 E F2(DESCRIPTION)72 153.6 Q F1 1.677 -.8(To n)108 165.6 T
+(ormalise).8 E F5(dataset)2.577 E F1(,)A F3(zfs-tpm-list)2.577 E F1 .076
+(will open its encryption root in its stead.)2.576 F F3(zfs-tpm-list)
+5.076 E F1(will)108 177.6 Q F0(ne)2.5 E(ver)-.15 E F1(create or destro)
+2.5 E 2.5(ye)-.1 G(ncryption roots; use)-2.5 E F0(zfs-c)2.5 E(hang)-.15
+E(e-k)-.1 E -.3(ey)-.1 G F1(\(8\) for that.).3 E
+(First, a connection is made to the TPM, which)108 194.4 Q F0(must)2.5 E
+F1(be TPM-2.0-compatible.)2.5 E(If)108 211.2 Q F5(dataset)3.054 E F1 -.1
+(wa)3.054 G 3.054(sp).1 G(re)-3.054 E .554(viously encrypted with)-.25 F
+F3(tzpfms)3.055 E F1 .555(and the)3.055 F F2(TPM2)3.055 E F1 .555
+(back-end w)3.055 F .555(as used, the pre)-.1 F(vious)-.25 E -.1(ke)108
+223.2 S 3.06(yw)-.05 G .56(ill be freed from the TPM.)-3.06 F .56
+(Otherwise, or in case of an error)5.56 F 3.059(,d)-.4 G .559
+(ata required for manual interv)-3.059 F(en-)-.15 E
+(tion will be printed to the standard error stream.)108 235.2 Q(Ne)108
+252 Q 1.74(xt, a ne)-.15 F 4.24(ww)-.25 G 1.74(rapping k)-4.24 F 2.04
+-.15(ey i)-.1 H 4.24(sg).15 G 1.74(enerated on the TPM, optionally back)
+-4.24 F 1.741(ed up \(see \231OPTIONS\232\), and)-.1 F .576
+(sealed to a persistent object on the TPM under the o)108 264 R .575
+(wner hierarch)-.25 F .575(y; if there is a passphrase set on the)-.05 F
+-.25(ow)108 276 S .48(ner hierarch).25 F 1.78 -.65(y, t)-.05 H .48
+(he user is prompted for it; the user is al).65 F -.1(wa)-.1 G .481
+(ys prompted for an optional passphrase to).1 F
+(protect the sealed object with.)108 288 Q(The follo)108 304.8 Q
+(wing properties are set on)-.25 E F5(dataset)2.5 E F1(:)A F2<83>128
+316.8 Q F4(xyz.nabijaczleweli:tzpfms.backend)7.5 E F1(=)A F2(TPM2)A<83>
+128 328.8 Q F4(xyz.nabijaczleweli:tzpfms.key)7.5 E F1(=)A F5
+(persistent-object-ID)A F1([)139 340.8 Q F4(;)A F5(algorithm)A F4(:)A F5
+(PCR)A F1([)A F4(,)A F5(PCR)A F1 1.666(]...)C([)-1.666 E F4(+)A F5
+(algorithm)A F4(:)A F5(PCR)A F1([)A F4(,)A F5(PCR)A F1 1.666(]...)C
+1.666(]...)-1.666 G(])-1.666 E F4(tzpfms.backend)108 357.6 Q F1 1.264
+(identi\214es this dataset for w)3.764 F 1.263(ork with)-.1 F F2(TPM2)
+3.763 E F1(-back-ended)A F3(tzpfms)3.763 E F1 1.263(tools \(namely)3.763
+F F0(zfs-tpm2-c)108 369.6 Q(hang)-.15 E(e-k)-.1 E -.3(ey)-.1 G F1
+(\(8\),).3 E F0(zfs-tpm2-load-k)2.5 E -.3(ey)-.1 G F1(\(8\), and).3 E F0
+(zfs-tpm2-clear)2.5 E(-k)-.2 E -.3(ey)-.1 G F1(\(8\)\).).3 E F4
+(tzpfms.key)108 386.4 Q F1 1.508(is an inte)4.008 F 1.509
+(ger representing the sealed object, optionally follo)-.15 F 1.509
+(wed by a semicolon and)-.25 F .823(PCR list as speci\214ed with)108
+398.4 R F4<ad50>4.988 E F1 3.322(,n)C .822(ormalised to be)-3.322 F F3
+(tpm-tools)3.322 E F1 .822(-toolchain-compatible; if needed, it can)B
+.865(be passed to)108 410.4 R F3(tpm2_unseal)3.366 E F4 .866
+(\255c ${tzpfms.key%%;)8.532 F/F6 10/Symbol SF(*)A F4(})A F1(with)3.366
+E F4<ad70>5.032 E F1(")6.866 E F4(str:${passphrase})A F1 3.366("o)C(r)
+-3.366 E F4<ad70>109.666 422.4 Q F1(")6.22 E F4(pcr:${tzpfms.key#)A F6
+(*)A F4(;})A F1 .22(", as the case may be, or equi)B -.25(va)-.25 G .22
+(lent, for back-up \(see \231OPTIONS\232\).).25 F .447(If you ha)108
+434.4 R .747 -.15(ve a s)-.2 H .447(ealed k).15 F .748 -.15(ey y)-.1 H
+.448(ou can access with that or equi).15 F -.25(va)-.25 G .448
+(lent tool and set both of these properties, it).25 F
+(will funxion seamlessly)108 446.4 Q(.)-.65 E(Finally)108 463.2 Q 12.006
+(,t)-.65 G 9.506(he equi)-12.006 F -.25(va)-.25 G 9.506(lent of).25 F F3
+(zfs)12.005 E F4 11.171(change-key \255o)15.505 F 11.171
+(keylocation=prompt \255o)15.505 F(keyformat=raw)108 475.2 Q F5(dataset)
+6.106 E F1 .106(is performed with the ne)2.606 F 2.606(wk)-.25 G -.15
+(ey)-2.706 G 5.106(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606 G .107
+(rror occurred, best ef)-2.606 F .107(fort is made)-.25 F .289(to clean\
  up the persistent object and properties, or to issue a note for manual\
- interv)102 534 R .622(ention into the stan-)-.15 F(dard error stream.)
-102 546 Q 3.086<418c>102 564 S .586(nal v)-3.086 F .586
-(eri\214cation should be made by running)-.15 F F2 2.252
-(zfs-tpm2-load-key \255n)3.086 F F3(dataset)6.586 E F0 5.586(.I)C 3.086
-(ft)-5.586 G .587(hat com-)-3.086 F .859(mand succeeds, all is well, b)
-102 576 R .859(ut otherwise the dataset can be manually rolled back to \
-a passphrase with)-.2 F F2(zfs-tpm2-clear-key)102 588 Q F3(dataset)
-11.805 E F0 1.666(\(o)9.971 G 6.605 -.4(r, i)-1.666 H 8.306(ft).4 G
-5.806(hat f)-8.306 F 5.806(ails to w)-.1 F(ork,)-.1 E F2 5.806
-(zfs change-key)8.306 F<ad6f>13.472 E F5(keyformat=passphrase)102 600 Q
-F3(dataset)6 E F0 -3.332 1.666(\), a)1.666 H(nd you are hereby ask)
--1.666 E(ed to report a b)-.1 E(ug, please.)-.2 E F2(zfs-tpm2-clear-key)
-102 618 Q F3(dataset)6.429 E F0 .429
-(can be used to free the TPM persistent object and go back to us-)2.929
-F(ing a passphrase.)102 630 Q F1(OPTIONS)72 654 Q F2<ad62>103.666 666 Q
-F3(backup-file)6 E F0(Sa)197 666 Q .852 -.15(ve a b)-.2 H .552
-(ack-up of the k).15 F .852 -.15(ey t)-.1 H(o).15 E F3(backup-file)3.052
-E F0 3.052(,w)C .552(hich must not e)-3.052 F .553(xist beforehand.)-.15
-F 1.194(This back-up)197 678 R F4(must)3.694 E F0 1.194
-(be stored securely)3.694 F 3.694(,o)-.65 G -.25(ff)-3.694 G 3.694
-(-site. In).25 F 1.193(case of a catastrophic e)3.694 F -.15(ve)-.25 G
-(nt,).15 E(the k)197 690 Q .3 -.15(ey c)-.1 H(an be loaded by running)
-.15 E F2(zfs load-key)227 702 Q F3(dataset)6 E F5(<)6 E F3(backup-file)6
-E F2<ad50>103.666 720 Q F3(algorithm)6 E F2(:)A F3(PCR)A F0([)A F2(,)A
-F3(PCR)A F0 1.666(]...)C([)-1.666 E F2(+)A F3(algorithm)A F2(:)A F3(PCR)
-A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C 1.666(]...)-1.666 G 2.024
-(Bind the k)197 732 R 2.324 -.15(ey t)-.1 H 4.524(os).15 G 2.024
-(pace- or comma-separated)-4.524 F F3(PCR)4.525 E F0 4.525(sw)C 2.025
-(ithin their corresponding)-4.525 F(hashing)197 744 Q F3(algorithm)2.952
-E F0 2.952<8a69>2.952 G 2.952(ft)-2.952 G(he)-2.952 E 2.952(yc)-.15 G
-.452(hange, the wrapping k)-2.952 F .752 -.15(ey w)-.1 H .451
-(ill not be able to be).15 F 2.5(unsealed. There)197 756 R(are)2.5 E F1
-(24)2.5 E F0(PCRs, numbered)2.5 E([)3.333 E F1(0).833 E F0(,)A F1(23)2.5
-E F0(].).833 E(tzpfms 0.3.3)72 804 Q(June 12, 2023)156.365 E(8)201.085 E
-0 Cg EP
-%%Page: 9 9
+ interv)108 487.2 R .289(ention into the stan-)-.15 F
+(dard error stream.)108 499.2 Q 2.624<418c>108 516 S .124(nal v)-2.624 F
+.124(eri\214cation should be made by running)-.15 F F3
+(zfs-tpm2-load-key)2.625 E F4<ad6e>7.791 E F5(dataset)6.125 E F1 5.125
+(.I)C 2.625(ft)-5.125 G .125(hat com-)-2.625 F .507
+(mand succeeds, all is well, b)108 528 R .506(ut otherwise the dataset \
+can be manually rolled back to a passphrase with)-.2 F F3
+(zfs-tpm2-clear-key)108 540 Q F5(dataset)11.538 E F1(\(or)8.039 E 8.039
+(,i)-.4 G 8.039(ft)-8.039 G 5.539(hat f)-8.039 F 5.539(ails to w)-.1 F
+(ork,)-.1 E F3(zfs)8.039 E F4 7.205(change-key \255o)11.539 F
+(keyformat=passphrase)108 552 Q F5(dataset)6 E F1
+(\), and you are hereby ask)A(ed to report a b)-.1 E(ug, please.)-.2 E
+F3(zfs-tpm2-clear-key)108 568.8 Q F5(dataset)6.029 E F1 .029
+(can be used to free the TPM persistent object and go back to us-)2.529
+F(ing a passphrase.)108 580.8 Q F2(OPTIONS)72 597.6 Q F4<ad62>109.666
+609.6 Q F5(backup-file)6 E F1(Sa)203 609.6 Q .352 -.15(ve a b)-.2 H .052
+(ack-up of the k).15 F .352 -.15(ey t)-.1 H(o).15 E F5(backup-file)2.552
+E F1 2.552(,w)C .052(hich must not e)-2.552 F .053(xist beforehand.)-.15
+F .694(This back-up)203 621.6 R F0(must)3.194 E F1 .694
+(be stored securely)3.194 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
+(-site. In).25 F .693(case of a catastrophic e)3.194 F -.15(ve)-.25 G
+(nt,).15 E(the k)203 633.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
+.15 E F3(zfs)233 645.6 Q F4(load-key)6 E F5(dataset)6 E F4(<)6 E F5
+(backup-file)6 E F4<ad50>109.666 662.4 Q F5(algorithm)6 E F4(:)A F5(PCR)
+A F1([)A F4(,)A F5(PCR)A F1 1.666(]...)C([)-1.666 E F4(+)A F5(algorithm)
+A F4(:)A F5(PCR)A F1([)A F4(,)A F5(PCR)A F1 1.666(]...)C 1.666(]...)
+-1.666 G 1.424(Bind the k)203 674.4 R 1.724 -.15(ey t)-.1 H 3.924(os).15
+G 1.424(pace- or comma-separated)-3.924 F F5(PCR)3.925 E F1 3.925(sw)C
+1.425(ithin their corresponding)-3.925 F(hashing)203 686.4 Q F5
+(algorithm)2.524 E F1 2.524<8a69>2.524 G 2.523(ft)-2.524 G(he)-2.523 E
+2.523(yc)-.15 G .023(hange, the wrapping k)-2.523 F .323 -.15(ey w)-.1 H
+.023(ill not be able to be).15 F 2.5(unsealed. There)203 698.4 R(are)2.5
+E F2(24)2.5 E F1(PCRs, numbered [)2.5 E F2(0)A F1(,)A F2(23)2.5 E F1(].)
+A F5(algorithm)203 715.2 Q F1 2.968(may be an)5.468 F 5.468(yo)-.15 G
+5.468(fc)-5.468 G(ase-insensiti)-5.468 E 3.268 -.15(ve ")-.25 H F2(sha1)
+.15 E F1 2.968(", ")B F2(sha256)A F1 2.969(", ")B F2(sha384)A F1(",)A(")
+203 727.2 Q F2(sha512)A F1 4.983(", ")B F2(sm3_256)A F1 4.983(", ")B F2
+(sm3-256)A F1 4.983(", ")B F2(sha3_256)A F1 4.983(", ")B F2(sha3-256)A
+F1 4.983(", ")B F2(sha3_384)A F1(",)A(")203 739.2 Q F2(sha3-384)A F1
+(", ")A F2(sha3_512)A F1(", or ")A F2(sha3-512)A F1
+(", and must be supported by the TPM.)A(tzpfms 0.3.3-1-g)72 817.889 Q
+98.073(aa1c21f July)-.05 F(16, 2023)2.5 E(1)193.552 E 0 Cg EP
+%%Page: 2 8
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R
-(System Manager')53.329 E 2.5(sM)-.55 G 48.329
-(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Courier-Oblique@0
-SF(algorithm)197 96 Q F0 3.718(may be an)6.218 F 6.218(yo)-.15 G 6.218
-(fc)-6.218 G(ase-insensiti)-6.218 E 4.018 -.15(ve ")-.25 H/F2 10
-/Times-Bold@0 SF(sha1).15 E F0 3.718(", ")B F2(sha256)A F0 3.719(", ")B
-F2(sha384)A F0(",)A(")197 108 Q F2(sha512)A F0 6.183(", ")B F2(sm3_256)A
-F0 6.183(", ")B F2(sm3-256)A F0 6.183(", ")B F2(sha3_256)A F0 6.183
-(", ")B F2(sha3-256)A F0 6.183(", ")B F2(sha3_384)A F0(",)A(")197 120 Q
-F2(sha3-384)A F0(", ")A F2(sha3_512)A F0(", or ")A F2(sha3-512)A F0
-(", and must be supported by the TPM.)A/F3 10/Courier-Bold@0 SF<ad41>
-103.666 138 Q F0 -.4(Wi)197 138 S(th).4 E F3<ad50>5.049 E F0 3.383(,a)C
-.884(lso prompt for a passphrase.)-3.383 F .884(This is skipped by def)
-5.884 F .884(ault because the)-.1 F 1.137(passphrase is)197 150 R/F4 10
-/Times-Italic@0 SF(OR)3.637 E F0 1.137(ed with the PCR polic)B 3.637
-<798a>-.15 G 1.136(the wrapping k)-.001 F 1.436 -.15(ey c)-.1 H 1.136
-(an be unsealed).15 F F4(either)197 162 Q F0 .227
-(passphraseless with the right PCRs)2.727 F F4(or)2.727 E F0 .228
-(with the passphrase, and this is usu-)2.727 F(ally not the intent.)197
-174 Q F2(ENVIR)72 198 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E/F5 10
-/Courier@0 SF(TZPFMS_PASSPHRASE_HELPER)102 210 Q F0 .421(By def)127 222
-R .42(ault, passphrases are prompted for and read in on the standard ou\
-tput and input streams.)-.1 F(If)5.42 E F5(TZPFMS_PASSPHRASE_HELPER)127
-234 Q F0 .46(is set and nonempty)2.96 F 2.961(,i)-.65 G 2.961(tw)-2.961
-G .461(ill be run via)-2.961 F F5(/bin/)2.961 E F3 2.127(sh \255c)B F0
-.461(to pro-)2.961 F(vide each passphrase, instead.)127 246 Q .15
-(The standard output stream of the helper is tied to an anon)127 264 R
-.15(ymous \214le and used in its entirety as the)-.15 F(passphrase, e)
-127 276 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
-(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F5($1)137 288 Q F0
-(Pre-formatted noun phrase with all the information belo)154 288 Q 1.3
--.65(w, f)-.25 H(or use as a prompt).65 E F5($2)137 300 Q F0
-(Either the dataset name or the element of the TPM hierarch)154 300 Q
-2.5(yb)-.05 G(eing prompted for)-2.5 E F5($3)137 312 Q F0("ne)154 312 Q
-(w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
--2.5 E F5($4)137 324 Q F0("ag)154 324 Q(ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .138
-(If the helper doesn')127 342 R 2.638(te)-.18 G 1.804(xist \()-2.788 F
-.138(the shell e)1.666 F .138(xits with)-.15 F F2(127)2.638 E F0 -3.194
-1.666(\), a d)1.666 H .139(iagnostic is issued and the normal prompt)
--1.666 F(is used as f)127 354 Q 2.5(all-back. If)-.1 F(it f)2.5 E
-(ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)
--2.5 E F2 1.666(TPM2 back-end con\214guration)72 378 R(En)84 390 Q(vir)
--.4 E .625(onment v)-.18 F(ariables)-.1 E F5(TSS2_LOG)102 402 Q F0(An)
-155 402 Q 2.5(yo)-.15 G(f:)-2.5 E F2(NONE)2.5 E F0(,)A F2(ERR)2.5 E(OR)
--.3 E F0(,)A F2 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F2(INFO)2.5 E F0(,)A F2
-(DEB)2.5 E(UG)-.1 E F0(,)A F2(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E
-(ault:)-.1 E F2 -1.2(WA)2.5 G(RNING)1.2 E F0(.)A F2 .625(TPM selection)
-84 426 R F0 1.167(The library)102 438 R F3(libtss2-tcti-default.so)3.667
-E F0 1.167(can be link)3.667 F 1.167(ed to an)-.1 F 3.667(yo)-.15 G
-3.667(ft)-3.667 G(he)-3.667 E F5(libtss2-tcti-)3.666 E/F6 10/Symbol SF
-(*)A F5(.so)A F0(li-)3.666 E 1.38(braries to select the def)102 450 R
-1.38(ault, otherwise)-.1 F F5(/dev/tpmrm0)3.881 E F0 3.881(,t)C(hen)
--3.881 E F5(/dev/tpm0)3.881 E F0 3.881(,t)C(hen)-3.881 E F5
-(localhost:2321)3.881 E F0(will be tried, in order)102 462 Q 1.666(\(s)
-4.166 G(ee)-1.666 E F5(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F2 .625
-(See also)84 486 R F0 1.63(The tpm2-tss git repository at)102 498 R F2
-(https://github)4.129 E(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0
-1.629(and the documentation at)4.129 F F2(https://tpm2-tss.r)102 510 Q
-(eadthedocs.io)-.18 E F0(.)A 3.517
-(The TPM 2.0 speci\214cations, mainly at)102 528 R F2
-(https://trustedcomputinggr)6.018 E(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E
-(ce/tpm-library-)-.18 E(speci\214cation/)102 540 Q F0(,)A F2
-(https://trustedcomputinggr)99.315 E(oup.or)-.18 E
-(g/wp-content/uploads/TPM-)-.1 E(Re)102 552 Q(v-2.0-P)-.15 E(art-1-Ar)
--.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0 2.5(,a)C(nd related pages.)
--2.5 E F2 1.666(SPECIAL THANKS)72 576 R F0 1.6 -.8(To a)102 588 T
+/F0 10/Times-Italic@0 SF(ZFS-TPM2-CHANGE-KEY)72 48 Q/F1 10/Times-Roman@0
+SF 49.123(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G(anual)-2.5 E F0
+(ZFS-TPM2-CHANGE-KEY)49.122 E F1(\(8\))A/F2 10/Courier@0 SF<ad41>109.666
+84 Q F1 -.4(Wi)203 84 S(th).4 E F2<ad50>4.588 E F1 2.922(,a)C .422
+(lso prompt for a passphrase.)-2.922 F .422(This is skipped by def)5.422
+F .423(ault because the)-.1 F .675(passphrase is)203 96 R F0(OR)3.175 E
+F1 .675(ed with the PCR polic)B 3.175(y\212t)-.15 G .675(he wrapping k)
+-3.175 F .975 -.15(ey c)-.1 H .675(an be unsealed).15 F F0(either)203
+108 Q F1 1.389(passphraseless with the right PCRs)3.889 F F0(or)3.89 E
+F1 1.39(with the passphrase, and this is)3.89 F(usually not the intent.)
+203 120 Q/F3 10/Times-Bold@0 SF(ENVIR)72 136.8 Q 1.666(ONMENT V)-.3 F
+(ARIABLES)-1.35 E F2(TZPFMS_PASSPHRASE_HELPER)108 148.8 Q F1 .046
+(By def)133 160.8 R .045(ault, passphrases are prompted for and read in\
+ on the standard output and input streams.)-.1 F(If)5.045 E F2
+(TZPFMS_PASSPHRASE_HELPER)133 172.8 Q F1 .896(is set and nonempty)3.396
+F 3.396(,i)-.65 G 3.396(tw)-3.396 G .896(ill be run via)-3.396 F F0
+(/bin/)3.396 E/F4 10/Courier-Bold@0 SF(sh)A F2<ad63>8.562 E F1 .897
+(to pro-)3.396 F(vide each passphrase, instead.)133 184.8 Q .643
+(The standard output stream of the helper is tied to an anon)133 201.6 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 213.6 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F2($1)143 225.6 Q F1
+(Pre-formatted noun phrase with all the information belo)160 225.6 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F2($2)143 237.6 Q F1
+(Either the dataset name or the element of the TPM hierarch)160 237.6 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F2($3)143 249.6 Q F1("ne)160
+249.6 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
+(assphrase, otherwise blank)-2.5 E F2($4)143 261.6 Q F1("ag)160 261.6 Q
+(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 278.4 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F3(127)2.677 E F1
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+290.4 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
+G(ther reason, the prompting is aborted.)-2.5 E F3 1.666
+(TPM2 back-end con\214guration)72 307.2 R(En)87 319.2 Q(vir)-.4 E .625
+(onment v)-.18 F(ariables)-.1 E F2(TSS2_LOG)108 331.2 Q F1(An)161 331.2
+Q 2.5(yo)-.15 G(f:)-2.5 E F3(NONE)2.5 E F1(,)A F3(ERR)2.5 E(OR)-.3 E F1
+(,)A F3 -1.2(WA)2.5 G(RNING)1.2 E F1(,)A F3(INFO)2.5 E F1(,)A F3(DEB)2.5
+E(UG)-.1 E F1(,)A F3(TRA)2.5 E(CE)-.55 E F1 5(.D)C(ef)-5 E(ault:)-.1 E
+F3 -1.2(WA)2.5 G(RNING)1.2 E F1(.)A F3 .625(TPM selection)87 348 R F1
+.978(The library)108 360 R F4(libtss2-tcti-default.so)3.477 E F1 .977
+(can be link)3.477 F .977(ed to an)-.1 F 3.477(yo)-.15 G 3.477(ft)-3.477
+G(he)-3.477 E F0(libtss2-tcti-)3.477 E/F5 10/Symbol SF(*)A F0(.so)A F1
+.977(libraries to)3.477 F 1.145(select the def)108 372 R 1.145
+(ault, otherwise)-.1 F F0(/de)3.646 E(v/tpmrm0)-.15 E F1 3.646(,t)C(hen)
+-3.646 E F0(/de)3.646 E(v/tpm0)-.15 E F1 3.646(,t)C(hen)-3.646 E F0
+(localhost:2321)3.646 E F1 1.146(will be tried, in order)3.646 F(\(see)
+108 384 Q F0(ESYS_CONTEXT)2.5 E F1(\(3\)\).)A F3 .625(See also)87 400.8
+R F1 2.247(The tpm2-tss git repository at https://github)108 412.8 R
+(.com/tpm2-softw)-.4 E 2.247(are/tpm2-tss and the documentation at)-.1 F
+(https://tpm2-tss.readthedocs.io.)108 424.8 Q 5.774(The TPM 2.0 speci\
+\214cations, mainly at https://trustedcomputinggroup.or)108 441.6 R
+(g/resource/tpm-library-)-.18 E 111.845
+(speci\214cation/, https://trustedcomputinggroup.or)108 453.6 R
+(g/wp-content/uploads/TPM-)-.18 E(Re)108 465.6 Q(v-2.0-P)-.25 E
+(art-1-Architecture-01.38.pdf, and related pages.)-.15 E F3 1.666
+(SPECIAL THANKS)72 482.4 R F1 1.6 -.8(To a)108 494.4 T
 (ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
-.15 E F2<83>122 600 Q F0(ThePhD)7.5 E F2<83>122 612 Q F0(Embark Studios)
-7.5 E F2<83>122 624 Q F0(Lars Strojn)7.5 E(y)-.15 E F2(REPOR)72 648 Q
-1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 660 Q
-(.ht/\001nabijaczleweli/tzpfms)-1 E F5
-(\001nabijaczleweli/tzpfms@lists.sr.ht)102 678 Q F0 86.762(,a)C(rchi)
--86.762 E -.15(ve)-.25 G 86.763(da).15 G(t)-86.763 E F2
-(https://lists.sr)102 690 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A F2
-1.666(SEE ALSO)72 714 R F5(tpm2_unseal)102 726 Q F0(\(1\))A
-(tzpfms 0.3.3)72 799.889 Q(June 12, 2023)156.365 E(9)201.085 E 0 Cg EP
-%%Page: 10 10
+.15 E F3<83>128 506.4 Q F1(ThePhD)7.5 E F3<83>128 518.4 Q F1
+(Embark Studios)7.5 E F3<83>128 530.4 Q F1(Lars Strojn)7.5 E(y)-.15 E F3
+(REPOR)72 547.2 Q 1.666(TING B)-.4 F(UGS)-.1 E F1(https://todo.sr)108
+559.2 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F0(\001nabijaczle)
+108 576 Q(weli/tzpfms@lists.sr)-.15 E(.ht)-1.11 E F1 2.5(,a)C(rchi)-2.5
+E -.15(ve)-.25 G 2.5(da).15 G 2.5(th)-2.5 G(ttps://lists.sr)-2.5 E
+(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E F3 1.666(SEE ALSO)72
+592.8 R F0(tpm2_unseal)108 604.8 Q F1(\(1\))A
+(PCR allocations: https://wiki.archlinux.or)108 621.6 Q(g/title/T)-.18 E
+(rusted_Platform_Module#Accessing_PCR_re)-.35 E(gisters)-.15 E
+(and https://trustedcomputinggroup.or)108 633.6 Q
+(g/wp-content/uploads/PC-)-.18 E(ClientSpeci\214c_Platform_Pro\214le_fo\
+r_TPM_2p0_Systems_v51.pdf, Section 2.3.4 "PCR Usage", T)108 645.6 Q
+(able)-.8 E(1.)108 657.6 Q(tzpfms 0.3.3-1-g)72 817.889 Q 98.073
+(aa1c21f July)-.05 F(16, 2023)2.5 E(2)193.552 E 0 Cg EP
+%%Page: 1 9
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R
-(System Manager')53.329 E 2.5(sM)-.55 G 48.329
-(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E(PCR allocations:)102 96
-Q/F1 10/Times-Bold@0 SF(https://wiki.ar)102 108 Q(chlinux.or)-.18 E
-(g/title/T)-.1 E(rusted_Platf)-.74 E(orm_Module#Accessing_PCR_r)-.25 E
-(egisters)-.18 E F0(and)2.5 E F1(https://trustedcomputinggr)102 120 Q
-(oup.or)-.18 E(g/wp-content/uploads/PC-)-.1 E(ClientSpeci\214c_Platf)102
-132 Q(orm_Pr)-.25 E(o\214le_f)-.18 E(or_TPM_2p0_Systems_v51.pdf)-.25 E
-F0 2.5(,S)C(ection 2.3.4 "PCR Usage", T)-2.5 E(able)-.8 E(1.)102 144 Q
-(tzpfms 0.3.3)72 799.889 Q(June 12, 2023)156.365 E(10)196.085 E 0 Cg EP
-%%Page: 11 11
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CLEAR-KEY \(8\))72 48 R
-(System Manager')62.209 E 2.5(sM)-.55 G 57.209(anual ZFS-TPM2-CLEAR-KEY)
--2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E/F2 10
-/Courier-Bold@0 SF(zfs-tpm2-clear-key)102 108 Q F0 2.5<8a72>2.5 G -.25
-(ew)-2.5 G(rap ZFS dataset k).25 E .3 -.15(ey i)-.1 H 2.5(np).15 G
-(asssw)-2.5 E(ord and clear tzpfms TPM2 metadata)-.1 E F1(SYNOPSIS)72
-132 Q F2(zfs-tpm2-clear-key)102 144 Q/F3 10/Courier-Oblique@0 SF
-(dataset)2.5 E F1(DESCRIPTION)72 168 Q F0(After v)102 180 Q(erifying)
--.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E
-F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM2)2.5 E F0(:)A 5
-(1. performs)112 192 R 6.392(the equi)8.892 F -.25(va)-.25 G 6.392
-(lent of).25 F F2 6.392(zfs change-key)8.892 F<ad6f>14.057 E/F4 10
-/Courier@0 SF(keylocation=prompt)12.391 E F2<ad6f>14.057 E F4
-(keyformat=passphrase)127 204 Q F3(dataset)6 E F0(,)A 5(2. frees)112 216
-R(the sealed k)2.5 E .3 -.15(ey p)-.1 H(re).15 E
-(viously used to encrypt)-.25 E F3(dataset)2.5 E F0(,)A 5(3. remo)112
-228 R -.15(ve)-.15 G 11.889(st).15 G(he)-11.889 E F4
-(xyz.nabijaczleweli:tzpfms.)11.889 E F0({)A F4(backend)A F0(,)A F4(key)
-15.389 E F0 11.889(}p)C 9.389(roperties from)-11.889 F F3(dataset)127
-240 Q F0(.)A(See)102 258 Q F4(zfs-tpm2-change-key)2.5 E F0
-(\(8\) for a detailed description.)A F1(ENVIR)72 282 Q 1.666(ONMENT V)
--.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)102 294 Q F0 .421
-(By def)127 306 R .42(ault, passphrases are prompted for and read in on\
- the standard output and input streams.)-.1 F(If)5.42 E F4
-(TZPFMS_PASSPHRASE_HELPER)127 318 Q F0 .46(is set and nonempty)2.96 F
-2.961(,i)-.65 G 2.961(tw)-2.961 G .461(ill be run via)-2.961 F F4(/bin/)
-2.961 E F2 2.127(sh \255c)B F0 .461(to pro-)2.961 F
-(vide each passphrase, instead.)127 330 Q .15
-(The standard output stream of the helper is tied to an anon)127 348 R
-.15(ymous \214le and used in its entirety as the)-.15 F(passphrase, e)
-127 360 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
-(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)137 372 Q F0
-(Pre-formatted noun phrase with all the information belo)154 372 Q 1.3
--.65(w, f)-.25 H(or use as a prompt).65 E F4($2)137 384 Q F0
-(Either the dataset name or the element of the TPM hierarch)154 384 Q
-2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)137 396 Q F0("ne)154 396 Q
+/F0 10/Times-Italic@0 SF(ZFS-TPM2-CLEAR-KEY)72 48 Q/F1 10/Times-Roman@0
+SF 58.563(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G(anual)-2.5 E F0
+(ZFS-TPM2-CLEAR-KEY)58.562 E F1(\(8\))A/F2 10/Times-Bold@0 SF -.2(NA)72
+84 S(ME).2 E F1(zfs-tpm2-clear)108 96 Q(-k)-.2 E .3 -.15(ey \212 r)-.1 H
+-.25(ew).15 G(rap ZFS dataset k).25 E .3 -.15(ey i)-.1 H 2.5(np).15 G
+(asssw)-2.5 E(ord and clear tzpfms TPM2 metadata)-.1 E F2(SYNOPSIS)72
+112.8 Q/F3 10/Courier-Bold@0 SF(zfs-tpm-list)108 124.8 Q/F4 10
+/Courier-Oblique@0 SF(dataset)2.5 E F2(DESCRIPTION)72 141.6 Q F1
+(After v)108 153.6 Q(erifying)-.15 E F4(dataset)2.5 E F1 -.1(wa)2.5 G
+2.5(se).1 G(ncrypted with)-2.5 E F3(tzpfms)2.5 E F1(back)2.5 E(end)-.1 E
+F2(TPM2)2.5 E F1(:)A 5(1. performs)118 165.6 R 5.641(the equi)8.141 F
+-.25(va)-.25 G 5.641(lent of).25 F F3(zfs)8.142 E/F5 10/Courier@0 SF
+7.308(change-key \255o)11.642 F 7.308(keylocation=prompt \255o)11.642 F
+(keyformat=passphrase)133 177.6 Q F4(dataset)6 E F1(,)A 5(2. frees)118
+189.6 R(the sealed k)2.5 E .3 -.15(ey p)-.1 H(re).15 E
+(viously used to encrypt)-.25 E F4(dataset)2.5 E F1(,)A 5(3. remo)118
+201.6 R -.15(ve)-.15 G 10.689(st).15 G(he)-10.689 E F5
+(xyz.nabijaczleweli:tzpfms.)10.689 E F1({)A F5(backend)A F1(,)A F5(key)
+14.189 E F1 10.689(}p)C 8.189(roperties from)-10.689 F F4(dataset)133
+213.6 Q F1(.)A(See)108 230.4 Q F0(zfs-tpm2-c)2.5 E(hang)-.15 E(e-k)-.1 E
+-.3(ey)-.1 G F1(\(8\) for a detailed description.).3 E F2(ENVIR)72 247.2
+Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F5(TZPFMS_PASSPHRASE_HELPER)108
+259.2 Q F1 .045(By def)133 271.2 R .045(ault, passphrases are prompted \
+for and read in on the standard output and input streams.)-.1 F(If)5.046
+E F5(TZPFMS_PASSPHRASE_HELPER)133 283.2 Q F1 .896(is set and nonempty)
+3.397 F 3.396(,i)-.65 G 3.396(tw)-3.396 G .896(ill be run via)-3.396 F
+F0(/bin/)3.396 E F3(sh)A F5<ad63>8.562 E F1 .896(to pro-)3.396 F
+(vide each passphrase, instead.)133 295.2 Q .643
+(The standard output stream of the helper is tied to an anon)133 312 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 324 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F5($1)143 336 Q F1
+(Pre-formatted noun phrase with all the information belo)160 336 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F5($2)143 348 Q F1
+(Either the dataset name or the element of the TPM hierarch)160 348 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F5($3)143 360 Q F1("ne)160 360 Q
 (w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
--2.5 E F4($4)137 408 Q F0("ag)154 408 Q(ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .138
-(If the helper doesn')127 426 R 2.638(te)-.18 G 1.804(xist \()-2.788 F
-.138(the shell e)1.666 F .138(xits with)-.15 F F1(127)2.638 E F0 -3.194
-1.666(\), a d)1.666 H .139(iagnostic is issued and the normal prompt)
--1.666 F(is used as f)127 438 Q 2.5(all-back. If)-.1 F(it f)2.5 E
-(ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)
--2.5 E F1 1.666(TPM2 back-end con\214guration)72 462 R(En)84 474 Q(vir)
--.4 E .625(onment v)-.18 F(ariables)-.1 E F4(TSS2_LOG)102 486 Q F0(An)
-155 486 Q 2.5(yo)-.15 G(f:)-2.5 E F1(NONE)2.5 E F0(,)A F1(ERR)2.5 E(OR)
--.3 E F0(,)A F1 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F1(INFO)2.5 E F0(,)A F1
-(DEB)2.5 E(UG)-.1 E F0(,)A F1(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E
-(ault:)-.1 E F1 -1.2(WA)2.5 G(RNING)1.2 E F0(.)A F1 .625(TPM selection)
-84 510 R F0 1.167(The library)102 522 R F2(libtss2-tcti-default.so)3.667
-E F0 1.167(can be link)3.667 F 1.167(ed to an)-.1 F 3.667(yo)-.15 G
-3.667(ft)-3.667 G(he)-3.667 E F4(libtss2-tcti-)3.666 E/F5 10/Symbol SF
-(*)A F4(.so)A F0(li-)3.666 E 1.38(braries to select the def)102 534 R
-1.38(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.881 E F0 3.881(,t)C(hen)
--3.881 E F4(/dev/tpm0)3.881 E F0 3.881(,t)C(hen)-3.881 E F4
-(localhost:2321)3.881 E F0(will be tried, in order)102 546 Q 1.666(\(s)
-4.166 G(ee)-1.666 E F4(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F1 .625
-(See also)84 570 R F0 1.63(The tpm2-tss git repository at)102 582 R F1
-(https://github)4.129 E(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0
-1.629(and the documentation at)4.129 F F1(https://tpm2-tss.r)102 594 Q
-(eadthedocs.io)-.18 E F0(.)A 3.517
-(The TPM 2.0 speci\214cations, mainly at)102 612 R F1
-(https://trustedcomputinggr)6.018 E(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E
-(ce/tpm-library-)-.18 E(speci\214cation/)102 624 Q F0(,)A F1
-(https://trustedcomputinggr)99.315 E(oup.or)-.18 E
-(g/wp-content/uploads/TPM-)-.1 E(Re)102 636 Q(v-2.0-P)-.15 E(art-1-Ar)
--.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0 2.5(,a)C(nd related pages.)
--2.5 E F1 1.666(SPECIAL THANKS)72 660 R F0 1.6 -.8(To a)102 672 T
+-2.5 E F5($4)143 372 Q F1("ag)160 372 Q(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .178
+(If the helper doesn')133 388.8 R 2.678(te)-.18 G .178
+(xist \(the shell e)-2.828 F .177(xits with)-.15 F F2(127)2.677 E F1
+.177(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+400.8 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
+G(ther reason, the prompting is aborted.)-2.5 E F2 1.666
+(TPM2 back-end con\214guration)72 417.6 R(En)87 429.6 Q(vir)-.4 E .625
+(onment v)-.18 F(ariables)-.1 E F5(TSS2_LOG)108 441.6 Q F1(An)161 441.6
+Q 2.5(yo)-.15 G(f:)-2.5 E F2(NONE)2.5 E F1(,)A F2(ERR)2.5 E(OR)-.3 E F1
+(,)A F2 -1.2(WA)2.5 G(RNING)1.2 E F1(,)A F2(INFO)2.5 E F1(,)A F2(DEB)2.5
+E(UG)-.1 E F1(,)A F2(TRA)2.5 E(CE)-.55 E F1 5(.D)C(ef)-5 E(ault:)-.1 E
+F2 -1.2(WA)2.5 G(RNING)1.2 E F1(.)A F2 .625(TPM selection)87 458.4 R F1
+.977(The library)108 470.4 R F3(libtss2-tcti-default.so)3.477 E F1 .977
+(can be link)3.477 F .977(ed to an)-.1 F 3.477(yo)-.15 G 3.477(ft)-3.477
+G(he)-3.477 E F0(libtss2-tcti-)3.477 E/F6 10/Symbol SF(*)A F0(.so)A F1
+.978(libraries to)3.477 F 1.146(select the def)108 482.4 R 1.146
+(ault, otherwise)-.1 F F0(/de)3.646 E(v/tpmrm0)-.15 E F1 3.646(,t)C(hen)
+-3.646 E F0(/de)3.646 E(v/tpm0)-.15 E F1 3.646(,t)C(hen)-3.646 E F0
+(localhost:2321)3.646 E F1 1.145(will be tried, in order)3.646 F(\(see)
+108 494.4 Q F0(ESYS_CONTEXT)2.5 E F1(\(3\)\).)A F2 .625(See also)87
+511.2 R F1 2.247(The tpm2-tss git repository at https://github)108 523.2
+R(.com/tpm2-softw)-.4 E 2.247(are/tpm2-tss and the documentation at)-.1
+F(https://tpm2-tss.readthedocs.io.)108 535.2 Q 5.774(The TPM 2.0 speci\
+\214cations, mainly at https://trustedcomputinggroup.or)108 552 R
+(g/resource/tpm-library-)-.18 E 111.845
+(speci\214cation/, https://trustedcomputinggroup.or)108 564 R
+(g/wp-content/uploads/TPM-)-.18 E(Re)108 576 Q(v-2.0-P)-.25 E
+(art-1-Architecture-01.38.pdf, and related pages.)-.15 E F2 1.666
+(SPECIAL THANKS)72 592.8 R F1 1.6 -.8(To a)108 604.8 T
 (ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
-.15 E F1<83>122 684 Q F0(ThePhD)7.5 E F1<83>122 696 Q F0(Embark Studios)
-7.5 E F1<83>122 708 Q F0(Lars Strojn)7.5 E(y)-.15 E(tzpfms 0.3.3)72
-799.889 Q(June 12, 2023)156.365 E(11)196.085 E 0 Cg EP
-%%Page: 12 12
+.15 E F2<83>128 616.8 Q F1(ThePhD)7.5 E F2<83>128 628.8 Q F1
+(Embark Studios)7.5 E F2<83>128 640.8 Q F1(Lars Strojn)7.5 E(y)-.15 E F2
+(REPOR)72 657.6 Q 1.666(TING B)-.4 F(UGS)-.1 E F1(https://todo.sr)108
+669.6 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F0(\001nabijaczle)
+108 686.4 Q(weli/tzpfms@lists.sr)-.15 E(.ht)-1.11 E F1 2.5(,a)C(rchi)
+-2.5 E -.15(ve)-.25 G 2.5(da).15 G 2.5(th)-2.5 G(ttps://lists.sr)-2.5 E
+(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(tzpfms 0.3.3-1-g)72
+817.889 Q 98.073(aa1c21f July)-.05 F(16, 2023)2.5 E(1)193.552 E 0 Cg EP
+%%Page: 1 10
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CLEAR-KEY \(8\))72 48 R
-(System Manager')62.209 E 2.5(sM)-.55 G 57.209(anual ZFS-TPM2-CLEAR-KEY)
--2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF(REPOR)72 96 Q 1.666(TING B)
--.4 F(UGS)-.1 E(https://todo.sr)102 108 Q(.ht/\001nabijaczleweli/tzpfms)
--1 E/F2 10/Courier@0 SF(\001nabijaczleweli/tzpfms@lists.sr.ht)102 126 Q
-F0 86.762(,a)C(rchi)-86.762 E -.15(ve)-.25 G 86.763(da).15 G(t)-86.763 E
-F1(https://lists.sr)102 138 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A
-(tzpfms 0.3.3)72 799.889 Q(June 12, 2023)156.365 E(12)196.085 E 0 Cg EP
-%%Page: 13 13
-%%BeginPageSetup
-BP
-%%EndPageSetup
-/F0 10/Times-Roman@0 SF(ZFS-TPM2-LO)72 48 Q -.834(AD-KEY \(8\))-.35 F
-(System Manager')67.569 E 2.5(sM)-.55 G 62.569(anual ZFS-TPM2-LO)-2.5 F
--.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E
-/F2 10/Courier-Bold@0 SF(zfs-tpm2-load-key)102 108 Q F0 2.5<8a6c>2.5 G
-(oad TPM2-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72
-132 Q F2(zfs-tpm2-load-key)102 144 Q F0([)3.333 E F2<ad6e>2.499 E F0(])
-.833 E/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 168 Q
-F0 .003(After v)102 180 R(erifying)-.15 E F3(dataset)2.503 E F0 -.1(wa)
-2.503 G 2.503(se).1 G .003(ncrypted with)-2.503 F F2(tzpfms)2.503 E F0
-(back)2.503 E(end)-.1 E F1(TPM2)2.503 E F0 2.503(,u)C .003(nseals the k)
--2.503 F .303 -.15(ey a)-.1 H .003(nd loads it into).15 F F3(dataset)102
-192 Q F0(.)A(The user is prompted for the additional passphrase, set wh\
-en creating the k)102 210 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5(fo)-2.5 G
-(ne w)-2.5 E(as set.)-.1 E(See)102 228 Q/F4 10/Courier@0 SF
-(zfs-tpm2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1
-(OPTIONS)72 252 Q F2<ad6e>103.666 264 Q F0 3.583
-(Do a no-op/dry run, can be used e)125 264 R -.15(ve)-.25 G 6.083(ni).15
-G 6.083(ft)-6.083 G 3.583(he k)-6.083 F 3.883 -.15(ey i)-.1 H 6.083(sa)
-.15 G 3.583(lready loaded.)-6.083 F(Equi)8.583 E -.25(va)-.25 G 3.583
-(lent to).25 F F2(zfs)6.083 E(load-key)125 276 Q F0 -.55('s)C F2<ad6e>
-4.716 E F0(option.)2.5 E F1(ENVIR)72 300 Q 1.666(ONMENT V)-.3 F
-(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)102 312 Q F0 .421(By def)
-127 324 R .42(ault, passphrases are prompted for and read in on the sta\
-ndard output and input streams.)-.1 F(If)5.42 E F4
-(TZPFMS_PASSPHRASE_HELPER)127 336 Q F0 .46(is set and nonempty)2.96 F
-2.961(,i)-.65 G 2.961(tw)-2.961 G .461(ill be run via)-2.961 F F4(/bin/)
-2.961 E F2 2.127(sh \255c)B F0 .461(to pro-)2.961 F
-(vide each passphrase, instead.)127 348 Q .15
-(The standard output stream of the helper is tied to an anon)127 366 R
-.15(ymous \214le and used in its entirety as the)-.15 F(passphrase, e)
-127 378 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
-(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)137 390 Q F0
-(Pre-formatted noun phrase with all the information belo)154 390 Q 1.3
--.65(w, f)-.25 H(or use as a prompt).65 E F4($2)137 402 Q F0
-(Either the dataset name or the element of the TPM hierarch)154 402 Q
-2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)137 414 Q F0("ne)154 414 Q
-(w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
--2.5 E F4($4)137 426 Q F0("ag)154 426 Q(ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .138
-(If the helper doesn')127 444 R 2.638(te)-.18 G 1.804(xist \()-2.788 F
-.138(the shell e)1.666 F .138(xits with)-.15 F F1(127)2.638 E F0 -3.194
-1.666(\), a d)1.666 H .139(iagnostic is issued and the normal prompt)
--1.666 F(is used as f)127 456 Q 2.5(all-back. If)-.1 F(it f)2.5 E
-(ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)
--2.5 E F1 1.666(TPM1.X back-end con\214guration)72 480 R .625
-(TPM selection)84 492 R F0(The)102 504 Q F2(tzpfms)2.683 E F0 .182
-(suite connects to a local)2.683 F F4(tcsd)2.682 E F0 .182
-(\(8\) process)B 1.666(\(a)4.348 G(t)-1.666 E F4(localhost:30003)2.682 E
-F0 4.348(\)b)1.666 G 2.682(yd)-4.348 G(ef)-2.682 E 2.682(ault. Use)-.1 F
-(the)2.682 E(en)102 516 Q(vironment v)-.4 E(ariable)-.25 E F4
-(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .61
-(The T)102 534 R(rouSerS)-.35 E F4(tcsd)3.11 E F0 .61
-(\(8\) daemon will try)B F4(/dev/tpm0)3.11 E F0 3.11(,t)C(hen)-3.11 E F4
-(/udev/tpm0)3.111 E F0 3.111(,t)C(hen)-3.111 E F4(/dev/tpm)3.111 E F0
-3.111(;b)C 3.111(yo)-3.111 G(ccu-)-3.111 E -.1(py)102 546 S
-(ing one of the earlier ones with, for e).1 E
-(xample, shell redirection, a later one can be selected.)-.15 E F1 .625
-(See also)84 570 R F0(The T)102 582 Q(rouSerS project page at)-.35 E F1
-(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
-E(ousers)-.18 E F0(.)A 2.719(The TPM 1.2 main speci\214cation inde)102
-600 R 5.219(xa)-.15 G(t)-5.219 E F1(https://trustedcomputinggr)5.219 E
-(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
-(speci\214cation)102 612 Q F0(.)A F1 1.666(SPECIAL THANKS)72 636 R F0
-1.6 -.8(To a)102 648 T(ll who support further de).8 E -.15(ve)-.25 G
-(lopment, in particular:).15 E F1<83>122 660 Q F0(ThePhD)7.5 E F1<83>122
-672 Q F0(Embark Studios)7.5 E F1<83>122 684 Q F0(Lars Strojn)7.5 E(y)
--.15 E F1(REPOR)72 708 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)
-102 720 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F4
-(\001nabijaczleweli/tzpfms@lists.sr.ht)102 738 Q F0 86.762(,a)C(rchi)
--86.762 E -.15(ve)-.25 G 86.763(da).15 G(t)-86.763 E F1
-(https://lists.sr)102 750 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A
-(tzpfms 0.3.3)72 799.889 Q(June 12, 2023)156.365 E(13)196.085 E 0 Cg EP
+/F0 10/Times-Italic@0 SF(ZFS-TPM2-LO)72 48 Q(AD-KEY)-.55 E/F1 10
+/Times-Roman@0 SF 63.563(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G
+(anual)-2.5 E F0(ZFS-TPM2-LO)63.562 E(AD-KEY)-.55 E F1(\(8\))A/F2 10
+/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E F1(zfs-tpm2-load-k)108 96 Q .3
+-.15(ey \212 l)-.1 H(oad TPM2-encrypted ZFS dataset k).15 E -.15(ey)-.1
+G F2(SYNOPSIS)72 112.8 Q/F3 10/Courier-Bold@0 SF(zfs-tpm-list)108 124.8
+Q F1([)2.5 E/F4 10/Courier@0 SF<ad6e>1.666 E F1(])A/F5 10
+/Courier-Oblique@0 SF(dataset)2.5 E F2(DESCRIPTION)72 141.6 Q F1 .865
+(After v)108 153.6 R(erifying)-.15 E F5(dataset)3.365 E F1 -.1(wa)3.365
+G 3.365(se).1 G .865(ncrypted with)-3.365 F F3(tzpfms)3.365 E F1(back)
+3.365 E(end)-.1 E F2(TPM2)3.365 E F1 3.365(,u)C .864(nseals the k)-3.365
+F 1.164 -.15(ey a)-.1 H .864(nd loads it).15 F(into)108 165.6 Q F5
+(dataset)2.5 E F1(.)A(The user is prompted for the additional passphras\
+e, set when creating the k)108 182.4 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5
+(fo)-2.5 G(ne w)-2.5 E(as set.)-.1 E(See)108 199.2 Q F0(zfs-tpm2-c)2.5 E
+(hang)-.15 E(e-k)-.1 E -.3(ey)-.1 G F1
+(\(8\) for a detailed description.).3 E F2(OPTIONS)72 216 Q F4<ad6e>
+109.666 228 Q F1 3.208(Do a no-op/dry run, can be used e)131 228 R -.15
+(ve)-.25 G 5.708(ni).15 G 5.708(ft)-5.708 G 3.208(he k)-5.708 F 3.508
+-.15(ey i)-.1 H 5.708(sa).15 G 3.208(lready loaded.)-5.708 F(Equi)8.208
+E -.25(va)-.25 G 3.208(lent to).25 F F3(zfs)5.708 E F4(load-key)131 240
+Q F1 -.55('s)C F4<ad6e>4.716 E F1(option.)2.5 E F2(ENVIR)72 256.8 Q
+1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108
+268.8 Q F1 .046(By def)133 280.8 R .045(ault, passphrases are prompted \
+for and read in on the standard output and input streams.)-.1 F(If)5.045
+E F4(TZPFMS_PASSPHRASE_HELPER)133 292.8 Q F1 .896(is set and nonempty)
+3.396 F 3.396(,i)-.65 G 3.396(tw)-3.396 G .896(ill be run via)-3.396 F
+F0(/bin/)3.396 E F3(sh)A F4<ad63>8.562 E F1 .897(to pro-)3.396 F
+(vide each passphrase, instead.)133 304.8 Q .643
+(The standard output stream of the helper is tied to an anon)133 321.6 R
+.643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+133 333.6 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 345.6 Q F1
+(Pre-formatted noun phrase with all the information belo)160 345.6 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 357.6 Q F1
+(Either the dataset name or the element of the TPM hierarch)160 357.6 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 369.6 Q F1("ne)160
+369.6 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
+(assphrase, otherwise blank)-2.5 E F4($4)143 381.6 Q F1("ag)160 381.6 Q
+(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 398.4 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F2(127)2.677 E F1
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+410.4 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
+G(ther reason, the prompting is aborted.)-2.5 E F2 1.666
+(TPM1.X back-end con\214guration)72 427.2 R .625(TPM selection)87 439.2
+R F1(The)108 451.2 Q F3(tzpfms)2.509 E F1 .009
+(suite connects to a local)2.509 F F0(tcsd)2.508 E F1 .008
+(\(8\) process \(at)B F0(localhost:30003)2.508 E F1 2.508(\)b)C 2.508
+(yd)-2.508 G(ef)-2.508 E 2.508(ault. Use)-.1 F .008(the en)2.508 F
+(viron-)-.4 E(ment v)108 463.2 Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F1
+(to specify a remote TCS hostname.)2.5 E .444(The T)108 480 R(rouSerS)
+-.35 E F0(tcsd)2.944 E F1 .444(\(8\) daemon will try)B F0(/de)2.945 E
+(v/tpm0)-.15 E F1 2.945(,t)C(hen)-2.945 E F0(/ude)2.945 E(v/tpm0)-.15 E
+F1 2.945(,t)C(hen)-2.945 E F0(/de)2.945 E(v/tpm)-.15 E F1 2.945(;b)C
+2.945(yo)-2.945 G(ccup)-2.945 E .445(ying one of)-.1 F
+(the earlier ones with, for e)108 492 Q
+(xample, shell redirection, a later one can be selected.)-.15 E F2 .625
+(See also)87 508.8 R F1(The T)108 520.8 Q
+(rouSerS project page at https://sourcefor)-.35 E
+(ge.net/projects/trousers.)-.18 E 4.415
+(The TPM 1.2 main speci\214cation inde)108 537.6 R 6.915(xa)-.15 G 6.915
+(th)-6.915 G(ttps://trustedcomputinggroup.or)-6.915 E
+(g/resource/tpm-main-)-.18 E(speci\214cation.)108 549.6 Q F2 1.666
+(SPECIAL THANKS)72 566.4 R F1 1.6 -.8(To a)108 578.4 T
+(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
+.15 E F2<83>128 590.4 Q F1(ThePhD)7.5 E F2<83>128 602.4 Q F1
+(Embark Studios)7.5 E F2<83>128 614.4 Q F1(Lars Strojn)7.5 E(y)-.15 E F2
+(REPOR)72 631.2 Q 1.666(TING B)-.4 F(UGS)-.1 E F1(https://todo.sr)108
+643.2 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F0(\001nabijaczle)
+108 660 Q(weli/tzpfms@lists.sr)-.15 E(.ht)-1.11 E F1 2.5(,a)C(rchi)-2.5
+E -.15(ve)-.25 G 2.5(da).15 G 2.5(th)-2.5 G(ttps://lists.sr)-2.5 E
+(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(tzpfms 0.3.3-1-g)72
+817.889 Q 98.073(aa1c21f July)-.05 F(16, 2023)2.5 E(1)193.552 E 0 Cg EP
 %%Trailer
 end
 %%EOF
diff --git a/zfs-tpm-list.8 b/zfs-tpm-list.8
index 3373205..51d0332 100644
--- a/zfs-tpm-list.8
+++ b/zfs-tpm-list.8
@@ -1,9 +1,9 @@
 .\" SPDX-License-Identifier: MIT
 .
-.Dd June 12, 2023
+.Dd July 16, 2023
 .ds doc-volume-operating-system
 .Dt ZFS-TPM-LIST 8
-.Os tzpfms 0.3.3
+.Os tzpfms 0.3.3-1-gaa1c21f
 .
 .Sh NAME
 .Nm zfs-tpm-list
diff --git a/zfs-tpm-list.8.html b/zfs-tpm-list.8.html
index 177a0a5..e3940df 100644
--- a/zfs-tpm-list.8.html
+++ b/zfs-tpm-list.8.html
@@ -164,8 +164,8 @@ tarta-zoot/vm - available yes</div>
 </div>
 <table class="foot">
   <tr>
-    <td class="foot-date">June 12, 2023</td>
-    <td class="foot-os">tzpfms 0.3.3</td>
+    <td class="foot-date">July 16, 2023</td>
+    <td class="foot-os">tzpfms 0.3.3-1-gaa1c21f</td>
   </tr>
 </table>
 </body>
diff --git a/zfs-tpm1x-change-key.8 b/zfs-tpm1x-change-key.8
index bd2793b..3bc6437 100644
--- a/zfs-tpm1x-change-key.8
+++ b/zfs-tpm1x-change-key.8
@@ -1,9 +1,9 @@
 .\" SPDX-License-Identifier: MIT
 .
-.Dd June 12, 2023
+.Dd July 16, 2023
 .ds doc-volume-operating-system
 .Dt ZFS-TPM1X-CHANGE-KEY 8
-.Os tzpfms 0.3.3
+.Os tzpfms 0.3.3-1-gaa1c21f
 .
 .Sh NAME
 .Nm zfs-tpm1x-change-key
diff --git a/zfs-tpm1x-change-key.8.html b/zfs-tpm1x-change-key.8.html
index aa69b75..81dfa26 100644
--- a/zfs-tpm1x-change-key.8.html
+++ b/zfs-tpm1x-change-key.8.html
@@ -217,8 +217,8 @@
 </div>
 <table class="foot">
   <tr>
-    <td class="foot-date">June 12, 2023</td>
-    <td class="foot-os">tzpfms 0.3.3</td>
+    <td class="foot-date">July 16, 2023</td>
+    <td class="foot-os">tzpfms 0.3.3-1-gaa1c21f</td>
   </tr>
 </table>
 </body>
diff --git a/zfs-tpm1x-clear-key.8 b/zfs-tpm1x-clear-key.8
index 3d90ed3..4c3a1c3 100644
--- a/zfs-tpm1x-clear-key.8
+++ b/zfs-tpm1x-clear-key.8
@@ -1,9 +1,9 @@
 .\" SPDX-License-Identifier: MIT
 .
-.Dd June 12, 2023
+.Dd July 16, 2023
 .ds doc-volume-operating-system
 .Dt ZFS-TPM1X-CLEAR-KEY 8
-.Os tzpfms 0.3.3
+.Os tzpfms 0.3.3-1-gaa1c21f
 .
 .Sh NAME
 .Nm zfs-tpm1x-clear-key
diff --git a/zfs-tpm1x-clear-key.8.html b/zfs-tpm1x-clear-key.8.html
index b7c8f48..a63e574 100644
--- a/zfs-tpm1x-clear-key.8.html
+++ b/zfs-tpm1x-clear-key.8.html
@@ -101,8 +101,8 @@
 </div>
 <table class="foot">
   <tr>
-    <td class="foot-date">June 12, 2023</td>
-    <td class="foot-os">tzpfms 0.3.3</td>
+    <td class="foot-date">July 16, 2023</td>
+    <td class="foot-os">tzpfms 0.3.3-1-gaa1c21f</td>
   </tr>
 </table>
 </body>
diff --git a/zfs-tpm1x-load-key.8 b/zfs-tpm1x-load-key.8
index a818753..4cce210 100644
--- a/zfs-tpm1x-load-key.8
+++ b/zfs-tpm1x-load-key.8
@@ -1,9 +1,9 @@
 .\" SPDX-License-Identifier: MIT
 .
-.Dd June 12, 2023
+.Dd July 16, 2023
 .ds doc-volume-operating-system
 .Dt ZFS-TPM1X-LOAD-KEY 8
-.Os tzpfms 0.3.3
+.Os tzpfms 0.3.3-1-gaa1c21f
 .
 .Sh NAME
 .Nm zfs-tpm1x-load-key
diff --git a/zfs-tpm1x-load-key.8.html b/zfs-tpm1x-load-key.8.html
index b159548..71a2bad 100644
--- a/zfs-tpm1x-load-key.8.html
+++ b/zfs-tpm1x-load-key.8.html
@@ -137,8 +137,8 @@
 </div>
 <table class="foot">
   <tr>
-    <td class="foot-date">June 12, 2023</td>
-    <td class="foot-os">tzpfms 0.3.3</td>
+    <td class="foot-date">July 16, 2023</td>
+    <td class="foot-os">tzpfms 0.3.3-1-gaa1c21f</td>
   </tr>
 </table>
 </body>
diff --git a/zfs-tpm2-change-key.8 b/zfs-tpm2-change-key.8
index 8ce70e1..7c6fa35 100644
--- a/zfs-tpm2-change-key.8
+++ b/zfs-tpm2-change-key.8
@@ -1,9 +1,9 @@
 .\" SPDX-License-Identifier: MIT
 .
-.Dd June 12, 2023
+.Dd July 16, 2023
 .ds doc-volume-operating-system
 .Dt ZFS-TPM2-CHANGE-KEY 8
-.Os tzpfms 0.3.3
+.Os tzpfms 0.3.3-1-gaa1c21f
 .
 .Sh NAME
 .Nm zfs-tpm2-change-key
diff --git a/zfs-tpm2-change-key.8.html b/zfs-tpm2-change-key.8.html
index 6879067..1355511 100644
--- a/zfs-tpm2-change-key.8.html
+++ b/zfs-tpm2-change-key.8.html
@@ -263,8 +263,8 @@
 </div>
 <table class="foot">
   <tr>
-    <td class="foot-date">June 12, 2023</td>
-    <td class="foot-os">tzpfms 0.3.3</td>
+    <td class="foot-date">July 16, 2023</td>
+    <td class="foot-os">tzpfms 0.3.3-1-gaa1c21f</td>
   </tr>
 </table>
 </body>
diff --git a/zfs-tpm2-clear-key.8 b/zfs-tpm2-clear-key.8
index 92f15a1..71f3eb8 100644
--- a/zfs-tpm2-clear-key.8
+++ b/zfs-tpm2-clear-key.8
@@ -1,9 +1,9 @@
 .\" SPDX-License-Identifier: MIT
 .
-.Dd June 12, 2023
+.Dd July 16, 2023
 .ds doc-volume-operating-system
 .Dt ZFS-TPM2-CLEAR-KEY 8
-.Os tzpfms 0.3.3
+.Os tzpfms 0.3.3-1-gaa1c21f
 .
 .Sh NAME
 .Nm zfs-tpm2-clear-key
diff --git a/zfs-tpm2-clear-key.8.html b/zfs-tpm2-clear-key.8.html
index 1ab15ab..8e7f37b 100644
--- a/zfs-tpm2-clear-key.8.html
+++ b/zfs-tpm2-clear-key.8.html
@@ -152,8 +152,8 @@
 </div>
 <table class="foot">
   <tr>
-    <td class="foot-date">June 12, 2023</td>
-    <td class="foot-os">tzpfms 0.3.3</td>
+    <td class="foot-date">July 16, 2023</td>
+    <td class="foot-os">tzpfms 0.3.3-1-gaa1c21f</td>
   </tr>
 </table>
 </body>
diff --git a/zfs-tpm2-load-key.8 b/zfs-tpm2-load-key.8
index 53e5de5..50cd6f6 100644
--- a/zfs-tpm2-load-key.8
+++ b/zfs-tpm2-load-key.8
@@ -1,9 +1,9 @@
 .\" SPDX-License-Identifier: MIT
 .
-.Dd June 12, 2023
+.Dd July 16, 2023
 .ds doc-volume-operating-system
 .Dt ZFS-TPM2-LOAD-KEY 8
-.Os tzpfms 0.3.3
+.Os tzpfms 0.3.3-1-gaa1c21f
 .
 .Sh NAME
 .Nm zfs-tpm2-load-key
diff --git a/zfs-tpm2-load-key.8.html b/zfs-tpm2-load-key.8.html
index d42dd4a..b86fade 100644
--- a/zfs-tpm2-load-key.8.html
+++ b/zfs-tpm2-load-key.8.html
@@ -136,8 +136,8 @@
 </div>
 <table class="foot">
   <tr>
-    <td class="foot-date">June 12, 2023</td>
-    <td class="foot-os">tzpfms 0.3.3</td>
+    <td class="foot-date">July 16, 2023</td>
+    <td class="foot-os">tzpfms 0.3.3-1-gaa1c21f</td>
   </tr>
 </table>
 </body>