third-party-mirrors/tzpfms
1
0
Fork 0
mirror of https://git.sr.ht/~nabijaczleweli/tzpfms synced 2025-04-15 09:40:32 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Proof zfs-tpm1x-change-key.8

Browse Source
This commit is contained in:
наб 2021-11-28 17:13:15 +01:00
parent e0b0de31b9
commit 503ac72235
No known key found for this signature in database
GPG Key ID: BCFD0B018D2658F1
2 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
README.md
View File

@ -1,4 +1,4 @@
# tzpfms [![builds.sr.ht badge](//builds.sr.ht/~nabijaczleweli/tzpfms.svg)](https://builds.sr.ht/~nabijaczleweli/tzpfms) [![Licence](//img.shields.io/badge/license-MIT-blue.svg?style=flat)](LICENSE) # tzpfms [![builds.sr.ht badge](//builds.sr.ht/~nabijaczleweli/tzpfms.svg)](//builds.sr.ht/~nabijaczleweli/tzpfms) [![Licence](//img.shields.io/badge/license-MIT-blue.svg?style=flat)](LICENSE)
TPM-based encryption keys for ZFS datasets. TPM-based encryption keys for ZFS datasets.
## [Manpages](//srhtcdn.githack.com/~nabijaczleweli/tzpfms/blob/man/zfs-tpm-list.8.html) ([PDF](//srhtcdn.githack.com/~nabijaczleweli/tzpfms/blob/man/tzpfms.pdf)) ## [Manpages](//srhtcdn.githack.com/~nabijaczleweli/tzpfms/blob/man/zfs-tpm-list.8.html) ([PDF](//srhtcdn.githack.com/~nabijaczleweli/tzpfms/blob/man/tzpfms.pdf))
@ -22,7 +22,7 @@ Additionally, 1.x TPMs support PCR binding with and without passwords.
2 TPMs support PCR binding without a password and PCR binding *OR* a password both may be set, and any can be used to unseal (exclusive by default to prevent foot-guns). 2 TPMs support PCR binding without a password and PCR binding *OR* a password both may be set, and any can be used to unseal (exclusive by default to prevent foot-guns).
Both dracut (with/without Plymouth) (with/without hostonly) (only on systemd systems, I don't have a test-bed for the non-systemd path) Both dracut (with/without Plymouth) (with/without hostonly) (only on systemd systems, I don't have a test-bed for the non-systemd path)
and initramfs-tools (with/without Plymouth) are supported for [ZFS-on-root](https://nabijaczleweli.xyz/content/blogn_t/005-low-curse-zfs-on-root.html) set-ups. and initramfs-tools (with/without Plymouth) are supported for [ZFS-on-root](//nabijaczleweli.xyz/content/blogn_t/005-low-curse-zfs-on-root.html) set-ups.
### Building ### Building
@ -63,7 +63,7 @@ Then the usual
sudo apt update sudo apt update
sudo apt install tzpfms-tpm2 tzpfms-dracut sudo apt install tzpfms-tpm2 tzpfms-dracut
``` ```
will work on amd64 and i386 (x32 [still](https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=968256#15) doesn't have ZFS in Debian). will work on amd64, x32, and i386.
See the [repository README](//debian.nabijaczleweli.xyz/README) for more information. See the [repository README](//debian.nabijaczleweli.xyz/README) for more information.

2
man/zfs-tpm1x-change-key.8.pp
View File

@ -105,7 +105,7 @@ In case of a catastrophic event, the key can be loaded by running
Bind the key to space- or comma-separated Bind the key to space- or comma-separated
.Ar PCR Ns s .Ar PCR Ns s
\(em if they change, the wrapping key will not be able to be unsealed. \(em if they change, the wrapping key will not be able to be unsealed.
The minimum amount of PCRs for a PC TPM is The minimum number of PCRs for a PC TPM is
.Sy 24 Pq numbered Sy 0 Ns .. Ns Sy 23 . .Sy 24 Pq numbered Sy 0 Ns .. Ns Sy 23 .
For most, this is also the maximum. For most, this is also the maximum.
.El .El