third-party-mirrors/tzpfms
1
0
Fork 0
mirror of https://git.sr.ht/~nabijaczleweli/tzpfms synced 2025-04-21 09:47:35 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Manpage update by job 628166

Browse Source
This commit is contained in:
наб autouploader 2021-11-15 18:06:19 +00:00
parent 1b8baa34b4
commit 67d7e0f770
16 changed files with 709 additions and 208 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
tzpfms.pdf
View File

Binary file not shown.

530
tzpfms.ps
View File

@ -1,6 +1,6 @@
%!PS-Adobe-3.0
%%Creator: groff version 1.22.4
%%CreationDate: Fri Nov 12 18:42:47 2021
%%CreationDate: Mon Nov 15 18:06:19 2021
%%DocumentNeededResources: font Times-Roman
%%+ font Times-Bold
%%+ font Courier-Bold
@ -9,7 +9,7 @@
%%+ font Symbol
%%+ font Times-Italic
%%DocumentSuppliedResources: procset grops 1.22 4
%%Pages: 10
%%Pages: 13
%%PageOrder: Ascend
%%DocumentMedia: Default 595 842 0 () ()
%%Orientation: Portrait
@ -305,8 +305,8 @@ R 12(awa -)102 606 R 6(available yes)54 F($)102 630 Q F2 1.666
(KEYSTATUS COHERENT)12 F 6(owo/venc TPM2)102 654 R 6(unavailable yes)36
F($)102 678 Q F2 1.666(zfs-tpm-list \255ra)6 F F3(owo)6 E F4 30
(NAME BACK-END)102 690 R 18(KEYSTATUS COHERENT)12 F 6(owo/venc TPM2)102
702 R 6(unavailable yes)36 F F0(tzpfms 0.1-12)72 750 Q(No)138.745 E -.15
(ve)-.15 G(mber 12, 2021).15 E(1)189.295 E 0 Cg EP
702 R 6(unavailable yes)36 F F0(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15
(ve)-.15 G(mber 15, 2021).15 E(1)189.295 E 0 Cg EP
%%Page: 2 2
%%BeginPageSetup
BP
@ -323,13 +323,14 @@ G 6(vailable yes)-54 F 12(owo/enc TPM1.X)102 204 R 6(available yes)24 F
/F3 10/Times-Bold@0 SF 1.666(SPECIAL THANKS)72 228 R F0 1.6 -.8(To a)102
240 T(ll who support further de).8 E -.15(ve)-.25 G
(lopment, in particular:).15 E F3<83>122 252 Q F0(ThePhD)2.5 E F3<83>122
264 Q F0(Embark Studios)2.5 E F3(REPOR)72 288 Q 1.666(TING B)-.4 F(UGS)
-.1 E(https://todo.sr)102 300 Q(.ht/~nabijaczleweli/tzpfms)-1 E F1
(~nabijaczleweli/tzpfms@lists.sr.ht)102 318 Q F0 2.5(,a)C(rchi)-2.5 E
264 Q F0(Embark Studios)2.5 E F3<83>122 276 Q F0(Jasper Bekk)2.5 E(ers)
-.1 E F3(REPOR)72 300 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102
312 Q(.ht/~nabijaczleweli/tzpfms)-1 E F1
(~nabijaczleweli/tzpfms@lists.sr.ht)102 330 Q F0 2.5(,a)C(rchi)-2.5 E
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F3(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F3 1.666(SEE ALSO)72 342 R
(https://git.sr)102 354 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-12)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 12, 2021).15 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F3 1.666(SEE ALSO)72 354 R
(https://git.sr)102 366 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E
(2)189.295 E 0 Cg EP
%%Page: 3 3
%%BeginPageSetup
@ -418,42 +419,72 @@ F0(Sa)191 618 Q .806 -.15(ve a b)-.2 H .506(ack-up of the k).15 F .805
(case of a catastrophic e)3.181 F -.15(ve)-.25 G .682(nt, the k).15 F
.982 -.15(ey c)-.1 H(an).15 E(be loaded by running)191 642 Q F2
(zfs load-key)221 654 Q F3(dataset)6 E F5(<)6 E F3(backup-file)6 E F1
1.666(TPM1.X back-end con\214guration)72 678 R F0(tzpfms 0.1-12)72 750 Q
(No)138.745 E -.15(ve)-.15 G(mber 12, 2021).15 E(3)189.295 E 0 Cg EP
(ENVIR)72 678 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F0(tzpfms 0.1-14)
72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E(3)189.295 E 0
Cg EP
%%Page: 4 4
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF -.834(ZFS-TPM1X-CHANGE-KEY \(8\))72 48 R
(System Manager')46.109 E 2.5(sM)-.55 G 41.109
(anual ZFS-TPM1X-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF
.625(TPM selection)84 96 R F0(The)102 108 Q/F2 10/Courier-Bold@0 SF
(tzpfms)2.768 E F0 .267(suite connects to a local)2.767 F/F3 10
/Courier@0 SF(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)
-1.666 E F3(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433
G(ef)-2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102
120 Q(ariable)-.25 E F3(TZPFMS_TPM1X)2.5 E F0
(to specify a remote TCS hostname.)2.5 E .391(The T)102 138 R(rouSerS)
-.35 E F3(tcsd)2.891 E F0 .391(\(8\) daemon will try)B F3(/dev/tpm0)
2.892 E F0 2.892(,t)C(hen)-2.892 E F3(/udev/tpm0)2.892 E F0 2.892(,t)C
(hen)-2.892 E F3(/dev/tpm)2.892 E F0 2.892(;b)C 2.892(yo)-2.892 G(ccup)
-2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 150 Q
(xample, shell redirection, a later one can be selected.)-.15 E F1 .625
(See also)84 174 R F0(The T)102 186 Q(rouSerS project page at)-.35 E F1
(anual ZFS-TPM1X-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Courier@0 SF
(TZPFMS_PASSPHRASE_HELPER)102 96 Q F0(If set and nonempty)143 108 Q 2.5
(,w)-.65 G(ill be run as)-2.5 E F1(/bin/)173 120 Q/F2 10/Courier-Bold@0
SF 70.333(sh \255c)B F1("$TZPFMS_PASSPHRASE_HELPER")74.667 E
("$TZPFMS_PASSPHRASE_HELPER")173 132 Q F0(")10.715 E/F3 10
/Courier-Oblique@0 SF 4.715(prepared prompt)B F0 7.215("")C F3(target)
-7.215 E F0 7.215("")C([)-7.215 E F1(new)A F0(]")A("[)173 144 Q F1
(again)A F0(]")A(to pro)143 156 Q
(vide a passphrase, instead of reading from the standard input.)-.15 E
.189(The standard output stream of the helper is tied to an anon)143 174
R .188(ymous \214le and used in its entirety as the)-.15 F .446
(passphrase, e)143 186 R .446(xcept for a trailing ne)-.15 F .446
(w-line, if an)-.25 F 4.246 -.65(y. T)-.15 H .447(he second ar).65 F
.447(gument contains either the dataset)-.18 F 2.14
(name or the element of the TPM hierarch)143 198 R 5.94 -.65(y. T)-.05 H
2.14(he third ar).65 F 2.14(gument is)-.18 F F1(new)4.64 E F0 2.14
(if this is for a ne)4.64 F(w)-.25 E .573(passphrase, and the fourth is)
143 210 R F1(again)3.074 E F0 .574(if it')3.074 F 3.074(st)-.55 G .574
(he second prompt for that passphrase.)-3.074 F .574(The \214rst ar)
5.574 F(gu-)-.18 E(ment already contains all of this information, as a \
pre-formatted noun phrase.)143 222 Q .181(If the helper doesn')143 240 R
2.681(te)-.18 G 1.847(xist \()-2.831 F .181(the shell e)1.666 F .181
(xits with)-.15 F/F4 10/Times-Bold@0 SF(127)2.681 E F0 -3.151 1.666
(\), a d)1.666 H .181(iagnostic is issued and the normal prompt)-1.666 F
(is used as f)143 252 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)
-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)-2.5 E(An e)
143 270 Q(xample v)-.15 E(alue w)-.25 E(ould be: ')-.1 E F2 1.666
(systemd-ask-password \255-id)B F1(=)A F0(")A F1(tzpfms:)A F3($2)A F0
2.5("")C F3($1)-2.5 E F1(:)A F0("'.)6 E F4 1.666
(TPM1.X back-end con\214guration)72 294 R .625(TPM selection)84 306 R F0
(The)102 318 Q F2(tzpfms)2.767 E F0 .267(suite connects to a local)2.767
F F1(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E
F1(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)
-2.767 E 2.767(ault. Use)-.1 F .268(the en-)2.767 F(vironment v)102 330
Q(ariable)-.25 E F1(TZPFMS_TPM1X)2.5 E F0
(to specify a remote TCS hostname.)2.5 E .392(The T)102 348 R(rouSerS)
-.35 E F1(tcsd)2.892 E F0 .392(\(8\) daemon will try)B F1(/dev/tpm0)
2.892 E F0 2.892(,t)C(hen)-2.892 E F1(/udev/tpm0)2.892 E F0 2.891(,t)C
(hen)-2.891 E F1(/dev/tpm)2.891 E F0 2.891(;b)C 2.891(yo)-2.891 G(ccup)
-2.891 E(ying)-.1 E(one of the earlier ones with, for e)102 360 Q
(xample, shell redirection, a later one can be selected.)-.15 E F4 .625
(See also)84 384 R F0(The T)102 396 Q(rouSerS project page at)-.35 E F4
(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102
204 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E
E(ousers)-.18 E F0(.)A 5.108(The TPM 1.2 main speci\214cation inde)102
414 R 7.609(xa)-.15 G(t)-7.609 E F4(https://trustedcomputinggr)7.609 E
(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
(speci\214cation)102 216 Q F0(.)A F1 1.666(SPECIAL THANKS)72 240 R F0
1.6 -.8(To a)102 252 T(ll who support further de).8 E -.15(ve)-.25 G
(lopment, in particular:).15 E F1<83>122 264 Q F0(ThePhD)2.5 E F1<83>122
276 Q F0(Embark Studios)2.5 E F1(REPOR)72 300 Q 1.666(TING B)-.4 F(UGS)
-.1 E(https://todo.sr)102 312 Q(.ht/~nabijaczleweli/tzpfms)-1 E F3
(~nabijaczleweli/tzpfms@lists.sr.ht)102 330 Q F0 2.5(,a)C(rchi)-2.5 E
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 354 R
(https://git.sr)102 366 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-12)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 12, 2021).15 E
(speci\214cation)102 426 Q F0(.)A F4 1.666(SPECIAL THANKS)72 450 R F0
1.6 -.8(To a)102 462 T(ll who support further de).8 E -.15(ve)-.25 G
(lopment, in particular:).15 E F4<83>122 474 Q F0(ThePhD)2.5 E F4<83>122
486 Q F0(Embark Studios)2.5 E F4<83>122 498 Q F0(Jasper Bekk)2.5 E(ers)
-.1 E F4(REPOR)72 522 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102
534 Q(.ht/~nabijaczleweli/tzpfms)-1 E F1
(~nabijaczleweli/tzpfms@lists.sr.ht)102 552 Q F0 2.5(,a)C(rchi)-2.5 E
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F4(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F4 1.666(SEE ALSO)72 576 R
(https://git.sr)102 588 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E
(4)189.295 E 0 Cg EP
%%Page: 5 5
%%BeginPageSetup
@ -469,42 +500,43 @@ BP
(zfs-tpm1x-clear-key)102 144 Q/F3 10/Courier-Oblique@0 SF(dataset)2.5 E
F1(DESCRIPTION)72 168 Q F0(After v)102 180 Q(erifying)-.15 E F3(dataset)
2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E F2(tzpfms)2.5 E
F0(back)2.5 E(end)-.1 E F1(TPM1.X)2.5 E F0(:)A 6.984
F0(back)2.5 E(end)-.1 E F1(TPM1.X)2.5 E F0(:)A 6.985
(1. performs the equi)122 192 R -.25(va)-.25 G 6.984(lent of).25 F F2
6.984(zfs change-key)9.484 F<ad6f>14.65 E/F4 10/Courier@0 SF
(keylocation=prompt)12.985 E F2<ad6f>14.651 E F4(keyformat=passphrase)
127 204 Q F3(dataset)6 E F0(,)A(2. remo)122 216 Q -.15(ve)-.15 G 2.5(st)
.15 G(he)-2.5 E F4(xyz.nabijaczleweli:tzpfms.)2.5 E F0({)A F4(backend)A
F0(,)A F4(key)6 E F0 2.5(}p)C(roperties from)-2.5 E F3(dataset)2.5 E F0
(.)A(See)102 234 Q F4(zfs-tpm1x-change-key)2.5 E F0
(keylocation=prompt)12.984 E F2<ad6f>14.65 E F4(keyformat=passphrase)127
204 Q F3(dataset)6 E F0(,)A(2. remo)122 216 Q -.15(ve)-.15 G 2.5(st).15
G(he)-2.5 E F4(xyz.nabijaczleweli:tzpfms.)2.5 E F0({)A F4(backend)A F0
(,)A F4(key)6 E F0 2.5(}p)C(roperties from)-2.5 E F3(dataset)2.5 E F0(.)
A(See)102 234 Q F4(zfs-tpm1x-change-key)2.5 E F0
(\(8\) for a detailed description.)A F1 1.666
(TPM1.X back-end con\214guration)72 258 R .625(TPM selection)84 270 R F0
(The)102 282 Q F2(tzpfms)2.768 E F0 .267(suite connects to a local)2.767
(The)102 282 Q F2(tzpfms)2.767 E F0 .267(suite connects to a local)2.767
F F4(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E
F4(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)
-2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102 294
-2.767 E 2.767(ault. Use)-.1 F .268(the en-)2.767 F(vironment v)102 294
Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0
(to specify a remote TCS hostname.)2.5 E .391(The T)102 312 R(rouSerS)
-.35 E F4(tcsd)2.891 E F0 .391(\(8\) daemon will try)B F4(/dev/tpm0)
2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.892(,t)C
(hen)-2.892 E F4(/dev/tpm)2.892 E F0 2.892(;b)C 2.892(yo)-2.892 G(ccup)
-2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 324 Q
(to specify a remote TCS hostname.)2.5 E .392(The T)102 312 R(rouSerS)
-.35 E F4(tcsd)2.892 E F0 .392(\(8\) daemon will try)B F4(/dev/tpm0)
2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.891(,t)C
(hen)-2.891 E F4(/dev/tpm)2.891 E F0 2.891(;b)C 2.891(yo)-2.891 G(ccup)
-2.891 E(ying)-.1 E(one of the earlier ones with, for e)102 324 Q
(xample, shell redirection, a later one can be selected.)-.15 E F1 .625
(See also)84 348 R F0(The T)102 360 Q(rouSerS project page at)-.35 E F1
(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102
378 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E
E(ousers)-.18 E F0(.)A 5.108(The TPM 1.2 main speci\214cation inde)102
378 R 7.609(xa)-.15 G(t)-7.609 E F1(https://trustedcomputinggr)7.609 E
(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
(speci\214cation)102 390 Q F0(.)A F1 1.666(SPECIAL THANKS)72 414 R F0
1.6 -.8(To a)102 426 T(ll who support further de).8 E -.15(ve)-.25 G
(lopment, in particular:).15 E F1<83>122 438 Q F0(ThePhD)2.5 E F1<83>122
450 Q F0(Embark Studios)2.5 E F1(REPOR)72 474 Q 1.666(TING B)-.4 F(UGS)
-.1 E(https://todo.sr)102 486 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4
(~nabijaczleweli/tzpfms@lists.sr.ht)102 504 Q F0 2.5(,a)C(rchi)-2.5 E
450 Q F0(Embark Studios)2.5 E F1<83>122 462 Q F0(Jasper Bekk)2.5 E(ers)
-.1 E F1(REPOR)72 486 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102
498 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4
(~nabijaczleweli/tzpfms@lists.sr.ht)102 516 Q F0 2.5(,a)C(rchi)-2.5 E
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 528 R
(https://git.sr)102 540 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-12)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 12, 2021).15 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 540 R
(https://git.sr)102 552 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E
(5)189.295 E 0 Cg EP
%%Page: 6 6
%%BeginPageSetup
@ -517,54 +549,90 @@ BP
(oad TPM1.X-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72
132 Q F2(zfs-tpm1x-load-key)102 144 Q F0([)3.333 E F2<ad6e>2.499 E F0(])
.833 E/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 168 Q
F0 1.155(After v)102 180 R(erifying)-.15 E F3(dataset)3.655 E F0 -.1(wa)
3.655 G 3.655(se).1 G 1.155(ncrypted with)-3.655 F F2(tzpfms)3.655 E F0
(back)3.655 E(end)-.1 E F1(TPM1.X)3.655 E F0 1.156(will unseal the k)
3.655 F 1.456 -.15(ey a)-.1 H 1.156(nd load it).15 F(into)102 192 Q F3
(dataset)2.5 E F0(.)A .694
F0 1.156(After v)102 180 R(erifying)-.15 E F3(dataset)3.656 E F0 -.1(wa)
3.656 G 3.656(se).1 G 1.156(ncrypted with)-3.656 F F2(tzpfms)3.655 E F0
(back)3.655 E(end)-.1 E F1(TPM1.X)3.655 E F0 1.155(will unseal the k)
3.655 F 1.455 -.15(ey a)-.1 H 1.155(nd load it).15 F(into)102 192 Q F3
(dataset)2.5 E F0(.)A .693
(The user is \214rst prompted for the SRK passphrase, set when taking o)
102 210 R .693(wnership, if not "well-kno)-.25 F .693(wn" \(all ze-)-.25
102 210 R .694(wnership, if not "well-kno)-.25 F .694(wn" \(all ze-)-.25
F(roes\); then for the additional passphrase, set when creating the k)
102 222 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5(fo)-2.5 G(ne w)-2.5 E(as set.)
-.1 E(See)102 240 Q/F4 10/Courier@0 SF(zfs-tpm1x-change-key)2.5 E F0
(\(8\) for a detailed description.)A F1(OPTIONS)72 264 Q F2<ad6e>103.666
276 Q F0 .178(Do a no-op/dry run, can be used e)119 288 R -.15(ve)-.25 G
2.678(ni).15 G 2.679(ft)-2.678 G .179(he k)-2.679 F .479 -.15(ey i)-.1 H
2.679(sa).15 G .179(lready loaded.)-2.679 F(Equi)5.179 E -.25(va)-.25 G
.179(lent to).25 F F2 .179(zfs load-key)2.679 F F0 -.55('s)C F2<ad6e>
4.895 E F0(option.)119 300 Q F1 1.666(TPM1.X back-end con\214guration)72
324 R .625(TPM selection)84 336 R F0(The)102 348 Q F2(tzpfms)2.768 E F0
.267(suite connects to a local)2.767 F F4(tcsd)2.767 E F0 .267
(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E F4(localhost:30003)2.767 E
F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)-2.767 E 2.767(ault. Use)-.1 F
.267(the en-)2.767 F(vironment v)102 360 Q(ariable)-.25 E F4
(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .391
(The T)102 378 R(rouSerS)-.35 E F4(tcsd)2.891 E F0 .391
(\(8\) daemon will try)B F4(/dev/tpm0)2.892 E F0 2.892(,t)C(hen)-2.892 E
F4(/udev/tpm0)2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/dev/tpm)2.892 E F0
2.892(;b)C 2.892(yo)-2.892 G(ccup)-2.892 E(ying)-.1 E
(one of the earlier ones with, for e)102 390 Q
276 Q F0 .179(Do a no-op/dry run, can be used e)119 288 R -.15(ve)-.25 G
2.679(ni).15 G 2.679(ft)-2.679 G .179(he k)-2.679 F .478 -.15(ey i)-.1 H
2.678(sa).15 G .178(lready loaded.)-2.678 F(Equi)5.178 E -.25(va)-.25 G
.178(lent to).25 F F2 .178(zfs load-key)2.678 F F0 -.55('s)C F2<ad6e>
4.894 E F0(option.)119 300 Q F1(ENVIR)72 324 Q 1.666(ONMENT V)-.3 F
(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)102 336 Q F0
(If set and nonempty)143 348 Q 2.5(,w)-.65 G(ill be run as)-2.5 E F4
(/bin/)173 360 Q F2 70.333(sh \255c)B F4("$TZPFMS_PASSPHRASE_HELPER")
74.667 E("$TZPFMS_PASSPHRASE_HELPER")173 372 Q F0(")10.715 E F3 4.715
(prepared prompt)B F0 7.215("")C F3(target)-7.215 E F0 7.215("")C([)
-7.215 E F4(new)A F0(]")A("[)173 384 Q F4(again)A F0(]")A(to pro)143 396
Q(vide a passphrase, instead of reading from the standard input.)-.15 E
.188(The standard output stream of the helper is tied to an anon)143 414
R .189(ymous \214le and used in its entirety as the)-.15 F .447
(passphrase, e)143 426 R .447(xcept for a trailing ne)-.15 F .447
(w-line, if an)-.25 F 4.246 -.65(y. T)-.15 H .446(he second ar).65 F
.446(gument contains either the dataset)-.18 F 2.14
(name or the element of the TPM hierarch)143 438 R 5.94 -.65(y. T)-.05 H
2.14(he third ar).65 F 2.14(gument is)-.18 F F4(new)4.64 E F0 2.14
(if this is for a ne)4.64 F(w)-.25 E .574(passphrase, and the fourth is)
143 450 R F4(again)3.074 E F0 .574(if it')3.074 F 3.074(st)-.55 G .574
(he second prompt for that passphrase.)-3.074 F .573(The \214rst ar)
5.573 F(gu-)-.18 E(ment already contains all of this information, as a \
pre-formatted noun phrase.)143 462 Q .181(If the helper doesn')143 480 R
2.681(te)-.18 G 1.847(xist \()-2.831 F .181(the shell e)1.666 F .181
(xits with)-.15 F F1(127)2.681 E F0 -3.151 1.666(\), a d)1.666 H .181
(iagnostic is issued and the normal prompt)-1.666 F(is used as f)143 492
Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15 G
(ther reason, the prompting is aborted.)-2.5 E(An e)143 510 Q(xample v)
-.15 E(alue w)-.25 E(ould be: ')-.1 E F2 1.666
(systemd-ask-password \255-id)B F4(=)A F0(")A F4(tzpfms:)A F3($2)A F0
2.5("")C F3($1)-2.5 E F4(:)A F0("'.)6 E F1 1.666
(TPM1.X back-end con\214guration)72 534 R .625(TPM selection)84 546 R F0
(The)102 558 Q F2(tzpfms)2.768 E F0 .267(suite connects to a local)2.767
F F4(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E
F4(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)
-2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102 570
Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0
(to specify a remote TCS hostname.)2.5 E .391(The T)102 588 R(rouSerS)
-.35 E F4(tcsd)2.891 E F0 .391(\(8\) daemon will try)B F4(/dev/tpm0)
2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.892(,t)C
(hen)-2.892 E F4(/dev/tpm)2.892 E F0 2.892(;b)C 2.892(yo)-2.892 G(ccup)
-2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 600 Q
(xample, shell redirection, a later one can be selected.)-.15 E F1 .625
(See also)84 414 R F0(The T)102 426 Q(rouSerS project page at)-.35 E F1
(See also)84 624 R F0(The T)102 636 Q(rouSerS project page at)-.35 E F1
(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102
444 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E
654 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E
(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
(speci\214cation)102 456 Q F0(.)A F1 1.666(SPECIAL THANKS)72 480 R F0
1.6 -.8(To a)102 492 T(ll who support further de).8 E -.15(ve)-.25 G
(lopment, in particular:).15 E F1<83>122 504 Q F0(ThePhD)2.5 E F1<83>122
516 Q F0(Embark Studios)2.5 E F1(REPOR)72 540 Q 1.666(TING B)-.4 F(UGS)
-.1 E(https://todo.sr)102 552 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4
(~nabijaczleweli/tzpfms@lists.sr.ht)102 570 Q F0 2.5(,a)C(rchi)-2.5 E
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 594 R
(https://git.sr)102 606 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-12)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 12, 2021).15 E
(6)189.295 E 0 Cg EP
(speci\214cation)102 666 Q F0(.)A(tzpfms 0.1-14)72 750 Q(No)138.745 E
-.15(ve)-.15 G(mber 15, 2021).15 E(6)189.295 E 0 Cg EP
%%Page: 7 7
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(ZFS-TPM1X-LO)72 48 Q -.834(AD-KEY \(8\))-.35 F
(System Manager')60.349 E 2.5(sM)-.55 G 55.349(anual ZFS-TPM1X-LO)-2.5 F
-.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF 1.666(SPECIAL THANKS)72
96 R F0 1.6 -.8(To a)102 108 T(ll who support further de).8 E -.15(ve)
-.25 G(lopment, in particular:).15 E F1<83>122 120 Q F0(ThePhD)2.5 E F1
<83>122 132 Q F0(Embark Studios)2.5 E F1<83>122 144 Q F0(Jasper Bekk)2.5
E(ers)-.1 E F1(REPOR)72 168 Q 1.666(TING B)-.4 F(UGS)-.1 E
(https://todo.sr)102 180 Q(.ht/~nabijaczleweli/tzpfms)-1 E/F2 10
/Courier@0 SF(~nabijaczleweli/tzpfms@lists.sr.ht)102 198 Q F0 2.5(,a)C
(rchi)-2.5 E -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)
2.5 E(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 222 R
(https://git.sr)102 234 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E
(7)189.295 E 0 Cg EP
%%Page: 8 8
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R
(System Manager')53.329 E 2.5(sM)-.55 G 48.329
(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF
@ -650,50 +718,79 @@ F(This)5.505 E(back-up)191 630 Q F4(must)3.181 E F0 .681
(-site. In).25 F .682(case of a catastrophic e)3.181 F -.15(ve)-.25 G
.682(nt, the k).15 F .982 -.15(ey c)-.1 H(an).15 E(be loaded by running)
191 642 Q F2(zfs load-key)221 654 Q F3(dataset)6 E F5(<)6 E F3
(backup-file)6 E F1 1.666(TPM2 back-end con\214guration)72 678 R F0
(tzpfms 0.1-12)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 12, 2021).15 E
(7)189.295 E 0 Cg EP
%%Page: 8 8
(backup-file)6 E F1(ENVIR)72 678 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E
F0(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15
E(8)189.295 E 0 Cg EP
%%Page: 9 9
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R
(System Manager')53.329 E 2.5(sM)-.55 G 48.329
(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF
(En)84 96 Q(vir)-.4 E .625(onment v)-.18 F(ariables)-.1 E/F2 10
/Courier@0 SF(TSS2_LOG)102 108 Q F0(An)155 108 Q 2.5(yo)-.15 G(f:)-2.5 E
F1(NONE)2.5 E F0(,)A F1(ERR)2.5 E(OR)-.3 E F0(,)A F1 -1.2(WA)2.5 G
(RNING)1.2 E F0(,)A F1(INFO)2.5 E F0(,)A F1(DEB)2.5 E(UG)-.1 E F0(,)A F1
(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E F1 -1.2(WA)2.5 G
(RNING)1.2 E F0(.)A F1 .625(TPM selection)84 132 R F0 .517(The library)
102 144 R/F3 10/Courier-Bold@0 SF(libtss2-tcti-default.so)3.017 E F0
.517(can be link)3.017 F .516(ed to an)-.1 F 3.016(yo)-.15 G 3.016(ft)
-3.016 G(he)-3.016 E F2(libtss2-tcti-)3.016 E/F4 10/Symbol SF(*)A F2
(.so)A F0(libraries)3.016 E .575(to select the def)102 156 R .576
(ault, otherwise)-.1 F F2(/dev/tpmrm0)3.076 E F0 3.076(,t)C(hen)-3.076 E
F2(/dev/tpm0)3.076 E F0 3.076(,t)C(hen)-3.076 E F2(localhost:2321)3.076
E F0 .576(will be tried,)3.076 F(in order)102 168 Q 1.666(\(s)4.166 G
(ee)-1.666 E F2(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F1 .625
(See also)84 192 R F0 3.488(The tpm2-tss git repository at)102 204 R F1
(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Courier@0 SF
(TZPFMS_PASSPHRASE_HELPER)102 96 Q F0(If set and nonempty)143 108 Q 2.5
(,w)-.65 G(ill be run as)-2.5 E F1(/bin/)173 120 Q/F2 10/Courier-Bold@0
SF 70.333(sh \255c)B F1("$TZPFMS_PASSPHRASE_HELPER")74.667 E
("$TZPFMS_PASSPHRASE_HELPER")173 132 Q F0(")10.715 E/F3 10
/Courier-Oblique@0 SF 4.715(prepared prompt)B F0 7.215("")C F3(target)
-7.215 E F0 7.215("")C([)-7.215 E F1(new)A F0(]")A("[)173 144 Q F1
(again)A F0(]")A(to pro)143 156 Q
(vide a passphrase, instead of reading from the standard input.)-.15 E
.189(The standard output stream of the helper is tied to an anon)143 174
R .188(ymous \214le and used in its entirety as the)-.15 F .446
(passphrase, e)143 186 R .446(xcept for a trailing ne)-.15 F .446
(w-line, if an)-.25 F 4.246 -.65(y. T)-.15 H .447(he second ar).65 F
.447(gument contains either the dataset)-.18 F 2.14
(name or the element of the TPM hierarch)143 198 R 5.94 -.65(y. T)-.05 H
2.14(he third ar).65 F 2.14(gument is)-.18 F F1(new)4.64 E F0 2.14
(if this is for a ne)4.64 F(w)-.25 E .573(passphrase, and the fourth is)
143 210 R F1(again)3.074 E F0 .574(if it')3.074 F 3.074(st)-.55 G .574
(he second prompt for that passphrase.)-3.074 F .574(The \214rst ar)
5.574 F(gu-)-.18 E(ment already contains all of this information, as a \
pre-formatted noun phrase.)143 222 Q .181(If the helper doesn')143 240 R
2.681(te)-.18 G 1.847(xist \()-2.831 F .181(the shell e)1.666 F .181
(xits with)-.15 F/F4 10/Times-Bold@0 SF(127)2.681 E F0 -3.151 1.666
(\), a d)1.666 H .181(iagnostic is issued and the normal prompt)-1.666 F
(is used as f)143 252 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)
-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)-2.5 E(An e)
143 270 Q(xample v)-.15 E(alue w)-.25 E(ould be: ')-.1 E F2 1.666
(systemd-ask-password \255-id)B F1(=)A F0(")A F1(tzpfms:)A F3($2)A F0
2.5("")C F3($1)-2.5 E F1(:)A F0("'.)6 E F4 1.666
(TPM2 back-end con\214guration)72 294 R(En)84 306 Q(vir)-.4 E .625
(onment v)-.18 F(ariables)-.1 E F1(TSS2_LOG)102 318 Q F0(An)155 318 Q
2.5(yo)-.15 G(f:)-2.5 E F4(NONE)2.5 E F0(,)A F4(ERR)2.5 E(OR)-.3 E F0(,)
A F4 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F4(INFO)2.5 E F0(,)A F4(DEB)2.5 E
(UG)-.1 E F0(,)A F4(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E F4
-1.2(WA)2.5 G(RNING)1.2 E F0(.)A F4 .625(TPM selection)84 342 R F0 .516
(The library)102 354 R F2(libtss2-tcti-default.so)3.016 E F0 .516
(can be link)3.016 F .516(ed to an)-.1 F 3.017(yo)-.15 G 3.017(ft)-3.017
G(he)-3.017 E F1(libtss2-tcti-)3.017 E/F5 10/Symbol SF(*)A F1(.so)A F0
(libraries)3.017 E .576(to select the def)102 366 R .576
(ault, otherwise)-.1 F F1(/dev/tpmrm0)3.076 E F0 3.076(,t)C(hen)-3.076 E
F1(/dev/tpm0)3.076 E F0 3.076(,t)C(hen)-3.076 E F1(localhost:2321)3.076
E F0 .575(will be tried,)3.076 F(in order)102 378 Q 1.666(\(s)4.166 G
(ee)-1.666 E F1(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F4 .625
(See also)84 402 R F0 3.487(The tpm2-tss git repository at)102 414 R F4
(https://github)5.988 E(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0
3.487(and the documentation at)5.988 F F1(https://tpm2-tss.r)102 216 Q
3.488(and the documentation at)5.988 F F4(https://tpm2-tss.r)102 426 Q
(eadthedocs.io)-.18 E F0(.)A 3.092
(The TPM 2.0 speci\214cations, mainly at)102 234 R F1
(https://trustedcomputinggr)5.592 E(oup.or)-.18 E
(g/wp-content/uploads/TPM-)-.1 E(Re)102 246 Q(v-2.0-P)-.15 E(art-1-Ar)
-.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0(and related pages.)2.5 E F1
1.666(SPECIAL THANKS)72 270 R F0 1.6 -.8(To a)102 282 T
(The TPM 2.0 speci\214cations, mainly at)102 444 R F4
(https://trustedcomputinggr)5.591 E(oup.or)-.18 E
(g/wp-content/uploads/TPM-)-.1 E(Re)102 456 Q(v-2.0-P)-.15 E(art-1-Ar)
-.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0(and related pages.)2.5 E F4
1.666(SPECIAL THANKS)72 480 R F0 1.6 -.8(To a)102 492 T
(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
.15 E F1<83>122 294 Q F0(ThePhD)2.5 E F1<83>122 306 Q F0(Embark Studios)
2.5 E F1(REPOR)72 330 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102
342 Q(.ht/~nabijaczleweli/tzpfms)-1 E F2
(~nabijaczleweli/tzpfms@lists.sr.ht)102 360 Q F0 2.5(,a)C(rchi)-2.5 E
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 384 R F2
(tpm2_unseal)102 396 Q F0(\(1\))A F1(https://git.sr)102 414 Q
(.ht/~nabijaczleweli/tzpfms)-1 E F0(tzpfms 0.1-12)72 750 Q(No)138.745 E
-.15(ve)-.15 G(mber 12, 2021).15 E(8)189.295 E 0 Cg EP
%%Page: 9 9
.15 E F4<83>122 504 Q F0(ThePhD)2.5 E F4<83>122 516 Q F0(Embark Studios)
2.5 E F4<83>122 528 Q F0(Jasper Bekk)2.5 E(ers)-.1 E F4(REPOR)72 552 Q
1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 564 Q
(.ht/~nabijaczleweli/tzpfms)-1 E F1(~nabijaczleweli/tzpfms@lists.sr.ht)
102 582 Q F0 2.5(,a)C(rchi)-2.5 E -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E
F4(https://lists.sr)2.5 E(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F4
1.666(SEE ALSO)72 606 R F1(tpm2_unseal)102 618 Q F0(\(1\))A F4
(https://git.sr)102 636 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E
(9)189.295 E 0 Cg EP
%%Page: 10 10
%%BeginPageSetup
BP
%%EndPageSetup
@ -706,50 +803,87 @@ BP
132 Q F2(zfs-tpm2-clear-key)102 144 Q/F3 10/Courier-Oblique@0 SF
(dataset)2.5 E F1(DESCRIPTION)72 168 Q F0(After v)102 180 Q(erifying)
-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E
F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM2)2.5 E F0(:)A 6.985
F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM2)2.5 E F0(:)A 6.984
(1. performs the equi)122 192 R -.25(va)-.25 G 6.984(lent of).25 F F2
6.984(zfs change-key)9.484 F<ad6f>14.65 E/F4 10/Courier@0 SF
(keylocation=prompt)12.984 E F2<ad6f>14.65 E F4(keyformat=passphrase)127
204 Q F3(dataset)6 E F0(,)A(2. frees the sealed k)122 216 Q .3 -.15
(keylocation=prompt)12.985 E F2<ad6f>14.651 E F4(keyformat=passphrase)
127 204 Q F3(dataset)6 E F0(,)A(2. frees the sealed k)122 216 Q .3 -.15
(ey p)-.1 H(re).15 E(viously used to encrypt)-.25 E F3(dataset)2.5 E F0
(,)A(3. remo)122 228 Q -.15(ve)-.15 G 2.5(st).15 G(he)-2.5 E F4
(xyz.nabijaczleweli:tzpfms.)2.5 E F0({)A F4(backend)A F0(,)A F4(key)6 E
F0 2.5(}p)C(roperties from)-2.5 E F3(dataset)2.5 E F0(.)A(See)102 246 Q
F4(zfs-tpm2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1
1.666(TPM2 back-end con\214guration)72 270 R(En)84 282 Q(vir)-.4 E .625
(onment v)-.18 F(ariables)-.1 E F4(TSS2_LOG)102 294 Q F0(An)155 294 Q
(ENVIR)72 270 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F4
(TZPFMS_PASSPHRASE_HELPER)102 282 Q F0(If set and nonempty)143 294 Q 2.5
(,w)-.65 G(ill be run as)-2.5 E F4(/bin/)173 306 Q F2 70.333(sh \255c)B
F4("$TZPFMS_PASSPHRASE_HELPER")74.667 E("$TZPFMS_PASSPHRASE_HELPER")173
318 Q F0(")10.715 E F3 4.715(prepared prompt)B F0 7.215("")C F3(target)
-7.215 E F0 7.215("")C([)-7.215 E F4(new)A F0(]")A("[)173 330 Q F4
(again)A F0(]")A(to pro)143 342 Q
(vide a passphrase, instead of reading from the standard input.)-.15 E
.189(The standard output stream of the helper is tied to an anon)143 360
R .188(ymous \214le and used in its entirety as the)-.15 F .446
(passphrase, e)143 372 R .446(xcept for a trailing ne)-.15 F .446
(w-line, if an)-.25 F 4.246 -.65(y. T)-.15 H .447(he second ar).65 F
.447(gument contains either the dataset)-.18 F 2.14
(name or the element of the TPM hierarch)143 384 R 5.94 -.65(y. T)-.05 H
2.14(he third ar).65 F 2.14(gument is)-.18 F F4(new)4.64 E F0 2.14
(if this is for a ne)4.64 F(w)-.25 E .573(passphrase, and the fourth is)
143 396 R F4(again)3.074 E F0 .574(if it')3.074 F 3.074(st)-.55 G .574
(he second prompt for that passphrase.)-3.074 F .574(The \214rst ar)
5.574 F(gu-)-.18 E(ment already contains all of this information, as a \
pre-formatted noun phrase.)143 408 Q .181(If the helper doesn')143 426 R
2.681(te)-.18 G 1.847(xist \()-2.831 F .181(the shell e)1.666 F .181
(xits with)-.15 F F1(127)2.681 E F0 -3.151 1.666(\), a d)1.666 H .181
(iagnostic is issued and the normal prompt)-1.666 F(is used as f)143 438
Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15 G
(ther reason, the prompting is aborted.)-2.5 E(An e)143 456 Q(xample v)
-.15 E(alue w)-.25 E(ould be: ')-.1 E F2 1.666
(systemd-ask-password \255-id)B F4(=)A F0(")A F4(tzpfms:)A F3($2)A F0
2.5("")C F3($1)-2.5 E F4(:)A F0("'.)6 E F1 1.666
(TPM2 back-end con\214guration)72 480 R(En)84 492 Q(vir)-.4 E .625
(onment v)-.18 F(ariables)-.1 E F4(TSS2_LOG)102 504 Q F0(An)155 504 Q
2.5(yo)-.15 G(f:)-2.5 E F1(NONE)2.5 E F0(,)A F1(ERR)2.5 E(OR)-.3 E F0(,)
A F1 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F1(INFO)2.5 E F0(,)A F1(DEB)2.5 E
(UG)-.1 E F0(,)A F1(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E F1
-1.2(WA)2.5 G(RNING)1.2 E F0(.)A F1 .625(TPM selection)84 318 R F0 .516
(The library)102 330 R F2(libtss2-tcti-default.so)3.016 E F0 .516
-1.2(WA)2.5 G(RNING)1.2 E F0(.)A F1 .625(TPM selection)84 528 R F0 .516
(The library)102 540 R F2(libtss2-tcti-default.so)3.016 E F0 .516
(can be link)3.016 F .516(ed to an)-.1 F 3.017(yo)-.15 G 3.017(ft)-3.017
G(he)-3.017 E F4(libtss2-tcti-)3.017 E/F5 10/Symbol SF(*)A F4(.so)A F0
(libraries)3.017 E .576(to select the def)102 342 R .576
(libraries)3.017 E .576(to select the def)102 552 R .576
(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.076 E F0 3.076(,t)C(hen)-3.076 E
F4(/dev/tpm0)3.076 E F0 3.076(,t)C(hen)-3.076 E F4(localhost:2321)3.076
E F0 .575(will be tried,)3.076 F(in order)102 354 Q 1.666(\(s)4.166 G
E F0 .575(will be tried,)3.076 F(in order)102 564 Q 1.666(\(s)4.166 G
(ee)-1.666 E F4(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F1 .625
(See also)84 378 R F0 3.487(The tpm2-tss git repository at)102 390 R F1
(See also)84 588 R F0 3.487(The tpm2-tss git repository at)102 600 R F1
(https://github)5.988 E(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0
3.488(and the documentation at)5.988 F F1(https://tpm2-tss.r)102 402 Q
3.488(and the documentation at)5.988 F F1(https://tpm2-tss.r)102 612 Q
(eadthedocs.io)-.18 E F0(.)A 3.092
(The TPM 2.0 speci\214cations, mainly at)102 420 R F1
(The TPM 2.0 speci\214cations, mainly at)102 630 R F1
(https://trustedcomputinggr)5.591 E(oup.or)-.18 E
(g/wp-content/uploads/TPM-)-.1 E(Re)102 432 Q(v-2.0-P)-.15 E(art-1-Ar)
(g/wp-content/uploads/TPM-)-.1 E(Re)102 642 Q(v-2.0-P)-.15 E(art-1-Ar)
-.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0(and related pages.)2.5 E F1
1.666(SPECIAL THANKS)72 456 R F0 1.6 -.8(To a)102 468 T
1.666(SPECIAL THANKS)72 666 R F0 1.6 -.8(To a)102 678 T
(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
.15 E F1<83>122 480 Q F0(ThePhD)2.5 E F1<83>122 492 Q F0(Embark Studios)
2.5 E F1(REPOR)72 516 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102
528 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4
(~nabijaczleweli/tzpfms@lists.sr.ht)102 546 Q F0 2.5(,a)C(rchi)-2.5 E
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 570 R
(https://git.sr)102 582 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-12)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 12, 2021).15 E
(9)189.295 E 0 Cg EP
%%Page: 10 10
.15 E(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021)
.15 E(10)184.295 E 0 Cg EP
%%Page: 11 11
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CLEAR-KEY \(8\))72 48 R
(System Manager')62.209 E 2.5(sM)-.55 G 57.209(anual ZFS-TPM2-CLEAR-KEY)
-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF<83>122 96 Q F0(ThePhD)2.5 E
F1<83>122 108 Q F0(Embark Studios)2.5 E F1<83>122 120 Q F0(Jasper Bekk)
2.5 E(ers)-.1 E F1(REPOR)72 144 Q 1.666(TING B)-.4 F(UGS)-.1 E
(https://todo.sr)102 156 Q(.ht/~nabijaczleweli/tzpfms)-1 E/F2 10
/Courier@0 SF(~nabijaczleweli/tzpfms@lists.sr.ht)102 174 Q F0 2.5(,a)C
(rchi)-2.5 E -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)
2.5 E(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 198 R
(https://git.sr)102 210 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E
(11)184.295 E 0 Cg EP
%%Page: 12 12
%%BeginPageSetup
BP
%%EndPageSetup
@ -773,35 +907,71 @@ assphrase, set when creating the k)102 210 Q -.15(ey)-.1 G 2.5(,i)-.5 G
G 2.679(ft)-2.679 G .179(he k)-2.679 F .478 -.15(ey i)-.1 H 2.678(sa).15
G .178(lready loaded.)-2.678 F(Equi)5.178 E -.25(va)-.25 G .178(lent to)
.25 F F2 .178(zfs load-key)2.678 F F0 -.55('s)C F2<ad6e>4.894 E F0
(option.)119 288 Q F1 1.666(TPM1.X back-end con\214guration)72 312 R
.625(TPM selection)84 324 R F0(The)102 336 Q F2(tzpfms)2.767 E F0 .267
(suite connects to a local)2.767 F F4(tcsd)2.767 E F0 .267
(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E F4(localhost:30003)2.767 E
F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)-2.767 E 2.767(ault. Use)-.1 F
.268(the en-)2.767 F(vironment v)102 348 Q(ariable)-.25 E F4
(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .392
(The T)102 366 R(rouSerS)-.35 E F4(tcsd)2.892 E F0 .392
(\(8\) daemon will try)B F4(/dev/tpm0)2.892 E F0 2.892(,t)C(hen)-2.892 E
F4(/udev/tpm0)2.892 E F0 2.891(,t)C(hen)-2.891 E F4(/dev/tpm)2.891 E F0
2.891(;b)C 2.891(yo)-2.891 G(ccup)-2.891 E(ying)-.1 E
(one of the earlier ones with, for e)102 378 Q
(option.)119 288 Q F1(ENVIR)72 312 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35
E F4(TZPFMS_PASSPHRASE_HELPER)102 324 Q F0(If set and nonempty)143 336 Q
2.5(,w)-.65 G(ill be run as)-2.5 E F4(/bin/)173 348 Q F2 70.333
(sh \255c)B F4("$TZPFMS_PASSPHRASE_HELPER")74.667 E
("$TZPFMS_PASSPHRASE_HELPER")173 360 Q F0(")10.715 E F3 4.715
(prepared prompt)B F0 7.215("")C F3(target)-7.215 E F0 7.215("")C([)
-7.215 E F4(new)A F0(]")A("[)173 372 Q F4(again)A F0(]")A(to pro)143 384
Q(vide a passphrase, instead of reading from the standard input.)-.15 E
.188(The standard output stream of the helper is tied to an anon)143 402
R .189(ymous \214le and used in its entirety as the)-.15 F .447
(passphrase, e)143 414 R .447(xcept for a trailing ne)-.15 F .447
(w-line, if an)-.25 F 4.246 -.65(y. T)-.15 H .446(he second ar).65 F
.446(gument contains either the dataset)-.18 F 2.14
(name or the element of the TPM hierarch)143 426 R 5.94 -.65(y. T)-.05 H
2.14(he third ar).65 F 2.14(gument is)-.18 F F4(new)4.64 E F0 2.14
(if this is for a ne)4.64 F(w)-.25 E .574(passphrase, and the fourth is)
143 438 R F4(again)3.074 E F0 .574(if it')3.074 F 3.074(st)-.55 G .574
(he second prompt for that passphrase.)-3.074 F .573(The \214rst ar)
5.573 F(gu-)-.18 E(ment already contains all of this information, as a \
pre-formatted noun phrase.)143 450 Q .181(If the helper doesn')143 468 R
2.681(te)-.18 G 1.847(xist \()-2.831 F .181(the shell e)1.666 F .181
(xits with)-.15 F F1(127)2.681 E F0 -3.151 1.666(\), a d)1.666 H .181
(iagnostic is issued and the normal prompt)-1.666 F(is used as f)143 480
Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15 G
(ther reason, the prompting is aborted.)-2.5 E(An e)143 498 Q(xample v)
-.15 E(alue w)-.25 E(ould be: ')-.1 E F2 1.666
(systemd-ask-password \255-id)B F4(=)A F0(")A F4(tzpfms:)A F3($2)A F0
2.5("")C F3($1)-2.5 E F4(:)A F0("'.)6 E F1 1.666
(TPM1.X back-end con\214guration)72 522 R .625(TPM selection)84 534 R F0
(The)102 546 Q F2(tzpfms)2.768 E F0 .267(suite connects to a local)2.767
F F4(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E
F4(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)
-2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102 558
Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0
(to specify a remote TCS hostname.)2.5 E .391(The T)102 576 R(rouSerS)
-.35 E F4(tcsd)2.891 E F0 .391(\(8\) daemon will try)B F4(/dev/tpm0)
2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.892(,t)C
(hen)-2.892 E F4(/dev/tpm)2.892 E F0 2.892(;b)C 2.892(yo)-2.892 G(ccup)
-2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 588 Q
(xample, shell redirection, a later one can be selected.)-.15 E F1 .625
(See also)84 402 R F0(The T)102 414 Q(rouSerS project page at)-.35 E F1
(See also)84 612 R F0(The T)102 624 Q(rouSerS project page at)-.35 E F1
(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
E(ousers)-.18 E F0(.)A 5.108(The TPM 1.2 main speci\214cation inde)102
432 R 7.609(xa)-.15 G(t)-7.609 E F1(https://trustedcomputinggr)7.609 E
E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102
642 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E
(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
(speci\214cation)102 444 Q F0(.)A F1 1.666(SPECIAL THANKS)72 468 R F0
1.6 -.8(To a)102 480 T(ll who support further de).8 E -.15(ve)-.25 G
(lopment, in particular:).15 E F1<83>122 492 Q F0(ThePhD)2.5 E F1<83>122
504 Q F0(Embark Studios)2.5 E F1(REPOR)72 528 Q 1.666(TING B)-.4 F(UGS)
-.1 E(https://todo.sr)102 540 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4
(~nabijaczleweli/tzpfms@lists.sr.ht)102 558 Q F0 2.5(,a)C(rchi)-2.5 E
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 582 R
(https://git.sr)102 594 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-12)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 12, 2021).15 E
(10)184.295 E 0 Cg EP
(speci\214cation)102 654 Q F0(.)A F1 1.666(SPECIAL THANKS)72 678 R F0
1.6 -.8(To a)102 690 T(ll who support further de).8 E -.15(ve)-.25 G
(lopment, in particular:).15 E(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15
(ve)-.15 G(mber 15, 2021).15 E(12)184.295 E 0 Cg EP
%%Page: 13 13
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(ZFS-TPM2-LO)72 48 Q -.834(AD-KEY \(8\))-.35 F
(System Manager')67.569 E 2.5(sM)-.55 G 62.569(anual ZFS-TPM2-LO)-2.5 F
-.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF<83>122 96 Q F0(ThePhD)
2.5 E F1<83>122 108 Q F0(Embark Studios)2.5 E F1<83>122 120 Q F0
(Jasper Bekk)2.5 E(ers)-.1 E F1(REPOR)72 144 Q 1.666(TING B)-.4 F(UGS)
-.1 E(https://todo.sr)102 156 Q(.ht/~nabijaczleweli/tzpfms)-1 E/F2 10
/Courier@0 SF(~nabijaczleweli/tzpfms@lists.sr.ht)102 174 Q F0 2.5(,a)C
(rchi)-2.5 E -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)
2.5 E(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 198 R
(https://git.sr)102 210 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E
(13)184.295 E 0 Cg EP
%%Trailer
end
%%EOF

6
zfs-tpm-list.8
View File

@ -1,9 +1,9 @@
.\" SPDX-License-Identifier: MIT
.
.Dd November 12, 2021
.Dd November 15, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM-LIST 8
.Os tzpfms 0.1-12
.Os tzpfms 0.1-14
.
.Sh NAME
.Nm zfs-tpm-list
@ -122,6 +122,8 @@ To all who support further development, in particular:
ThePhD
.It
Embark Studios
.It
Jasper Bekkers
.El
.
.Sh REPORTING BUGS

5
zfs-tpm-list.8.html
View File

@ -150,6 +150,7 @@ owo/enc TPM1.X available yes</div>
<ul class="Bl-bullet Bd-indent Bl-compact">
<li>ThePhD</li>
<li>Embark Studios</li>
<li>Jasper Bekkers</li>
</ul>
</section>
<section class="Sh">
@ -168,8 +169,8 @@ owo/enc TPM1.X available yes</div>
</div>
<table class="foot">
<tr>
<td class="foot-date">November 12, 2021</td>
<td class="foot-os">tzpfms 0.1-12</td>
<td class="foot-date">November 15, 2021</td>
<td class="foot-os">tzpfms 0.1-14</td>
</tr>
</table>
</body>

33
zfs-tpm1x-change-key.8
View File

@ -1,9 +1,9 @@
.\" SPDX-License-Identifier: MIT
.
.Dd November 12, 2021
.Dd November 15, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM1X-CHANGE-KEY 8
.Os tzpfms 0.1-12
.Os tzpfms 0.1-14
.
.Sh NAME
.Nm zfs-tpm1x-change-key
@ -104,6 +104,33 @@ In case of a catastrophic event, the key can be loaded by running
.
.\" SPDX-License-Identifier: MIT
.
.Sh ENVIRONMENT VARIABLES
.Bl -tag -compact -width "TZPFMS"
.It Ev TZPFMS_PASSPHRASE_HELPER
If set and nonempty, will be run as
.Dl Pa /bin/ Ns Nm sh Fl c Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc
to provide a passphrase, instead of reading from the standard input.
.Pp
The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
The second argument contains either the dataset name or the element of the TPM hierarchy.
The third argument is
.Li new
if this is for a new passphrase, and the fourth is
.Li again
if it's the second prompt for that passphrase.
The first argument already contains all of this information, as a pre-formatted noun phrase.
.Pp
If the helper doesn't exist
.Pq the shell exits with Sy 127 ,
a diagnostic is issued and the normal prompt is used as fall-back.
If it fails for any other reason, the prompting is aborted.
.Pp
An example value would be:
.No ' Ns Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' .
.El
.
.\" SPDX-License-Identifier: MIT
.
.Sh TPM1.X back-end configuration
.Ss TPM selection
The
@ -143,6 +170,8 @@ To all who support further development, in particular:
ThePhD
.It
Embark Studios
.It
Jasper Bekkers
.El
.
.Sh REPORTING BUGS

40
zfs-tpm1x-change-key.8.html
View File

@ -114,6 +114,41 @@
</dl>
</section>
<section class="Sh">
<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
VARIABLES</a></h1>
<dl class="Bl-tag Bl-compact">
<dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
<dd>If set and nonempty, will be run as
<div class="Bd
Bd-indent"><code class="Li"><span class="Pa">/bin/</span><code class="Nm">sh</code>
<code class="Fl">-c</code>
<code class="Li">&quot;$TZPFMS_PASSPHRASE_HELPER&quot;
&quot;$TZPFMS_PASSPHRASE_HELPER&quot;</code>
&quot;<var class="Ar">prepared prompt</var>&quot;
&quot;<var class="Ar">target</var>&quot;
&quot;[<code class="Li">new</code>]&quot;
&quot;[<code class="Li">again</code>]&quot;</code></div>
to provide a passphrase, instead of reading from the standard input.
<p class="Pp">The standard output stream of the helper is tied to an
anonymous file and used in its entirety as the passphrase, except for a
trailing new-line, if any. The second argument contains either the
dataset name or the element of the TPM hierarchy. The third argument is
<code class="Li">new</code> if this is for a new passphrase, and the
fourth is <code class="Li">again</code> if it's the second prompt for
that passphrase. The first argument already contains all of this
information, as a pre-formatted noun phrase.</p>
<p class="Pp" id="127">If the helper doesn't exist (the shell exits with
<a class="permalink" href="#127"><b class="Sy">127</b></a>), a
diagnostic is issued and the normal prompt is used as fall-back. If it
fails for any other reason, the prompting is aborted.</p>
<p class="Pp">An example value would be:
<span class="No">'</span><code class="Nm">systemd-ask-password</code>
<code class="Fl">--id</code><code class="Li">=</code>&quot;<code class="Li">tzpfms:</code><var class="Ar">$2</var>&quot;
&quot;<var class="Ar">$1</var><code class="Li">: </code>&quot;'.</p>
</dd>
</dl>
</section>
<section class="Sh">
<h1 class="Sh" id="TPM1.X_back-end_configuration"><a class="permalink" href="#TPM1.X_back-end_configuration">TPM1.X
back-end configuration</a></h1>
<section class="Ss">
@ -147,6 +182,7 @@
<ul class="Bl-bullet Bd-indent Bl-compact">
<li>ThePhD</li>
<li>Embark Studios</li>
<li>Jasper Bekkers</li>
</ul>
</section>
<section class="Sh">
@ -165,8 +201,8 @@
</div>
<table class="foot">
<tr>
<td class="foot-date">November 12, 2021</td>
<td class="foot-os">tzpfms 0.1-12</td>
<td class="foot-date">November 15, 2021</td>
<td class="foot-os">tzpfms 0.1-14</td>
</tr>
</table>
</body>

6
zfs-tpm1x-clear-key.8
View File

@ -1,9 +1,9 @@
.\" SPDX-License-Identifier: MIT
.
.Dd November 12, 2021
.Dd November 15, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM1X-CLEAR-KEY 8
.Os tzpfms 0.1-12
.Os tzpfms 0.1-14
.
.Sh NAME
.Nm zfs-tpm1x-clear-key
@ -75,6 +75,8 @@ To all who support further development, in particular:
ThePhD
.It
Embark Studios
.It
Jasper Bekkers
.El
.
.Sh REPORTING BUGS

5
zfs-tpm1x-clear-key.8.html
View File

@ -87,6 +87,7 @@
<ul class="Bl-bullet Bd-indent Bl-compact">
<li>ThePhD</li>
<li>Embark Studios</li>
<li>Jasper Bekkers</li>
</ul>
</section>
<section class="Sh">
@ -105,8 +106,8 @@
</div>
<table class="foot">
<tr>
<td class="foot-date">November 12, 2021</td>
<td class="foot-os">tzpfms 0.1-12</td>
<td class="foot-date">November 15, 2021</td>
<td class="foot-os">tzpfms 0.1-14</td>
</tr>
</table>
</body>

33
zfs-tpm1x-load-key.8
View File

@ -1,9 +1,9 @@
.\" SPDX-License-Identifier: MIT
.
.Dd November 12, 2021
.Dd November 15, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM1X-LOAD-KEY 8
.Os tzpfms 0.1-12
.Os tzpfms 0.1-14
.
.Sh NAME
.Nm zfs-tpm1x-load-key
@ -42,6 +42,33 @@ option.
.
.\" SPDX-License-Identifier: MIT
.
.Sh ENVIRONMENT VARIABLES
.Bl -tag -compact -width "TZPFMS"
.It Ev TZPFMS_PASSPHRASE_HELPER
If set and nonempty, will be run as
.Dl Pa /bin/ Ns Nm sh Fl c Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc
to provide a passphrase, instead of reading from the standard input.
.Pp
The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
The second argument contains either the dataset name or the element of the TPM hierarchy.
The third argument is
.Li new
if this is for a new passphrase, and the fourth is
.Li again
if it's the second prompt for that passphrase.
The first argument already contains all of this information, as a pre-formatted noun phrase.
.Pp
If the helper doesn't exist
.Pq the shell exits with Sy 127 ,
a diagnostic is issued and the normal prompt is used as fall-back.
If it fails for any other reason, the prompting is aborted.
.Pp
An example value would be:
.No ' Ns Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' .
.El
.
.\" SPDX-License-Identifier: MIT
.
.Sh TPM1.X back-end configuration
.Ss TPM selection
The
@ -81,6 +108,8 @@ To all who support further development, in particular:
ThePhD
.It
Embark Studios
.It
Jasper Bekkers
.El
.
.Sh REPORTING BUGS

40
zfs-tpm1x-load-key.8.html
View File

@ -55,6 +55,41 @@
</dl>
</section>
<section class="Sh">
<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
VARIABLES</a></h1>
<dl class="Bl-tag Bl-compact">
<dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
<dd>If set and nonempty, will be run as
<div class="Bd
Bd-indent"><code class="Li"><span class="Pa">/bin/</span><code class="Nm">sh</code>
<code class="Fl">-c</code>
<code class="Li">&quot;$TZPFMS_PASSPHRASE_HELPER&quot;
&quot;$TZPFMS_PASSPHRASE_HELPER&quot;</code>
&quot;<var class="Ar">prepared prompt</var>&quot;
&quot;<var class="Ar">target</var>&quot;
&quot;[<code class="Li">new</code>]&quot;
&quot;[<code class="Li">again</code>]&quot;</code></div>
to provide a passphrase, instead of reading from the standard input.
<p class="Pp">The standard output stream of the helper is tied to an
anonymous file and used in its entirety as the passphrase, except for a
trailing new-line, if any. The second argument contains either the
dataset name or the element of the TPM hierarchy. The third argument is
<code class="Li">new</code> if this is for a new passphrase, and the
fourth is <code class="Li">again</code> if it's the second prompt for
that passphrase. The first argument already contains all of this
information, as a pre-formatted noun phrase.</p>
<p class="Pp" id="127">If the helper doesn't exist (the shell exits with
<a class="permalink" href="#127"><b class="Sy">127</b></a>), a
diagnostic is issued and the normal prompt is used as fall-back. If it
fails for any other reason, the prompting is aborted.</p>
<p class="Pp">An example value would be:
<span class="No">'</span><code class="Nm">systemd-ask-password</code>
<code class="Fl">--id</code><code class="Li">=</code>&quot;<code class="Li">tzpfms:</code><var class="Ar">$2</var>&quot;
&quot;<var class="Ar">$1</var><code class="Li">: </code>&quot;'.</p>
</dd>
</dl>
</section>
<section class="Sh">
<h1 class="Sh" id="TPM1.X_back-end_configuration"><a class="permalink" href="#TPM1.X_back-end_configuration">TPM1.X
back-end configuration</a></h1>
<section class="Ss">
@ -88,6 +123,7 @@
<ul class="Bl-bullet Bd-indent Bl-compact">
<li>ThePhD</li>
<li>Embark Studios</li>
<li>Jasper Bekkers</li>
</ul>
</section>
<section class="Sh">
@ -106,8 +142,8 @@
</div>
<table class="foot">
<tr>
<td class="foot-date">November 12, 2021</td>
<td class="foot-os">tzpfms 0.1-12</td>
<td class="foot-date">November 15, 2021</td>
<td class="foot-os">tzpfms 0.1-14</td>
</tr>
</table>
</body>

33
zfs-tpm2-change-key.8
View File

@ -1,9 +1,9 @@
.\" SPDX-License-Identifier: MIT
.
.Dd November 12, 2021
.Dd November 15, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM2-CHANGE-KEY 8
.Os tzpfms 0.1-12
.Os tzpfms 0.1-14
.
.Sh NAME
.Nm zfs-tpm2-change-key
@ -101,6 +101,33 @@ In case of a catastrophic event, the key can be loaded by running
.
.\" SPDX-License-Identifier: MIT
.
.Sh ENVIRONMENT VARIABLES
.Bl -tag -compact -width "TZPFMS"
.It Ev TZPFMS_PASSPHRASE_HELPER
If set and nonempty, will be run as
.Dl Pa /bin/ Ns Nm sh Fl c Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc
to provide a passphrase, instead of reading from the standard input.
.Pp
The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
The second argument contains either the dataset name or the element of the TPM hierarchy.
The third argument is
.Li new
if this is for a new passphrase, and the fourth is
.Li again
if it's the second prompt for that passphrase.
The first argument already contains all of this information, as a pre-formatted noun phrase.
.Pp
If the helper doesn't exist
.Pq the shell exits with Sy 127 ,
a diagnostic is issued and the normal prompt is used as fall-back.
If it fails for any other reason, the prompting is aborted.
.Pp
An example value would be:
.No ' Ns Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' .
.El
.
.\" SPDX-License-Identifier: MIT
.
.Sh TPM2 back-end configuration
.Ss Environment variables
.Bl -tag -compact -width "TSS2_LOG"
@ -144,6 +171,8 @@ To all who support further development, in particular:
ThePhD
.It
Embark Studios
.It
Jasper Bekkers
.El
.
.Sh REPORTING BUGS

40
zfs-tpm2-change-key.8.html
View File

@ -113,6 +113,41 @@
</dl>
</section>
<section class="Sh">
<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
VARIABLES</a></h1>
<dl class="Bl-tag Bl-compact">
<dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
<dd>If set and nonempty, will be run as
<div class="Bd
Bd-indent"><code class="Li"><span class="Pa">/bin/</span><code class="Nm">sh</code>
<code class="Fl">-c</code>
<code class="Li">&quot;$TZPFMS_PASSPHRASE_HELPER&quot;
&quot;$TZPFMS_PASSPHRASE_HELPER&quot;</code>
&quot;<var class="Ar">prepared prompt</var>&quot;
&quot;<var class="Ar">target</var>&quot;
&quot;[<code class="Li">new</code>]&quot;
&quot;[<code class="Li">again</code>]&quot;</code></div>
to provide a passphrase, instead of reading from the standard input.
<p class="Pp">The standard output stream of the helper is tied to an
anonymous file and used in its entirety as the passphrase, except for a
trailing new-line, if any. The second argument contains either the
dataset name or the element of the TPM hierarchy. The third argument is
<code class="Li">new</code> if this is for a new passphrase, and the
fourth is <code class="Li">again</code> if it's the second prompt for
that passphrase. The first argument already contains all of this
information, as a pre-formatted noun phrase.</p>
<p class="Pp" id="127">If the helper doesn't exist (the shell exits with
<a class="permalink" href="#127"><b class="Sy">127</b></a>), a
diagnostic is issued and the normal prompt is used as fall-back. If it
fails for any other reason, the prompting is aborted.</p>
<p class="Pp">An example value would be:
<span class="No">'</span><code class="Nm">systemd-ask-password</code>
<code class="Fl">--id</code><code class="Li">=</code>&quot;<code class="Li">tzpfms:</code><var class="Ar">$2</var>&quot;
&quot;<var class="Ar">$1</var><code class="Li">: </code>&quot;'.</p>
</dd>
</dl>
</section>
<section class="Sh">
<h1 class="Sh" id="TPM2_back-end_configuration"><a class="permalink" href="#TPM2_back-end_configuration">TPM2
back-end configuration</a></h1>
<section class="Ss">
@ -159,6 +194,7 @@
<ul class="Bl-bullet Bd-indent Bl-compact">
<li>ThePhD</li>
<li>Embark Studios</li>
<li>Jasper Bekkers</li>
</ul>
</section>
<section class="Sh">
@ -178,8 +214,8 @@
</div>
<table class="foot">
<tr>
<td class="foot-date">November 12, 2021</td>
<td class="foot-os">tzpfms 0.1-12</td>
<td class="foot-date">November 15, 2021</td>
<td class="foot-os">tzpfms 0.1-14</td>
</tr>
</table>
</body>

33
zfs-tpm2-clear-key.8
View File

@ -1,9 +1,9 @@
.\" SPDX-License-Identifier: MIT
.
.Dd November 12, 2021
.Dd November 15, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM2-CLEAR-KEY 8
.Os tzpfms 0.1-12
.Os tzpfms 0.1-14
.
.Sh NAME
.Nm zfs-tpm2-clear-key
@ -39,6 +39,33 @@ for a detailed description.
.
.\" SPDX-License-Identifier: MIT
.
.Sh ENVIRONMENT VARIABLES
.Bl -tag -compact -width "TZPFMS"
.It Ev TZPFMS_PASSPHRASE_HELPER
If set and nonempty, will be run as
.Dl Pa /bin/ Ns Nm sh Fl c Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc
to provide a passphrase, instead of reading from the standard input.
.Pp
The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
The second argument contains either the dataset name or the element of the TPM hierarchy.
The third argument is
.Li new
if this is for a new passphrase, and the fourth is
.Li again
if it's the second prompt for that passphrase.
The first argument already contains all of this information, as a pre-formatted noun phrase.
.Pp
If the helper doesn't exist
.Pq the shell exits with Sy 127 ,
a diagnostic is issued and the normal prompt is used as fall-back.
If it fails for any other reason, the prompting is aborted.
.Pp
An example value would be:
.No ' Ns Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' .
.El
.
.\" SPDX-License-Identifier: MIT
.
.Sh TPM2 back-end configuration
.Ss Environment variables
.Bl -tag -compact -width "TSS2_LOG"
@ -82,6 +109,8 @@ To all who support further development, in particular:
ThePhD
.It
Embark Studios
.It
Jasper Bekkers
.El
.
.Sh REPORTING BUGS

40
zfs-tpm2-clear-key.8.html
View File

@ -56,6 +56,41 @@
for a detailed description.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
VARIABLES</a></h1>
<dl class="Bl-tag Bl-compact">
<dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
<dd>If set and nonempty, will be run as
<div class="Bd
Bd-indent"><code class="Li"><span class="Pa">/bin/</span><code class="Nm">sh</code>
<code class="Fl">-c</code>
<code class="Li">&quot;$TZPFMS_PASSPHRASE_HELPER&quot;
&quot;$TZPFMS_PASSPHRASE_HELPER&quot;</code>
&quot;<var class="Ar">prepared prompt</var>&quot;
&quot;<var class="Ar">target</var>&quot;
&quot;[<code class="Li">new</code>]&quot;
&quot;[<code class="Li">again</code>]&quot;</code></div>
to provide a passphrase, instead of reading from the standard input.
<p class="Pp">The standard output stream of the helper is tied to an
anonymous file and used in its entirety as the passphrase, except for a
trailing new-line, if any. The second argument contains either the
dataset name or the element of the TPM hierarchy. The third argument is
<code class="Li">new</code> if this is for a new passphrase, and the
fourth is <code class="Li">again</code> if it's the second prompt for
that passphrase. The first argument already contains all of this
information, as a pre-formatted noun phrase.</p>
<p class="Pp" id="127">If the helper doesn't exist (the shell exits with
<a class="permalink" href="#127"><b class="Sy">127</b></a>), a
diagnostic is issued and the normal prompt is used as fall-back. If it
fails for any other reason, the prompting is aborted.</p>
<p class="Pp">An example value would be:
<span class="No">'</span><code class="Nm">systemd-ask-password</code>
<code class="Fl">--id</code><code class="Li">=</code>&quot;<code class="Li">tzpfms:</code><var class="Ar">$2</var>&quot;
&quot;<var class="Ar">$1</var><code class="Li">: </code>&quot;'.</p>
</dd>
</dl>
</section>
<section class="Sh">
<h1 class="Sh" id="TPM2_back-end_configuration"><a class="permalink" href="#TPM2_back-end_configuration">TPM2
back-end configuration</a></h1>
<section class="Ss">
@ -102,6 +137,7 @@
<ul class="Bl-bullet Bd-indent Bl-compact">
<li>ThePhD</li>
<li>Embark Studios</li>
<li>Jasper Bekkers</li>
</ul>
</section>
<section class="Sh">
@ -120,8 +156,8 @@
</div>
<table class="foot">
<tr>
<td class="foot-date">November 12, 2021</td>
<td class="foot-os">tzpfms 0.1-12</td>
<td class="foot-date">November 15, 2021</td>
<td class="foot-os">tzpfms 0.1-14</td>
</tr>
</table>
</body>

33
zfs-tpm2-load-key.8
View File

@ -1,9 +1,9 @@
.\" SPDX-License-Identifier: MIT
.
.Dd November 12, 2021
.Dd November 15, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM2-LOAD-KEY 8
.Os tzpfms 0.1-12
.Os tzpfms 0.1-14
.
.Sh NAME
.Nm zfs-tpm2-load-key
@ -41,6 +41,33 @@ option.
.
.\" SPDX-License-Identifier: MIT
.
.Sh ENVIRONMENT VARIABLES
.Bl -tag -compact -width "TZPFMS"
.It Ev TZPFMS_PASSPHRASE_HELPER
If set and nonempty, will be run as
.Dl Pa /bin/ Ns Nm sh Fl c Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc
to provide a passphrase, instead of reading from the standard input.
.Pp
The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
The second argument contains either the dataset name or the element of the TPM hierarchy.
The third argument is
.Li new
if this is for a new passphrase, and the fourth is
.Li again
if it's the second prompt for that passphrase.
The first argument already contains all of this information, as a pre-formatted noun phrase.
.Pp
If the helper doesn't exist
.Pq the shell exits with Sy 127 ,
a diagnostic is issued and the normal prompt is used as fall-back.
If it fails for any other reason, the prompting is aborted.
.Pp
An example value would be:
.No ' Ns Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' .
.El
.
.\" SPDX-License-Identifier: MIT
.
.Sh TPM1.X back-end configuration
.Ss TPM selection
The
@ -80,6 +107,8 @@ To all who support further development, in particular:
ThePhD
.It
Embark Studios
.It
Jasper Bekkers
.El
.
.Sh REPORTING BUGS

40
zfs-tpm2-load-key.8.html
View File

@ -54,6 +54,41 @@
</dl>
</section>
<section class="Sh">
<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
VARIABLES</a></h1>
<dl class="Bl-tag Bl-compact">
<dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
<dd>If set and nonempty, will be run as
<div class="Bd
Bd-indent"><code class="Li"><span class="Pa">/bin/</span><code class="Nm">sh</code>
<code class="Fl">-c</code>
<code class="Li">&quot;$TZPFMS_PASSPHRASE_HELPER&quot;
&quot;$TZPFMS_PASSPHRASE_HELPER&quot;</code>
&quot;<var class="Ar">prepared prompt</var>&quot;
&quot;<var class="Ar">target</var>&quot;
&quot;[<code class="Li">new</code>]&quot;
&quot;[<code class="Li">again</code>]&quot;</code></div>
to provide a passphrase, instead of reading from the standard input.
<p class="Pp">The standard output stream of the helper is tied to an
anonymous file and used in its entirety as the passphrase, except for a
trailing new-line, if any. The second argument contains either the
dataset name or the element of the TPM hierarchy. The third argument is
<code class="Li">new</code> if this is for a new passphrase, and the
fourth is <code class="Li">again</code> if it's the second prompt for
that passphrase. The first argument already contains all of this
information, as a pre-formatted noun phrase.</p>
<p class="Pp" id="127">If the helper doesn't exist (the shell exits with
<a class="permalink" href="#127"><b class="Sy">127</b></a>), a
diagnostic is issued and the normal prompt is used as fall-back. If it
fails for any other reason, the prompting is aborted.</p>
<p class="Pp">An example value would be:
<span class="No">'</span><code class="Nm">systemd-ask-password</code>
<code class="Fl">--id</code><code class="Li">=</code>&quot;<code class="Li">tzpfms:</code><var class="Ar">$2</var>&quot;
&quot;<var class="Ar">$1</var><code class="Li">: </code>&quot;'.</p>
</dd>
</dl>
</section>
<section class="Sh">
<h1 class="Sh" id="TPM1.X_back-end_configuration"><a class="permalink" href="#TPM1.X_back-end_configuration">TPM1.X
back-end configuration</a></h1>
<section class="Ss">
@ -87,6 +122,7 @@
<ul class="Bl-bullet Bd-indent Bl-compact">
<li>ThePhD</li>
<li>Embark Studios</li>
<li>Jasper Bekkers</li>
</ul>
</section>
<section class="Sh">
@ -105,8 +141,8 @@
</div>
<table class="foot">
<tr>
<td class="foot-date">November 12, 2021</td>
<td class="foot-os">tzpfms 0.1-12</td>
<td class="foot-date">November 15, 2021</td>
<td class="foot-os">tzpfms 0.1-14</td>
</tr>
</table>
</body>