diff --git a/tzpfms.pdf b/tzpfms.pdf index 0bf0918..4fc23a5 100644 Binary files a/tzpfms.pdf and b/tzpfms.pdf differ diff --git a/tzpfms.ps b/tzpfms.ps index 1e4efd9..2bfe6d8 100644 --- a/tzpfms.ps +++ b/tzpfms.ps @@ -1,6 +1,6 @@ %!PS-Adobe-3.0 %%Creator: groff version 1.22.4 -%%CreationDate: Fri Nov 12 18:42:47 2021 +%%CreationDate: Mon Nov 15 18:06:19 2021 %%DocumentNeededResources: font Times-Roman %%+ font Times-Bold %%+ font Courier-Bold @@ -9,7 +9,7 @@ %%+ font Symbol %%+ font Times-Italic %%DocumentSuppliedResources: procset grops 1.22 4 -%%Pages: 10 +%%Pages: 13 %%PageOrder: Ascend %%DocumentMedia: Default 595 842 0 () () %%Orientation: Portrait @@ -305,8 +305,8 @@ R 12(awa -)102 606 R 6(available yes)54 F($)102 630 Q F2 1.666 (KEYSTATUS COHERENT)12 F 6(owo/venc TPM2)102 654 R 6(unavailable yes)36 F($)102 678 Q F2 1.666(zfs-tpm-list \255ra)6 F F3(owo)6 E F4 30 (NAME BACK-END)102 690 R 18(KEYSTATUS COHERENT)12 F 6(owo/venc TPM2)102 -702 R 6(unavailable yes)36 F F0(tzpfms 0.1-12)72 750 Q(No)138.745 E -.15 -(ve)-.15 G(mber 12, 2021).15 E(1)189.295 E 0 Cg EP +702 R 6(unavailable yes)36 F F0(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15 +(ve)-.15 G(mber 15, 2021).15 E(1)189.295 E 0 Cg EP %%Page: 2 2 %%BeginPageSetup BP @@ -323,13 +323,14 @@ G 6(vailable yes)-54 F 12(owo/enc TPM1.X)102 204 R 6(available yes)24 F /F3 10/Times-Bold@0 SF 1.666(SPECIAL THANKS)72 228 R F0 1.6 -.8(To a)102 240 T(ll who support further de).8 E -.15(ve)-.25 G (lopment, in particular:).15 E F3<83>122 252 Q F0(ThePhD)2.5 E F3<83>122 -264 Q F0(Embark Studios)2.5 E F3(REPOR)72 288 Q 1.666(TING B)-.4 F(UGS) --.1 E(https://todo.sr)102 300 Q(.ht/~nabijaczleweli/tzpfms)-1 E F1 -(~nabijaczleweli/tzpfms@lists.sr.ht)102 318 Q F0 2.5(,a)C(rchi)-2.5 E +264 Q F0(Embark Studios)2.5 E F3<83>122 276 Q F0(Jasper Bekk)2.5 E(ers) +-.1 E F3(REPOR)72 300 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 +312 Q(.ht/~nabijaczleweli/tzpfms)-1 E F1 +(~nabijaczleweli/tzpfms@lists.sr.ht)102 330 Q F0 2.5(,a)C(rchi)-2.5 E -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F3(https://lists.sr)2.5 E -(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F3 1.666(SEE ALSO)72 342 R -(https://git.sr)102 354 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 -(tzpfms 0.1-12)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 12, 2021).15 E +(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F3 1.666(SEE ALSO)72 354 R +(https://git.sr)102 366 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 +(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E (2)189.295 E 0 Cg EP %%Page: 3 3 %%BeginPageSetup @@ -418,42 +419,72 @@ F0(Sa)191 618 Q .806 -.15(ve a b)-.2 H .506(ack-up of the k).15 F .805 (case of a catastrophic e)3.181 F -.15(ve)-.25 G .682(nt, the k).15 F .982 -.15(ey c)-.1 H(an).15 E(be loaded by running)191 642 Q F2 (zfs load-key)221 654 Q F3(dataset)6 E F5(<)6 E F3(backup-file)6 E F1 -1.666(TPM1.X back-end con\214guration)72 678 R F0(tzpfms 0.1-12)72 750 Q -(No)138.745 E -.15(ve)-.15 G(mber 12, 2021).15 E(3)189.295 E 0 Cg EP +(ENVIR)72 678 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F0(tzpfms 0.1-14) +72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E(3)189.295 E 0 +Cg EP %%Page: 4 4 %%BeginPageSetup BP %%EndPageSetup /F0 10/Times-Roman@0 SF -.834(ZFS-TPM1X-CHANGE-KEY \(8\))72 48 R (System Manager')46.109 E 2.5(sM)-.55 G 41.109 -(anual ZFS-TPM1X-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF -.625(TPM selection)84 96 R F0(The)102 108 Q/F2 10/Courier-Bold@0 SF -(tzpfms)2.768 E F0 .267(suite connects to a local)2.767 F/F3 10 -/Courier@0 SF(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t) --1.666 E F3(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 -G(ef)-2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102 -120 Q(ariable)-.25 E F3(TZPFMS_TPM1X)2.5 E F0 -(to specify a remote TCS hostname.)2.5 E .391(The T)102 138 R(rouSerS) --.35 E F3(tcsd)2.891 E F0 .391(\(8\) daemon will try)B F3(/dev/tpm0) -2.892 E F0 2.892(,t)C(hen)-2.892 E F3(/udev/tpm0)2.892 E F0 2.892(,t)C -(hen)-2.892 E F3(/dev/tpm)2.892 E F0 2.892(;b)C 2.892(yo)-2.892 G(ccup) --2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 150 Q -(xample, shell redirection, a later one can be selected.)-.15 E F1 .625 -(See also)84 174 R F0(The T)102 186 Q(rouSerS project page at)-.35 E F1 +(anual ZFS-TPM1X-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Courier@0 SF +(TZPFMS_PASSPHRASE_HELPER)102 96 Q F0(If set and nonempty)143 108 Q 2.5 +(,w)-.65 G(ill be run as)-2.5 E F1(/bin/)173 120 Q/F2 10/Courier-Bold@0 +SF 70.333(sh \255c)B F1("$TZPFMS_PASSPHRASE_HELPER")74.667 E +("$TZPFMS_PASSPHRASE_HELPER")173 132 Q F0(")10.715 E/F3 10 +/Courier-Oblique@0 SF 4.715(prepared prompt)B F0 7.215("")C F3(target) +-7.215 E F0 7.215("")C([)-7.215 E F1(new)A F0(]")A("[)173 144 Q F1 +(again)A F0(]")A(to pro)143 156 Q +(vide a passphrase, instead of reading from the standard input.)-.15 E +.189(The standard output stream of the helper is tied to an anon)143 174 +R .188(ymous \214le and used in its entirety as the)-.15 F .446 +(passphrase, e)143 186 R .446(xcept for a trailing ne)-.15 F .446 +(w-line, if an)-.25 F 4.246 -.65(y. T)-.15 H .447(he second ar).65 F +.447(gument contains either the dataset)-.18 F 2.14 +(name or the element of the TPM hierarch)143 198 R 5.94 -.65(y. T)-.05 H +2.14(he third ar).65 F 2.14(gument is)-.18 F F1(new)4.64 E F0 2.14 +(if this is for a ne)4.64 F(w)-.25 E .573(passphrase, and the fourth is) +143 210 R F1(again)3.074 E F0 .574(if it')3.074 F 3.074(st)-.55 G .574 +(he second prompt for that passphrase.)-3.074 F .574(The \214rst ar) +5.574 F(gu-)-.18 E(ment already contains all of this information, as a \ +pre-formatted noun phrase.)143 222 Q .181(If the helper doesn')143 240 R +2.681(te)-.18 G 1.847(xist \()-2.831 F .181(the shell e)1.666 F .181 +(xits with)-.15 F/F4 10/Times-Bold@0 SF(127)2.681 E F0 -3.151 1.666 +(\), a d)1.666 H .181(iagnostic is issued and the normal prompt)-1.666 F +(is used as f)143 252 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an) +-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)-2.5 E(An e) +143 270 Q(xample v)-.15 E(alue w)-.25 E(ould be: ')-.1 E F2 1.666 +(systemd-ask-password \255-id)B F1(=)A F0(")A F1(tzpfms:)A F3($2)A F0 +2.5("")C F3($1)-2.5 E F1(:)A F0("'.)6 E F4 1.666 +(TPM1.X back-end con\214guration)72 294 R .625(TPM selection)84 306 R F0 +(The)102 318 Q F2(tzpfms)2.767 E F0 .267(suite connects to a local)2.767 +F F1(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E +F1(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef) +-2.767 E 2.767(ault. Use)-.1 F .268(the en-)2.767 F(vironment v)102 330 +Q(ariable)-.25 E F1(TZPFMS_TPM1X)2.5 E F0 +(to specify a remote TCS hostname.)2.5 E .392(The T)102 348 R(rouSerS) +-.35 E F1(tcsd)2.892 E F0 .392(\(8\) daemon will try)B F1(/dev/tpm0) +2.892 E F0 2.892(,t)C(hen)-2.892 E F1(/udev/tpm0)2.892 E F0 2.891(,t)C +(hen)-2.891 E F1(/dev/tpm)2.891 E F0 2.891(;b)C 2.891(yo)-2.891 G(ccup) +-2.891 E(ying)-.1 E(one of the earlier ones with, for e)102 360 Q +(xample, shell redirection, a later one can be selected.)-.15 E F4 .625 +(See also)84 384 R F0(The T)102 396 Q(rouSerS project page at)-.35 E F4 (https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18 -E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102 -204 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E +E(ousers)-.18 E F0(.)A 5.108(The TPM 1.2 main speci\214cation inde)102 +414 R 7.609(xa)-.15 G(t)-7.609 E F4(https://trustedcomputinggr)7.609 E (oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E -(speci\214cation)102 216 Q F0(.)A F1 1.666(SPECIAL THANKS)72 240 R F0 -1.6 -.8(To a)102 252 T(ll who support further de).8 E -.15(ve)-.25 G -(lopment, in particular:).15 E F1<83>122 264 Q F0(ThePhD)2.5 E F1<83>122 -276 Q F0(Embark Studios)2.5 E F1(REPOR)72 300 Q 1.666(TING B)-.4 F(UGS) --.1 E(https://todo.sr)102 312 Q(.ht/~nabijaczleweli/tzpfms)-1 E F3 -(~nabijaczleweli/tzpfms@lists.sr.ht)102 330 Q F0 2.5(,a)C(rchi)-2.5 E --.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E -(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 354 R -(https://git.sr)102 366 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 -(tzpfms 0.1-12)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 12, 2021).15 E +(speci\214cation)102 426 Q F0(.)A F4 1.666(SPECIAL THANKS)72 450 R F0 +1.6 -.8(To a)102 462 T(ll who support further de).8 E -.15(ve)-.25 G +(lopment, in particular:).15 E F4<83>122 474 Q F0(ThePhD)2.5 E F4<83>122 +486 Q F0(Embark Studios)2.5 E F4<83>122 498 Q F0(Jasper Bekk)2.5 E(ers) +-.1 E F4(REPOR)72 522 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 +534 Q(.ht/~nabijaczleweli/tzpfms)-1 E F1 +(~nabijaczleweli/tzpfms@lists.sr.ht)102 552 Q F0 2.5(,a)C(rchi)-2.5 E +-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F4(https://lists.sr)2.5 E +(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F4 1.666(SEE ALSO)72 576 R +(https://git.sr)102 588 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 +(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E (4)189.295 E 0 Cg EP %%Page: 5 5 %%BeginPageSetup @@ -469,42 +500,43 @@ BP (zfs-tpm1x-clear-key)102 144 Q/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 168 Q F0(After v)102 180 Q(erifying)-.15 E F3(dataset) 2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E F2(tzpfms)2.5 E -F0(back)2.5 E(end)-.1 E F1(TPM1.X)2.5 E F0(:)A 6.984 +F0(back)2.5 E(end)-.1 E F1(TPM1.X)2.5 E F0(:)A 6.985 (1. performs the equi)122 192 R -.25(va)-.25 G 6.984(lent of).25 F F2 6.984(zfs change-key)9.484 F14.65 E/F4 10/Courier@0 SF -(keylocation=prompt)12.985 E F214.651 E F4(keyformat=passphrase) -127 204 Q F3(dataset)6 E F0(,)A(2. remo)122 216 Q -.15(ve)-.15 G 2.5(st) -.15 G(he)-2.5 E F4(xyz.nabijaczleweli:tzpfms.)2.5 E F0({)A F4(backend)A -F0(,)A F4(key)6 E F0 2.5(}p)C(roperties from)-2.5 E F3(dataset)2.5 E F0 -(.)A(See)102 234 Q F4(zfs-tpm1x-change-key)2.5 E F0 +(keylocation=prompt)12.984 E F214.65 E F4(keyformat=passphrase)127 +204 Q F3(dataset)6 E F0(,)A(2. remo)122 216 Q -.15(ve)-.15 G 2.5(st).15 +G(he)-2.5 E F4(xyz.nabijaczleweli:tzpfms.)2.5 E F0({)A F4(backend)A F0 +(,)A F4(key)6 E F0 2.5(}p)C(roperties from)-2.5 E F3(dataset)2.5 E F0(.) +A(See)102 234 Q F4(zfs-tpm1x-change-key)2.5 E F0 (\(8\) for a detailed description.)A F1 1.666 (TPM1.X back-end con\214guration)72 258 R .625(TPM selection)84 270 R F0 -(The)102 282 Q F2(tzpfms)2.768 E F0 .267(suite connects to a local)2.767 +(The)102 282 Q F2(tzpfms)2.767 E F0 .267(suite connects to a local)2.767 F F4(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E F4(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef) --2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102 294 +-2.767 E 2.767(ault. Use)-.1 F .268(the en-)2.767 F(vironment v)102 294 Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0 -(to specify a remote TCS hostname.)2.5 E .391(The T)102 312 R(rouSerS) --.35 E F4(tcsd)2.891 E F0 .391(\(8\) daemon will try)B F4(/dev/tpm0) -2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.892(,t)C -(hen)-2.892 E F4(/dev/tpm)2.892 E F0 2.892(;b)C 2.892(yo)-2.892 G(ccup) --2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 324 Q +(to specify a remote TCS hostname.)2.5 E .392(The T)102 312 R(rouSerS) +-.35 E F4(tcsd)2.892 E F0 .392(\(8\) daemon will try)B F4(/dev/tpm0) +2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.891(,t)C +(hen)-2.891 E F4(/dev/tpm)2.891 E F0 2.891(;b)C 2.891(yo)-2.891 G(ccup) +-2.891 E(ying)-.1 E(one of the earlier ones with, for e)102 324 Q (xample, shell redirection, a later one can be selected.)-.15 E F1 .625 (See also)84 348 R F0(The T)102 360 Q(rouSerS project page at)-.35 E F1 (https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18 -E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102 -378 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E +E(ousers)-.18 E F0(.)A 5.108(The TPM 1.2 main speci\214cation inde)102 +378 R 7.609(xa)-.15 G(t)-7.609 E F1(https://trustedcomputinggr)7.609 E (oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E (speci\214cation)102 390 Q F0(.)A F1 1.666(SPECIAL THANKS)72 414 R F0 1.6 -.8(To a)102 426 T(ll who support further de).8 E -.15(ve)-.25 G (lopment, in particular:).15 E F1<83>122 438 Q F0(ThePhD)2.5 E F1<83>122 -450 Q F0(Embark Studios)2.5 E F1(REPOR)72 474 Q 1.666(TING B)-.4 F(UGS) --.1 E(https://todo.sr)102 486 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4 -(~nabijaczleweli/tzpfms@lists.sr.ht)102 504 Q F0 2.5(,a)C(rchi)-2.5 E +450 Q F0(Embark Studios)2.5 E F1<83>122 462 Q F0(Jasper Bekk)2.5 E(ers) +-.1 E F1(REPOR)72 486 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 +498 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4 +(~nabijaczleweli/tzpfms@lists.sr.ht)102 516 Q F0 2.5(,a)C(rchi)-2.5 E -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E -(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 528 R -(https://git.sr)102 540 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 -(tzpfms 0.1-12)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 12, 2021).15 E +(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 540 R +(https://git.sr)102 552 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 +(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E (5)189.295 E 0 Cg EP %%Page: 6 6 %%BeginPageSetup @@ -517,54 +549,90 @@ BP (oad TPM1.X-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72 132 Q F2(zfs-tpm1x-load-key)102 144 Q F0([)3.333 E F22.499 E F0(]) .833 E/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 168 Q -F0 1.155(After v)102 180 R(erifying)-.15 E F3(dataset)3.655 E F0 -.1(wa) -3.655 G 3.655(se).1 G 1.155(ncrypted with)-3.655 F F2(tzpfms)3.655 E F0 -(back)3.655 E(end)-.1 E F1(TPM1.X)3.655 E F0 1.156(will unseal the k) -3.655 F 1.456 -.15(ey a)-.1 H 1.156(nd load it).15 F(into)102 192 Q F3 -(dataset)2.5 E F0(.)A .694 +F0 1.156(After v)102 180 R(erifying)-.15 E F3(dataset)3.656 E F0 -.1(wa) +3.656 G 3.656(se).1 G 1.156(ncrypted with)-3.656 F F2(tzpfms)3.655 E F0 +(back)3.655 E(end)-.1 E F1(TPM1.X)3.655 E F0 1.155(will unseal the k) +3.655 F 1.455 -.15(ey a)-.1 H 1.155(nd load it).15 F(into)102 192 Q F3 +(dataset)2.5 E F0(.)A .693 (The user is \214rst prompted for the SRK passphrase, set when taking o) -102 210 R .693(wnership, if not "well-kno)-.25 F .693(wn" \(all ze-)-.25 +102 210 R .694(wnership, if not "well-kno)-.25 F .694(wn" \(all ze-)-.25 F(roes\); then for the additional passphrase, set when creating the k) 102 222 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5(fo)-2.5 G(ne w)-2.5 E(as set.) -.1 E(See)102 240 Q/F4 10/Courier@0 SF(zfs-tpm1x-change-key)2.5 E F0 (\(8\) for a detailed description.)A F1(OPTIONS)72 264 Q F2103.666 -276 Q F0 .178(Do a no-op/dry run, can be used e)119 288 R -.15(ve)-.25 G -2.678(ni).15 G 2.679(ft)-2.678 G .179(he k)-2.679 F .479 -.15(ey i)-.1 H -2.679(sa).15 G .179(lready loaded.)-2.679 F(Equi)5.179 E -.25(va)-.25 G -.179(lent to).25 F F2 .179(zfs load-key)2.679 F F0 -.55('s)C F2 -4.895 E F0(option.)119 300 Q F1 1.666(TPM1.X back-end con\214guration)72 -324 R .625(TPM selection)84 336 R F0(The)102 348 Q F2(tzpfms)2.768 E F0 -.267(suite connects to a local)2.767 F F4(tcsd)2.767 E F0 .267 -(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E F4(localhost:30003)2.767 E -F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)-2.767 E 2.767(ault. Use)-.1 F -.267(the en-)2.767 F(vironment v)102 360 Q(ariable)-.25 E F4 -(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .391 -(The T)102 378 R(rouSerS)-.35 E F4(tcsd)2.891 E F0 .391 -(\(8\) daemon will try)B F4(/dev/tpm0)2.892 E F0 2.892(,t)C(hen)-2.892 E -F4(/udev/tpm0)2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/dev/tpm)2.892 E F0 -2.892(;b)C 2.892(yo)-2.892 G(ccup)-2.892 E(ying)-.1 E -(one of the earlier ones with, for e)102 390 Q +276 Q F0 .179(Do a no-op/dry run, can be used e)119 288 R -.15(ve)-.25 G +2.679(ni).15 G 2.679(ft)-2.679 G .179(he k)-2.679 F .478 -.15(ey i)-.1 H +2.678(sa).15 G .178(lready loaded.)-2.678 F(Equi)5.178 E -.25(va)-.25 G +.178(lent to).25 F F2 .178(zfs load-key)2.678 F F0 -.55('s)C F2 +4.894 E F0(option.)119 300 Q F1(ENVIR)72 324 Q 1.666(ONMENT V)-.3 F +(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)102 336 Q F0 +(If set and nonempty)143 348 Q 2.5(,w)-.65 G(ill be run as)-2.5 E F4 +(/bin/)173 360 Q F2 70.333(sh \255c)B F4("$TZPFMS_PASSPHRASE_HELPER") +74.667 E("$TZPFMS_PASSPHRASE_HELPER")173 372 Q F0(")10.715 E F3 4.715 +(prepared prompt)B F0 7.215("")C F3(target)-7.215 E F0 7.215("")C([) +-7.215 E F4(new)A F0(]")A("[)173 384 Q F4(again)A F0(]")A(to pro)143 396 +Q(vide a passphrase, instead of reading from the standard input.)-.15 E +.188(The standard output stream of the helper is tied to an anon)143 414 +R .189(ymous \214le and used in its entirety as the)-.15 F .447 +(passphrase, e)143 426 R .447(xcept for a trailing ne)-.15 F .447 +(w-line, if an)-.25 F 4.246 -.65(y. T)-.15 H .446(he second ar).65 F +.446(gument contains either the dataset)-.18 F 2.14 +(name or the element of the TPM hierarch)143 438 R 5.94 -.65(y. T)-.05 H +2.14(he third ar).65 F 2.14(gument is)-.18 F F4(new)4.64 E F0 2.14 +(if this is for a ne)4.64 F(w)-.25 E .574(passphrase, and the fourth is) +143 450 R F4(again)3.074 E F0 .574(if it')3.074 F 3.074(st)-.55 G .574 +(he second prompt for that passphrase.)-3.074 F .573(The \214rst ar) +5.573 F(gu-)-.18 E(ment already contains all of this information, as a \ +pre-formatted noun phrase.)143 462 Q .181(If the helper doesn')143 480 R +2.681(te)-.18 G 1.847(xist \()-2.831 F .181(the shell e)1.666 F .181 +(xits with)-.15 F F1(127)2.681 E F0 -3.151 1.666(\), a d)1.666 H .181 +(iagnostic is issued and the normal prompt)-1.666 F(is used as f)143 492 +Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15 G +(ther reason, the prompting is aborted.)-2.5 E(An e)143 510 Q(xample v) +-.15 E(alue w)-.25 E(ould be: ')-.1 E F2 1.666 +(systemd-ask-password \255-id)B F4(=)A F0(")A F4(tzpfms:)A F3($2)A F0 +2.5("")C F3($1)-2.5 E F4(:)A F0("'.)6 E F1 1.666 +(TPM1.X back-end con\214guration)72 534 R .625(TPM selection)84 546 R F0 +(The)102 558 Q F2(tzpfms)2.768 E F0 .267(suite connects to a local)2.767 +F F4(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E +F4(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef) +-2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102 570 +Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0 +(to specify a remote TCS hostname.)2.5 E .391(The T)102 588 R(rouSerS) +-.35 E F4(tcsd)2.891 E F0 .391(\(8\) daemon will try)B F4(/dev/tpm0) +2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.892(,t)C +(hen)-2.892 E F4(/dev/tpm)2.892 E F0 2.892(;b)C 2.892(yo)-2.892 G(ccup) +-2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 600 Q (xample, shell redirection, a later one can be selected.)-.15 E F1 .625 -(See also)84 414 R F0(The T)102 426 Q(rouSerS project page at)-.35 E F1 +(See also)84 624 R F0(The T)102 636 Q(rouSerS project page at)-.35 E F1 (https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18 E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102 -444 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E +654 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E (oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E -(speci\214cation)102 456 Q F0(.)A F1 1.666(SPECIAL THANKS)72 480 R F0 -1.6 -.8(To a)102 492 T(ll who support further de).8 E -.15(ve)-.25 G -(lopment, in particular:).15 E F1<83>122 504 Q F0(ThePhD)2.5 E F1<83>122 -516 Q F0(Embark Studios)2.5 E F1(REPOR)72 540 Q 1.666(TING B)-.4 F(UGS) --.1 E(https://todo.sr)102 552 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4 -(~nabijaczleweli/tzpfms@lists.sr.ht)102 570 Q F0 2.5(,a)C(rchi)-2.5 E --.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E -(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 594 R -(https://git.sr)102 606 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 -(tzpfms 0.1-12)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 12, 2021).15 E -(6)189.295 E 0 Cg EP +(speci\214cation)102 666 Q F0(.)A(tzpfms 0.1-14)72 750 Q(No)138.745 E +-.15(ve)-.15 G(mber 15, 2021).15 E(6)189.295 E 0 Cg EP %%Page: 7 7 %%BeginPageSetup BP %%EndPageSetup +/F0 10/Times-Roman@0 SF(ZFS-TPM1X-LO)72 48 Q -.834(AD-KEY \(8\))-.35 F +(System Manager')60.349 E 2.5(sM)-.55 G 55.349(anual ZFS-TPM1X-LO)-2.5 F +-.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF 1.666(SPECIAL THANKS)72 +96 R F0 1.6 -.8(To a)102 108 T(ll who support further de).8 E -.15(ve) +-.25 G(lopment, in particular:).15 E F1<83>122 120 Q F0(ThePhD)2.5 E F1 +<83>122 132 Q F0(Embark Studios)2.5 E F1<83>122 144 Q F0(Jasper Bekk)2.5 +E(ers)-.1 E F1(REPOR)72 168 Q 1.666(TING B)-.4 F(UGS)-.1 E +(https://todo.sr)102 180 Q(.ht/~nabijaczleweli/tzpfms)-1 E/F2 10 +/Courier@0 SF(~nabijaczleweli/tzpfms@lists.sr.ht)102 198 Q F0 2.5(,a)C +(rchi)-2.5 E -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr) +2.5 E(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 222 R +(https://git.sr)102 234 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 +(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E +(7)189.295 E 0 Cg EP +%%Page: 8 8 +%%BeginPageSetup +BP +%%EndPageSetup /F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R (System Manager')53.329 E 2.5(sM)-.55 G 48.329 (anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF @@ -650,50 +718,79 @@ F(This)5.505 E(back-up)191 630 Q F4(must)3.181 E F0 .681 (-site. In).25 F .682(case of a catastrophic e)3.181 F -.15(ve)-.25 G .682(nt, the k).15 F .982 -.15(ey c)-.1 H(an).15 E(be loaded by running) 191 642 Q F2(zfs load-key)221 654 Q F3(dataset)6 E F5(<)6 E F3 -(backup-file)6 E F1 1.666(TPM2 back-end con\214guration)72 678 R F0 -(tzpfms 0.1-12)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 12, 2021).15 E -(7)189.295 E 0 Cg EP -%%Page: 8 8 +(backup-file)6 E F1(ENVIR)72 678 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E +F0(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 +E(8)189.295 E 0 Cg EP +%%Page: 9 9 %%BeginPageSetup BP %%EndPageSetup /F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R (System Manager')53.329 E 2.5(sM)-.55 G 48.329 -(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF -(En)84 96 Q(vir)-.4 E .625(onment v)-.18 F(ariables)-.1 E/F2 10 -/Courier@0 SF(TSS2_LOG)102 108 Q F0(An)155 108 Q 2.5(yo)-.15 G(f:)-2.5 E -F1(NONE)2.5 E F0(,)A F1(ERR)2.5 E(OR)-.3 E F0(,)A F1 -1.2(WA)2.5 G -(RNING)1.2 E F0(,)A F1(INFO)2.5 E F0(,)A F1(DEB)2.5 E(UG)-.1 E F0(,)A F1 -(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E F1 -1.2(WA)2.5 G -(RNING)1.2 E F0(.)A F1 .625(TPM selection)84 132 R F0 .517(The library) -102 144 R/F3 10/Courier-Bold@0 SF(libtss2-tcti-default.so)3.017 E F0 -.517(can be link)3.017 F .516(ed to an)-.1 F 3.016(yo)-.15 G 3.016(ft) --3.016 G(he)-3.016 E F2(libtss2-tcti-)3.016 E/F4 10/Symbol SF(*)A F2 -(.so)A F0(libraries)3.016 E .575(to select the def)102 156 R .576 -(ault, otherwise)-.1 F F2(/dev/tpmrm0)3.076 E F0 3.076(,t)C(hen)-3.076 E -F2(/dev/tpm0)3.076 E F0 3.076(,t)C(hen)-3.076 E F2(localhost:2321)3.076 -E F0 .576(will be tried,)3.076 F(in order)102 168 Q 1.666(\(s)4.166 G -(ee)-1.666 E F2(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F1 .625 -(See also)84 192 R F0 3.488(The tpm2-tss git repository at)102 204 R F1 +(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Courier@0 SF +(TZPFMS_PASSPHRASE_HELPER)102 96 Q F0(If set and nonempty)143 108 Q 2.5 +(,w)-.65 G(ill be run as)-2.5 E F1(/bin/)173 120 Q/F2 10/Courier-Bold@0 +SF 70.333(sh \255c)B F1("$TZPFMS_PASSPHRASE_HELPER")74.667 E +("$TZPFMS_PASSPHRASE_HELPER")173 132 Q F0(")10.715 E/F3 10 +/Courier-Oblique@0 SF 4.715(prepared prompt)B F0 7.215("")C F3(target) +-7.215 E F0 7.215("")C([)-7.215 E F1(new)A F0(]")A("[)173 144 Q F1 +(again)A F0(]")A(to pro)143 156 Q +(vide a passphrase, instead of reading from the standard input.)-.15 E +.189(The standard output stream of the helper is tied to an anon)143 174 +R .188(ymous \214le and used in its entirety as the)-.15 F .446 +(passphrase, e)143 186 R .446(xcept for a trailing ne)-.15 F .446 +(w-line, if an)-.25 F 4.246 -.65(y. T)-.15 H .447(he second ar).65 F +.447(gument contains either the dataset)-.18 F 2.14 +(name or the element of the TPM hierarch)143 198 R 5.94 -.65(y. T)-.05 H +2.14(he third ar).65 F 2.14(gument is)-.18 F F1(new)4.64 E F0 2.14 +(if this is for a ne)4.64 F(w)-.25 E .573(passphrase, and the fourth is) +143 210 R F1(again)3.074 E F0 .574(if it')3.074 F 3.074(st)-.55 G .574 +(he second prompt for that passphrase.)-3.074 F .574(The \214rst ar) +5.574 F(gu-)-.18 E(ment already contains all of this information, as a \ +pre-formatted noun phrase.)143 222 Q .181(If the helper doesn')143 240 R +2.681(te)-.18 G 1.847(xist \()-2.831 F .181(the shell e)1.666 F .181 +(xits with)-.15 F/F4 10/Times-Bold@0 SF(127)2.681 E F0 -3.151 1.666 +(\), a d)1.666 H .181(iagnostic is issued and the normal prompt)-1.666 F +(is used as f)143 252 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an) +-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)-2.5 E(An e) +143 270 Q(xample v)-.15 E(alue w)-.25 E(ould be: ')-.1 E F2 1.666 +(systemd-ask-password \255-id)B F1(=)A F0(")A F1(tzpfms:)A F3($2)A F0 +2.5("")C F3($1)-2.5 E F1(:)A F0("'.)6 E F4 1.666 +(TPM2 back-end con\214guration)72 294 R(En)84 306 Q(vir)-.4 E .625 +(onment v)-.18 F(ariables)-.1 E F1(TSS2_LOG)102 318 Q F0(An)155 318 Q +2.5(yo)-.15 G(f:)-2.5 E F4(NONE)2.5 E F0(,)A F4(ERR)2.5 E(OR)-.3 E F0(,) +A F4 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F4(INFO)2.5 E F0(,)A F4(DEB)2.5 E +(UG)-.1 E F0(,)A F4(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E F4 +-1.2(WA)2.5 G(RNING)1.2 E F0(.)A F4 .625(TPM selection)84 342 R F0 .516 +(The library)102 354 R F2(libtss2-tcti-default.so)3.016 E F0 .516 +(can be link)3.016 F .516(ed to an)-.1 F 3.017(yo)-.15 G 3.017(ft)-3.017 +G(he)-3.017 E F1(libtss2-tcti-)3.017 E/F5 10/Symbol SF(*)A F1(.so)A F0 +(libraries)3.017 E .576(to select the def)102 366 R .576 +(ault, otherwise)-.1 F F1(/dev/tpmrm0)3.076 E F0 3.076(,t)C(hen)-3.076 E +F1(/dev/tpm0)3.076 E F0 3.076(,t)C(hen)-3.076 E F1(localhost:2321)3.076 +E F0 .575(will be tried,)3.076 F(in order)102 378 Q 1.666(\(s)4.166 G +(ee)-1.666 E F1(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F4 .625 +(See also)84 402 R F0 3.487(The tpm2-tss git repository at)102 414 R F4 (https://github)5.988 E(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0 -3.487(and the documentation at)5.988 F F1(https://tpm2-tss.r)102 216 Q +3.488(and the documentation at)5.988 F F4(https://tpm2-tss.r)102 426 Q (eadthedocs.io)-.18 E F0(.)A 3.092 -(The TPM 2.0 speci\214cations, mainly at)102 234 R F1 -(https://trustedcomputinggr)5.592 E(oup.or)-.18 E -(g/wp-content/uploads/TPM-)-.1 E(Re)102 246 Q(v-2.0-P)-.15 E(art-1-Ar) --.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0(and related pages.)2.5 E F1 -1.666(SPECIAL THANKS)72 270 R F0 1.6 -.8(To a)102 282 T +(The TPM 2.0 speci\214cations, mainly at)102 444 R F4 +(https://trustedcomputinggr)5.591 E(oup.or)-.18 E +(g/wp-content/uploads/TPM-)-.1 E(Re)102 456 Q(v-2.0-P)-.15 E(art-1-Ar) +-.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0(and related pages.)2.5 E F4 +1.666(SPECIAL THANKS)72 480 R F0 1.6 -.8(To a)102 492 T (ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:) -.15 E F1<83>122 294 Q F0(ThePhD)2.5 E F1<83>122 306 Q F0(Embark Studios) -2.5 E F1(REPOR)72 330 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 -342 Q(.ht/~nabijaczleweli/tzpfms)-1 E F2 -(~nabijaczleweli/tzpfms@lists.sr.ht)102 360 Q F0 2.5(,a)C(rchi)-2.5 E --.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E -(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 384 R F2 -(tpm2_unseal)102 396 Q F0(\(1\))A F1(https://git.sr)102 414 Q -(.ht/~nabijaczleweli/tzpfms)-1 E F0(tzpfms 0.1-12)72 750 Q(No)138.745 E --.15(ve)-.15 G(mber 12, 2021).15 E(8)189.295 E 0 Cg EP -%%Page: 9 9 +.15 E F4<83>122 504 Q F0(ThePhD)2.5 E F4<83>122 516 Q F0(Embark Studios) +2.5 E F4<83>122 528 Q F0(Jasper Bekk)2.5 E(ers)-.1 E F4(REPOR)72 552 Q +1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 564 Q +(.ht/~nabijaczleweli/tzpfms)-1 E F1(~nabijaczleweli/tzpfms@lists.sr.ht) +102 582 Q F0 2.5(,a)C(rchi)-2.5 E -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E +F4(https://lists.sr)2.5 E(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F4 +1.666(SEE ALSO)72 606 R F1(tpm2_unseal)102 618 Q F0(\(1\))A F4 +(https://git.sr)102 636 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 +(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E +(9)189.295 E 0 Cg EP +%%Page: 10 10 %%BeginPageSetup BP %%EndPageSetup @@ -706,50 +803,87 @@ BP 132 Q F2(zfs-tpm2-clear-key)102 144 Q/F3 10/Courier-Oblique@0 SF (dataset)2.5 E F1(DESCRIPTION)72 168 Q F0(After v)102 180 Q(erifying) -.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E -F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM2)2.5 E F0(:)A 6.985 +F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM2)2.5 E F0(:)A 6.984 (1. performs the equi)122 192 R -.25(va)-.25 G 6.984(lent of).25 F F2 6.984(zfs change-key)9.484 F14.65 E/F4 10/Courier@0 SF -(keylocation=prompt)12.984 E F214.65 E F4(keyformat=passphrase)127 -204 Q F3(dataset)6 E F0(,)A(2. frees the sealed k)122 216 Q .3 -.15 +(keylocation=prompt)12.985 E F214.651 E F4(keyformat=passphrase) +127 204 Q F3(dataset)6 E F0(,)A(2. frees the sealed k)122 216 Q .3 -.15 (ey p)-.1 H(re).15 E(viously used to encrypt)-.25 E F3(dataset)2.5 E F0 (,)A(3. remo)122 228 Q -.15(ve)-.15 G 2.5(st).15 G(he)-2.5 E F4 (xyz.nabijaczleweli:tzpfms.)2.5 E F0({)A F4(backend)A F0(,)A F4(key)6 E F0 2.5(}p)C(roperties from)-2.5 E F3(dataset)2.5 E F0(.)A(See)102 246 Q F4(zfs-tpm2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1 -1.666(TPM2 back-end con\214guration)72 270 R(En)84 282 Q(vir)-.4 E .625 -(onment v)-.18 F(ariables)-.1 E F4(TSS2_LOG)102 294 Q F0(An)155 294 Q +(ENVIR)72 270 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F4 +(TZPFMS_PASSPHRASE_HELPER)102 282 Q F0(If set and nonempty)143 294 Q 2.5 +(,w)-.65 G(ill be run as)-2.5 E F4(/bin/)173 306 Q F2 70.333(sh \255c)B +F4("$TZPFMS_PASSPHRASE_HELPER")74.667 E("$TZPFMS_PASSPHRASE_HELPER")173 +318 Q F0(")10.715 E F3 4.715(prepared prompt)B F0 7.215("")C F3(target) +-7.215 E F0 7.215("")C([)-7.215 E F4(new)A F0(]")A("[)173 330 Q F4 +(again)A F0(]")A(to pro)143 342 Q +(vide a passphrase, instead of reading from the standard input.)-.15 E +.189(The standard output stream of the helper is tied to an anon)143 360 +R .188(ymous \214le and used in its entirety as the)-.15 F .446 +(passphrase, e)143 372 R .446(xcept for a trailing ne)-.15 F .446 +(w-line, if an)-.25 F 4.246 -.65(y. T)-.15 H .447(he second ar).65 F +.447(gument contains either the dataset)-.18 F 2.14 +(name or the element of the TPM hierarch)143 384 R 5.94 -.65(y. T)-.05 H +2.14(he third ar).65 F 2.14(gument is)-.18 F F4(new)4.64 E F0 2.14 +(if this is for a ne)4.64 F(w)-.25 E .573(passphrase, and the fourth is) +143 396 R F4(again)3.074 E F0 .574(if it')3.074 F 3.074(st)-.55 G .574 +(he second prompt for that passphrase.)-3.074 F .574(The \214rst ar) +5.574 F(gu-)-.18 E(ment already contains all of this information, as a \ +pre-formatted noun phrase.)143 408 Q .181(If the helper doesn')143 426 R +2.681(te)-.18 G 1.847(xist \()-2.831 F .181(the shell e)1.666 F .181 +(xits with)-.15 F F1(127)2.681 E F0 -3.151 1.666(\), a d)1.666 H .181 +(iagnostic is issued and the normal prompt)-1.666 F(is used as f)143 438 +Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15 G +(ther reason, the prompting is aborted.)-2.5 E(An e)143 456 Q(xample v) +-.15 E(alue w)-.25 E(ould be: ')-.1 E F2 1.666 +(systemd-ask-password \255-id)B F4(=)A F0(")A F4(tzpfms:)A F3($2)A F0 +2.5("")C F3($1)-2.5 E F4(:)A F0("'.)6 E F1 1.666 +(TPM2 back-end con\214guration)72 480 R(En)84 492 Q(vir)-.4 E .625 +(onment v)-.18 F(ariables)-.1 E F4(TSS2_LOG)102 504 Q F0(An)155 504 Q 2.5(yo)-.15 G(f:)-2.5 E F1(NONE)2.5 E F0(,)A F1(ERR)2.5 E(OR)-.3 E F0(,) A F1 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F1(INFO)2.5 E F0(,)A F1(DEB)2.5 E (UG)-.1 E F0(,)A F1(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E F1 --1.2(WA)2.5 G(RNING)1.2 E F0(.)A F1 .625(TPM selection)84 318 R F0 .516 -(The library)102 330 R F2(libtss2-tcti-default.so)3.016 E F0 .516 +-1.2(WA)2.5 G(RNING)1.2 E F0(.)A F1 .625(TPM selection)84 528 R F0 .516 +(The library)102 540 R F2(libtss2-tcti-default.so)3.016 E F0 .516 (can be link)3.016 F .516(ed to an)-.1 F 3.017(yo)-.15 G 3.017(ft)-3.017 G(he)-3.017 E F4(libtss2-tcti-)3.017 E/F5 10/Symbol SF(*)A F4(.so)A F0 -(libraries)3.017 E .576(to select the def)102 342 R .576 +(libraries)3.017 E .576(to select the def)102 552 R .576 (ault, otherwise)-.1 F F4(/dev/tpmrm0)3.076 E F0 3.076(,t)C(hen)-3.076 E F4(/dev/tpm0)3.076 E F0 3.076(,t)C(hen)-3.076 E F4(localhost:2321)3.076 -E F0 .575(will be tried,)3.076 F(in order)102 354 Q 1.666(\(s)4.166 G +E F0 .575(will be tried,)3.076 F(in order)102 564 Q 1.666(\(s)4.166 G (ee)-1.666 E F4(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F1 .625 -(See also)84 378 R F0 3.487(The tpm2-tss git repository at)102 390 R F1 +(See also)84 588 R F0 3.487(The tpm2-tss git repository at)102 600 R F1 (https://github)5.988 E(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0 -3.488(and the documentation at)5.988 F F1(https://tpm2-tss.r)102 402 Q +3.488(and the documentation at)5.988 F F1(https://tpm2-tss.r)102 612 Q (eadthedocs.io)-.18 E F0(.)A 3.092 -(The TPM 2.0 speci\214cations, mainly at)102 420 R F1 +(The TPM 2.0 speci\214cations, mainly at)102 630 R F1 (https://trustedcomputinggr)5.591 E(oup.or)-.18 E -(g/wp-content/uploads/TPM-)-.1 E(Re)102 432 Q(v-2.0-P)-.15 E(art-1-Ar) +(g/wp-content/uploads/TPM-)-.1 E(Re)102 642 Q(v-2.0-P)-.15 E(art-1-Ar) -.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0(and related pages.)2.5 E F1 -1.666(SPECIAL THANKS)72 456 R F0 1.6 -.8(To a)102 468 T +1.666(SPECIAL THANKS)72 666 R F0 1.6 -.8(To a)102 678 T (ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:) -.15 E F1<83>122 480 Q F0(ThePhD)2.5 E F1<83>122 492 Q F0(Embark Studios) -2.5 E F1(REPOR)72 516 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 -528 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4 -(~nabijaczleweli/tzpfms@lists.sr.ht)102 546 Q F0 2.5(,a)C(rchi)-2.5 E --.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E -(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 570 R -(https://git.sr)102 582 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 -(tzpfms 0.1-12)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 12, 2021).15 E -(9)189.295 E 0 Cg EP -%%Page: 10 10 +.15 E(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021) +.15 E(10)184.295 E 0 Cg EP +%%Page: 11 11 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CLEAR-KEY \(8\))72 48 R +(System Manager')62.209 E 2.5(sM)-.55 G 57.209(anual ZFS-TPM2-CLEAR-KEY) +-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF<83>122 96 Q F0(ThePhD)2.5 E +F1<83>122 108 Q F0(Embark Studios)2.5 E F1<83>122 120 Q F0(Jasper Bekk) +2.5 E(ers)-.1 E F1(REPOR)72 144 Q 1.666(TING B)-.4 F(UGS)-.1 E +(https://todo.sr)102 156 Q(.ht/~nabijaczleweli/tzpfms)-1 E/F2 10 +/Courier@0 SF(~nabijaczleweli/tzpfms@lists.sr.ht)102 174 Q F0 2.5(,a)C +(rchi)-2.5 E -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr) +2.5 E(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 198 R +(https://git.sr)102 210 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 +(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E +(11)184.295 E 0 Cg EP +%%Page: 12 12 %%BeginPageSetup BP %%EndPageSetup @@ -773,35 +907,71 @@ assphrase, set when creating the k)102 210 Q -.15(ey)-.1 G 2.5(,i)-.5 G G 2.679(ft)-2.679 G .179(he k)-2.679 F .478 -.15(ey i)-.1 H 2.678(sa).15 G .178(lready loaded.)-2.678 F(Equi)5.178 E -.25(va)-.25 G .178(lent to) .25 F F2 .178(zfs load-key)2.678 F F0 -.55('s)C F24.894 E F0 -(option.)119 288 Q F1 1.666(TPM1.X back-end con\214guration)72 312 R -.625(TPM selection)84 324 R F0(The)102 336 Q F2(tzpfms)2.767 E F0 .267 -(suite connects to a local)2.767 F F4(tcsd)2.767 E F0 .267 -(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E F4(localhost:30003)2.767 E -F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)-2.767 E 2.767(ault. Use)-.1 F -.268(the en-)2.767 F(vironment v)102 348 Q(ariable)-.25 E F4 -(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .392 -(The T)102 366 R(rouSerS)-.35 E F4(tcsd)2.892 E F0 .392 -(\(8\) daemon will try)B F4(/dev/tpm0)2.892 E F0 2.892(,t)C(hen)-2.892 E -F4(/udev/tpm0)2.892 E F0 2.891(,t)C(hen)-2.891 E F4(/dev/tpm)2.891 E F0 -2.891(;b)C 2.891(yo)-2.891 G(ccup)-2.891 E(ying)-.1 E -(one of the earlier ones with, for e)102 378 Q +(option.)119 288 Q F1(ENVIR)72 312 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 +E F4(TZPFMS_PASSPHRASE_HELPER)102 324 Q F0(If set and nonempty)143 336 Q +2.5(,w)-.65 G(ill be run as)-2.5 E F4(/bin/)173 348 Q F2 70.333 +(sh \255c)B F4("$TZPFMS_PASSPHRASE_HELPER")74.667 E +("$TZPFMS_PASSPHRASE_HELPER")173 360 Q F0(")10.715 E F3 4.715 +(prepared prompt)B F0 7.215("")C F3(target)-7.215 E F0 7.215("")C([) +-7.215 E F4(new)A F0(]")A("[)173 372 Q F4(again)A F0(]")A(to pro)143 384 +Q(vide a passphrase, instead of reading from the standard input.)-.15 E +.188(The standard output stream of the helper is tied to an anon)143 402 +R .189(ymous \214le and used in its entirety as the)-.15 F .447 +(passphrase, e)143 414 R .447(xcept for a trailing ne)-.15 F .447 +(w-line, if an)-.25 F 4.246 -.65(y. T)-.15 H .446(he second ar).65 F +.446(gument contains either the dataset)-.18 F 2.14 +(name or the element of the TPM hierarch)143 426 R 5.94 -.65(y. T)-.05 H +2.14(he third ar).65 F 2.14(gument is)-.18 F F4(new)4.64 E F0 2.14 +(if this is for a ne)4.64 F(w)-.25 E .574(passphrase, and the fourth is) +143 438 R F4(again)3.074 E F0 .574(if it')3.074 F 3.074(st)-.55 G .574 +(he second prompt for that passphrase.)-3.074 F .573(The \214rst ar) +5.573 F(gu-)-.18 E(ment already contains all of this information, as a \ +pre-formatted noun phrase.)143 450 Q .181(If the helper doesn')143 468 R +2.681(te)-.18 G 1.847(xist \()-2.831 F .181(the shell e)1.666 F .181 +(xits with)-.15 F F1(127)2.681 E F0 -3.151 1.666(\), a d)1.666 H .181 +(iagnostic is issued and the normal prompt)-1.666 F(is used as f)143 480 +Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15 G +(ther reason, the prompting is aborted.)-2.5 E(An e)143 498 Q(xample v) +-.15 E(alue w)-.25 E(ould be: ')-.1 E F2 1.666 +(systemd-ask-password \255-id)B F4(=)A F0(")A F4(tzpfms:)A F3($2)A F0 +2.5("")C F3($1)-2.5 E F4(:)A F0("'.)6 E F1 1.666 +(TPM1.X back-end con\214guration)72 522 R .625(TPM selection)84 534 R F0 +(The)102 546 Q F2(tzpfms)2.768 E F0 .267(suite connects to a local)2.767 +F F4(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E +F4(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef) +-2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102 558 +Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0 +(to specify a remote TCS hostname.)2.5 E .391(The T)102 576 R(rouSerS) +-.35 E F4(tcsd)2.891 E F0 .391(\(8\) daemon will try)B F4(/dev/tpm0) +2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.892(,t)C +(hen)-2.892 E F4(/dev/tpm)2.892 E F0 2.892(;b)C 2.892(yo)-2.892 G(ccup) +-2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 588 Q (xample, shell redirection, a later one can be selected.)-.15 E F1 .625 -(See also)84 402 R F0(The T)102 414 Q(rouSerS project page at)-.35 E F1 +(See also)84 612 R F0(The T)102 624 Q(rouSerS project page at)-.35 E F1 (https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18 -E(ousers)-.18 E F0(.)A 5.108(The TPM 1.2 main speci\214cation inde)102 -432 R 7.609(xa)-.15 G(t)-7.609 E F1(https://trustedcomputinggr)7.609 E +E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102 +642 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E (oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E -(speci\214cation)102 444 Q F0(.)A F1 1.666(SPECIAL THANKS)72 468 R F0 -1.6 -.8(To a)102 480 T(ll who support further de).8 E -.15(ve)-.25 G -(lopment, in particular:).15 E F1<83>122 492 Q F0(ThePhD)2.5 E F1<83>122 -504 Q F0(Embark Studios)2.5 E F1(REPOR)72 528 Q 1.666(TING B)-.4 F(UGS) --.1 E(https://todo.sr)102 540 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4 -(~nabijaczleweli/tzpfms@lists.sr.ht)102 558 Q F0 2.5(,a)C(rchi)-2.5 E --.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E -(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 582 R -(https://git.sr)102 594 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 -(tzpfms 0.1-12)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 12, 2021).15 E -(10)184.295 E 0 Cg EP +(speci\214cation)102 654 Q F0(.)A F1 1.666(SPECIAL THANKS)72 678 R F0 +1.6 -.8(To a)102 690 T(ll who support further de).8 E -.15(ve)-.25 G +(lopment, in particular:).15 E(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15 +(ve)-.15 G(mber 15, 2021).15 E(12)184.295 E 0 Cg EP +%%Page: 13 13 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF(ZFS-TPM2-LO)72 48 Q -.834(AD-KEY \(8\))-.35 F +(System Manager')67.569 E 2.5(sM)-.55 G 62.569(anual ZFS-TPM2-LO)-2.5 F +-.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF<83>122 96 Q F0(ThePhD) +2.5 E F1<83>122 108 Q F0(Embark Studios)2.5 E F1<83>122 120 Q F0 +(Jasper Bekk)2.5 E(ers)-.1 E F1(REPOR)72 144 Q 1.666(TING B)-.4 F(UGS) +-.1 E(https://todo.sr)102 156 Q(.ht/~nabijaczleweli/tzpfms)-1 E/F2 10 +/Courier@0 SF(~nabijaczleweli/tzpfms@lists.sr.ht)102 174 Q F0 2.5(,a)C +(rchi)-2.5 E -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr) +2.5 E(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 198 R +(https://git.sr)102 210 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 +(tzpfms 0.1-14)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E +(13)184.295 E 0 Cg EP %%Trailer end %%EOF diff --git a/zfs-tpm-list.8 b/zfs-tpm-list.8 index d82e8b8..7144c33 100644 --- a/zfs-tpm-list.8 +++ b/zfs-tpm-list.8 @@ -1,9 +1,9 @@ .\" SPDX-License-Identifier: MIT . -.Dd November 12, 2021 +.Dd November 15, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM-LIST 8 -.Os tzpfms 0.1-12 +.Os tzpfms 0.1-14 . .Sh NAME .Nm zfs-tpm-list @@ -122,6 +122,8 @@ To all who support further development, in particular: ThePhD .It Embark Studios +.It +Jasper Bekkers .El . .Sh REPORTING BUGS diff --git a/zfs-tpm-list.8.html b/zfs-tpm-list.8.html index d770e33..b4a8e5f 100644 --- a/zfs-tpm-list.8.html +++ b/zfs-tpm-list.8.html @@ -150,6 +150,7 @@ owo/enc TPM1.X available yes
  • ThePhD
  • Embark Studios
    • +
  • Jasper Bekkers
@@ -168,8 +169,8 @@ owo/enc TPM1.X available yes - - + +
November 12, 2021tzpfms 0.1-12November 15, 2021tzpfms 0.1-14
diff --git a/zfs-tpm1x-change-key.8 b/zfs-tpm1x-change-key.8 index de1e4ba..83391c4 100644 --- a/zfs-tpm1x-change-key.8 +++ b/zfs-tpm1x-change-key.8 @@ -1,9 +1,9 @@ .\" SPDX-License-Identifier: MIT . -.Dd November 12, 2021 +.Dd November 15, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM1X-CHANGE-KEY 8 -.Os tzpfms 0.1-12 +.Os tzpfms 0.1-14 . .Sh NAME .Nm zfs-tpm1x-change-key @@ -104,6 +104,33 @@ In case of a catastrophic event, the key can be loaded by running . .\" SPDX-License-Identifier: MIT . +.Sh ENVIRONMENT VARIABLES +.Bl -tag -compact -width "TZPFMS" +.It Ev TZPFMS_PASSPHRASE_HELPER +If set and nonempty, will be run as +.Dl Pa /bin/ Ns Nm sh Fl c Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc +to provide a passphrase, instead of reading from the standard input. +.Pp +The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any. +The second argument contains either the dataset name or the element of the TPM hierarchy. +The third argument is +.Li new +if this is for a new passphrase, and the fourth is +.Li again +if it's the second prompt for that passphrase. +The first argument already contains all of this information, as a pre-formatted noun phrase. +.Pp +If the helper doesn't exist +.Pq the shell exits with Sy 127 , +a diagnostic is issued and the normal prompt is used as fall-back. +If it fails for any other reason, the prompting is aborted. +.Pp +An example value would be: +.No ' Ns Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' . +.El +. +.\" SPDX-License-Identifier: MIT +. .Sh TPM1.X back-end configuration .Ss TPM selection The @@ -143,6 +170,8 @@ To all who support further development, in particular: ThePhD .It Embark Studios +.It +Jasper Bekkers .El . .Sh REPORTING BUGS diff --git a/zfs-tpm1x-change-key.8.html b/zfs-tpm1x-change-key.8.html index 70385db..55ac8aa 100644 --- a/zfs-tpm1x-change-key.8.html +++ b/zfs-tpm1x-change-key.8.html @@ -114,6 +114,41 @@
+

+
+
+
If set and nonempty, will be run as +
/bin/sh + -c + "$TZPFMS_PASSPHRASE_HELPER" + "$TZPFMS_PASSPHRASE_HELPER" + "prepared prompt" + "target" + "[new]" + "[again]"
+ to provide a passphrase, instead of reading from the standard input. +

The standard output stream of the helper is tied to an + anonymous file and used in its entirety as the passphrase, except for a + trailing new-line, if any. The second argument contains either the + dataset name or the element of the TPM hierarchy. The third argument is + new if this is for a new passphrase, and the + fourth is again if it's the second prompt for + that passphrase. The first argument already contains all of this + information, as a pre-formatted noun phrase.

+

If the helper doesn't exist (the shell exits with + ), a + diagnostic is issued and the normal prompt is used as fall-back. If it + fails for any other reason, the prompting is aborted.

+

An example value would be: + 'systemd-ask-password + --id="tzpfms:$2" + "$1: "'.

+
+
+
+

@@ -147,6 +182,7 @@
  • ThePhD
  • Embark Studios
    • +
  • Jasper Bekkers
@@ -165,8 +201,8 @@ - - + +
November 12, 2021tzpfms 0.1-12November 15, 2021tzpfms 0.1-14
diff --git a/zfs-tpm1x-clear-key.8 b/zfs-tpm1x-clear-key.8 index ab59771..6e9a16b 100644 --- a/zfs-tpm1x-clear-key.8 +++ b/zfs-tpm1x-clear-key.8 @@ -1,9 +1,9 @@ .\" SPDX-License-Identifier: MIT . -.Dd November 12, 2021 +.Dd November 15, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM1X-CLEAR-KEY 8 -.Os tzpfms 0.1-12 +.Os tzpfms 0.1-14 . .Sh NAME .Nm zfs-tpm1x-clear-key @@ -75,6 +75,8 @@ To all who support further development, in particular: ThePhD .It Embark Studios +.It +Jasper Bekkers .El . .Sh REPORTING BUGS diff --git a/zfs-tpm1x-clear-key.8.html b/zfs-tpm1x-clear-key.8.html index 21a2270..ed51e1c 100644 --- a/zfs-tpm1x-clear-key.8.html +++ b/zfs-tpm1x-clear-key.8.html @@ -87,6 +87,7 @@
  • ThePhD
  • Embark Studios
    • +
  • Jasper Bekkers
@@ -105,8 +106,8 @@ - - + +
November 12, 2021tzpfms 0.1-12November 15, 2021tzpfms 0.1-14
diff --git a/zfs-tpm1x-load-key.8 b/zfs-tpm1x-load-key.8 index efd3e6c..d53dac7 100644 --- a/zfs-tpm1x-load-key.8 +++ b/zfs-tpm1x-load-key.8 @@ -1,9 +1,9 @@ .\" SPDX-License-Identifier: MIT . -.Dd November 12, 2021 +.Dd November 15, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM1X-LOAD-KEY 8 -.Os tzpfms 0.1-12 +.Os tzpfms 0.1-14 . .Sh NAME .Nm zfs-tpm1x-load-key @@ -42,6 +42,33 @@ option. . .\" SPDX-License-Identifier: MIT . +.Sh ENVIRONMENT VARIABLES +.Bl -tag -compact -width "TZPFMS" +.It Ev TZPFMS_PASSPHRASE_HELPER +If set and nonempty, will be run as +.Dl Pa /bin/ Ns Nm sh Fl c Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc +to provide a passphrase, instead of reading from the standard input. +.Pp +The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any. +The second argument contains either the dataset name or the element of the TPM hierarchy. +The third argument is +.Li new +if this is for a new passphrase, and the fourth is +.Li again +if it's the second prompt for that passphrase. +The first argument already contains all of this information, as a pre-formatted noun phrase. +.Pp +If the helper doesn't exist +.Pq the shell exits with Sy 127 , +a diagnostic is issued and the normal prompt is used as fall-back. +If it fails for any other reason, the prompting is aborted. +.Pp +An example value would be: +.No ' Ns Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' . +.El +. +.\" SPDX-License-Identifier: MIT +. .Sh TPM1.X back-end configuration .Ss TPM selection The @@ -81,6 +108,8 @@ To all who support further development, in particular: ThePhD .It Embark Studios +.It +Jasper Bekkers .El . .Sh REPORTING BUGS diff --git a/zfs-tpm1x-load-key.8.html b/zfs-tpm1x-load-key.8.html index a2045bf..13c3e25 100644 --- a/zfs-tpm1x-load-key.8.html +++ b/zfs-tpm1x-load-key.8.html @@ -55,6 +55,41 @@
+

+
+
+
If set and nonempty, will be run as +
/bin/sh + -c + "$TZPFMS_PASSPHRASE_HELPER" + "$TZPFMS_PASSPHRASE_HELPER" + "prepared prompt" + "target" + "[new]" + "[again]"
+ to provide a passphrase, instead of reading from the standard input. +

The standard output stream of the helper is tied to an + anonymous file and used in its entirety as the passphrase, except for a + trailing new-line, if any. The second argument contains either the + dataset name or the element of the TPM hierarchy. The third argument is + new if this is for a new passphrase, and the + fourth is again if it's the second prompt for + that passphrase. The first argument already contains all of this + information, as a pre-formatted noun phrase.

+

If the helper doesn't exist (the shell exits with + ), a + diagnostic is issued and the normal prompt is used as fall-back. If it + fails for any other reason, the prompting is aborted.

+

An example value would be: + 'systemd-ask-password + --id="tzpfms:$2" + "$1: "'.

+
+
+
+

@@ -88,6 +123,7 @@
  • ThePhD
  • Embark Studios
    • +
  • Jasper Bekkers
@@ -106,8 +142,8 @@ - - + +
November 12, 2021tzpfms 0.1-12November 15, 2021tzpfms 0.1-14
diff --git a/zfs-tpm2-change-key.8 b/zfs-tpm2-change-key.8 index 69aa0fb..f8ef842 100644 --- a/zfs-tpm2-change-key.8 +++ b/zfs-tpm2-change-key.8 @@ -1,9 +1,9 @@ .\" SPDX-License-Identifier: MIT . -.Dd November 12, 2021 +.Dd November 15, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM2-CHANGE-KEY 8 -.Os tzpfms 0.1-12 +.Os tzpfms 0.1-14 . .Sh NAME .Nm zfs-tpm2-change-key @@ -101,6 +101,33 @@ In case of a catastrophic event, the key can be loaded by running . .\" SPDX-License-Identifier: MIT . +.Sh ENVIRONMENT VARIABLES +.Bl -tag -compact -width "TZPFMS" +.It Ev TZPFMS_PASSPHRASE_HELPER +If set and nonempty, will be run as +.Dl Pa /bin/ Ns Nm sh Fl c Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc +to provide a passphrase, instead of reading from the standard input. +.Pp +The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any. +The second argument contains either the dataset name or the element of the TPM hierarchy. +The third argument is +.Li new +if this is for a new passphrase, and the fourth is +.Li again +if it's the second prompt for that passphrase. +The first argument already contains all of this information, as a pre-formatted noun phrase. +.Pp +If the helper doesn't exist +.Pq the shell exits with Sy 127 , +a diagnostic is issued and the normal prompt is used as fall-back. +If it fails for any other reason, the prompting is aborted. +.Pp +An example value would be: +.No ' Ns Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' . +.El +. +.\" SPDX-License-Identifier: MIT +. .Sh TPM2 back-end configuration .Ss Environment variables .Bl -tag -compact -width "TSS2_LOG" @@ -144,6 +171,8 @@ To all who support further development, in particular: ThePhD .It Embark Studios +.It +Jasper Bekkers .El . .Sh REPORTING BUGS diff --git a/zfs-tpm2-change-key.8.html b/zfs-tpm2-change-key.8.html index 859557c..4dfc3bb 100644 --- a/zfs-tpm2-change-key.8.html +++ b/zfs-tpm2-change-key.8.html @@ -113,6 +113,41 @@
+

+
+
+
If set and nonempty, will be run as +
/bin/sh + -c + "$TZPFMS_PASSPHRASE_HELPER" + "$TZPFMS_PASSPHRASE_HELPER" + "prepared prompt" + "target" + "[new]" + "[again]"
+ to provide a passphrase, instead of reading from the standard input. +

The standard output stream of the helper is tied to an + anonymous file and used in its entirety as the passphrase, except for a + trailing new-line, if any. The second argument contains either the + dataset name or the element of the TPM hierarchy. The third argument is + new if this is for a new passphrase, and the + fourth is again if it's the second prompt for + that passphrase. The first argument already contains all of this + information, as a pre-formatted noun phrase.

+

If the helper doesn't exist (the shell exits with + ), a + diagnostic is issued and the normal prompt is used as fall-back. If it + fails for any other reason, the prompting is aborted.

+

An example value would be: + 'systemd-ask-password + --id="tzpfms:$2" + "$1: "'.

+
+
+
+

@@ -159,6 +194,7 @@
  • ThePhD
  • Embark Studios
    • +
  • Jasper Bekkers
@@ -178,8 +214,8 @@ - - + +
November 12, 2021tzpfms 0.1-12November 15, 2021tzpfms 0.1-14
diff --git a/zfs-tpm2-clear-key.8 b/zfs-tpm2-clear-key.8 index 251453d..630f46e 100644 --- a/zfs-tpm2-clear-key.8 +++ b/zfs-tpm2-clear-key.8 @@ -1,9 +1,9 @@ .\" SPDX-License-Identifier: MIT . -.Dd November 12, 2021 +.Dd November 15, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM2-CLEAR-KEY 8 -.Os tzpfms 0.1-12 +.Os tzpfms 0.1-14 . .Sh NAME .Nm zfs-tpm2-clear-key @@ -39,6 +39,33 @@ for a detailed description. . .\" SPDX-License-Identifier: MIT . +.Sh ENVIRONMENT VARIABLES +.Bl -tag -compact -width "TZPFMS" +.It Ev TZPFMS_PASSPHRASE_HELPER +If set and nonempty, will be run as +.Dl Pa /bin/ Ns Nm sh Fl c Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc +to provide a passphrase, instead of reading from the standard input. +.Pp +The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any. +The second argument contains either the dataset name or the element of the TPM hierarchy. +The third argument is +.Li new +if this is for a new passphrase, and the fourth is +.Li again +if it's the second prompt for that passphrase. +The first argument already contains all of this information, as a pre-formatted noun phrase. +.Pp +If the helper doesn't exist +.Pq the shell exits with Sy 127 , +a diagnostic is issued and the normal prompt is used as fall-back. +If it fails for any other reason, the prompting is aborted. +.Pp +An example value would be: +.No ' Ns Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' . +.El +. +.\" SPDX-License-Identifier: MIT +. .Sh TPM2 back-end configuration .Ss Environment variables .Bl -tag -compact -width "TSS2_LOG" @@ -82,6 +109,8 @@ To all who support further development, in particular: ThePhD .It Embark Studios +.It +Jasper Bekkers .El . .Sh REPORTING BUGS diff --git a/zfs-tpm2-clear-key.8.html b/zfs-tpm2-clear-key.8.html index 7b09e31..9b36cf0 100644 --- a/zfs-tpm2-clear-key.8.html +++ b/zfs-tpm2-clear-key.8.html @@ -56,6 +56,41 @@ for a detailed description.

+

+
+
+
If set and nonempty, will be run as +
/bin/sh + -c + "$TZPFMS_PASSPHRASE_HELPER" + "$TZPFMS_PASSPHRASE_HELPER" + "prepared prompt" + "target" + "[new]" + "[again]"
+ to provide a passphrase, instead of reading from the standard input. +

The standard output stream of the helper is tied to an + anonymous file and used in its entirety as the passphrase, except for a + trailing new-line, if any. The second argument contains either the + dataset name or the element of the TPM hierarchy. The third argument is + new if this is for a new passphrase, and the + fourth is again if it's the second prompt for + that passphrase. The first argument already contains all of this + information, as a pre-formatted noun phrase.

+

If the helper doesn't exist (the shell exits with + ), a + diagnostic is issued and the normal prompt is used as fall-back. If it + fails for any other reason, the prompting is aborted.

+

An example value would be: + 'systemd-ask-password + --id="tzpfms:$2" + "$1: "'.

+
+
+
+

@@ -102,6 +137,7 @@
  • ThePhD
  • Embark Studios
    • +
  • Jasper Bekkers
@@ -120,8 +156,8 @@ - - + +
November 12, 2021tzpfms 0.1-12November 15, 2021tzpfms 0.1-14
diff --git a/zfs-tpm2-load-key.8 b/zfs-tpm2-load-key.8 index 1ccbeed..b055c03 100644 --- a/zfs-tpm2-load-key.8 +++ b/zfs-tpm2-load-key.8 @@ -1,9 +1,9 @@ .\" SPDX-License-Identifier: MIT . -.Dd November 12, 2021 +.Dd November 15, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM2-LOAD-KEY 8 -.Os tzpfms 0.1-12 +.Os tzpfms 0.1-14 . .Sh NAME .Nm zfs-tpm2-load-key @@ -41,6 +41,33 @@ option. . .\" SPDX-License-Identifier: MIT . +.Sh ENVIRONMENT VARIABLES +.Bl -tag -compact -width "TZPFMS" +.It Ev TZPFMS_PASSPHRASE_HELPER +If set and nonempty, will be run as +.Dl Pa /bin/ Ns Nm sh Fl c Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc +to provide a passphrase, instead of reading from the standard input. +.Pp +The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any. +The second argument contains either the dataset name or the element of the TPM hierarchy. +The third argument is +.Li new +if this is for a new passphrase, and the fourth is +.Li again +if it's the second prompt for that passphrase. +The first argument already contains all of this information, as a pre-formatted noun phrase. +.Pp +If the helper doesn't exist +.Pq the shell exits with Sy 127 , +a diagnostic is issued and the normal prompt is used as fall-back. +If it fails for any other reason, the prompting is aborted. +.Pp +An example value would be: +.No ' Ns Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' . +.El +. +.\" SPDX-License-Identifier: MIT +. .Sh TPM1.X back-end configuration .Ss TPM selection The @@ -80,6 +107,8 @@ To all who support further development, in particular: ThePhD .It Embark Studios +.It +Jasper Bekkers .El . .Sh REPORTING BUGS diff --git a/zfs-tpm2-load-key.8.html b/zfs-tpm2-load-key.8.html index 8f16aed..37b4752 100644 --- a/zfs-tpm2-load-key.8.html +++ b/zfs-tpm2-load-key.8.html @@ -54,6 +54,41 @@
+

+
+
+
If set and nonempty, will be run as +
/bin/sh + -c + "$TZPFMS_PASSPHRASE_HELPER" + "$TZPFMS_PASSPHRASE_HELPER" + "prepared prompt" + "target" + "[new]" + "[again]"
+ to provide a passphrase, instead of reading from the standard input. +

The standard output stream of the helper is tied to an + anonymous file and used in its entirety as the passphrase, except for a + trailing new-line, if any. The second argument contains either the + dataset name or the element of the TPM hierarchy. The third argument is + new if this is for a new passphrase, and the + fourth is again if it's the second prompt for + that passphrase. The first argument already contains all of this + information, as a pre-formatted noun phrase.

+

If the helper doesn't exist (the shell exits with + ), a + diagnostic is issued and the normal prompt is used as fall-back. If it + fails for any other reason, the prompting is aborted.

+

An example value would be: + 'systemd-ask-password + --id="tzpfms:$2" + "$1: "'.

+
+
+
+

@@ -87,6 +122,7 @@
  • ThePhD
  • Embark Studios
    • +
  • Jasper Bekkers
@@ -105,8 +141,8 @@ - - + +
November 12, 2021tzpfms 0.1-12November 15, 2021tzpfms 0.1-14