zfs-tpm-list also takes -b to restrict to a specific back-end

2025-04-13 09:37:13 +03:00 · 2020-10-31 03:40:43 +01:00 · 2020-10-31 03:40:43 +01:00 · 75748d388f
commit 75748d388f
parent 4da1dbf845
3 changed files with 18 additions and 11 deletions
--- a/README.md
+++ b/README.md
@ -15,7 +15,7 @@ Plus it's a pretty good annoyed sigh onomatopoeia.
 ### Building

 You'll need `pkg-config`, `ronn`, `libzfslinux-dev`, `libtss2-dev`, `libtspi-dev`, and `make` should hopefully Just Work™ if you have a C++17-capable compiler.
-The output binaries are trimmed of extraneous dependencies, so they're all just libc + libzfs and friends + the chosen TPM back-end.
+The output binaries are trimmed of extraneous dependencies, so they're all just libc + libzfs and friends + the chosen TPM back-end, if any.

 ### Installation

--- a/man/zfs-tpm1x-change-key.md.pp
+++ b/man/zfs-tpm1x-change-key.md.pp
@ -17,8 +17,8 @@ Otherwise, or in case of an error, data required for manual intervention will be

 Next, a new wrapping key is be generated on the TPM, optionally backed up (see [OPTIONS][]),
 and sealed on the TPM;
-if the SRK passphrase, set when taking ownership, is not "well-known" (all zeroes), the user is prompted for it;
-the user is always prompted for an optional passphrase to protect the key with.
+the user is prompted for an optional passphrase to protect the key with,
+and for the SRK passphrase, set when taking ownership, if it is not "well-known" (all zeroes).

 The following properties are set on `dataset`:

--- a/src/bin/zfs-tpm-list.cpp
+++ b/src/bin/zfs-tpm-list.cpp
@ -6,7 +6,6 @@
 #include "../zfs.hpp"

 #include <algorithm>
-#include <sys/mman.h>


 #define TZPFMS_BACKEND_MAX_LEN 16
@ -18,15 +17,20 @@ struct output_line {
 	char backend[TZPFMS_BACKEND_MAX_LEN + 1];
 	bool key_available : 1;
 	bool coherent : 1;
+
+	bool included(bool print_nontzpfms, const char * backend_restrixion) const {
+		return (print_nontzpfms || this->backend[0] != '\0') && (!backend_restrixion || !strcmp(backend_restrixion, this->backend));
+	}
 };


 int main(int argc, char ** argv) {
-	bool human           = true;
-	bool print_nontzpfms = false;
-	size_t maxdepth      = MAXDEPTH_UNSET;
+	bool human                      = true;
+	bool print_nontzpfms            = false;
+	size_t maxdepth                 = MAXDEPTH_UNSET;
+	const char * backend_restrixion = nullptr;
 	return do_bare_main(
-	    argc, argv, "Hrd:a", "[-H] [-r|-d max] [-a]",
+	    argc, argv, "Hrd:ab:", "[-H] [-r|-d max] [-a|-b back-end]",
 	    [&](auto arg) {
 		    switch(arg) {
 			    case 'H':
@ -44,6 +48,9 @@ int main(int argc, char ** argv) {
 			    case 'a':
 				    print_nontzpfms = true;
 				    break;
+			    case 'b':
+				    backend_restrixion = optarg;
+				    break;
 		    }
 		    return 0;
 	    },
@ -71,7 +78,7 @@ int main(int argc, char ** argv) {
 			    strncpy(cur_line.backend, (backend && strlen(backend) <= TZPFMS_BACKEND_MAX_LEN) ? backend : "\0", TZPFMS_BACKEND_MAX_LEN);
 			    // Tristate available/unavailable/none, but it's gonna be either available or unavailable on envryption roots, so
 			    cur_line.key_available = zfs_prop_get_int(dataset, ZFS_PROP_KEYSTATUS) == ZFS_KEYSTATUS_AVAILABLE;
-			    cur_line.coherent = !!backend == !!handle;
+			    cur_line.coherent      = !!backend == !!handle;

 			    return 0;
 		    }));
@ -89,7 +96,7 @@ int main(int argc, char ** argv) {
 			    separator             = "  ";

 			    for(auto cur = lines; cur != lines + lines_len; ++cur)
-				    if(print_nontzpfms || cur->backend[0] != '\0') {
+				    if(cur->included(print_nontzpfms, backend_restrixion)) {
 					    max_name_len          = std::max(max_name_len, strlen(cur->name));
 					    max_backend_len       = std::max(max_backend_len, (cur->backend[0] != '\0') ? strlen(cur->backend) : strlen("-"));
 					    max_key_available_len = std::max(max_key_available_len, cur->key_available ? strlen("available") : strlen("unavailable"));
@ -106,7 +113,7 @@ int main(int argc, char ** argv) {
 		    if(human)
 			    println("NAME", "BACK-END", "KEYSTATUS", "COHERENT");
 		    for(auto cur = lines; cur != lines + lines_len; ++cur)
-			    if(print_nontzpfms || cur->backend[0] != '\0')
+			    if(cur->included(print_nontzpfms, backend_restrixion))
 				    println(cur->name, (cur->backend[0] != '\0') ? cur->backend : "-", cur->key_available ? "available" : "unavailable", cur->coherent ? "yes" : "no");

 		    return 0;