third-party-mirrors/tzpfms
1
0
Fork 0
mirror of https://git.sr.ht/~nabijaczleweli/tzpfms synced 2025-04-17 09:42:19 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

zfs-tpm-list also takes -b to restrict to a specific back-end

Browse Source
This commit is contained in:
наб 2020-10-31 03:40:43 +01:00
parent 4da1dbf845
commit 75748d388f
No known key found for this signature in database
GPG Key ID: BCFD0B018D2658F1
3 changed files with 18 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
README.md
View File

@ -15,7 +15,7 @@ Plus it's a pretty good annoyed sigh onomatopoeia.
### Building ### Building
You'll need `pkg-config`, `ronn`, `libzfslinux-dev`, `libtss2-dev`, `libtspi-dev`, and `make` should hopefully Just Work™ if you have a C++17-capable compiler. You'll need `pkg-config`, `ronn`, `libzfslinux-dev`, `libtss2-dev`, `libtspi-dev`, and `make` should hopefully Just Work™ if you have a C++17-capable compiler.
The output binaries are trimmed of extraneous dependencies, so they're all just libc + libzfs and friends + the chosen TPM back-end. The output binaries are trimmed of extraneous dependencies, so they're all just libc + libzfs and friends + the chosen TPM back-end, if any.
### Installation ### Installation

4
man/zfs-tpm1x-change-key.md.pp
View File

@ -17,8 +17,8 @@ Otherwise, or in case of an error, data required for manual intervention will be
Next, a new wrapping key is be generated on the TPM, optionally backed up (see [OPTIONS][]), Next, a new wrapping key is be generated on the TPM, optionally backed up (see [OPTIONS][]),
and sealed on the TPM; and sealed on the TPM;
if the SRK passphrase, set when taking ownership, is not "well-known" (all zeroes), the user is prompted for it; the user is prompted for an optional passphrase to protect the key with,
the user is always prompted for an optional passphrase to protect the key with. and for the SRK passphrase, set when taking ownership, if it is not "well-known" (all zeroes).
The following properties are set on `dataset`: The following properties are set on `dataset`:

23
src/bin/zfs-tpm-list.cpp
View File

@ -6,7 +6,6 @@
#include "../zfs.hpp" #include "../zfs.hpp"
#include <algorithm> #include <algorithm>
#include <sys/mman.h>
#define TZPFMS_BACKEND_MAX_LEN 16 #define TZPFMS_BACKEND_MAX_LEN 16
@ -18,15 +17,20 @@ struct output_line {
char backend[TZPFMS_BACKEND_MAX_LEN + 1]; char backend[TZPFMS_BACKEND_MAX_LEN + 1];
bool key_available : 1; bool key_available : 1;
bool coherent : 1; bool coherent : 1;
bool included(bool print_nontzpfms, const char * backend_restrixion) const {
return (print_nontzpfms || this->backend[0] != '\0') && (!backend_restrixion || !strcmp(backend_restrixion, this->backend));
}
}; };
int main(int argc, char ** argv) { int main(int argc, char ** argv) {
bool human = true; bool human = true;
bool print_nontzpfms = false; bool print_nontzpfms = false;
size_t maxdepth = MAXDEPTH_UNSET; size_t maxdepth = MAXDEPTH_UNSET;
const char * backend_restrixion = nullptr;
return do_bare_main( return do_bare_main(
argc, argv, "Hrd:a", "[-H] [-r|-d max] [-a]", argc, argv, "Hrd:ab:", "[-H] [-r|-d max] [-a|-b back-end]",
[&](auto arg) { [&](auto arg) {
switch(arg) { switch(arg) {
case 'H': case 'H':
@ -44,6 +48,9 @@ int main(int argc, char ** argv) {
case 'a': case 'a':
print_nontzpfms = true; print_nontzpfms = true;
break; break;
case 'b':
backend_restrixion = optarg;
break;
} }
return 0; return 0;
}, },
@ -71,7 +78,7 @@ int main(int argc, char ** argv) {
strncpy(cur_line.backend, (backend && strlen(backend) <= TZPFMS_BACKEND_MAX_LEN) ? backend : "\0", TZPFMS_BACKEND_MAX_LEN); strncpy(cur_line.backend, (backend && strlen(backend) <= TZPFMS_BACKEND_MAX_LEN) ? backend : "\0", TZPFMS_BACKEND_MAX_LEN);
// Tristate available/unavailable/none, but it's gonna be either available or unavailable on envryption roots, so // Tristate available/unavailable/none, but it's gonna be either available or unavailable on envryption roots, so
cur_line.key_available = zfs_prop_get_int(dataset, ZFS_PROP_KEYSTATUS) == ZFS_KEYSTATUS_AVAILABLE; cur_line.key_available = zfs_prop_get_int(dataset, ZFS_PROP_KEYSTATUS) == ZFS_KEYSTATUS_AVAILABLE;
cur_line.coherent = !!backend == !!handle; cur_line.coherent = !!backend == !!handle;
return 0; return 0;
})); }));
@ -89,7 +96,7 @@ int main(int argc, char ** argv) {
separator = " "; separator = " ";
for(auto cur = lines; cur != lines + lines_len; ++cur) for(auto cur = lines; cur != lines + lines_len; ++cur)
if(print_nontzpfms || cur->backend[0] != '\0') { if(cur->included(print_nontzpfms, backend_restrixion)) {
max_name_len = std::max(max_name_len, strlen(cur->name)); max_name_len = std::max(max_name_len, strlen(cur->name));
max_backend_len = std::max(max_backend_len, (cur->backend[0] != '\0') ? strlen(cur->backend) : strlen("-")); max_backend_len = std::max(max_backend_len, (cur->backend[0] != '\0') ? strlen(cur->backend) : strlen("-"));
max_key_available_len = std::max(max_key_available_len, cur->key_available ? strlen("available") : strlen("unavailable")); max_key_available_len = std::max(max_key_available_len, cur->key_available ? strlen("available") : strlen("unavailable"));
@ -106,7 +113,7 @@ int main(int argc, char ** argv) {
if(human) if(human)
println("NAME", "BACK-END", "KEYSTATUS", "COHERENT"); println("NAME", "BACK-END", "KEYSTATUS", "COHERENT");
for(auto cur = lines; cur != lines + lines_len; ++cur) for(auto cur = lines; cur != lines + lines_len; ++cur)
if(print_nontzpfms || cur->backend[0] != '\0') if(cur->included(print_nontzpfms, backend_restrixion))
println(cur->name, (cur->backend[0] != '\0') ? cur->backend : "-", cur->key_available ? "available" : "unavailable", cur->coherent ? "yes" : "no"); println(cur->name, (cur->backend[0] != '\0') ? cur->backend : "-", cur->key_available ? "available" : "unavailable", cur->coherent ? "yes" : "no");
return 0; return 0;