diff --git a/tzpfms.pdf b/tzpfms.pdf
index ed3259f..4b49436 100644
Binary files a/tzpfms.pdf and b/tzpfms.pdf differ
diff --git a/tzpfms.ps b/tzpfms.ps
index 7d30732..43afcf8 100644
--- a/tzpfms.ps
+++ b/tzpfms.ps
@@ -1,6 +1,6 @@
 %!PS-Adobe-3.0
 %%Creator: groff version 1.22.4
-%%CreationDate: Mon Dec 20 19:26:23 2021
+%%CreationDate: Fri Jun 17 21:04:02 2022
 %%DocumentNeededResources: font Times-Roman
 %%+ font Times-Bold
 %%+ font Courier-Bold
@@ -254,83 +254,84 @@ F(\(8\))1.666 E/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E/F2 10
 F2<ad72>-.834 E F0(|)A F2<ad64>1.666 E/F3 10/Courier-Oblique@0 SF(depth)
 6 E F0 3.333(][).833 G F2<ad61>-.834 E F0(|)A F2<ad62>1.666 E F3
 (back-end)6 E F0 3.333(][).833 G F2<ad75>-.834 E F0(|)A F2<ad6c>1.666 E
-F0 2.5(][).833 G F3(filesystem)-2.5 E F0(|)A F3(volume)A F0 1.666(]...)C
-F1(DESCRIPTION)72 168 Q F0(Lists the follo)102 180 Q
+F0(]).833 E([)180 156 Q F3(filesystem)A F0(|)A F3(volume)A F0 1.666
+(]...)C F1(DESCRIPTION)72 180 Q F0(Lists the follo)102 192 Q
 (wing properties on encryption roots:)-.25 E/F4 10/Courier@0 SF(name)132
-192 Q(back-end)132 204 Q F0(the)191 204 Q F2(tzpfms)4.153 E F0 3.318
-(back-end \()4.153 F(e.g.)1.666 E F1(TPM2)4.152 E F0(for)4.152 E F4
-(zfs-tpm2-change-key)4.152 E F0 1.652(\(8\) or)B F1(TPM1.X)4.152 E F0
-(for)191 216 Q F4(zfs-tpm1x-change-key)2.5 E F0 -.834(\(8\) \) ,)B(or ")
-2.5 E F1(-)A F0 2.5("i)C 2.5(fn)-2.5 G(one is con\214gured)-2.5 E F4
-(keystatus)132 228 Q F1 -2.1 -.25(av a)191 228 T(ilable).25 E F0(or)2.5
-E F1(una)2.5 E -.1(va)-.25 G(ilable).1 E F4(coherent)132 240 Q F1 -.1
-(ye)191 240 S(s).1 E F0 12.834(if either both)15.334 F F4
-(xyz.nabijaczleweli:tzpfms.backend)15.334 E F0(and)15.334 E F4
-(xyz.nabijaczleweli:tzpfms.key)191 252 Q F0(are present or missing,)2.5
-E F1(no)2.5 E F0(otherwise)2.5 E 11.268(Incoherent datasets require imm\
-ediate operator attention, with either the appropriate)102 270 R F2
-(zfs-tpm)102 282 Q/F5 10/Symbol SF(*)A F2(-clear-key)A F0 .462
-(program or)2.962 F F2 .462(zfs change-key)2.962 F F0(and)2.962 E F2
-.462(zfs inherit)2.962 F F0 2.962<8a69>2.962 G 2.963(ft)-2.962 G .463
-(he k)-2.963 F .763 -.15(ey b)-.1 H .463(ecomes un-).15 F .145
-(loaded, the)102 294 R 2.645(yw)-.15 G .145
-(ill require restoration from back-up.)-2.645 F(Ho)5.144 E(we)-.25 E
--.15(ve)-.25 G .944 -.4(r, t).15 H .144(his should ne).4 F -.15(ve)-.25
-G 2.644(ro).15 G(ccur)-2.644 E 2.644(,u)-.4 G .144(nless something went)
--2.644 F(horribly wrong with the dataset properties.)102 306 Q 2.386(If\
- no datasets are speci\214ed, all matching encryption roots are listed \
-\212 by def)102 324 R 2.386(ault, those managed by)-.1 F F2(tzpfms)102
-336 Q F0(.)A F1(OPTIONS)72 360 Q F2<ad48>103.666 372 Q F0 .447
-(Scripting mode \212 remo)173 372 R .747 -.15(ve h)-.15 H .446
-(eaders and separate \214elds by a single tab instead of columnat-).15 F
-(ing them with spaces.)173 384 Q F2<ad72>103.666 402 Q F0
-(Recurse into all descendants of speci\214ed datasets.)173 402 Q F2
-<ad64>103.666 414 Q F3(depth)6 E F0(Recurse at most)173 414 Q F3(depth)
+204 Q(back-end)132 216 Q F0(the)191 216 Q F2(tzpfms)7.633 E F0 6.799
+(back-end \()7.633 F(e.g.)1.666 E F1(TPM2)7.633 E F0(for)7.633 E F4
+(zfs-tpm2-change-key)7.634 E F0 5.134(\(8\) or)B F1(TPM1.X)191 228 Q F0
+(for)2.5 E F4(zfs-tpm1x-change-key)2.5 E F0 -.834(\(8\) \) ,)B(or ")2.5
+E F1(-)A F0 2.5("i)C 2.5(fn)-2.5 G(one is con\214gured)-2.5 E F4
+(keystatus)132 240 Q F1 -2.1 -.25(av a)191 240 T(ilable).25 E F0(or)2.5
+E F1(una)2.5 E -.1(va)-.25 G(ilable).1 E F4(coherent)132 252 Q F1 -.1
+(ye)191 252 S(s).1 E F0 9.489(if either both)11.989 F F4
+(xyz.nabijaczleweli:tzpfms.backend)11.989 E F0(and)11.989 E F4
+(xyz.nabijaczleweli:tzpfms.key)191 264 Q F0(are present or missing,)2.5
+E F1(no)2.5 E F0(otherwise)2.5 E 9.409(Incoherent datasets require imme\
+diate operator attention, with either the appropriate)102 282 R F2
+(zfs-tpm)102 294 Q/F5 10/Symbol SF(*)A F2(-clear-key)A F0 .427
+(program or)2.927 F F2 .426(zfs change-key)2.927 F F0(and)2.926 E F2
+.426(zfs inherit)2.926 F F0 2.926<8a69>2.926 G 2.926(ft)-2.926 G .426
+(he k)-2.926 F .726 -.15(ey b)-.1 H(ecomes).15 E 1.112(unloaded, the)102
+306 R 3.612(yw)-.15 G 1.112(ill require restoration from back-up.)-3.612
+F(Ho)6.113 E(we)-.25 E -.15(ve)-.25 G 1.913 -.4(r, t).15 H 1.113
+(his should ne).4 F -.15(ve)-.25 G 3.613(ro).15 G(ccur)-3.613 E 3.613
+(,u)-.4 G 1.113(nless some-)-3.613 F
+(thing went horribly wrong with the dataset properties.)102 318 Q 1.34(\
+If no datasets are speci\214ed, all matching encryption roots are liste\
+d \212 by def)102 336 R 1.34(ault, those managed by)-.1 F F2(tzpfms)102
+348 Q F0(.)A F1(OPTIONS)72 372 Q F2<ad48>103.666 384 Q F0 .124
+(Scripting mode \212 remo)173 384 R .424 -.15(ve h)-.15 H .125
+(eaders and separate \214elds by a single tab instead of colum-).15 F
+(nating them with spaces.)173 396 Q F2<ad72>103.666 414 Q F0
+(Recurse into all descendants of speci\214ed datasets.)173 414 Q F2
+<ad64>103.666 426 Q F3(depth)6 E F0(Recurse at most)173 426 Q F3(depth)
 2.5 E F0(datasets deep.)2.5 E(Def)5 E(ault:)-.1 E F1(0)2.5 E F0(.)A F2
-<ad61>103.666 432 Q F0(List all encryption roots, e)173 432 Q -.15(ve)
+<ad61>103.666 444 Q F0(List all encryption roots, e)173 444 Q -.15(ve)
 -.25 G 2.5(no).15 G(nes not managed by)-2.5 E F2(tzpfms)2.5 E F0(.)A F2
-<ad62>103.666 444 Q F3(back-end)6 E F0
-(List only encryption roots with the speci\214ed)173 456 Q F2(tzpfms)2.5
-E F3(back-end)2.5 E F0(.)A F2<ad75>103.666 474 Q F0
-(List only encryption roots whose k)173 474 Q -.15(ey)-.1 G 2.5(sa).15 G
-(re una)-2.5 E -.25(va)-.2 G(ilable.).25 E F2<ad6c>103.666 486 Q F0
+<ad62>103.666 456 Q F3(back-end)6 E F0
+(List only encryption roots with the speci\214ed)173 468 Q F2(tzpfms)2.5
+E F3(back-end)2.5 E F0(.)A F2<ad75>103.666 486 Q F0
 (List only encryption roots whose k)173 486 Q -.15(ey)-.1 G 2.5(sa).15 G
-(re a)-2.5 E -.25(va)-.2 G(ilable.).25 E F1(EXAMPLES)72 510 Q F4($)102
-522 Q F2(zfs-tpm-list)6 E F4 72(NAME BACK-END)102 534 R 18
-(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)102 546 R 18
-(available yes)24 F 6(tarta-zoot/home TPM2)102 558 R 6(unavailable yes)
-36 F($)102 582 Q F2 1.666(zfs-tpm-list \255ad0)6 F F4 24(NAME BACK-END)
-102 594 R 6(KEYSTATUS COHERENT)12 F 6(filling -)102 606 R 6
-(available yes)54 F($)102 630 Q F2 1.666(zfs-tpm-list \255b)6 F F1(TPM2)
-6 E F4 72(NAME BACK-END)102 642 R 18(KEYSTATUS COHERENT)12 F 6
-(tarta-zoot/home TPM2)102 654 R 6(unavailable yes)36 F($)102 678 Q F2
+(re una)-2.5 E -.25(va)-.2 G(ilable.).25 E F2<ad6c>103.666 498 Q F0
+(List only encryption roots whose k)173 498 Q -.15(ey)-.1 G 2.5(sa).15 G
+(re a)-2.5 E -.25(va)-.2 G(ilable.).25 E F1(EXAMPLES)72 522 Q F4($)102
+534 Q F2(zfs-tpm-list)6 E F4 72(NAME BACK-END)102 546 R 18
+(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)102 558 R 18
+(available yes)24 F 6(tarta-zoot/home TPM2)102 570 R 6(unavailable yes)
+36 F($)102 594 Q F2 1.666(zfs-tpm-list \255ad0)6 F F4 24(NAME BACK-END)
+102 606 R 6(KEYSTATUS COHERENT)12 F 6(filling -)102 618 R 6
+(available yes)54 F($)102 642 Q F2 1.666(zfs-tpm-list \255b)6 F F1(TPM2)
+6 E F4 72(NAME BACK-END)102 654 R 18(KEYSTATUS COHERENT)12 F 6
+(tarta-zoot/home TPM2)102 666 R 6(unavailable yes)36 F($)102 690 Q F2
 1.666(zfs-tpm-list \255ra)6 F F3(tarta-zoot)6 E F4 72(NAME BACK-END)102
-690 R 18(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)102 702 R 18
-(available yes)24 F F0(tzpfms 0.3.0)72 750 Q(December 20, 2021)144.985 E
-(1)189.705 E 0 Cg EP
+702 R 18(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)102 714 R 18
+(available yes)24 F 6(tarta-zoot/home TPM2)102 726 R 6(unavailable yes)
+36 F 12(tarta-zoot/bkp -)102 738 R 18(available yes)54 F 18
+(tarta-zoot/vm -)102 750 R 18(available yes)54 F F0(tzpfms 0.3.0-1-g)72
+799.889 Q 105.605(a4cfe40 June)-.05 F(17, 2022)2.5 E(1)201.085 E 0 Cg EP
 %%Page: 2 2
 %%BeginPageSetup
 BP
 %%EndPageSetup
 /F0 10/Times-Roman@0 SF -.834(ZFS-TPM-LIST \(8\))72 48 R
 (System Manager')102.759 E 2.5(sM)-.55 G 97.759(anual ZFS-TPM-LIST)-2.5
-F(\(8\))1.666 E/F1 10/Courier@0 SF 6(tarta-zoot/home TPM2)102 96 R 6
-(unavailable yes)36 F 12(tarta-zoot/bkp -)102 108 R 18(available yes)54
-F 18(tarta-zoot/vm -)102 120 R 18(available yes)54 F($)102 144 Q/F2 10
-/Courier-Bold@0 SF 1.666(zfs-tpm-list \255al)6 F F1 72(NAME BACK-END)102
-156 R 6(KEYSTATUS COHERENT)12 F 54(filling -)102 168 R 6(available yes)
-54 F 36(tarta-zoot TPM1.X)102 180 R 6(available yes)24 F 12
-(tarta-zoot/bkp -)102 192 R 6(available yes)54 F 18(tarta-zoot/vm -)102
-204 R 6(available yes)54 F/F3 10/Times-Bold@0 SF 1.666(SPECIAL THANKS)72
-228 R F0 1.6 -.8(To a)102 240 T(ll who support further de).8 E -.15(ve)
--.25 G(lopment, in particular:).15 E F3<83>122 252 Q F0(ThePhD)2.5 E F3
-<83>122 264 Q F0(Embark Studios)2.5 E F3<83>122 276 Q F0(Jasper Bekk)2.5
-E(ers)-.1 E F3(REPOR)72 300 Q 1.666(TING B)-.4 F(UGS)-.1 E
-(https://todo.sr)102 312 Q(.ht/~nabijaczleweli/tzpfms)-1 E F1
-(~nabijaczleweli/tzpfms@lists.sr.ht)102 330 Q F0 2.5(,a)C(rchi)-2.5 E
--.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F3(https://lists.sr)2.5 E
-(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A(tzpfms 0.3.0)72 750 Q
-(December 20, 2021)144.985 E(2)189.705 E 0 Cg EP
+F(\(8\))1.666 E/F1 10/Courier@0 SF($)102 96 Q/F2 10/Courier-Bold@0 SF
+1.666(zfs-tpm-list \255al)6 F F1 72(NAME BACK-END)102 108 R 6
+(KEYSTATUS COHERENT)12 F 54(filling -)102 120 R 6(available yes)54 F 36
+(tarta-zoot TPM1.X)102 132 R 6(available yes)24 F 12(tarta-zoot/bkp -)
+102 144 R 6(available yes)54 F 18(tarta-zoot/vm -)102 156 R 6
+(available yes)54 F/F3 10/Times-Bold@0 SF 1.666(SPECIAL THANKS)72 180 R
+F0 1.6 -.8(To a)102 192 T(ll who support further de).8 E -.15(ve)-.25 G
+(lopment, in particular:).15 E F3<83>122 204 Q F0(ThePhD)2.5 E F3<83>122
+216 Q F0(Embark Studios)2.5 E F3<83>122 228 Q F0(Jasper Bekk)2.5 E(ers)
+-.1 E F3(REPOR)72 252 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102
+264 Q(.ht/~nabijaczleweli/tzpfms)-1 E F1
+(~nabijaczleweli/tzpfms@lists.sr.ht)102 282 Q F0 86.763(,a)C(rchi)
+-86.763 E -.15(ve)-.25 G 86.762(da).15 G(t)-86.762 E F3
+(https://lists.sr)102 294 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A
+(tzpfms 0.3.0-1-g)72 799.889 Q 105.605(a4cfe40 June)-.05 F(17, 2022)2.5
+E(2)201.085 E 0 Cg EP
 %%Page: 3 3
 %%BeginPageSetup
 BP
@@ -344,156 +345,159 @@ BP
 (zfs-tpm1x-change-key)102 144 Q F0([)3.333 E F2<ad62>2.499 E/F3 10
 /Courier-Oblique@0 SF(backup-file)6 E F0 3.333(][).833 G F2<ad50>-.834 E
 F3(PCR)6 E F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C(])-.833 E F3(dataset)
-2.5 E F1(DESCRIPTION)72 168 Q F0 4.76 -.8(To n)102 180 T 3.16
-(ormalise the).8 F F3(dataset)5.66 E F0(,)A F2(zfs-tpm1x-change-key)5.66
-E F0 3.16(will open its encryption root in its stead.)5.66 F F2
-(zfs-tpm1x-change-key)102 192 Q F0(will)3.264 E/F4 10/Times-Italic@0 SF
-(ne)3.264 E(ver)-.15 E F0 .764(create or destro)3.264 F 3.264(ye)-.1 G
-.764(ncryption roots; use)-3.264 F/F5 10/Courier@0 SF(zfs-change-key)
-3.264 E F0 .764(\(8\) for)B(that.)102 204 Q
+2.5 E F1(DESCRIPTION)72 168 Q F0 3.366 -.8(To n)102 180 T 1.766
+(ormalise the).8 F F3(dataset)4.266 E F0(,)A F2(zfs-tpm1x-change-key)
+4.266 E F0 1.766(will open its encryption root in its stead.)4.266 F F2
+(zfs-tpm1x-change-key)102 192 Q F0(will)3.064 E/F4 10/Times-Italic@0 SF
+(ne)3.064 E(ver)-.15 E F0 .564(create or destro)3.064 F 3.064(ye)-.1 G
+.564(ncryption roots; use)-3.064 F/F5 10/Courier@0 SF(zfs-change-key)
+3.063 E F0(\(8\))A(for that.)102 204 Q
 (First, a connection is made to the TPM, which)102 222 Q F4(must)2.5 E
-F0(be TPM-1.X-compatible.)2.5 E(If)102 240 Q F3(dataset)2.553 E F0 -.1
-(wa)2.553 G 2.553(sp).1 G(re)-2.553 E .053(viously encrypted with)-.25 F
-F2(tzpfms)2.553 E F0 .053(and the)2.553 F F1(TPM1.X)2.553 E F0 .054
-(back-end w)2.553 F .054(as used, the metadata will)-.1 F .203
-(be silently cleared.)102 252 R .203(Otherwise, or in case of an error)
-5.203 F 2.703(,d)-.4 G .203(ata required for manual interv)-2.703 F .202
-(ention will be printed to)-.15 F(the standard error stream.)102 264 Q
-(Ne)102 282 Q .486(xt, a ne)-.15 F 2.986(ww)-.25 G .486(rapping k)-2.986
-F .786 -.15(ey i)-.1 H 2.986(sg).15 G .486
-(enerated on the TPM, optionally back)-2.986 F .486(ed up)-.1 F 1.666
-(\(s)4.652 G(ee)-1.666 E F1(OPTIONS)2.987 E F0 -2.845 1.666(\), a)1.666
-H .487(nd sealed on)-1.666 F 2.575(the TPM; the user is prompted for an\
- optional passphrase to protect the k)102 294 R 2.875 -.15(ey w)-.1 H
-2.575(ith, and for the SRK).15 F(passphrase, set when taking o)102 306 Q
-(wnership, if not "well-kno)-.25 E(wn" \(all zeroes\).)-.25 E(The follo)
-102 324 Q(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1
-<83>122 336 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1
-(TPM1.X)A<83>122 348 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3
-(parent-key-blob)A F2(:)A F3(sealed-object-blob)A F5(tzpfms.backend)102
-366 Q F0 2.231(identi\214es this dataset for w)4.73 F 2.231(ork with)-.1
-F F1(TPM1.X)4.731 E F0(-back-ended)A F2(tzpfms)4.731 E F0 3.897
-(tools \()4.731 F(namely)1.666 E F5(zfs-tpm1x-change-key)102 378 Q F0
-(\(8\),)A F5(zfs-tpm1x-load-key)2.5 E F0(\(8\), and)A F5
-(zfs-tpm1x-clear-key)2.5 E F0 -.834(\(8\) \) .)B F5(tzpfms.key)102 396 Q
-F0 .334(is a colon-separated pair of he)2.834 F .333
-(xadecimal-string \(i.e. "4F7730" for "Ow0"\) blobs; the \214rst one)
--.15 F .362(represents the RSA k)102 408 R .662 -.15(ey p)-.1 H .362(ro\
+F0(be TPM-1.X-compatible.)2.5 E(If)102 240 Q F3(dataset)2.652 E F0 -.1
+(wa)2.652 G 2.652(sp).1 G(re)-2.652 E .152(viously encrypted with)-.25 F
+F2(tzpfms)2.652 E F0 .153(and the)2.652 F F1(TPM1.X)2.653 E F0 .153
+(back-end w)2.653 F .153(as used, the metadata)-.1 F .587
+(will be silently cleared.)102 252 R .587
+(Otherwise, or in case of an error)5.587 F 3.087(,d)-.4 G .587
+(ata required for manual interv)-3.087 F .586(ention will be)-.15 F
+(printed to the standard error stream.)102 264 Q(Ne)102 282 Q .252
+(xt, a ne)-.15 F 2.752(ww)-.25 G .252(rapping k)-2.752 F .552 -.15(ey i)
+-.1 H 2.752(sg).15 G .253(enerated on the TPM, optionally back)-2.752 F
+.253(ed up)-.1 F 1.666(\(s)4.419 G(ee)-1.666 E F1(OPTIONS)2.753 E F0
+-3.079 1.666(\), a)1.666 H .253(nd sealed)-1.666 F .901(on the TPM; the\
+ user is prompted for an optional passphrase to protect the k)102 294 R
+1.201 -.15(ey w)-.1 H .901(ith, and for the SRK).15 F
+(passphrase, set when taking o)102 306 Q(wnership, if not "well-kno)-.25
+E(wn" \(all zeroes\).)-.25 E(The follo)102 324 Q
+(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1<83>122 336
+Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(TPM1.X)A<83>122
+348 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3(parent-key-blob)A
+F2(:)A F3(sealed-object-blob)A F5(tzpfms.backend)102 366 Q F0 .558
+(identi\214es this dataset for w)3.058 F .558(ork with)-.1 F F1(TPM1.X)
+3.058 E F0(-back-ended)A F2(tzpfms)3.059 E F0 2.225(tools \()3.059 F
+(namely)1.666 E F5(zfs-tpm1x-change-key)102 378 Q F0(\(8\),)A F5
+(zfs-tpm1x-load-key)2.5 E F0(\(8\), and)A F5(zfs-tpm1x-clear-key)2.5 E
+F0 -.834(\(8\) \) .)B F5(tzpfms.key)102 396 Q F0 .376
+(is a colon-separated pair of he)2.876 F .376
+(xadecimal-string \(i.e. "4F7730" for "Ow0"\) blobs; the \214rst)-.15 F
+1.155(one represents the RSA k)102 408 R 1.455 -.15(ey p)-.1 H 1.156(ro\
 tecting the blob, and it is protected with either the passphrase, if pr\
-o).15 F .363(vided, or the)-.15 F .236(SHA1 constant)102 420 R F5
-(CE4CF677875B5EB8993591D5A9AF1ED24A3A8736)2.736 E F0 2.736(;t)C .236
-(he second represents the sealed)-2.736 F 11.923
-(object containing the wrapping k)102 432 R -.15(ey)-.1 G 14.424(,a)-.5
-G 11.924(nd is protected with the SHA1 constant)-14.424 F F5
-(B9EE715DBE4B243FAA81EA04306E063710383E35)102 444 Q F0 7.438(.T)C 2.438
-(here e)-7.438 F 2.438(xists no other user)-.15 F 2.437
+o-).15 F 2.487(vided, or the SHA1 constant)102 420 R F5
+(CE4CF677875B5EB8993591D5A9AF1ED24A3A8736)4.986 E F0 4.986(;t)C 2.486
+(he second)-4.986 F 2.084
+(represents the sealed object containing the wrapping k)102 432 R -.15
+(ey)-.1 G 4.585(,a)-.5 G 2.085(nd is protected with the SHA1 constant)
+-4.585 F F5(B9EE715DBE4B243FAA81EA04306E063710383E35)102 444 Q F0 5.347
+(.T)C .347(here e)-5.347 F .347(xists no other user)-.15 F .347
 (-land tool for de-)-.2 F(crypting this; perhaps there should be.)102
-456 Q(Finally)102 474 Q 4.14(,t)-.65 G 1.641(he equi)-4.14 F -.25(va)
--.25 G 1.641(lent of).25 F F2 1.641(zfs change-key)4.141 F<ad6f>9.307 E
-F5(keylocation=prompt)7.641 E F2<ad6f>9.307 E F5(keyformat=raw)7.641 E
-F3(dataset)102 486 Q F0 .118(is performed with the ne)2.618 F 2.618(wk)
--.25 G -.15(ey)-2.718 G 5.118(.I)-.5 G 2.617(fa)-5.118 G 2.617(ne)-2.617
-G .117(rror occurred, best ef)-2.617 F .117
-(fort is made to clean up the properties,)-.25 F
-(or to issue a note for manual interv)102 498 Q
-(ention into the standard error stream.)-.15 E 3.911<418c>102 516 S
-1.411(nal v)-3.911 F 1.411(eri\214cation should be made by running)-.15
-F F2 3.077(zfs-tpm1x-load-key \255n)3.911 F F3(dataset)7.411 E F0 6.411
-(.I)C 3.911(ft)-6.411 G 1.412(hat com-)-3.911 F 1.843
-(mand succeeds, all is well, b)102 528 R 1.843(ut otherwise the dataset\
- can be manually rolled back to a passphrase with)-.2 F F2
-(zfs-tpm1x-clear-key)102 540 Q F3(dataset)12.878 E F0 1.666(\(o)11.044 G
-7.678 -.4(r, i)-1.666 H 9.378(ft).4 G 6.878(hat f)-9.378 F 6.878
-(ails to w)-.1 F(ork,)-.1 E F2 6.879(zfs change-key)9.378 F<ad6f>14.545
+456 Q(Finally)102 474 Q 12.755(,t)-.65 G 10.255(he equi)-12.755 F -.25
+(va)-.25 G 10.255(lent of).25 F F2 10.255(zfs change-key)12.755 F<ad6f>
+17.922 E F5(keylocation=prompt)16.256 E F2<ad6f>17.922 E F5
+(keyformat=raw)102 486 Q F3(dataset)6.507 E F0 .507
+(is performed with the ne)3.007 F 3.006(wk)-.25 G -.15(ey)-3.106 G 5.506
+(.I)-.5 G 3.006(fa)-5.506 G 3.006(ne)-3.006 G .506
+(rror occurred, best ef)-3.006 F .506(fort is made)-.25 F
+(to clean up the properties, or to issue a note for manual interv)102
+498 Q(ention into the standard error stream.)-.15 E 2.624<418c>102 516 S
+.124(nal v)-2.624 F .124(eri\214cation should be made by running)-.15 F
+F2 1.791(zfs-tpm1x-load-key \255n)2.625 F F3(dataset)6.125 E F0 5.125
+(.I)C 2.625(ft)-5.125 G .125(hat com-)-2.625 F .859
+(mand succeeds, all is well, b)102 528 R .859(ut otherwise the dataset \
+can be manually rolled back to a passphrase with)-.2 F F2
+(zfs-tpm1x-clear-key)102 540 Q F3(dataset)11.205 E F0 1.666(\(o)9.371 G
+6.005 -.4(r, i)-1.666 H 7.706(ft).4 G 5.206(hat f)-7.706 F 5.206
+(ails to w)-.1 F(ork,)-.1 E F2 5.206(zfs change-key)7.706 F<ad6f>12.872
 E F5(keyformat=passphrase)102 552 Q F3(dataset)6 E F0 -3.332 1.666
 (\), a)1.666 H(nd you are hereby ask)-1.666 E(ed to report a b)-.1 E
-(ug, please.)-.2 E F2(zfs-tpm1x-clear-key)102 570 Q F3(dataset)9.23 E F0
-3.23(can be used to clear the properties and go back to using a)5.73 F
-(passphrase.)102 582 Q F1(OPTIONS)72 606 Q F2<ad62>103.666 618 Q F3
-(backup-file)6 E F0(Sa)191 630 Q .805 -.15(ve a b)-.2 H .505
-(ack-up of the k).15 F .805 -.15(ey t)-.1 H(o).15 E F3(backup-file)3.005
-E F0 3.005(,w)C .506(hich must not e)-3.005 F .506(xist beforehand.)-.15
-F(This)5.506 E(back-up)191 642 Q F4(must)3.182 E F0 .682
-(be stored securely)3.182 F 3.182(,o)-.65 G -.25(ff)-3.182 G 3.182
-(-site. In).25 F .681(case of a catastrophic e)3.181 F -.15(ve)-.25 G
-.681(nt, the k).15 F .981 -.15(ey c)-.1 H(an).15 E(be loaded by running)
-191 654 Q F2(zfs load-key)221 666 Q F3(dataset)6 E F5(<)6 E F3
-(backup-file)6 E F0(tzpfms 0.3.0)72 750 Q(December 20, 2021)144.985 E(3)
-189.705 E 0 Cg EP
+(ug, please.)-.2 E F2(zfs-tpm1x-clear-key)102 570 Q F3(dataset)8.036 E
+F0 2.035(can be used to clear the properties and go back to using a)
+4.536 F(passphrase.)102 582 Q F1(OPTIONS)72 606 Q F2<ad62>103.666 618 Q
+F3(backup-file)6 E F0(Sa)191 630 Q 1.352 -.15(ve a b)-.2 H 1.052
+(ack-up of the k).15 F 1.352 -.15(ey t)-.1 H(o).15 E F3(backup-file)
+3.552 E F0 3.552(,w)C 1.052(hich must not e)-3.552 F 1.053
+(xist beforehand.)-.15 F .432(This back-up)191 642 R F4(must)2.932 E F0
+.431(be stored securely)2.931 F 2.931(,o)-.65 G -.25(ff)-2.931 G 2.931
+(-site. In).25 F .431(case of a catastrophic e)2.931 F -.15(ve)-.25 G
+.431(nt, the).15 F -.1(ke)191 654 S 2.5(yc)-.05 G
+(an be loaded by running)-2.5 E F2(zfs load-key)221 666 Q F3(dataset)6 E
+F5(<)6 E F3(backup-file)6 E F2<ad50>103.666 684 Q F3(PCR)6 E F0([)A F2
+(,)A F3(PCR)A F0 1.666(]...)C .45(Bind the k)191 684 R .75 -.15(ey t)-.1
+H 2.95(os).15 G .45(pace- or comma-separated)-2.95 F F3(PCR)2.95 E F0
+-5.449 2.95(s\212 i)D 2.951(ft)-2.95 G(he)-2.951 E 2.951(yc)-.15 G .451
+(hange, the wrapping)-2.951 F -.1(ke)191 696 S 2.59(yw)-.05 G .089
+(ill not be able to be unsealed.)-2.59 F .089
+(The minimum number of PCRs for a PC TPM)5.089 F(is)191 708 Q F1(24)2.5
+E F0 1.666(\(n)4.166 G(umbered)-1.666 E F1(0)2.5 E F0(..)A F1(23)A F0
+-.832 1.666(\). F)1.666 H(or most, this is also the maximum.)-1.816 E
+(tzpfms 0.3.0-1-g)72 799.889 Q 105.605(a4cfe40 June)-.05 F(17, 2022)2.5
+E(3)201.085 E 0 Cg EP
 %%Page: 4 4
 %%BeginPageSetup
 BP
 %%EndPageSetup
 /F0 10/Times-Roman@0 SF -.834(ZFS-TPM1X-CHANGE-KEY \(8\))72 48 R
 (System Manager')46.109 E 2.5(sM)-.55 G 41.109
-(anual ZFS-TPM1X-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Courier-Bold@0 SF
-<ad50>103.666 96 Q/F2 10/Courier-Oblique@0 SF(PCR)6 E F0([)A F1(,)A F2
-(PCR)A F0 1.666(]...)C .42(Bind the k)191 96 R .72 -.15(ey t)-.1 H 2.92
-(os).15 G .421(pace- or comma-separated)-2.92 F F2(PCR)2.921 E F0 2.921
-(s\212i)C 2.921(ft)-2.921 G(he)-2.921 E 2.921(yc)-.15 G .421
-(hange, the wrapping k)-2.921 F -.15(ey)-.1 G .775
-(will not be able to be unsealed.)191 108 R .775
-(The minimum number of PCRs for a PC TPM is)5.775 F/F3 10/Times-Bold@0
-SF(24)3.274 E F0 1.666(\(n)192.666 120 S(umbered)-1.666 E F3(0)2.5 E F0
-(..)A F3(23)A F0 -.832 1.666(\). F)1.666 H
-(or most, this is also the maximum.)-1.816 E F3(ENVIR)72 144 Q 1.666
-(ONMENT V)-.3 F(ARIABLES)-1.35 E/F4 10/Courier@0 SF
-(TZPFMS_PASSPHRASE_HELPER)102 156 Q F0 .465(By def)143 168 R .466(ault,\
+(anual ZFS-TPM1X-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF
+(ENVIR)72 96 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E/F2 10/Courier@0 SF
+(TZPFMS_PASSPHRASE_HELPER)102 108 Q F0 .159(By def)143 120 R .159(ault,\
  passphrases are prompted for and read in on the standard output and in\
-put streams.)-.1 F(If)5.466 E F4(TZPFMS_PASSPHRASE_HELPER)143 180 Q F0
-.517(is set and nonempty)3.017 F 3.017(,i)-.65 G 3.017(tw)-3.017 G .516
-(ill be run via)-3.017 F F4(/bin/)3.016 E F1 2.182(sh \255c)B F0 .516
-(to pro-)3.016 F(vide each passphrase, instead.)143 192 Q .188
-(The standard output stream of the helper is tied to an anon)143 210 R
-.189(ymous \214le and used in its entirety as the)-.15 F(passphrase, e)
-143 222 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
-(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)155 234 Q F0
-(Pre-formatted noun phrase with all the information belo)172 234 Q 1.3
--.65(w, f)-.25 H(or use as a prompt).65 E F4($2)155 246 Q F0
-(Either the dataset name or the element of the TPM hierarch)172 246 Q
-2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)155 258 Q F0("ne)172 258 Q
+put streams.)-.1 F(If)143 132 Q F2(TZPFMS_PASSPHRASE_HELPER)3.356 E F0
+.856(is set and nonempty)3.356 F 3.356(,i)-.65 G 3.356(tw)-3.356 G .856
+(ill be run via)-3.356 F F2(/bin/)3.355 E/F3 10/Courier-Bold@0 SF 2.521
+(sh \255c)B F0(to pro)143 144 Q(vide each passphrase, instead.)-.15 E
+.087(The standard output stream of the helper is tied to an anon)143 162
+R .088(ymous \214le and used in its entirety as)-.15 F
+(the passphrase, e)143 174 Q(xcept for a trailing ne)-.15 E
+(w-line, if an)-.25 E 3.8 -.65(y. T)-.15 H(he ar).65 E(guments are:)-.18
+E F2($1)155 186 Q F0
+(Pre-formatted noun phrase with all the information belo)172 186 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F2($2)155 198 Q F0
+(Either the dataset name or the element of the TPM hierarch)172 198 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F2($3)155 210 Q F0("ne)172 210 Q
 (w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
--2.5 E F4($4)155 270 Q F0("ag)172 270 Q(ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .181
-(If the helper doesn')143 288 R 2.681(te)-.18 G 1.847(xist \()-2.831 F
-.181(the shell e)1.666 F .181(xits with)-.15 F F3(127)2.681 E F0 -3.151
-1.666(\), a d)1.666 H .181(iagnostic is issued and the normal prompt)
--1.666 F(is used as f)143 300 Q 2.5(all-back. If)-.1 F(it f)2.5 E
+-2.5 E F2($4)155 222 Q F0("ag)172 222 Q(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E 1.109
+(If the helper doesn')143 240 R 3.609(te)-.18 G 2.775(xist \()-3.759 F
+1.109(the shell e)1.666 F 1.109(xits with)-.15 F F1(127)3.609 E F0
+-2.223 1.666(\), a d)1.666 H 1.108(iagnostic is issued and the normal)
+-1.666 F(prompt is used as f)143 252 Q 2.5(all-back. If)-.1 F(it f)2.5 E
 (ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)
--2.5 E F3 1.666(TPM1.X back-end con\214guration)72 324 R .625
-(TPM selection)84 336 R F0(The)102 348 Q F1(tzpfms)2.767 E F0 .267
-(suite connects to a local)2.767 F F4(tcsd)2.767 E F0 .267
-(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E F4(localhost:30003)2.767 E
-F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)-2.767 E 2.767(ault. Use)-.1 F
-.268(the en-)2.767 F(vironment v)102 360 Q(ariable)-.25 E F4
-(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .392
-(The T)102 378 R(rouSerS)-.35 E F4(tcsd)2.892 E F0 .392
-(\(8\) daemon will try)B F4(/dev/tpm0)2.892 E F0 2.892(,t)C(hen)-2.892 E
-F4(/udev/tpm0)2.892 E F0 2.891(,t)C(hen)-2.891 E F4(/dev/tpm)2.891 E F0
-2.891(;b)C 2.891(yo)-2.891 G(ccup)-2.891 E(ying)-.1 E
-(one of the earlier ones with, for e)102 390 Q
-(xample, shell redirection, a later one can be selected.)-.15 E F3 .625
-(See also)84 414 R F0(The T)102 426 Q(rouSerS project page at)-.35 E F3
+-2.5 E F1 1.666(TPM1.X back-end con\214guration)72 276 R .625
+(TPM selection)84 288 R F0(The)102 300 Q F3(tzpfms)2.682 E F0 .182
+(suite connects to a local)2.682 F F2(tcsd)2.682 E F0 .182
+(\(8\) process)B 1.666(\(a)4.348 G(t)-1.666 E F2(localhost:30003)2.682 E
+F0 4.348(\)b)1.666 G 2.683(yd)-4.348 G(ef)-2.683 E 2.683(ault. Use)-.1 F
+(the)2.683 E(en)102 312 Q(vironment v)-.4 E(ariable)-.25 E F2
+(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .611
+(The T)102 330 R(rouSerS)-.35 E F2(tcsd)3.111 E F0 .611
+(\(8\) daemon will try)B F2(/dev/tpm0)3.11 E F0 3.11(,t)C(hen)-3.11 E F2
+(/udev/tpm0)3.11 E F0 3.11(,t)C(hen)-3.11 E F2(/dev/tpm)3.11 E F0 3.11
+(;b)C 3.11(yo)-3.11 G(ccu-)-3.11 E -.1(py)102 342 S
+(ing one of the earlier ones with, for e).1 E
+(xample, shell redirection, a later one can be selected.)-.15 E F1 .625
+(See also)84 366 R F0(The T)102 378 Q(rouSerS project page at)-.35 E F1
 (https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
-E(ousers)-.18 E F0(.)A 5.108(The TPM 1.2 main speci\214cation inde)102
-444 R 7.609(xa)-.15 G(t)-7.609 E F3(https://trustedcomputinggr)7.609 E
+E(ousers)-.18 E F0(.)A 2.719(The TPM 1.2 main speci\214cation inde)102
+396 R 5.22(xa)-.15 G(t)-5.22 E F1(https://trustedcomputinggr)5.22 E
 (oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
-(speci\214cation)102 456 Q F0(.)A F3 1.666(SPECIAL THANKS)72 480 R F0
-1.6 -.8(To a)102 492 T(ll who support further de).8 E -.15(ve)-.25 G
-(lopment, in particular:).15 E F3<83>122 504 Q F0(ThePhD)2.5 E F3<83>122
-516 Q F0(Embark Studios)2.5 E F3<83>122 528 Q F0(Jasper Bekk)2.5 E(ers)
--.1 E F3(REPOR)72 552 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102
-564 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4
-(~nabijaczleweli/tzpfms@lists.sr.ht)102 582 Q F0 2.5(,a)C(rchi)-2.5 E
--.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F3(https://lists.sr)2.5 E
-(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F3 1.666(SEE ALSO)72 606 R F0
-(PCR allocations:)102 618 Q F3(https://wiki.ar)2.5 E(chlinux.or)-.18 E
-(g/title/T)-.1 E(rusted_Platf)-.74 E(orm_Module#Accessing_PCR_r)-.25 E
-(egisters)-.18 E F0(and)102 630 Q F3(https://trustedcomputinggr)2.5 E
-(oup.or)-.18 E(g/wp-content/uploads/PC-)-.1 E(ClientSpeci\214c_Platf)102
-642 Q(orm_Pr)-.25 E(o\214le_f)-.18 E(or_TPM_2p0_Systems_v51.pdf)-.25 E
-F0 2.5(,S)C(ection 2.3.4 "PCR Usage", T)-2.5 E(able 1.)-.8 E
-(tzpfms 0.3.0)72 750 Q(December 20, 2021)144.985 E(4)189.705 E 0 Cg EP
+(speci\214cation)102 408 Q F0(.)A F1 1.666(SPECIAL THANKS)72 432 R F0
+1.6 -.8(To a)102 444 T(ll who support further de).8 E -.15(ve)-.25 G
+(lopment, in particular:).15 E F1<83>122 456 Q F0(ThePhD)2.5 E F1<83>122
+468 Q F0(Embark Studios)2.5 E F1<83>122 480 Q F0(Jasper Bekk)2.5 E(ers)
+-.1 E F1(REPOR)72 504 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102
+516 Q(.ht/~nabijaczleweli/tzpfms)-1 E F2
+(~nabijaczleweli/tzpfms@lists.sr.ht)102 534 Q F0 86.763(,a)C(rchi)
+-86.763 E -.15(ve)-.25 G 86.762(da).15 G(t)-86.762 E F1
+(https://lists.sr)102 546 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1
+1.666(SEE ALSO)72 570 R F0(PCR allocations:)102 582 Q F1
+(https://wiki.ar)102 594 Q(chlinux.or)-.18 E(g/title/T)-.1 E
+(rusted_Platf)-.74 E(orm_Module#Accessing_PCR_r)-.25 E(egisters)-.18 E
+F0(and)2.5 E F1(https://trustedcomputinggr)102 606 Q(oup.or)-.18 E
+(g/wp-content/uploads/PC-)-.1 E(ClientSpeci\214c_Platf)102 618 Q(orm_Pr)
+-.25 E(o\214le_f)-.18 E(or_TPM_2p0_Systems_v51.pdf)-.25 E F0 2.5(,S)C
+(ection 2.3.4 "PCR Usage", T)-2.5 E(able)-.8 E(1.)102 630 Q
+(tzpfms 0.3.0-1-g)72 799.889 Q 105.605(a4cfe40 June)-.05 F(17, 2022)2.5
+E(4)201.085 E 0 Cg EP
 %%Page: 5 5
 %%BeginPageSetup
 BP
@@ -502,48 +506,49 @@ BP
 (System Manager')54.989 E 2.5(sM)-.55 G 49.989
 (anual ZFS-TPM1X-CLEAR-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF
 -.2(NA)72 96 S(ME).2 E/F2 10/Courier-Bold@0 SF(zfs-tpm1x-clear-key)102
-108 Q F0 2.5<8a72>2.5 G -.25(ew)-2.5 G(rap ZFS dataset k).25 E .3 -.15
-(ey i)-.1 H 2.5(np).15 G(asssw)-2.5 E
-(ord and clear tzpfms TPM1.X metadata)-.1 E F1(SYNOPSIS)72 132 Q F2
-(zfs-tpm1x-clear-key)102 144 Q/F3 10/Courier-Oblique@0 SF(dataset)2.5 E
-F1(DESCRIPTION)72 168 Q F0(After v)102 180 Q(erifying)-.15 E F3(dataset)
-2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E F2(tzpfms)2.5 E
-F0(back)2.5 E(end)-.1 E F1(TPM1.X)2.5 E F0(:)A 6.985
-(1. performs the equi)122 192 R -.25(va)-.25 G 6.984(lent of).25 F F2
-6.984(zfs change-key)9.484 F<ad6f>14.65 E/F4 10/Courier@0 SF
-(keylocation=prompt)12.984 E F2<ad6f>14.65 E F4(keyformat=passphrase)127
-204 Q F3(dataset)6 E F0(,)A(2. remo)122 216 Q -.15(ve)-.15 G 2.5(st).15
-G(he)-2.5 E F4(xyz.nabijaczleweli:tzpfms.)2.5 E F0({)A F4(backend)A F0
-(,)A F4(key)6 E F0 2.5(}p)C(roperties from)-2.5 E F3(dataset)2.5 E F0(.)
-A(See)102 234 Q F4(zfs-tpm1x-change-key)2.5 E F0
-(\(8\) for a detailed description.)A F1 1.666
-(TPM1.X back-end con\214guration)72 258 R .625(TPM selection)84 270 R F0
-(The)102 282 Q F2(tzpfms)2.767 E F0 .267(suite connects to a local)2.767
-F F4(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E
-F4(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)
--2.767 E 2.767(ault. Use)-.1 F .268(the en-)2.767 F(vironment v)102 294
-Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0
-(to specify a remote TCS hostname.)2.5 E .392(The T)102 312 R(rouSerS)
--.35 E F4(tcsd)2.892 E F0 .392(\(8\) daemon will try)B F4(/dev/tpm0)
-2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.891(,t)C
-(hen)-2.891 E F4(/dev/tpm)2.891 E F0 2.891(;b)C 2.891(yo)-2.891 G(ccup)
--2.891 E(ying)-.1 E(one of the earlier ones with, for e)102 324 Q
+108 Q F0 3.508<8a72>3.507 G -.25(ew)-3.508 G 1.008(rap ZFS dataset k).25
+F 1.308 -.15(ey i)-.1 H 3.508(np).15 G(asssw)-3.508 E 1.008
+(ord and clear tzpfms TPM1.X meta-)-.1 F(data)102 120 Q F1(SYNOPSIS)72
+144 Q F2(zfs-tpm1x-clear-key)102 156 Q/F3 10/Courier-Oblique@0 SF
+(dataset)2.5 E F1(DESCRIPTION)72 180 Q F0(After v)102 192 Q(erifying)
+-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E
+F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM1.X)2.5 E F0(:)A 5.126
+(1. performs the equi)122 204 R -.25(va)-.25 G 5.126(lent of).25 F F2
+5.126(zfs change-key)7.626 F<ad6f>12.792 E/F4 10/Courier@0 SF
+(keylocation=prompt)11.126 E F2<ad6f>12.791 E F4(keyformat=passphrase)
+127 216 Q F3(dataset)6 E F0(,)A 6.99(2. remo)122 228 R -.15(ve)-.15 G
+9.491(st).15 G(he)-9.491 E F4(xyz.nabijaczleweli:tzpfms.)9.491 E F0({)A
+F4(backend)A F0(,)A F4(key)12.991 E F0 9.491(}p)C 6.991(roperties from)
+-9.491 F F3(dataset)127 240 Q F0(.)A(See)102 258 Q F4
+(zfs-tpm1x-change-key)2.5 E F0(\(8\) for a detailed description.)A F1
+1.666(TPM1.X back-end con\214guration)72 282 R .625(TPM selection)84 294
+R F0(The)102 306 Q F2(tzpfms)2.683 E F0 .182(suite connects to a local)
+2.683 F F4(tcsd)2.682 E F0 .182(\(8\) process)B 1.666(\(a)4.348 G(t)
+-1.666 E F4(localhost:30003)2.682 E F0 4.348(\)b)1.666 G 2.682(yd)-4.348
+G(ef)-2.682 E 2.682(ault. Use)-.1 F(the)2.682 E(en)102 318 Q
+(vironment v)-.4 E(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0
+(to specify a remote TCS hostname.)2.5 E .61(The T)102 336 R(rouSerS)
+-.35 E F4(tcsd)3.11 E F0 .61(\(8\) daemon will try)B F4(/dev/tpm0)3.11 E
+F0 3.11(,t)C(hen)-3.11 E F4(/udev/tpm0)3.111 E F0 3.111(,t)C(hen)-3.111
+E F4(/dev/tpm)3.111 E F0 3.111(;b)C 3.111(yo)-3.111 G(ccu-)-3.111 E -.1
+(py)102 348 S(ing one of the earlier ones with, for e).1 E
 (xample, shell redirection, a later one can be selected.)-.15 E F1 .625
-(See also)84 348 R F0(The T)102 360 Q(rouSerS project page at)-.35 E F1
+(See also)84 372 R F0(The T)102 384 Q(rouSerS project page at)-.35 E F1
 (https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
-E(ousers)-.18 E F0(.)A 5.108(The TPM 1.2 main speci\214cation inde)102
-378 R 7.609(xa)-.15 G(t)-7.609 E F1(https://trustedcomputinggr)7.609 E
+E(ousers)-.18 E F0(.)A 2.719(The TPM 1.2 main speci\214cation inde)102
+402 R 5.219(xa)-.15 G(t)-5.219 E F1(https://trustedcomputinggr)5.219 E
 (oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
-(speci\214cation)102 390 Q F0(.)A F1 1.666(SPECIAL THANKS)72 414 R F0
-1.6 -.8(To a)102 426 T(ll who support further de).8 E -.15(ve)-.25 G
-(lopment, in particular:).15 E F1<83>122 438 Q F0(ThePhD)2.5 E F1<83>122
-450 Q F0(Embark Studios)2.5 E F1<83>122 462 Q F0(Jasper Bekk)2.5 E(ers)
--.1 E F1(REPOR)72 486 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102
-498 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4
-(~nabijaczleweli/tzpfms@lists.sr.ht)102 516 Q F0 2.5(,a)C(rchi)-2.5 E
--.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E
-(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A(tzpfms 0.3.0)72 750 Q
-(December 20, 2021)144.985 E(5)189.705 E 0 Cg EP
+(speci\214cation)102 414 Q F0(.)A F1 1.666(SPECIAL THANKS)72 438 R F0
+1.6 -.8(To a)102 450 T(ll who support further de).8 E -.15(ve)-.25 G
+(lopment, in particular:).15 E F1<83>122 462 Q F0(ThePhD)2.5 E F1<83>122
+474 Q F0(Embark Studios)2.5 E F1<83>122 486 Q F0(Jasper Bekk)2.5 E(ers)
+-.1 E F1(REPOR)72 510 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102
+522 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4
+(~nabijaczleweli/tzpfms@lists.sr.ht)102 540 Q F0 86.762(,a)C(rchi)
+-86.762 E -.15(ve)-.25 G 86.763(da).15 G(t)-86.763 E F1
+(https://lists.sr)102 552 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A
+(tzpfms 0.3.0-1-g)72 799.889 Q 105.605(a4cfe40 June)-.05 F(17, 2022)2.5
+E(5)201.085 E 0 Cg EP
 %%Page: 6 6
 %%BeginPageSetup
 BP
@@ -555,31 +560,31 @@ BP
 (oad TPM1.X-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72
 132 Q F2(zfs-tpm1x-load-key)102 144 Q F0([)3.333 E F2<ad6e>2.499 E F0(])
 .833 E/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 168 Q
-F0 1.156(After v)102 180 R(erifying)-.15 E F3(dataset)3.656 E F0 -.1(wa)
-3.656 G 3.656(se).1 G 1.156(ncrypted with)-3.656 F F2(tzpfms)3.655 E F0
-(back)3.655 E(end)-.1 E F1(TPM1.X)3.655 E F0 1.155(will unseal the k)
-3.655 F 1.455 -.15(ey a)-.1 H 1.155(nd load it).15 F(into)102 192 Q F3
-(dataset)2.5 E F0(.)A .693
+F0 .041(After v)102 180 R(erifying)-.15 E F3(dataset)2.541 E F0 -.1(wa)
+2.541 G 2.541(se).1 G .041(ncrypted with)-2.541 F F2(tzpfms)2.54 E F0
+(back)2.54 E(end)-.1 E F1(TPM1.X)2.54 E F0 .04(will unseal the k)2.54 F
+.34 -.15(ey a)-.1 H .04(nd load it).15 F(into)102 192 Q F3(dataset)2.5 E
+F0(.)A .611
 (The user is \214rst prompted for the SRK passphrase, set when taking o)
-102 210 R .694(wnership, if not "well-kno)-.25 F .694(wn" \(all ze-)-.25
-F(roes\); then for the additional passphrase, set when creating the k)
+102 210 R .611(wnership, if not "well-kno)-.25 F .611(wn" \(all)-.25 F
+(zeroes\); then for the additional passphrase, set when creating the k)
 102 222 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5(fo)-2.5 G(ne w)-2.5 E(as set.)
 -.1 E(See)102 240 Q/F4 10/Courier@0 SF(zfs-tpm1x-change-key)2.5 E F0
 (\(8\) for a detailed description.)A F1(OPTIONS)72 264 Q F2<ad6e>103.666
-276 Q F0 .179(Do a no-op/dry run, can be used e)119 288 R -.15(ve)-.25 G
-2.679(ni).15 G 2.679(ft)-2.679 G .179(he k)-2.679 F .478 -.15(ey i)-.1 H
-2.678(sa).15 G .178(lready loaded.)-2.678 F(Equi)5.178 E -.25(va)-.25 G
-.178(lent to).25 F F2 .178(zfs load-key)2.678 F F0 -.55('s)C F2<ad6e>
-4.894 E F0(option.)119 300 Q F1(ENVIR)72 324 Q 1.666(ONMENT V)-.3 F
-(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)102 336 Q F0 .465(By def)
-143 348 R .466(ault, passphrases are prompted for and read in on the st\
-andard output and input streams.)-.1 F(If)5.466 E F4
-(TZPFMS_PASSPHRASE_HELPER)143 360 Q F0 .517(is set and nonempty)3.017 F
-3.017(,i)-.65 G 3.017(tw)-3.017 G .516(ill be run via)-3.017 F F4(/bin/)
-3.016 E F2 2.182(sh \255c)B F0 .516(to pro-)3.016 F
-(vide each passphrase, instead.)143 372 Q .188
+276 Q F0 .156(Do a no-op/dry run, can be used e)119 288 R -.15(ve)-.25 G
+2.656(ni).15 G 2.656(ft)-2.656 G .156(he k)-2.656 F .456 -.15(ey i)-.1 H
+2.656(sa).15 G .156(lready loaded.)-2.656 F(Equi)5.156 E -.25(va)-.25 G
+.156(lent to).25 F F2 .156(zfs load-key)2.656 F F0 -.55('s)C F2<ad6e>
+120.666 300 Q F0(option.)2.5 E F1(ENVIR)72 324 Q 1.666(ONMENT V)-.3 F
+(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)102 336 Q F0 .159(By def)
+143 348 R .159(ault, passphrases are prompted for and read in on the st\
+andard output and input streams.)-.1 F(If)143 360 Q F4
+(TZPFMS_PASSPHRASE_HELPER)3.356 E F0 .856(is set and nonempty)3.356 F
+3.356(,i)-.65 G 3.356(tw)-3.356 G .856(ill be run via)-3.356 F F4(/bin/)
+3.355 E F2 2.521(sh \255c)B F0(to pro)143 372 Q
+(vide each passphrase, instead.)-.15 E .087
 (The standard output stream of the helper is tied to an anon)143 390 R
-.189(ymous \214le and used in its entirety as the)-.15 F(passphrase, e)
+.088(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
 143 402 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
 (y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)155 414 Q F0
 (Pre-formatted noun phrase with all the information belo)172 414 Q 1.3
@@ -588,48 +593,50 @@ andard output and input streams.)-.1 F(If)5.466 E F4
 2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)155 438 Q F0("ne)172 438 Q
 (w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
 -2.5 E F4($4)155 450 Q F0("ag)172 450 Q(ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .181
-(If the helper doesn')143 468 R 2.681(te)-.18 G 1.847(xist \()-2.831 F
-.181(the shell e)1.666 F .181(xits with)-.15 F F1(127)2.681 E F0 -3.151
-1.666(\), a d)1.666 H .181(iagnostic is issued and the normal prompt)
--1.666 F(is used as f)143 480 Q 2.5(all-back. If)-.1 F(it f)2.5 E
+(he second prompt for that passphrase, otherwise blank)-2.5 E 1.109
+(If the helper doesn')143 468 R 3.609(te)-.18 G 2.775(xist \()-3.759 F
+1.109(the shell e)1.666 F 1.109(xits with)-.15 F F1(127)3.609 E F0
+-2.223 1.666(\), a d)1.666 H 1.108(iagnostic is issued and the normal)
+-1.666 F(prompt is used as f)143 480 Q 2.5(all-back. If)-.1 F(it f)2.5 E
 (ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)
 -2.5 E F1 1.666(TPM1.X back-end con\214guration)72 504 R .625
-(TPM selection)84 516 R F0(The)102 528 Q F2(tzpfms)2.767 E F0 .267
-(suite connects to a local)2.767 F F4(tcsd)2.767 E F0 .267
-(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E F4(localhost:30003)2.767 E
-F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)-2.767 E 2.767(ault. Use)-.1 F
-.268(the en-)2.767 F(vironment v)102 540 Q(ariable)-.25 E F4
-(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .392
-(The T)102 558 R(rouSerS)-.35 E F4(tcsd)2.892 E F0 .392
-(\(8\) daemon will try)B F4(/dev/tpm0)2.892 E F0 2.892(,t)C(hen)-2.892 E
-F4(/udev/tpm0)2.892 E F0 2.891(,t)C(hen)-2.891 E F4(/dev/tpm)2.891 E F0
-2.891(;b)C 2.891(yo)-2.891 G(ccup)-2.891 E(ying)-.1 E
-(one of the earlier ones with, for e)102 570 Q
+(TPM selection)84 516 R F0(The)102 528 Q F2(tzpfms)2.682 E F0 .182
+(suite connects to a local)2.682 F F4(tcsd)2.682 E F0 .182
+(\(8\) process)B 1.666(\(a)4.348 G(t)-1.666 E F4(localhost:30003)2.682 E
+F0 4.348(\)b)1.666 G 2.683(yd)-4.348 G(ef)-2.683 E 2.683(ault. Use)-.1 F
+(the)2.683 E(en)102 540 Q(vironment v)-.4 E(ariable)-.25 E F4
+(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .611
+(The T)102 558 R(rouSerS)-.35 E F4(tcsd)3.111 E F0 .611
+(\(8\) daemon will try)B F4(/dev/tpm0)3.11 E F0 3.11(,t)C(hen)-3.11 E F4
+(/udev/tpm0)3.11 E F0 3.11(,t)C(hen)-3.11 E F4(/dev/tpm)3.11 E F0 3.11
+(;b)C 3.11(yo)-3.11 G(ccu-)-3.11 E -.1(py)102 570 S
+(ing one of the earlier ones with, for e).1 E
 (xample, shell redirection, a later one can be selected.)-.15 E F1 .625
 (See also)84 594 R F0(The T)102 606 Q(rouSerS project page at)-.35 E F1
 (https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
-E(ousers)-.18 E F0(.)A 5.108(The TPM 1.2 main speci\214cation inde)102
-624 R 7.609(xa)-.15 G(t)-7.609 E F1(https://trustedcomputinggr)7.609 E
+E(ousers)-.18 E F0(.)A 2.719(The TPM 1.2 main speci\214cation inde)102
+624 R 5.22(xa)-.15 G(t)-5.22 E F1(https://trustedcomputinggr)5.22 E
 (oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
 (speci\214cation)102 636 Q F0(.)A F1 1.666(SPECIAL THANKS)72 660 R F0
 1.6 -.8(To a)102 672 T(ll who support further de).8 E -.15(ve)-.25 G
-(lopment, in particular:).15 E(tzpfms 0.3.0)72 750 Q(December 20, 2021)
-144.985 E(6)189.705 E 0 Cg EP
+(lopment, in particular:).15 E F1<83>122 684 Q F0(ThePhD)2.5 E F1<83>122
+696 Q F0(Embark Studios)2.5 E F1<83>122 708 Q F0(Jasper Bekk)2.5 E(ers)
+-.1 E(tzpfms 0.3.0-1-g)72 799.889 Q 105.605(a4cfe40 June)-.05 F
+(17, 2022)2.5 E(6)201.085 E 0 Cg EP
 %%Page: 7 7
 %%BeginPageSetup
 BP
 %%EndPageSetup
 /F0 10/Times-Roman@0 SF(ZFS-TPM1X-LO)72 48 Q -.834(AD-KEY \(8\))-.35 F
 (System Manager')60.349 E 2.5(sM)-.55 G 55.349(anual ZFS-TPM1X-LO)-2.5 F
--.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF<83>122 96 Q F0(ThePhD)
-2.5 E F1<83>122 108 Q F0(Embark Studios)2.5 E F1<83>122 120 Q F0
-(Jasper Bekk)2.5 E(ers)-.1 E F1(REPOR)72 144 Q 1.666(TING B)-.4 F(UGS)
--.1 E(https://todo.sr)102 156 Q(.ht/~nabijaczleweli/tzpfms)-1 E/F2 10
-/Courier@0 SF(~nabijaczleweli/tzpfms@lists.sr.ht)102 174 Q F0 2.5(,a)C
-(rchi)-2.5 E -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)
-2.5 E(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A(tzpfms 0.3.0)72 750 Q
-(December 20, 2021)144.985 E(7)189.705 E 0 Cg EP
+-.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF(REPOR)72 96 Q 1.666
+(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 108 Q
+(.ht/~nabijaczleweli/tzpfms)-1 E/F2 10/Courier@0 SF
+(~nabijaczleweli/tzpfms@lists.sr.ht)102 126 Q F0 86.763(,a)C(rchi)
+-86.763 E -.15(ve)-.25 G 86.762(da).15 G(t)-86.762 E F1
+(https://lists.sr)102 138 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A
+(tzpfms 0.3.0-1-g)72 799.889 Q 105.605(a4cfe40 June)-.05 F(17, 2022)2.5
+E(7)201.085 E 0 Cg EP
 %%Page: 8 8
 %%BeginPageSetup
 BP
@@ -645,93 +652,92 @@ BP
 F3(algorithm)222 156 Q F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666
 (]...)C([)-1.666 E F2(+)A F3(algorithm)A F2(:)A F3(PCR)A F0([)A F2(,)A
 F3(PCR)A F0 1.666(]...)C -2.499 1.666(]... [)-1.666 H F2<ad41>.833 E F0
-(]]).833 E F3(dataset)222 168 Q F1(DESCRIPTION)72 192 Q F0 6.931 -.8
-(To n)102 204 T(ormalise).8 E F3(dataset)7.831 E F0(,)A F2
-(zfs-tpm2-change-key)7.831 E F0 5.331
-(will open its encryption root in its stead.)7.831 F F2
-(zfs-tpm2-change-key)102 216 Q F0(will)3.864 E/F4 10/Times-Italic@0 SF
-(ne)3.864 E(ver)-.15 E F0 1.364(create or destro)3.864 F 3.864(ye)-.1 G
-1.364(ncryption roots; use)-3.864 F/F5 10/Courier@0 SF(zfs-change-key)
-3.864 E F0 1.364(\(8\) for)B(that.)102 228 Q
+(]]).833 E F3(dataset)222 168 Q F1(DESCRIPTION)72 192 Q F0 5.41 -.8
+(To n)102 204 T(ormalise).8 E F3(dataset)6.31 E F0(,)A F2
+(zfs-tpm2-change-key)6.31 E F0 3.811
+(will open its encryption root in its stead.)6.31 F F2
+(zfs-tpm2-change-key)102 216 Q F0(will)3.731 E/F4 10/Times-Italic@0 SF
+(ne)3.731 E(ver)-.15 E F0 1.231(create or destro)3.731 F 3.73(ye)-.1 G
+1.23(ncryption roots; use)-3.73 F/F5 10/Courier@0 SF(zfs-change-key)3.73
+E F0(\(8\))A(for that.)102 228 Q
 (First, a connection is made to the TPM, which)102 246 Q F4(must)2.5 E
-F0(be TPM-2.0-compatible.)2.5 E(If)102 264 Q F3(dataset)3.42 E F0 -.1
-(wa)3.42 G 3.42(sp).1 G(re)-3.42 E .92(viously encrypted with)-.25 F F2
-(tzpfms)3.42 E F0 .92(and the)3.42 F F1(TPM2)3.42 E F0 .92(back-end w)
-3.42 F .92(as used, the pre)-.1 F .92(vious k)-.25 F -.15(ey)-.1 G .382
-(will be freed from the TPM.)102 276 R .382
-(Otherwise, or in case of an error)5.382 F 2.882(,d)-.4 G .382
-(ata required for manual interv)-2.882 F .383(ention will be)-.15 F
-(printed to the standard error stream.)102 288 Q(Ne)102 306 Q .197
-(xt, a ne)-.15 F 2.697(ww)-.25 G .197(rapping k)-2.697 F .497 -.15(ey i)
--.1 H 2.697(sg).15 G .197(enerated on the TPM, optionally back)-2.697 F
-.197(ed up)-.1 F 1.666(\(s)4.363 G(ee)-1.666 E F1(OPTIONS)2.697 E F0
--3.135 1.666(\), a)1.666 H .197(nd sealed to a)-1.666 F .504
-(persistent object on the TPM under the o)102 318 R .504(wner hierarch)
--.25 F .504(y; if there is a passphrase set on the o)-.05 F .504
-(wner hierarch)-.25 F -.65(y,)-.05 G .041
-(the user is prompted for it; the user is al)102 330 R -.1(wa)-.1 G .04
-(ys prompted for an optional passphrase to protect the sealed object).1
-F(with.)102 342 Q(The follo)102 360 Q(wing properties are set on)-.25 E
-F3(dataset)2.5 E F0(:)A F1<83>122 372 Q F5
-(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(TPM2)A<83>122 384 Q
-F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3(persistent-object-ID)A
-F0([).833 E F2(;).833 E F3(algorithm)133 396 Q F2(:)A F3(PCR)A F0([)A F2
-(,)A F3(PCR)A F0 1.666(]...)C([)-1.666 E F2(+)A F3(algorithm)A F2(:)A F3
-(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C 1.666(]...)-1.666 G(])
--.833 E F5(tzpfms.backend)102 414 Q F0 3.203
-(identi\214es this dataset for w)5.703 F 3.203(ork with)-.1 F F1(TPM2)
-5.703 E F0(-back-ended)A F2(tzpfms)5.703 E F0 4.868(tools \()5.702 F
-(namely)1.666 E F5(zfs-tpm2-change-key)102 426 Q F0(\(8\),)A F5
+F0(be TPM-2.0-compatible.)2.5 E(If)102 264 Q F3(dataset)3.483 E F0 -.1
+(wa)3.483 G 3.483(sp).1 G(re)-3.483 E .983(viously encrypted with)-.25 F
+F2(tzpfms)3.483 E F0 .983(and the)3.483 F F1(TPM2)3.483 E F0 .983
+(back-end w)3.483 F .984(as used, the pre)-.1 F(vious)-.25 E -.1(ke)102
+276 S 2.714(yw)-.05 G .214(ill be freed from the TPM.)-2.714 F .214
+(Otherwise, or in case of an error)5.214 F 2.713(,d)-.4 G .213
+(ata required for manual interv)-2.713 F(ention)-.15 E
+(will be printed to the standard error stream.)102 288 Q(Ne)102 306 Q
+.252(xt, a ne)-.15 F 2.752(ww)-.25 G .252(rapping k)-2.752 F .552 -.15
+(ey i)-.1 H 2.752(sg).15 G .253(enerated on the TPM, optionally back)
+-2.752 F .253(ed up)-.1 F 1.666(\(s)4.419 G(ee)-1.666 E F1(OPTIONS)2.753
+E F0 -3.079 1.666(\), a)1.666 H .253(nd sealed)-1.666 F .179
+(to a persistent object on the TPM under the o)102 318 R .179
+(wner hierarch)-.25 F .179(y; if there is a passphrase set on the o)-.05
+F .178(wner hi-)-.25 F(erarch)102 330 Q 1.533 -.65(y, t)-.05 H .233
+(he user is prompted for it; the user is al).65 F -.1(wa)-.1 G .233
+(ys prompted for an optional passphrase to protect the).1 F
+(sealed object with.)102 342 Q(The follo)102 360 Q
+(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1<83>122 372
+Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(TPM2)A<83>122 384
+Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3(persistent-object-ID)
+A F0([).833 E F2(;).833 E F3(algorithm)133 396 Q F2(:)A F3(PCR)A F0([)A
+F2(,)A F3(PCR)A F0 1.666(]...)C([)-1.666 E F2(+)A F3(algorithm)A F2(:)A
+F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C 1.666(]...)-1.666 G(])
+-.833 E F5(tzpfms.backend)102 414 Q F0 1.53
+(identi\214es this dataset for w)4.03 F 1.53(ork with)-.1 F F1(TPM2)4.03
+E F0(-back-ended)A F2(tzpfms)4.031 E F0 3.197(tools \()4.031 F(namely)
+1.666 E F5(zfs-tpm2-change-key)102 426 Q F0(\(8\),)A F5
 (zfs-tpm2-load-key)2.5 E F0(\(8\), and)A F5(zfs-tpm2-clear-key)2.5 E F0
--.834(\(8\) \) .)B F5(tzpfms.key)102 444 Q F0 .414(is an inte)2.914 F
-.414(ger representing the sealed object, optionally follo)-.15 F .414
-(wed by a semicolon and PCR list)-.25 F 1.298(as speci\214ed with)102
-456 R F2<ad50>5.464 E F0 3.798(,n)C 1.298(ormalised to be)-3.798 F F2
-(tpm-tools)3.797 E F0 1.297
-(-toolchain-compatible; if needed, it can be passed to)B F2 11.056
-(tpm2_unseal \255c)102 468 R F5(${tzpfms.key)15.39 E F2(%%)A F5(;)A/F6
-10/Symbol SF(*)A F5(})A F0(with)11.89 E F2<ad70>13.556 E F0(")15.39 E F5
-(str:${passphrase})A F0 11.891("o)C(r)-11.891 E F2<ad70>13.557 E F0(")
-102 480 Q F5(pcr:${tzpfms.key)A F2(#)A F6(*)A F5(;})A F0 1.177
-(", as the case may be, or equi)B -.25(va)-.25 G 1.177
-(lent, for back-up).25 F 1.666(\(s)5.342 G(ee)-1.666 E F1(OPTIONS)3.676
-E F0 .344 1.666(\). I)1.666 H 3.676(fy)-1.666 G(ou)-3.676 E(ha)102 492 Q
-.633 -.15(ve a s)-.2 H .333(ealed k).15 F .633 -.15(ey y)-.1 H .333
-(ou can access with that or equi).15 F -.25(va)-.25 G .334
-(lent tool and set both of these properties, it will funxion).25 F
-(seamlessly)102 504 Q(.)-.65 E(Finally)102 522 Q 4.141(,t)-.65 G 1.641
-(he equi)-4.141 F -.25(va)-.25 G 1.641(lent of).25 F F2 1.641
-(zfs change-key)4.141 F<ad6f>9.307 E F5(keylocation=prompt)7.641 E F2
-<ad6f>9.307 E F5(keyformat=raw)7.64 E F3(dataset)102 534 Q F0 .336
-(is performed with the ne)2.836 F 2.836(wk)-.25 G -.15(ey)-2.936 G 5.336
-(.I)-.5 G 2.836(fa)-5.336 G 2.836(ne)-2.836 G .336
-(rror occurred, best ef)-2.836 F .337
-(fort is made to clean up the persistent)-.25 F
-(object and properties, or to issue a note for manual interv)102 546 Q
-(ention into the standard error stream.)-.15 E 2.92<418c>102 564 S .42
-(nal v)-2.92 F .42(eri\214cation should be made by running)-.15 F F2
-2.085(zfs-tpm2-load-key \255n)2.919 F F3(dataset)6.419 E F0 5.419(.I)C
-2.919(ft)-5.419 G .419(hat command)-2.919 F 3.503
-(succeeds, all is well, b)102 576 R 3.503(ut otherwise the dataset can \
-be manually rolled back to a passphrase with)-.2 F F2
-(zfs-tpm2-clear-key)102 588 Q F3(dataset)13.479 E F0 1.666(\(o)11.645 G
-8.278 -.4(r, i)-1.666 H 9.978(ft).4 G 7.478(hat f)-9.978 F 7.478
-(ails to w)-.1 F(ork,)-.1 E F2 7.478(zfs change-key)9.978 F<ad6f>15.144
-E F5(keyformat=passphrase)102 600 Q F3(dataset)6 E F0 -3.332 1.666
-(\), a)1.666 H(nd you are hereby ask)-1.666 E(ed to report a b)-.1 E
-(ug, please.)-.2 E F2(zfs-tpm2-clear-key)102 618 Q F3(dataset)6.423 E F0
-.423
-(can be used to free the TPM persistent object and go back to using a)
-2.923 F(passphrase.)102 630 Q F1(OPTIONS)72 654 Q F2<ad62>103.666 666 Q
-F3(backup-file)6 E F0(Sa)191 678 Q .806 -.15(ve a b)-.2 H .506
-(ack-up of the k).15 F .805 -.15(ey t)-.1 H(o).15 E F3(backup-file)3.005
-E F0 3.005(,w)C .505(hich must not e)-3.005 F .505(xist beforehand.)-.15
-F(This)5.505 E(back-up)191 690 Q F4(must)3.181 E F0 .681
-(be stored securely)3.181 F 3.181(,o)-.65 G -.25(ff)-3.181 G 3.181
-(-site. In).25 F .682(case of a catastrophic e)3.181 F -.15(ve)-.25 G
-.682(nt, the k).15 F .982 -.15(ey c)-.1 H(an).15 E(be loaded by running)
-191 702 Q(tzpfms 0.3.0)72 750 Q(December 20, 2021)144.985 E(8)189.705 E
-0 Cg EP
+-.834(\(8\) \) .)B F5(tzpfms.key)102 444 Q F0 .301(is an inte)2.802 F
+.301(ger representing the sealed object, optionally follo)-.15 F .301
+(wed by a semicolon and PCR)-.25 F 2.011(list as speci\214ed with)102
+456 R F2<ad50>6.177 E F0 4.511(,n)C 2.011(ormalised to be)-4.511 F F2
+(tpm-tools)4.512 E F0 2.012(-toolchain-compatible; if needed, it can be)
+B 1.063(passed to)102 468 R F2 2.729(tpm2_unseal \255c)3.563 F F5
+(${tzpfms.key)7.063 E F2(%%)A F5(;)A/F6 10/Symbol SF(*)A F5(})A F0(with)
+3.563 E F2<ad70>5.229 E F0(")7.063 E F5(str:${passphrase})A F0 3.563("o)
+C(r)-3.563 E F2<ad70>5.229 E F0(")102 480 Q F5(pcr:${tzpfms.key)A F2(#)A
+F6(*)A F5(;})A F0 1.339(", as the case may be, or equi)B -.25(va)-.25 G
+1.339(lent, for back-up).25 F 1.666(\(s)5.506 G(ee)-1.666 E F1(OPTIONS)
+3.84 E F0 .508 1.666(\). I)1.666 H(f)-1.666 E .303(you ha)102 492 R .603
+-.15(ve a s)-.2 H .303(ealed k).15 F .603 -.15(ey y)-.1 H .303
+(ou can access with that or equi).15 F -.25(va)-.25 G .302
+(lent tool and set both of these properties, it will).25 F
+(funxion seamlessly)102 504 Q(.)-.65 E(Finally)102 522 Q 12.755(,t)-.65
+G 10.255(he equi)-12.755 F -.25(va)-.25 G 10.255(lent of).25 F F2 10.255
+(zfs change-key)12.755 F<ad6f>17.922 E F5(keylocation=prompt)16.256 E F2
+<ad6f>17.922 E F5(keyformat=raw)102 534 Q F3(dataset)6.507 E F0 .507
+(is performed with the ne)3.007 F 3.006(wk)-.25 G -.15(ey)-3.106 G 5.506
+(.I)-.5 G 3.006(fa)-5.506 G 3.006(ne)-3.006 G .506
+(rror occurred, best ef)-3.006 F .506(fort is made)-.25 F .622(to clean\
+ up the persistent object and properties, or to issue a note for manual\
+ interv)102 546 R .623(ention into the stan-)-.15 F(dard error stream.)
+102 558 Q 3.087<418c>102 576 S .586(nal v)-3.087 F .586
+(eri\214cation should be made by running)-.15 F F2 2.252
+(zfs-tpm2-load-key \255n)3.086 F F3(dataset)6.586 E F0 5.586(.I)C 3.086
+(ft)-5.586 G .586(hat com-)-3.086 F .859(mand succeeds, all is well, b)
+102 588 R .859(ut otherwise the dataset can be manually rolled back to \
+a passphrase with)-.2 F F2(zfs-tpm2-clear-key)102 600 Q F3(dataset)
+11.806 E F0 1.666(\(o)9.972 G 6.606 -.4(r, i)-1.666 H 8.306(ft).4 G
+5.806(hat f)-8.306 F 5.806(ails to w)-.1 F(ork,)-.1 E F2 5.805
+(zfs change-key)8.305 F<ad6f>13.471 E F5(keyformat=passphrase)102 612 Q
+F3(dataset)6 E F0 -3.332 1.666(\), a)1.666 H(nd you are hereby ask)
+-1.666 E(ed to report a b)-.1 E(ug, please.)-.2 E F2(zfs-tpm2-clear-key)
+102 630 Q F3(dataset)6.429 E F0 .429
+(can be used to free the TPM persistent object and go back to us-)2.929
+F(ing a passphrase.)102 642 Q F1(OPTIONS)72 666 Q F2<ad62>103.666 678 Q
+F3(backup-file)6 E F0(Sa)191 690 Q 1.353 -.15(ve a b)-.2 H 1.052
+(ack-up of the k).15 F 1.352 -.15(ey t)-.1 H(o).15 E F3(backup-file)
+3.552 E F0 3.552(,w)C 1.052(hich must not e)-3.552 F 1.052
+(xist beforehand.)-.15 F .431(This back-up)191 702 R F4(must)2.931 E F0
+.431(be stored securely)2.931 F 2.931(,o)-.65 G -.25(ff)-2.931 G 2.931
+(-site. In).25 F .431(case of a catastrophic e)2.931 F -.15(ve)-.25 G
+.432(nt, the).15 F -.1(ke)191 714 S 2.5(yc)-.05 G
+(an be loaded by running)-2.5 E F2(zfs load-key)221 726 Q F3(dataset)6 E
+F5(<)6 E F3(backup-file)6 E F0(tzpfms 0.3.0-1-g)72 799.889 Q 105.605
+(a4cfe40 June)-.05 F(17, 2022)2.5 E(8)201.085 E 0 Cg EP
 %%Page: 9 9
 %%BeginPageSetup
 BP
@@ -739,84 +745,90 @@ BP
 /F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R
 (System Manager')53.329 E 2.5(sM)-.55 G 48.329
 (anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Courier-Bold@0 SF
-(zfs load-key)221 96 Q/F2 10/Courier-Oblique@0 SF(dataset)6 E/F3 10
-/Courier@0 SF(<)6 E F2(backup-file)6 E F1<ad50>103.666 114 Q F2
-(algorithm)6 E F1(:)A F2(PCR)A F0([)A F1(,)A F2(PCR)A F0 1.666(]...)C([)
--1.666 E F1(+)A F2(algorithm)A F1(:)A F2(PCR)A F0([)A F1(,)A F2(PCR)A F0
-1.666(]...)C 1.666(]...)-1.666 G .851(Bind the k)191 126 R 1.151 -.15
-(ey t)-.1 H 3.351(os).15 G .851(pace- or comma-separated)-3.351 F F2
-(PCR)3.351 E F0 3.351(sw)C .851(ithin their corresponding hashing)-3.351
-F F2(algorithm)191 138 Q F0 4.119<8a69>4.119 G 4.119(ft)-4.119 G(he)
--4.119 E 4.119(yc)-.15 G 1.619(hange, the wrapping k)-4.119 F 1.919 -.15
-(ey w)-.1 H 1.62(ill not be able to be unsealed.).15 F(There are)191 150
-Q/F4 10/Times-Bold@0 SF(24)2.5 E F0(PCRs, numbered)2.5 E F4(0)2.5 E F0
-(..)A F4(23)A F0(.)A F2(algorithm)191 168 Q F0 1.096(may be an)3.596 F
-3.596(yo)-.15 G 3.596(fc)-3.596 G(ase-insensiti)-3.596 E 1.395 -.15
-(ve ")-.25 H F4(sha1).15 E F0 1.095(", ")B F4(sha256)A F0 1.095(", ")B
-F4(sha384)A F0 1.095(", ")B F4(sha512)A F0(",)A(")191 180 Q F4(sm3_256)A
-F0 9.062(", ")B F4(sm3-256)A F0 9.062(", ")B F4(sha3_256)A F0 9.062
-(", ")B F4(sha3-256)A F0 9.062(", ")B F4(sha3_384)A F0 9.062(", ")B F4
-(sha3-384)A F0(",)A(")191 192 Q F4(sha3_512)A F0(", or ")A F4(sha3-512)A
-F0(", and must be supported by the TPM.)A F1<ad41>103.666 210 Q F0 -.4
-(Wi)191 210 S(th).4 E F1<ad50>6.798 E F0 5.132(,a)C 2.632
-(lso prompt for a passphrase.)-5.132 F 2.632(This is skipped by def)
-7.632 F 2.631(ault because the)-.1 F .833(passphrase is)191 222 R/F5 10
-/Times-Italic@0 SF(OR)3.333 E F0 .833(ed with the PCR polic)B 3.334
-(y\212t)-.15 G .834(he wrapping k)-3.334 F 1.134 -.15(ey c)-.1 H .834
-(an be unsealed).15 F F5(either)3.334 E F0 .703
-(passphraseless with the right PCRs)191 234 R F5(or)3.203 E F0 .703
-(with the passphrase, and this is usually not the)3.203 F(intent.)191
-246 Q F4(ENVIR)72 270 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F3
-(TZPFMS_PASSPHRASE_HELPER)102 282 Q F0 .465(By def)143 294 R .466(ault,\
- passphrases are prompted for and read in on the standard output and in\
-put streams.)-.1 F(If)5.466 E F3(TZPFMS_PASSPHRASE_HELPER)143 306 Q F0
-.517(is set and nonempty)3.017 F 3.017(,i)-.65 G 3.017(tw)-3.017 G .516
-(ill be run via)-3.017 F F3(/bin/)3.016 E F1 2.182(sh \255c)B F0 .516
-(to pro-)3.016 F(vide each passphrase, instead.)143 318 Q .188
-(The standard output stream of the helper is tied to an anon)143 336 R
-.189(ymous \214le and used in its entirety as the)-.15 F(passphrase, e)
-143 348 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
-(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F3($1)155 360 Q F0
-(Pre-formatted noun phrase with all the information belo)172 360 Q 1.3
--.65(w, f)-.25 H(or use as a prompt).65 E F3($2)155 372 Q F0
-(Either the dataset name or the element of the TPM hierarch)172 372 Q
-2.5(yb)-.05 G(eing prompted for)-2.5 E F3($3)155 384 Q F0("ne)172 384 Q
+<ad50>103.666 96 Q/F2 10/Courier-Oblique@0 SF(algorithm)6 E F1(:)A F2
+(PCR)A F0([)A F1(,)A F2(PCR)A F0 1.666(]...)C([)-1.666 E F1(+)A F2
+(algorithm)A F1(:)A F2(PCR)A F0([)A F1(,)A F2(PCR)A F0 1.666(]...)C
+1.666(]...)-1.666 G .19(Bind the k)191 108 R .49 -.15(ey t)-.1 H 2.69
+(os).15 G .19(pace- or comma-separated)-2.69 F F2(PCR)2.689 E F0 2.689
+(sw)C .189(ithin their corresponding hash-)-2.689 F(ing)191 120 Q F2
+(algorithm)3.488 E F0 3.488<8a69>3.488 G 3.488(ft)-3.488 G(he)-3.488 E
+3.488(yc)-.15 G .988(hange, the wrapping k)-3.488 F 1.288 -.15(ey w)-.1
+H .989(ill not be able to be un-).15 F 2.5(sealed. There)191 132 R(are)
+2.5 E/F3 10/Times-Bold@0 SF(24)2.5 E F0(PCRs, numbered)2.5 E F3(0)2.5 E
+F0(..)A F3(23)A F0(.)A F2(algorithm)191 150 Q F0 4.468(may be an)6.969 F
+6.968(yo)-.15 G 6.968(fc)-6.968 G(ase-insensiti)-6.968 E 4.768 -.15
+(ve ")-.25 H F3(sha1).15 E F0 4.468(", ")B F3(sha256)A F0 4.468(", ")B
+F3(sha384)A F0(",)A(")191 162 Q F3(sha512)A F0 7.383(", ")B F3(sm3_256)A
+F0 7.383(", ")B F3(sm3-256)A F0 7.383(", ")B F3(sha3_256)A F0 7.383
+(", ")B F3(sha3-256)A F0 7.383(", ")B F3(sha3_384)A F0(",)A(")191 174 Q
+F3(sha3-384)A F0(", ")A F3(sha3_512)A F0(", or ")A F3(sha3-512)A F0
+(", and must be supported by the TPM.)A F1<ad41>103.666 192 Q F0 -.4(Wi)
+191 192 S(th).4 E F1<ad50>5.512 E F0 3.846(,a)C 1.346
+(lso prompt for a passphrase.)-3.846 F 1.345(This is skipped by def)
+6.345 F 1.345(ault because the)-.1 F 1.598(passphrase is)191 204 R/F4 10
+/Times-Italic@0 SF(OR)4.098 E F0 1.598(ed with the PCR polic)B 4.098
+(y\212t)-.15 G 1.598(he wrapping k)-4.098 F 1.898 -.15(ey c)-.1 H 1.598
+(an be unsealed).15 F F4(either)191 216 Q F0 .689
+(passphraseless with the right PCRs)3.189 F F4(or)3.189 E F0 .689
+(with the passphrase, and this is usu-)3.189 F(ally not the intent.)191
+228 Q F3(ENVIR)72 252 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E/F5 10
+/Courier@0 SF(TZPFMS_PASSPHRASE_HELPER)102 264 Q F0 .159(By def)143 276
+R .159(ault, passphrases are prompted for and read in on the standard o\
+utput and input streams.)-.1 F(If)143 288 Q F5(TZPFMS_PASSPHRASE_HELPER)
+3.356 E F0 .856(is set and nonempty)3.356 F 3.356(,i)-.65 G 3.356(tw)
+-3.356 G .856(ill be run via)-3.356 F F5(/bin/)3.355 E F1 2.521
+(sh \255c)B F0(to pro)143 300 Q(vide each passphrase, instead.)-.15 E
+.087(The standard output stream of the helper is tied to an anon)143 318
+R .088(ymous \214le and used in its entirety as)-.15 F
+(the passphrase, e)143 330 Q(xcept for a trailing ne)-.15 E
+(w-line, if an)-.25 E 3.8 -.65(y. T)-.15 H(he ar).65 E(guments are:)-.18
+E F5($1)155 342 Q F0
+(Pre-formatted noun phrase with all the information belo)172 342 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F5($2)155 354 Q F0
+(Either the dataset name or the element of the TPM hierarch)172 354 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F5($3)155 366 Q F0("ne)172 366 Q
 (w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
--2.5 E F3($4)155 396 Q F0("ag)172 396 Q(ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .181
-(If the helper doesn')143 414 R 2.681(te)-.18 G 1.847(xist \()-2.831 F
-.181(the shell e)1.666 F .181(xits with)-.15 F F4(127)2.681 E F0 -3.151
-1.666(\), a d)1.666 H .181(iagnostic is issued and the normal prompt)
--1.666 F(is used as f)143 426 Q 2.5(all-back. If)-.1 F(it f)2.5 E
+-2.5 E F5($4)155 378 Q F0("ag)172 378 Q(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E 1.109
+(If the helper doesn')143 396 R 3.609(te)-.18 G 2.775(xist \()-3.759 F
+1.109(the shell e)1.666 F 1.109(xits with)-.15 F F3(127)3.609 E F0
+-2.223 1.666(\), a d)1.666 H 1.108(iagnostic is issued and the normal)
+-1.666 F(prompt is used as f)143 408 Q 2.5(all-back. If)-.1 F(it f)2.5 E
 (ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)
--2.5 E F4 1.666(TPM2 back-end con\214guration)72 450 R(En)84 462 Q(vir)
--.4 E .625(onment v)-.18 F(ariables)-.1 E F3(TSS2_LOG)102 474 Q F0(An)
-155 474 Q 2.5(yo)-.15 G(f:)-2.5 E F4(NONE)2.5 E F0(,)A F4(ERR)2.5 E(OR)
--.3 E F0(,)A F4 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F4(INFO)2.5 E F0(,)A F4
-(DEB)2.5 E(UG)-.1 E F0(,)A F4(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E
-(ault:)-.1 E F4 -1.2(WA)2.5 G(RNING)1.2 E F0(.)A F4 .625(TPM selection)
-84 498 R F0 .516(The library)102 510 R F1(libtss2-tcti-default.so)3.016
-E F0 .516(can be link)3.016 F .516(ed to an)-.1 F 3.017(yo)-.15 G 3.017
-(ft)-3.017 G(he)-3.017 E F3(libtss2-tcti-)3.017 E/F6 10/Symbol SF(*)A F3
-(.so)A F0(libraries)3.017 E .576(to select the def)102 522 R .576
-(ault, otherwise)-.1 F F3(/dev/tpmrm0)3.076 E F0 3.076(,t)C(hen)-3.076 E
-F3(/dev/tpm0)3.076 E F0 3.076(,t)C(hen)-3.076 E F3(localhost:2321)3.076
-E F0 .575(will be tried,)3.076 F(in order)102 534 Q 1.666(\(s)4.166 G
-(ee)-1.666 E F3(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F4 .625
-(See also)84 558 R F0 3.487(The tpm2-tss git repository at)102 570 R F4
-(https://github)5.988 E(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0
-3.488(and the documentation at)5.988 F F4(https://tpm2-tss.r)102 582 Q
-(eadthedocs.io)-.18 E F0(.)A 6.305
-(The TPM 2.0 speci\214cations, mainly at)102 600 R F4
-(https://trustedcomputinggr)8.805 E(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E
-(ce/tpm-library-)-.18 E(speci\214cation/)102 612 Q F0(,)A F4
-(https://trustedcomputinggr)116.04 E(oup.or)-.18 E
-(g/wp-content/uploads/TPM-)-.1 E(Re)102 624 Q(v-2.0-P)-.15 E(art-1-Ar)
+-2.5 E F3 1.666(TPM2 back-end con\214guration)72 432 R(En)84 444 Q(vir)
+-.4 E .625(onment v)-.18 F(ariables)-.1 E F5(TSS2_LOG)102 456 Q F0(An)
+155 456 Q 2.5(yo)-.15 G(f:)-2.5 E F3(NONE)2.5 E F0(,)A F3(ERR)2.5 E(OR)
+-.3 E F0(,)A F3 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F3(INFO)2.5 E F0(,)A F3
+(DEB)2.5 E(UG)-.1 E F0(,)A F3(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E
+(ault:)-.1 E F3 -1.2(WA)2.5 G(RNING)1.2 E F0(.)A F3 .625(TPM selection)
+84 480 R F0 1.166(The library)102 492 R F1(libtss2-tcti-default.so)3.666
+E F0 1.167(can be link)3.667 F 1.167(ed to an)-.1 F 3.667(yo)-.15 G
+3.667(ft)-3.667 G(he)-3.667 E F5(libtss2-tcti-)3.667 E/F6 10/Symbol SF
+(*)A F5(.so)A F0(li-)3.667 E 1.381(braries to select the def)102 504 R
+1.381(ault, otherwise)-.1 F F5(/dev/tpmrm0)3.88 E F0 3.88(,t)C(hen)-3.88
+E F5(/dev/tpm0)3.88 E F0 3.88(,t)C(hen)-3.88 E F5(localhost:2321)3.88 E
+F0(will be tried, in order)102 516 Q 1.666(\(s)4.166 G(ee)-1.666 E F5
+(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F3 .625(See also)84 540 R F0
+1.629(The tpm2-tss git repository at)102 552 R F3(https://github)4.129 E
+(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0 1.63
+(and the documentation at)4.13 F F3(https://tpm2-tss.r)102 564 Q
+(eadthedocs.io)-.18 E F0(.)A 3.518
+(The TPM 2.0 speci\214cations, mainly at)102 582 R F3
+(https://trustedcomputinggr)6.017 E(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E
+(ce/tpm-library-)-.18 E(speci\214cation/)102 594 Q F0(,)A F3
+(https://trustedcomputinggr)99.315 E(oup.or)-.18 E
+(g/wp-content/uploads/TPM-)-.1 E(Re)102 606 Q(v-2.0-P)-.15 E(art-1-Ar)
 -.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0 2.5(,a)C(nd related pages.)
--2.5 E F4 1.666(SPECIAL THANKS)72 648 R F0 1.6 -.8(To a)102 660 T
+-2.5 E F3 1.666(SPECIAL THANKS)72 630 R F0 1.6 -.8(To a)102 642 T
 (ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
-.15 E F4<83>122 672 Q F0(ThePhD)2.5 E(tzpfms 0.3.0)72 750 Q
-(December 20, 2021)144.985 E(9)189.705 E 0 Cg EP
+.15 E F3<83>122 654 Q F0(ThePhD)2.5 E F3<83>122 666 Q F0(Embark Studios)
+2.5 E F3<83>122 678 Q F0(Jasper Bekk)2.5 E(ers)-.1 E F3(REPOR)72 702 Q
+1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 714 Q
+(.ht/~nabijaczleweli/tzpfms)-1 E F5(~nabijaczleweli/tzpfms@lists.sr.ht)
+102 732 Q F0 86.763(,a)C(rchi)-86.763 E -.15(ve)-.25 G 86.762(da).15 G
+(t)-86.762 E F3(https://lists.sr)102 744 Q(.ht/~nabijaczleweli/tzpfms)-1
+E F0(.)A(tzpfms 0.3.0-1-g)72 799.889 Q 105.605(a4cfe40 June)-.05 F
+(17, 2022)2.5 E(9)201.085 E 0 Cg EP
 %%Page: 10 10
 %%BeginPageSetup
 BP
@@ -824,20 +836,16 @@ BP
 /F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R
 (System Manager')53.329 E 2.5(sM)-.55 G 48.329
 (anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF
-<83>122 96 Q F0(Embark Studios)2.5 E F1<83>122 108 Q F0(Jasper Bekk)2.5
-E(ers)-.1 E F1(REPOR)72 132 Q 1.666(TING B)-.4 F(UGS)-.1 E
-(https://todo.sr)102 144 Q(.ht/~nabijaczleweli/tzpfms)-1 E/F2 10
-/Courier@0 SF(~nabijaczleweli/tzpfms@lists.sr.ht)102 162 Q F0 2.5(,a)C
-(rchi)-2.5 E -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)
-2.5 E(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 186 R
-F2(tpm2_unseal)102 198 Q F0(\(1\))A(PCR allocations:)102 216 Q F1
-(https://wiki.ar)2.5 E(chlinux.or)-.18 E(g/title/T)-.1 E(rusted_Platf)
--.74 E(orm_Module#Accessing_PCR_r)-.25 E(egisters)-.18 E F0(and)102 228
-Q F1(https://trustedcomputinggr)2.5 E(oup.or)-.18 E
-(g/wp-content/uploads/PC-)-.1 E(ClientSpeci\214c_Platf)102 240 Q(orm_Pr)
+1.666(SEE ALSO)72 96 R/F2 10/Courier@0 SF(tpm2_unseal)102 108 Q F0
+(\(1\))A(PCR allocations:)102 126 Q F1(https://wiki.ar)102 138 Q
+(chlinux.or)-.18 E(g/title/T)-.1 E(rusted_Platf)-.74 E
+(orm_Module#Accessing_PCR_r)-.25 E(egisters)-.18 E F0(and)2.5 E F1
+(https://trustedcomputinggr)102 150 Q(oup.or)-.18 E
+(g/wp-content/uploads/PC-)-.1 E(ClientSpeci\214c_Platf)102 162 Q(orm_Pr)
 -.25 E(o\214le_f)-.18 E(or_TPM_2p0_Systems_v51.pdf)-.25 E F0 2.5(,S)C
-(ection 2.3.4 "PCR Usage", T)-2.5 E(able 1.)-.8 E(tzpfms 0.3.0)72 750 Q
-(December 20, 2021)144.985 E(10)184.705 E 0 Cg EP
+(ection 2.3.4 "PCR Usage", T)-2.5 E(able)-.8 E(1.)102 174 Q
+(tzpfms 0.3.0-1-g)72 799.889 Q 105.605(a4cfe40 June)-.05 F(17, 2022)2.5
+E(10)196.085 E 0 Cg EP
 %%Page: 11 11
 %%BeginPageSetup
 BP
@@ -851,81 +859,83 @@ BP
 132 Q F2(zfs-tpm2-clear-key)102 144 Q/F3 10/Courier-Oblique@0 SF
 (dataset)2.5 E F1(DESCRIPTION)72 168 Q F0(After v)102 180 Q(erifying)
 -.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E
-F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM2)2.5 E F0(:)A 6.985
-(1. performs the equi)122 192 R -.25(va)-.25 G 6.984(lent of).25 F F2
-6.984(zfs change-key)9.484 F<ad6f>14.65 E/F4 10/Courier@0 SF
-(keylocation=prompt)12.984 E F2<ad6f>14.65 E F4(keyformat=passphrase)127
-204 Q F3(dataset)6 E F0(,)A(2. frees the sealed k)122 216 Q .3 -.15
+F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM2)2.5 E F0(:)A 5.126
+(1. performs the equi)122 192 R -.25(va)-.25 G 5.126(lent of).25 F F2
+5.126(zfs change-key)7.626 F<ad6f>12.792 E/F4 10/Courier@0 SF
+(keylocation=prompt)11.126 E F2<ad6f>12.792 E F4(keyformat=passphrase)
+127 204 Q F3(dataset)6 E F0(,)A(2. frees the sealed k)122 216 Q .3 -.15
 (ey p)-.1 H(re).15 E(viously used to encrypt)-.25 E F3(dataset)2.5 E F0
-(,)A(3. remo)122 228 Q -.15(ve)-.15 G 2.5(st).15 G(he)-2.5 E F4
-(xyz.nabijaczleweli:tzpfms.)2.5 E F0({)A F4(backend)A F0(,)A F4(key)6 E
-F0 2.5(}p)C(roperties from)-2.5 E F3(dataset)2.5 E F0(.)A(See)102 246 Q
-F4(zfs-tpm2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1
-(ENVIR)72 270 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F4
-(TZPFMS_PASSPHRASE_HELPER)102 282 Q F0 .465(By def)143 294 R .466(ault,\
- passphrases are prompted for and read in on the standard output and in\
-put streams.)-.1 F(If)5.466 E F4(TZPFMS_PASSPHRASE_HELPER)143 306 Q F0
-.517(is set and nonempty)3.017 F 3.017(,i)-.65 G 3.017(tw)-3.017 G .516
-(ill be run via)-3.017 F F4(/bin/)3.016 E F2 2.182(sh \255c)B F0 .516
-(to pro-)3.016 F(vide each passphrase, instead.)143 318 Q .188
-(The standard output stream of the helper is tied to an anon)143 336 R
-.189(ymous \214le and used in its entirety as the)-.15 F(passphrase, e)
-143 348 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
-(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)155 360 Q F0
-(Pre-formatted noun phrase with all the information belo)172 360 Q 1.3
--.65(w, f)-.25 H(or use as a prompt).65 E F4($2)155 372 Q F0
-(Either the dataset name or the element of the TPM hierarch)172 372 Q
-2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)155 384 Q F0("ne)172 384 Q
+(,)A 6.991(3. remo)122 228 R -.15(ve)-.15 G 9.491(st).15 G(he)-9.491 E
+F4(xyz.nabijaczleweli:tzpfms.)9.491 E F0({)A F4(backend)A F0(,)A F4(key)
+12.991 E F0 9.491(}p)C 6.99(roperties from)-9.491 F F3(dataset)127 240 Q
+F0(.)A(See)102 258 Q F4(zfs-tpm2-change-key)2.5 E F0
+(\(8\) for a detailed description.)A F1(ENVIR)72 282 Q 1.666(ONMENT V)
+-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)102 294 Q F0 .159
+(By def)143 306 R .159(ault, passphrases are prompted for and read in o\
+n the standard output and input streams.)-.1 F(If)143 318 Q F4
+(TZPFMS_PASSPHRASE_HELPER)3.356 E F0 .856(is set and nonempty)3.356 F
+3.356(,i)-.65 G 3.356(tw)-3.356 G .856(ill be run via)-3.356 F F4(/bin/)
+3.355 E F2 2.521(sh \255c)B F0(to pro)143 330 Q
+(vide each passphrase, instead.)-.15 E .087
+(The standard output stream of the helper is tied to an anon)143 348 R
+.088(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
+143 360 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)155 372 Q F0
+(Pre-formatted noun phrase with all the information belo)172 372 Q 1.3
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)155 384 Q F0
+(Either the dataset name or the element of the TPM hierarch)172 384 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)155 396 Q F0("ne)172 396 Q
 (w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
--2.5 E F4($4)155 396 Q F0("ag)172 396 Q(ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .181
-(If the helper doesn')143 414 R 2.681(te)-.18 G 1.847(xist \()-2.831 F
-.181(the shell e)1.666 F .181(xits with)-.15 F F1(127)2.681 E F0 -3.151
-1.666(\), a d)1.666 H .181(iagnostic is issued and the normal prompt)
--1.666 F(is used as f)143 426 Q 2.5(all-back. If)-.1 F(it f)2.5 E
+-2.5 E F4($4)155 408 Q F0("ag)172 408 Q(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E 1.109
+(If the helper doesn')143 426 R 3.609(te)-.18 G 2.775(xist \()-3.759 F
+1.109(the shell e)1.666 F 1.109(xits with)-.15 F F1(127)3.609 E F0
+-2.223 1.666(\), a d)1.666 H 1.108(iagnostic is issued and the normal)
+-1.666 F(prompt is used as f)143 438 Q 2.5(all-back. If)-.1 F(it f)2.5 E
 (ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)
--2.5 E F1 1.666(TPM2 back-end con\214guration)72 450 R(En)84 462 Q(vir)
--.4 E .625(onment v)-.18 F(ariables)-.1 E F4(TSS2_LOG)102 474 Q F0(An)
-155 474 Q 2.5(yo)-.15 G(f:)-2.5 E F1(NONE)2.5 E F0(,)A F1(ERR)2.5 E(OR)
+-2.5 E F1 1.666(TPM2 back-end con\214guration)72 462 R(En)84 474 Q(vir)
+-.4 E .625(onment v)-.18 F(ariables)-.1 E F4(TSS2_LOG)102 486 Q F0(An)
+155 486 Q 2.5(yo)-.15 G(f:)-2.5 E F1(NONE)2.5 E F0(,)A F1(ERR)2.5 E(OR)
 -.3 E F0(,)A F1 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F1(INFO)2.5 E F0(,)A F1
 (DEB)2.5 E(UG)-.1 E F0(,)A F1(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E
 (ault:)-.1 E F1 -1.2(WA)2.5 G(RNING)1.2 E F0(.)A F1 .625(TPM selection)
-84 498 R F0 .516(The library)102 510 R F2(libtss2-tcti-default.so)3.016
-E F0 .516(can be link)3.016 F .516(ed to an)-.1 F 3.017(yo)-.15 G 3.017
-(ft)-3.017 G(he)-3.017 E F4(libtss2-tcti-)3.017 E/F5 10/Symbol SF(*)A F4
-(.so)A F0(libraries)3.017 E .576(to select the def)102 522 R .576
-(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.076 E F0 3.076(,t)C(hen)-3.076 E
-F4(/dev/tpm0)3.076 E F0 3.076(,t)C(hen)-3.076 E F4(localhost:2321)3.076
-E F0 .575(will be tried,)3.076 F(in order)102 534 Q 1.666(\(s)4.166 G
-(ee)-1.666 E F4(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F1 .625
-(See also)84 558 R F0 3.487(The tpm2-tss git repository at)102 570 R F1
-(https://github)5.988 E(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0
-3.488(and the documentation at)5.988 F F1(https://tpm2-tss.r)102 582 Q
-(eadthedocs.io)-.18 E F0(.)A 6.305
-(The TPM 2.0 speci\214cations, mainly at)102 600 R F1
-(https://trustedcomputinggr)8.805 E(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E
-(ce/tpm-library-)-.18 E(speci\214cation/)102 612 Q F0(,)A F1
-(https://trustedcomputinggr)116.04 E(oup.or)-.18 E
-(g/wp-content/uploads/TPM-)-.1 E(Re)102 624 Q(v-2.0-P)-.15 E(art-1-Ar)
+84 510 R F0 1.166(The library)102 522 R F2(libtss2-tcti-default.so)3.666
+E F0 1.167(can be link)3.667 F 1.167(ed to an)-.1 F 3.667(yo)-.15 G
+3.667(ft)-3.667 G(he)-3.667 E F4(libtss2-tcti-)3.667 E/F5 10/Symbol SF
+(*)A F4(.so)A F0(li-)3.667 E 1.381(braries to select the def)102 534 R
+1.381(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.88 E F0 3.88(,t)C(hen)-3.88
+E F4(/dev/tpm0)3.88 E F0 3.88(,t)C(hen)-3.88 E F4(localhost:2321)3.88 E
+F0(will be tried, in order)102 546 Q 1.666(\(s)4.166 G(ee)-1.666 E F4
+(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F1 .625(See also)84 570 R F0
+1.629(The tpm2-tss git repository at)102 582 R F1(https://github)4.129 E
+(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0 1.63
+(and the documentation at)4.13 F F1(https://tpm2-tss.r)102 594 Q
+(eadthedocs.io)-.18 E F0(.)A 3.518
+(The TPM 2.0 speci\214cations, mainly at)102 612 R F1
+(https://trustedcomputinggr)6.017 E(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E
+(ce/tpm-library-)-.18 E(speci\214cation/)102 624 Q F0(,)A F1
+(https://trustedcomputinggr)99.315 E(oup.or)-.18 E
+(g/wp-content/uploads/TPM-)-.1 E(Re)102 636 Q(v-2.0-P)-.15 E(art-1-Ar)
 -.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0 2.5(,a)C(nd related pages.)
--2.5 E F1 1.666(SPECIAL THANKS)72 648 R F0 1.6 -.8(To a)102 660 T
+-2.5 E F1 1.666(SPECIAL THANKS)72 660 R F0 1.6 -.8(To a)102 672 T
 (ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
-.15 E F1<83>122 672 Q F0(ThePhD)2.5 E(tzpfms 0.3.0)72 750 Q
-(December 20, 2021)144.985 E(11)184.705 E 0 Cg EP
+.15 E F1<83>122 684 Q F0(ThePhD)2.5 E F1<83>122 696 Q F0(Embark Studios)
+2.5 E F1<83>122 708 Q F0(Jasper Bekk)2.5 E(ers)-.1 E(tzpfms 0.3.0-1-g)72
+799.889 Q 105.605(a4cfe40 June)-.05 F(17, 2022)2.5 E(11)196.085 E 0 Cg
+EP
 %%Page: 12 12
 %%BeginPageSetup
 BP
 %%EndPageSetup
 /F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CLEAR-KEY \(8\))72 48 R
 (System Manager')62.209 E 2.5(sM)-.55 G 57.209(anual ZFS-TPM2-CLEAR-KEY)
--2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF<83>122 96 Q F0
-(Embark Studios)2.5 E F1<83>122 108 Q F0(Jasper Bekk)2.5 E(ers)-.1 E F1
-(REPOR)72 132 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 144 Q
-(.ht/~nabijaczleweli/tzpfms)-1 E/F2 10/Courier@0 SF
-(~nabijaczleweli/tzpfms@lists.sr.ht)102 162 Q F0 2.5(,a)C(rchi)-2.5 E
--.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E
-(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A(tzpfms 0.3.0)72 750 Q
-(December 20, 2021)144.985 E(12)184.705 E 0 Cg EP
+-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF(REPOR)72 96 Q 1.666(TING B)
+-.4 F(UGS)-.1 E(https://todo.sr)102 108 Q(.ht/~nabijaczleweli/tzpfms)-1
+E/F2 10/Courier@0 SF(~nabijaczleweli/tzpfms@lists.sr.ht)102 126 Q F0
+86.763(,a)C(rchi)-86.763 E -.15(ve)-.25 G 86.762(da).15 G(t)-86.762 E F1
+(https://lists.sr)102 138 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A
+(tzpfms 0.3.0-1-g)72 799.889 Q 105.605(a4cfe40 June)-.05 F(17, 2022)2.5
+E(12)196.085 E 0 Cg EP
 %%Page: 13 13
 %%BeginPageSetup
 BP
@@ -937,28 +947,28 @@ BP
 (oad TPM2-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72
 132 Q F2(zfs-tpm2-load-key)102 144 Q F0([)3.333 E F2<ad6e>2.499 E F0(])
 .833 E/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 168 Q
-F0 1.118(After v)102 180 R(erifying)-.15 E F3(dataset)3.618 E F0 -.1(wa)
-3.618 G 3.618(se).1 G 1.118(ncrypted with)-3.618 F F2(tzpfms)3.618 E F0
-(back)3.618 E(end)-.1 E F1(TPM2)3.618 E F0 3.618(,u)C 1.118
-(nseals the k)-3.618 F 1.418 -.15(ey a)-.1 H 1.118(nd loads it into).15
-F F3(dataset)102 192 Q F0(.)A(The user is prompted for the additional p\
-assphrase, set when creating the k)102 210 Q -.15(ey)-.1 G 2.5(,i)-.5 G
-2.5(fo)-2.5 G(ne w)-2.5 E(as set.)-.1 E(See)102 228 Q/F4 10/Courier@0 SF
+F0 .003(After v)102 180 R(erifying)-.15 E F3(dataset)2.503 E F0 -.1(wa)
+2.503 G 2.503(se).1 G .003(ncrypted with)-2.503 F F2(tzpfms)2.503 E F0
+(back)2.503 E(end)-.1 E F1(TPM2)2.503 E F0 2.503(,u)C .003(nseals the k)
+-2.503 F .303 -.15(ey a)-.1 H .003(nd loads it into).15 F F3(dataset)102
+192 Q F0(.)A(The user is prompted for the additional passphrase, set wh\
+en creating the k)102 210 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5(fo)-2.5 G
+(ne w)-2.5 E(as set.)-.1 E(See)102 228 Q/F4 10/Courier@0 SF
 (zfs-tpm2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1
-(OPTIONS)72 252 Q F2<ad6e>103.666 264 Q F0 .178
-(Do a no-op/dry run, can be used e)119 276 R -.15(ve)-.25 G 2.678(ni).15
-G 2.679(ft)-2.678 G .179(he k)-2.679 F .479 -.15(ey i)-.1 H 2.679(sa).15
-G .179(lready loaded.)-2.679 F(Equi)5.179 E -.25(va)-.25 G .179(lent to)
-.25 F F2 .179(zfs load-key)2.679 F F0 -.55('s)C F2<ad6e>4.895 E F0
-(option.)119 288 Q F1(ENVIR)72 312 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35
-E F4(TZPFMS_PASSPHRASE_HELPER)102 324 Q F0 .466(By def)143 336 R .466(a\
-ult, passphrases are prompted for and read in on the standard output an\
-d input streams.)-.1 F(If)5.465 E F4(TZPFMS_PASSPHRASE_HELPER)143 348 Q
-F0 .516(is set and nonempty)3.016 F 3.016(,i)-.65 G 3.016(tw)-3.016 G
-.517(ill be run via)-3.016 F F4(/bin/)3.017 E F2 2.183(sh \255c)B F0
-.517(to pro-)3.017 F(vide each passphrase, instead.)143 360 Q .189
+(OPTIONS)72 252 Q F2<ad6e>103.666 264 Q F0 .156
+(Do a no-op/dry run, can be used e)119 276 R -.15(ve)-.25 G 2.656(ni).15
+G 2.656(ft)-2.656 G .156(he k)-2.656 F .456 -.15(ey i)-.1 H 2.656(sa).15
+G .156(lready loaded.)-2.656 F(Equi)5.156 E -.25(va)-.25 G .156(lent to)
+.25 F F2 .156(zfs load-key)2.656 F F0 -.55('s)C F2<ad6e>120.666 288 Q F0
+(option.)2.5 E F1(ENVIR)72 312 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E
+F4(TZPFMS_PASSPHRASE_HELPER)102 324 Q F0 .159(By def)143 336 R .159(aul\
+t, passphrases are prompted for and read in on the standard output and \
+input streams.)-.1 F(If)143 348 Q F4(TZPFMS_PASSPHRASE_HELPER)3.356 E F0
+.856(is set and nonempty)3.356 F 3.356(,i)-.65 G 3.356(tw)-3.356 G .856
+(ill be run via)-3.356 F F4(/bin/)3.355 E F2 2.521(sh \255c)B F0(to pro)
+143 360 Q(vide each passphrase, instead.)-.15 E .087
 (The standard output stream of the helper is tied to an anon)143 378 R
-.188(ymous \214le and used in its entirety as the)-.15 F(passphrase, e)
+.088(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
 143 390 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
 (y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)155 402 Q F0
 (Pre-formatted noun phrase with all the information belo)172 402 Q 1.3
@@ -967,48 +977,49 @@ F0 .516(is set and nonempty)3.016 F 3.016(,i)-.65 G 3.016(tw)-3.016 G
 2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)155 426 Q F0("ne)172 426 Q
 (w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
 -2.5 E F4($4)155 438 Q F0("ag)172 438 Q(ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .181
-(If the helper doesn')143 456 R 2.681(te)-.18 G 1.847(xist \()-2.831 F
-.181(the shell e)1.666 F .181(xits with)-.15 F F1(127)2.681 E F0 -3.151
-1.666(\), a d)1.666 H .181(iagnostic is issued and the normal prompt)
--1.666 F(is used as f)143 468 Q 2.5(all-back. If)-.1 F(it f)2.5 E
+(he second prompt for that passphrase, otherwise blank)-2.5 E 1.109
+(If the helper doesn')143 456 R 3.609(te)-.18 G 2.775(xist \()-3.759 F
+1.109(the shell e)1.666 F 1.109(xits with)-.15 F F1(127)3.609 E F0
+-2.223 1.666(\), a d)1.666 H 1.108(iagnostic is issued and the normal)
+-1.666 F(prompt is used as f)143 468 Q 2.5(all-back. If)-.1 F(it f)2.5 E
 (ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)
 -2.5 E F1 1.666(TPM1.X back-end con\214guration)72 492 R .625
-(TPM selection)84 504 R F0(The)102 516 Q F2(tzpfms)2.768 E F0 .267
-(suite connects to a local)2.767 F F4(tcsd)2.767 E F0 .267
-(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E F4(localhost:30003)2.767 E
-F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)-2.767 E 2.767(ault. Use)-.1 F
-.267(the en-)2.767 F(vironment v)102 528 Q(ariable)-.25 E F4
-(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .391
-(The T)102 546 R(rouSerS)-.35 E F4(tcsd)2.891 E F0 .391
-(\(8\) daemon will try)B F4(/dev/tpm0)2.892 E F0 2.892(,t)C(hen)-2.892 E
-F4(/udev/tpm0)2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/dev/tpm)2.892 E F0
-2.892(;b)C 2.892(yo)-2.892 G(ccup)-2.892 E(ying)-.1 E
-(one of the earlier ones with, for e)102 558 Q
+(TPM selection)84 504 R F0(The)102 516 Q F2(tzpfms)2.682 E F0 .182
+(suite connects to a local)2.682 F F4(tcsd)2.682 E F0 .182
+(\(8\) process)B 1.666(\(a)4.348 G(t)-1.666 E F4(localhost:30003)2.682 E
+F0 4.348(\)b)1.666 G 2.683(yd)-4.348 G(ef)-2.683 E 2.683(ault. Use)-.1 F
+(the)2.683 E(en)102 528 Q(vironment v)-.4 E(ariable)-.25 E F4
+(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .611
+(The T)102 546 R(rouSerS)-.35 E F4(tcsd)3.111 E F0 .611
+(\(8\) daemon will try)B F4(/dev/tpm0)3.11 E F0 3.11(,t)C(hen)-3.11 E F4
+(/udev/tpm0)3.11 E F0 3.11(,t)C(hen)-3.11 E F4(/dev/tpm)3.11 E F0 3.11
+(;b)C 3.11(yo)-3.11 G(ccu-)-3.11 E -.1(py)102 558 S
+(ing one of the earlier ones with, for e).1 E
 (xample, shell redirection, a later one can be selected.)-.15 E F1 .625
 (See also)84 582 R F0(The T)102 594 Q(rouSerS project page at)-.35 E F1
 (https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
-E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102
-612 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E
+E(ousers)-.18 E F0(.)A 2.719(The TPM 1.2 main speci\214cation inde)102
+612 R 5.22(xa)-.15 G(t)-5.22 E F1(https://trustedcomputinggr)5.22 E
 (oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
 (speci\214cation)102 624 Q F0(.)A F1 1.666(SPECIAL THANKS)72 648 R F0
 1.6 -.8(To a)102 660 T(ll who support further de).8 E -.15(ve)-.25 G
-(lopment, in particular:).15 E F1<83>122 672 Q F0(ThePhD)2.5 E
-(tzpfms 0.3.0)72 750 Q(December 20, 2021)144.985 E(13)184.705 E 0 Cg EP
+(lopment, in particular:).15 E F1<83>122 672 Q F0(ThePhD)2.5 E F1<83>122
+684 Q F0(Embark Studios)2.5 E F1<83>122 696 Q F0(Jasper Bekk)2.5 E(ers)
+-.1 E F1(REPOR)72 720 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102
+732 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0(tzpfms 0.3.0-1-g)72 799.889 Q
+105.605(a4cfe40 June)-.05 F(17, 2022)2.5 E(13)196.085 E 0 Cg EP
 %%Page: 14 14
 %%BeginPageSetup
 BP
 %%EndPageSetup
 /F0 10/Times-Roman@0 SF(ZFS-TPM2-LO)72 48 Q -.834(AD-KEY \(8\))-.35 F
 (System Manager')67.569 E 2.5(sM)-.55 G 62.569(anual ZFS-TPM2-LO)-2.5 F
--.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF<83>122 96 Q F0
-(Embark Studios)2.5 E F1<83>122 108 Q F0(Jasper Bekk)2.5 E(ers)-.1 E F1
-(REPOR)72 132 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 144 Q
-(.ht/~nabijaczleweli/tzpfms)-1 E/F2 10/Courier@0 SF
-(~nabijaczleweli/tzpfms@lists.sr.ht)102 162 Q F0 2.5(,a)C(rchi)-2.5 E
--.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E
-(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A(tzpfms 0.3.0)72 750 Q
-(December 20, 2021)144.985 E(14)184.705 E 0 Cg EP
+-.834(AD-KEY \(8\))-.35 F/F1 10/Courier@0 SF
+(~nabijaczleweli/tzpfms@lists.sr.ht)102 96 Q F0 86.763(,a)C(rchi)-86.763
+E -.15(ve)-.25 G 86.762(da).15 G(t)-86.762 E/F2 10/Times-Bold@0 SF
+(https://lists.sr)102 108 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A
+(tzpfms 0.3.0-1-g)72 799.889 Q 105.605(a4cfe40 June)-.05 F(17, 2022)2.5
+E(14)196.085 E 0 Cg EP
 %%Trailer
 end
 %%EOF
diff --git a/zfs-tpm-list.8 b/zfs-tpm-list.8
index 36fdfe3..81b4b8e 100644
--- a/zfs-tpm-list.8
+++ b/zfs-tpm-list.8
@@ -1,9 +1,9 @@
 .\" SPDX-License-Identifier: MIT
 .
-.Dd December 20, 2021
+.Dd June 17, 2022
 .ds doc-volume-operating-system
 .Dt ZFS-TPM-LIST 8
-.Os tzpfms 0.3.0
+.Os tzpfms 0.3.0-1-ga4cfe40
 .
 .Sh NAME
 .Nm zfs-tpm-list
diff --git a/zfs-tpm-list.8.html b/zfs-tpm-list.8.html
index 21e9e64..63414f7 100644
--- a/zfs-tpm-list.8.html
+++ b/zfs-tpm-list.8.html
@@ -164,8 +164,8 @@ tarta-zoot/vm - available yes</div>
 </div>
 <table class="foot">
   <tr>
-    <td class="foot-date">December 20, 2021</td>
-    <td class="foot-os">tzpfms 0.3.0</td>
+    <td class="foot-date">June 17, 2022</td>
+    <td class="foot-os">tzpfms 0.3.0-1-ga4cfe40</td>
   </tr>
 </table>
 </body>
diff --git a/zfs-tpm1x-change-key.8 b/zfs-tpm1x-change-key.8
index 973e3bc..7d53823 100644
--- a/zfs-tpm1x-change-key.8
+++ b/zfs-tpm1x-change-key.8
@@ -1,9 +1,9 @@
 .\" SPDX-License-Identifier: MIT
 .
-.Dd December 20, 2021
+.Dd June 17, 2022
 .ds doc-volume-operating-system
 .Dt ZFS-TPM1X-CHANGE-KEY 8
-.Os tzpfms 0.3.0
+.Os tzpfms 0.3.0-1-ga4cfe40
 .
 .Sh NAME
 .Nm zfs-tpm1x-change-key
diff --git a/zfs-tpm1x-change-key.8.html b/zfs-tpm1x-change-key.8.html
index bd0afd9..b3194ea 100644
--- a/zfs-tpm1x-change-key.8.html
+++ b/zfs-tpm1x-change-key.8.html
@@ -216,8 +216,8 @@
 </div>
 <table class="foot">
   <tr>
-    <td class="foot-date">December 20, 2021</td>
-    <td class="foot-os">tzpfms 0.3.0</td>
+    <td class="foot-date">June 17, 2022</td>
+    <td class="foot-os">tzpfms 0.3.0-1-ga4cfe40</td>
   </tr>
 </table>
 </body>
diff --git a/zfs-tpm1x-clear-key.8 b/zfs-tpm1x-clear-key.8
index e5c3c56..b841c81 100644
--- a/zfs-tpm1x-clear-key.8
+++ b/zfs-tpm1x-clear-key.8
@@ -1,9 +1,9 @@
 .\" SPDX-License-Identifier: MIT
 .
-.Dd December 20, 2021
+.Dd June 17, 2022
 .ds doc-volume-operating-system
 .Dt ZFS-TPM1X-CLEAR-KEY 8
-.Os tzpfms 0.3.0
+.Os tzpfms 0.3.0-1-ga4cfe40
 .
 .Sh NAME
 .Nm zfs-tpm1x-clear-key
diff --git a/zfs-tpm1x-clear-key.8.html b/zfs-tpm1x-clear-key.8.html
index 072e778..0819155 100644
--- a/zfs-tpm1x-clear-key.8.html
+++ b/zfs-tpm1x-clear-key.8.html
@@ -101,8 +101,8 @@
 </div>
 <table class="foot">
   <tr>
-    <td class="foot-date">December 20, 2021</td>
-    <td class="foot-os">tzpfms 0.3.0</td>
+    <td class="foot-date">June 17, 2022</td>
+    <td class="foot-os">tzpfms 0.3.0-1-ga4cfe40</td>
   </tr>
 </table>
 </body>
diff --git a/zfs-tpm1x-load-key.8 b/zfs-tpm1x-load-key.8
index 3113e38..72535e8 100644
--- a/zfs-tpm1x-load-key.8
+++ b/zfs-tpm1x-load-key.8
@@ -1,9 +1,9 @@
 .\" SPDX-License-Identifier: MIT
 .
-.Dd December 20, 2021
+.Dd June 17, 2022
 .ds doc-volume-operating-system
 .Dt ZFS-TPM1X-LOAD-KEY 8
-.Os tzpfms 0.3.0
+.Os tzpfms 0.3.0-1-ga4cfe40
 .
 .Sh NAME
 .Nm zfs-tpm1x-load-key
diff --git a/zfs-tpm1x-load-key.8.html b/zfs-tpm1x-load-key.8.html
index 80275b6..334729a 100644
--- a/zfs-tpm1x-load-key.8.html
+++ b/zfs-tpm1x-load-key.8.html
@@ -137,8 +137,8 @@
 </div>
 <table class="foot">
   <tr>
-    <td class="foot-date">December 20, 2021</td>
-    <td class="foot-os">tzpfms 0.3.0</td>
+    <td class="foot-date">June 17, 2022</td>
+    <td class="foot-os">tzpfms 0.3.0-1-ga4cfe40</td>
   </tr>
 </table>
 </body>
diff --git a/zfs-tpm2-change-key.8 b/zfs-tpm2-change-key.8
index d205848..3e9ce54 100644
--- a/zfs-tpm2-change-key.8
+++ b/zfs-tpm2-change-key.8
@@ -1,9 +1,9 @@
 .\" SPDX-License-Identifier: MIT
 .
-.Dd December 20, 2021
+.Dd June 17, 2022
 .ds doc-volume-operating-system
 .Dt ZFS-TPM2-CHANGE-KEY 8
-.Os tzpfms 0.3.0
+.Os tzpfms 0.3.0-1-ga4cfe40
 .
 .Sh NAME
 .Nm zfs-tpm2-change-key
diff --git a/zfs-tpm2-change-key.8.html b/zfs-tpm2-change-key.8.html
index 6d6fef3..372890a 100644
--- a/zfs-tpm2-change-key.8.html
+++ b/zfs-tpm2-change-key.8.html
@@ -263,8 +263,8 @@
 </div>
 <table class="foot">
   <tr>
-    <td class="foot-date">December 20, 2021</td>
-    <td class="foot-os">tzpfms 0.3.0</td>
+    <td class="foot-date">June 17, 2022</td>
+    <td class="foot-os">tzpfms 0.3.0-1-ga4cfe40</td>
   </tr>
 </table>
 </body>
diff --git a/zfs-tpm2-clear-key.8 b/zfs-tpm2-clear-key.8
index 752d83e..c687526 100644
--- a/zfs-tpm2-clear-key.8
+++ b/zfs-tpm2-clear-key.8
@@ -1,9 +1,9 @@
 .\" SPDX-License-Identifier: MIT
 .
-.Dd December 20, 2021
+.Dd June 17, 2022
 .ds doc-volume-operating-system
 .Dt ZFS-TPM2-CLEAR-KEY 8
-.Os tzpfms 0.3.0
+.Os tzpfms 0.3.0-1-ga4cfe40
 .
 .Sh NAME
 .Nm zfs-tpm2-clear-key
diff --git a/zfs-tpm2-clear-key.8.html b/zfs-tpm2-clear-key.8.html
index 9c2376d..a9ae190 100644
--- a/zfs-tpm2-clear-key.8.html
+++ b/zfs-tpm2-clear-key.8.html
@@ -152,8 +152,8 @@
 </div>
 <table class="foot">
   <tr>
-    <td class="foot-date">December 20, 2021</td>
-    <td class="foot-os">tzpfms 0.3.0</td>
+    <td class="foot-date">June 17, 2022</td>
+    <td class="foot-os">tzpfms 0.3.0-1-ga4cfe40</td>
   </tr>
 </table>
 </body>
diff --git a/zfs-tpm2-load-key.8 b/zfs-tpm2-load-key.8
index 0a0a9ae..3a5427d 100644
--- a/zfs-tpm2-load-key.8
+++ b/zfs-tpm2-load-key.8
@@ -1,9 +1,9 @@
 .\" SPDX-License-Identifier: MIT
 .
-.Dd December 20, 2021
+.Dd June 17, 2022
 .ds doc-volume-operating-system
 .Dt ZFS-TPM2-LOAD-KEY 8
-.Os tzpfms 0.3.0
+.Os tzpfms 0.3.0-1-ga4cfe40
 .
 .Sh NAME
 .Nm zfs-tpm2-load-key
diff --git a/zfs-tpm2-load-key.8.html b/zfs-tpm2-load-key.8.html
index bf48745..22392d6 100644
--- a/zfs-tpm2-load-key.8.html
+++ b/zfs-tpm2-load-key.8.html
@@ -136,8 +136,8 @@
 </div>
 <table class="foot">
   <tr>
-    <td class="foot-date">December 20, 2021</td>
-    <td class="foot-os">tzpfms 0.3.0</td>
+    <td class="foot-date">June 17, 2022</td>
+    <td class="foot-os">tzpfms 0.3.0-1-ga4cfe40</td>
   </tr>
 </table>
 </body>