diff --git a/tzpfms.pdf b/tzpfms.pdf index 24c9648..c9b36ea 100644 Binary files a/tzpfms.pdf and b/tzpfms.pdf differ diff --git a/tzpfms.ps b/tzpfms.ps index 87ceac3..61747d1 100644 --- a/tzpfms.ps +++ b/tzpfms.ps @@ -1,6 +1,6 @@ %!PS-Adobe-3.0 %%Creator: groff version 1.22.4 -%%CreationDate: Thu Oct 21 21:59:13 2021 +%%CreationDate: Wed Nov 10 17:36:28 2021 %%DocumentNeededResources: font Times-Roman %%+ font Times-Bold %%+ font Courier-Bold @@ -272,35 +272,31 @@ ediate operator attention, with either the appropriate)102 270 R F2 (zfs-tpm)102 282 Q/F5 10/Symbol SF(*)A F2(-clear-key)A F0 .462 (program or)2.962 F F2 .462(zfs change-key)2.962 F F0(and)2.962 E F2 .462(zfs inherit)2.962 F F0 2.962<8a69>2.962 G 2.963(ft)-2.962 G .463 -(he k)-2.963 F .763 -.15(ey b)-.1 H .463(ecomes un-).15 F 1.642 -(loaded, the)102 294 R 4.142(yw)-.15 G 1.642 -(ill require restoration from back-up.)-4.142 F(Ho)6.642 E(we)-.25 E --.15(ve)-.25 G 2.441 -.4(r, t).15 H(he).4 E 4.141(ys)-.15 G 1.641 -(hould ne)-4.141 F -.15(ve)-.25 G 4.141(ro).15 G(ccur)-4.141 E 4.141(,u) --.4 G 1.641(nless something)-4.141 F -(went terribly wrong with the dataset properties.)102 306 Q .468 -(If no datasets are speci\214ed, lists all matching encryption roots.) -102 324 R .468(The def)5.468 F .468 -(ault \214lter is to list all roots managed)-.1 F(by)102 336 Q F2 -(tzpfms)2.5 E F0(.)A F2(\255ab)6.666 E F0 -(can be used to either list all roots or only ones back)2.5 E -(ed by a particular end, respecti)-.1 E -.15(ve)-.25 G(ly).15 E(.)-.65 E -F1(OPTIONS)72 360 Q F2103.666 372 Q F0 .093(Scripting mode \212 d\ -o not print headers and separate \214elds by a single tab instead of co\ -lum-)173 372 R(nating with spaces.)173 384 Q F2103.666 402 Q F0 +(he k)-2.963 F .763 -.15(ey b)-.1 H .463(ecomes un-).15 F .145 +(loaded, the)102 294 R 2.645(yw)-.15 G .145 +(ill require restoration from back-up.)-2.645 F(Ho)5.144 E(we)-.25 E +-.15(ve)-.25 G .944 -.4(r, t).15 H .144(his should ne).4 F -.15(ve)-.25 +G 2.644(ro).15 G(ccur)-2.644 E 2.644(,u)-.4 G .144(nless something went) +-2.644 F(horribly wrong with the dataset properties.)102 306 Q 2.386(If\ + no datasets are speci\214ed, all matching encryption roots are listed \ +\212 by def)102 324 R 2.386(ault, those managed by)-.1 F F2(tzpfms)102 +336 Q F0(.)A F1(OPTIONS)72 360 Q F2103.666 372 Q F0 .447 +(Scripting mode \212 remo)173 372 R .747 -.15(ve h)-.15 H .446 +(eaders and separate \214elds by a single tab instead of columnat-).15 F +(ing them with spaces.)173 384 Q F2103.666 402 Q F0 (Recurse into all descendants of speci\214ed datasets.)173 402 Q F2 103.666 414 Q F3(depth)6 E F0(Recurse at most)173 414 Q F3(depth) 2.5 E F0(datasets deep.)2.5 E(Def)5 E(ault:)-.1 E F1(0)2.5 E F0(.)A F2 103.666 432 Q F0(List all encryption roots, e)173 432 Q -.15(ve) -.25 G 2.5(no).15 G(nes not managed by)-2.5 E F2(tzpfms)2.5 E F0(.)A F2 -103.666 444 Q F3(back-end)6 E F0(List only encryption roots with) -173 456 Q F3(tzpfms)2.5 E F0(back-end)2.5 E F3(back-end)2.5 E F0(.)A F2 -103.666 474 Q F0(List only encryption roots whose k)173 474 Q -.15 -(ey)-.1 G 2.5(sa).15 G(re a)-2.5 E -.25(va)-.2 G(ilable.).25 E F2 -103.666 486 Q F0(List only encryption roots whose k)173 486 Q -.15(ey) --.1 G 2.5(sa).15 G(re una)-2.5 E -.25(va)-.2 G(ilable.).25 E F1 -(EXAMPLES)72 510 Q F4($)102 522 Q F2(zfs-tpm-list)6 E F4 -(NAME BACK-END KEYSTATUS COHERENT)102 534 Q +103.666 444 Q F3(back-end)6 E F0 +(List only encryption roots with the speci\214ed)173 456 Q F2(tzpfms)2.5 +E F3(back-end)2.5 E F0(.)A F2103.666 474 Q F0 +(List only encryption roots whose k)173 474 Q -.15(ey)-.1 G 2.5(sa).15 G +(re a)-2.5 E -.25(va)-.2 G(ilable.).25 E F2103.666 486 Q F0 +(List only encryption roots whose k)173 486 Q -.15(ey)-.1 G 2.5(sa).15 G +(re una)-2.5 E -.25(va)-.2 G(ilable.).25 E F1(EXAMPLES)72 510 Q F4($)102 +522 Q F2(zfs-tpm-list)6 E F4(NAME BACK-END KEYSTATUS COHERENT)102 534 Q (owo/venc TPM2 unavailable yes)102 546 Q(owo/enc TPM1.X available yes) 102 558 Q($)102 582 Q F2 1.666(zfs-tpm-list \255ad0)6 F F4 (NAME BACK-END KEYSTATUS COHERENT)102 594 Q(awa - available yes)102 606 @@ -308,8 +304,9 @@ Q($)102 630 Q F2 1.666(zfs-tpm-list \255b)6 F F1(TPM2)6 E F4 (NAME BACK-END KEYSTATUS COHERENT)102 642 Q (owo/venc TPM2 unavailable yes)102 654 Q($)102 678 Q F2 1.666 (zfs-tpm-list \255ra)6 F F3(owo)6 E F4(NAME BACK-END KEYSTATUS COHERENT) -102 690 Q(owo/venc TPM2 unavailable yes)102 702 Q F0(tzpfms 0.1-7)72 750 -Q(October 17, 2021)148.595 E(1)194.145 E 0 Cg EP +102 690 Q(owo/venc TPM2 unavailable yes)102 702 Q F0(tzpfms 0.1-10)72 +750 Q(No)138.745 E -.15(ve)-.15 G(mber 10, 2021).15 E(1)189.295 E 0 Cg +EP %%Page: 2 2 %%BeginPageSetup BP @@ -331,7 +328,8 @@ Q(owo/vtnc - available yes)102 180 Q(owo/v nc - available yes)102 192 Q -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F3(https://lists.sr)2.5 E (.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F3 1.666(SEE ALSO)72 342 R (https://git.sr)102 354 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 -(tzpfms 0.1-7)72 750 Q(October 17, 2021)148.595 E(2)194.145 E 0 Cg EP +(tzpfms 0.1-10)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 10, 2021).15 E +(2)189.295 E 0 Cg EP %%Page: 3 3 %%BeginPageSetup BP @@ -359,22 +357,22 @@ F2(tzpfms)2.553 E F0 .053(and the)2.553 F F1(TPM1.X)2.553 E F0 .054 (be silently cleared.)102 252 R .203(Otherwise, or in case of an error) 5.203 F 2.703(,d)-.4 G .203(ata required for manual interv)-2.703 F .202 (ention will be printed to)-.15 F(the standard error stream.)102 264 Q -(Ne)102 282 Q .519(xt, a ne)-.15 F 3.019(ww)-.25 G .519(rapping k)-3.019 -F .819 -.15(ey i)-.1 H 3.019(sb).15 G 3.019(eg)-3.019 G .519 -(enerated on the TPM, optionally back)-3.019 F .519(ed up)-.1 F 1.666 -(\(s)4.685 G(ee)-1.666 E F1(OPTIONS)3.02 E F0 -2.812 1.666(\), a)1.666 H -.52(nd sealed)-1.666 F 1.782(on the TPM; the user is prompted for an op\ -tional passphrase to protect the k)102 294 R 2.081 -.15(ey w)-.1 H 1.781 -(ith, and for the SRK).15 F(passphrase, set when taking o)102 306 Q -(wnership, if it is not "well-kno)-.25 E(wn" \(all zeroes\).)-.25 E -(The follo)102 324 Q(wing properties are set on)-.25 E F3(dataset)2.5 E -F0(:)A F1<83>122 336 Q F5(xyz.nabijaczleweli:tzpfms.backend)2.5 E F0(=)A -F1(TPM1.X)A<83>122 348 Q F5(xyz.nabijaczleweli:tzpfms.key)2.5 E F0(=)A -F3(parent-key-blob)A F2(:)A F3(sealed-object-blob)A F5(tzpfms.backend) -102 366 Q F0 2.231(identi\214es this dataset for w)4.73 F 2.231 -(ork with)-.1 F F1(TPM1.X)4.731 E F0(-back-ended)A F2(tzpfms)4.731 E F0 -3.897(tools \()4.731 F(namely)1.666 E F5(zfs-tpm1x-change-key)102 378 Q -F0(\(8\),)A F5(zfs-tpm1x-load-key)2.5 E F0(\(8\), and)A F5 +(Ne)102 282 Q .486(xt, a ne)-.15 F 2.986(ww)-.25 G .486(rapping k)-2.986 +F .786 -.15(ey i)-.1 H 2.986(sg).15 G .486 +(enerated on the TPM, optionally back)-2.986 F .486(ed up)-.1 F 1.666 +(\(s)4.652 G(ee)-1.666 E F1(OPTIONS)2.987 E F0 -2.845 1.666(\), a)1.666 +H .487(nd sealed on)-1.666 F 2.575(the TPM; the user is prompted for an\ + optional passphrase to protect the k)102 294 R 2.875 -.15(ey w)-.1 H +2.575(ith, and for the SRK).15 F(passphrase, set when taking o)102 306 Q +(wnership, if not "well-kno)-.25 E(wn" \(all zeroes\).)-.25 E(The follo) +102 324 Q(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1 +<83>122 336 Q F5(xyz.nabijaczleweli:tzpfms.backend)2.5 E F0(=)A F1 +(TPM1.X)A<83>122 348 Q F5(xyz.nabijaczleweli:tzpfms.key)2.5 E F0(=)A F3 +(parent-key-blob)A F2(:)A F3(sealed-object-blob)A F5(tzpfms.backend)102 +366 Q F0 2.231(identi\214es this dataset for w)4.73 F 2.231(ork with)-.1 +F F1(TPM1.X)4.731 E F0(-back-ended)A F2(tzpfms)4.731 E F0 3.897 +(tools \()4.731 F(namely)1.666 E F5(zfs-tpm1x-change-key)102 378 Q F0 +(\(8\),)A F5(zfs-tpm1x-load-key)2.5 E F0(\(8\), and)A F5 (zfs-tpm1x-clear-key)2.5 E F0 -.834(\(8\) \) .)B F5(tzpfms.key)102 396 Q F0 .334(is a colon-separated pair of he)2.834 F .333 (xadecimal-string \(i.e. "4F7730" for "Ow0"\) blobs; the \214rst one) @@ -419,8 +417,8 @@ F0(Sa)191 618 Q .806 -.15(ve a b)-.2 H .506(ack-up of the k).15 F .805 (case of a catastrophic e)3.181 F -.15(ve)-.25 G .682(nt, the k).15 F .982 -.15(ey c)-.1 H(an).15 E(be loaded by running)191 642 Q F2 (zfs load-key)221 654 Q F3(dataset)6 E F5(<)6 E F3(backup-file)6 E F1 -1.666(TPM1.X back-end con\214guration)72 678 R F0(tzpfms 0.1-7)72 750 Q -(October 17, 2021)148.595 E(3)194.145 E 0 Cg EP +1.666(TPM1.X back-end con\214guration)72 678 R F0(tzpfms 0.1-10)72 750 Q +(No)138.745 E -.15(ve)-.15 G(mber 10, 2021).15 E(3)189.295 E 0 Cg EP %%Page: 4 4 %%BeginPageSetup BP @@ -454,7 +452,8 @@ E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102 -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E (.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 354 R (https://git.sr)102 366 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 -(tzpfms 0.1-7)72 750 Q(October 17, 2021)148.595 E(4)194.145 E 0 Cg EP +(tzpfms 0.1-10)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 10, 2021).15 E +(4)189.295 E 0 Cg EP %%Page: 5 5 %%BeginPageSetup BP @@ -504,7 +503,8 @@ E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102 -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E (.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 528 R (https://git.sr)102 540 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 -(tzpfms 0.1-7)72 750 Q(October 17, 2021)148.595 E(5)194.145 E 0 Cg EP +(tzpfms 0.1-10)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 10, 2021).15 E +(5)189.295 E 0 Cg EP %%Page: 6 6 %%BeginPageSetup BP @@ -513,38 +513,36 @@ BP (System Manager')60.349 E 2.5(sM)-.55 G 55.349(anual ZFS-TPM1X-LO)-2.5 F -.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E /F2 10/Courier-Bold@0 SF(zfs-tpm1x-load-key)102 108 Q F0 2.5<8a6c>2.5 G -(oad tzpfms TPM1.X-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1 -(SYNOPSIS)72 132 Q F2(zfs-tpm1x-load-key)102 144 Q F0([)3.333 E F2 -2.499 E F0(]).833 E/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1 -(DESCRIPTION)72 168 Q F0 1.155(After v)102 180 R(erifying)-.15 E F3 -(dataset)3.655 E F0 -.1(wa)3.655 G 3.655(se).1 G 1.155(ncrypted with) --3.655 F F2(tzpfms)3.655 E F0(back)3.655 E(end)-.1 E F1(TPM1.X)3.655 E -F0 1.156(will unseal the k)3.655 F 1.456 -.15(ey a)-.1 H 1.156 -(nd load it).15 F(into)102 192 Q F3(dataset)2.5 E F0(.)A .422 -(The user is prompted for)102 210 R 2.922<2c8c>-.4 G .422 -(rst, the SRK passphrase, set when taking o)-2.922 F .422 -(wnership, if it')-.25 F 2.921(sn)-.55 G .421(ot "well-kno)-2.921 F .421 -(wn" \(all)-.25 F -(zeroes\), then the additional passphrase set when creating the k)102 -222 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5(fi)-2.5 G 2.5(tw)-2.5 G(as pro)-2.6 -E(vided.)-.15 E(See)102 240 Q/F4 10/Courier@0 SF(zfs-tpm1x-change-key) -2.5 E F0(\(8\) for a detailed description.)A F1(OPTIONS)72 264 Q F2 -103.666 276 Q F0 .178(Do a no-op/dry run, can be used e)119 288 R --.15(ve)-.25 G 2.678(ni).15 G 2.679(ft)-2.678 G .179(he k)-2.679 F .479 --.15(ey i)-.1 H 2.679(sa).15 G .179(lready loaded.)-2.679 F(Equi)5.179 E --.25(va)-.25 G .179(lent to).25 F F2 .179(zfs load-key)2.679 F F0 -.55 -('s)C F24.895 E F0(option.)119 300 Q F1 1.666 -(TPM1.X back-end con\214guration)72 324 R .625(TPM selection)84 336 R F0 -(The)102 348 Q F2(tzpfms)2.768 E F0 .267(suite connects to a local)2.767 -F F4(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E -F4(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef) --2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102 360 -Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0 -(to specify a remote TCS hostname.)2.5 E .391(The T)102 378 R(rouSerS) --.35 E F4(tcsd)2.891 E F0 .391(\(8\) daemon will try)B F4(/dev/tpm0) -2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.892(,t)C -(hen)-2.892 E F4(/dev/tpm)2.892 E F0 2.892(;b)C 2.892(yo)-2.892 G(ccup) --2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 390 Q +(oad TPM1.X-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72 +132 Q F2(zfs-tpm1x-load-key)102 144 Q F0([)3.333 E F22.499 E F0(]) +.833 E/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 168 Q +F0 1.155(After v)102 180 R(erifying)-.15 E F3(dataset)3.655 E F0 -.1(wa) +3.655 G 3.655(se).1 G 1.155(ncrypted with)-3.655 F F2(tzpfms)3.655 E F0 +(back)3.655 E(end)-.1 E F1(TPM1.X)3.655 E F0 1.156(will unseal the k) +3.655 F 1.456 -.15(ey a)-.1 H 1.156(nd load it).15 F(into)102 192 Q F3 +(dataset)2.5 E F0(.)A .694 +(The user is \214rst prompted for the SRK passphrase, set when taking o) +102 210 R .693(wnership, if not "well-kno)-.25 F .693(wn" \(all ze-)-.25 +F(roes\); then for the additional passphrase, set when creating the k) +102 222 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5(fo)-2.5 G(ne w)-2.5 E(as set.) +-.1 E(See)102 240 Q/F4 10/Courier@0 SF(zfs-tpm1x-change-key)2.5 E F0 +(\(8\) for a detailed description.)A F1(OPTIONS)72 264 Q F2103.666 +276 Q F0 .178(Do a no-op/dry run, can be used e)119 288 R -.15(ve)-.25 G +2.678(ni).15 G 2.679(ft)-2.678 G .179(he k)-2.679 F .479 -.15(ey i)-.1 H +2.679(sa).15 G .179(lready loaded.)-2.679 F(Equi)5.179 E -.25(va)-.25 G +.179(lent to).25 F F2 .179(zfs load-key)2.679 F F0 -.55('s)C F2 +4.895 E F0(option.)119 300 Q F1 1.666(TPM1.X back-end con\214guration)72 +324 R .625(TPM selection)84 336 R F0(The)102 348 Q F2(tzpfms)2.768 E F0 +.267(suite connects to a local)2.767 F F4(tcsd)2.767 E F0 .267 +(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E F4(localhost:30003)2.767 E +F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)-2.767 E 2.767(ault. Use)-.1 F +.267(the en-)2.767 F(vironment v)102 360 Q(ariable)-.25 E F4 +(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .391 +(The T)102 378 R(rouSerS)-.35 E F4(tcsd)2.891 E F0 .391 +(\(8\) daemon will try)B F4(/dev/tpm0)2.892 E F0 2.892(,t)C(hen)-2.892 E +F4(/udev/tpm0)2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/dev/tpm)2.892 E F0 +2.892(;b)C 2.892(yo)-2.892 G(ccup)-2.892 E(ying)-.1 E +(one of the earlier ones with, for e)102 390 Q (xample, shell redirection, a later one can be selected.)-.15 E F1 .625 (See also)84 414 R F0(The T)102 426 Q(rouSerS project page at)-.35 E F1 (https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18 @@ -560,7 +558,8 @@ E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102 -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E (.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 594 R (https://git.sr)102 606 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 -(tzpfms 0.1-7)72 750 Q(October 17, 2021)148.595 E(6)194.145 E 0 Cg EP +(tzpfms 0.1-10)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 10, 2021).15 E +(6)189.295 E 0 Cg EP %%Page: 7 7 %%BeginPageSetup BP @@ -588,19 +587,18 @@ F0(be TPM-2.0-compatible.)2.5 E(If)102 240 Q F3(dataset)3.42 E F0 -.1 (will be freed from the TPM.)102 252 R .382 (Otherwise, or in case of an error)5.382 F 2.882(,d)-.4 G .382 (ata required for manual interv)-2.882 F .382(ention will be)-.15 F -(printed to the standard error stream.)102 264 Q(Ne)102 282 Q .519 -(xt, a ne)-.15 F 3.019(ww)-.25 G .519(rapping k)-3.019 F .819 -.15(ey i) --.1 H 3.019(sb).15 G 3.019(eg)-3.019 G .519 -(enerated on the TPM, optionally back)-3.019 F .519(ed up)-.1 F 1.666 -(\(s)4.685 G(ee)-1.666 E F1(OPTIONS)3.02 E F0 -2.812 1.666(\), a)1.666 H -.52(nd sealed)-1.666 F .248 -(to a persistent object on the TPM under the o)102 294 R .248 -(wner hierarch)-.25 F .248(y; if there is a passphrase set on the o)-.05 -F .248(wner hierar)-.25 F(-)-.2 E(ch)102 306 Q 1.772 -.65(y, t)-.05 H -.472(he user is prompted for it; the user is al).65 F -.1(wa)-.1 G .472 -(ys prompted for an optional passphrase to protect the sealed).1 F -(object with.)102 318 Q(The follo)102 336 Q(wing properties are set on) --.25 E F3(dataset)2.5 E F0(:)A F1<83>122 348 Q F5 +(printed to the standard error stream.)102 264 Q(Ne)102 282 Q .197 +(xt, a ne)-.15 F 2.697(ww)-.25 G .197(rapping k)-2.697 F .497 -.15(ey i) +-.1 H 2.697(sg).15 G .197(enerated on the TPM, optionally back)-2.697 F +.197(ed up)-.1 F 1.666(\(s)4.363 G(ee)-1.666 E F1(OPTIONS)2.697 E F0 +-3.135 1.666(\), a)1.666 H .197(nd sealed to a)-1.666 F .504 +(persistent object on the TPM under the o)102 294 R .504(wner hierarch) +-.25 F .504(y; if there is a passphrase set on the o)-.05 F .503 +(wner hierarch)-.25 F -.65(y,)-.05 G .04 +(the user is prompted for it; the user is al)102 306 R -.1(wa)-.1 G .041 +(ys prompted for an optional passphrase to protect the sealed object).1 +F(with.)102 318 Q(The follo)102 336 Q(wing properties are set on)-.25 E +F3(dataset)2.5 E F0(:)A F1<83>122 348 Q F5 (xyz.nabijaczleweli:tzpfms.backend)2.5 E F0(=)A F1(TPM2)A<83>122 360 Q F5(xyz.nabijaczleweli:tzpfms.key)2.5 E F0(=)A F3 (ID of persistent object)A F5(tzpfms.backend)102 378 Q F0 3.203 @@ -652,7 +650,8 @@ F(This)5.505 E(back-up)191 630 Q F4(must)3.181 E F0 .681 .682(nt, the k).15 F .982 -.15(ey c)-.1 H(an).15 E(be loaded by running) 191 642 Q F2(zfs load-key)221 654 Q F3(dataset)6 E F5(<)6 E F3 (backup-file)6 E F1 1.666(TPM2 back-end con\214guration)72 678 R F0 -(tzpfms 0.1-7)72 750 Q(October 17, 2021)148.595 E(7)194.145 E 0 Cg EP +(tzpfms 0.1-10)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 10, 2021).15 E +(7)189.295 E 0 Cg EP %%Page: 8 8 %%BeginPageSetup BP @@ -691,8 +690,8 @@ E F0 .576(will be tried,)3.076 F(in order)102 168 Q 1.666(\(s)4.166 G -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E (.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 384 R F2 (tpm2_unseal)102 396 Q F0(\(1\))A F1(https://git.sr)102 414 Q -(.ht/~nabijaczleweli/tzpfms)-1 E F0(tzpfms 0.1-7)72 750 Q -(October 17, 2021)148.595 E(8)194.145 E 0 Cg EP +(.ht/~nabijaczleweli/tzpfms)-1 E F0(tzpfms 0.1-10)72 750 Q(No)138.745 E +-.15(ve)-.15 G(mber 10, 2021).15 E(8)189.295 E 0 Cg EP %%Page: 9 9 %%BeginPageSetup BP @@ -747,7 +746,8 @@ E F0 .575(will be tried,)3.076 F(in order)102 354 Q 1.666(\(s)4.166 G -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E (.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 570 R (https://git.sr)102 582 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 -(tzpfms 0.1-7)72 750 Q(October 17, 2021)148.595 E(9)194.145 E 0 Cg EP +(tzpfms 0.1-10)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 10, 2021).15 E +(9)189.295 E 0 Cg EP %%Page: 10 10 %%BeginPageSetup BP @@ -756,48 +756,51 @@ BP (System Manager')67.569 E 2.5(sM)-.55 G 62.569(anual ZFS-TPM2-LO)-2.5 F -.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E /F2 10/Courier-Bold@0 SF(zfs-tpm2-load-key)102 108 Q F0 2.5<8a6c>2.5 G -(oad tzpfms TPM2-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1 -(SYNOPSIS)72 132 Q F2(zfs-tpm2-load-key)102 144 Q F0([)3.333 E F2 -2.499 E F0(]).833 E/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1 -(DESCRIPTION)72 168 Q F0 1.118(After v)102 180 R(erifying)-.15 E F3 -(dataset)3.618 E F0 -.1(wa)3.618 G 3.618(se).1 G 1.118(ncrypted with) --3.618 F F2(tzpfms)3.618 E F0(back)3.618 E(end)-.1 E F1(TPM2)3.618 E F0 -3.618(,u)C 1.118(nseals the k)-3.618 F 1.418 -.15(ey a)-.1 H 1.118 -(nd loads it into).15 F F3(dataset)102 192 Q F0(.)A(See)102 210 Q/F4 10 -/Courier@0 SF(zfs-tpm2-change-key)2.5 E F0 -(\(8\) for a detailed description.)A F1(OPTIONS)72 234 Q F2103.666 -246 Q F0 .179(Do a no-op/dry run, can be used e)119 258 R -.15(ve)-.25 G -2.679(ni).15 G 2.679(ft)-2.679 G .179(he k)-2.679 F .478 -.15(ey i)-.1 H -2.678(sa).15 G .178(lready loaded.)-2.678 F(Equi)5.178 E -.25(va)-.25 G -.178(lent to).25 F F2 .178(zfs load-key)2.678 F F0 -.55('s)C F2 -4.894 E F0(option.)119 270 Q F1 1.666(TPM1.X back-end con\214guration)72 -294 R .625(TPM selection)84 306 R F0(The)102 318 Q F2(tzpfms)2.767 E F0 -.267(suite connects to a local)2.767 F F4(tcsd)2.767 E F0 .267 +(oad TPM2-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72 +132 Q F2(zfs-tpm2-load-key)102 144 Q F0([)3.333 E F22.499 E F0(]) +.833 E/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 168 Q +F0 1.118(After v)102 180 R(erifying)-.15 E F3(dataset)3.618 E F0 -.1(wa) +3.618 G 3.618(se).1 G 1.118(ncrypted with)-3.618 F F2(tzpfms)3.618 E F0 +(back)3.618 E(end)-.1 E F1(TPM2)3.618 E F0 3.618(,u)C 1.118 +(nseals the k)-3.618 F 1.418 -.15(ey a)-.1 H 1.118(nd loads it into).15 +F F3(dataset)102 192 Q F0(.)A(The user is prompted for the additional p\ +assphrase, set when creating the k)102 210 Q -.15(ey)-.1 G 2.5(,i)-.5 G +2.5(fo)-2.5 G(ne w)-2.5 E(as set.)-.1 E(See)102 228 Q/F4 10/Courier@0 SF +(zfs-tpm2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1 +(OPTIONS)72 252 Q F2103.666 264 Q F0 .179 +(Do a no-op/dry run, can be used e)119 276 R -.15(ve)-.25 G 2.679(ni).15 +G 2.679(ft)-2.679 G .179(he k)-2.679 F .478 -.15(ey i)-.1 H 2.678(sa).15 +G .178(lready loaded.)-2.678 F(Equi)5.178 E -.25(va)-.25 G .178(lent to) +.25 F F2 .178(zfs load-key)2.678 F F0 -.55('s)C F24.894 E F0 +(option.)119 288 Q F1 1.666(TPM1.X back-end con\214guration)72 312 R +.625(TPM selection)84 324 R F0(The)102 336 Q F2(tzpfms)2.767 E F0 .267 +(suite connects to a local)2.767 F F4(tcsd)2.767 E F0 .267 (\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E F4(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)-2.767 E 2.767(ault. Use)-.1 F -.268(the en-)2.767 F(vironment v)102 330 Q(ariable)-.25 E F4 +.268(the en-)2.767 F(vironment v)102 348 Q(ariable)-.25 E F4 (TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .392 -(The T)102 348 R(rouSerS)-.35 E F4(tcsd)2.892 E F0 .392 +(The T)102 366 R(rouSerS)-.35 E F4(tcsd)2.892 E F0 .392 (\(8\) daemon will try)B F4(/dev/tpm0)2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.891(,t)C(hen)-2.891 E F4(/dev/tpm)2.891 E F0 2.891(;b)C 2.891(yo)-2.891 G(ccup)-2.891 E(ying)-.1 E -(one of the earlier ones with, for e)102 360 Q +(one of the earlier ones with, for e)102 378 Q (xample, shell redirection, a later one can be selected.)-.15 E F1 .625 -(See also)84 384 R F0(The T)102 396 Q(rouSerS project page at)-.35 E F1 +(See also)84 402 R F0(The T)102 414 Q(rouSerS project page at)-.35 E F1 (https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18 E(ousers)-.18 E F0(.)A 5.108(The TPM 1.2 main speci\214cation inde)102 -414 R 7.609(xa)-.15 G(t)-7.609 E F1(https://trustedcomputinggr)7.609 E +432 R 7.609(xa)-.15 G(t)-7.609 E F1(https://trustedcomputinggr)7.609 E (oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E -(speci\214cation)102 426 Q F0(.)A F1 1.666(SPECIAL THANKS)72 450 R F0 -1.6 -.8(To a)102 462 T(ll who support further de).8 E -.15(ve)-.25 G -(lopment, in particular:).15 E F1<83>122 474 Q F0(ThePhD)2.5 E F1<83>122 -486 Q F0(Embark Studios)2.5 E F1(REPOR)72 510 Q 1.666(TING B)-.4 F(UGS) --.1 E(https://todo.sr)102 522 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4 -(~nabijaczleweli/tzpfms@lists.sr.ht)102 540 Q F0 2.5(,a)C(rchi)-2.5 E +(speci\214cation)102 444 Q F0(.)A F1 1.666(SPECIAL THANKS)72 468 R F0 +1.6 -.8(To a)102 480 T(ll who support further de).8 E -.15(ve)-.25 G +(lopment, in particular:).15 E F1<83>122 492 Q F0(ThePhD)2.5 E F1<83>122 +504 Q F0(Embark Studios)2.5 E F1(REPOR)72 528 Q 1.666(TING B)-.4 F(UGS) +-.1 E(https://todo.sr)102 540 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4 +(~nabijaczleweli/tzpfms@lists.sr.ht)102 558 Q F0 2.5(,a)C(rchi)-2.5 E -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E -(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 564 R -(https://git.sr)102 576 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 -(tzpfms 0.1-7)72 750 Q(October 17, 2021)148.595 E(10)189.145 E 0 Cg EP +(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 582 R +(https://git.sr)102 594 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0 +(tzpfms 0.1-10)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 10, 2021).15 E +(10)184.295 E 0 Cg EP %%Trailer end %%EOF diff --git a/zfs-tpm-list.8 b/zfs-tpm-list.8 index 0623148..9f72905 100644 --- a/zfs-tpm-list.8 +++ b/zfs-tpm-list.8 @@ -1,9 +1,9 @@ .\" SPDX-License-Identifier: MIT . -.Dd October 17, 2021 +.Dd November 10, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM-LIST 8 -.Os tzpfms 0.1-7 +.Os tzpfms 0.1-10 . .Sh NAME .Nm zfs-tpm-list @@ -50,18 +50,15 @@ program or and .Nm zfs Cm inherit \(em if the key becomes unloaded, they will require restoration from back-up. -However, they should never occur, unless something went terribly wrong with the dataset properties. +However, this should never occur, unless something went horribly wrong with the dataset properties. .Pp -If no datasets are specified, lists all matching encryption roots. -The default filter is to list all roots managed by +If no datasets are specified, all matching encryption roots are listed \(em by default, those managed by .Nm tzpfms . -.Fl ab -can be used to either list all roots or only ones backed by a particular end, respectively. . .Sh OPTIONS .Bl -tag -compact -width "-b back-end" .It Fl H -Scripting mode \(em do not print headers and separate fields by a single tab instead of columnating with spaces. +Scripting mode \(em remove headers and separate fields by a single tab instead of columnating them with spaces. .Pp .It Fl r Recurse into all descendants of specified datasets. @@ -76,9 +73,8 @@ Default: List all encryption roots, even ones not managed by .Nm tzpfms . .It Fl b Ar back-end -List only encryption roots with -.Ar tzpfms -back-end +List only encryption roots with the specified +.Nm tzpfms .Ar back-end . .Pp .It Fl l diff --git a/zfs-tpm-list.8.html b/zfs-tpm-list.8.html index f791972..fb776b8 100644 --- a/zfs-tpm-list.8.html +++ b/zfs-tpm-list.8.html @@ -71,20 +71,18 @@ zfs change-key and zfs inherit — if the key becomes unloaded, they will require restoration from back-up. However, - they should never occur, unless something went terribly wrong with the + this should never occur, unless something went horribly wrong with the dataset properties.

-

If no datasets are specified, lists all matching encryption roots. - The default filter is to list all roots managed by - tzpfms. -ab can be used to - either list all roots or only ones backed by a particular end, - respectively.

+

If no datasets are specified, all matching encryption roots are + listed — by default, those managed by + tzpfms.

-
Scripting mode — do not print headers and separate fields by a - single tab instead of columnating with spaces. +
Scripting mode — remove headers and separate fields by a single tab + instead of columnating them with spaces.

@@ -100,8 +98,8 @@ tzpfms.
back-end
-
List only encryption roots with tzpfms back-end - back-end. +
List only encryption roots with the specified + tzpfms back-end.

@@ -170,8 +168,8 @@ owo/enc TPM1.X available yes - - + +
October 17, 2021tzpfms 0.1-7November 10, 2021tzpfms 0.1-10
diff --git a/zfs-tpm1x-change-key.8 b/zfs-tpm1x-change-key.8 index 2ab4905..057693f 100644 --- a/zfs-tpm1x-change-key.8 +++ b/zfs-tpm1x-change-key.8 @@ -1,9 +1,9 @@ .\" SPDX-License-Identifier: MIT . -.Dd October 17, 2021 +.Dd November 10, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM1X-CHANGE-KEY 8 -.Os tzpfms 0.1-7 +.Os tzpfms 0.1-10 . .Sh NAME .Nm zfs-tpm1x-change-key @@ -38,11 +38,11 @@ and the back-end was used, the metadata will be silently cleared. Otherwise, or in case of an error, data required for manual intervention will be printed to the standard error stream. .Pp -Next, a new wrapping key is be generated on the TPM, optionally backed up +Next, a new wrapping key is generated on the TPM, optionally backed up .Pq see Sx OPTIONS , and sealed on the TPM; the user is prompted for an optional passphrase to protect the key with, -and for the SRK passphrase, set when taking ownership, if it is not "well-known" (all zeroes). +and for the SRK passphrase, set when taking ownership, if not "well-known" (all zeroes). .Pp The following properties are set on .Ar dataset : diff --git a/zfs-tpm1x-change-key.8.html b/zfs-tpm1x-change-key.8.html index e6acf45..bb77293 100644 --- a/zfs-tpm1x-change-key.8.html +++ b/zfs-tpm1x-change-key.8.html @@ -49,10 +49,10 @@ used, the metadata will be silently cleared. Otherwise, or in case of an error, data required for manual intervention will be printed to the standard error stream.

-

Next, a new wrapping key is be generated on the TPM, optionally +

Next, a new wrapping key is generated on the TPM, optionally backed up (see OPTIONS), and sealed on the TPM; the user is prompted for an optional passphrase to protect the key - with, and for the SRK passphrase, set when taking ownership, if it is not + with, and for the SRK passphrase, set when taking ownership, if not "well-known" (all zeroes).

The following properties are set on dataset:

@@ -165,8 +165,8 @@ - - + +
October 17, 2021tzpfms 0.1-7November 10, 2021tzpfms 0.1-10
diff --git a/zfs-tpm1x-clear-key.8 b/zfs-tpm1x-clear-key.8 index e311c95..772f5eb 100644 --- a/zfs-tpm1x-clear-key.8 +++ b/zfs-tpm1x-clear-key.8 @@ -1,9 +1,9 @@ .\" SPDX-License-Identifier: MIT . -.Dd October 17, 2021 +.Dd November 10, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM1X-CLEAR-KEY 8 -.Os tzpfms 0.1-7 +.Os tzpfms 0.1-10 . .Sh NAME .Nm zfs-tpm1x-clear-key diff --git a/zfs-tpm1x-clear-key.8.html b/zfs-tpm1x-clear-key.8.html index 57e3689..4763001 100644 --- a/zfs-tpm1x-clear-key.8.html +++ b/zfs-tpm1x-clear-key.8.html @@ -105,8 +105,8 @@ - - + +
October 17, 2021tzpfms 0.1-7November 10, 2021tzpfms 0.1-10
diff --git a/zfs-tpm1x-load-key.8 b/zfs-tpm1x-load-key.8 index f4d509c..a683a3d 100644 --- a/zfs-tpm1x-load-key.8 +++ b/zfs-tpm1x-load-key.8 @@ -1,13 +1,13 @@ .\" SPDX-License-Identifier: MIT . -.Dd October 17, 2021 +.Dd November 10, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM1X-LOAD-KEY 8 -.Os tzpfms 0.1-7 +.Os tzpfms 0.1-10 . .Sh NAME .Nm zfs-tpm1x-load-key -.Nd load tzpfms TPM1.X-encrypted ZFS dataset key +.Nd load TPM1.X-encrypted ZFS dataset key .Sh SYNOPSIS .Nm .Op Fl n @@ -23,8 +23,8 @@ backend will unseal the key and load it into .Ar dataset . .Pp -The user is prompted for, first, the SRK passphrase, set when taking ownership, if it's not "well-known" (all zeroes), -then the additional passphrase set when creating the key, if it was provided. +The user is first prompted for the SRK passphrase, set when taking ownership, if not "well-known" (all zeroes); +then for the additional passphrase, set when creating the key, if one was set. .Pp See .Xr zfs-tpm1x-change-key 8 diff --git a/zfs-tpm1x-load-key.8.html b/zfs-tpm1x-load-key.8.html index 0d6ebb0..d87cf65 100644 --- a/zfs-tpm1x-load-key.8.html +++ b/zfs-tpm1x-load-key.8.html @@ -21,7 +21,7 @@

zfs-tpm1x-load-key — - load tzpfms TPM1.X-encrypted ZFS dataset key

+ load TPM1.X-encrypted ZFS dataset key

@@ -38,9 +38,9 @@ tzpfms backend will unseal the key and load it into dataset.

-

The user is prompted for, first, the SRK passphrase, set when - taking ownership, if it's not "well-known" (all zeroes), then the - additional passphrase set when creating the key, if it was provided.

+

The user is first prompted for the SRK passphrase, set when taking + ownership, if not "well-known" (all zeroes); then for the + additional passphrase, set when creating the key, if one was set.

See zfs-tpm1x-change-key(8) for a detailed description.

@@ -106,8 +106,8 @@ - - + +
October 17, 2021tzpfms 0.1-7November 10, 2021tzpfms 0.1-10
diff --git a/zfs-tpm2-change-key.8 b/zfs-tpm2-change-key.8 index f57628a..c59ff10 100644 --- a/zfs-tpm2-change-key.8 +++ b/zfs-tpm2-change-key.8 @@ -1,9 +1,9 @@ .\" SPDX-License-Identifier: MIT . -.Dd October 17, 2021 +.Dd November 10, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM2-CHANGE-KEY 8 -.Os tzpfms 0.1-7 +.Os tzpfms 0.1-10 . .Sh NAME .Nm zfs-tpm2-change-key @@ -38,7 +38,7 @@ and the back-end was used, the previous key will be freed from the TPM. Otherwise, or in case of an error, data required for manual intervention will be printed to the standard error stream. .Pp -Next, a new wrapping key is be generated on the TPM, optionally backed up +Next, a new wrapping key is generated on the TPM, optionally backed up .Pq see Sx OPTIONS , and sealed to a persistent object on the TPM under the owner hierarchy; if there is a passphrase set on the owner hierarchy, the user is prompted for it; diff --git a/zfs-tpm2-change-key.8.html b/zfs-tpm2-change-key.8.html index 1d09a82..f2ebd78 100644 --- a/zfs-tpm2-change-key.8.html +++ b/zfs-tpm2-change-key.8.html @@ -49,7 +49,7 @@ used, the previous key will be freed from the TPM. Otherwise, or in case of an error, data required for manual intervention will be printed to the standard error stream.

-

Next, a new wrapping key is be generated on the TPM, optionally +

Next, a new wrapping key is generated on the TPM, optionally backed up (see OPTIONS), and sealed to a persistent object on the TPM under the owner hierarchy; if there is a passphrase set on the owner hierarchy, the user is prompted for it; the user @@ -178,8 +178,8 @@ - - + +
October 17, 2021tzpfms 0.1-7November 10, 2021tzpfms 0.1-10
diff --git a/zfs-tpm2-clear-key.8 b/zfs-tpm2-clear-key.8 index a8b1dac..83f5123 100644 --- a/zfs-tpm2-clear-key.8 +++ b/zfs-tpm2-clear-key.8 @@ -1,9 +1,9 @@ .\" SPDX-License-Identifier: MIT . -.Dd October 17, 2021 +.Dd November 10, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM2-CLEAR-KEY 8 -.Os tzpfms 0.1-7 +.Os tzpfms 0.1-10 . .Sh NAME .Nm zfs-tpm2-clear-key diff --git a/zfs-tpm2-clear-key.8.html b/zfs-tpm2-clear-key.8.html index f67cadb..11b32ba 100644 --- a/zfs-tpm2-clear-key.8.html +++ b/zfs-tpm2-clear-key.8.html @@ -120,8 +120,8 @@ - - + +
October 17, 2021tzpfms 0.1-7November 10, 2021tzpfms 0.1-10
diff --git a/zfs-tpm2-load-key.8 b/zfs-tpm2-load-key.8 index fe4abe8..9e153b9 100644 --- a/zfs-tpm2-load-key.8 +++ b/zfs-tpm2-load-key.8 @@ -1,13 +1,13 @@ .\" SPDX-License-Identifier: MIT . -.Dd October 17, 2021 +.Dd November 10, 2021 .ds doc-volume-operating-system .Dt ZFS-TPM2-LOAD-KEY 8 -.Os tzpfms 0.1-7 +.Os tzpfms 0.1-10 . .Sh NAME .Nm zfs-tpm2-load-key -.Nd load tzpfms TPM2-encrypted ZFS dataset key +.Nd load TPM2-encrypted ZFS dataset key .Sh SYNOPSIS .Nm .Op Fl n @@ -23,6 +23,8 @@ backend unseals the key and loads it into .Ar dataset . .Pp +The user is prompted for the additional passphrase, set when creating the key, if one was set. +.Pp See .Xr zfs-tpm2-change-key 8 for a detailed description. diff --git a/zfs-tpm2-load-key.8.html b/zfs-tpm2-load-key.8.html index 9304ba6..a5a5d2c 100644 --- a/zfs-tpm2-load-key.8.html +++ b/zfs-tpm2-load-key.8.html @@ -21,7 +21,7 @@

zfs-tpm2-load-key — - load tzpfms TPM2-encrypted ZFS dataset key

+ load TPM2-encrypted ZFS dataset key

@@ -38,6 +38,8 @@ tzpfms backend , unseals the key and loads it into dataset.

+

The user is prompted for the additional passphrase, set when + creating the key, if one was set.

See zfs-tpm2-change-key(8) for a detailed description.

@@ -103,8 +105,8 @@ - - + +
October 17, 2021tzpfms 0.1-7November 10, 2021tzpfms 0.1-10