diff --git a/tzpfms.pdf b/tzpfms.pdf index 4bb4ea1..37a8350 100644 Binary files a/tzpfms.pdf and b/tzpfms.pdf differ diff --git a/tzpfms.ps b/tzpfms.ps index ef729ca..0e6d122 100644 --- a/tzpfms.ps +++ b/tzpfms.ps @@ -1,6 +1,6 @@ %!PS-Adobe-3.0 %%Creator: groff version 1.22.4 -%%CreationDate: Sun Dec 4 01:27:45 2022 +%%CreationDate: Sun Dec 4 01:52:41 2022 %%DocumentNeededResources: font Times-Roman %%+ font Times-Bold %%+ font Courier-Bold @@ -9,7 +9,7 @@ %%+ font Symbol %%+ font Times-Italic %%DocumentSuppliedResources: procset grops 1.22 4 -%%Pages: 14 +%%Pages: 13 %%PageOrder: Ascend %%DocumentMedia: Default 595 842 0 () () %%Orientation: Portrait @@ -256,17 +256,17 @@ F2-.834 E F0(|)A F21.666 E/F3 10/Courier-Oblique@0 SF(depth) (back-end)6 E F0 3.333(][).833 G F2-.834 E F0(|)A F21.666 E F0(]).833 E([)180 156 Q F3(filesystem)A F0(|)A F3(volume)A F0 1.666 (]...)C F1(DESCRIPTION)72 180 Q F0(Lists the follo)102 192 Q -(wing properties on encryption roots:)-.25 E/F4 10/Courier@0 SF(name)132 -204 Q(back-end)132 216 Q F0(the)191 216 Q F2(tzpfms)7.633 E F0 6.799 -(back-end \()7.633 F(e.g.)1.666 E F1(TPM2)7.633 E F0(for)7.633 E F4 -(zfs-tpm2-change-key)7.634 E F0 5.134(\(8\) or)B F1(TPM1.X)191 228 Q F0 -(for)2.5 E F4(zfs-tpm1x-change-key)2.5 E F0 -.834(\(8\) \) ,)B(or ")2.5 -E F1(-)A F0 2.5("i)C 2.5(fn)-2.5 G(one is con\214gured)-2.5 E F4 -(keystatus)132 240 Q F1 -2.1 -.25(av a)191 240 T(ilable).25 E F0(or)2.5 -E F1(una)2.5 E -.1(va)-.25 G(ilable).1 E F4(coherent)132 252 Q F1 -.1 -(ye)191 252 S(s).1 E F0 9.489(if either both)11.989 F F4 -(xyz.nabijaczleweli:tzpfms.backend)11.989 E F0(and)11.989 E F4 -(xyz.nabijaczleweli:tzpfms.key)191 264 Q F0(are present or missing,)2.5 +(wing properties on encryption roots:)-.25 E/F4 10/Courier@0 SF(name)122 +204 Q(back-end)122 216 Q F0(the)181 216 Q F2(tzpfms)3.311 E F0 2.477 +(back-end \()3.311 F(e.g.)1.666 E F1(TPM2)3.312 E F0(for)3.312 E F4 +(zfs-tpm2-change-key)3.312 E F0 .812(\(8\) or)B F1(TPM1.X)3.312 E F0 +(for)181 228 Q F4(zfs-tpm1x-change-key)2.5 E F0 -.834(\(8\) \) ,)B(or ") +2.5 E F1(-)A F0 2.5("i)C 2.5(fn)-2.5 G(one is con\214gured)-2.5 E F4 +(keystatus)122 240 Q F1 -2.1 -.25(av a)181 240 T(ilable).25 E F0(or)2.5 +E F1(una)2.5 E -.1(va)-.25 G(ilable).1 E F4(coherent)122 252 Q F1 -.1 +(ye)181 252 S(s).1 E F0 11.489(if either both)13.989 F F4 +(xyz.nabijaczleweli:tzpfms.backend)13.989 E F0(and)13.989 E F4 +(xyz.nabijaczleweli:tzpfms.key)181 264 Q F0(are present or missing,)2.5 E F1(no)2.5 E F0(otherwise)2.5 E 9.409(Incoherent datasets require imme\ diate operator attention, with either the appropriate)102 282 R F2 (zfs-tpm)102 294 Q/F5 10/Symbol SF(*)A F2(-clear-key)A F0 .427 @@ -280,59 +280,58 @@ F(Ho)6.113 E(we)-.25 E -.15(ve)-.25 G 1.913 -.4(r, t).15 H 1.113 (thing went horribly wrong with the dataset properties.)102 318 Q 1.34(\ If no datasets are speci\214ed, all matching encryption roots are liste\ d \212 by def)102 336 R 1.34(ault, those managed by)-.1 F F2(tzpfms)102 -348 Q F0(.)A F1(OPTIONS)72 372 Q F2103.666 384 Q F0 .124 -(Scripting mode \212 remo)173 384 R .424 -.15(ve h)-.15 H .125 -(eaders and separate \214elds by a single tab instead of colum-).15 F -(nating them with spaces.)173 396 Q F2103.666 414 Q F0 -(Recurse into all descendants of speci\214ed datasets.)173 414 Q F2 -103.666 426 Q F3(depth)6 E F0(Recurse at most)173 426 Q F3(depth) +348 Q F0(.)A F1(OPTIONS)72 372 Q F2103.666 384 Q F0 2.044 +(Scripting mode \212 remo)179 384 R 2.344 -.15(ve h)-.15 H 2.044 +(eaders and separate \214elds by a single tab instead of).15 F +(columnating them with spaces.)179 396 Q F2103.666 414 Q F0 +(Recurse into all descendants of speci\214ed datasets.)179 414 Q F2 +103.666 426 Q F3(depth)6 E F0(Recurse at most)179 426 Q F3(depth) 2.5 E F0(datasets deep.)2.5 E(Def)5 E(ault:)-.1 E F1(0)2.5 E F0(.)A F2 -103.666 444 Q F0(List all encryption roots, e)173 444 Q -.15(ve) +103.666 444 Q F0(List all encryption roots, e)179 444 Q -.15(ve) -.25 G 2.5(no).15 G(nes not managed by)-2.5 E F2(tzpfms)2.5 E F0(.)A F2 103.666 456 Q F3(back-end)6 E F0 -(List only encryption roots with the speci\214ed)173 468 Q F2(tzpfms)2.5 -E F3(back-end)2.5 E F0(.)A F2103.666 486 Q F0 -(List only encryption roots whose k)173 486 Q -.15(ey)-.1 G 2.5(sa).15 G -(re una)-2.5 E -.25(va)-.2 G(ilable.).25 E F2103.666 498 Q F0 -(List only encryption roots whose k)173 498 Q -.15(ey)-.1 G 2.5(sa).15 G -(re a)-2.5 E -.25(va)-.2 G(ilable.).25 E F1(EXAMPLES)72 522 Q F4($)102 -534 Q F2(zfs-tpm-list)6 E F4 72(NAME BACK-END)102 546 R 18 -(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)102 558 R 18 -(available yes)24 F 6(tarta-zoot/home TPM2)102 570 R 6(unavailable yes) -36 F($)102 594 Q F2 1.666(zfs-tpm-list \255ad0)6 F F4 24(NAME BACK-END) -102 606 R 6(KEYSTATUS COHERENT)12 F 6(filling -)102 618 R 6 -(available yes)54 F($)102 642 Q F2 1.666(zfs-tpm-list \255b)6 F F1(TPM2) -6 E F4 72(NAME BACK-END)102 654 R 18(KEYSTATUS COHERENT)12 F 6 -(tarta-zoot/home TPM2)102 666 R 6(unavailable yes)36 F($)102 690 Q F2 +(List only encryption roots with the speci\214ed)179 456 Q F2(tzpfms)2.5 +E F3(back-end)2.5 E F0(.)A F2103.666 474 Q F0 +(List only encryption roots whose k)179 474 Q -.15(ey)-.1 G 2.5(sa).15 G +(re una)-2.5 E -.25(va)-.2 G(ilable.).25 E F2103.666 486 Q F0 +(List only encryption roots whose k)179 486 Q -.15(ey)-.1 G 2.5(sa).15 G +(re a)-2.5 E -.25(va)-.2 G(ilable.).25 E F1(EXAMPLES)72 510 Q F4($)102 +522 Q F2(zfs-tpm-list)6 E F4 72(NAME BACK-END)102 534 R 18 +(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)102 546 R 18 +(available yes)24 F 6(tarta-zoot/home TPM2)102 558 R 6(unavailable yes) +36 F($)102 582 Q F2 1.666(zfs-tpm-list \255ad0)6 F F4 24(NAME BACK-END) +102 594 R 6(KEYSTATUS COHERENT)12 F 6(filling -)102 606 R 6 +(available yes)54 F($)102 630 Q F2 1.666(zfs-tpm-list \255b)6 F F1(TPM2) +6 E F4 72(NAME BACK-END)102 642 R 18(KEYSTATUS COHERENT)12 F 6 +(tarta-zoot/home TPM2)102 654 R 6(unavailable yes)36 F($)102 678 Q F2 1.666(zfs-tpm-list \255ra)6 F F3(tarta-zoot)6 E F4 72(NAME BACK-END)102 -702 R 18(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)102 714 R 18 -(available yes)24 F 6(tarta-zoot/home TPM2)102 726 R 6(unavailable yes) -36 F 12(tarta-zoot/bkp -)102 738 R 18(available yes)54 F 18 -(tarta-zoot/vm -)102 750 R 18(available yes)54 F F0 -(tzpfms 0.3.1-9-gd2dcf95)72 799.889 Q(December 4, 2022)98.055 E(1) -192.205 E 0 Cg EP +690 R 18(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)102 702 R 18 +(available yes)24 F 6(tarta-zoot/home TPM2)102 714 R 6(unavailable yes) +36 F 12(tarta-zoot/bkp -)102 726 R 18(available yes)54 F 18 +(tarta-zoot/vm -)102 738 R 18(available yes)54 F($)102 762 Q F2 1.666 +(zfs-tpm-list \255al)6 F F0(tzpfms 0.3.1-10-gf403f)72 810 Q 94.145 +(fe December)-.25 F(4, 2022)2.5 E(1)192.205 E 0 Cg EP %%Page: 2 2 %%BeginPageSetup BP %%EndPageSetup /F0 10/Times-Roman@0 SF -.834(ZFS-TPM-LIST \(8\))72 48 R (System Manager')102.759 E 2.5(sM)-.55 G 97.759(anual ZFS-TPM-LIST)-2.5 -F(\(8\))1.666 E/F1 10/Courier@0 SF($)102 96 Q/F2 10/Courier-Bold@0 SF -1.666(zfs-tpm-list \255al)6 F F1 72(NAME BACK-END)102 108 R 6 -(KEYSTATUS COHERENT)12 F 54(filling -)102 120 R 6(available yes)54 F 36 -(tarta-zoot TPM1.X)102 132 R 6(available yes)24 F 12(tarta-zoot/bkp -) -102 144 R 6(available yes)54 F 18(tarta-zoot/vm -)102 156 R 6 -(available yes)54 F/F3 10/Times-Bold@0 SF 1.666(SPECIAL THANKS)72 180 R -F0 1.6 -.8(To a)102 192 T(ll who support further de).8 E -.15(ve)-.25 G -(lopment, in particular:).15 E F3<83>122 204 Q F0(ThePhD)2.5 E F3<83>122 -216 Q F0(Embark Studios)2.5 E F3<83>122 228 Q F0(Lars Strojn)2.5 E(y) --.15 E F3(REPOR)72 252 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr) -102 264 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F1 -(\001nabijaczleweli/tzpfms@lists.sr.ht)102 282 Q F0 86.763(,a)C(rchi) --86.763 E -.15(ve)-.25 G 86.762(da).15 G(t)-86.762 E F3 -(https://lists.sr)102 294 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A -(tzpfms 0.3.1-9-gd2dcf95)72 799.889 Q(December 4, 2022)98.055 E(2) -192.205 E 0 Cg EP +F(\(8\))1.666 E/F1 10/Courier@0 SF 72(NAME BACK-END)102 96 R 6 +(KEYSTATUS COHERENT)12 F 54(filling -)102 108 R 6(available yes)54 F 36 +(tarta-zoot TPM1.X)102 120 R 6(available yes)24 F 12(tarta-zoot/bkp -) +102 132 R 6(available yes)54 F 18(tarta-zoot/vm -)102 144 R 6 +(available yes)54 F/F2 10/Times-Bold@0 SF 1.666(SPECIAL THANKS)72 168 R +F0 1.6 -.8(To a)102 180 T(ll who support further de).8 E -.15(ve)-.25 G +(lopment, in particular:).15 E F2<83>122 192 Q F0(ThePhD)7.5 E F2<83>122 +204 Q F0(Embark Studios)7.5 E F2<83>122 216 Q F0(Lars Strojn)7.5 E(y) +-.15 E F2(REPOR)72 240 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr) +102 252 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F1 +(\001nabijaczleweli/tzpfms@lists.sr.ht)102 270 Q F0 86.763(,a)C(rchi) +-86.763 E -.15(ve)-.25 G 86.762(da).15 G(t)-86.762 E F2 +(https://lists.sr)102 282 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A +(tzpfms 0.3.1-10-gf403f)72 799.889 Q 94.145(fe December)-.25 F(4, 2022) +2.5 E(2)192.205 E 0 Cg EP %%Page: 3 3 %%BeginPageSetup BP @@ -413,92 +412,91 @@ E F5(keyformat=passphrase)102 552 Q F3(dataset)6 E F0 -3.332 1.666 (ug, please.)-.2 E F2(zfs-tpm1x-clear-key)102 570 Q F3(dataset)8.036 E F0 2.035(can be used to clear the properties and go back to using a) 4.536 F(passphrase.)102 582 Q F1(OPTIONS)72 606 Q F2103.666 618 Q -F3(backup-file)6 E F0(Sa)191 630 Q 1.352 -.15(ve a b)-.2 H 1.052 -(ack-up of the k).15 F 1.352 -.15(ey t)-.1 H(o).15 E F3(backup-file) -3.552 E F0 3.552(,w)C 1.052(hich must not e)-3.552 F 1.053 -(xist beforehand.)-.15 F .432(This back-up)191 642 R F4(must)2.932 E F0 -.431(be stored securely)2.931 F 2.931(,o)-.65 G -.25(ff)-2.931 G 2.931 -(-site. In).25 F .431(case of a catastrophic e)2.931 F -.15(ve)-.25 G -.431(nt, the).15 F -.1(ke)191 654 S 2.5(yc)-.05 G -(an be loaded by running)-2.5 E F2(zfs load-key)221 666 Q F3(dataset)6 E -F5(<)6 E F3(backup-file)6 E F2103.666 684 Q F3(PCR)6 E F0([)A F2 -(,)A F3(PCR)A F0 1.666(]...)C .45(Bind the k)191 684 R .75 -.15(ey t)-.1 -H 2.95(os).15 G .45(pace- or comma-separated)-2.95 F F3(PCR)2.95 E F0 --5.449 2.95(s\212 i)D 2.951(ft)-2.95 G(he)-2.951 E 2.951(yc)-.15 G .451 -(hange, the wrapping)-2.951 F -.1(ke)191 696 S 2.59(yw)-.05 G .089 -(ill not be able to be unsealed.)-2.59 F .089 -(The minimum number of PCRs for a PC TPM)5.089 F(is)191 708 Q F1(24)2.5 +F3(backup-file)6 E F0(Sa)197 618 Q .852 -.15(ve a b)-.2 H .552 +(ack-up of the k).15 F .852 -.15(ey t)-.1 H(o).15 E F3(backup-file)3.052 +E F0 3.052(,w)C .552(hich must not e)-3.052 F .553(xist beforehand.)-.15 +F 1.194(This back-up)197 630 R F4(must)3.694 E F0 1.194 +(be stored securely)3.694 F 3.694(,o)-.65 G -.25(ff)-3.694 G 3.694 +(-site. In).25 F 1.193(case of a catastrophic e)3.694 F -.15(ve)-.25 G +(nt,).15 E(the k)197 642 Q .3 -.15(ey c)-.1 H(an be loaded by running) +.15 E F2(zfs load-key)227 654 Q F3(dataset)6 E F5(<)6 E F3(backup-file)6 +E F2103.666 672 Q F3(PCR)6 E F0([)A F2(,)A F3(PCR)A F0 1.666(]...) +C 1.1(Bind the k)197 672 R 1.4 -.15(ey t)-.1 H 3.6(os).15 G 1.1 +(pace- or comma-separated)-3.6 F F3(PCR)3.6 E F0 -6.099 3.6(s\212 i)D +3.601(ft)-3.6 G(he)-3.601 E 3.601(yc)-.15 G 1.101(hange, the wrap-) +-3.601 F .863(ping k)197 684 R 1.163 -.15(ey w)-.1 H .863 +(ill not be able to be unsealed.).15 F .862 +(The minimum number of PCRs for a)5.862 F(PC TPM is)197 696 Q F1(24)2.5 E F0 1.666(\(n)4.166 G .833(umbered [)-1.666 F F1(0).833 E F0(,)A F1(23) 2.5 E F0 -.832 1.666(]\). F).833 H(or most, this is also the maximum.) --1.816 E(tzpfms 0.3.1-9-gd2dcf95)72 799.889 Q(December 4, 2022)98.055 E -(3)192.205 E 0 Cg EP +-1.816 E F1(ENVIR)72 720 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F0 +(tzpfms 0.3.1-10-gf403f)72 799.889 Q 94.145(fe December)-.25 F(4, 2022) +2.5 E(3)192.205 E 0 Cg EP %%Page: 4 4 %%BeginPageSetup BP %%EndPageSetup /F0 10/Times-Roman@0 SF -.834(ZFS-TPM1X-CHANGE-KEY \(8\))72 48 R (System Manager')46.109 E 2.5(sM)-.55 G 41.109 -(anual ZFS-TPM1X-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF -(ENVIR)72 96 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E/F2 10/Courier@0 SF -(TZPFMS_PASSPHRASE_HELPER)102 108 Q F0 .159(By def)143 120 R .159(ault,\ - passphrases are prompted for and read in on the standard output and in\ -put streams.)-.1 F(If)143 132 Q F2(TZPFMS_PASSPHRASE_HELPER)3.356 E F0 -.856(is set and nonempty)3.356 F 3.356(,i)-.65 G 3.356(tw)-3.356 G .856 -(ill be run via)-3.356 F F2(/bin/)3.355 E/F3 10/Courier-Bold@0 SF 2.521 -(sh \255c)B F0(to pro)143 144 Q(vide each passphrase, instead.)-.15 E -.087(The standard output stream of the helper is tied to an anon)143 162 -R .088(ymous \214le and used in its entirety as)-.15 F -(the passphrase, e)143 174 Q(xcept for a trailing ne)-.15 E -(w-line, if an)-.25 E 3.8 -.65(y. T)-.15 H(he ar).65 E(guments are:)-.18 -E F2($1)155 186 Q F0 -(Pre-formatted noun phrase with all the information belo)172 186 Q 1.3 --.65(w, f)-.25 H(or use as a prompt).65 E F2($2)155 198 Q F0 -(Either the dataset name or the element of the TPM hierarch)172 198 Q -2.5(yb)-.05 G(eing prompted for)-2.5 E F2($3)155 210 Q F0("ne)172 210 Q +(anual ZFS-TPM1X-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Courier@0 SF +(TZPFMS_PASSPHRASE_HELPER)102 96 Q F0 .42(By def)127 108 R .42(ault, pa\ +ssphrases are prompted for and read in on the standard output and input\ + streams.)-.1 F(If)5.421 E F1(TZPFMS_PASSPHRASE_HELPER)127 120 Q F0 .461 +(is set and nonempty)2.961 F 2.961(,i)-.65 G 2.961(tw)-2.961 G .461 +(ill be run via)-2.961 F F1(/bin/)2.96 E/F2 10/Courier-Bold@0 SF 2.126 +(sh \255c)B F0 .46(to pro-)2.96 F(vide each passphrase, instead.)127 132 +Q .15(The standard output stream of the helper is tied to an anon)127 +150 R .151(ymous \214le and used in its entirety as the)-.15 F +(passphrase, e)127 162 Q(xcept for a trailing ne)-.15 E(w-line, if an) +-.25 E 3.8 -.65(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F1($1)137 +174 Q F0(Pre-formatted noun phrase with all the information belo)154 174 +Q 1.3 -.65(w, f)-.25 H(or use as a prompt).65 E F1($2)137 186 Q F0 +(Either the dataset name or the element of the TPM hierarch)154 186 Q +2.5(yb)-.05 G(eing prompted for)-2.5 E F1($3)137 198 Q F0("ne)154 198 Q (w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank) --2.5 E F2($4)155 222 Q F0("ag)172 222 Q(ain" if it')-.05 E 2.5(st)-.55 G -(he second prompt for that passphrase, otherwise blank)-2.5 E 1.109 -(If the helper doesn')143 240 R 3.609(te)-.18 G 2.775(xist \()-3.759 F -1.109(the shell e)1.666 F 1.109(xits with)-.15 F F1(127)3.609 E F0 --2.223 1.666(\), a d)1.666 H 1.108(iagnostic is issued and the normal) --1.666 F(prompt is used as f)143 252 Q 2.5(all-back. If)-.1 F(it f)2.5 E -(ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.) --2.5 E F1 1.666(TPM1.X back-end con\214guration)72 276 R .625 -(TPM selection)84 288 R F0(The)102 300 Q F3(tzpfms)2.682 E F0 .182 -(suite connects to a local)2.682 F F2(tcsd)2.682 E F0 .182 -(\(8\) process)B 1.666(\(a)4.348 G(t)-1.666 E F2(localhost:30003)2.682 E -F0 4.348(\)b)1.666 G 2.683(yd)-4.348 G(ef)-2.683 E 2.683(ault. Use)-.1 F -(the)2.683 E(en)102 312 Q(vironment v)-.4 E(ariable)-.25 E F2 -(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .611 -(The T)102 330 R(rouSerS)-.35 E F2(tcsd)3.111 E F0 .611 -(\(8\) daemon will try)B F2(/dev/tpm0)3.11 E F0 3.11(,t)C(hen)-3.11 E F2 -(/udev/tpm0)3.11 E F0 3.11(,t)C(hen)-3.11 E F2(/dev/tpm)3.11 E F0 3.11 -(;b)C 3.11(yo)-3.11 G(ccu-)-3.11 E -.1(py)102 342 S -(ing one of the earlier ones with, for e).1 E -(xample, shell redirection, a later one can be selected.)-.15 E F1 .625 -(See also)84 366 R F0(The T)102 378 Q(rouSerS project page at)-.35 E F1 +-2.5 E F1($4)137 210 Q F0("ag)154 210 Q(ain" if it')-.05 E 2.5(st)-.55 G +(he second prompt for that passphrase, otherwise blank)-2.5 E .139 +(If the helper doesn')127 228 R 2.639(te)-.18 G 1.805(xist \()-2.789 F +.138(the shell e)1.666 F .138(xits with)-.15 F/F3 10/Times-Bold@0 SF +(127)2.638 E F0 -3.194 1.666(\), a d)1.666 H .138 +(iagnostic is issued and the normal prompt)-1.666 F(is used as f)127 240 +Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15 G +(ther reason, the prompting is aborted.)-2.5 E F3 1.666 +(TPM1.X back-end con\214guration)72 264 R .625(TPM selection)84 276 R F0 +(The)102 288 Q F2(tzpfms)2.682 E F0 .182(suite connects to a local)2.682 +F F1(tcsd)2.682 E F0 .182(\(8\) process)B 1.666(\(a)4.348 G(t)-1.666 E +F1(localhost:30003)2.682 E F0 4.348(\)b)1.666 G 2.683(yd)-4.348 G(ef) +-2.683 E 2.683(ault. Use)-.1 F(the)2.683 E(en)102 300 Q(vironment v)-.4 +E(ariable)-.25 E F1(TZPFMS_TPM1X)2.5 E F0 +(to specify a remote TCS hostname.)2.5 E .611(The T)102 318 R(rouSerS) +-.35 E F1(tcsd)3.111 E F0 .611(\(8\) daemon will try)B F1(/dev/tpm0)3.11 +E F0 3.11(,t)C(hen)-3.11 E F1(/udev/tpm0)3.11 E F0 3.11(,t)C(hen)-3.11 E +F1(/dev/tpm)3.11 E F0 3.11(;b)C 3.11(yo)-3.11 G(ccu-)-3.11 E -.1(py)102 +330 S(ing one of the earlier ones with, for e).1 E +(xample, shell redirection, a later one can be selected.)-.15 E F3 .625 +(See also)84 354 R F0(The T)102 366 Q(rouSerS project page at)-.35 E F3 (https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18 E(ousers)-.18 E F0(.)A 2.719(The TPM 1.2 main speci\214cation inde)102 -396 R 5.22(xa)-.15 G(t)-5.22 E F1(https://trustedcomputinggr)5.22 E +384 R 5.22(xa)-.15 G(t)-5.22 E F3(https://trustedcomputinggr)5.22 E (oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E -(speci\214cation)102 408 Q F0(.)A F1 1.666(SPECIAL THANKS)72 432 R F0 -1.6 -.8(To a)102 444 T(ll who support further de).8 E -.15(ve)-.25 G -(lopment, in particular:).15 E F1<83>122 456 Q F0(ThePhD)2.5 E F1<83>122 -468 Q F0(Embark Studios)2.5 E F1<83>122 480 Q F0(Lars Strojn)2.5 E(y) --.15 E F1(REPOR)72 504 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr) -102 516 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F2 -(\001nabijaczleweli/tzpfms@lists.sr.ht)102 534 Q F0 86.763(,a)C(rchi) --86.763 E -.15(ve)-.25 G 86.762(da).15 G(t)-86.762 E F1 -(https://lists.sr)102 546 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A F1 -1.666(SEE ALSO)72 570 R F0(PCR allocations:)102 582 Q F1 -(https://wiki.ar)102 594 Q(chlinux.or)-.18 E(g/title/T)-.1 E +(speci\214cation)102 396 Q F0(.)A F3 1.666(SPECIAL THANKS)72 420 R F0 +1.6 -.8(To a)102 432 T(ll who support further de).8 E -.15(ve)-.25 G +(lopment, in particular:).15 E F3<83>122 444 Q F0(ThePhD)7.5 E F3<83>122 +456 Q F0(Embark Studios)7.5 E F3<83>122 468 Q F0(Lars Strojn)7.5 E(y) +-.15 E F3(REPOR)72 492 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr) +102 504 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F1 +(\001nabijaczleweli/tzpfms@lists.sr.ht)102 522 Q F0 86.763(,a)C(rchi) +-86.763 E -.15(ve)-.25 G 86.762(da).15 G(t)-86.762 E F3 +(https://lists.sr)102 534 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A F3 +1.666(SEE ALSO)72 558 R F0(PCR allocations:)102 570 Q F3 +(https://wiki.ar)102 582 Q(chlinux.or)-.18 E(g/title/T)-.1 E (rusted_Platf)-.74 E(orm_Module#Accessing_PCR_r)-.25 E(egisters)-.18 E -F0(and)2.5 E F1(https://trustedcomputinggr)102 606 Q(oup.or)-.18 E -(g/wp-content/uploads/PC-)-.1 E(ClientSpeci\214c_Platf)102 618 Q(orm_Pr) +F0(and)2.5 E F3(https://trustedcomputinggr)102 594 Q(oup.or)-.18 E +(g/wp-content/uploads/PC-)-.1 E(ClientSpeci\214c_Platf)102 606 Q(orm_Pr) -.25 E(o\214le_f)-.18 E(or_TPM_2p0_Systems_v51.pdf)-.25 E F0 2.5(,S)C -(ection 2.3.4 "PCR Usage", T)-2.5 E(able)-.8 E(1.)102 630 Q -(tzpfms 0.3.1-9-gd2dcf95)72 799.889 Q(December 4, 2022)98.055 E(4) -192.205 E 0 Cg EP +(ection 2.3.4 "PCR Usage", T)-2.5 E(able)-.8 E(1.)102 618 Q +(tzpfms 0.3.1-10-gf403f)72 799.889 Q 94.145(fe December)-.25 F(4, 2022) +2.5 E(4)192.205 E 0 Cg EP %%Page: 5 5 %%BeginPageSetup BP @@ -513,21 +511,22 @@ F 1.308 -.15(ey i)-.1 H 3.508(np).15 G(asssw)-3.508 E 1.008 144 Q F2(zfs-tpm1x-clear-key)102 156 Q/F3 10/Courier-Oblique@0 SF (dataset)2.5 E F1(DESCRIPTION)72 180 Q F0(After v)102 192 Q(erifying) -.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E -F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM1.X)2.5 E F0(:)A 5.126 -(1. performs the equi)122 204 R -.25(va)-.25 G 5.126(lent of).25 F F2 -5.126(zfs change-key)7.626 F12.792 E/F4 10/Courier@0 SF -(keylocation=prompt)11.126 E F212.791 E F4(keyformat=passphrase) -127 216 Q F3(dataset)6 E F0(,)A 6.99(2. remo)122 228 R -.15(ve)-.15 G -9.491(st).15 G(he)-9.491 E F4(xyz.nabijaczleweli:tzpfms.)9.491 E F0({)A -F4(backend)A F0(,)A F4(key)12.991 E F0 9.491(}p)C 6.991(roperties from) --9.491 F F3(dataset)127 240 Q F0(.)A(See)102 258 Q F4 -(zfs-tpm1x-change-key)2.5 E F0(\(8\) for a detailed description.)A F1 -1.666(TPM1.X back-end con\214guration)72 282 R .625(TPM selection)84 294 -R F0(The)102 306 Q F2(tzpfms)2.683 E F0 .182(suite connects to a local) -2.683 F F4(tcsd)2.682 E F0 .182(\(8\) process)B 1.666(\(a)4.348 G(t) --1.666 E F4(localhost:30003)2.682 E F0 4.348(\)b)1.666 G 2.682(yd)-4.348 -G(ef)-2.682 E 2.682(ault. Use)-.1 F(the)2.682 E(en)102 318 Q -(vironment v)-.4 E(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0 +F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM1.X)2.5 E F0(:)A 5 +(1. performs)112 204 R 6.392(the equi)8.892 F -.25(va)-.25 G 6.392 +(lent of).25 F F2 6.392(zfs change-key)8.892 F14.057 E/F4 10 +/Courier@0 SF(keylocation=prompt)12.391 E F214.057 E F4 +(keyformat=passphrase)127 216 Q F3(dataset)6 E F0(,)A 5(2. remo)112 228 +R -.15(ve)-.15 G 11.889(st).15 G(he)-11.889 E F4 +(xyz.nabijaczleweli:tzpfms.)11.889 E F0({)A F4(backend)A F0(,)A F4(key) +15.389 E F0 11.889(}p)C 9.389(roperties from)-11.889 F F3(dataset)127 +240 Q F0(.)A(See)102 258 Q F4(zfs-tpm1x-change-key)2.5 E F0 +(\(8\) for a detailed description.)A F1 1.666 +(TPM1.X back-end con\214guration)72 282 R .625(TPM selection)84 294 R F0 +(The)102 306 Q F2(tzpfms)2.683 E F0 .182(suite connects to a local)2.683 +F F4(tcsd)2.682 E F0 .182(\(8\) process)B 1.666(\(a)4.348 G(t)-1.666 E +F4(localhost:30003)2.682 E F0 4.348(\)b)1.666 G 2.682(yd)-4.348 G(ef) +-2.682 E 2.682(ault. Use)-.1 F(the)2.682 E(en)102 318 Q(vironment v)-.4 +E(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0 (to specify a remote TCS hostname.)2.5 E .61(The T)102 336 R(rouSerS) -.35 E F4(tcsd)3.11 E F0 .61(\(8\) daemon will try)B F4(/dev/tpm0)3.11 E F0 3.11(,t)C(hen)-3.11 E F4(/udev/tpm0)3.111 E F0 3.111(,t)C(hen)-3.111 @@ -541,15 +540,15 @@ E(ousers)-.18 E F0(.)A 2.719(The TPM 1.2 main speci\214cation inde)102 (oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E (speci\214cation)102 414 Q F0(.)A F1 1.666(SPECIAL THANKS)72 438 R F0 1.6 -.8(To a)102 450 T(ll who support further de).8 E -.15(ve)-.25 G -(lopment, in particular:).15 E F1<83>122 462 Q F0(ThePhD)2.5 E F1<83>122 -474 Q F0(Embark Studios)2.5 E F1<83>122 486 Q F0(Lars Strojn)2.5 E(y) +(lopment, in particular:).15 E F1<83>122 462 Q F0(ThePhD)7.5 E F1<83>122 +474 Q F0(Embark Studios)7.5 E F1<83>122 486 Q F0(Lars Strojn)7.5 E(y) -.15 E F1(REPOR)72 510 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr) 102 522 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F4 (\001nabijaczleweli/tzpfms@lists.sr.ht)102 540 Q F0 86.762(,a)C(rchi) -86.762 E -.15(ve)-.25 G 86.763(da).15 G(t)-86.763 E F1 (https://lists.sr)102 552 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A -(tzpfms 0.3.1-9-gd2dcf95)72 799.889 Q(December 4, 2022)98.055 E(5) -192.205 E 0 Cg EP +(tzpfms 0.3.1-10-gf403f)72 799.889 Q 94.145(fe December)-.25 F(4, 2022) +2.5 E(5)192.205 E 0 Cg EP %%Page: 6 6 %%BeginPageSetup BP @@ -572,418 +571,33 @@ F0(.)A .611 102 222 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5(fo)-2.5 G(ne w)-2.5 E(as set.) -.1 E(See)102 240 Q/F4 10/Courier@0 SF(zfs-tpm1x-change-key)2.5 E F0 (\(8\) for a detailed description.)A F1(OPTIONS)72 264 Q F2103.666 -276 Q F0 .156(Do a no-op/dry run, can be used e)119 288 R -.15(ve)-.25 G -2.656(ni).15 G 2.656(ft)-2.656 G .156(he k)-2.656 F .456 -.15(ey i)-.1 H -2.656(sa).15 G .156(lready loaded.)-2.656 F(Equi)5.156 E -.25(va)-.25 G -.156(lent to).25 F F2 .156(zfs load-key)2.656 F F0 -.55('s)C F2 -120.666 300 Q F0(option.)2.5 E F1(ENVIR)72 324 Q 1.666(ONMENT V)-.3 F -(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)102 336 Q F0 .159(By def) -143 348 R .159(ault, passphrases are prompted for and read in on the st\ -andard output and input streams.)-.1 F(If)143 360 Q F4 -(TZPFMS_PASSPHRASE_HELPER)3.356 E F0 .856(is set and nonempty)3.356 F -3.356(,i)-.65 G 3.356(tw)-3.356 G .856(ill be run via)-3.356 F F4(/bin/) -3.355 E F2 2.521(sh \255c)B F0(to pro)143 372 Q -(vide each passphrase, instead.)-.15 E .087 -(The standard output stream of the helper is tied to an anon)143 390 R -.088(ymous \214le and used in its entirety as)-.15 F(the passphrase, e) -143 402 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65 -(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)155 414 Q F0 -(Pre-formatted noun phrase with all the information belo)172 414 Q 1.3 --.65(w, f)-.25 H(or use as a prompt).65 E F4($2)155 426 Q F0 -(Either the dataset name or the element of the TPM hierarch)172 426 Q -2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)155 438 Q F0("ne)172 438 Q +276 Q F0 3.583(Do a no-op/dry run, can be used e)125 276 R -.15(ve)-.25 +G 6.083(ni).15 G 6.083(ft)-6.083 G 3.583(he k)-6.083 F 3.883 -.15(ey i) +-.1 H 6.083(sa).15 G 3.583(lready loaded.)-6.083 F(Equi)8.582 E -.25(va) +-.25 G 3.582(lent to).25 F F2(zfs)6.082 E(load-key)125 288 Q F0 -.55('s) +C F24.716 E F0(option.)2.5 E F1(ENVIR)72 312 Q 1.666(ONMENT V)-.3 +F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)102 324 Q F0 .42(By def) +127 336 R .42(ault, passphrases are prompted for and read in on the sta\ +ndard output and input streams.)-.1 F(If)5.421 E F4 +(TZPFMS_PASSPHRASE_HELPER)127 348 Q F0 .461(is set and nonempty)2.961 F +2.961(,i)-.65 G 2.961(tw)-2.961 G .461(ill be run via)-2.961 F F4(/bin/) +2.96 E F2 2.126(sh \255c)B F0 .46(to pro-)2.96 F +(vide each passphrase, instead.)127 360 Q .15 +(The standard output stream of the helper is tied to an anon)127 378 R +.151(ymous \214le and used in its entirety as the)-.15 F(passphrase, e) +127 390 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65 +(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)137 402 Q F0 +(Pre-formatted noun phrase with all the information belo)154 402 Q 1.3 +-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)137 414 Q F0 +(Either the dataset name or the element of the TPM hierarch)154 414 Q +2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)137 426 Q F0("ne)154 426 Q (w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank) --2.5 E F4($4)155 450 Q F0("ag)172 450 Q(ain" if it')-.05 E 2.5(st)-.55 G -(he second prompt for that passphrase, otherwise blank)-2.5 E 1.109 -(If the helper doesn')143 468 R 3.609(te)-.18 G 2.775(xist \()-3.759 F -1.109(the shell e)1.666 F 1.109(xits with)-.15 F F1(127)3.609 E F0 --2.223 1.666(\), a d)1.666 H 1.108(iagnostic is issued and the normal) --1.666 F(prompt is used as f)143 480 Q 2.5(all-back. If)-.1 F(it f)2.5 E -(ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.) --2.5 E F1 1.666(TPM1.X back-end con\214guration)72 504 R .625 -(TPM selection)84 516 R F0(The)102 528 Q F2(tzpfms)2.682 E F0 .182 -(suite connects to a local)2.682 F F4(tcsd)2.682 E F0 .182 -(\(8\) process)B 1.666(\(a)4.348 G(t)-1.666 E F4(localhost:30003)2.682 E -F0 4.348(\)b)1.666 G 2.683(yd)-4.348 G(ef)-2.683 E 2.683(ault. Use)-.1 F -(the)2.683 E(en)102 540 Q(vironment v)-.4 E(ariable)-.25 E F4 -(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .611 -(The T)102 558 R(rouSerS)-.35 E F4(tcsd)3.111 E F0 .611 -(\(8\) daemon will try)B F4(/dev/tpm0)3.11 E F0 3.11(,t)C(hen)-3.11 E F4 -(/udev/tpm0)3.11 E F0 3.11(,t)C(hen)-3.11 E F4(/dev/tpm)3.11 E F0 3.11 -(;b)C 3.11(yo)-3.11 G(ccu-)-3.11 E -.1(py)102 570 S -(ing one of the earlier ones with, for e).1 E -(xample, shell redirection, a later one can be selected.)-.15 E F1 .625 -(See also)84 594 R F0(The T)102 606 Q(rouSerS project page at)-.35 E F1 -(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18 -E(ousers)-.18 E F0(.)A 2.719(The TPM 1.2 main speci\214cation inde)102 -624 R 5.22(xa)-.15 G(t)-5.22 E F1(https://trustedcomputinggr)5.22 E -(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E -(speci\214cation)102 636 Q F0(.)A F1 1.666(SPECIAL THANKS)72 660 R F0 -1.6 -.8(To a)102 672 T(ll who support further de).8 E -.15(ve)-.25 G -(lopment, in particular:).15 E F1<83>122 684 Q F0(ThePhD)2.5 E F1<83>122 -696 Q F0(Embark Studios)2.5 E F1<83>122 708 Q F0(Lars Strojn)2.5 E(y) --.15 E(tzpfms 0.3.1-9-gd2dcf95)72 799.889 Q(December 4, 2022)98.055 E(6) -192.205 E 0 Cg EP -%%Page: 7 7 -%%BeginPageSetup -BP -%%EndPageSetup -/F0 10/Times-Roman@0 SF(ZFS-TPM1X-LO)72 48 Q -.834(AD-KEY \(8\))-.35 F -(System Manager')60.349 E 2.5(sM)-.55 G 55.349(anual ZFS-TPM1X-LO)-2.5 F --.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF(REPOR)72 96 Q 1.666 -(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 108 Q -(.ht/\001nabijaczleweli/tzpfms)-1 E/F2 10/Courier@0 SF -(\001nabijaczleweli/tzpfms@lists.sr.ht)102 126 Q F0 86.763(,a)C(rchi) --86.763 E -.15(ve)-.25 G 86.762(da).15 G(t)-86.762 E F1 -(https://lists.sr)102 138 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A -(tzpfms 0.3.1-9-gd2dcf95)72 799.889 Q(December 4, 2022)98.055 E(7) -192.205 E 0 Cg EP -%%Page: 8 8 -%%BeginPageSetup -BP -%%EndPageSetup -/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R -(System Manager')53.329 E 2.5(sM)-.55 G 48.329 -(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF --.2(NA)72 96 S(ME).2 E/F2 10/Courier-Bold@0 SF(zfs-tpm2-change-key)102 -108 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)-2.5 E .3 -.15(ey t)-.1 H -2.5(oo).15 G(ne stored on the TPM)-2.5 E F1(SYNOPSIS)72 132 Q F2 -(zfs-tpm2-change-key)102 144 Q F0([)3.333 E F22.499 E/F3 10 -/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][).833 G F2-.834 E -F3(algorithm)222 156 Q F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666 -(]...)C([)-1.666 E F2(+)A F3(algorithm)A F2(:)A F3(PCR)A F0([)A F2(,)A -F3(PCR)A F0 1.666(]...)C -2.499 1.666(]... [)-1.666 H F2.833 E F0 -(]]).833 E F3(dataset)222 168 Q F1(DESCRIPTION)72 192 Q F0 5.41 -.8 -(To n)102 204 T(ormalise).8 E F3(dataset)6.31 E F0(,)A F2 -(zfs-tpm2-change-key)6.31 E F0 3.811 -(will open its encryption root in its stead.)6.31 F F2 -(zfs-tpm2-change-key)102 216 Q F0(will)3.731 E/F4 10/Times-Italic@0 SF -(ne)3.731 E(ver)-.15 E F0 1.231(create or destro)3.731 F 3.73(ye)-.1 G -1.23(ncryption roots; use)-3.73 F/F5 10/Courier@0 SF(zfs-change-key)3.73 -E F0(\(8\))A(for that.)102 228 Q -(First, a connection is made to the TPM, which)102 246 Q F4(must)2.5 E -F0(be TPM-2.0-compatible.)2.5 E(If)102 264 Q F3(dataset)3.483 E F0 -.1 -(wa)3.483 G 3.483(sp).1 G(re)-3.483 E .983(viously encrypted with)-.25 F -F2(tzpfms)3.483 E F0 .983(and the)3.483 F F1(TPM2)3.483 E F0 .983 -(back-end w)3.483 F .984(as used, the pre)-.1 F(vious)-.25 E -.1(ke)102 -276 S 2.714(yw)-.05 G .214(ill be freed from the TPM.)-2.714 F .214 -(Otherwise, or in case of an error)5.214 F 2.713(,d)-.4 G .213 -(ata required for manual interv)-2.713 F(ention)-.15 E -(will be printed to the standard error stream.)102 288 Q(Ne)102 306 Q -.252(xt, a ne)-.15 F 2.752(ww)-.25 G .252(rapping k)-2.752 F .552 -.15 -(ey i)-.1 H 2.752(sg).15 G .253(enerated on the TPM, optionally back) --2.752 F .253(ed up)-.1 F 1.666(\(s)4.419 G(ee)-1.666 E F1(OPTIONS)2.753 -E F0 -3.079 1.666(\), a)1.666 H .253(nd sealed)-1.666 F .179 -(to a persistent object on the TPM under the o)102 318 R .179 -(wner hierarch)-.25 F .179(y; if there is a passphrase set on the o)-.05 -F .178(wner hi-)-.25 F(erarch)102 330 Q 1.533 -.65(y, t)-.05 H .233 -(he user is prompted for it; the user is al).65 F -.1(wa)-.1 G .233 -(ys prompted for an optional passphrase to protect the).1 F -(sealed object with.)102 342 Q(The follo)102 360 Q -(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1<83>122 372 -Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(TPM2)A<83>122 384 -Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3(persistent-object-ID) -A F0([).833 E F2(;).833 E F3(algorithm)133 396 Q F2(:)A F3(PCR)A F0([)A -F2(,)A F3(PCR)A F0 1.666(]...)C([)-1.666 E F2(+)A F3(algorithm)A F2(:)A -F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C 1.666(]...)-1.666 G(]) --.833 E F5(tzpfms.backend)102 414 Q F0 1.53 -(identi\214es this dataset for w)4.03 F 1.53(ork with)-.1 F F1(TPM2)4.03 -E F0(-back-ended)A F2(tzpfms)4.031 E F0 3.197(tools \()4.031 F(namely) -1.666 E F5(zfs-tpm2-change-key)102 426 Q F0(\(8\),)A F5 -(zfs-tpm2-load-key)2.5 E F0(\(8\), and)A F5(zfs-tpm2-clear-key)2.5 E F0 --.834(\(8\) \) .)B F5(tzpfms.key)102 444 Q F0 .301(is an inte)2.802 F -.301(ger representing the sealed object, optionally follo)-.15 F .301 -(wed by a semicolon and PCR)-.25 F 2.011(list as speci\214ed with)102 -456 R F26.177 E F0 4.511(,n)C 2.011(ormalised to be)-4.511 F F2 -(tpm-tools)4.512 E F0 2.012(-toolchain-compatible; if needed, it can be) -B 1.063(passed to)102 468 R F2 2.729(tpm2_unseal \255c)3.563 F F5 -(${tzpfms.key)7.063 E F2(%%)A F5(;)A/F6 10/Symbol SF(*)A F5(})A F0(with) -3.563 E F25.229 E F0(")7.063 E F5(str:${passphrase})A F0 3.563("o) -C(r)-3.563 E F25.229 E F0(")102 480 Q F5(pcr:${tzpfms.key)A F2(#)A -F6(*)A F5(;})A F0 1.339(", as the case may be, or equi)B -.25(va)-.25 G -1.339(lent, for back-up).25 F 1.666(\(s)5.506 G(ee)-1.666 E F1(OPTIONS) -3.84 E F0 .508 1.666(\). I)1.666 H(f)-1.666 E .303(you ha)102 492 R .603 --.15(ve a s)-.2 H .303(ealed k).15 F .603 -.15(ey y)-.1 H .303 -(ou can access with that or equi).15 F -.25(va)-.25 G .302 -(lent tool and set both of these properties, it will).25 F -(funxion seamlessly)102 504 Q(.)-.65 E(Finally)102 522 Q 12.755(,t)-.65 -G 10.255(he equi)-12.755 F -.25(va)-.25 G 10.255(lent of).25 F F2 10.255 -(zfs change-key)12.755 F17.922 E F5(keylocation=prompt)16.256 E F2 -17.922 E F5(keyformat=raw)102 534 Q F3(dataset)6.507 E F0 .507 -(is performed with the ne)3.007 F 3.006(wk)-.25 G -.15(ey)-3.106 G 5.506 -(.I)-.5 G 3.006(fa)-5.506 G 3.006(ne)-3.006 G .506 -(rror occurred, best ef)-3.006 F .506(fort is made)-.25 F .622(to clean\ - up the persistent object and properties, or to issue a note for manual\ - interv)102 546 R .623(ention into the stan-)-.15 F(dard error stream.) -102 558 Q 3.087<418c>102 576 S .586(nal v)-3.087 F .586 -(eri\214cation should be made by running)-.15 F F2 2.252 -(zfs-tpm2-load-key \255n)3.086 F F3(dataset)6.586 E F0 5.586(.I)C 3.086 -(ft)-5.586 G .586(hat com-)-3.086 F .859(mand succeeds, all is well, b) -102 588 R .859(ut otherwise the dataset can be manually rolled back to \ -a passphrase with)-.2 F F2(zfs-tpm2-clear-key)102 600 Q F3(dataset) -11.806 E F0 1.666(\(o)9.972 G 6.606 -.4(r, i)-1.666 H 8.306(ft).4 G -5.806(hat f)-8.306 F 5.806(ails to w)-.1 F(ork,)-.1 E F2 5.805 -(zfs change-key)8.305 F13.471 E F5(keyformat=passphrase)102 612 Q -F3(dataset)6 E F0 -3.332 1.666(\), a)1.666 H(nd you are hereby ask) --1.666 E(ed to report a b)-.1 E(ug, please.)-.2 E F2(zfs-tpm2-clear-key) -102 630 Q F3(dataset)6.429 E F0 .429 -(can be used to free the TPM persistent object and go back to us-)2.929 -F(ing a passphrase.)102 642 Q F1(OPTIONS)72 666 Q F2103.666 678 Q -F3(backup-file)6 E F0(Sa)191 690 Q 1.353 -.15(ve a b)-.2 H 1.052 -(ack-up of the k).15 F 1.352 -.15(ey t)-.1 H(o).15 E F3(backup-file) -3.552 E F0 3.552(,w)C 1.052(hich must not e)-3.552 F 1.052 -(xist beforehand.)-.15 F .431(This back-up)191 702 R F4(must)2.931 E F0 -.431(be stored securely)2.931 F 2.931(,o)-.65 G -.25(ff)-2.931 G 2.931 -(-site. In).25 F .431(case of a catastrophic e)2.931 F -.15(ve)-.25 G -.432(nt, the).15 F -.1(ke)191 714 S 2.5(yc)-.05 G -(an be loaded by running)-2.5 E F2(zfs load-key)221 726 Q F3(dataset)6 E -F5(<)6 E F3(backup-file)6 E F0(tzpfms 0.3.1-9-gd2dcf95)72 799.889 Q -(December 4, 2022)98.055 E(8)192.205 E 0 Cg EP -%%Page: 9 9 -%%BeginPageSetup -BP -%%EndPageSetup -/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R -(System Manager')53.329 E 2.5(sM)-.55 G 48.329 -(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Courier-Bold@0 SF -103.666 96 Q/F2 10/Courier-Oblique@0 SF(algorithm)6 E F1(:)A F2 -(PCR)A F0([)A F1(,)A F2(PCR)A F0 1.666(]...)C([)-1.666 E F1(+)A F2 -(algorithm)A F1(:)A F2(PCR)A F0([)A F1(,)A F2(PCR)A F0 1.666(]...)C -1.666(]...)-1.666 G .19(Bind the k)191 108 R .49 -.15(ey t)-.1 H 2.69 -(os).15 G .19(pace- or comma-separated)-2.69 F F2(PCR)2.689 E F0 2.689 -(sw)C .189(ithin their corresponding hash-)-2.689 F(ing)191 120 Q F2 -(algorithm)3.488 E F0 3.488<8a69>3.488 G 3.488(ft)-3.488 G(he)-3.488 E -3.488(yc)-.15 G .988(hange, the wrapping k)-3.488 F 1.288 -.15(ey w)-.1 -H .989(ill not be able to be un-).15 F 2.5(sealed. There)191 132 R(are) -2.5 E/F3 10/Times-Bold@0 SF(24)2.5 E F0(PCRs, numbered)2.5 E([)3.333 E -F3(0).833 E F0(,)A F3(23)2.5 E F0(].).833 E F2(algorithm)191 150 Q F0 -4.468(may be an)6.969 F 6.968(yo)-.15 G 6.968(fc)-6.968 G(ase-insensiti) --6.968 E 4.768 -.15(ve ")-.25 H F3(sha1).15 E F0 4.468(", ")B F3(sha256) -A F0 4.468(", ")B F3(sha384)A F0(",)A(")191 162 Q F3(sha512)A F0 7.383 -(", ")B F3(sm3_256)A F0 7.383(", ")B F3(sm3-256)A F0 7.383(", ")B F3 -(sha3_256)A F0 7.383(", ")B F3(sha3-256)A F0 7.383(", ")B F3(sha3_384)A -F0(",)A(")191 174 Q F3(sha3-384)A F0(", ")A F3(sha3_512)A F0(", or ")A -F3(sha3-512)A F0(", and must be supported by the TPM.)A F1103.666 -192 Q F0 -.4(Wi)191 192 S(th).4 E F15.512 E F0 3.846(,a)C 1.346 -(lso prompt for a passphrase.)-3.846 F 1.345(This is skipped by def) -6.345 F 1.345(ault because the)-.1 F 1.598(passphrase is)191 204 R/F4 10 -/Times-Italic@0 SF(OR)4.098 E F0 1.598(ed with the PCR polic)B 4.098 -(y\212t)-.15 G 1.598(he wrapping k)-4.098 F 1.898 -.15(ey c)-.1 H 1.598 -(an be unsealed).15 F F4(either)191 216 Q F0 .689 -(passphraseless with the right PCRs)3.189 F F4(or)3.189 E F0 .689 -(with the passphrase, and this is usu-)3.189 F(ally not the intent.)191 -228 Q F3(ENVIR)72 252 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E/F5 10 -/Courier@0 SF(TZPFMS_PASSPHRASE_HELPER)102 264 Q F0 .159(By def)143 276 -R .159(ault, passphrases are prompted for and read in on the standard o\ -utput and input streams.)-.1 F(If)143 288 Q F5(TZPFMS_PASSPHRASE_HELPER) -3.356 E F0 .856(is set and nonempty)3.356 F 3.356(,i)-.65 G 3.356(tw) --3.356 G .856(ill be run via)-3.356 F F5(/bin/)3.355 E F1 2.521 -(sh \255c)B F0(to pro)143 300 Q(vide each passphrase, instead.)-.15 E -.087(The standard output stream of the helper is tied to an anon)143 318 -R .088(ymous \214le and used in its entirety as)-.15 F -(the passphrase, e)143 330 Q(xcept for a trailing ne)-.15 E -(w-line, if an)-.25 E 3.8 -.65(y. T)-.15 H(he ar).65 E(guments are:)-.18 -E F5($1)155 342 Q F0 -(Pre-formatted noun phrase with all the information belo)172 342 Q 1.3 --.65(w, f)-.25 H(or use as a prompt).65 E F5($2)155 354 Q F0 -(Either the dataset name or the element of the TPM hierarch)172 354 Q -2.5(yb)-.05 G(eing prompted for)-2.5 E F5($3)155 366 Q F0("ne)172 366 Q -(w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank) --2.5 E F5($4)155 378 Q F0("ag)172 378 Q(ain" if it')-.05 E 2.5(st)-.55 G -(he second prompt for that passphrase, otherwise blank)-2.5 E 1.109 -(If the helper doesn')143 396 R 3.609(te)-.18 G 2.775(xist \()-3.759 F -1.109(the shell e)1.666 F 1.109(xits with)-.15 F F3(127)3.609 E F0 --2.223 1.666(\), a d)1.666 H 1.108(iagnostic is issued and the normal) --1.666 F(prompt is used as f)143 408 Q 2.5(all-back. If)-.1 F(it f)2.5 E -(ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.) --2.5 E F3 1.666(TPM2 back-end con\214guration)72 432 R(En)84 444 Q(vir) --.4 E .625(onment v)-.18 F(ariables)-.1 E F5(TSS2_LOG)102 456 Q F0(An) -155 456 Q 2.5(yo)-.15 G(f:)-2.5 E F3(NONE)2.5 E F0(,)A F3(ERR)2.5 E(OR) --.3 E F0(,)A F3 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F3(INFO)2.5 E F0(,)A F3 -(DEB)2.5 E(UG)-.1 E F0(,)A F3(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E -(ault:)-.1 E F3 -1.2(WA)2.5 G(RNING)1.2 E F0(.)A F3 .625(TPM selection) -84 480 R F0 1.166(The library)102 492 R F1(libtss2-tcti-default.so)3.666 -E F0 1.167(can be link)3.667 F 1.167(ed to an)-.1 F 3.667(yo)-.15 G -3.667(ft)-3.667 G(he)-3.667 E F5(libtss2-tcti-)3.667 E/F6 10/Symbol SF -(*)A F5(.so)A F0(li-)3.667 E 1.381(braries to select the def)102 504 R -1.381(ault, otherwise)-.1 F F5(/dev/tpmrm0)3.88 E F0 3.88(,t)C(hen)-3.88 -E F5(/dev/tpm0)3.88 E F0 3.88(,t)C(hen)-3.88 E F5(localhost:2321)3.88 E -F0(will be tried, in order)102 516 Q 1.666(\(s)4.166 G(ee)-1.666 E F5 -(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F3 .625(See also)84 540 R F0 -1.629(The tpm2-tss git repository at)102 552 R F3(https://github)4.129 E -(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0 1.63 -(and the documentation at)4.13 F F3(https://tpm2-tss.r)102 564 Q -(eadthedocs.io)-.18 E F0(.)A 3.518 -(The TPM 2.0 speci\214cations, mainly at)102 582 R F3 -(https://trustedcomputinggr)6.017 E(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E -(ce/tpm-library-)-.18 E(speci\214cation/)102 594 Q F0(,)A F3 -(https://trustedcomputinggr)99.315 E(oup.or)-.18 E -(g/wp-content/uploads/TPM-)-.1 E(Re)102 606 Q(v-2.0-P)-.15 E(art-1-Ar) --.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0 2.5(,a)C(nd related pages.) --2.5 E F3 1.666(SPECIAL THANKS)72 630 R F0 1.6 -.8(To a)102 642 T -(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:) -.15 E F3<83>122 654 Q F0(ThePhD)2.5 E F3<83>122 666 Q F0(Embark Studios) -2.5 E F3<83>122 678 Q F0(Lars Strojn)2.5 E(y)-.15 E F3(REPOR)72 702 Q -1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 714 Q -(.ht/\001nabijaczleweli/tzpfms)-1 E F5 -(\001nabijaczleweli/tzpfms@lists.sr.ht)102 732 Q F0 86.763(,a)C(rchi) --86.763 E -.15(ve)-.25 G 86.762(da).15 G(t)-86.762 E F3 -(https://lists.sr)102 744 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A -(tzpfms 0.3.1-9-gd2dcf95)72 799.889 Q(December 4, 2022)98.055 E(9) -192.205 E 0 Cg EP -%%Page: 10 10 -%%BeginPageSetup -BP -%%EndPageSetup -/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R -(System Manager')53.329 E 2.5(sM)-.55 G 48.329 -(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF -1.666(SEE ALSO)72 96 R/F2 10/Courier@0 SF(tpm2_unseal)102 108 Q F0 -(\(1\))A(PCR allocations:)102 126 Q F1(https://wiki.ar)102 138 Q -(chlinux.or)-.18 E(g/title/T)-.1 E(rusted_Platf)-.74 E -(orm_Module#Accessing_PCR_r)-.25 E(egisters)-.18 E F0(and)2.5 E F1 -(https://trustedcomputinggr)102 150 Q(oup.or)-.18 E -(g/wp-content/uploads/PC-)-.1 E(ClientSpeci\214c_Platf)102 162 Q(orm_Pr) --.25 E(o\214le_f)-.18 E(or_TPM_2p0_Systems_v51.pdf)-.25 E F0 2.5(,S)C -(ection 2.3.4 "PCR Usage", T)-2.5 E(able)-.8 E(1.)102 174 Q -(tzpfms 0.3.1-9-gd2dcf95)72 799.889 Q(December 4, 2022)98.055 E(10) -187.205 E 0 Cg EP -%%Page: 11 11 -%%BeginPageSetup -BP -%%EndPageSetup -/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CLEAR-KEY \(8\))72 48 R -(System Manager')62.209 E 2.5(sM)-.55 G 57.209(anual ZFS-TPM2-CLEAR-KEY) --2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E/F2 10 -/Courier-Bold@0 SF(zfs-tpm2-clear-key)102 108 Q F0 2.5<8a72>2.5 G -.25 -(ew)-2.5 G(rap ZFS dataset k).25 E .3 -.15(ey i)-.1 H 2.5(np).15 G -(asssw)-2.5 E(ord and clear tzpfms TPM2 metadata)-.1 E F1(SYNOPSIS)72 -132 Q F2(zfs-tpm2-clear-key)102 144 Q/F3 10/Courier-Oblique@0 SF -(dataset)2.5 E F1(DESCRIPTION)72 168 Q F0(After v)102 180 Q(erifying) --.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E -F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM2)2.5 E F0(:)A 5.126 -(1. performs the equi)122 192 R -.25(va)-.25 G 5.126(lent of).25 F F2 -5.126(zfs change-key)7.626 F12.792 E/F4 10/Courier@0 SF -(keylocation=prompt)11.126 E F212.792 E F4(keyformat=passphrase) -127 204 Q F3(dataset)6 E F0(,)A(2. frees the sealed k)122 216 Q .3 -.15 -(ey p)-.1 H(re).15 E(viously used to encrypt)-.25 E F3(dataset)2.5 E F0 -(,)A 6.991(3. remo)122 228 R -.15(ve)-.15 G 9.491(st).15 G(he)-9.491 E -F4(xyz.nabijaczleweli:tzpfms.)9.491 E F0({)A F4(backend)A F0(,)A F4(key) -12.991 E F0 9.491(}p)C 6.99(roperties from)-9.491 F F3(dataset)127 240 Q -F0(.)A(See)102 258 Q F4(zfs-tpm2-change-key)2.5 E F0 -(\(8\) for a detailed description.)A F1(ENVIR)72 282 Q 1.666(ONMENT V) --.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)102 294 Q F0 .159 -(By def)143 306 R .159(ault, passphrases are prompted for and read in o\ -n the standard output and input streams.)-.1 F(If)143 318 Q F4 -(TZPFMS_PASSPHRASE_HELPER)3.356 E F0 .856(is set and nonempty)3.356 F -3.356(,i)-.65 G 3.356(tw)-3.356 G .856(ill be run via)-3.356 F F4(/bin/) -3.355 E F2 2.521(sh \255c)B F0(to pro)143 330 Q -(vide each passphrase, instead.)-.15 E .087 -(The standard output stream of the helper is tied to an anon)143 348 R -.088(ymous \214le and used in its entirety as)-.15 F(the passphrase, e) -143 360 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65 -(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)155 372 Q F0 -(Pre-formatted noun phrase with all the information belo)172 372 Q 1.3 --.65(w, f)-.25 H(or use as a prompt).65 E F4($2)155 384 Q F0 -(Either the dataset name or the element of the TPM hierarch)172 384 Q -2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)155 396 Q F0("ne)172 396 Q -(w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank) --2.5 E F4($4)155 408 Q F0("ag)172 408 Q(ain" if it')-.05 E 2.5(st)-.55 G -(he second prompt for that passphrase, otherwise blank)-2.5 E 1.109 -(If the helper doesn')143 426 R 3.609(te)-.18 G 2.775(xist \()-3.759 F -1.109(the shell e)1.666 F 1.109(xits with)-.15 F F1(127)3.609 E F0 --2.223 1.666(\), a d)1.666 H 1.108(iagnostic is issued and the normal) --1.666 F(prompt is used as f)143 438 Q 2.5(all-back. If)-.1 F(it f)2.5 E -(ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.) --2.5 E F1 1.666(TPM2 back-end con\214guration)72 462 R(En)84 474 Q(vir) --.4 E .625(onment v)-.18 F(ariables)-.1 E F4(TSS2_LOG)102 486 Q F0(An) -155 486 Q 2.5(yo)-.15 G(f:)-2.5 E F1(NONE)2.5 E F0(,)A F1(ERR)2.5 E(OR) --.3 E F0(,)A F1 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F1(INFO)2.5 E F0(,)A F1 -(DEB)2.5 E(UG)-.1 E F0(,)A F1(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E -(ault:)-.1 E F1 -1.2(WA)2.5 G(RNING)1.2 E F0(.)A F1 .625(TPM selection) -84 510 R F0 1.166(The library)102 522 R F2(libtss2-tcti-default.so)3.666 -E F0 1.167(can be link)3.667 F 1.167(ed to an)-.1 F 3.667(yo)-.15 G -3.667(ft)-3.667 G(he)-3.667 E F4(libtss2-tcti-)3.667 E/F5 10/Symbol SF -(*)A F4(.so)A F0(li-)3.667 E 1.381(braries to select the def)102 534 R -1.381(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.88 E F0 3.88(,t)C(hen)-3.88 -E F4(/dev/tpm0)3.88 E F0 3.88(,t)C(hen)-3.88 E F4(localhost:2321)3.88 E -F0(will be tried, in order)102 546 Q 1.666(\(s)4.166 G(ee)-1.666 E F4 -(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F1 .625(See also)84 570 R F0 -1.629(The tpm2-tss git repository at)102 582 R F1(https://github)4.129 E -(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0 1.63 -(and the documentation at)4.13 F F1(https://tpm2-tss.r)102 594 Q -(eadthedocs.io)-.18 E F0(.)A 3.518 -(The TPM 2.0 speci\214cations, mainly at)102 612 R F1 -(https://trustedcomputinggr)6.017 E(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E -(ce/tpm-library-)-.18 E(speci\214cation/)102 624 Q F0(,)A F1 -(https://trustedcomputinggr)99.315 E(oup.or)-.18 E -(g/wp-content/uploads/TPM-)-.1 E(Re)102 636 Q(v-2.0-P)-.15 E(art-1-Ar) --.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0 2.5(,a)C(nd related pages.) --2.5 E F1 1.666(SPECIAL THANKS)72 660 R F0 1.6 -.8(To a)102 672 T -(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:) -.15 E F1<83>122 684 Q F0(ThePhD)2.5 E F1<83>122 696 Q F0(Embark Studios) -2.5 E F1<83>122 708 Q F0(Lars Strojn)2.5 E(y)-.15 E -(tzpfms 0.3.1-9-gd2dcf95)72 799.889 Q(December 4, 2022)98.055 E(11) -187.205 E 0 Cg EP -%%Page: 12 12 -%%BeginPageSetup -BP -%%EndPageSetup -/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CLEAR-KEY \(8\))72 48 R -(System Manager')62.209 E 2.5(sM)-.55 G 57.209(anual ZFS-TPM2-CLEAR-KEY) --2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF(REPOR)72 96 Q 1.666(TING B) --.4 F(UGS)-.1 E(https://todo.sr)102 108 Q(.ht/\001nabijaczleweli/tzpfms) --1 E/F2 10/Courier@0 SF(\001nabijaczleweli/tzpfms@lists.sr.ht)102 126 Q -F0 86.763(,a)C(rchi)-86.763 E -.15(ve)-.25 G 86.762(da).15 G(t)-86.762 E -F1(https://lists.sr)102 138 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A -(tzpfms 0.3.1-9-gd2dcf95)72 799.889 Q(December 4, 2022)98.055 E(12) -187.205 E 0 Cg EP -%%Page: 13 13 -%%BeginPageSetup -BP -%%EndPageSetup -/F0 10/Times-Roman@0 SF(ZFS-TPM2-LO)72 48 Q -.834(AD-KEY \(8\))-.35 F -(System Manager')67.569 E 2.5(sM)-.55 G 62.569(anual ZFS-TPM2-LO)-2.5 F --.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E -/F2 10/Courier-Bold@0 SF(zfs-tpm2-load-key)102 108 Q F0 2.5<8a6c>2.5 G -(oad TPM2-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72 -132 Q F2(zfs-tpm2-load-key)102 144 Q F0([)3.333 E F22.499 E F0(]) -.833 E/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 168 Q -F0 .003(After v)102 180 R(erifying)-.15 E F3(dataset)2.503 E F0 -.1(wa) -2.503 G 2.503(se).1 G .003(ncrypted with)-2.503 F F2(tzpfms)2.503 E F0 -(back)2.503 E(end)-.1 E F1(TPM2)2.503 E F0 2.503(,u)C .003(nseals the k) --2.503 F .303 -.15(ey a)-.1 H .003(nd loads it into).15 F F3(dataset)102 -192 Q F0(.)A(The user is prompted for the additional passphrase, set wh\ -en creating the k)102 210 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5(fo)-2.5 G -(ne w)-2.5 E(as set.)-.1 E(See)102 228 Q/F4 10/Courier@0 SF -(zfs-tpm2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1 -(OPTIONS)72 252 Q F2103.666 264 Q F0 .156 -(Do a no-op/dry run, can be used e)119 276 R -.15(ve)-.25 G 2.656(ni).15 -G 2.656(ft)-2.656 G .156(he k)-2.656 F .456 -.15(ey i)-.1 H 2.656(sa).15 -G .156(lready loaded.)-2.656 F(Equi)5.156 E -.25(va)-.25 G .156(lent to) -.25 F F2 .156(zfs load-key)2.656 F F0 -.55('s)C F2120.666 288 Q F0 -(option.)2.5 E F1(ENVIR)72 312 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E -F4(TZPFMS_PASSPHRASE_HELPER)102 324 Q F0 .159(By def)143 336 R .159(aul\ -t, passphrases are prompted for and read in on the standard output and \ -input streams.)-.1 F(If)143 348 Q F4(TZPFMS_PASSPHRASE_HELPER)3.356 E F0 -.856(is set and nonempty)3.356 F 3.356(,i)-.65 G 3.356(tw)-3.356 G .856 -(ill be run via)-3.356 F F4(/bin/)3.355 E F2 2.521(sh \255c)B F0(to pro) -143 360 Q(vide each passphrase, instead.)-.15 E .087 -(The standard output stream of the helper is tied to an anon)143 378 R -.088(ymous \214le and used in its entirety as)-.15 F(the passphrase, e) -143 390 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65 -(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)155 402 Q F0 -(Pre-formatted noun phrase with all the information belo)172 402 Q 1.3 --.65(w, f)-.25 H(or use as a prompt).65 E F4($2)155 414 Q F0 -(Either the dataset name or the element of the TPM hierarch)172 414 Q -2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)155 426 Q F0("ne)172 426 Q -(w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank) --2.5 E F4($4)155 438 Q F0("ag)172 438 Q(ain" if it')-.05 E 2.5(st)-.55 G -(he second prompt for that passphrase, otherwise blank)-2.5 E 1.109 -(If the helper doesn')143 456 R 3.609(te)-.18 G 2.775(xist \()-3.759 F -1.109(the shell e)1.666 F 1.109(xits with)-.15 F F1(127)3.609 E F0 --2.223 1.666(\), a d)1.666 H 1.108(iagnostic is issued and the normal) --1.666 F(prompt is used as f)143 468 Q 2.5(all-back. If)-.1 F(it f)2.5 E +-2.5 E F4($4)137 438 Q F0("ag)154 438 Q(ain" if it')-.05 E 2.5(st)-.55 G +(he second prompt for that passphrase, otherwise blank)-2.5 E .139 +(If the helper doesn')127 456 R 2.639(te)-.18 G 1.805(xist \()-2.789 F +.138(the shell e)1.666 F .138(xits with)-.15 F F1(127)2.638 E F0 -3.194 +1.666(\), a d)1.666 H .138(iagnostic is issued and the normal prompt) +-1.666 F(is used as f)127 468 Q 2.5(all-back. If)-.1 F(it f)2.5 E (ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.) -2.5 E F1 1.666(TPM1.X back-end con\214guration)72 492 R .625 (TPM selection)84 504 R F0(The)102 516 Q F2(tzpfms)2.682 E F0 .182 @@ -1005,23 +619,398 @@ E(ousers)-.18 E F0(.)A 2.719(The TPM 1.2 main speci\214cation inde)102 (oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E (speci\214cation)102 624 Q F0(.)A F1 1.666(SPECIAL THANKS)72 648 R F0 1.6 -.8(To a)102 660 T(ll who support further de).8 E -.15(ve)-.25 G -(lopment, in particular:).15 E F1<83>122 672 Q F0(ThePhD)2.5 E F1<83>122 -684 Q F0(Embark Studios)2.5 E F1<83>122 696 Q F0(Lars Strojn)2.5 E(y) +(lopment, in particular:).15 E F1<83>122 672 Q F0(ThePhD)7.5 E F1<83>122 +684 Q F0(Embark Studios)7.5 E F1<83>122 696 Q F0(Lars Strojn)7.5 E(y) -.15 E F1(REPOR)72 720 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr) -102 732 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(tzpfms 0.3.1-9-gd2dcf95) -72 799.889 Q(December 4, 2022)98.055 E(13)187.205 E 0 Cg EP -%%Page: 14 14 +102 732 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(tzpfms 0.3.1-10-gf403f) +72 799.889 Q 94.145(fe December)-.25 F(4, 2022)2.5 E(6)192.205 E 0 Cg EP +%%Page: 7 7 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF(ZFS-TPM1X-LO)72 48 Q -.834(AD-KEY \(8\))-.35 F +(System Manager')60.349 E 2.5(sM)-.55 G 55.349(anual ZFS-TPM1X-LO)-2.5 F +-.834(AD-KEY \(8\))-.35 F/F1 10/Courier@0 SF +(\001nabijaczleweli/tzpfms@lists.sr.ht)102 96 Q F0 86.763(,a)C(rchi) +-86.763 E -.15(ve)-.25 G 86.762(da).15 G(t)-86.762 E/F2 10/Times-Bold@0 +SF(https://lists.sr)102 108 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A +(tzpfms 0.3.1-10-gf403f)72 799.889 Q 94.145(fe December)-.25 F(4, 2022) +2.5 E(7)192.205 E 0 Cg EP +%%Page: 8 8 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R +(System Manager')53.329 E 2.5(sM)-.55 G 48.329 +(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF +-.2(NA)72 96 S(ME).2 E/F2 10/Courier-Bold@0 SF(zfs-tpm2-change-key)102 +108 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)-2.5 E .3 -.15(ey t)-.1 H +2.5(oo).15 G(ne stored on the TPM)-2.5 E F1(SYNOPSIS)72 132 Q F2 +(zfs-tpm2-change-key)102 144 Q F0([)3.333 E F22.499 E/F3 10 +/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][).833 G F2-.834 E +F3(algorithm)6 E F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C +([)222 156 Q F2(+)A F3(algorithm)A F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR) +A F0 1.666(]...)C -2.499 1.666(]... [)-1.666 H F2.833 E F0(]]).833 +E F3(dataset)2.5 E F1(DESCRIPTION)72 180 Q F0 5.411 -.8(To n)102 192 T +(ormalise).8 E F3(dataset)6.311 E F0(,)A F2(zfs-tpm2-change-key)6.311 E +F0 3.81(will open its encryption root in its stead.)6.311 F F2 +(zfs-tpm2-change-key)102 204 Q F0(will)3.73 E/F4 10/Times-Italic@0 SF +(ne)3.73 E(ver)-.15 E F0 1.23(create or destro)3.73 F 3.731(ye)-.1 G +1.231(ncryption roots; use)-3.731 F/F5 10/Courier@0 SF(zfs-change-key) +3.731 E F0(\(8\))A(for that.)102 216 Q +(First, a connection is made to the TPM, which)102 234 Q F4(must)2.5 E +F0(be TPM-2.0-compatible.)2.5 E(If)102 252 Q F3(dataset)3.484 E F0 -.1 +(wa)3.484 G 3.484(sp).1 G(re)-3.484 E .983(viously encrypted with)-.25 F +F2(tzpfms)3.483 E F0 .983(and the)3.483 F F1(TPM2)3.483 E F0 .983 +(back-end w)3.483 F .983(as used, the pre)-.1 F(vious)-.25 E -.1(ke)102 +264 S 2.713(yw)-.05 G .213(ill be freed from the TPM.)-2.713 F .214 +(Otherwise, or in case of an error)5.213 F 2.714(,d)-.4 G .214 +(ata required for manual interv)-2.714 F(ention)-.15 E +(will be printed to the standard error stream.)102 276 Q(Ne)102 294 Q +.253(xt, a ne)-.15 F 2.753(ww)-.25 G .253(rapping k)-2.753 F .553 -.15 +(ey i)-.1 H 2.753(sg).15 G .253(enerated on the TPM, optionally back) +-2.753 F .252(ed up)-.1 F 1.666(\(s)4.418 G(ee)-1.666 E F1(OPTIONS)2.752 +E F0 -3.08 1.666(\), a)1.666 H .252(nd sealed)-1.666 F .178 +(to a persistent object on the TPM under the o)102 306 R .179 +(wner hierarch)-.25 F .179(y; if there is a passphrase set on the o)-.05 +F .179(wner hi-)-.25 F(erarch)102 318 Q 1.534 -.65(y, t)-.05 H .233 +(he user is prompted for it; the user is al).65 F -.1(wa)-.1 G .233 +(ys prompted for an optional passphrase to protect the).1 F +(sealed object with.)102 330 Q(The follo)102 348 Q +(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1<83>122 360 +Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(TPM2)A<83>122 372 +Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3(persistent-object-ID) +A F0([)133.833 384 Q F2(;).833 E F3(algorithm)A F2(:)A F3(PCR)A F0([)A +F2(,)A F3(PCR)A F0 1.666(]...)C([)-1.666 E F2(+)A F3(algorithm)A F2(:)A +F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C 1.666(]...)-1.666 G(]) +-.833 E F5(tzpfms.backend)102 402 Q F0 1.531 +(identi\214es this dataset for w)4.031 F 1.53(ork with)-.1 F F1(TPM2) +4.03 E F0(-back-ended)A F2(tzpfms)4.03 E F0 3.196(tools \()4.03 F +(namely)1.666 E F5(zfs-tpm2-change-key)102 414 Q F0(\(8\),)A F5 +(zfs-tpm2-load-key)2.5 E F0(\(8\), and)A F5(zfs-tpm2-clear-key)2.5 E F0 +-.834(\(8\) \) .)B F5(tzpfms.key)102 432 Q F0 .301(is an inte)2.801 F +.301(ger representing the sealed object, optionally follo)-.15 F .301 +(wed by a semicolon and PCR)-.25 F 2.012(list as speci\214ed with)102 +444 R F26.178 E F0 4.512(,n)C 2.012(ormalised to be)-4.512 F F2 +(tpm-tools)4.511 E F0 2.011(-toolchain-compatible; if needed, it can be) +B 1.063(passed to)102 456 R F2 2.729(tpm2_unseal \255c)3.563 F F5 +(${tzpfms.key)7.063 E F2(%%)A F5(;)A/F6 10/Symbol SF(*)A F5(})A F0(with) +3.563 E F25.229 E F0(")7.063 E F5(str:${passphrase})A F0 3.563("o) +C(r)-3.563 E F25.229 E F0(")102 468 Q F5(pcr:${tzpfms.key)A F2(#)A +F6(*)A F5(;})A F0 1.339(", as the case may be, or equi)B -.25(va)-.25 G +1.339(lent, for back-up).25 F 1.666(\(s)5.505 G(ee)-1.666 E F1(OPTIONS) +3.839 E F0 .507 1.666(\). I)1.666 H(f)-1.666 E .302(you ha)102 480 R +.602 -.15(ve a s)-.2 H .302(ealed k).15 F .602 -.15(ey y)-.1 H .303 +(ou can access with that or equi).15 F -.25(va)-.25 G .303 +(lent tool and set both of these properties, it will).25 F +(funxion seamlessly)102 492 Q(.)-.65 E(Finally)102 510 Q 12.756(,t)-.65 +G 10.256(he equi)-12.756 F -.25(va)-.25 G 10.256(lent of).25 F F2 10.255 +(zfs change-key)12.755 F17.921 E F5(keylocation=prompt)16.255 E F2 +17.921 E F5(keyformat=raw)102 522 Q F3(dataset)6.506 E F0 .506 +(is performed with the ne)3.006 F 3.006(wk)-.25 G -.15(ey)-3.106 G 5.506 +(.I)-.5 G 3.006(fa)-5.506 G 3.006(ne)-3.006 G .507 +(rror occurred, best ef)-3.006 F .507(fort is made)-.25 F .623(to clean\ + up the persistent object and properties, or to issue a note for manual\ + interv)102 534 R .622(ention into the stan-)-.15 F(dard error stream.) +102 546 Q 3.086<418c>102 564 S .586(nal v)-3.086 F .586 +(eri\214cation should be made by running)-.15 F F2 2.252 +(zfs-tpm2-load-key \255n)3.086 F F3(dataset)6.586 E F0 5.586(.I)C 3.086 +(ft)-5.586 G .587(hat com-)-3.086 F .859(mand succeeds, all is well, b) +102 576 R .859(ut otherwise the dataset can be manually rolled back to \ +a passphrase with)-.2 F F2(zfs-tpm2-clear-key)102 588 Q F3(dataset) +11.805 E F0 1.666(\(o)9.971 G 6.605 -.4(r, i)-1.666 H 8.306(ft).4 G +5.806(hat f)-8.306 F 5.806(ails to w)-.1 F(ork,)-.1 E F2 5.806 +(zfs change-key)8.306 F13.472 E F5(keyformat=passphrase)102 600 Q +F3(dataset)6 E F0 -3.332 1.666(\), a)1.666 H(nd you are hereby ask) +-1.666 E(ed to report a b)-.1 E(ug, please.)-.2 E F2(zfs-tpm2-clear-key) +102 618 Q F3(dataset)6.429 E F0 .429 +(can be used to free the TPM persistent object and go back to us-)2.929 +F(ing a passphrase.)102 630 Q F1(OPTIONS)72 654 Q F2103.666 666 Q +F3(backup-file)6 E F0(Sa)197 666 Q .852 -.15(ve a b)-.2 H .552 +(ack-up of the k).15 F .852 -.15(ey t)-.1 H(o).15 E F3(backup-file)3.052 +E F0 3.052(,w)C .552(hich must not e)-3.052 F .553(xist beforehand.)-.15 +F 1.194(This back-up)197 678 R F4(must)3.694 E F0 1.194 +(be stored securely)3.694 F 3.694(,o)-.65 G -.25(ff)-3.694 G 3.694 +(-site. In).25 F 1.193(case of a catastrophic e)3.694 F -.15(ve)-.25 G +(nt,).15 E(the k)197 690 Q .3 -.15(ey c)-.1 H(an be loaded by running) +.15 E F2(zfs load-key)227 702 Q F3(dataset)6 E F5(<)6 E F3(backup-file)6 +E F2103.666 720 Q F3(algorithm)6 E F2(:)A F3(PCR)A F0([)A F2(,)A +F3(PCR)A F0 1.666(]...)C([)-1.666 E F2(+)A F3(algorithm)A F2(:)A F3(PCR) +A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C 1.666(]...)-1.666 G 2.024 +(Bind the k)197 732 R 2.324 -.15(ey t)-.1 H 4.524(os).15 G 2.024 +(pace- or comma-separated)-4.524 F F3(PCR)4.525 E F0 4.525(sw)C 2.025 +(ithin their corresponding)-4.525 F(hashing)197 744 Q F3(algorithm)2.952 +E F0 2.952<8a69>2.952 G 2.952(ft)-2.952 G(he)-2.952 E 2.952(yc)-.15 G +.452(hange, the wrapping k)-2.952 F .752 -.15(ey w)-.1 H .451 +(ill not be able to be).15 F 2.5(unsealed. There)197 756 R(are)2.5 E F1 +(24)2.5 E F0(PCRs, numbered)2.5 E([)3.333 E F1(0).833 E F0(,)A F1(23)2.5 +E F0(].).833 E(tzpfms 0.3.1-10-gf403f)72 804 Q 94.145(fe December)-.25 F +(4, 2022)2.5 E(8)192.205 E 0 Cg EP +%%Page: 9 9 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R +(System Manager')53.329 E 2.5(sM)-.55 G 48.329 +(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Courier-Oblique@0 +SF(algorithm)197 96 Q F0 3.718(may be an)6.218 F 6.218(yo)-.15 G 6.218 +(fc)-6.218 G(ase-insensiti)-6.218 E 4.018 -.15(ve ")-.25 H/F2 10 +/Times-Bold@0 SF(sha1).15 E F0 3.718(", ")B F2(sha256)A F0 3.719(", ")B +F2(sha384)A F0(",)A(")197 108 Q F2(sha512)A F0 6.183(", ")B F2(sm3_256)A +F0 6.183(", ")B F2(sm3-256)A F0 6.183(", ")B F2(sha3_256)A F0 6.183 +(", ")B F2(sha3-256)A F0 6.183(", ")B F2(sha3_384)A F0(",)A(")197 120 Q +F2(sha3-384)A F0(", ")A F2(sha3_512)A F0(", or ")A F2(sha3-512)A F0 +(", and must be supported by the TPM.)A/F3 10/Courier-Bold@0 SF +103.666 138 Q F0 -.4(Wi)197 138 S(th).4 E F35.049 E F0 3.383(,a)C +.884(lso prompt for a passphrase.)-3.383 F .884(This is skipped by def) +5.884 F .884(ault because the)-.1 F 1.137(passphrase is)197 150 R/F4 10 +/Times-Italic@0 SF(OR)3.637 E F0 1.137(ed with the PCR polic)B 3.637 +<798a>-.15 G 1.136(the wrapping k)-.001 F 1.436 -.15(ey c)-.1 H 1.136 +(an be unsealed).15 F F4(either)197 162 Q F0 .227 +(passphraseless with the right PCRs)2.727 F F4(or)2.727 E F0 .228 +(with the passphrase, and this is usu-)2.727 F(ally not the intent.)197 +174 Q F2(ENVIR)72 198 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E/F5 10 +/Courier@0 SF(TZPFMS_PASSPHRASE_HELPER)102 210 Q F0 .421(By def)127 222 +R .42(ault, passphrases are prompted for and read in on the standard ou\ +tput and input streams.)-.1 F(If)5.42 E F5(TZPFMS_PASSPHRASE_HELPER)127 +234 Q F0 .46(is set and nonempty)2.96 F 2.961(,i)-.65 G 2.961(tw)-2.961 +G .461(ill be run via)-2.961 F F5(/bin/)2.961 E F3 2.127(sh \255c)B F0 +.461(to pro-)2.961 F(vide each passphrase, instead.)127 246 Q .15 +(The standard output stream of the helper is tied to an anon)127 264 R +.15(ymous \214le and used in its entirety as the)-.15 F(passphrase, e) +127 276 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65 +(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F5($1)137 288 Q F0 +(Pre-formatted noun phrase with all the information belo)154 288 Q 1.3 +-.65(w, f)-.25 H(or use as a prompt).65 E F5($2)137 300 Q F0 +(Either the dataset name or the element of the TPM hierarch)154 300 Q +2.5(yb)-.05 G(eing prompted for)-2.5 E F5($3)137 312 Q F0("ne)154 312 Q +(w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank) +-2.5 E F5($4)137 324 Q F0("ag)154 324 Q(ain" if it')-.05 E 2.5(st)-.55 G +(he second prompt for that passphrase, otherwise blank)-2.5 E .138 +(If the helper doesn')127 342 R 2.638(te)-.18 G 1.804(xist \()-2.788 F +.138(the shell e)1.666 F .138(xits with)-.15 F F2(127)2.638 E F0 -3.194 +1.666(\), a d)1.666 H .139(iagnostic is issued and the normal prompt) +-1.666 F(is used as f)127 354 Q 2.5(all-back. If)-.1 F(it f)2.5 E +(ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.) +-2.5 E F2 1.666(TPM2 back-end con\214guration)72 378 R(En)84 390 Q(vir) +-.4 E .625(onment v)-.18 F(ariables)-.1 E F5(TSS2_LOG)102 402 Q F0(An) +155 402 Q 2.5(yo)-.15 G(f:)-2.5 E F2(NONE)2.5 E F0(,)A F2(ERR)2.5 E(OR) +-.3 E F0(,)A F2 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F2(INFO)2.5 E F0(,)A F2 +(DEB)2.5 E(UG)-.1 E F0(,)A F2(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E +(ault:)-.1 E F2 -1.2(WA)2.5 G(RNING)1.2 E F0(.)A F2 .625(TPM selection) +84 426 R F0 1.167(The library)102 438 R F3(libtss2-tcti-default.so)3.667 +E F0 1.167(can be link)3.667 F 1.167(ed to an)-.1 F 3.667(yo)-.15 G +3.667(ft)-3.667 G(he)-3.667 E F5(libtss2-tcti-)3.666 E/F6 10/Symbol SF +(*)A F5(.so)A F0(li-)3.666 E 1.38(braries to select the def)102 450 R +1.38(ault, otherwise)-.1 F F5(/dev/tpmrm0)3.881 E F0 3.881(,t)C(hen) +-3.881 E F5(/dev/tpm0)3.881 E F0 3.881(,t)C(hen)-3.881 E F5 +(localhost:2321)3.881 E F0(will be tried, in order)102 462 Q 1.666(\(s) +4.166 G(ee)-1.666 E F5(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F2 .625 +(See also)84 486 R F0 1.63(The tpm2-tss git repository at)102 498 R F2 +(https://github)4.129 E(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0 +1.629(and the documentation at)4.129 F F2(https://tpm2-tss.r)102 510 Q +(eadthedocs.io)-.18 E F0(.)A 3.517 +(The TPM 2.0 speci\214cations, mainly at)102 528 R F2 +(https://trustedcomputinggr)6.018 E(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E +(ce/tpm-library-)-.18 E(speci\214cation/)102 540 Q F0(,)A F2 +(https://trustedcomputinggr)99.315 E(oup.or)-.18 E +(g/wp-content/uploads/TPM-)-.1 E(Re)102 552 Q(v-2.0-P)-.15 E(art-1-Ar) +-.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0 2.5(,a)C(nd related pages.) +-2.5 E F2 1.666(SPECIAL THANKS)72 576 R F0 1.6 -.8(To a)102 588 T +(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:) +.15 E F2<83>122 600 Q F0(ThePhD)7.5 E F2<83>122 612 Q F0(Embark Studios) +7.5 E F2<83>122 624 Q F0(Lars Strojn)7.5 E(y)-.15 E F2(REPOR)72 648 Q +1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 660 Q +(.ht/\001nabijaczleweli/tzpfms)-1 E F5 +(\001nabijaczleweli/tzpfms@lists.sr.ht)102 678 Q F0 86.762(,a)C(rchi) +-86.762 E -.15(ve)-.25 G 86.763(da).15 G(t)-86.763 E F2 +(https://lists.sr)102 690 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A F2 +1.666(SEE ALSO)72 714 R F5(tpm2_unseal)102 726 Q F0(\(1\))A +(tzpfms 0.3.1-10-gf403f)72 799.889 Q 94.145(fe December)-.25 F(4, 2022) +2.5 E(9)192.205 E 0 Cg EP +%%Page: 10 10 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R +(System Manager')53.329 E 2.5(sM)-.55 G 48.329 +(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E(PCR allocations:)102 96 +Q/F1 10/Times-Bold@0 SF(https://wiki.ar)102 108 Q(chlinux.or)-.18 E +(g/title/T)-.1 E(rusted_Platf)-.74 E(orm_Module#Accessing_PCR_r)-.25 E +(egisters)-.18 E F0(and)2.5 E F1(https://trustedcomputinggr)102 120 Q +(oup.or)-.18 E(g/wp-content/uploads/PC-)-.1 E(ClientSpeci\214c_Platf)102 +132 Q(orm_Pr)-.25 E(o\214le_f)-.18 E(or_TPM_2p0_Systems_v51.pdf)-.25 E +F0 2.5(,S)C(ection 2.3.4 "PCR Usage", T)-2.5 E(able)-.8 E(1.)102 144 Q +(tzpfms 0.3.1-10-gf403f)72 799.889 Q 94.145(fe December)-.25 F(4, 2022) +2.5 E(10)187.205 E 0 Cg EP +%%Page: 11 11 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CLEAR-KEY \(8\))72 48 R +(System Manager')62.209 E 2.5(sM)-.55 G 57.209(anual ZFS-TPM2-CLEAR-KEY) +-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E/F2 10 +/Courier-Bold@0 SF(zfs-tpm2-clear-key)102 108 Q F0 2.5<8a72>2.5 G -.25 +(ew)-2.5 G(rap ZFS dataset k).25 E .3 -.15(ey i)-.1 H 2.5(np).15 G +(asssw)-2.5 E(ord and clear tzpfms TPM2 metadata)-.1 E F1(SYNOPSIS)72 +132 Q F2(zfs-tpm2-clear-key)102 144 Q/F3 10/Courier-Oblique@0 SF +(dataset)2.5 E F1(DESCRIPTION)72 168 Q F0(After v)102 180 Q(erifying) +-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E +F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM2)2.5 E F0(:)A 5 +(1. performs)112 192 R 6.392(the equi)8.892 F -.25(va)-.25 G 6.392 +(lent of).25 F F2 6.392(zfs change-key)8.892 F14.057 E/F4 10 +/Courier@0 SF(keylocation=prompt)12.391 E F214.057 E F4 +(keyformat=passphrase)127 204 Q F3(dataset)6 E F0(,)A 5(2. frees)112 216 +R(the sealed k)2.5 E .3 -.15(ey p)-.1 H(re).15 E +(viously used to encrypt)-.25 E F3(dataset)2.5 E F0(,)A 5(3. remo)112 +228 R -.15(ve)-.15 G 11.889(st).15 G(he)-11.889 E F4 +(xyz.nabijaczleweli:tzpfms.)11.889 E F0({)A F4(backend)A F0(,)A F4(key) +15.389 E F0 11.889(}p)C 9.389(roperties from)-11.889 F F3(dataset)127 +240 Q F0(.)A(See)102 258 Q F4(zfs-tpm2-change-key)2.5 E F0 +(\(8\) for a detailed description.)A F1(ENVIR)72 282 Q 1.666(ONMENT V) +-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)102 294 Q F0 .421 +(By def)127 306 R .42(ault, passphrases are prompted for and read in on\ + the standard output and input streams.)-.1 F(If)5.42 E F4 +(TZPFMS_PASSPHRASE_HELPER)127 318 Q F0 .46(is set and nonempty)2.96 F +2.961(,i)-.65 G 2.961(tw)-2.961 G .461(ill be run via)-2.961 F F4(/bin/) +2.961 E F2 2.127(sh \255c)B F0 .461(to pro-)2.961 F +(vide each passphrase, instead.)127 330 Q .15 +(The standard output stream of the helper is tied to an anon)127 348 R +.15(ymous \214le and used in its entirety as the)-.15 F(passphrase, e) +127 360 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65 +(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)137 372 Q F0 +(Pre-formatted noun phrase with all the information belo)154 372 Q 1.3 +-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)137 384 Q F0 +(Either the dataset name or the element of the TPM hierarch)154 384 Q +2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)137 396 Q F0("ne)154 396 Q +(w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank) +-2.5 E F4($4)137 408 Q F0("ag)154 408 Q(ain" if it')-.05 E 2.5(st)-.55 G +(he second prompt for that passphrase, otherwise blank)-2.5 E .138 +(If the helper doesn')127 426 R 2.638(te)-.18 G 1.804(xist \()-2.788 F +.138(the shell e)1.666 F .138(xits with)-.15 F F1(127)2.638 E F0 -3.194 +1.666(\), a d)1.666 H .139(iagnostic is issued and the normal prompt) +-1.666 F(is used as f)127 438 Q 2.5(all-back. If)-.1 F(it f)2.5 E +(ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.) +-2.5 E F1 1.666(TPM2 back-end con\214guration)72 462 R(En)84 474 Q(vir) +-.4 E .625(onment v)-.18 F(ariables)-.1 E F4(TSS2_LOG)102 486 Q F0(An) +155 486 Q 2.5(yo)-.15 G(f:)-2.5 E F1(NONE)2.5 E F0(,)A F1(ERR)2.5 E(OR) +-.3 E F0(,)A F1 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F1(INFO)2.5 E F0(,)A F1 +(DEB)2.5 E(UG)-.1 E F0(,)A F1(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E +(ault:)-.1 E F1 -1.2(WA)2.5 G(RNING)1.2 E F0(.)A F1 .625(TPM selection) +84 510 R F0 1.167(The library)102 522 R F2(libtss2-tcti-default.so)3.667 +E F0 1.167(can be link)3.667 F 1.167(ed to an)-.1 F 3.667(yo)-.15 G +3.667(ft)-3.667 G(he)-3.667 E F4(libtss2-tcti-)3.666 E/F5 10/Symbol SF +(*)A F4(.so)A F0(li-)3.666 E 1.38(braries to select the def)102 534 R +1.38(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.881 E F0 3.881(,t)C(hen) +-3.881 E F4(/dev/tpm0)3.881 E F0 3.881(,t)C(hen)-3.881 E F4 +(localhost:2321)3.881 E F0(will be tried, in order)102 546 Q 1.666(\(s) +4.166 G(ee)-1.666 E F4(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F1 .625 +(See also)84 570 R F0 1.63(The tpm2-tss git repository at)102 582 R F1 +(https://github)4.129 E(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0 +1.629(and the documentation at)4.129 F F1(https://tpm2-tss.r)102 594 Q +(eadthedocs.io)-.18 E F0(.)A 3.517 +(The TPM 2.0 speci\214cations, mainly at)102 612 R F1 +(https://trustedcomputinggr)6.018 E(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E +(ce/tpm-library-)-.18 E(speci\214cation/)102 624 Q F0(,)A F1 +(https://trustedcomputinggr)99.315 E(oup.or)-.18 E +(g/wp-content/uploads/TPM-)-.1 E(Re)102 636 Q(v-2.0-P)-.15 E(art-1-Ar) +-.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0 2.5(,a)C(nd related pages.) +-2.5 E F1 1.666(SPECIAL THANKS)72 660 R F0 1.6 -.8(To a)102 672 T +(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:) +.15 E F1<83>122 684 Q F0(ThePhD)7.5 E F1<83>122 696 Q F0(Embark Studios) +7.5 E F1<83>122 708 Q F0(Lars Strojn)7.5 E(y)-.15 E +(tzpfms 0.3.1-10-gf403f)72 799.889 Q 94.145(fe December)-.25 F(4, 2022) +2.5 E(11)187.205 E 0 Cg EP +%%Page: 12 12 +%%BeginPageSetup +BP +%%EndPageSetup +/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CLEAR-KEY \(8\))72 48 R +(System Manager')62.209 E 2.5(sM)-.55 G 57.209(anual ZFS-TPM2-CLEAR-KEY) +-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF(REPOR)72 96 Q 1.666(TING B) +-.4 F(UGS)-.1 E(https://todo.sr)102 108 Q(.ht/\001nabijaczleweli/tzpfms) +-1 E/F2 10/Courier@0 SF(\001nabijaczleweli/tzpfms@lists.sr.ht)102 126 Q +F0 86.762(,a)C(rchi)-86.762 E -.15(ve)-.25 G 86.763(da).15 G(t)-86.763 E +F1(https://lists.sr)102 138 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A +(tzpfms 0.3.1-10-gf403f)72 799.889 Q 94.145(fe December)-.25 F(4, 2022) +2.5 E(12)187.205 E 0 Cg EP +%%Page: 13 13 %%BeginPageSetup BP %%EndPageSetup /F0 10/Times-Roman@0 SF(ZFS-TPM2-LO)72 48 Q -.834(AD-KEY \(8\))-.35 F (System Manager')67.569 E 2.5(sM)-.55 G 62.569(anual ZFS-TPM2-LO)-2.5 F --.834(AD-KEY \(8\))-.35 F/F1 10/Courier@0 SF -(\001nabijaczleweli/tzpfms@lists.sr.ht)102 96 Q F0 86.763(,a)C(rchi) --86.763 E -.15(ve)-.25 G 86.762(da).15 G(t)-86.762 E/F2 10/Times-Bold@0 -SF(https://lists.sr)102 108 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A -(tzpfms 0.3.1-9-gd2dcf95)72 799.889 Q(December 4, 2022)98.055 E(14) -187.205 E 0 Cg EP +-.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E +/F2 10/Courier-Bold@0 SF(zfs-tpm2-load-key)102 108 Q F0 2.5<8a6c>2.5 G +(oad TPM2-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72 +132 Q F2(zfs-tpm2-load-key)102 144 Q F0([)3.333 E F22.499 E F0(]) +.833 E/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 168 Q +F0 .003(After v)102 180 R(erifying)-.15 E F3(dataset)2.503 E F0 -.1(wa) +2.503 G 2.503(se).1 G .003(ncrypted with)-2.503 F F2(tzpfms)2.503 E F0 +(back)2.503 E(end)-.1 E F1(TPM2)2.503 E F0 2.503(,u)C .003(nseals the k) +-2.503 F .303 -.15(ey a)-.1 H .003(nd loads it into).15 F F3(dataset)102 +192 Q F0(.)A(The user is prompted for the additional passphrase, set wh\ +en creating the k)102 210 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5(fo)-2.5 G +(ne w)-2.5 E(as set.)-.1 E(See)102 228 Q/F4 10/Courier@0 SF +(zfs-tpm2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1 +(OPTIONS)72 252 Q F2103.666 264 Q F0 3.583 +(Do a no-op/dry run, can be used e)125 264 R -.15(ve)-.25 G 6.083(ni).15 +G 6.083(ft)-6.083 G 3.583(he k)-6.083 F 3.883 -.15(ey i)-.1 H 6.083(sa) +.15 G 3.583(lready loaded.)-6.083 F(Equi)8.583 E -.25(va)-.25 G 3.583 +(lent to).25 F F2(zfs)6.083 E(load-key)125 276 Q F0 -.55('s)C F2 +4.716 E F0(option.)2.5 E F1(ENVIR)72 300 Q 1.666(ONMENT V)-.3 F +(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)102 312 Q F0 .421(By def) +127 324 R .42(ault, passphrases are prompted for and read in on the sta\ +ndard output and input streams.)-.1 F(If)5.42 E F4 +(TZPFMS_PASSPHRASE_HELPER)127 336 Q F0 .46(is set and nonempty)2.96 F +2.961(,i)-.65 G 2.961(tw)-2.961 G .461(ill be run via)-2.961 F F4(/bin/) +2.961 E F2 2.127(sh \255c)B F0 .461(to pro-)2.961 F +(vide each passphrase, instead.)127 348 Q .15 +(The standard output stream of the helper is tied to an anon)127 366 R +.15(ymous \214le and used in its entirety as the)-.15 F(passphrase, e) +127 378 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65 +(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)137 390 Q F0 +(Pre-formatted noun phrase with all the information belo)154 390 Q 1.3 +-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)137 402 Q F0 +(Either the dataset name or the element of the TPM hierarch)154 402 Q +2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)137 414 Q F0("ne)154 414 Q +(w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank) +-2.5 E F4($4)137 426 Q F0("ag)154 426 Q(ain" if it')-.05 E 2.5(st)-.55 G +(he second prompt for that passphrase, otherwise blank)-2.5 E .138 +(If the helper doesn')127 444 R 2.638(te)-.18 G 1.804(xist \()-2.788 F +.138(the shell e)1.666 F .138(xits with)-.15 F F1(127)2.638 E F0 -3.194 +1.666(\), a d)1.666 H .139(iagnostic is issued and the normal prompt) +-1.666 F(is used as f)127 456 Q 2.5(all-back. If)-.1 F(it f)2.5 E +(ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.) +-2.5 E F1 1.666(TPM1.X back-end con\214guration)72 480 R .625 +(TPM selection)84 492 R F0(The)102 504 Q F2(tzpfms)2.683 E F0 .182 +(suite connects to a local)2.683 F F4(tcsd)2.682 E F0 .182 +(\(8\) process)B 1.666(\(a)4.348 G(t)-1.666 E F4(localhost:30003)2.682 E +F0 4.348(\)b)1.666 G 2.682(yd)-4.348 G(ef)-2.682 E 2.682(ault. Use)-.1 F +(the)2.682 E(en)102 516 Q(vironment v)-.4 E(ariable)-.25 E F4 +(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .61 +(The T)102 534 R(rouSerS)-.35 E F4(tcsd)3.11 E F0 .61 +(\(8\) daemon will try)B F4(/dev/tpm0)3.11 E F0 3.11(,t)C(hen)-3.11 E F4 +(/udev/tpm0)3.111 E F0 3.111(,t)C(hen)-3.111 E F4(/dev/tpm)3.111 E F0 +3.111(;b)C 3.111(yo)-3.111 G(ccu-)-3.111 E -.1(py)102 546 S +(ing one of the earlier ones with, for e).1 E +(xample, shell redirection, a later one can be selected.)-.15 E F1 .625 +(See also)84 570 R F0(The T)102 582 Q(rouSerS project page at)-.35 E F1 +(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18 +E(ousers)-.18 E F0(.)A 2.719(The TPM 1.2 main speci\214cation inde)102 +600 R 5.219(xa)-.15 G(t)-5.219 E F1(https://trustedcomputinggr)5.219 E +(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E +(speci\214cation)102 612 Q F0(.)A F1 1.666(SPECIAL THANKS)72 636 R F0 +1.6 -.8(To a)102 648 T(ll who support further de).8 E -.15(ve)-.25 G +(lopment, in particular:).15 E F1<83>122 660 Q F0(ThePhD)7.5 E F1<83>122 +672 Q F0(Embark Studios)7.5 E F1<83>122 684 Q F0(Lars Strojn)7.5 E(y) +-.15 E F1(REPOR)72 708 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr) +102 720 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F4 +(\001nabijaczleweli/tzpfms@lists.sr.ht)102 738 Q F0 86.762(,a)C(rchi) +-86.762 E -.15(ve)-.25 G 86.763(da).15 G(t)-86.763 E F1 +(https://lists.sr)102 750 Q(.ht/\001nabijaczleweli/tzpfms)-1 E F0(.)A +(tzpfms 0.3.1-10-gf403f)72 799.889 Q 94.145(fe December)-.25 F(4, 2022) +2.5 E(13)187.205 E 0 Cg EP %%Trailer end %%EOF diff --git a/zfs-tpm-list.8 b/zfs-tpm-list.8 index c2258f6..1a0453b 100644 --- a/zfs-tpm-list.8 +++ b/zfs-tpm-list.8 @@ -3,7 +3,7 @@ .Dd December 4, 2022 .ds doc-volume-operating-system .Dt ZFS-TPM-LIST 8 -.Os tzpfms 0.3.1-9-gd2dcf95 +.Os tzpfms 0.3.1-10-gf403ffe . .Sh NAME .Nm zfs-tpm-list @@ -18,7 +18,7 @@ . .Sh DESCRIPTION Lists the following properties on encryption roots: -.Bl -tag -compact -offset Ds -width "keystatus" +.Bl -tag -compact -offset 4n -width ".Li keystatus" .It Li name .It Li back-end the @@ -56,7 +56,7 @@ If no datasets are specified, all matching encryption roots are listed \(em by d .Nm tzpfms . . .Sh OPTIONS -.Bl -tag -compact -width "-b back-end" +.Bl -tag -compact -width ".Fl b Ar back-end" .It Fl H Scripting mode \(em remove headers and separate fields by a single tab instead of columnating them with spaces. .Pp @@ -117,7 +117,7 @@ tarta-zoot/vm - available yes . .Sh SPECIAL THANKS To all who support further development, in particular: -.Bl -bullet -offset 4n -compact -width 0 +.Bl -bullet -offset 4n -compact -width "@" .It ThePhD .It diff --git a/zfs-tpm-list.8.html b/zfs-tpm-list.8.html index ef0f557..e68c5e3 100644 --- a/zfs-tpm-list.8.html +++ b/zfs-tpm-list.8.html @@ -165,7 +165,7 @@ tarta-zoot/vm - available yes - +
December 4, 2022tzpfms 0.3.1-9-gd2dcf95tzpfms 0.3.1-10-gf403ffe
diff --git a/zfs-tpm1x-change-key.8 b/zfs-tpm1x-change-key.8 index 624506e..273547a 100644 --- a/zfs-tpm1x-change-key.8 +++ b/zfs-tpm1x-change-key.8 @@ -3,7 +3,7 @@ .Dd December 4, 2022 .ds doc-volume-operating-system .Dt ZFS-TPM1X-CHANGE-KEY 8 -.Os tzpfms 0.3.1-9-gd2dcf95 +.Os tzpfms 0.3.1-10-gf403ffe . .Sh NAME .Nm zfs-tpm1x-change-key @@ -90,7 +90,7 @@ and you are hereby asked to report a bug, please. can be used to clear the properties and go back to using a passphrase. . .Sh OPTIONS -.Bl -tag -compact -width "-b backup-file" +.Bl -tag -compact -width ".Fl b Ar backup-file" .It Fl b Ar backup-file Save a back-up of the key to .Ar backup-file , @@ -114,7 +114,7 @@ For most, this is also the maximum. .\" SPDX-License-Identifier: MIT . .Sh ENVIRONMENT VARIABLES -.Bl -tag -compact -width "TZPFMS" +.Bl -tag -compact -width 4n .It Ev TZPFMS_PASSPHRASE_HELPER By default, passphrases are prompted for and read in on the standard output and input streams. If @@ -125,7 +125,7 @@ to provide each passphrase, instead. .Pp The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any. The arguments are: -.Bl -tag -compact -offset "@@" -width "@@" +.Bl -tag -compact -offset 2n -width ".Li $1" .It Li $1 Pre-formatted noun phrase with all the information below, for use as a prompt .\" Passphrase for tarta-zoot @@ -184,7 +184,7 @@ The TPM 1.2 main specification index at . .Sh SPECIAL THANKS To all who support further development, in particular: -.Bl -bullet -offset 4n -compact -width 0 +.Bl -bullet -offset 4n -compact -width "@" .It ThePhD .It diff --git a/zfs-tpm1x-change-key.8.html b/zfs-tpm1x-change-key.8.html index 0d94851..9243e4f 100644 --- a/zfs-tpm1x-change-key.8.html +++ b/zfs-tpm1x-change-key.8.html @@ -218,7 +218,7 @@ - +
December 4, 2022tzpfms 0.3.1-9-gd2dcf95tzpfms 0.3.1-10-gf403ffe
diff --git a/zfs-tpm1x-clear-key.8 b/zfs-tpm1x-clear-key.8 index 944e169..39e624d 100644 --- a/zfs-tpm1x-clear-key.8 +++ b/zfs-tpm1x-clear-key.8 @@ -3,7 +3,7 @@ .Dd December 4, 2022 .ds doc-volume-operating-system .Dt ZFS-TPM1X-CLEAR-KEY 8 -.Os tzpfms 0.3.1-9-gd2dcf95 +.Os tzpfms 0.3.1-10-gf403ffe . .Sh NAME .Nm zfs-tpm1x-clear-key @@ -19,7 +19,7 @@ was encrypted with .Nm tzpfms backend .Sy TPM1.X : -.Bl -enum -compact -offset 4n -width "" +.Bl -enum -compact -offset 2n -width 2n .It performs the equivalent of .Nm zfs Cm change-key Fl o Li keylocation=prompt Fl o Li keyformat=passphrase Ar dataset , @@ -70,7 +70,7 @@ The TPM 1.2 main specification index at . .Sh SPECIAL THANKS To all who support further development, in particular: -.Bl -bullet -offset 4n -compact -width 0 +.Bl -bullet -offset 4n -compact -width "@" .It ThePhD .It diff --git a/zfs-tpm1x-clear-key.8.html b/zfs-tpm1x-clear-key.8.html index 376f6a9..b7148e3 100644 --- a/zfs-tpm1x-clear-key.8.html +++ b/zfs-tpm1x-clear-key.8.html @@ -102,7 +102,7 @@ - +
December 4, 2022tzpfms 0.3.1-9-gd2dcf95tzpfms 0.3.1-10-gf403ffe
diff --git a/zfs-tpm1x-load-key.8 b/zfs-tpm1x-load-key.8 index ccf49ae..33f057c 100644 --- a/zfs-tpm1x-load-key.8 +++ b/zfs-tpm1x-load-key.8 @@ -3,7 +3,7 @@ .Dd December 4, 2022 .ds doc-volume-operating-system .Dt ZFS-TPM1X-LOAD-KEY 8 -.Os tzpfms 0.3.1-9-gd2dcf95 +.Os tzpfms 0.3.1-10-gf403ffe . .Sh NAME .Nm zfs-tpm1x-load-key @@ -31,7 +31,7 @@ See for a detailed description. . .Sh OPTIONS -.Bl -tag -compact -width "-n" +.Bl -tag -compact -width ".Fl n" .It Fl n Do a no-op/dry run, can be used even if the key is already loaded. Equivalent to @@ -43,7 +43,7 @@ option. .\" SPDX-License-Identifier: MIT . .Sh ENVIRONMENT VARIABLES -.Bl -tag -compact -width "TZPFMS" +.Bl -tag -compact -width 4n .It Ev TZPFMS_PASSPHRASE_HELPER By default, passphrases are prompted for and read in on the standard output and input streams. If @@ -54,7 +54,7 @@ to provide each passphrase, instead. .Pp The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any. The arguments are: -.Bl -tag -compact -offset "@@" -width "@@" +.Bl -tag -compact -offset 2n -width ".Li $1" .It Li $1 Pre-formatted noun phrase with all the information below, for use as a prompt .\" Passphrase for tarta-zoot @@ -113,7 +113,7 @@ The TPM 1.2 main specification index at . .Sh SPECIAL THANKS To all who support further development, in particular: -.Bl -bullet -offset 4n -compact -width 0 +.Bl -bullet -offset 4n -compact -width "@" .It ThePhD .It diff --git a/zfs-tpm1x-load-key.8.html b/zfs-tpm1x-load-key.8.html index 940e161..a99f498 100644 --- a/zfs-tpm1x-load-key.8.html +++ b/zfs-tpm1x-load-key.8.html @@ -138,7 +138,7 @@ - +
December 4, 2022tzpfms 0.3.1-9-gd2dcf95tzpfms 0.3.1-10-gf403ffe
diff --git a/zfs-tpm2-change-key.8 b/zfs-tpm2-change-key.8 index 47ec752..4fd0cb0 100644 --- a/zfs-tpm2-change-key.8 +++ b/zfs-tpm2-change-key.8 @@ -3,7 +3,7 @@ .Dd December 4, 2022 .ds doc-volume-operating-system .Dt ZFS-TPM2-CHANGE-KEY 8 -.Os tzpfms 0.3.1-9-gd2dcf95 +.Os tzpfms 0.3.1-10-gf403ffe . .Sh NAME .Nm zfs-tpm2-change-key @@ -12,7 +12,7 @@ .Nm .Op Fl b Ar backup-file .Oo -.Fl P Ar algorithm Ns Cm \&: Ns Ar PCR Ns Oo Ns Cm \&, Ns Ar PCR Oc Ns … Ns Oo Cm + Ns Ar algorithm Ns Cm \&: Ns Ar PCR Ns Oo Ns Cm \&, Ns Ar PCR Oc Ns … Oc Ns … +.Fl P Ar algorithm Ns Cm \&: Ns Ar PCR Ns Oo Ns Cm \&, Ns Ar PCR Oc Ns … Ns \: Ns Oo Cm + Ns Ar algorithm Ns Cm \&: Ns Ar PCR Ns Oo Ns Cm \&, Ns Ar PCR Oc Ns … Oc Ns … .Op Fl A .Oc .Ar dataset @@ -54,7 +54,7 @@ The following properties are set on .It .Li xyz.nabijaczleweli:tzpfms.backend Ns = Ns Sy TPM2 .It -.Li xyz.nabijaczleweli:tzpfms.key Ns = Ns Ar persistent-object-ID Ns Op Cm ;\& Ar algorithm Ns Cm \&: Ns Ar PCR Ns Oo Ns Cm \&, Ns Ar PCR Oc Ns … Ns Oo Cm + Ns Ar algorithm Ns Cm \&: Ns Ar PCR Ns Oo Ns Cm \&, Ns Ar PCR Oc Ns … Oc Ns … +.Li xyz.nabijaczleweli:tzpfms.key Ns = Ns Ar persistent-object-ID Ns \: Ns Op Cm ;\& Ns Ar algorithm Ns Cm \&: Ns Ar PCR Ns Oo Ns Cm \&, Ns Ar PCR Oc Ns … Ns Oo Cm + Ns Ar algorithm Ns Cm \&: Ns Ar PCR Ns Oo Ns Cm \&, Ns Ar PCR Oc Ns … Oc Ns … .El .Pp .Li tzpfms.backend @@ -97,7 +97,7 @@ and you are hereby asked to report a bug, please. can be used to free the TPM persistent object and go back to using a passphrase. . .Sh OPTIONS -.Bl -tag -compact -width "-b backup-file" +.Bl -tag -compact -width ".Fl b Ar backup-file" .It Fl b Ar backup-file Save a back-up of the key to .Ar backup-file , @@ -154,7 +154,7 @@ with the passphrase, and this is usually not the intent. .\" SPDX-License-Identifier: MIT . .Sh ENVIRONMENT VARIABLES -.Bl -tag -compact -width "TZPFMS" +.Bl -tag -compact -width 4n .It Ev TZPFMS_PASSPHRASE_HELPER By default, passphrases are prompted for and read in on the standard output and input streams. If @@ -165,7 +165,7 @@ to provide each passphrase, instead. .Pp The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any. The arguments are: -.Bl -tag -compact -offset "@@" -width "@@" +.Bl -tag -compact -offset 2n -width ".Li $1" .It Li $1 Pre-formatted noun phrase with all the information below, for use as a prompt .\" Passphrase for tarta-zoot @@ -192,7 +192,7 @@ If it fails for any other reason, the prompting is aborted. . .Sh TPM2 back-end configuration .Ss Environment variables -.Bl -tag -compact -width "TSS2_LOG" +.Bl -tag -compact -width ".Ev TSS2_LOG" .It Ev TSS2_LOG Any of: .Sy NONE , ERROR , WARNING , INFO , DEBUG , TRACE . @@ -229,7 +229,7 @@ and related pages. . .Sh SPECIAL THANKS To all who support further development, in particular: -.Bl -bullet -offset 4n -compact -width 0 +.Bl -bullet -offset 4n -compact -width "@" .It ThePhD .It diff --git a/zfs-tpm2-change-key.8.html b/zfs-tpm2-change-key.8.html index 4ffd536..8b9e7da 100644 --- a/zfs-tpm2-change-key.8.html +++ b/zfs-tpm2-change-key.8.html @@ -61,8 +61,7 @@ dataset:

tzpfms.backend identifies this dataset for work with TPM2-back-ended tzpfms @@ -265,7 +264,7 @@ - +
December 4, 2022tzpfms 0.3.1-9-gd2dcf95tzpfms 0.3.1-10-gf403ffe
diff --git a/zfs-tpm2-clear-key.8 b/zfs-tpm2-clear-key.8 index b25ccb2..43c1463 100644 --- a/zfs-tpm2-clear-key.8 +++ b/zfs-tpm2-clear-key.8 @@ -3,7 +3,7 @@ .Dd December 4, 2022 .ds doc-volume-operating-system .Dt ZFS-TPM2-CLEAR-KEY 8 -.Os tzpfms 0.3.1-9-gd2dcf95 +.Os tzpfms 0.3.1-10-gf403ffe . .Sh NAME .Nm zfs-tpm2-clear-key @@ -19,7 +19,7 @@ was encrypted with .Nm tzpfms backend .Sy TPM2 : -.Bl -enum -compact -offset 4n -width "" +.Bl -enum -compact -offset 2n -width 2n .It performs the equivalent of .Nm zfs Cm change-key Fl o Li keylocation=prompt Fl o Li keyformat=passphrase Ar dataset , @@ -40,7 +40,7 @@ for a detailed description. .\" SPDX-License-Identifier: MIT . .Sh ENVIRONMENT VARIABLES -.Bl -tag -compact -width "TZPFMS" +.Bl -tag -compact -width 4n .It Ev TZPFMS_PASSPHRASE_HELPER By default, passphrases are prompted for and read in on the standard output and input streams. If @@ -51,7 +51,7 @@ to provide each passphrase, instead. .Pp The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any. The arguments are: -.Bl -tag -compact -offset "@@" -width "@@" +.Bl -tag -compact -offset 2n -width ".Li $1" .It Li $1 Pre-formatted noun phrase with all the information below, for use as a prompt .\" Passphrase for tarta-zoot @@ -78,7 +78,7 @@ If it fails for any other reason, the prompting is aborted. . .Sh TPM2 back-end configuration .Ss Environment variables -.Bl -tag -compact -width "TSS2_LOG" +.Bl -tag -compact -width ".Ev TSS2_LOG" .It Ev TSS2_LOG Any of: .Sy NONE , ERROR , WARNING , INFO , DEBUG , TRACE . @@ -115,7 +115,7 @@ and related pages. . .Sh SPECIAL THANKS To all who support further development, in particular: -.Bl -bullet -offset 4n -compact -width 0 +.Bl -bullet -offset 4n -compact -width "@" .It ThePhD .It diff --git a/zfs-tpm2-clear-key.8.html b/zfs-tpm2-clear-key.8.html index aec48a1..29e222b 100644 --- a/zfs-tpm2-clear-key.8.html +++ b/zfs-tpm2-clear-key.8.html @@ -153,7 +153,7 @@ - +
December 4, 2022tzpfms 0.3.1-9-gd2dcf95tzpfms 0.3.1-10-gf403ffe
diff --git a/zfs-tpm2-load-key.8 b/zfs-tpm2-load-key.8 index 30ed145..ae86fa8 100644 --- a/zfs-tpm2-load-key.8 +++ b/zfs-tpm2-load-key.8 @@ -3,7 +3,7 @@ .Dd December 4, 2022 .ds doc-volume-operating-system .Dt ZFS-TPM2-LOAD-KEY 8 -.Os tzpfms 0.3.1-9-gd2dcf95 +.Os tzpfms 0.3.1-10-gf403ffe . .Sh NAME .Nm zfs-tpm2-load-key @@ -30,7 +30,7 @@ See for a detailed description. . .Sh OPTIONS -.Bl -tag -compact -width "-n" +.Bl -tag -compact -width ".Fl n" .It Fl n Do a no-op/dry run, can be used even if the key is already loaded. Equivalent to @@ -42,7 +42,7 @@ option. .\" SPDX-License-Identifier: MIT . .Sh ENVIRONMENT VARIABLES -.Bl -tag -compact -width "TZPFMS" +.Bl -tag -compact -width 4n .It Ev TZPFMS_PASSPHRASE_HELPER By default, passphrases are prompted for and read in on the standard output and input streams. If @@ -53,7 +53,7 @@ to provide each passphrase, instead. .Pp The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any. The arguments are: -.Bl -tag -compact -offset "@@" -width "@@" +.Bl -tag -compact -offset 2n -width ".Li $1" .It Li $1 Pre-formatted noun phrase with all the information below, for use as a prompt .\" Passphrase for tarta-zoot @@ -112,7 +112,7 @@ The TPM 1.2 main specification index at . .Sh SPECIAL THANKS To all who support further development, in particular: -.Bl -bullet -offset 4n -compact -width 0 +.Bl -bullet -offset 4n -compact -width "@" .It ThePhD .It diff --git a/zfs-tpm2-load-key.8.html b/zfs-tpm2-load-key.8.html index 057b859..6286cb3 100644 --- a/zfs-tpm2-load-key.8.html +++ b/zfs-tpm2-load-key.8.html @@ -137,7 +137,7 @@ - +
December 4, 2022tzpfms 0.3.1-9-gd2dcf95tzpfms 0.3.1-10-gf403ffe