Final-proof passphrase.h

initrd/dracut/module-setup.sh

@@ -34,6 +34,7 @@ _install_tpm1x() {
 check() {
 	command -v zfs-tpm-list > /dev/null || return 1
 
+  # shellcheck disable=SC2154
   if [ -n "$hostonly" ]; then
 		_get_backend || return
 
@@ -60,7 +61,7 @@ installkernel() {
 install() {
 	inst_binary zfs-tpm-list
 
-	if [ -n "${hostonly}" ]; then
+	if [ -n "$hostonly" ]; then
 		_get_backend
 
 		[ "$backend" = "TPM2"   ] && _install_tpm2

man/passphrase.h

@@ -3,26 +3,28 @@
 .Sh ENVIRONMENT VARIABLES
 .Bl -tag -compact -width "TZPFMS"
 .It Ev TZPFMS_PASSPHRASE_HELPER
-If set and nonempty, will be run via
+By default, passphrases are prompted for and read in on the standard output and input streams.
+If
+.Ev TZPFMS_PASSPHRASE_HELPER
+is set and nonempty, it will be run via
 .Pa /bin/ Ns Nm sh Fl c
-to provide a passphrase, instead of reading from the standard input stream.
+to provide each passphrase, instead.
 .Pp
 The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
 The arguments are:
 .Bl -tag -compact -offset "@@" -width "@@"
 .It Li $1
-Pre-formatted noun phrase with all the information below, like
-.Qq Passphrase for tarta-zoot
-or
-.Qq New passphrase for tarta-zoot (again)
+Pre-formatted noun phrase with all the information below, for use as a prompt
+.\" Passphrase for tarta-zoot
+.\" New passphrase for tarta-zoot (again)
 .It Li $2
-Either the dataset name or the element of the TPM hierarchy
+Either the dataset name or the element of the TPM hierarchy being prompted for
 .It Li $3
 .Qq new
-if this is for a new passphrase
+if this is for a new passphrase, otherwise blank
 .It Li $4
 .Qq again
-if it's the second prompt for that passphrase
+if it's the second prompt for that passphrase, otherwise blank
 .El
 .Pp
 If the helper doesn't exist