From beec59adddbd27cbcbdb93aa8fb7c80e048c3fcc Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=D0=BD=D0=B0=D0=B1=20autouploader?=
 <nabijaczleweli/autouploader@nabijaczleweli.xyz>
Date: Tue, 27 Oct 2020 19:38:18 +0000
Subject: [PATCH] Manpage update by job 329308

---
 zfs-tpm2-change-key.8               | 4 ++--
 zfs-tpm2-change-key.8.html          | 6 ++++--
 zfs-tpm2-change-key.8.html_fragment | 6 ++++--
 zfs-tpm2-change-key.md              | 6 ++++--
 4 files changed, 14 insertions(+), 8 deletions(-)

diff --git a/zfs-tpm2-change-key.8 b/zfs-tpm2-change-key.8
index 967be45..716e9aa 100644
--- a/zfs-tpm2-change-key.8
+++ b/zfs-tpm2-change-key.8
@@ -12,7 +12,7 @@ First, a connection is made to the TPM, which \fImust\fR be TPM\-2\.0\-compatibl
 .P
 If \fBdataset\fR was previously encrypted with tzpfms and the \fITPM2\fR back\-end was used, the previous key will be freed from the TPM\. Otherwise, or in case of an error, data required for manual intervention will be printed to the standard error stream\.
 .P
-Next, a new wrapping key is be generated on the TPM, optionally backed up (see \fIOPTIONS\fR), and sealed to a persistent object on the TPM under the owner hierarchy\.
+Next, a new wrapping key is be generated on the TPM, optionally backed up (see \fIOPTIONS\fR), and sealed to a persistent object on the TPM under the owner hierarchy; if there is a passphrase set on the owner hierarchy, the user is prompted for it; the user is always prompted for an optional passphrase to protect the sealed object with\.
 .P
 The following properties are set on \fBdataset\fR:
 .IP "\[ci]" 4
@@ -23,7 +23,7 @@ The following properties are set on \fBdataset\fR:
 .P
 \fBtzpfms\.backend\fR identifies this dataset for work with \fITPM2\fR\-back\-ended tzpfms tools (namely zfs\-tpm2\-change\-key(8), zfs\-tpm2\-load\-key(8), and zfs\-tpm2\-clear\-key(8))\.
 .P
-\fBtzpfms\.key\fR is an integer representing the sealed object; if needed, it can be passed to \fBtpm2_unseal(1) \-c ${tzpfms\.key}\fR or equivalent for back\-up (see \fIOPTIONS\fR)\. If you have a sealed key you can access with that or equivalent tool and set both of these properties, it will funxion seamlessly\.
+\fBtzpfms\.key\fR is an integer representing the sealed object; if needed, it can be passed to \fBtpm2_unseal(1) \-c ${tzpfms\.key} [\-p ${password}]\fR or equivalent for back\-up (see \fIOPTIONS\fR)\. If you have a sealed key you can access with that or equivalent tool and set both of these properties, it will funxion seamlessly\.
 .P
 Finally, the equivalent of \fBzfs(8) change\-key \-o keylocation=prompt \-o keyformat=raw dataset\fR is performed with the new key\. If an error occurred, best effort is made to clean up the persistent object and properties, or to issue a note for manual intervention into the standard error stream\.
 .P
diff --git a/zfs-tpm2-change-key.8.html b/zfs-tpm2-change-key.8.html
index 93d6345..72c9985 100644
--- a/zfs-tpm2-change-key.8.html
+++ b/zfs-tpm2-change-key.8.html
@@ -91,7 +91,9 @@
 Otherwise, or in case of an error, data required for manual intervention will be printed to the standard error stream.</p>
 
 <p>Next, a new wrapping key is be generated on the TPM, optionally backed up (see <a href="#OPTIONS" title="OPTIONS" data-bare-link="true">OPTIONS</a>),
-and sealed to a persistent object on the TPM under the owner hierarchy.</p>
+and sealed to a persistent object on the TPM under the owner hierarchy;
+if there is a passphrase set on the owner hierarchy, the user is prompted for it;
+the user is always prompted for an optional passphrase to protect the sealed object with.</p>
 
 <p>The following properties are set on <code>dataset</code>:</p>
 
@@ -108,7 +110,7 @@ and sealed to a persistent object on the TPM under the owner hierarchy.</p>
 (namely <a class="man-ref" href="zfs-tpm2-change-key.8.html">zfs-tpm2-change-key<span class="s">(8)</span></a>, <a class="man-ref" href="zfs-tpm2-load-key.8.html">zfs-tpm2-load-key<span class="s">(8)</span></a>, and <a class="man-ref" href="zfs-tpm2-clear-key.8.html">zfs-tpm2-clear-key<span class="s">(8)</span></a>).</p>
 
 <p><code>tzpfms.key</code> is an integer representing the sealed object;
-if needed, it can be passed to <strong><a class="man-ref" href="https://manpages.debian.org/bullseye/tpm2-tools/tpm2_unseal.1.en.html">tpm2_unseal<span class="s">(1)</span></a> -c ${tzpfms.key}</strong> or equivalent for back-up (see <a href="#OPTIONS" title="OPTIONS" data-bare-link="true">OPTIONS</a>).
+if needed, it can be passed to <strong><a class="man-ref" href="https://manpages.debian.org/bullseye/tpm2-tools/tpm2_unseal.1.en.html">tpm2_unseal<span class="s">(1)</span></a> -c ${tzpfms.key} [-p ${password}]</strong> or equivalent for back-up (see <a href="#OPTIONS" title="OPTIONS" data-bare-link="true">OPTIONS</a>).
 If you have a sealed key you can access with that or equivalent tool and set both of these properties, it will funxion seamlessly.</p>
 
 <p>Finally, the equivalent of <strong><a class="man-ref" href="https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html">zfs<span class="s">(8)</span></a> change-key -o keylocation=prompt -o keyformat=raw dataset</strong> is performed with the new key.
diff --git a/zfs-tpm2-change-key.8.html_fragment b/zfs-tpm2-change-key.8.html_fragment
index 46f4c1a..764b3a4 100644
--- a/zfs-tpm2-change-key.8.html_fragment
+++ b/zfs-tpm2-change-key.8.html_fragment
@@ -19,7 +19,9 @@
 Otherwise, or in case of an error, data required for manual intervention will be printed to the standard error stream.</p>
 
 <p>Next, a new wrapping key is be generated on the TPM, optionally backed up (see <a href="#OPTIONS" title="OPTIONS" data-bare-link="true">OPTIONS</a>),
-and sealed to a persistent object on the TPM under the owner hierarchy.</p>
+and sealed to a persistent object on the TPM under the owner hierarchy;
+if there is a passphrase set on the owner hierarchy, the user is prompted for it;
+the user is always prompted for an optional passphrase to protect the sealed object with.</p>
 
 <p>The following properties are set on <code>dataset</code>:</p>
 
@@ -36,7 +38,7 @@ and sealed to a persistent object on the TPM under the owner hierarchy.</p>
 (namely <a class="man-ref" href="zfs-tpm2-change-key.8.html">zfs-tpm2-change-key<span class="s">(8)</span></a>, <a class="man-ref" href="zfs-tpm2-load-key.8.html">zfs-tpm2-load-key<span class="s">(8)</span></a>, and <a class="man-ref" href="zfs-tpm2-clear-key.8.html">zfs-tpm2-clear-key<span class="s">(8)</span></a>).</p>
 
 <p><code>tzpfms.key</code> is an integer representing the sealed object;
-if needed, it can be passed to <strong><a class="man-ref" href="https://manpages.debian.org/bullseye/tpm2-tools/tpm2_unseal.1.en.html">tpm2_unseal<span class="s">(1)</span></a> -c ${tzpfms.key}</strong> or equivalent for back-up (see <a href="#OPTIONS" title="OPTIONS" data-bare-link="true">OPTIONS</a>).
+if needed, it can be passed to <strong><a class="man-ref" href="https://manpages.debian.org/bullseye/tpm2-tools/tpm2_unseal.1.en.html">tpm2_unseal<span class="s">(1)</span></a> -c ${tzpfms.key} [-p ${password}]</strong> or equivalent for back-up (see <a href="#OPTIONS" title="OPTIONS" data-bare-link="true">OPTIONS</a>).
 If you have a sealed key you can access with that or equivalent tool and set both of these properties, it will funxion seamlessly.</p>
 
 <p>Finally, the equivalent of <strong><a class="man-ref" href="https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html">zfs<span class="s">(8)</span></a> change-key -o keylocation=prompt -o keyformat=raw dataset</strong> is performed with the new key.
diff --git a/zfs-tpm2-change-key.md b/zfs-tpm2-change-key.md
index 6ef1992..5cafbbe 100644
--- a/zfs-tpm2-change-key.md
+++ b/zfs-tpm2-change-key.md
@@ -16,7 +16,9 @@ If `dataset` was previously encrypted with tzpfms and the *TPM2* back-end was us
 Otherwise, or in case of an error, data required for manual intervention will be printed to the standard error stream.
 
 Next, a new wrapping key is be generated on the TPM, optionally backed up (see [OPTIONS][]),
-and sealed to a persistent object on the TPM under the owner hierarchy.
+and sealed to a persistent object on the TPM under the owner hierarchy;
+if there is a passphrase set on the owner hierarchy, the user is prompted for it;
+the user is always prompted for an optional passphrase to protect the sealed object with.
 
 The following properties are set on `dataset`:
 
@@ -27,7 +29,7 @@ The following properties are set on `dataset`:
 (namely zfs-tpm2-change-key(8), zfs-tpm2-load-key(8), and zfs-tpm2-clear-key(8)).
 
 `tzpfms.key` is an integer representing the sealed object;
-if needed, it can be passed to **tpm2_unseal(1) -c ${tzpfms.key}** or equivalent for back-up (see [OPTIONS][]).
+if needed, it can be passed to **tpm2_unseal(1) -c ${tzpfms.key} [-p ${password}]** or equivalent for back-up (see [OPTIONS][]).
 If you have a sealed key you can access with that or equivalent tool and set both of these properties, it will funxion seamlessly.
 
 Finally, the equivalent of **zfs(8) change-key -o keylocation=prompt -o keyformat=raw dataset** is performed with the new key.