third-party-mirrors/tzpfms
1
0
Fork 0
mirror of https://git.sr.ht/~nabijaczleweli/tzpfms synced 2025-04-21 09:47:35 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity

Manpage update by job 630493

Browse Source
This commit is contained in:
наб autouploader 2021-11-18 23:39:07 +00:00
parent cfc92af2ba
commit f5ccb9e7ab
16 changed files with 485 additions and 470 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

BIN
tzpfms.pdf
View File

Binary file not shown.

559
tzpfms.ps
View File

@ -1,6 +1,6 @@
%!PS-Adobe-3.0
%%Creator: groff version 1.22.4
%%CreationDate: Mon Nov 15 18:13:33 2021
%%CreationDate: Thu Nov 18 23:39:06 2021
%%DocumentNeededResources: font Times-Roman
%%+ font Times-Bold
%%+ font Courier-Bold
@ -305,8 +305,8 @@ R 12(awa -)102 606 R 6(available yes)54 F($)102 630 Q F2 1.666
(KEYSTATUS COHERENT)12 F 6(owo/venc TPM2)102 654 R 6(unavailable yes)36
F($)102 678 Q F2 1.666(zfs-tpm-list \255ra)6 F F3(owo)6 E F4 30
(NAME BACK-END)102 690 R 18(KEYSTATUS COHERENT)12 F 6(owo/venc TPM2)102
702 R 6(unavailable yes)36 F F0(tzpfms 0.1-15)72 750 Q(No)138.745 E -.15
(ve)-.15 G(mber 15, 2021).15 E(1)189.295 E 0 Cg EP
702 R 6(unavailable yes)36 F F0(tzpfms 0.1-16)72 750 Q(No)138.745 E -.15
(ve)-.15 G(mber 18, 2021).15 E(1)189.295 E 0 Cg EP
%%Page: 2 2
%%BeginPageSetup
BP
@ -330,7 +330,7 @@ G 6(vailable yes)-54 F 12(owo/enc TPM1.X)102 204 R 6(available yes)24 F
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F3(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F3 1.666(SEE ALSO)72 354 R
(https://git.sr)102 366 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-15)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E
(tzpfms 0.1-16)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 18, 2021).15 E
(2)189.295 E 0 Cg EP
%%Page: 3 3
%%BeginPageSetup
@ -419,8 +419,8 @@ F0(Sa)191 618 Q .806 -.15(ve a b)-.2 H .506(ack-up of the k).15 F .805
(case of a catastrophic e)3.181 F -.15(ve)-.25 G .682(nt, the k).15 F
.982 -.15(ey c)-.1 H(an).15 E(be loaded by running)191 642 Q F2
(zfs load-key)221 654 Q F3(dataset)6 E F5(<)6 E F3(backup-file)6 E F1
(ENVIR)72 678 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F0(tzpfms 0.1-15)
72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E(3)189.295 E 0
(ENVIR)72 678 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F0(tzpfms 0.1-16)
72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 18, 2021).15 E(3)189.295 E 0
Cg EP
%%Page: 4 4
%%BeginPageSetup
@ -429,62 +429,59 @@ BP
/F0 10/Times-Roman@0 SF -.834(ZFS-TPM1X-CHANGE-KEY \(8\))72 48 R
(System Manager')46.109 E 2.5(sM)-.55 G 41.109
(anual ZFS-TPM1X-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Courier@0 SF
(TZPFMS_PASSPHRASE_HELPER)102 96 Q F0(If set and nonempty)143 108 Q 2.5
(,w)-.65 G(ill be run as)-2.5 E F1(/bin/)173 120 Q/F2 10/Courier-Bold@0
SF 70.333(sh \255c)B F1("$TZPFMS_PASSPHRASE_HELPER")74.667 E
("$TZPFMS_PASSPHRASE_HELPER")173 132 Q F0(")10.715 E/F3 10
/Courier-Oblique@0 SF 4.715(prepared prompt)B F0 7.215("")C F3(target)
-7.215 E F0 7.215("")C([)-7.215 E F1(new)A F0(]")A("[)173 144 Q F1
(again)A F0(]")A(to pro)143 156 Q
(vide a passphrase, instead of reading from the standard input.)-.15 E
.189(The standard output stream of the helper is tied to an anon)143 174
R .188(ymous \214le and used in its entirety as the)-.15 F .446
(passphrase, e)143 186 R .446(xcept for a trailing ne)-.15 F .446
(w-line, if an)-.25 F 4.246 -.65(y. T)-.15 H .447(he second ar).65 F
.447(gument contains either the dataset)-.18 F 2.14
(name or the element of the TPM hierarch)143 198 R 5.94 -.65(y. T)-.05 H
2.14(he third ar).65 F 2.14(gument is)-.18 F F1(new)4.64 E F0 2.14
(if this is for a ne)4.64 F(w)-.25 E .573(passphrase, and the fourth is)
143 210 R F1(again)3.074 E F0 .574(if it')3.074 F 3.074(st)-.55 G .574
(he second prompt for that passphrase.)-3.074 F .574(The \214rst ar)
5.574 F(gu-)-.18 E(ment already contains all of this information, as a \
pre-formatted noun phrase.)143 222 Q .181(If the helper doesn')143 240 R
2.681(te)-.18 G 1.847(xist \()-2.831 F .181(the shell e)1.666 F .181
(xits with)-.15 F/F4 10/Times-Bold@0 SF(127)2.681 E F0 -3.151 1.666
(\), a d)1.666 H .181(iagnostic is issued and the normal prompt)-1.666 F
(is used as f)143 252 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)
-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)-2.5 E(An e)
143 270 Q(xample v)-.15 E(alue w)-.25 E(ould be: ')-.1 E F2 1.666
(systemd-ask-password \255-id)B F1(=)A F0(")A F1(tzpfms:)A F3($2)A F0
2.5("")C F3($1)-2.5 E F1(:)A F0("'.)6 E F4 1.666
(TPM1.X back-end con\214guration)72 294 R .625(TPM selection)84 306 R F0
(The)102 318 Q F2(tzpfms)2.767 E F0 .267(suite connects to a local)2.767
F F1(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E
F1(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)
-2.767 E 2.767(ault. Use)-.1 F .268(the en-)2.767 F(vironment v)102 330
Q(ariable)-.25 E F1(TZPFMS_TPM1X)2.5 E F0
(to specify a remote TCS hostname.)2.5 E .392(The T)102 348 R(rouSerS)
-.35 E F1(tcsd)2.892 E F0 .392(\(8\) daemon will try)B F1(/dev/tpm0)
2.892 E F0 2.892(,t)C(hen)-2.892 E F1(/udev/tpm0)2.892 E F0 2.891(,t)C
(hen)-2.891 E F1(/dev/tpm)2.891 E F0 2.891(;b)C 2.891(yo)-2.891 G(ccup)
-2.891 E(ying)-.1 E(one of the earlier ones with, for e)102 360 Q
(xample, shell redirection, a later one can be selected.)-.15 E F4 .625
(See also)84 384 R F0(The T)102 396 Q(rouSerS project page at)-.35 E F4
(TZPFMS_PASSPHRASE_HELPER)102 96 Q F0 1.134(If set and nonempty)143 108
R 3.634(,w)-.65 G 1.134(ill be run via)-3.634 F F1(/bin/)3.633 E/F2 10
/Courier-Bold@0 SF 2.799(sh \255c)B F0 1.133(to pro)3.633 F 1.133
(vide a passphrase, instead of reading)-.15 F
(from the standard input stream.)143 120 Q .188
(The standard output stream of the helper is tied to an anon)143 138 R
.189(ymous \214le and used in its entirety as the)-.15 F(passphrase, e)
143 150 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
(y. T)-.15 H(he ar).65 E(guments are:)-.18 E
(1. Pre-formatted noun phrase with all the information belo)155 162 Q(w)
-.25 E(2. Either the dataset name or the element of the TPM hierarch)155
174 Q -.65(y.)-.05 G(3. "ne)155 186 Q(w" if this is for a ne)-.25 E 2.5
(wp)-.25 G(assphrase)-2.5 E(4. "ag)155 198 Q(ain" if it')-.05 E 2.5(st)
-.55 G(he second prompt for that passphrase)-2.5 E .181
(If the helper doesn')143 216 R 2.681(te)-.18 G 1.847(xist \()-2.831 F
.181(the shell e)1.666 F .181(xits with)-.15 F/F3 10/Times-Bold@0 SF
(127)2.681 E F0 -3.151 1.666(\), a d)1.666 H .181
(iagnostic is issued and the normal prompt)-1.666 F(is used as f)143 228
Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15 G
(ther reason, the prompting is aborted.)-2.5 E 13.14(An e)143 246 R
13.14(xample v)-.15 F 13.14(alue f)-.25 F(acilitating)-.1 E F1(systemd)
15.64 E F0 13.14(\(1\) inte)B 13.14(gration w)-.15 F 13.14(ould be: ')
-.1 F F2(exec)A 1.666(systemd-ask-password \255-id)143 258 R F1(=)A F0
(")A F1(tzpfms:)A/F4 10/Courier-Oblique@0 SF($2)A F0 2.5("")C F4($1)-2.5
E F1(:)A F0("'.)6 E F3 1.666(TPM1.X back-end con\214guration)72 282 R
.625(TPM selection)84 294 R F0(The)102 306 Q F2(tzpfms)2.768 E F0 .267
(suite connects to a local)2.767 F F1(tcsd)2.767 E F0 .267
(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E F1(localhost:30003)2.767 E
F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)-2.767 E 2.767(ault. Use)-.1 F
.267(the en-)2.767 F(vironment v)102 318 Q(ariable)-.25 E F1
(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .391
(The T)102 336 R(rouSerS)-.35 E F1(tcsd)2.891 E F0 .391
(\(8\) daemon will try)B F1(/dev/tpm0)2.892 E F0 2.892(,t)C(hen)-2.892 E
F1(/udev/tpm0)2.892 E F0 2.892(,t)C(hen)-2.892 E F1(/dev/tpm)2.892 E F0
2.892(;b)C 2.892(yo)-2.892 G(ccup)-2.892 E(ying)-.1 E
(one of the earlier ones with, for e)102 348 Q
(xample, shell redirection, a later one can be selected.)-.15 E F3 .625
(See also)84 372 R F0(The T)102 384 Q(rouSerS project page at)-.35 E F3
(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
E(ousers)-.18 E F0(.)A 5.108(The TPM 1.2 main speci\214cation inde)102
414 R 7.609(xa)-.15 G(t)-7.609 E F4(https://trustedcomputinggr)7.609 E
E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102
402 R 7.608(xa)-.15 G(t)-7.608 E F3(https://trustedcomputinggr)7.608 E
(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
(speci\214cation)102 426 Q F0(.)A F4 1.666(SPECIAL THANKS)72 450 R F0
1.6 -.8(To a)102 462 T(ll who support further de).8 E -.15(ve)-.25 G
(lopment, in particular:).15 E F4<83>122 474 Q F0(ThePhD)2.5 E F4<83>122
486 Q F0(Embark Studios)2.5 E F4<83>122 498 Q F0(Jasper Bekk)2.5 E(ers)
-.1 E F4(REPOR)72 522 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102
534 Q(.ht/~nabijaczleweli/tzpfms)-1 E F1
(~nabijaczleweli/tzpfms@lists.sr.ht)102 552 Q F0 2.5(,a)C(rchi)-2.5 E
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F4(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F4 1.666(SEE ALSO)72 576 R
(https://git.sr)102 588 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-15)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E
(speci\214cation)102 414 Q F0(.)A F3 1.666(SPECIAL THANKS)72 438 R F0
1.6 -.8(To a)102 450 T(ll who support further de).8 E -.15(ve)-.25 G
(lopment, in particular:).15 E F3<83>122 462 Q F0(ThePhD)2.5 E F3<83>122
474 Q F0(Embark Studios)2.5 E F3<83>122 486 Q F0(Jasper Bekk)2.5 E(ers)
-.1 E F3(REPOR)72 510 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102
522 Q(.ht/~nabijaczleweli/tzpfms)-1 E F1
(~nabijaczleweli/tzpfms@lists.sr.ht)102 540 Q F0 2.5(,a)C(rchi)-2.5 E
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F3(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F3 1.666(SEE ALSO)72 564 R
(https://git.sr)102 576 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-16)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 18, 2021).15 E
(4)189.295 E 0 Cg EP
%%Page: 5 5
%%BeginPageSetup
@ -500,31 +497,31 @@ BP
(zfs-tpm1x-clear-key)102 144 Q/F3 10/Courier-Oblique@0 SF(dataset)2.5 E
F1(DESCRIPTION)72 168 Q F0(After v)102 180 Q(erifying)-.15 E F3(dataset)
2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E F2(tzpfms)2.5 E
F0(back)2.5 E(end)-.1 E F1(TPM1.X)2.5 E F0(:)A 6.985
F0(back)2.5 E(end)-.1 E F1(TPM1.X)2.5 E F0(:)A 6.984
(1. performs the equi)122 192 R -.25(va)-.25 G 6.984(lent of).25 F F2
6.984(zfs change-key)9.484 F<ad6f>14.65 E/F4 10/Courier@0 SF
(keylocation=prompt)12.984 E F2<ad6f>14.65 E F4(keyformat=passphrase)127
204 Q F3(dataset)6 E F0(,)A(2. remo)122 216 Q -.15(ve)-.15 G 2.5(st).15
G(he)-2.5 E F4(xyz.nabijaczleweli:tzpfms.)2.5 E F0({)A F4(backend)A F0
(,)A F4(key)6 E F0 2.5(}p)C(roperties from)-2.5 E F3(dataset)2.5 E F0(.)
A(See)102 234 Q F4(zfs-tpm1x-change-key)2.5 E F0
(keylocation=prompt)12.985 E F2<ad6f>14.651 E F4(keyformat=passphrase)
127 204 Q F3(dataset)6 E F0(,)A(2. remo)122 216 Q -.15(ve)-.15 G 2.5(st)
.15 G(he)-2.5 E F4(xyz.nabijaczleweli:tzpfms.)2.5 E F0({)A F4(backend)A
F0(,)A F4(key)6 E F0 2.5(}p)C(roperties from)-2.5 E F3(dataset)2.5 E F0
(.)A(See)102 234 Q F4(zfs-tpm1x-change-key)2.5 E F0
(\(8\) for a detailed description.)A F1 1.666
(TPM1.X back-end con\214guration)72 258 R .625(TPM selection)84 270 R F0
(The)102 282 Q F2(tzpfms)2.767 E F0 .267(suite connects to a local)2.767
(The)102 282 Q F2(tzpfms)2.768 E F0 .267(suite connects to a local)2.767
F F4(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E
F4(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)
-2.767 E 2.767(ault. Use)-.1 F .268(the en-)2.767 F(vironment v)102 294
-2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102 294
Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0
(to specify a remote TCS hostname.)2.5 E .392(The T)102 312 R(rouSerS)
-.35 E F4(tcsd)2.892 E F0 .392(\(8\) daemon will try)B F4(/dev/tpm0)
2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.891(,t)C
(hen)-2.891 E F4(/dev/tpm)2.891 E F0 2.891(;b)C 2.891(yo)-2.891 G(ccup)
-2.891 E(ying)-.1 E(one of the earlier ones with, for e)102 324 Q
(to specify a remote TCS hostname.)2.5 E .391(The T)102 312 R(rouSerS)
-.35 E F4(tcsd)2.891 E F0 .391(\(8\) daemon will try)B F4(/dev/tpm0)
2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.892(,t)C
(hen)-2.892 E F4(/dev/tpm)2.892 E F0 2.892(;b)C 2.892(yo)-2.892 G(ccup)
-2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 324 Q
(xample, shell redirection, a later one can be selected.)-.15 E F1 .625
(See also)84 348 R F0(The T)102 360 Q(rouSerS project page at)-.35 E F1
(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
E(ousers)-.18 E F0(.)A 5.108(The TPM 1.2 main speci\214cation inde)102
378 R 7.609(xa)-.15 G(t)-7.609 E F1(https://trustedcomputinggr)7.609 E
E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102
378 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E
(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
(speci\214cation)102 390 Q F0(.)A F1 1.666(SPECIAL THANKS)72 414 R F0
1.6 -.8(To a)102 426 T(ll who support further de).8 E -.15(ve)-.25 G
@ -536,7 +533,7 @@ E(ousers)-.18 E F0(.)A 5.108(The TPM 1.2 main speci\214cation inde)102
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 540 R
(https://git.sr)102 552 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-15)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E
(tzpfms 0.1-16)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 18, 2021).15 E
(5)189.295 E 0 Cg EP
%%Page: 6 6
%%BeginPageSetup
@ -549,85 +546,82 @@ BP
(oad TPM1.X-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1(SYNOPSIS)72
132 Q F2(zfs-tpm1x-load-key)102 144 Q F0([)3.333 E F2<ad6e>2.499 E F0(])
.833 E/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1(DESCRIPTION)72 168 Q
F0 1.156(After v)102 180 R(erifying)-.15 E F3(dataset)3.656 E F0 -.1(wa)
3.656 G 3.656(se).1 G 1.156(ncrypted with)-3.656 F F2(tzpfms)3.655 E F0
(back)3.655 E(end)-.1 E F1(TPM1.X)3.655 E F0 1.155(will unseal the k)
3.655 F 1.455 -.15(ey a)-.1 H 1.155(nd load it).15 F(into)102 192 Q F3
(dataset)2.5 E F0(.)A .693
F0 1.155(After v)102 180 R(erifying)-.15 E F3(dataset)3.655 E F0 -.1(wa)
3.655 G 3.655(se).1 G 1.155(ncrypted with)-3.655 F F2(tzpfms)3.655 E F0
(back)3.655 E(end)-.1 E F1(TPM1.X)3.655 E F0 1.156(will unseal the k)
3.655 F 1.456 -.15(ey a)-.1 H 1.156(nd load it).15 F(into)102 192 Q F3
(dataset)2.5 E F0(.)A .694
(The user is \214rst prompted for the SRK passphrase, set when taking o)
102 210 R .694(wnership, if not "well-kno)-.25 F .694(wn" \(all ze-)-.25
102 210 R .693(wnership, if not "well-kno)-.25 F .693(wn" \(all ze-)-.25
F(roes\); then for the additional passphrase, set when creating the k)
102 222 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5(fo)-2.5 G(ne w)-2.5 E(as set.)
-.1 E(See)102 240 Q/F4 10/Courier@0 SF(zfs-tpm1x-change-key)2.5 E F0
(\(8\) for a detailed description.)A F1(OPTIONS)72 264 Q F2<ad6e>103.666
276 Q F0 .179(Do a no-op/dry run, can be used e)119 288 R -.15(ve)-.25 G
2.679(ni).15 G 2.679(ft)-2.679 G .179(he k)-2.679 F .478 -.15(ey i)-.1 H
2.678(sa).15 G .178(lready loaded.)-2.678 F(Equi)5.178 E -.25(va)-.25 G
.178(lent to).25 F F2 .178(zfs load-key)2.678 F F0 -.55('s)C F2<ad6e>
4.894 E F0(option.)119 300 Q F1(ENVIR)72 324 Q 1.666(ONMENT V)-.3 F
(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)102 336 Q F0
(If set and nonempty)143 348 Q 2.5(,w)-.65 G(ill be run as)-2.5 E F4
(/bin/)173 360 Q F2 70.333(sh \255c)B F4("$TZPFMS_PASSPHRASE_HELPER")
74.667 E("$TZPFMS_PASSPHRASE_HELPER")173 372 Q F0(")10.715 E F3 4.715
(prepared prompt)B F0 7.215("")C F3(target)-7.215 E F0 7.215("")C([)
-7.215 E F4(new)A F0(]")A("[)173 384 Q F4(again)A F0(]")A(to pro)143 396
Q(vide a passphrase, instead of reading from the standard input.)-.15 E
.188(The standard output stream of the helper is tied to an anon)143 414
R .189(ymous \214le and used in its entirety as the)-.15 F .447
(passphrase, e)143 426 R .447(xcept for a trailing ne)-.15 F .447
(w-line, if an)-.25 F 4.246 -.65(y. T)-.15 H .446(he second ar).65 F
.446(gument contains either the dataset)-.18 F 2.14
(name or the element of the TPM hierarch)143 438 R 5.94 -.65(y. T)-.05 H
2.14(he third ar).65 F 2.14(gument is)-.18 F F4(new)4.64 E F0 2.14
(if this is for a ne)4.64 F(w)-.25 E .574(passphrase, and the fourth is)
143 450 R F4(again)3.074 E F0 .574(if it')3.074 F 3.074(st)-.55 G .574
(he second prompt for that passphrase.)-3.074 F .573(The \214rst ar)
5.573 F(gu-)-.18 E(ment already contains all of this information, as a \
pre-formatted noun phrase.)143 462 Q .181(If the helper doesn')143 480 R
2.681(te)-.18 G 1.847(xist \()-2.831 F .181(the shell e)1.666 F .181
(xits with)-.15 F F1(127)2.681 E F0 -3.151 1.666(\), a d)1.666 H .181
(iagnostic is issued and the normal prompt)-1.666 F(is used as f)143 492
Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15 G
(ther reason, the prompting is aborted.)-2.5 E(An e)143 510 Q(xample v)
-.15 E(alue w)-.25 E(ould be: ')-.1 E F2 1.666
(systemd-ask-password \255-id)B F4(=)A F0(")A F4(tzpfms:)A F3($2)A F0
2.5("")C F3($1)-2.5 E F4(:)A F0("'.)6 E F1 1.666
(TPM1.X back-end con\214guration)72 534 R .625(TPM selection)84 546 R F0
(The)102 558 Q F2(tzpfms)2.768 E F0 .267(suite connects to a local)2.767
276 Q F0 .178(Do a no-op/dry run, can be used e)119 288 R -.15(ve)-.25 G
2.678(ni).15 G 2.679(ft)-2.678 G .179(he k)-2.679 F .479 -.15(ey i)-.1 H
2.679(sa).15 G .179(lready loaded.)-2.679 F(Equi)5.179 E -.25(va)-.25 G
.179(lent to).25 F F2 .179(zfs load-key)2.679 F F0 -.55('s)C F2<ad6e>
4.895 E F0(option.)119 300 Q F1(ENVIR)72 324 Q 1.666(ONMENT V)-.3 F
(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)102 336 Q F0 1.134
(If set and nonempty)143 348 R 3.634(,w)-.65 G 1.134(ill be run via)
-3.634 F F4(/bin/)3.633 E F2 2.799(sh \255c)B F0 1.133(to pro)3.633 F
1.133(vide a passphrase, instead of reading)-.15 F
(from the standard input stream.)143 360 Q .188
(The standard output stream of the helper is tied to an anon)143 378 R
.189(ymous \214le and used in its entirety as the)-.15 F(passphrase, e)
143 390 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
(y. T)-.15 H(he ar).65 E(guments are:)-.18 E
(1. Pre-formatted noun phrase with all the information belo)155 402 Q(w)
-.25 E(2. Either the dataset name or the element of the TPM hierarch)155
414 Q -.65(y.)-.05 G(3. "ne)155 426 Q(w" if this is for a ne)-.25 E 2.5
(wp)-.25 G(assphrase)-2.5 E(4. "ag)155 438 Q(ain" if it')-.05 E 2.5(st)
-.55 G(he second prompt for that passphrase)-2.5 E .181
(If the helper doesn')143 456 R 2.681(te)-.18 G 1.847(xist \()-2.831 F
.181(the shell e)1.666 F .181(xits with)-.15 F F1(127)2.681 E F0 -3.151
1.666(\), a d)1.666 H .181(iagnostic is issued and the normal prompt)
-1.666 F(is used as f)143 468 Q 2.5(all-back. If)-.1 F(it f)2.5 E
(ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)
-2.5 E 13.14(An e)143 486 R 13.14(xample v)-.15 F 13.14(alue f)-.25 F
(acilitating)-.1 E F4(systemd)15.64 E F0 13.14(\(1\) inte)B 13.14
(gration w)-.15 F 13.14(ould be: ')-.1 F F2(exec)A 1.666
(systemd-ask-password \255-id)143 498 R F4(=)A F0(")A F4(tzpfms:)A F3
($2)A F0 2.5("")C F3($1)-2.5 E F4(:)A F0("'.)6 E F1 1.666
(TPM1.X back-end con\214guration)72 522 R .625(TPM selection)84 534 R F0
(The)102 546 Q F2(tzpfms)2.768 E F0 .267(suite connects to a local)2.767
F F4(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E
F4(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)
-2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102 570
-2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102 558
Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0
(to specify a remote TCS hostname.)2.5 E .391(The T)102 588 R(rouSerS)
(to specify a remote TCS hostname.)2.5 E .391(The T)102 576 R(rouSerS)
-.35 E F4(tcsd)2.891 E F0 .391(\(8\) daemon will try)B F4(/dev/tpm0)
2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.892(,t)C
(hen)-2.892 E F4(/dev/tpm)2.892 E F0 2.892(;b)C 2.892(yo)-2.892 G(ccup)
-2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 600 Q
-2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 588 Q
(xample, shell redirection, a later one can be selected.)-.15 E F1 .625
(See also)84 624 R F0(The T)102 636 Q(rouSerS project page at)-.35 E F1
(See also)84 612 R F0(The T)102 624 Q(rouSerS project page at)-.35 E F1
(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102
654 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E
642 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E
(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
(speci\214cation)102 666 Q F0(.)A(tzpfms 0.1-15)72 750 Q(No)138.745 E
-.15(ve)-.15 G(mber 15, 2021).15 E(6)189.295 E 0 Cg EP
(speci\214cation)102 654 Q F0(.)A F1 1.666(SPECIAL THANKS)72 678 R F0
1.6 -.8(To a)102 690 T(ll who support further de).8 E -.15(ve)-.25 G
(lopment, in particular:).15 E(tzpfms 0.1-16)72 750 Q(No)138.745 E -.15
(ve)-.15 G(mber 18, 2021).15 E(6)189.295 E 0 Cg EP
%%Page: 7 7
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(ZFS-TPM1X-LO)72 48 Q -.834(AD-KEY \(8\))-.35 F
(System Manager')60.349 E 2.5(sM)-.55 G 55.349(anual ZFS-TPM1X-LO)-2.5 F
-.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF 1.666(SPECIAL THANKS)72
96 R F0 1.6 -.8(To a)102 108 T(ll who support further de).8 E -.15(ve)
-.25 G(lopment, in particular:).15 E F1<83>122 120 Q F0(ThePhD)2.5 E F1
<83>122 132 Q F0(Embark Studios)2.5 E F1<83>122 144 Q F0(Jasper Bekk)2.5
E(ers)-.1 E F1(REPOR)72 168 Q 1.666(TING B)-.4 F(UGS)-.1 E
(https://todo.sr)102 180 Q(.ht/~nabijaczleweli/tzpfms)-1 E/F2 10
/Courier@0 SF(~nabijaczleweli/tzpfms@lists.sr.ht)102 198 Q F0 2.5(,a)C
-.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF<83>122 96 Q F0(ThePhD)
2.5 E F1<83>122 108 Q F0(Embark Studios)2.5 E F1<83>122 120 Q F0
(Jasper Bekk)2.5 E(ers)-.1 E F1(REPOR)72 144 Q 1.666(TING B)-.4 F(UGS)
-.1 E(https://todo.sr)102 156 Q(.ht/~nabijaczleweli/tzpfms)-1 E/F2 10
/Courier@0 SF(~nabijaczleweli/tzpfms@lists.sr.ht)102 174 Q F0 2.5(,a)C
(rchi)-2.5 E -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)
2.5 E(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 222 R
(https://git.sr)102 234 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-15)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E
2.5 E(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 198 R
(https://git.sr)102 210 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-16)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 18, 2021).15 E
(7)189.295 E 0 Cg EP
%%Page: 8 8
%%BeginPageSetup
@ -719,7 +713,7 @@ F(This)5.505 E(back-up)191 630 Q F4(must)3.181 E F0 .681
.682(nt, the k).15 F .982 -.15(ey c)-.1 H(an).15 E(be loaded by running)
191 642 Q F2(zfs load-key)221 654 Q F3(dataset)6 E F5(<)6 E F3
(backup-file)6 E F1(ENVIR)72 678 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E
F0(tzpfms 0.1-15)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15
F0(tzpfms 0.1-16)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 18, 2021).15
E(8)189.295 E 0 Cg EP
%%Page: 9 9
%%BeginPageSetup
@ -728,67 +722,64 @@ BP
/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R
(System Manager')53.329 E 2.5(sM)-.55 G 48.329
(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Courier@0 SF
(TZPFMS_PASSPHRASE_HELPER)102 96 Q F0(If set and nonempty)143 108 Q 2.5
(,w)-.65 G(ill be run as)-2.5 E F1(/bin/)173 120 Q/F2 10/Courier-Bold@0
SF 70.333(sh \255c)B F1("$TZPFMS_PASSPHRASE_HELPER")74.667 E
("$TZPFMS_PASSPHRASE_HELPER")173 132 Q F0(")10.715 E/F3 10
/Courier-Oblique@0 SF 4.715(prepared prompt)B F0 7.215("")C F3(target)
-7.215 E F0 7.215("")C([)-7.215 E F1(new)A F0(]")A("[)173 144 Q F1
(again)A F0(]")A(to pro)143 156 Q
(vide a passphrase, instead of reading from the standard input.)-.15 E
.189(The standard output stream of the helper is tied to an anon)143 174
R .188(ymous \214le and used in its entirety as the)-.15 F .446
(passphrase, e)143 186 R .446(xcept for a trailing ne)-.15 F .446
(w-line, if an)-.25 F 4.246 -.65(y. T)-.15 H .447(he second ar).65 F
.447(gument contains either the dataset)-.18 F 2.14
(name or the element of the TPM hierarch)143 198 R 5.94 -.65(y. T)-.05 H
2.14(he third ar).65 F 2.14(gument is)-.18 F F1(new)4.64 E F0 2.14
(if this is for a ne)4.64 F(w)-.25 E .573(passphrase, and the fourth is)
143 210 R F1(again)3.074 E F0 .574(if it')3.074 F 3.074(st)-.55 G .574
(he second prompt for that passphrase.)-3.074 F .574(The \214rst ar)
5.574 F(gu-)-.18 E(ment already contains all of this information, as a \
pre-formatted noun phrase.)143 222 Q .181(If the helper doesn')143 240 R
2.681(te)-.18 G 1.847(xist \()-2.831 F .181(the shell e)1.666 F .181
(xits with)-.15 F/F4 10/Times-Bold@0 SF(127)2.681 E F0 -3.151 1.666
(\), a d)1.666 H .181(iagnostic is issued and the normal prompt)-1.666 F
(is used as f)143 252 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)
-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)-2.5 E(An e)
143 270 Q(xample v)-.15 E(alue w)-.25 E(ould be: ')-.1 E F2 1.666
(systemd-ask-password \255-id)B F1(=)A F0(")A F1(tzpfms:)A F3($2)A F0
2.5("")C F3($1)-2.5 E F1(:)A F0("'.)6 E F4 1.666
(TPM2 back-end con\214guration)72 294 R(En)84 306 Q(vir)-.4 E .625
(onment v)-.18 F(ariables)-.1 E F1(TSS2_LOG)102 318 Q F0(An)155 318 Q
2.5(yo)-.15 G(f:)-2.5 E F4(NONE)2.5 E F0(,)A F4(ERR)2.5 E(OR)-.3 E F0(,)
A F4 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F4(INFO)2.5 E F0(,)A F4(DEB)2.5 E
(UG)-.1 E F0(,)A F4(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E F4
-1.2(WA)2.5 G(RNING)1.2 E F0(.)A F4 .625(TPM selection)84 342 R F0 .516
(The library)102 354 R F2(libtss2-tcti-default.so)3.016 E F0 .516
(can be link)3.016 F .516(ed to an)-.1 F 3.017(yo)-.15 G 3.017(ft)-3.017
G(he)-3.017 E F1(libtss2-tcti-)3.017 E/F5 10/Symbol SF(*)A F1(.so)A F0
(libraries)3.017 E .576(to select the def)102 366 R .576
(ault, otherwise)-.1 F F1(/dev/tpmrm0)3.076 E F0 3.076(,t)C(hen)-3.076 E
F1(/dev/tpm0)3.076 E F0 3.076(,t)C(hen)-3.076 E F1(localhost:2321)3.076
E F0 .575(will be tried,)3.076 F(in order)102 378 Q 1.666(\(s)4.166 G
(ee)-1.666 E F1(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F4 .625
(See also)84 402 R F0 3.487(The tpm2-tss git repository at)102 414 R F4
(https://github)5.988 E(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0
3.488(and the documentation at)5.988 F F4(https://tpm2-tss.r)102 426 Q
(TZPFMS_PASSPHRASE_HELPER)102 96 Q F0 1.134(If set and nonempty)143 108
R 3.634(,w)-.65 G 1.134(ill be run via)-3.634 F F1(/bin/)3.633 E/F2 10
/Courier-Bold@0 SF 2.799(sh \255c)B F0 1.133(to pro)3.633 F 1.133
(vide a passphrase, instead of reading)-.15 F
(from the standard input stream.)143 120 Q .188
(The standard output stream of the helper is tied to an anon)143 138 R
.189(ymous \214le and used in its entirety as the)-.15 F(passphrase, e)
143 150 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
(y. T)-.15 H(he ar).65 E(guments are:)-.18 E
(1. Pre-formatted noun phrase with all the information belo)155 162 Q(w)
-.25 E(2. Either the dataset name or the element of the TPM hierarch)155
174 Q -.65(y.)-.05 G(3. "ne)155 186 Q(w" if this is for a ne)-.25 E 2.5
(wp)-.25 G(assphrase)-2.5 E(4. "ag)155 198 Q(ain" if it')-.05 E 2.5(st)
-.55 G(he second prompt for that passphrase)-2.5 E .181
(If the helper doesn')143 216 R 2.681(te)-.18 G 1.847(xist \()-2.831 F
.181(the shell e)1.666 F .181(xits with)-.15 F/F3 10/Times-Bold@0 SF
(127)2.681 E F0 -3.151 1.666(\), a d)1.666 H .181
(iagnostic is issued and the normal prompt)-1.666 F(is used as f)143 228
Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15 G
(ther reason, the prompting is aborted.)-2.5 E 13.14(An e)143 246 R
13.14(xample v)-.15 F 13.14(alue f)-.25 F(acilitating)-.1 E F1(systemd)
15.64 E F0 13.14(\(1\) inte)B 13.14(gration w)-.15 F 13.14(ould be: ')
-.1 F F2(exec)A 1.666(systemd-ask-password \255-id)143 258 R F1(=)A F0
(")A F1(tzpfms:)A/F4 10/Courier-Oblique@0 SF($2)A F0 2.5("")C F4($1)-2.5
E F1(:)A F0("'.)6 E F3 1.666(TPM2 back-end con\214guration)72 282 R(En)
84 294 Q(vir)-.4 E .625(onment v)-.18 F(ariables)-.1 E F1(TSS2_LOG)102
306 Q F0(An)155 306 Q 2.5(yo)-.15 G(f:)-2.5 E F3(NONE)2.5 E F0(,)A F3
(ERR)2.5 E(OR)-.3 E F0(,)A F3 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F3(INFO)
2.5 E F0(,)A F3(DEB)2.5 E(UG)-.1 E F0(,)A F3(TRA)2.5 E(CE)-.55 E F0 5
(.D)C(ef)-5 E(ault:)-.1 E F3 -1.2(WA)2.5 G(RNING)1.2 E F0(.)A F3 .625
(TPM selection)84 330 R F0 .517(The library)102 342 R F2
(libtss2-tcti-default.so)3.017 E F0 .517(can be link)3.017 F .516
(ed to an)-.1 F 3.016(yo)-.15 G 3.016(ft)-3.016 G(he)-3.016 E F1
(libtss2-tcti-)3.016 E/F5 10/Symbol SF(*)A F1(.so)A F0(libraries)3.016 E
.575(to select the def)102 354 R .576(ault, otherwise)-.1 F F1
(/dev/tpmrm0)3.076 E F0 3.076(,t)C(hen)-3.076 E F1(/dev/tpm0)3.076 E F0
3.076(,t)C(hen)-3.076 E F1(localhost:2321)3.076 E F0 .576
(will be tried,)3.076 F(in order)102 366 Q 1.666(\(s)4.166 G(ee)-1.666 E
F1(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F3 .625(See also)84 390 R F0
3.488(The tpm2-tss git repository at)102 402 R F3(https://github)5.988 E
(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0 3.487
(and the documentation at)5.988 F F3(https://tpm2-tss.r)102 414 Q
(eadthedocs.io)-.18 E F0(.)A 3.092
(The TPM 2.0 speci\214cations, mainly at)102 444 R F4
(https://trustedcomputinggr)5.591 E(oup.or)-.18 E
(g/wp-content/uploads/TPM-)-.1 E(Re)102 456 Q(v-2.0-P)-.15 E(art-1-Ar)
-.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0(and related pages.)2.5 E F4
1.666(SPECIAL THANKS)72 480 R F0 1.6 -.8(To a)102 492 T
(The TPM 2.0 speci\214cations, mainly at)102 432 R F3
(https://trustedcomputinggr)5.592 E(oup.or)-.18 E
(g/wp-content/uploads/TPM-)-.1 E(Re)102 444 Q(v-2.0-P)-.15 E(art-1-Ar)
-.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0(and related pages.)2.5 E F3
1.666(SPECIAL THANKS)72 468 R F0 1.6 -.8(To a)102 480 T
(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
.15 E F4<83>122 504 Q F0(ThePhD)2.5 E F4<83>122 516 Q F0(Embark Studios)
2.5 E F4<83>122 528 Q F0(Jasper Bekk)2.5 E(ers)-.1 E F4(REPOR)72 552 Q
1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 564 Q
.15 E F3<83>122 492 Q F0(ThePhD)2.5 E F3<83>122 504 Q F0(Embark Studios)
2.5 E F3<83>122 516 Q F0(Jasper Bekk)2.5 E(ers)-.1 E F3(REPOR)72 540 Q
1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 552 Q
(.ht/~nabijaczleweli/tzpfms)-1 E F1(~nabijaczleweli/tzpfms@lists.sr.ht)
102 582 Q F0 2.5(,a)C(rchi)-2.5 E -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E
F4(https://lists.sr)2.5 E(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F4
1.666(SEE ALSO)72 606 R F1(tpm2_unseal)102 618 Q F0(\(1\))A F4
(https://git.sr)102 636 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-15)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E
102 570 Q F0 2.5(,a)C(rchi)-2.5 E -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E
F3(https://lists.sr)2.5 E(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F3
1.666(SEE ALSO)72 594 R F1(tpm2_unseal)102 606 Q F0(\(1\))A F3
(https://git.sr)102 624 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-16)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 18, 2021).15 E
(9)189.295 E 0 Cg EP
%%Page: 10 10
%%BeginPageSetup
@ -803,85 +794,82 @@ BP
132 Q F2(zfs-tpm2-clear-key)102 144 Q/F3 10/Courier-Oblique@0 SF
(dataset)2.5 E F1(DESCRIPTION)72 168 Q F0(After v)102 180 Q(erifying)
-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E
F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM2)2.5 E F0(:)A 6.984
F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM2)2.5 E F0(:)A 6.985
(1. performs the equi)122 192 R -.25(va)-.25 G 6.984(lent of).25 F F2
6.984(zfs change-key)9.484 F<ad6f>14.65 E/F4 10/Courier@0 SF
(keylocation=prompt)12.985 E F2<ad6f>14.651 E F4(keyformat=passphrase)
127 204 Q F3(dataset)6 E F0(,)A(2. frees the sealed k)122 216 Q .3 -.15
(keylocation=prompt)12.984 E F2<ad6f>14.65 E F4(keyformat=passphrase)127
204 Q F3(dataset)6 E F0(,)A(2. frees the sealed k)122 216 Q .3 -.15
(ey p)-.1 H(re).15 E(viously used to encrypt)-.25 E F3(dataset)2.5 E F0
(,)A(3. remo)122 228 Q -.15(ve)-.15 G 2.5(st).15 G(he)-2.5 E F4
(xyz.nabijaczleweli:tzpfms.)2.5 E F0({)A F4(backend)A F0(,)A F4(key)6 E
F0 2.5(}p)C(roperties from)-2.5 E F3(dataset)2.5 E F0(.)A(See)102 246 Q
F4(zfs-tpm2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1
(ENVIR)72 270 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F4
(TZPFMS_PASSPHRASE_HELPER)102 282 Q F0(If set and nonempty)143 294 Q 2.5
(,w)-.65 G(ill be run as)-2.5 E F4(/bin/)173 306 Q F2 70.333(sh \255c)B
F4("$TZPFMS_PASSPHRASE_HELPER")74.667 E("$TZPFMS_PASSPHRASE_HELPER")173
318 Q F0(")10.715 E F3 4.715(prepared prompt)B F0 7.215("")C F3(target)
-7.215 E F0 7.215("")C([)-7.215 E F4(new)A F0(]")A("[)173 330 Q F4
(again)A F0(]")A(to pro)143 342 Q
(vide a passphrase, instead of reading from the standard input.)-.15 E
.189(The standard output stream of the helper is tied to an anon)143 360
R .188(ymous \214le and used in its entirety as the)-.15 F .446
(passphrase, e)143 372 R .446(xcept for a trailing ne)-.15 F .446
(w-line, if an)-.25 F 4.246 -.65(y. T)-.15 H .447(he second ar).65 F
.447(gument contains either the dataset)-.18 F 2.14
(name or the element of the TPM hierarch)143 384 R 5.94 -.65(y. T)-.05 H
2.14(he third ar).65 F 2.14(gument is)-.18 F F4(new)4.64 E F0 2.14
(if this is for a ne)4.64 F(w)-.25 E .573(passphrase, and the fourth is)
143 396 R F4(again)3.074 E F0 .574(if it')3.074 F 3.074(st)-.55 G .574
(he second prompt for that passphrase.)-3.074 F .574(The \214rst ar)
5.574 F(gu-)-.18 E(ment already contains all of this information, as a \
pre-formatted noun phrase.)143 408 Q .181(If the helper doesn')143 426 R
2.681(te)-.18 G 1.847(xist \()-2.831 F .181(the shell e)1.666 F .181
(xits with)-.15 F F1(127)2.681 E F0 -3.151 1.666(\), a d)1.666 H .181
(iagnostic is issued and the normal prompt)-1.666 F(is used as f)143 438
Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15 G
(ther reason, the prompting is aborted.)-2.5 E(An e)143 456 Q(xample v)
-.15 E(alue w)-.25 E(ould be: ')-.1 E F2 1.666
(systemd-ask-password \255-id)B F4(=)A F0(")A F4(tzpfms:)A F3($2)A F0
2.5("")C F3($1)-2.5 E F4(:)A F0("'.)6 E F1 1.666
(TPM2 back-end con\214guration)72 480 R(En)84 492 Q(vir)-.4 E .625
(onment v)-.18 F(ariables)-.1 E F4(TSS2_LOG)102 504 Q F0(An)155 504 Q
(TZPFMS_PASSPHRASE_HELPER)102 282 Q F0 1.133(If set and nonempty)143 294
R 3.633(,w)-.65 G 1.133(ill be run via)-3.633 F F4(/bin/)3.633 E F2
2.799(sh \255c)B F0 1.134(to pro)3.633 F 1.134
(vide a passphrase, instead of reading)-.15 F
(from the standard input stream.)143 306 Q .189
(The standard output stream of the helper is tied to an anon)143 324 R
.188(ymous \214le and used in its entirety as the)-.15 F(passphrase, e)
143 336 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
(y. T)-.15 H(he ar).65 E(guments are:)-.18 E
(1. Pre-formatted noun phrase with all the information belo)155 348 Q(w)
-.25 E(2. Either the dataset name or the element of the TPM hierarch)155
360 Q -.65(y.)-.05 G(3. "ne)155 372 Q(w" if this is for a ne)-.25 E 2.5
(wp)-.25 G(assphrase)-2.5 E(4. "ag)155 384 Q(ain" if it')-.05 E 2.5(st)
-.55 G(he second prompt for that passphrase)-2.5 E .181
(If the helper doesn')143 402 R 2.681(te)-.18 G 1.847(xist \()-2.831 F
.181(the shell e)1.666 F .181(xits with)-.15 F F1(127)2.681 E F0 -3.151
1.666(\), a d)1.666 H .181(iagnostic is issued and the normal prompt)
-1.666 F(is used as f)143 414 Q 2.5(all-back. If)-.1 F(it f)2.5 E
(ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)
-2.5 E 13.14(An e)143 432 R 13.14(xample v)-.15 F 13.14(alue f)-.25 F
(acilitating)-.1 E F4(systemd)15.64 E F0 13.14(\(1\) inte)B 13.14
(gration w)-.15 F 13.14(ould be: ')-.1 F F2(exec)A 1.666
(systemd-ask-password \255-id)143 444 R F4(=)A F0(")A F4(tzpfms:)A F3
($2)A F0 2.5("")C F3($1)-2.5 E F4(:)A F0("'.)6 E F1 1.666
(TPM2 back-end con\214guration)72 468 R(En)84 480 Q(vir)-.4 E .625
(onment v)-.18 F(ariables)-.1 E F4(TSS2_LOG)102 492 Q F0(An)155 492 Q
2.5(yo)-.15 G(f:)-2.5 E F1(NONE)2.5 E F0(,)A F1(ERR)2.5 E(OR)-.3 E F0(,)
A F1 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F1(INFO)2.5 E F0(,)A F1(DEB)2.5 E
(UG)-.1 E F0(,)A F1(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E F1
-1.2(WA)2.5 G(RNING)1.2 E F0(.)A F1 .625(TPM selection)84 528 R F0 .516
(The library)102 540 R F2(libtss2-tcti-default.so)3.016 E F0 .516
-1.2(WA)2.5 G(RNING)1.2 E F0(.)A F1 .625(TPM selection)84 516 R F0 .516
(The library)102 528 R F2(libtss2-tcti-default.so)3.016 E F0 .516
(can be link)3.016 F .516(ed to an)-.1 F 3.017(yo)-.15 G 3.017(ft)-3.017
G(he)-3.017 E F4(libtss2-tcti-)3.017 E/F5 10/Symbol SF(*)A F4(.so)A F0
(libraries)3.017 E .576(to select the def)102 552 R .576
(libraries)3.017 E .576(to select the def)102 540 R .576
(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.076 E F0 3.076(,t)C(hen)-3.076 E
F4(/dev/tpm0)3.076 E F0 3.076(,t)C(hen)-3.076 E F4(localhost:2321)3.076
E F0 .575(will be tried,)3.076 F(in order)102 564 Q 1.666(\(s)4.166 G
E F0 .575(will be tried,)3.076 F(in order)102 552 Q 1.666(\(s)4.166 G
(ee)-1.666 E F4(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F1 .625
(See also)84 588 R F0 3.487(The tpm2-tss git repository at)102 600 R F1
(See also)84 576 R F0 3.487(The tpm2-tss git repository at)102 588 R F1
(https://github)5.988 E(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0
3.488(and the documentation at)5.988 F F1(https://tpm2-tss.r)102 612 Q
3.488(and the documentation at)5.988 F F1(https://tpm2-tss.r)102 600 Q
(eadthedocs.io)-.18 E F0(.)A 3.092
(The TPM 2.0 speci\214cations, mainly at)102 630 R F1
(The TPM 2.0 speci\214cations, mainly at)102 618 R F1
(https://trustedcomputinggr)5.591 E(oup.or)-.18 E
(g/wp-content/uploads/TPM-)-.1 E(Re)102 642 Q(v-2.0-P)-.15 E(art-1-Ar)
(g/wp-content/uploads/TPM-)-.1 E(Re)102 630 Q(v-2.0-P)-.15 E(art-1-Ar)
-.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0(and related pages.)2.5 E F1
1.666(SPECIAL THANKS)72 666 R F0 1.6 -.8(To a)102 678 T
1.666(SPECIAL THANKS)72 654 R F0 1.6 -.8(To a)102 666 T
(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
.15 E(tzpfms 0.1-15)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021)
.15 E(10)184.295 E 0 Cg EP
.15 E F1<83>122 678 Q F0(ThePhD)2.5 E(tzpfms 0.1-16)72 750 Q(No)138.745
E -.15(ve)-.15 G(mber 18, 2021).15 E(10)184.295 E 0 Cg EP
%%Page: 11 11
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CLEAR-KEY \(8\))72 48 R
(System Manager')62.209 E 2.5(sM)-.55 G 57.209(anual ZFS-TPM2-CLEAR-KEY)
-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF<83>122 96 Q F0(ThePhD)2.5 E
F1<83>122 108 Q F0(Embark Studios)2.5 E F1<83>122 120 Q F0(Jasper Bekk)
2.5 E(ers)-.1 E F1(REPOR)72 144 Q 1.666(TING B)-.4 F(UGS)-.1 E
(https://todo.sr)102 156 Q(.ht/~nabijaczleweli/tzpfms)-1 E/F2 10
/Courier@0 SF(~nabijaczleweli/tzpfms@lists.sr.ht)102 174 Q F0 2.5(,a)C
(rchi)-2.5 E -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)
2.5 E(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 198 R
(https://git.sr)102 210 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-15)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E
-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF<83>122 96 Q F0
(Embark Studios)2.5 E F1<83>122 108 Q F0(Jasper Bekk)2.5 E(ers)-.1 E F1
(REPOR)72 132 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102 144 Q
(.ht/~nabijaczleweli/tzpfms)-1 E/F2 10/Courier@0 SF
(~nabijaczleweli/tzpfms@lists.sr.ht)102 162 Q F0 2.5(,a)C(rchi)-2.5 E
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 186 R
(https://git.sr)102 198 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-16)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 18, 2021).15 E
(11)184.295 E 0 Cg EP
%%Page: 12 12
%%BeginPageSetup
@ -908,54 +896,51 @@ G 2.679(ft)-2.679 G .179(he k)-2.679 F .478 -.15(ey i)-.1 H 2.678(sa).15
G .178(lready loaded.)-2.678 F(Equi)5.178 E -.25(va)-.25 G .178(lent to)
.25 F F2 .178(zfs load-key)2.678 F F0 -.55('s)C F2<ad6e>4.894 E F0
(option.)119 288 Q F1(ENVIR)72 312 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35
E F4(TZPFMS_PASSPHRASE_HELPER)102 324 Q F0(If set and nonempty)143 336 Q
2.5(,w)-.65 G(ill be run as)-2.5 E F4(/bin/)173 348 Q F2 70.333
(sh \255c)B F4("$TZPFMS_PASSPHRASE_HELPER")74.667 E
("$TZPFMS_PASSPHRASE_HELPER")173 360 Q F0(")10.715 E F3 4.715
(prepared prompt)B F0 7.215("")C F3(target)-7.215 E F0 7.215("")C([)
-7.215 E F4(new)A F0(]")A("[)173 372 Q F4(again)A F0(]")A(to pro)143 384
Q(vide a passphrase, instead of reading from the standard input.)-.15 E
.188(The standard output stream of the helper is tied to an anon)143 402
R .189(ymous \214le and used in its entirety as the)-.15 F .447
(passphrase, e)143 414 R .447(xcept for a trailing ne)-.15 F .447
(w-line, if an)-.25 F 4.246 -.65(y. T)-.15 H .446(he second ar).65 F
.446(gument contains either the dataset)-.18 F 2.14
(name or the element of the TPM hierarch)143 426 R 5.94 -.65(y. T)-.05 H
2.14(he third ar).65 F 2.14(gument is)-.18 F F4(new)4.64 E F0 2.14
(if this is for a ne)4.64 F(w)-.25 E .574(passphrase, and the fourth is)
143 438 R F4(again)3.074 E F0 .574(if it')3.074 F 3.074(st)-.55 G .574
(he second prompt for that passphrase.)-3.074 F .573(The \214rst ar)
5.573 F(gu-)-.18 E(ment already contains all of this information, as a \
pre-formatted noun phrase.)143 450 Q .181(If the helper doesn')143 468 R
2.681(te)-.18 G 1.847(xist \()-2.831 F .181(the shell e)1.666 F .181
(xits with)-.15 F F1(127)2.681 E F0 -3.151 1.666(\), a d)1.666 H .181
(iagnostic is issued and the normal prompt)-1.666 F(is used as f)143 480
Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15 G
(ther reason, the prompting is aborted.)-2.5 E(An e)143 498 Q(xample v)
-.15 E(alue w)-.25 E(ould be: ')-.1 E F2 1.666
(systemd-ask-password \255-id)B F4(=)A F0(")A F4(tzpfms:)A F3($2)A F0
2.5("")C F3($1)-2.5 E F4(:)A F0("'.)6 E F1 1.666
(TPM1.X back-end con\214guration)72 522 R .625(TPM selection)84 534 R F0
(The)102 546 Q F2(tzpfms)2.768 E F0 .267(suite connects to a local)2.767
E F4(TZPFMS_PASSPHRASE_HELPER)102 324 Q F0 1.133(If set and nonempty)143
336 R 3.633(,w)-.65 G 1.133(ill be run via)-3.633 F F4(/bin/)3.633 E F2
2.799(sh \255c)B F0 1.134(to pro)3.633 F 1.134
(vide a passphrase, instead of reading)-.15 F
(from the standard input stream.)143 348 Q .189
(The standard output stream of the helper is tied to an anon)143 366 R
.188(ymous \214le and used in its entirety as the)-.15 F(passphrase, e)
143 378 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
(y. T)-.15 H(he ar).65 E(guments are:)-.18 E
(1. Pre-formatted noun phrase with all the information belo)155 390 Q(w)
-.25 E(2. Either the dataset name or the element of the TPM hierarch)155
402 Q -.65(y.)-.05 G(3. "ne)155 414 Q(w" if this is for a ne)-.25 E 2.5
(wp)-.25 G(assphrase)-2.5 E(4. "ag)155 426 Q(ain" if it')-.05 E 2.5(st)
-.55 G(he second prompt for that passphrase)-2.5 E .181
(If the helper doesn')143 444 R 2.681(te)-.18 G 1.847(xist \()-2.831 F
.181(the shell e)1.666 F .181(xits with)-.15 F F1(127)2.681 E F0 -3.151
1.666(\), a d)1.666 H .181(iagnostic is issued and the normal prompt)
-1.666 F(is used as f)143 456 Q 2.5(all-back. If)-.1 F(it f)2.5 E
(ails for an)-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)
-2.5 E 13.14(An e)143 474 R 13.14(xample v)-.15 F 13.14(alue f)-.25 F
(acilitating)-.1 E F4(systemd)15.64 E F0 13.14(\(1\) inte)B 13.14
(gration w)-.15 F 13.14(ould be: ')-.1 F F2(exec)A 1.666
(systemd-ask-password \255-id)143 486 R F4(=)A F0(")A F4(tzpfms:)A F3
($2)A F0 2.5("")C F3($1)-2.5 E F4(:)A F0("'.)6 E F1 1.666
(TPM1.X back-end con\214guration)72 510 R .625(TPM selection)84 522 R F0
(The)102 534 Q F2(tzpfms)2.767 E F0 .267(suite connects to a local)2.767
F F4(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E
F4(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)
-2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102 558
-2.767 E 2.767(ault. Use)-.1 F .268(the en-)2.767 F(vironment v)102 546
Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0
(to specify a remote TCS hostname.)2.5 E .391(The T)102 576 R(rouSerS)
-.35 E F4(tcsd)2.891 E F0 .391(\(8\) daemon will try)B F4(/dev/tpm0)
2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.892(,t)C
(hen)-2.892 E F4(/dev/tpm)2.892 E F0 2.892(;b)C 2.892(yo)-2.892 G(ccup)
-2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 588 Q
(to specify a remote TCS hostname.)2.5 E .392(The T)102 564 R(rouSerS)
-.35 E F4(tcsd)2.892 E F0 .392(\(8\) daemon will try)B F4(/dev/tpm0)
2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.891(,t)C
(hen)-2.891 E F4(/dev/tpm)2.891 E F0 2.891(;b)C 2.891(yo)-2.891 G(ccup)
-2.891 E(ying)-.1 E(one of the earlier ones with, for e)102 576 Q
(xample, shell redirection, a later one can be selected.)-.15 E F1 .625
(See also)84 612 R F0(The T)102 624 Q(rouSerS project page at)-.35 E F1
(See also)84 600 R F0(The T)102 612 Q(rouSerS project page at)-.35 E F1
(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102
642 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E
E(ousers)-.18 E F0(.)A 5.108(The TPM 1.2 main speci\214cation inde)102
630 R 7.609(xa)-.15 G(t)-7.609 E F1(https://trustedcomputinggr)7.609 E
(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
(speci\214cation)102 654 Q F0(.)A F1 1.666(SPECIAL THANKS)72 678 R F0
1.6 -.8(To a)102 690 T(ll who support further de).8 E -.15(ve)-.25 G
(lopment, in particular:).15 E(tzpfms 0.1-15)72 750 Q(No)138.745 E -.15
(ve)-.15 G(mber 15, 2021).15 E(12)184.295 E 0 Cg EP
(speci\214cation)102 642 Q F0(.)A F1 1.666(SPECIAL THANKS)72 666 R F0
1.6 -.8(To a)102 678 T(ll who support further de).8 E -.15(ve)-.25 G
(lopment, in particular:).15 E(tzpfms 0.1-16)72 750 Q(No)138.745 E -.15
(ve)-.15 G(mber 18, 2021).15 E(12)184.295 E 0 Cg EP
%%Page: 13 13
%%BeginPageSetup
BP
@ -970,7 +955,7 @@ BP
(rchi)-2.5 E -.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)
2.5 E(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 198 R
(https://git.sr)102 210 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-15)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 15, 2021).15 E
(tzpfms 0.1-16)72 750 Q(No)138.745 E -.15(ve)-.15 G(mber 18, 2021).15 E
(13)184.295 E 0 Cg EP
%%Trailer
end

4
zfs-tpm-list.8
View File

@ -1,9 +1,9 @@
.\" SPDX-License-Identifier: MIT
.
.Dd November 15, 2021
.Dd November 18, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM-LIST 8
.Os tzpfms 0.1-15
.Os tzpfms 0.1-16
.
.Sh NAME
.Nm zfs-tpm-list

4
zfs-tpm-list.8.html
View File

@ -169,8 +169,8 @@ owo/enc TPM1.X available yes</div>
</div>
<table class="foot">
<tr>
<td class="foot-date">November 15, 2021</td>
<td class="foot-os">tzpfms 0.1-15</td>
<td class="foot-date">November 18, 2021</td>
<td class="foot-os">tzpfms 0.1-16</td>
</tr>
</table>
</body>

37
zfs-tpm1x-change-key.8
View File

@ -1,9 +1,9 @@
.\" SPDX-License-Identifier: MIT
.
.Dd November 15, 2021
.Dd November 18, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM1X-CHANGE-KEY 8
.Os tzpfms 0.1-15
.Os tzpfms 0.1-16
.
.Sh NAME
.Nm zfs-tpm1x-change-key
@ -107,26 +107,35 @@ In case of a catastrophic event, the key can be loaded by running
.Sh ENVIRONMENT VARIABLES
.Bl -tag -compact -width "TZPFMS"
.It Ev TZPFMS_PASSPHRASE_HELPER
If set and nonempty, will be run as
.Dl Pa /bin/ Ns Nm sh Fl c Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc
to provide a passphrase, instead of reading from the standard input.
If set and nonempty, will be run via
.Pa /bin/ Ns Nm sh Fl c
.\"Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc
to provide a passphrase, instead of reading from the standard input stream.
.Pp
The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
The second argument contains either the dataset name or the element of the TPM hierarchy.
The third argument is
.Li new
if this is for a new passphrase, and the fourth is
.Li again
if it's the second prompt for that passphrase.
The first argument already contains all of this information, as a pre-formatted noun phrase.
The arguments are:
.Bl -enum -compact -offset "@@" -width "@"
.It
Pre-formatted noun phrase with all the information below
.It
Either the dataset name or the element of the TPM hierarchy.
.It
.Qq new
if this is for a new passphrase
.It
.Qq again
if it's the second prompt for that passphrase
.El
.Pp
If the helper doesn't exist
.Pq the shell exits with Sy 127 ,
a diagnostic is issued and the normal prompt is used as fall-back.
If it fails for any other reason, the prompting is aborted.
.Pp
An example value would be:
.No ' Ns Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' .
An example value facilitating
.Xr systemd 1
integration would be:
.No ' Ns Ic exec Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' .
.El
.
.\" SPDX-License-Identifier: MIT

39
zfs-tpm1x-change-key.8.html
View File

@ -118,31 +118,28 @@
VARIABLES</a></h1>
<dl class="Bl-tag Bl-compact">
<dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
<dd>If set and nonempty, will be run as
<div class="Bd
Bd-indent"><code class="Li"><span class="Pa">/bin/</span><code class="Nm">sh</code>
<code class="Fl">-c</code>
<code class="Li">&quot;$TZPFMS_PASSPHRASE_HELPER&quot;
&quot;$TZPFMS_PASSPHRASE_HELPER&quot;</code>
&quot;<var class="Ar">prepared prompt</var>&quot;
&quot;<var class="Ar">target</var>&quot;
&quot;[<code class="Li">new</code>]&quot;
&quot;[<code class="Li">again</code>]&quot;</code></div>
to provide a passphrase, instead of reading from the standard input.
<dd>If set and nonempty, will be run via
<span class="Pa">/bin/</span><code class="Nm">sh</code>
<code class="Fl">-c</code> to provide a passphrase, instead of reading
from the standard input stream.
<p class="Pp">The standard output stream of the helper is tied to an
anonymous file and used in its entirety as the passphrase, except for a
trailing new-line, if any. The second argument contains either the
dataset name or the element of the TPM hierarchy. The third argument is
<code class="Li">new</code> if this is for a new passphrase, and the
fourth is <code class="Li">again</code> if it's the second prompt for
that passphrase. The first argument already contains all of this
information, as a pre-formatted noun phrase.</p>
trailing new-line, if any. The arguments are:</p>
<ol class="Bl-enum Bd-indent Bl-compact">
<li>Pre-formatted noun phrase with all the information below</li>
<li>Either the dataset name or the element of the TPM hierarchy.</li>
<li>&quot;new&quot; if this is for a new passphrase</li>
<li>&quot;again&quot; if it's the second prompt for that passphrase</li>
</ol>
<p class="Pp" id="127">If the helper doesn't exist (the shell exits with
<a class="permalink" href="#127"><b class="Sy">127</b></a>), a
diagnostic is issued and the normal prompt is used as fall-back. If it
fails for any other reason, the prompting is aborted.</p>
<p class="Pp">An example value would be:
<span class="No">'</span><code class="Nm">systemd-ask-password</code>
<p class="Pp">An example value facilitating
<a class="Xr" href="https://manpages.debian.org/bullseye/systemd.1">systemd(1)</a>
integration would be:
<span class="No">'</span><code class="Ic">exec</code>
<code class="Nm">systemd-ask-password</code>
<code class="Fl">--id</code><code class="Li">=</code>&quot;<code class="Li">tzpfms:</code><var class="Ar">$2</var>&quot;
&quot;<var class="Ar">$1</var><code class="Li">: </code>&quot;'.</p>
</dd>
@ -201,8 +198,8 @@
</div>
<table class="foot">
<tr>
<td class="foot-date">November 15, 2021</td>
<td class="foot-os">tzpfms 0.1-15</td>
<td class="foot-date">November 18, 2021</td>
<td class="foot-os">tzpfms 0.1-16</td>
</tr>
</table>
</body>

4
zfs-tpm1x-clear-key.8
View File

@ -1,9 +1,9 @@
.\" SPDX-License-Identifier: MIT
.
.Dd November 15, 2021
.Dd November 18, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM1X-CLEAR-KEY 8
.Os tzpfms 0.1-15
.Os tzpfms 0.1-16
.
.Sh NAME
.Nm zfs-tpm1x-clear-key

4
zfs-tpm1x-clear-key.8.html
View File

@ -106,8 +106,8 @@
</div>
<table class="foot">
<tr>
<td class="foot-date">November 15, 2021</td>
<td class="foot-os">tzpfms 0.1-15</td>
<td class="foot-date">November 18, 2021</td>
<td class="foot-os">tzpfms 0.1-16</td>
</tr>
</table>
</body>

37
zfs-tpm1x-load-key.8
View File

@ -1,9 +1,9 @@
.\" SPDX-License-Identifier: MIT
.
.Dd November 15, 2021
.Dd November 18, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM1X-LOAD-KEY 8
.Os tzpfms 0.1-15
.Os tzpfms 0.1-16
.
.Sh NAME
.Nm zfs-tpm1x-load-key
@ -45,26 +45,35 @@ option.
.Sh ENVIRONMENT VARIABLES
.Bl -tag -compact -width "TZPFMS"
.It Ev TZPFMS_PASSPHRASE_HELPER
If set and nonempty, will be run as
.Dl Pa /bin/ Ns Nm sh Fl c Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc
to provide a passphrase, instead of reading from the standard input.
If set and nonempty, will be run via
.Pa /bin/ Ns Nm sh Fl c
.\"Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc
to provide a passphrase, instead of reading from the standard input stream.
.Pp
The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
The second argument contains either the dataset name or the element of the TPM hierarchy.
The third argument is
.Li new
if this is for a new passphrase, and the fourth is
.Li again
if it's the second prompt for that passphrase.
The first argument already contains all of this information, as a pre-formatted noun phrase.
The arguments are:
.Bl -enum -compact -offset "@@" -width "@"
.It
Pre-formatted noun phrase with all the information below
.It
Either the dataset name or the element of the TPM hierarchy.
.It
.Qq new
if this is for a new passphrase
.It
.Qq again
if it's the second prompt for that passphrase
.El
.Pp
If the helper doesn't exist
.Pq the shell exits with Sy 127 ,
a diagnostic is issued and the normal prompt is used as fall-back.
If it fails for any other reason, the prompting is aborted.
.Pp
An example value would be:
.No ' Ns Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' .
An example value facilitating
.Xr systemd 1
integration would be:
.No ' Ns Ic exec Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' .
.El
.
.\" SPDX-License-Identifier: MIT

39
zfs-tpm1x-load-key.8.html
View File

@ -59,31 +59,28 @@
VARIABLES</a></h1>
<dl class="Bl-tag Bl-compact">
<dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
<dd>If set and nonempty, will be run as
<div class="Bd
Bd-indent"><code class="Li"><span class="Pa">/bin/</span><code class="Nm">sh</code>
<code class="Fl">-c</code>
<code class="Li">&quot;$TZPFMS_PASSPHRASE_HELPER&quot;
&quot;$TZPFMS_PASSPHRASE_HELPER&quot;</code>
&quot;<var class="Ar">prepared prompt</var>&quot;
&quot;<var class="Ar">target</var>&quot;
&quot;[<code class="Li">new</code>]&quot;
&quot;[<code class="Li">again</code>]&quot;</code></div>
to provide a passphrase, instead of reading from the standard input.
<dd>If set and nonempty, will be run via
<span class="Pa">/bin/</span><code class="Nm">sh</code>
<code class="Fl">-c</code> to provide a passphrase, instead of reading
from the standard input stream.
<p class="Pp">The standard output stream of the helper is tied to an
anonymous file and used in its entirety as the passphrase, except for a
trailing new-line, if any. The second argument contains either the
dataset name or the element of the TPM hierarchy. The third argument is
<code class="Li">new</code> if this is for a new passphrase, and the
fourth is <code class="Li">again</code> if it's the second prompt for
that passphrase. The first argument already contains all of this
information, as a pre-formatted noun phrase.</p>
trailing new-line, if any. The arguments are:</p>
<ol class="Bl-enum Bd-indent Bl-compact">
<li>Pre-formatted noun phrase with all the information below</li>
<li>Either the dataset name or the element of the TPM hierarchy.</li>
<li>&quot;new&quot; if this is for a new passphrase</li>
<li>&quot;again&quot; if it's the second prompt for that passphrase</li>
</ol>
<p class="Pp" id="127">If the helper doesn't exist (the shell exits with
<a class="permalink" href="#127"><b class="Sy">127</b></a>), a
diagnostic is issued and the normal prompt is used as fall-back. If it
fails for any other reason, the prompting is aborted.</p>
<p class="Pp">An example value would be:
<span class="No">'</span><code class="Nm">systemd-ask-password</code>
<p class="Pp">An example value facilitating
<a class="Xr" href="https://manpages.debian.org/bullseye/systemd.1">systemd(1)</a>
integration would be:
<span class="No">'</span><code class="Ic">exec</code>
<code class="Nm">systemd-ask-password</code>
<code class="Fl">--id</code><code class="Li">=</code>&quot;<code class="Li">tzpfms:</code><var class="Ar">$2</var>&quot;
&quot;<var class="Ar">$1</var><code class="Li">: </code>&quot;'.</p>
</dd>
@ -142,8 +139,8 @@
</div>
<table class="foot">
<tr>
<td class="foot-date">November 15, 2021</td>
<td class="foot-os">tzpfms 0.1-15</td>
<td class="foot-date">November 18, 2021</td>
<td class="foot-os">tzpfms 0.1-16</td>
</tr>
</table>
</body>

37
zfs-tpm2-change-key.8
View File

@ -1,9 +1,9 @@
.\" SPDX-License-Identifier: MIT
.
.Dd November 15, 2021
.Dd November 18, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM2-CHANGE-KEY 8
.Os tzpfms 0.1-15
.Os tzpfms 0.1-16
.
.Sh NAME
.Nm zfs-tpm2-change-key
@ -104,26 +104,35 @@ In case of a catastrophic event, the key can be loaded by running
.Sh ENVIRONMENT VARIABLES
.Bl -tag -compact -width "TZPFMS"
.It Ev TZPFMS_PASSPHRASE_HELPER
If set and nonempty, will be run as
.Dl Pa /bin/ Ns Nm sh Fl c Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc
to provide a passphrase, instead of reading from the standard input.
If set and nonempty, will be run via
.Pa /bin/ Ns Nm sh Fl c
.\"Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc
to provide a passphrase, instead of reading from the standard input stream.
.Pp
The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
The second argument contains either the dataset name or the element of the TPM hierarchy.
The third argument is
.Li new
if this is for a new passphrase, and the fourth is
.Li again
if it's the second prompt for that passphrase.
The first argument already contains all of this information, as a pre-formatted noun phrase.
The arguments are:
.Bl -enum -compact -offset "@@" -width "@"
.It
Pre-formatted noun phrase with all the information below
.It
Either the dataset name or the element of the TPM hierarchy.
.It
.Qq new
if this is for a new passphrase
.It
.Qq again
if it's the second prompt for that passphrase
.El
.Pp
If the helper doesn't exist
.Pq the shell exits with Sy 127 ,
a diagnostic is issued and the normal prompt is used as fall-back.
If it fails for any other reason, the prompting is aborted.
.Pp
An example value would be:
.No ' Ns Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' .
An example value facilitating
.Xr systemd 1
integration would be:
.No ' Ns Ic exec Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' .
.El
.
.\" SPDX-License-Identifier: MIT

39
zfs-tpm2-change-key.8.html
View File

@ -117,31 +117,28 @@
VARIABLES</a></h1>
<dl class="Bl-tag Bl-compact">
<dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
<dd>If set and nonempty, will be run as
<div class="Bd
Bd-indent"><code class="Li"><span class="Pa">/bin/</span><code class="Nm">sh</code>
<code class="Fl">-c</code>
<code class="Li">&quot;$TZPFMS_PASSPHRASE_HELPER&quot;
&quot;$TZPFMS_PASSPHRASE_HELPER&quot;</code>
&quot;<var class="Ar">prepared prompt</var>&quot;
&quot;<var class="Ar">target</var>&quot;
&quot;[<code class="Li">new</code>]&quot;
&quot;[<code class="Li">again</code>]&quot;</code></div>
to provide a passphrase, instead of reading from the standard input.
<dd>If set and nonempty, will be run via
<span class="Pa">/bin/</span><code class="Nm">sh</code>
<code class="Fl">-c</code> to provide a passphrase, instead of reading
from the standard input stream.
<p class="Pp">The standard output stream of the helper is tied to an
anonymous file and used in its entirety as the passphrase, except for a
trailing new-line, if any. The second argument contains either the
dataset name or the element of the TPM hierarchy. The third argument is
<code class="Li">new</code> if this is for a new passphrase, and the
fourth is <code class="Li">again</code> if it's the second prompt for
that passphrase. The first argument already contains all of this
information, as a pre-formatted noun phrase.</p>
trailing new-line, if any. The arguments are:</p>
<ol class="Bl-enum Bd-indent Bl-compact">
<li>Pre-formatted noun phrase with all the information below</li>
<li>Either the dataset name or the element of the TPM hierarchy.</li>
<li>&quot;new&quot; if this is for a new passphrase</li>
<li>&quot;again&quot; if it's the second prompt for that passphrase</li>
</ol>
<p class="Pp" id="127">If the helper doesn't exist (the shell exits with
<a class="permalink" href="#127"><b class="Sy">127</b></a>), a
diagnostic is issued and the normal prompt is used as fall-back. If it
fails for any other reason, the prompting is aborted.</p>
<p class="Pp">An example value would be:
<span class="No">'</span><code class="Nm">systemd-ask-password</code>
<p class="Pp">An example value facilitating
<a class="Xr" href="https://manpages.debian.org/bullseye/systemd.1">systemd(1)</a>
integration would be:
<span class="No">'</span><code class="Ic">exec</code>
<code class="Nm">systemd-ask-password</code>
<code class="Fl">--id</code><code class="Li">=</code>&quot;<code class="Li">tzpfms:</code><var class="Ar">$2</var>&quot;
&quot;<var class="Ar">$1</var><code class="Li">: </code>&quot;'.</p>
</dd>
@ -214,8 +211,8 @@
</div>
<table class="foot">
<tr>
<td class="foot-date">November 15, 2021</td>
<td class="foot-os">tzpfms 0.1-15</td>
<td class="foot-date">November 18, 2021</td>
<td class="foot-os">tzpfms 0.1-16</td>
</tr>
</table>
</body>

37
zfs-tpm2-clear-key.8
View File

@ -1,9 +1,9 @@
.\" SPDX-License-Identifier: MIT
.
.Dd November 15, 2021
.Dd November 18, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM2-CLEAR-KEY 8
.Os tzpfms 0.1-15
.Os tzpfms 0.1-16
.
.Sh NAME
.Nm zfs-tpm2-clear-key
@ -42,26 +42,35 @@ for a detailed description.
.Sh ENVIRONMENT VARIABLES
.Bl -tag -compact -width "TZPFMS"
.It Ev TZPFMS_PASSPHRASE_HELPER
If set and nonempty, will be run as
.Dl Pa /bin/ Ns Nm sh Fl c Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc
to provide a passphrase, instead of reading from the standard input.
If set and nonempty, will be run via
.Pa /bin/ Ns Nm sh Fl c
.\"Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc
to provide a passphrase, instead of reading from the standard input stream.
.Pp
The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
The second argument contains either the dataset name or the element of the TPM hierarchy.
The third argument is
.Li new
if this is for a new passphrase, and the fourth is
.Li again
if it's the second prompt for that passphrase.
The first argument already contains all of this information, as a pre-formatted noun phrase.
The arguments are:
.Bl -enum -compact -offset "@@" -width "@"
.It
Pre-formatted noun phrase with all the information below
.It
Either the dataset name or the element of the TPM hierarchy.
.It
.Qq new
if this is for a new passphrase
.It
.Qq again
if it's the second prompt for that passphrase
.El
.Pp
If the helper doesn't exist
.Pq the shell exits with Sy 127 ,
a diagnostic is issued and the normal prompt is used as fall-back.
If it fails for any other reason, the prompting is aborted.
.Pp
An example value would be:
.No ' Ns Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' .
An example value facilitating
.Xr systemd 1
integration would be:
.No ' Ns Ic exec Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' .
.El
.
.\" SPDX-License-Identifier: MIT

39
zfs-tpm2-clear-key.8.html
View File

@ -60,31 +60,28 @@
VARIABLES</a></h1>
<dl class="Bl-tag Bl-compact">
<dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
<dd>If set and nonempty, will be run as
<div class="Bd
Bd-indent"><code class="Li"><span class="Pa">/bin/</span><code class="Nm">sh</code>
<code class="Fl">-c</code>
<code class="Li">&quot;$TZPFMS_PASSPHRASE_HELPER&quot;
&quot;$TZPFMS_PASSPHRASE_HELPER&quot;</code>
&quot;<var class="Ar">prepared prompt</var>&quot;
&quot;<var class="Ar">target</var>&quot;
&quot;[<code class="Li">new</code>]&quot;
&quot;[<code class="Li">again</code>]&quot;</code></div>
to provide a passphrase, instead of reading from the standard input.
<dd>If set and nonempty, will be run via
<span class="Pa">/bin/</span><code class="Nm">sh</code>
<code class="Fl">-c</code> to provide a passphrase, instead of reading
from the standard input stream.
<p class="Pp">The standard output stream of the helper is tied to an
anonymous file and used in its entirety as the passphrase, except for a
trailing new-line, if any. The second argument contains either the
dataset name or the element of the TPM hierarchy. The third argument is
<code class="Li">new</code> if this is for a new passphrase, and the
fourth is <code class="Li">again</code> if it's the second prompt for
that passphrase. The first argument already contains all of this
information, as a pre-formatted noun phrase.</p>
trailing new-line, if any. The arguments are:</p>
<ol class="Bl-enum Bd-indent Bl-compact">
<li>Pre-formatted noun phrase with all the information below</li>
<li>Either the dataset name or the element of the TPM hierarchy.</li>
<li>&quot;new&quot; if this is for a new passphrase</li>
<li>&quot;again&quot; if it's the second prompt for that passphrase</li>
</ol>
<p class="Pp" id="127">If the helper doesn't exist (the shell exits with
<a class="permalink" href="#127"><b class="Sy">127</b></a>), a
diagnostic is issued and the normal prompt is used as fall-back. If it
fails for any other reason, the prompting is aborted.</p>
<p class="Pp">An example value would be:
<span class="No">'</span><code class="Nm">systemd-ask-password</code>
<p class="Pp">An example value facilitating
<a class="Xr" href="https://manpages.debian.org/bullseye/systemd.1">systemd(1)</a>
integration would be:
<span class="No">'</span><code class="Ic">exec</code>
<code class="Nm">systemd-ask-password</code>
<code class="Fl">--id</code><code class="Li">=</code>&quot;<code class="Li">tzpfms:</code><var class="Ar">$2</var>&quot;
&quot;<var class="Ar">$1</var><code class="Li">: </code>&quot;'.</p>
</dd>
@ -156,8 +153,8 @@
</div>
<table class="foot">
<tr>
<td class="foot-date">November 15, 2021</td>
<td class="foot-os">tzpfms 0.1-15</td>
<td class="foot-date">November 18, 2021</td>
<td class="foot-os">tzpfms 0.1-16</td>
</tr>
</table>
</body>

37
zfs-tpm2-load-key.8
View File

@ -1,9 +1,9 @@
.\" SPDX-License-Identifier: MIT
.
.Dd November 15, 2021
.Dd November 18, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM2-LOAD-KEY 8
.Os tzpfms 0.1-15
.Os tzpfms 0.1-16
.
.Sh NAME
.Nm zfs-tpm2-load-key
@ -44,26 +44,35 @@ option.
.Sh ENVIRONMENT VARIABLES
.Bl -tag -compact -width "TZPFMS"
.It Ev TZPFMS_PASSPHRASE_HELPER
If set and nonempty, will be run as
.Dl Pa /bin/ Ns Nm sh Fl c Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc
to provide a passphrase, instead of reading from the standard input.
If set and nonempty, will be run via
.Pa /bin/ Ns Nm sh Fl c
.\"Li \&"$TZPFMS_PASSPHRASE_HELPER" \&"$TZPFMS_PASSPHRASE_HELPER" Qo Ar prepared prompt Qc Qo Ar target Qc Qo Oo Li new Oc Qc Qo Oo Li again Oc Qc
to provide a passphrase, instead of reading from the standard input stream.
.Pp
The standard output stream of the helper is tied to an anonymous file and used in its entirety as the passphrase, except for a trailing new-line, if any.
The second argument contains either the dataset name or the element of the TPM hierarchy.
The third argument is
.Li new
if this is for a new passphrase, and the fourth is
.Li again
if it's the second prompt for that passphrase.
The first argument already contains all of this information, as a pre-formatted noun phrase.
The arguments are:
.Bl -enum -compact -offset "@@" -width "@"
.It
Pre-formatted noun phrase with all the information below
.It
Either the dataset name or the element of the TPM hierarchy.
.It
.Qq new
if this is for a new passphrase
.It
.Qq again
if it's the second prompt for that passphrase
.El
.Pp
If the helper doesn't exist
.Pq the shell exits with Sy 127 ,
a diagnostic is issued and the normal prompt is used as fall-back.
If it fails for any other reason, the prompting is aborted.
.Pp
An example value would be:
.No ' Ns Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' .
An example value facilitating
.Xr systemd 1
integration would be:
.No ' Ns Ic exec Nm systemd-ask-password Fl -id Ns Li = Ns Qo Li tzpfms:\& Ns Ar $2 Qc Qo Ar $1 Ns Li ": " Qc Ns ' .
.El
.
.\" SPDX-License-Identifier: MIT

39
zfs-tpm2-load-key.8.html
View File

@ -58,31 +58,28 @@
VARIABLES</a></h1>
<dl class="Bl-tag Bl-compact">
<dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
<dd>If set and nonempty, will be run as
<div class="Bd
Bd-indent"><code class="Li"><span class="Pa">/bin/</span><code class="Nm">sh</code>
<code class="Fl">-c</code>
<code class="Li">&quot;$TZPFMS_PASSPHRASE_HELPER&quot;
&quot;$TZPFMS_PASSPHRASE_HELPER&quot;</code>
&quot;<var class="Ar">prepared prompt</var>&quot;
&quot;<var class="Ar">target</var>&quot;
&quot;[<code class="Li">new</code>]&quot;
&quot;[<code class="Li">again</code>]&quot;</code></div>
to provide a passphrase, instead of reading from the standard input.
<dd>If set and nonempty, will be run via
<span class="Pa">/bin/</span><code class="Nm">sh</code>
<code class="Fl">-c</code> to provide a passphrase, instead of reading
from the standard input stream.
<p class="Pp">The standard output stream of the helper is tied to an
anonymous file and used in its entirety as the passphrase, except for a
trailing new-line, if any. The second argument contains either the
dataset name or the element of the TPM hierarchy. The third argument is
<code class="Li">new</code> if this is for a new passphrase, and the
fourth is <code class="Li">again</code> if it's the second prompt for
that passphrase. The first argument already contains all of this
information, as a pre-formatted noun phrase.</p>
trailing new-line, if any. The arguments are:</p>
<ol class="Bl-enum Bd-indent Bl-compact">
<li>Pre-formatted noun phrase with all the information below</li>
<li>Either the dataset name or the element of the TPM hierarchy.</li>
<li>&quot;new&quot; if this is for a new passphrase</li>
<li>&quot;again&quot; if it's the second prompt for that passphrase</li>
</ol>
<p class="Pp" id="127">If the helper doesn't exist (the shell exits with
<a class="permalink" href="#127"><b class="Sy">127</b></a>), a
diagnostic is issued and the normal prompt is used as fall-back. If it
fails for any other reason, the prompting is aborted.</p>
<p class="Pp">An example value would be:
<span class="No">'</span><code class="Nm">systemd-ask-password</code>
<p class="Pp">An example value facilitating
<a class="Xr" href="https://manpages.debian.org/bullseye/systemd.1">systemd(1)</a>
integration would be:
<span class="No">'</span><code class="Ic">exec</code>
<code class="Nm">systemd-ask-password</code>
<code class="Fl">--id</code><code class="Li">=</code>&quot;<code class="Li">tzpfms:</code><var class="Ar">$2</var>&quot;
&quot;<var class="Ar">$1</var><code class="Li">: </code>&quot;'.</p>
</dd>
@ -141,8 +138,8 @@
</div>
<table class="foot">
<tr>
<td class="foot-date">November 15, 2021</td>
<td class="foot-os">tzpfms 0.1-15</td>
<td class="foot-date">November 18, 2021</td>
<td class="foot-os">tzpfms 0.1-16</td>
</tr>
</table>
</body>