diff --git a/tzpfms.pdf b/tzpfms.pdf
index a3a7669..9298715 100644
Binary files a/tzpfms.pdf and b/tzpfms.pdf differ
diff --git a/tzpfms.ps b/tzpfms.ps
index 1e4d815..08848bc 100644
--- a/tzpfms.ps
+++ b/tzpfms.ps
@@ -1,13 +1,13 @@
 %!PS-Adobe-3.0
 %%Creator: groff version 1.23.0
-%%CreationDate: Sat Nov 25 16:44:10 2023
-%%DocumentNeededResources: font Times-Italic
-%%+ font Times-Roman
+%%CreationDate: Sat Nov 25 16:48:05 2023
+%%DocumentNeededResources: font Times-Roman
 %%+ font Times-Bold
 %%+ font Courier-Bold
-%%+ font Courier
 %%+ font Courier-Oblique
+%%+ font Courier
 %%+ font Symbol
+%%+ font Times-Italic
 %%DocumentSuppliedResources: procset grops 1.23 0
 %%Pages: 10
 %%PageOrder: Ascend
@@ -232,13 +232,13 @@ setpacking
 %%BeginFeature: *PageSize Default
 << /PageSize [ 595 842 ] /ImagingBBox null >> setpagedevice
 %%EndFeature
-%%IncludeResource: font Times-Italic
 %%IncludeResource: font Times-Roman
 %%IncludeResource: font Times-Bold
 %%IncludeResource: font Courier-Bold
-%%IncludeResource: font Courier
 %%IncludeResource: font Courier-Oblique
+%%IncludeResource: font Courier
 %%IncludeResource: font Symbol
+%%IncludeResource: font Times-Italic
 grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72
 def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron
 /Zcaron/scaron/zcaron/Ydieresis/trademark/quotesingle/Euro/.notdef
@@ -267,573 +267,563 @@ def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron
 /egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis
 /eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash
 /ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]def
-/Courier-Oblique@0 ENC0/Courier-Oblique RE/Courier@0 ENC0/Courier RE
-/Courier-Bold@0 ENC0/Courier-Bold RE/Times-Bold@0 ENC0/Times-Bold RE
-/Times-Roman@0 ENC0/Times-Roman RE/Times-Italic@0 ENC0/Times-Italic RE
+/Times-Italic@0 ENC0/Times-Italic RE/Courier@0 ENC0/Courier RE
+/Courier-Oblique@0 ENC0/Courier-Oblique RE/Courier-Bold@0 ENC0
+/Courier-Bold RE/Times-Bold@0 ENC0/Times-Bold RE/Times-Roman@0 ENC0
+/Times-Roman RE
 %%EndSetup
 %%Page: 1 1
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Italic@0 SF(ZFS-TPM-LIST)72 48 Q/F1 10/Times-Roman@0 SF
-96.343(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G(anual)-2.5 E F0
-(ZFS-TPM-LIST)96.342 E F1(\(8\))A/F2 10/Times-Bold@0 SF -.2(NA)72 84 S
-(ME).2 E F1(zfs-tpm-list \212 print dataset tzpfms metadata)108 96 Q F2
-(SYNOPSIS)72 112.8 Q/F3 10/Courier-Bold@0 SF(zfs-tpm-list)108 124.8 Q F1
-([)2.5 E/F4 10/Courier@0 SF<ad48>1.666 E F1 2.5(][)C F4<ad72>-.834 E F1
-(|)A F4<ad64>1.666 E/F5 10/Courier-Oblique@0 SF(depth)6 E F1 2.5(][)C F4
-<ad61>-.834 E F1(|)A F4<ad62>1.666 E F5(back-end)6 E F1 2.5(][)C F4
-<ad75>-.834 E F1(|)A F4<ad6c>1.666 E F1(])A([)186 136.8 Q F5(filesystem)
-A F1(|)A F5(volume)A F1 1.666(]...)C F2(DESCRIPTION)72 153.6 Q F1
-(Lists the follo)108 165.6 Q(wing properties on encryption roots:)-.25 E
-F4(name)128 177.6 Q(back-end)128 189.6 Q F1(the)187 189.6 Q F3(tzpfms)
-4.897 E F1 2.396(back-end \(e.g.)4.896 F F2(TPM2)4.896 E F1(for)4.896 E
-F0(zfs-tpm2-c)4.896 E(hang)-.15 E(e-k)-.1 E -.3(ey)-.1 G F1 2.396
-(\(8\) or).3 F F2(TPM1.X)4.896 E F1(for)4.896 E F0(zfs-tpm1x-c)187 201.6
-Q(hang)-.15 E(e-k)-.1 E -.3(ey)-.1 G F1(\(8\)\), or ").3 E F2(-)A F1 2.5
-("i)C 2.5(fn)-2.5 G(one is con\214gured)-2.5 E F4(keystatus)128 213.6 Q
-F2 -2.1 -.25(av a)187 213.6 T(ilable).25 E F1(or)2.5 E F2(una)2.5 E -.1
-(va)-.25 G(ilable).1 E F4(coherent)128 225.6 Q F2 -.1(ye)187 225.6 S(s)
-.1 E F1 10.289(if either both)12.789 F F4
-(xyz.nabijaczleweli:tzpfms.backend)12.789 E F1(and)12.789 E F4
-(xyz.nabijaczleweli:tzpfms.key)187 237.6 Q F1(are present or missing,)
-2.5 E F2(no)2.5 E F1(otherwise)2.5 E 8.743(Incoherent datasets require \
-immediate operator attention, with either the appropriate)108 254.4 R F3
-(zfs-tpm)108 266.4 Q/F6 10/Symbol SF(*)A F3(-clear-key)A F1 1.778
-(program or)4.277 F F3(zfs)4.278 E F4(change-key)7.778 E F1(and)4.278 E
-F3(zfs)4.278 E F4(inherit)7.778 E F1 4.278<8a69>4.278 G 4.278(ft)-4.278
-G 1.778(he k)-4.278 F 2.078 -.15(ey b)-.1 H(e-).15 E .566
-(comes unloaded, the)108 278.4 R 3.066(yw)-.15 G .566
-(ill require restoration from back-up.)-3.066 F(Ho)5.566 E(we)-.25 E
--.15(ve)-.25 G 1.366 -.4(r, t).15 H .566(his should ne).4 F -.15(ve)-.25
-G 3.065(ro).15 G(ccur)-3.065 E 3.065(,u)-.4 G(nless)-3.065 E
+/F0 10/Times-Roman@0 SF 93.563(ZFS-TPM-LIST\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 91.062(anual ZFS-TPM-LIST\(8\))-2.5 F/F1
+10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E F0
+(zfs-tpm-list \212 print dataset tzpfms metadata)108 96 Q F1(SYNOPSIS)72
+112.8 Q/F2 10/Courier-Bold@0 SF(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2
+<ad48>1.666 E F0 2.5(][)C F2<ad72>-.834 E F0(|)A F2<ad64>1.666 E/F3 10
+/Courier-Oblique@0 SF(depth)6 E F0 2.5(][)C F2<ad61>-.834 E F0(|)A F2
+<ad62>1.666 E F3(back-end)6 E F0 2.5(][)C F2<ad75>-.834 E F0(|)A F2
+<ad6c>1.666 E F0(])A([)186 136.8 Q F3(filesystem)A F0(|)A F3(volume)A F0
+1.666(]...)C F1(DESCRIPTION)72 153.6 Q F0(Lists the follo)108 165.6 Q
+(wing properties on encryption roots:)-.25 E/F4 10/Courier@0 SF(name)128
+177.6 Q(back-end)128 189.6 Q F0(the)187 189.6 Q F2(tzpfms)2.979 E F0
+.478(back-end \(e.g.)2.978 F F1(TPM2)2.978 E F0(for)2.978 E F4
+(zfs-tpm2-change-key)2.978 E F0 .478(\(8\) or)B F1(TPM1.X)2.978 E F0
+(for)187 201.6 Q F4(zfs-tpm1x-change-key)2.5 E F0(\(8\)\), or ")A F1(-)A
+F0 2.5("i)C 2.5(fn)-2.5 G(one is con\214gured)-2.5 E F4(keystatus)128
+213.6 Q F1 -2.1 -.25(av a)187 213.6 T(ilable).25 E F0(or)2.5 E F1(una)
+2.5 E -.1(va)-.25 G(ilable).1 E F4(coherent)128 225.6 Q F1 -.1(ye)187
+225.6 S(s).1 E F0 10.289(if either both)12.789 F F4
+(xyz.nabijaczleweli:tzpfms.backend)12.789 E F0(and)12.789 E F4
+(xyz.nabijaczleweli:tzpfms.key)187 237.6 Q F0(are present or missing,)
+2.5 E F1(no)2.5 E F0(otherwise)2.5 E 8.743(Incoherent datasets require \
+immediate operator attention, with either the appropriate)108 254.4 R F2
+(zfs-tpm)108 266.4 Q/F5 10/Symbol SF(*)A F2(-clear-key)A F0 1.778
+(program or)4.277 F F2 1.778(zfs change-key)4.278 F F0(and)4.278 E F2
+1.778(zfs inherit)4.278 F F0 4.278<8a69>4.278 G 4.278(ft)-4.278 G 1.778
+(he k)-4.278 F 2.078 -.15(ey b)-.1 H(e-).15 E .566(comes unloaded, the)
+108 278.4 R 3.066(yw)-.15 G .566(ill require restoration from back-up.)
+-3.066 F(Ho)5.566 E(we)-.25 E -.15(ve)-.25 G 1.366 -.4(r, t).15 H .566
+(his should ne).4 F -.15(ve)-.25 G 3.065(ro).15 G(ccur)-3.065 E 3.065
+(,u)-.4 G(nless)-3.065 E
 (something went horribly wrong with the dataset properties.)108 290.4 Q
 .965(If no datasets are speci\214ed, all matching encryption roots are \
-listed \212 by def)108 307.2 R .966(ault, those managed by)-.1 F F3
-(tzpfms)108 319.2 Q F1(.)A F2(OPTIONS)72 336 Q F4<ad48>109.666 348 Q F1
+listed \212 by def)108 307.2 R .966(ault, those managed by)-.1 F F2
+(tzpfms)108 319.2 Q F0(.)A F1(OPTIONS)72 336 Q F2<ad48>109.666 348 Q F0
 1.583(Scripting mode \212 remo)185 348 R 1.883 -.15(ve h)-.15 H 1.583
 (eaders and separate \214elds by a single tab instead of).15 F
-(columnating them with spaces.)185 360 Q F4<ad72>109.666 376.8 Q F1
-(Recurse into all descendants of speci\214ed datasets.)185 376.8 Q F4
-<ad64>109.666 388.8 Q F5(depth)6 E F1(Recurse at most)185 388.8 Q F5
-(depth)2.5 E F1(datasets deep.)2.5 E(Def)5 E(ault:)-.1 E F2(0)2.5 E F1
-(.)A F4<ad61>109.666 405.6 Q F1(List all encryption roots, e)185 405.6 Q
--.15(ve)-.25 G 2.5(no).15 G(nes not managed by)-2.5 E F3(tzpfms)2.5 E F1
-(.)A F4<ad62>109.666 417.6 Q F5(back-end)6 E F1
-(List only encryption roots with the speci\214ed)185 417.6 Q F3(tzpfms)
-2.5 E F5(back-end)2.5 E F1(.)A F4<ad75>109.666 434.4 Q F1
+(columnating them with spaces.)185 360 Q F2<ad72>109.666 376.8 Q F0
+(Recurse into all descendants of speci\214ed datasets.)185 376.8 Q F2
+<ad64>109.666 388.8 Q F3(depth)6 E F0(Recurse at most)185 388.8 Q F3
+(depth)2.5 E F0(datasets deep.)2.5 E(Def)5 E(ault:)-.1 E F1(0)2.5 E F0
+(.)A F2<ad61>109.666 405.6 Q F0(List all encryption roots, e)185 405.6 Q
+-.15(ve)-.25 G 2.5(no).15 G(nes not managed by)-2.5 E F2(tzpfms)2.5 E F0
+(.)A F2<ad62>109.666 417.6 Q F3(back-end)6 E F0
+(List only encryption roots with the speci\214ed)185 417.6 Q F2(tzpfms)
+2.5 E F3(back-end)2.5 E F0(.)A F2<ad75>109.666 434.4 Q F0
 (List only encryption roots whose k)185 434.4 Q -.15(ey)-.1 G 2.5(sa).15
-G(re una)-2.5 E -.25(va)-.2 G(ilable.).25 E F4<ad6c>109.666 446.4 Q F1
+G(re una)-2.5 E -.25(va)-.2 G(ilable.).25 E F2<ad6c>109.666 446.4 Q F0
 (List only encryption roots whose k)185 446.4 Q -.15(ey)-.1 G 2.5(sa).15
-G(re a)-2.5 E -.25(va)-.2 G(ilable.).25 E F2(EXAMPLES)72 463.2 Q F4($)
-108 475.2 Q F3(zfs-tpm-list)6 E F4 72(NAME BACK-END)108 487.2 R 18
+G(re a)-2.5 E -.25(va)-.2 G(ilable.).25 E F1(EXAMPLES)72 463.2 Q F4($)
+108 475.2 Q F2(zfs-tpm-list)6 E F4 72(NAME BACK-END)108 487.2 R 18
 (KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)108 499.2 R 18
 (available yes)24 F 6(tarta-zoot/home TPM2)108 511.2 R 6
-(unavailable yes)36 F($)108 535.2 Q F3(zfs-tpm-list)6 E F4(\255ad0)7.666
-E 24(NAME BACK-END)108 547.2 R 6(KEYSTATUS COHERENT)12 F 6(filling -)108
-559.2 R 6(available yes)54 F($)108 583.2 Q F3(zfs-tpm-list)6 E F4<ad62>
-7.666 E F2(TPM2)6 E F4 72(NAME BACK-END)108 595.2 R 18
-(KEYSTATUS COHERENT)12 F 6(tarta-zoot/home TPM2)108 607.2 R 6
-(unavailable yes)36 F($)108 631.2 Q F3(zfs-tpm-list)6 E F4(\255ra)7.666
-E F5(tarta-zoot)6 E F4 72(NAME BACK-END)108 643.2 R 18
-(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)108 655.2 R 18
-(available yes)24 F 6(tarta-zoot/home TPM2)108 667.2 R 6
+(unavailable yes)36 F($)108 535.2 Q F2 1.666(zfs-tpm-list \255ad0)6 F F4
+24(NAME BACK-END)108 547.2 R 6(KEYSTATUS COHERENT)12 F 6(filling -)108
+559.2 R 6(available yes)54 F($)108 583.2 Q F2 1.666(zfs-tpm-list \255b)6
+F F1(TPM2)6 E F4 72(NAME BACK-END)108 595.2 R 18(KEYSTATUS COHERENT)12 F
+6(tarta-zoot/home TPM2)108 607.2 R 6(unavailable yes)36 F($)108 631.2 Q
+F2 1.666(zfs-tpm-list \255ra)6 F F3(tarta-zoot)6 E F4 72(NAME BACK-END)
+108 643.2 R 18(KEYSTATUS COHERENT)12 F 36(tarta-zoot TPM1.X)108 655.2 R
+18(available yes)24 F 6(tarta-zoot/home TPM2)108 667.2 R 6
 (unavailable yes)36 F 12(tarta-zoot/bkp -)108 679.2 R 18(available yes)
 54 F 18(tarta-zoot/vm -)108 691.2 R 18(available yes)54 F($)108 715.2 Q
-F3(zfs-tpm-list)6 E F4(\255al)7.666 E 72(NAME BACK-END)108 727.2 R 6
+F2 1.666(zfs-tpm-list \255al)6 F F4 72(NAME BACK-END)108 727.2 R 6
 (KEYSTATUS COHERENT)12 F 54(filling -)108 739.2 R 6(available yes)54 F
 36(tarta-zoot TPM1.X)108 751.2 R 6(available yes)24 F 12
 (tarta-zoot/bkp -)108 763.2 R 6(available yes)54 F 18(tarta-zoot/vm -)
-108 775.2 R 6(available yes)54 F F1(tzpfms 0.3.3-7-g893a48c)72 817.889 Q
-(No)85.673 E -.15(ve)-.15 G(mber 25, 2023).15 E(1)180.932 E 0 Cg EP
+108 775.2 R 6(available yes)54 F F0(tzpfms 0.3.3-8-g286180b)72 817.889 Q
+(No)84.553 E -.15(ve)-.15 G(mber 25, 2023).15 E(1)180.932 E 0 Cg EP
 %%Page: 2 2
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Italic@0 SF(ZFS-TPM-LIST)72 48 Q/F1 10/Times-Roman@0 SF
-96.343(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G(anual)-2.5 E F0
-(ZFS-TPM-LIST)96.342 E F1(\(8\))A/F2 10/Times-Bold@0 SF 1.666
-(SPECIAL THANKS)72 84 R F1 1.6 -.8(To a)108 96 T
+/F0 10/Times-Roman@0 SF 93.563(ZFS-TPM-LIST\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 91.062(anual ZFS-TPM-LIST\(8\))-2.5 F/F1
+10/Times-Bold@0 SF 1.666(SPECIAL THANKS)72 84 R F0 1.6 -.8(To a)108 96 T
 (ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
-.15 E F2<83>128 108 Q F1(ThePhD)7.5 E F2<83>128 120 Q F1(Embark Studios)
-7.5 E F2<83>128 132 Q F1(Lars Strojn)7.5 E(y)-.15 E F2(REPOR)72 148.8 Q
-1.666(TING B)-.4 F(UGS)-.1 E F1(https://todo.sr)108 160.8 Q
-(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F0(\001nabijaczle)108
-177.6 Q(weli/tzpfms@lists.sr)-.15 E(.ht)-1.11 E F1 2.5(,a)C(rchi)-2.5 E
--.15(ve)-.25 G 2.5(da).15 G 2.5(th)-2.5 G(ttps://lists.sr)-2.5 E
-(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(tzpfms 0.3.3-7-g893a48c)
-72 817.889 Q(No)85.673 E -.15(ve)-.15 G(mber 25, 2023).15 E(2)180.932 E
-0 Cg EP
+.15 E F1<83>128 108 Q F0(ThePhD)7.5 E F1<83>128 120 Q F0(Embark Studios)
+7.5 E F1<83>128 132 Q F0(Lars Strojn)7.5 E(y)-.15 E F1(REPOR)72 148.8 Q
+1.666(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108 160.8 Q
+(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E/F2 10/Courier@0 SF
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 177.6 Q F0 83.762(,a)C(rchi)
+-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E(https://lists.sr)
+108 189.6 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E
+(tzpfms 0.3.3-8-g286180b)72 817.889 Q(No)84.553 E -.15(ve)-.15 G
+(mber 25, 2023).15 E(2)180.932 E 0 Cg EP
 %%Page: 1 3
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Italic@0 SF(ZFS-TPM1X-CHANGE-KEY)72 48 Q/F1 10
-/Times-Roman@0 SF 43.013(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G
-(anual)-2.5 E F0(ZFS-TPM1X-CHANGE-KEY)43.012 E F1(\(8\))A/F2 10
-/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E F1(zfs-tpm1x-change-k)108 96 Q
-.3 -.15(ey \212 c)-.1 H(hange ZFS dataset k).15 E .3 -.15(ey t)-.1 H 2.5
-(oo).15 G(ne stored on the TPM)-2.5 E F2(SYNOPSIS)72 112.8 Q/F3 10
-/Courier-Bold@0 SF(zfs-tpm-list)108 124.8 Q F1([)2.5 E/F4 10/Courier@0
-SF<ad62>1.666 E/F5 10/Courier-Oblique@0 SF(backup-file)6 E F1 2.5(][)C
-F4<ad50>-.834 E F5(PCR)6 E F1([)A F4(,)A F5(PCR)A F1 1.666(]...)C(])
--1.666 E F5(dataset)2.5 E F2(DESCRIPTION)72 141.6 Q F1 6.866 -.8(To n)
-108 153.6 T 5.266(ormalise the).8 F F5(dataset)7.766 E F1(,)A F3
-(zfs-tpm-list)7.766 E F1 5.266
-(will open its encryption root in its stead.)7.766 F F3(zfs-tpm-list)108
-165.6 Q F1(will)2.5 E F0(ne)2.5 E(ver)-.15 E F1(create or destro)2.5 E
-2.5(ye)-.1 G(ncryption roots; use)-2.5 E F0(zfs-c)2.5 E(hang)-.15 E(e-k)
--.1 E -.3(ey)-.1 G F1(\(8\) for that.).3 E
-(First, a connection is made to the TPM, which)108 182.4 Q F0(must)2.5 E
-F1(be TPM-1.X-compatible.)2.5 E(If)108 199.2 Q F5(dataset)3.177 E F1 -.1
+/F0 10/Times-Roman@0 SF 36.913(ZFS-TPM1X-CHANGE-KEY\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 34.412(anual ZFS-TPM1X-CHANGE-KEY\(8\))
+-2.5 F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E F0
+(zfs-tpm1x-change-k)108 96 Q .3 -.15(ey \212 c)-.1 H
+(hange ZFS dataset k).15 E .3 -.15(ey t)-.1 H 2.5(oo).15 G
+(ne stored on the TPM)-2.5 E F1(SYNOPSIS)72 112.8 Q/F2 10/Courier-Bold@0
+SF(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2<ad62>1.666 E/F3 10
+/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][)C F2<ad50>-.834 E F3
+(PCR)6 E F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C(])-1.666 E F3(dataset)
+2.5 E F1(DESCRIPTION)72 141.6 Q F0 6.867 -.8(To n)108 153.6 T 5.267
+(ormalise the).8 F F3(dataset)7.767 E F0(,)A F2(zfs-tpm-list)7.766 E F0
+5.266(will open its encryption root in its stead.)7.766 F F2
+(zfs-tpm-list)108 165.6 Q F0(will)2.5 E/F4 10/Times-Italic@0 SF(ne)2.5 E
+(ver)-.15 E F0(create or destro)2.5 E 2.5(ye)-.1 G(ncryption roots; use)
+-2.5 E/F5 10/Courier@0 SF(zfs-change-key)2.5 E F0(\(8\) for that.)A
+(First, a connection is made to the TPM, which)108 182.4 Q F4(must)2.5 E
+F0(be TPM-1.X-compatible.)2.5 E(If)108 199.2 Q F3(dataset)3.176 E F0 -.1
 (wa)3.176 G 3.176(sp).1 G(re)-3.176 E .676(viously encrypted with)-.25 F
-F3(tzpfms)3.176 E F1 .676(and the)3.176 F F2(TPM1.X)3.176 E F1 .676
+F2(tzpfms)3.176 E F0 .676(and the)3.176 F F1(TPM1.X)3.176 E F0 .676
 (back-end w)3.176 F .676(as used, the meta-)-.1 F .926
 (data will be silently cleared.)108 211.2 R .926
 (Otherwise, or in case of an error)5.926 F 3.426(,d)-.4 G .926
 (ata required for manual interv)-3.426 F(ention)-.15 E
 (will be printed to the standard error stream.)108 223.2 Q(Ne)108 240 Q
-1.741(xt, a ne)-.15 F 4.241(ww)-.25 G 1.741(rapping k)-4.241 F 2.041
--.15(ey i)-.1 H 4.24(sg).15 G 1.74(enerated on the TPM, optionally back)
--4.24 F 1.74(ed up \(see \231OPTIONS\232\), and)-.1 F .294(sealed on th\
-e TPM; the user is prompted for an optional passphrase to protect the k)
-108 252 R .594 -.15(ey w)-.1 H .294(ith, and for the).15 F
-(SRK passphrase, set when taking o)108 264 Q(wnership, if not "well-kno)
--.25 E(wn" \(all zeroes\).)-.25 E(The follo)108 280.8 Q
-(wing properties are set on)-.25 E F5(dataset)2.5 E F1(:)A F2<83>128
-292.8 Q F4(xyz.nabijaczleweli:tzpfms.backend)7.5 E F1(=)A F2(TPM1.X)A
-<83>128 304.8 Q F4(xyz.nabijaczleweli:tzpfms.key)7.5 E F1(=)A F5
-(parent-key-blob)A F4(:)A F5(sealed-object-blob)A F4(tzpfms.backend)108
-321.6 Q F1 .292(identi\214es this dataset for w)2.792 F .291(ork with)
--.1 F F2(TPM1.X)2.791 E F1(-back-ended)A F3(tzpfms)2.791 E F1 .291
-(tools \(namely)2.791 F F0(zfs-tpm1x-c)108 333.6 Q(hang)-.15 E(e-k)-.1 E
--.3(ey)-.1 G F1(\(8\),).3 E F0(zfs-tpm1x-load-k)2.5 E -.3(ey)-.1 G F1
-(\(8\), and).3 E F0(zfs-tpm1x-clear)2.5 E(-k)-.2 E -.3(ey)-.1 G F1
-(\(8\)\).).3 E F4(tzpfms.key)108 350.4 Q F1 1.412
-(is a colon-separated pair of he)3.912 F 1.412
-(xadecimal-string \(i.e. "4F7730" for "Ow0"\) blobs; the)-.15 F .868
-(\214rst one represents the RSA k)108 362.4 R 1.168 -.15(ey p)-.1 H .867
+.294(xt, a ne)-.15 F 2.794(ww)-.25 G .294(rapping k)-2.794 F .594 -.15
+(ey i)-.1 H 2.794(sg).15 G .294(enerated on the TPM, optionally back)
+-2.794 F .294(ed up \(see)-.1 F F1(OPTIONS)2.794 E F0 .294
+(\), and sealed)B .586(on the TPM; the user is prompted for an optional\
+ passphrase to protect the k)108 252 R .885 -.15(ey w)-.1 H .585
+(ith, and for the SRK).15 F(passphrase, set when taking o)108 264 Q
+(wnership, if not "well-kno)-.25 E(wn" \(all zeroes\).)-.25 E(The follo)
+108 280.8 Q(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1
+<83>128 292.8 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1
+(TPM1.X)A<83>128 304.8 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A
+F3(parent-key-blob)A F2(:)A F3(sealed-object-blob)A F5(tzpfms.backend)
+108 321.6 Q F0 .291(identi\214es this dataset for w)2.791 F .292
+(ork with)-.1 F F1(TPM1.X)2.792 E F0(-back-ended)A F2(tzpfms)2.792 E F0
+.292(tools \(namely)2.792 F F5(zfs-tpm1x-change-key)108 333.6 Q F0
+(\(8\),)A F5(zfs-tpm1x-load-key)2.5 E F0(\(8\), and)A F5
+(zfs-tpm1x-clear-key)2.5 E F0(\(8\)\).)A F5(tzpfms.key)108 350.4 Q F0
+1.412(is a colon-separated pair of he)3.913 F 1.412
+(xadecimal-string \(i.e. "4F7730" for "Ow0"\) blobs; the)-.15 F .867
+(\214rst one represents the RSA k)108 362.4 R 1.167 -.15(ey p)-.1 H .868
 (rotecting the blob, and it is protected with either the passphrase, if)
-.15 F(pro)108 374.4 Q 1.413(vided, or the SHA1 constant)-.15 F F4
-(CE4CF677875B5EB8993591D5A9AF1ED24A3A8736)3.914 E F1 3.914(;t)C 1.414
-(he sec-)-3.914 F .379
+.15 F(pro)108 374.4 Q 1.414(vided, or the SHA1 constant)-.15 F F5
+(CE4CF677875B5EB8993591D5A9AF1ED24A3A8736)3.913 E F0 3.913(;t)C 1.413
+(he sec-)-3.913 F .379
 (ond represents the sealed object containing the wrapping k)108 386.4 R
 -.15(ey)-.1 G 2.879(,a)-.5 G .379
-(nd is protected with the SHA1 constant)-2.879 F F4
-(B9EE715DBE4B243FAA81EA04306E063710383E35)108 398.4 Q F1 6.72(.T)C 1.72
-(here e)-6.72 F 1.721(xists no other user)-.15 F 1.721(-land tool for)
--.2 F(decrypting this; perhaps there should be.)108 410.4 Q(Finally)108
-427.2 Q 12.006(,t)-.65 G 9.506(he equi)-12.006 F -.25(va)-.25 G 9.506
-(lent of).25 F F3(zfs)12.005 E F4 11.171(change-key \255o)15.505 F
-11.171(keylocation=prompt \255o)15.505 F(keyformat=raw)108 439.2 Q F5
-(dataset)6.106 E F1 .106(is performed with the ne)2.606 F 2.606(wk)-.25
-G -.15(ey)-2.706 G 5.106(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606 G
-.107(rror occurred, best ef)-2.606 F .107(fort is made)-.25 F
+(nd is protected with the SHA1 constant)-2.879 F F5
+(B9EE715DBE4B243FAA81EA04306E063710383E35)108 398.4 Q F0 6.721(.T)C
+1.721(here e)-6.721 F 1.721(xists no other user)-.15 F 1.72
+(-land tool for)-.2 F(decrypting this; perhaps there should be.)108
+410.4 Q(Finally)108 427.2 Q 12.005(,t)-.65 G 9.505(he equi)-12.005 F
+-.25(va)-.25 G 9.505(lent of).25 F F2 9.505(zfs change-key)12.005 F
+<ad6f>17.172 E F5(keylocation=prompt)15.506 E F2<ad6f>17.172 E F5
+(keyformat=raw)108 439.2 Q F3(dataset)6.107 E F0 .107
+(is performed with the ne)2.607 F 2.606(wk)-.25 G -.15(ey)-2.706 G 5.106
+(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606 G .106
+(rror occurred, best ef)-2.606 F .106(fort is made)-.25 F
 (to clean up the properties, or to issue a note for manual interv)108
-451.2 Q(ention into the standard error stream.)-.15 E 4.056<418c>108 468
-S 1.556(nal v)-4.056 F 1.556(eri\214cation should be made by running)
--.15 F F3(zfs-tpm1x-load-key)4.056 E F4<ad6e>9.222 E F5(dataset)7.555 E
-F1 6.555(.I)C 4.055(ft)-6.555 G(hat)-4.055 E .729
+451.2 Q(ention into the standard error stream.)-.15 E 4.055<418c>108 468
+S 1.555(nal v)-4.055 F 1.556(eri\214cation should be made by running)
+-.15 F F2 3.222(zfs-tpm1x-load-key \255n)4.056 F F3(dataset)7.556 E F0
+6.556(.I)C 4.056(ft)-6.556 G(hat)-4.056 E .729
 (command succeeds, all is well, b)108 480 R .729
 (ut otherwise the dataset can be manually rolled back to a passphrase)
--.2 F(with)108 492 Q F3(zfs-tpm1x-clear-key)5.147 E F5(dataset)8.647 E
-F1(\(or)5.147 E 5.146(,i)-.4 G 5.146(ft)-5.146 G 2.646(hat f)-5.146 F
-2.646(ails to w)-.1 F(ork,)-.1 E F3(zfs)5.146 E F4 4.312
-(change-key \255o)8.646 F(keyformat=passphrase)108 504 Q F5(dataset)6 E
-F1(\), and you are hereby ask)A(ed to report a b)-.1 E(ug, please.)-.2 E
-F3(zfs-tpm1x-clear-key)108 520.8 Q F5(dataset)7.606 E F1 1.607
-(can be used to clear the properties and go back to using a)4.106 F
-(passphrase.)108 532.8 Q F2(OPTIONS)72 549.6 Q F4<ad62>109.666 561.6 Q
-F5(backup-file)6 E F1(Sa)203 561.6 Q .353 -.15(ve a b)-.2 H .052
-(ack-up of the k).15 F .352 -.15(ey t)-.1 H(o).15 E F5(backup-file)2.552
-E F1 2.552(,w)C .052(hich must not e)-2.552 F .052(xist beforehand.)-.15
-F .693(This back-up)203 573.6 R F0(must)3.193 E F1 .694
-(be stored securely)3.193 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
-(-site. In).25 F .694(case of a catastrophic e)3.194 F -.15(ve)-.25 G
+-.2 F(with)108 492 Q F2(zfs-tpm1x-clear-key)5.146 E F3(dataset)8.646 E
+F0(\(or)5.146 E 5.146(,i)-.4 G 5.146(ft)-5.146 G 2.646(hat f)-5.146 F
+2.646(ails to w)-.1 F(ork,)-.1 E F2 2.647(zfs change-key)5.147 F<ad6f>
+10.313 E F5(keyformat=passphrase)108 504 Q F3(dataset)6 E F0
+(\), and you are hereby ask)A(ed to report a b)-.1 E(ug, please.)-.2 E
+F2(zfs-tpm1x-clear-key)108 520.8 Q F3(dataset)7.607 E F0 1.607
+(can be used to clear the properties and go back to using a)4.107 F
+(passphrase.)108 532.8 Q F1(OPTIONS)72 549.6 Q F2<ad62>109.666 561.6 Q
+F3(backup-file)6 E F0(Sa)203 561.6 Q .352 -.15(ve a b)-.2 H .052
+(ack-up of the k).15 F .352 -.15(ey t)-.1 H(o).15 E F3(backup-file)2.552
+E F0 2.552(,w)C .052(hich must not e)-2.552 F .053(xist beforehand.)-.15
+F .694(This back-up)203 573.6 R F4(must)3.194 E F0 .694
+(be stored securely)3.194 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
+(-site. In).25 F .693(case of a catastrophic e)3.194 F -.15(ve)-.25 G
 (nt,).15 E(the k)203 585.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
-.15 E F3(zfs)233 597.6 Q F4(load-key)6 E F5(dataset)6 E F4(<)6 E F5
-(backup-file)6 E F4<ad50>109.666 614.4 Q F5(PCR)6 E F1([)A F4(,)A F5
-(PCR)A F1 1.666(]...)C .639(Bind the k)203 614.4 R .939 -.15(ey t)-.1 H
-3.139(os).15 G .639(pace- or comma-separated)-3.139 F F5(PCR)3.139 E F1
-3.139(s\212i)C 3.139(ft)-3.139 G(he)-3.139 E 3.139(yc)-.15 G .638
-(hange, the wrap-)-3.139 F .462(ping k)203 626.4 R .762 -.15(ey w)-.1 H
-.462(ill not be able to be unsealed.).15 F .463
-(The minimum number of PCRs for a)5.462 F(PC TPM is)203 638.4 Q F2(24)
-2.5 E F1(\(numbered [)2.5 E F2(0)A F1(,)A F2(23)2.5 E F1 2.5(]\). F)B
-(or most, this is also the maximum.)-.15 E F2(ENVIR)72 655.2 Q 1.666
-(ONMENT V)-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 667.2 Q
-F1 .046(By def)133 679.2 R .045(ault, passphrases are prompted for and \
-read in on the standard output and input streams.)-.1 F(If)5.045 E F4
-(TZPFMS_PASSPHRASE_HELPER)133 691.2 Q F1 .896(is set and nonempty)3.396
-F 3.396(,i)-.65 G 3.396(tw)-3.396 G .896(ill be run via)-3.396 F F0
-(/bin/)3.396 E F3(sh)A F4<ad63>8.562 E F1 .897(to pro-)3.396 F
-(vide each passphrase, instead.)133 703.2 Q .643
+.15 E F2(zfs load-key)233 597.6 Q F3(dataset)6 E F5(<)6 E F3
+(backup-file)6 E F2<ad50>109.666 614.4 Q F3(PCR)6 E F0([)A F2(,)A F3
+(PCR)A F0 1.666(]...)C .638(Bind the k)203 614.4 R .939 -.15(ey t)-.1 H
+3.139(os).15 G .639(pace- or comma-separated)-3.139 F F3(PCR)3.139 E F0
+3.139(s\212i)C 3.139(ft)-3.139 G(he)-3.139 E 3.139(yc)-.15 G .639
+(hange, the wrap-)-3.139 F .463(ping k)203 626.4 R .763 -.15(ey w)-.1 H
+.463(ill not be able to be unsealed.).15 F .462
+(The minimum number of PCRs for a)5.462 F(PC TPM is)203 638.4 Q F1(24)
+2.5 E F0(\(numbered [)2.5 E F1(0)A F0(,)A F1(23)2.5 E F0 2.5(]\). F)B
+(or most, this is also the maximum.)-.15 E F1(ENVIR)72 655.2 Q 1.666
+(ONMENT V)-.3 F(ARIABLES)-1.35 E F5(TZPFMS_PASSPHRASE_HELPER)108 667.2 Q
+F0 .045(By def)133 679.2 R .045(ault, passphrases are prompted for and \
+read in on the standard output and input streams.)-.1 F(If)5.046 E F5
+(TZPFMS_PASSPHRASE_HELPER)133 691.2 Q F0 1.596(is set and nonempty)4.096
+F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F5
+(/bin/)4.095 E F2 3.261(sh \255c)B F0(to)4.095 E(pro)133 703.2 Q
+(vide each passphrase, instead.)-.15 E .643
 (The standard output stream of the helper is tied to an anon)133 720 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
 133 732 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
-(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 744 Q F1
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F5($1)143 744 Q F0
 (Pre-formatted noun phrase with all the information belo)160 744 Q 1.3
--.65(w, f)-.25 H(or use as a prompt).65 E(tzpfms 0.3.3-7-g893a48c)72
-817.889 Q(No)85.673 E -.15(ve)-.15 G(mber 25, 2023).15 E(1)180.932 E 0
+-.65(w, f)-.25 H(or use as a prompt).65 E(tzpfms 0.3.3-8-g286180b)72
+817.889 Q(No)84.553 E -.15(ve)-.15 G(mber 25, 2023).15 E(1)180.932 E 0
 Cg EP
 %%Page: 2 4
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Italic@0 SF(ZFS-TPM1X-CHANGE-KEY)72 48 Q/F1 10
-/Times-Roman@0 SF 43.013(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G
-(anual)-2.5 E F0(ZFS-TPM1X-CHANGE-KEY)43.012 E F1(\(8\))A/F2 10
-/Courier@0 SF($2)143 84 Q F1
+/F0 10/Times-Roman@0 SF 36.913(ZFS-TPM1X-CHANGE-KEY\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 34.412(anual ZFS-TPM1X-CHANGE-KEY\(8\))
+-2.5 F/F1 10/Courier@0 SF($2)143 84 Q F0
 (Either the dataset name or the element of the TPM hierarch)160 84 Q 2.5
-(yb)-.05 G(eing prompted for)-2.5 E F2($3)143 96 Q F1("ne)160 96 Q
+(yb)-.05 G(eing prompted for)-2.5 E F1($3)143 96 Q F0("ne)160 96 Q
 (w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
--2.5 E F2($4)143 108 Q F1("ag)160 108 Q(ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .177
-(If the helper doesn')133 124.8 R 2.677(te)-.18 G .177
-(xist \(the shell e)-2.827 F .177(xits with)-.15 F/F3 10/Times-Bold@0 SF
-(127)2.677 E F1 .178(\), a diagnostic is issued and the normal prompt)B
+-2.5 E F1($4)143 108 Q F0("ag)160 108 Q(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .178
+(If the helper doesn')133 124.8 R 2.678(te)-.18 G .178
+(xist \(the shell e)-2.828 F .177(xits with)-.15 F/F2 10/Times-Bold@0 SF
+(127)2.677 E F0 .177(\), a diagnostic is issued and the normal prompt)B
 (is used as f)133 136.8 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)
--.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)-2.5 E F3
+-.1 E 2.5(yo)-.15 G(ther reason, the prompting is aborted.)-2.5 E F2
 1.666(TPM1.X back-end con\214guration)72 153.6 R .625(TPM selection)87
-165.6 R F1(The)108 177.6 Q/F4 10/Courier-Bold@0 SF(tzpfms)2.509 E F1
-.009(suite connects to a local)2.509 F F0(tcsd)2.508 E F1 .008
-(\(8\) process \(at)B F0(localhost:30003)2.508 E F1 2.508(\)b)C 2.508
-(yd)-2.508 G(ef)-2.508 E 2.508(ault. Use)-.1 F .008(the en)2.508 F
-(viron-)-.4 E(ment v)108 189.6 Q(ariable)-.25 E F2(TZPFMS_TPM1X)2.5 E F1
-(to specify a remote TCS hostname.)2.5 E .444(The T)108 206.4 R(rouSerS)
--.35 E F0(tcsd)2.944 E F1 .444(\(8\) daemon will try)B F0(/de)2.945 E
-(v/tpm0)-.15 E F1 2.945(,t)C(hen)-2.945 E F0(/ude)2.945 E(v/tpm0)-.15 E
-F1 2.945(,t)C(hen)-2.945 E F0(/de)2.945 E(v/tpm)-.15 E F1 2.945(;b)C
-2.945(yo)-2.945 G(ccup)-2.945 E .445(ying one of)-.1 F
-(the earlier ones with, for e)108 218.4 Q
-(xample, shell redirection, a later one can be selected.)-.15 E F3 .625
-(See also)87 235.2 R F1(The T)108 247.2 Q
+165.6 R F0(The)108 177.6 Q/F3 10/Courier-Bold@0 SF(tzpfms)2.729 E F0
+.229(suite connects to a local)2.729 F F1(tcsd)2.73 E F0 .23
+(\(8\) process \(at)B F1(localhost:30003)2.73 E F0 2.73(\)b)C 2.73(yd)
+-2.73 G(ef)-2.73 E 2.73(ault. Use)-.1 F(the)2.73 E(en)108 189.6 Q
+(vironment v)-.4 E(ariable)-.25 E F1(TZPFMS_TPM1X)2.5 E F0
+(to specify a remote TCS hostname.)2.5 E .111(The T)108 206.4 R(rouSerS)
+-.35 E F1(tcsd)2.611 E F0 .111(\(8\) daemon will try)B F1(/dev/tpm0)2.61
+E F0 2.61(,t)C(hen)-2.61 E F1(/udev/tpm0)2.61 E F0 2.61(,t)C(hen)-2.61 E
+F1(/dev/tpm)2.61 E F0 2.61(;b)C 2.61(yo)-2.61 G(ccu-)-2.61 E -.1(py)108
+218.4 S(ing one of the earlier ones with, for e).1 E
+(xample, shell redirection, a later one can be selected.)-.15 E F2 .625
+(See also)87 235.2 R F0(The T)108 247.2 Q
 (rouSerS project page at https://sourcefor)-.35 E
 (ge.net/projects/trousers.)-.18 E 4.415
 (The TPM 1.2 main speci\214cation inde)108 264 R 6.915(xa)-.15 G 6.915
 (th)-6.915 G(ttps://trustedcomputinggroup.or)-6.915 E
-(g/resource/tpm-main-)-.18 E(speci\214cation.)108 276 Q F3 1.666
-(SPECIAL THANKS)72 292.8 R F1 1.6 -.8(To a)108 304.8 T
+(g/resource/tpm-main-)-.18 E(speci\214cation.)108 276 Q F2 1.666
+(SPECIAL THANKS)72 292.8 R F0 1.6 -.8(To a)108 304.8 T
 (ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
-.15 E F3<83>128 316.8 Q F1(ThePhD)7.5 E F3<83>128 328.8 Q F1
-(Embark Studios)7.5 E F3<83>128 340.8 Q F1(Lars Strojn)7.5 E(y)-.15 E F3
-(REPOR)72 357.6 Q 1.666(TING B)-.4 F(UGS)-.1 E F1(https://todo.sr)108
-369.6 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F0(\001nabijaczle)
-108 386.4 Q(weli/tzpfms@lists.sr)-.15 E(.ht)-1.11 E F1 2.5(,a)C(rchi)
--2.5 E -.15(ve)-.25 G 2.5(da).15 G 2.5(th)-2.5 G(ttps://lists.sr)-2.5 E
-(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E F3 1.666(SEE ALSO)72
-403.2 R F1(PCR allocations: https://wiki.archlinux.or)108 415.2 Q
-(g/title/T)-.18 E(rusted_Platform_Module#Accessing_PCR_re)-.35 E
-(gisters)-.15 E(and https://trustedcomputinggroup.or)108 427.2 Q
+.15 E F2<83>128 316.8 Q F0(ThePhD)7.5 E F2<83>128 328.8 Q F0
+(Embark Studios)7.5 E F2<83>128 340.8 Q F0(Lars Strojn)7.5 E(y)-.15 E F2
+(REPOR)72 357.6 Q 1.666(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108
+369.6 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F1
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 386.4 Q F0 83.763(,a)C(rchi)
+-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E(https://lists.sr)
+108 398.4 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E F2 1.666
+(SEE ALSO)72 415.2 R F0(PCR allocations: https://wiki.archlinux.or)108
+427.2 Q(g/title/T)-.18 E(rusted_Platform_Module#Accessing_PCR_re)-.35 E
+(gisters)-.15 E(and https://trustedcomputinggroup.or)108 439.2 Q
 (g/wp-content/uploads/PC-)-.18 E(ClientSpeci\214c_Platform_Pro\214le_fo\
-r_TPM_2p0_Systems_v51.pdf, Section 2.3.4 "PCR Usage", T)108 439.2 Q
-(able)-.8 E(1.)108 451.2 Q(tzpfms 0.3.3-7-g893a48c)72 817.889 Q(No)
-85.673 E -.15(ve)-.15 G(mber 25, 2023).15 E(2)180.932 E 0 Cg EP
+r_TPM_2p0_Systems_v51.pdf, Section 2.3.4 "PCR Usage", T)108 451.2 Q
+(able)-.8 E(1.)108 463.2 Q(tzpfms 0.3.3-8-g286180b)72 817.889 Q(No)
+84.553 E -.15(ve)-.15 G(mber 25, 2023).15 E(2)180.932 E 0 Cg EP
 %%Page: 1 5
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Italic@0 SF(ZFS-TPM1X-CLEAR-KEY)72 48 Q/F1 10/Times-Roman@0
-SF 52.453(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G(anual)-2.5 E F0
-(ZFS-TPM1X-CLEAR-KEY)52.452 E F1(\(8\))A/F2 10/Times-Bold@0 SF -.2(NA)72
-84 S(ME).2 E F1(zfs-tpm1x-clear)108 96 Q(-k)-.2 E .3 -.15(ey \212 r)-.1
-H -.25(ew).15 G(rap ZFS dataset k).25 E .3 -.15(ey i)-.1 H 2.5(np).15 G
-(asssw)-2.5 E(ord and clear tzpfms TPM1.X metadata)-.1 E F2(SYNOPSIS)72
-112.8 Q/F3 10/Courier-Bold@0 SF(zfs-tpm-list)108 124.8 Q/F4 10
-/Courier-Oblique@0 SF(dataset)2.5 E F2(DESCRIPTION)72 141.6 Q F1
-(After v)108 153.6 Q(erifying)-.15 E F4(dataset)2.5 E F1 -.1(wa)2.5 G
-2.5(se).1 G(ncrypted with)-2.5 E F3(tzpfms)2.5 E F1(back)2.5 E(end)-.1 E
-F2(TPM1.X)2.5 E F1(:)A 5(1. performs)118 165.6 R 5.641(the equi)8.141 F
--.25(va)-.25 G 5.641(lent of).25 F F3(zfs)8.142 E/F5 10/Courier@0 SF
-7.308(change-key \255o)11.642 F 7.308(keylocation=prompt \255o)11.642 F
-(keyformat=passphrase)133 177.6 Q F4(dataset)6 E F1(,)A 5(2. remo)118
-189.6 R -.15(ve)-.15 G 10.689(st).15 G(he)-10.689 E F5
-(xyz.nabijaczleweli:tzpfms.)10.689 E F1({)A F5(backend)A F1(,)A F5(key)
-14.189 E F1 10.689(}p)C 8.189(roperties from)-10.689 F F4(dataset)133
-201.6 Q F1(.)A(See)108 218.4 Q F0(zfs-tpm1x-c)2.5 E(hang)-.15 E(e-k)-.1
-E -.3(ey)-.1 G F1(\(8\) for a detailed description.).3 E F2 1.666
+/F0 10/Times-Roman@0 SF 45.793(ZFS-TPM1X-CLEAR-KEY\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 43.292(anual ZFS-TPM1X-CLEAR-KEY\(8\))-2.5
+F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E F0(zfs-tpm1x-clear)108 96
+Q(-k)-.2 E .3 -.15(ey \212 r)-.1 H -.25(ew).15 G(rap ZFS dataset k).25 E
+.3 -.15(ey i)-.1 H 2.5(np).15 G(asssw)-2.5 E
+(ord and clear tzpfms TPM1.X metadata)-.1 E F1(SYNOPSIS)72 112.8 Q/F2 10
+/Courier-Bold@0 SF(zfs-tpm-list)108 124.8 Q/F3 10/Courier-Oblique@0 SF
+(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0(After v)108 153.6 Q
+(erifying)-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G
+(ncrypted with)-2.5 E F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM1.X)
+2.5 E F0(:)A 5(1. performs)118 165.6 R 5.641(the equi)8.141 F -.25(va)
+-.25 G 5.641(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>13.308 E
+/F4 10/Courier@0 SF(keylocation=prompt)11.642 E F2<ad6f>13.308 E F4
+(keyformat=passphrase)133 177.6 Q F3(dataset)6 E F0(,)A 5(2. remo)118
+189.6 R -.15(ve)-.15 G 10.689(st).15 G(he)-10.689 E F4
+(xyz.nabijaczleweli:tzpfms.)10.689 E F0({)A F4(backend)A F0(,)A F4(key)
+14.189 E F0 10.689(}p)C 8.189(roperties from)-10.689 F F3(dataset)133
+201.6 Q F0(.)A(See)108 218.4 Q F4(zfs-tpm1x-change-key)2.5 E F0
+(\(8\) for a detailed description.)A F1 1.666
 (TPM1.X back-end con\214guration)72 235.2 R .625(TPM selection)87 247.2
-R F1(The)108 259.2 Q F3(tzpfms)2.508 E F1 .008
-(suite connects to a local)2.508 F F0(tcsd)2.508 E F1 .008
-(\(8\) process \(at)B F0(localhost:30003)2.508 E F1 2.509(\)b)C 2.509
-(yd)-2.509 G(ef)-2.509 E 2.509(ault. Use)-.1 F .009(the en)2.509 F
-(viron-)-.4 E(ment v)108 271.2 Q(ariable)-.25 E F5(TZPFMS_TPM1X)2.5 E F1
-(to specify a remote TCS hostname.)2.5 E .445(The T)108 288 R(rouSerS)
--.35 E F0(tcsd)2.945 E F1 .445(\(8\) daemon will try)B F0(/de)2.945 E
-(v/tpm0)-.15 E F1 2.945(,t)C(hen)-2.945 E F0(/ude)2.945 E(v/tpm0)-.15 E
-F1 2.945(,t)C(hen)-2.945 E F0(/de)2.944 E(v/tpm)-.15 E F1 2.944(;b)C
-2.944(yo)-2.944 G(ccup)-2.944 E .444(ying one of)-.1 F
-(the earlier ones with, for e)108 300 Q
-(xample, shell redirection, a later one can be selected.)-.15 E F2 .625
-(See also)87 316.8 R F1(The T)108 328.8 Q
+R F0(The)108 259.2 Q F2(tzpfms)2.729 E F0 .229
+(suite connects to a local)2.729 F F4(tcsd)2.73 E F0 .23
+(\(8\) process \(at)B F4(localhost:30003)2.73 E F0 2.73(\)b)C 2.73(yd)
+-2.73 G(ef)-2.73 E 2.73(ault. Use)-.1 F(the)2.73 E(en)108 271.2 Q
+(vironment v)-.4 E(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0
+(to specify a remote TCS hostname.)2.5 E .111(The T)108 288 R(rouSerS)
+-.35 E F4(tcsd)2.611 E F0 .111(\(8\) daemon will try)B F4(/dev/tpm0)2.61
+E F0 2.61(,t)C(hen)-2.61 E F4(/udev/tpm0)2.61 E F0 2.61(,t)C(hen)-2.61 E
+F4(/dev/tpm)2.61 E F0 2.61(;b)C 2.61(yo)-2.61 G(ccu-)-2.61 E -.1(py)108
+300 S(ing one of the earlier ones with, for e).1 E
+(xample, shell redirection, a later one can be selected.)-.15 E F1 .625
+(See also)87 316.8 R F0(The T)108 328.8 Q
 (rouSerS project page at https://sourcefor)-.35 E
 (ge.net/projects/trousers.)-.18 E 4.415
 (The TPM 1.2 main speci\214cation inde)108 345.6 R 6.915(xa)-.15 G 6.915
 (th)-6.915 G(ttps://trustedcomputinggroup.or)-6.915 E
-(g/resource/tpm-main-)-.18 E(speci\214cation.)108 357.6 Q F2 1.666
-(SPECIAL THANKS)72 374.4 R F1 1.6 -.8(To a)108 386.4 T
+(g/resource/tpm-main-)-.18 E(speci\214cation.)108 357.6 Q F1 1.666
+(SPECIAL THANKS)72 374.4 R F0 1.6 -.8(To a)108 386.4 T
 (ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
-.15 E F2<83>128 398.4 Q F1(ThePhD)7.5 E F2<83>128 410.4 Q F1
-(Embark Studios)7.5 E F2<83>128 422.4 Q F1(Lars Strojn)7.5 E(y)-.15 E F2
-(REPOR)72 439.2 Q 1.666(TING B)-.4 F(UGS)-.1 E F1(https://todo.sr)108
-451.2 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F0(\001nabijaczle)
-108 468 Q(weli/tzpfms@lists.sr)-.15 E(.ht)-1.11 E F1 2.5(,a)C(rchi)-2.5
-E -.15(ve)-.25 G 2.5(da).15 G 2.5(th)-2.5 G(ttps://lists.sr)-2.5 E
-(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(tzpfms 0.3.3-7-g893a48c)
-72 817.889 Q(No)85.673 E -.15(ve)-.15 G(mber 25, 2023).15 E(1)180.932 E
-0 Cg EP
+.15 E F1<83>128 398.4 Q F0(ThePhD)7.5 E F1<83>128 410.4 Q F0
+(Embark Studios)7.5 E F1<83>128 422.4 Q F0(Lars Strojn)7.5 E(y)-.15 E F1
+(REPOR)72 439.2 Q 1.666(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108
+451.2 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F4
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 468 Q F0 83.763(,a)C(rchi)
+-83.763 E -.15(ve)-.25 G 83.762(da).15 G(t)-83.762 E(https://lists.sr)
+108 480 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E
+(tzpfms 0.3.3-8-g286180b)72 817.889 Q(No)84.553 E -.15(ve)-.15 G
+(mber 25, 2023).15 E(1)180.932 E 0 Cg EP
 %%Page: 1 6
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Italic@0 SF(ZFS-TPM1X-LO)72 48 Q(AD-KEY)-.55 E/F1 10
-/Times-Roman@0 SF 57.453(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G
-(anual)-2.5 E F0(ZFS-TPM1X-LO)57.452 E(AD-KEY)-.55 E F1(\(8\))A/F2 10
-/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E F1(zfs-tpm1x-load-k)108 96 Q .3
--.15(ey \212 l)-.1 H(oad TPM1.X-encrypted ZFS dataset k).15 E -.15(ey)
--.1 G F2(SYNOPSIS)72 112.8 Q/F3 10/Courier-Bold@0 SF(zfs-tpm-list)108
-124.8 Q F1([)2.5 E/F4 10/Courier@0 SF<ad6e>1.666 E F1(])A/F5 10
-/Courier-Oblique@0 SF(dataset)2.5 E F2(DESCRIPTION)72 141.6 Q F1 .191
-(After v)108 153.6 R(erifying)-.15 E F5(dataset)2.691 E F1 -.1(wa)2.691
-G 2.691(se).1 G .191(ncrypted with)-2.691 F F3(tzpfms)2.69 E F1(back)
-2.69 E(end)-.1 E F2(TPM1.X)2.69 E F1 .19(will unseal the k)2.69 F .49
--.15(ey a)-.1 H .19(nd load).15 F(it into)108 165.6 Q F5(dataset)2.5 E
-F1(.)A .236
+/F0 10/Times-Roman@0 SF(ZFS-TPM1X-LO)72 48 Q 51.153(AD-KEY\(8\) System)
+-.35 F(Manager')2.5 E 2.5(sM)-.55 G 48.652(anual ZFS-TPM1X-LO)-2.5 F
+(AD-KEY\(8\))-.35 E/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E F0
+(zfs-tpm1x-load-k)108 96 Q .3 -.15(ey \212 l)-.1 H
+(oad TPM1.X-encrypted ZFS dataset k).15 E -.15(ey)-.1 G F1(SYNOPSIS)72
+112.8 Q/F2 10/Courier-Bold@0 SF(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2
+<ad6e>1.666 E F0(])A/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1
+(DESCRIPTION)72 141.6 Q F0 .19(After v)108 153.6 R(erifying)-.15 E F3
+(dataset)2.69 E F0 -.1(wa)2.69 G 2.69(se).1 G .19(ncrypted with)-2.69 F
+F2(tzpfms)2.69 E F0(back)2.69 E(end)-.1 E F1(TPM1.X)2.69 E F0 .191
+(will unseal the k)2.69 F .491 -.15(ey a)-.1 H .191(nd load).15 F
+(it into)108 165.6 Q F3(dataset)2.5 E F0(.)A .236
 (The user is \214rst prompted for the SRK passphrase, set when taking o)
-108 182.4 R .236(wnership, if not "well-kno)-.25 F .236(wn" \(all)-.25 F
+108 182.4 R .236(wnership, if not "well-kno)-.25 F .235(wn" \(all)-.25 F
 (zeroes\); then for the additional passphrase, set when creating the k)
 108 194.4 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5(fo)-2.5 G(ne w)-2.5 E
-(as set.)-.1 E(See)108 211.2 Q F0(zfs-tpm1x-c)2.5 E(hang)-.15 E(e-k)-.1
-E -.3(ey)-.1 G F1(\(8\) for a detailed description.).3 E F2(OPTIONS)72
-228 Q F4<ad6e>109.666 240 Q F1 3.208(Do a no-op/dry run, can be used e)
-131 240 R -.15(ve)-.25 G 5.708(ni).15 G 5.708(ft)-5.708 G 3.208(he k)
--5.708 F 3.508 -.15(ey i)-.1 H 5.708(sa).15 G 3.208(lready loaded.)
--5.708 F(Equi)8.207 E -.25(va)-.25 G 3.207(lent to).25 F F3(zfs)5.707 E
-F4(load-key)131 252 Q F1 -.55('s)C F4<ad6e>4.716 E F1(option.)2.5 E F2
-(ENVIR)72 268.8 Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F4
-(TZPFMS_PASSPHRASE_HELPER)108 280.8 Q F1 .045(By def)133 292.8 R .045(a\
-ult, passphrases are prompted for and read in on the standard output an\
-d input streams.)-.1 F(If)5.046 E F4(TZPFMS_PASSPHRASE_HELPER)133 304.8
-Q F1 .896(is set and nonempty)3.397 F 3.396(,i)-.65 G 3.396(tw)-3.396 G
-.896(ill be run via)-3.396 F F0(/bin/)3.396 E F3(sh)A F4<ad63>8.562 E F1
-.896(to pro-)3.396 F(vide each passphrase, instead.)133 316.8 Q .643
+(as set.)-.1 E(See)108 211.2 Q/F4 10/Courier@0 SF(zfs-tpm1x-change-key)
+2.5 E F0(\(8\) for a detailed description.)A F1(OPTIONS)72 228 Q F2
+<ad6e>109.666 240 Q F0 3.208(Do a no-op/dry run, can be used e)131 240 R
+-.15(ve)-.25 G 5.708(ni).15 G 5.708(ft)-5.708 G 3.208(he k)-5.708 F
+3.508 -.15(ey i)-.1 H 5.708(sa).15 G 3.208(lready loaded.)-5.708 F(Equi)
+8.208 E -.25(va)-.25 G 3.208(lent to).25 F F2(zfs)5.708 E(load-key)131
+252 Q F0 -.55('s)C F2<ad6e>4.716 E F0(option.)2.5 E F1(ENVIR)72 268.8 Q
+1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108
+280.8 Q F0 .046(By def)133 292.8 R .045(ault, passphrases are prompted \
+for and read in on the standard output and input streams.)-.1 F(If)5.045
+E F4(TZPFMS_PASSPHRASE_HELPER)133 304.8 Q F0 1.595(is set and nonempty)
+4.095 F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F
+F4(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 316.8 Q
+(vide each passphrase, instead.)-.15 E .643
 (The standard output stream of the helper is tied to an anon)133 333.6 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
 133 345.6 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
-(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 357.6 Q F1
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 357.6 Q F0
 (Pre-formatted noun phrase with all the information belo)160 357.6 Q 1.3
--.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 369.6 Q F1
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 369.6 Q F0
 (Either the dataset name or the element of the TPM hierarch)160 369.6 Q
-2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 381.6 Q F1("ne)160
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 381.6 Q F0("ne)160
 381.6 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
-(assphrase, otherwise blank)-2.5 E F4($4)143 393.6 Q F1("ag)160 393.6 Q
+(assphrase, otherwise blank)-2.5 E F4($4)143 393.6 Q F0("ag)160 393.6 Q
 (ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .178
-(If the helper doesn')133 410.4 R 2.678(te)-.18 G .178
-(xist \(the shell e)-2.828 F .177(xits with)-.15 F F2(127)2.677 E F1
-.177(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 410.4 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
 422.4 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
-G(ther reason, the prompting is aborted.)-2.5 E F2 1.666
+G(ther reason, the prompting is aborted.)-2.5 E F1 1.666
 (TPM1.X back-end con\214guration)72 439.2 R .625(TPM selection)87 451.2
-R F1(The)108 463.2 Q F3(tzpfms)2.508 E F1 .008
-(suite connects to a local)2.508 F F0(tcsd)2.508 E F1 .008
-(\(8\) process \(at)B F0(localhost:30003)2.508 E F1 2.509(\)b)C 2.509
-(yd)-2.509 G(ef)-2.509 E 2.509(ault. Use)-.1 F .009(the en)2.509 F
-(viron-)-.4 E(ment v)108 475.2 Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F1
-(to specify a remote TCS hostname.)2.5 E .445(The T)108 492 R(rouSerS)
--.35 E F0(tcsd)2.945 E F1 .445(\(8\) daemon will try)B F0(/de)2.945 E
-(v/tpm0)-.15 E F1 2.945(,t)C(hen)-2.945 E F0(/ude)2.945 E(v/tpm0)-.15 E
-F1 2.945(,t)C(hen)-2.945 E F0(/de)2.944 E(v/tpm)-.15 E F1 2.944(;b)C
-2.944(yo)-2.944 G(ccup)-2.944 E .444(ying one of)-.1 F
-(the earlier ones with, for e)108 504 Q
-(xample, shell redirection, a later one can be selected.)-.15 E F2 .625
-(See also)87 520.8 R F1(The T)108 532.8 Q
+R F0(The)108 463.2 Q F2(tzpfms)2.73 E F0 .23(suite connects to a local)
+2.73 F F4(tcsd)2.73 E F0 .23(\(8\) process \(at)B F4(localhost:30003)
+2.729 E F0 2.729(\)b)C 2.729(yd)-2.729 G(ef)-2.729 E 2.729(ault. Use)-.1
+F(the)2.729 E(en)108 475.2 Q(vironment v)-.4 E(ariable)-.25 E F4
+(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .11
+(The T)108 492 R(rouSerS)-.35 E F4(tcsd)2.61 E F0 .11
+(\(8\) daemon will try)B F4(/dev/tpm0)2.61 E F0 2.61(,t)C(hen)-2.61 E F4
+(/udev/tpm0)2.611 E F0 2.611(,t)C(hen)-2.611 E F4(/dev/tpm)2.611 E F0
+2.611(;b)C 2.611(yo)-2.611 G(ccu-)-2.611 E -.1(py)108 504 S
+(ing one of the earlier ones with, for e).1 E
+(xample, shell redirection, a later one can be selected.)-.15 E F1 .625
+(See also)87 520.8 R F0(The T)108 532.8 Q
 (rouSerS project page at https://sourcefor)-.35 E
 (ge.net/projects/trousers.)-.18 E 4.415
 (The TPM 1.2 main speci\214cation inde)108 549.6 R 6.915(xa)-.15 G 6.915
 (th)-6.915 G(ttps://trustedcomputinggroup.or)-6.915 E
-(g/resource/tpm-main-)-.18 E(speci\214cation.)108 561.6 Q F2 1.666
-(SPECIAL THANKS)72 578.4 R F1 1.6 -.8(To a)108 590.4 T
+(g/resource/tpm-main-)-.18 E(speci\214cation.)108 561.6 Q F1 1.666
+(SPECIAL THANKS)72 578.4 R F0 1.6 -.8(To a)108 590.4 T
 (ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
-.15 E F2<83>128 602.4 Q F1(ThePhD)7.5 E F2<83>128 614.4 Q F1
-(Embark Studios)7.5 E F2<83>128 626.4 Q F1(Lars Strojn)7.5 E(y)-.15 E F2
-(REPOR)72 643.2 Q 1.666(TING B)-.4 F(UGS)-.1 E F1(https://todo.sr)108
-655.2 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F0(\001nabijaczle)
-108 672 Q(weli/tzpfms@lists.sr)-.15 E(.ht)-1.11 E F1 2.5(,a)C(rchi)-2.5
-E -.15(ve)-.25 G 2.5(da).15 G 2.5(th)-2.5 G(ttps://lists.sr)-2.5 E
-(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(tzpfms 0.3.3-7-g893a48c)
-72 817.889 Q(No)85.673 E -.15(ve)-.15 G(mber 25, 2023).15 E(1)180.932 E
-0 Cg EP
+.15 E F1<83>128 602.4 Q F0(ThePhD)7.5 E F1<83>128 614.4 Q F0
+(Embark Studios)7.5 E F1<83>128 626.4 Q F0(Lars Strojn)7.5 E(y)-.15 E F1
+(REPOR)72 643.2 Q 1.666(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108
+655.2 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F4
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 672 Q F0 83.762(,a)C(rchi)
+-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E(https://lists.sr)
+108 684 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E
+(tzpfms 0.3.3-8-g286180b)72 817.889 Q(No)84.553 E -.15(ve)-.15 G
+(mber 25, 2023).15 E(1)180.932 E 0 Cg EP
 %%Page: 1 7
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Italic@0 SF(ZFS-TPM2-CHANGE-KEY)72 48 Q/F1 10/Times-Roman@0
-SF 49.123(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G(anual)-2.5 E F0
-(ZFS-TPM2-CHANGE-KEY)49.122 E F1(\(8\))A/F2 10/Times-Bold@0 SF -.2(NA)72
-84 S(ME).2 E F1(zfs-tpm2-change-k)108 96 Q .3 -.15(ey \212 c)-.1 H
-(hange ZFS dataset k).15 E .3 -.15(ey t)-.1 H 2.5(oo).15 G
-(ne stored on the TPM)-2.5 E F2(SYNOPSIS)72 112.8 Q/F3 10/Courier-Bold@0
-SF(zfs-tpm-list)108 124.8 Q F1([)2.5 E/F4 10/Courier@0 SF<ad62>1.666 E
-/F5 10/Courier-Oblique@0 SF(backup-file)6 E F1 2.5(][)C F4<ad50>-.834 E
-F5(algorithm)6 E F4(:)A F5(PCR)A F1([)A F4(,)A F5(PCR)A F1 1.666(]...)C
-([)186 136.8 Q F4(+)A F5(algorithm)A F4(:)A F5(PCR)A F1([)A F4(,)A F5
-(PCR)A F1 1.666(]...)C -3.332 1.666(]... [)-1.666 H F4<ad41>A F1(]])A F5
-(dataset)2.5 E F2(DESCRIPTION)72 153.6 Q F1 1.677 -.8(To n)108 165.6 T
-(ormalise).8 E F5(dataset)2.577 E F1(,)A F3(zfs-tpm-list)2.577 E F1 .076
-(will open its encryption root in its stead.)2.576 F F3(zfs-tpm-list)
-5.076 E F1(will)108 177.6 Q F0(ne)2.5 E(ver)-.15 E F1(create or destro)
-2.5 E 2.5(ye)-.1 G(ncryption roots; use)-2.5 E F0(zfs-c)2.5 E(hang)-.15
-E(e-k)-.1 E -.3(ey)-.1 G F1(\(8\) for that.).3 E
-(First, a connection is made to the TPM, which)108 194.4 Q F0(must)2.5 E
-F1(be TPM-2.0-compatible.)2.5 E(If)108 211.2 Q F5(dataset)3.054 E F1 -.1
+/F0 10/Times-Roman@0 SF 44.133(ZFS-TPM2-CHANGE-KEY\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 41.632(anual ZFS-TPM2-CHANGE-KEY\(8\))-2.5
+F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E F0(zfs-tpm2-change-k)108
+96 Q .3 -.15(ey \212 c)-.1 H(hange ZFS dataset k).15 E .3 -.15(ey t)-.1
+H 2.5(oo).15 G(ne stored on the TPM)-2.5 E F1(SYNOPSIS)72 112.8 Q/F2 10
+/Courier-Bold@0 SF(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2<ad62>1.666 E
+/F3 10/Courier-Oblique@0 SF(backup-file)6 E F0 2.5(][)C F2<ad50>-.834 E
+F3(algorithm)6 E F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C
+([)186 136.8 Q F2(+)A F3(algorithm)A F2(:)A F3(PCR)A F0([)A F2(,)A F3
+(PCR)A F0 1.666(]...)C -3.332 1.666(]... [)-1.666 H F2<ad41>A F0(]])A F3
+(dataset)2.5 E F1(DESCRIPTION)72 153.6 Q F0 1.677 -.8(To n)108 165.6 T
+(ormalise).8 E F3(dataset)2.577 E F0(,)A F2(zfs-tpm-list)2.577 E F0 .076
+(will open its encryption root in its stead.)2.576 F F2(zfs-tpm-list)
+5.076 E F0(will)108 177.6 Q/F4 10/Times-Italic@0 SF(ne)2.5 E(ver)-.15 E
+F0(create or destro)2.5 E 2.5(ye)-.1 G(ncryption roots; use)-2.5 E/F5 10
+/Courier@0 SF(zfs-change-key)2.5 E F0(\(8\) for that.)A
+(First, a connection is made to the TPM, which)108 194.4 Q F4(must)2.5 E
+F0(be TPM-2.0-compatible.)2.5 E(If)108 211.2 Q F3(dataset)3.054 E F0 -.1
 (wa)3.054 G 3.054(sp).1 G(re)-3.054 E .554(viously encrypted with)-.25 F
-F3(tzpfms)3.055 E F1 .555(and the)3.055 F F2(TPM2)3.055 E F1 .555
+F2(tzpfms)3.055 E F0 .555(and the)3.055 F F1(TPM2)3.055 E F0 .555
 (back-end w)3.055 F .555(as used, the pre)-.1 F(vious)-.25 E -.1(ke)108
 223.2 S 3.06(yw)-.05 G .56(ill be freed from the TPM.)-3.06 F .56
 (Otherwise, or in case of an error)5.56 F 3.059(,d)-.4 G .559
 (ata required for manual interv)-3.059 F(en-)-.15 E
 (tion will be printed to the standard error stream.)108 235.2 Q(Ne)108
-252 Q 1.74(xt, a ne)-.15 F 4.24(ww)-.25 G 1.74(rapping k)-4.24 F 2.04
--.15(ey i)-.1 H 4.24(sg).15 G 1.74(enerated on the TPM, optionally back)
--4.24 F 1.741(ed up \(see \231OPTIONS\232\), and)-.1 F .576
-(sealed to a persistent object on the TPM under the o)108 264 R .575
-(wner hierarch)-.25 F .575(y; if there is a passphrase set on the)-.05 F
--.25(ow)108 276 S .48(ner hierarch).25 F 1.78 -.65(y, t)-.05 H .48
-(he user is prompted for it; the user is al).65 F -.1(wa)-.1 G .481
-(ys prompted for an optional passphrase to).1 F
-(protect the sealed object with.)108 288 Q(The follo)108 304.8 Q
-(wing properties are set on)-.25 E F5(dataset)2.5 E F1(:)A F2<83>128
-316.8 Q F4(xyz.nabijaczleweli:tzpfms.backend)7.5 E F1(=)A F2(TPM2)A<83>
-128 328.8 Q F4(xyz.nabijaczleweli:tzpfms.key)7.5 E F1(=)A F5
-(persistent-object-ID)A F1([)139 340.8 Q F4(;)A F5(algorithm)A F4(:)A F5
-(PCR)A F1([)A F4(,)A F5(PCR)A F1 1.666(]...)C([)-1.666 E F4(+)A F5
-(algorithm)A F4(:)A F5(PCR)A F1([)A F4(,)A F5(PCR)A F1 1.666(]...)C
-1.666(]...)-1.666 G(])-1.666 E F4(tzpfms.backend)108 357.6 Q F1 1.264
-(identi\214es this dataset for w)3.764 F 1.263(ork with)-.1 F F2(TPM2)
-3.763 E F1(-back-ended)A F3(tzpfms)3.763 E F1 1.263(tools \(namely)3.763
-F F0(zfs-tpm2-c)108 369.6 Q(hang)-.15 E(e-k)-.1 E -.3(ey)-.1 G F1
-(\(8\),).3 E F0(zfs-tpm2-load-k)2.5 E -.3(ey)-.1 G F1(\(8\), and).3 E F0
-(zfs-tpm2-clear)2.5 E(-k)-.2 E -.3(ey)-.1 G F1(\(8\)\).).3 E F4
-(tzpfms.key)108 386.4 Q F1 1.508(is an inte)4.008 F 1.509
+252 Q .294(xt, a ne)-.15 F 2.794(ww)-.25 G .294(rapping k)-2.794 F .594
+-.15(ey i)-.1 H 2.794(sg).15 G .294
+(enerated on the TPM, optionally back)-2.794 F .294(ed up \(see)-.1 F F1
+(OPTIONS)2.794 E F0 .294(\), and sealed)B .589
+(to a persistent object on the TPM under the o)108 264 R .589
+(wner hierarch)-.25 F .588(y; if there is a passphrase set on the o)-.05
+F(wner)-.25 E(hierarch)108 276 Q 1.602 -.65(y, t)-.05 H .302
+(he user is prompted for it; the user is al).65 F -.1(wa)-.1 G .302
+(ys prompted for an optional passphrase to protect).1 F
+(the sealed object with.)108 288 Q(The follo)108 304.8 Q
+(wing properties are set on)-.25 E F3(dataset)2.5 E F0(:)A F1<83>128
+316.8 Q F5(xyz.nabijaczleweli:tzpfms.backend)7.5 E F0(=)A F1(TPM2)A<83>
+128 328.8 Q F5(xyz.nabijaczleweli:tzpfms.key)7.5 E F0(=)A F3
+(persistent-object-ID)A F0([)139 340.8 Q F2(;)A F3(algorithm)A F2(:)A F3
+(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C([)-1.666 E F2(+)A F3
+(algorithm)A F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C
+1.666(]...)-1.666 G(])-1.666 E F5(tzpfms.backend)108 357.6 Q F0 1.264
+(identi\214es this dataset for w)3.764 F 1.263(ork with)-.1 F F1(TPM2)
+3.763 E F0(-back-ended)A F2(tzpfms)3.763 E F0 1.263(tools \(namely)3.763
+F F5(zfs-tpm2-change-key)108 369.6 Q F0(\(8\),)A F5(zfs-tpm2-load-key)
+2.5 E F0(\(8\), and)A F5(zfs-tpm2-clear-key)2.5 E F0(\(8\)\).)A F5
+(tzpfms.key)108 386.4 Q F0 1.508(is an inte)4.008 F 1.509
 (ger representing the sealed object, optionally follo)-.15 F 1.509
 (wed by a semicolon and)-.25 F .823(PCR list as speci\214ed with)108
-398.4 R F4<ad50>4.988 E F1 3.322(,n)C .822(ormalised to be)-3.322 F F3
-(tpm-tools)3.322 E F1 .822(-toolchain-compatible; if needed, it can)B
-.865(be passed to)108 410.4 R F3(tpm2_unseal)3.366 E F4 .866
-(\255c ${tzpfms.key%%;)8.532 F/F6 10/Symbol SF(*)A F4(})A F1(with)3.366
-E F4<ad70>5.032 E F1(")6.866 E F4(str:${passphrase})A F1 3.366("o)C(r)
--3.366 E F4<ad70>109.666 422.4 Q F1(")6.22 E F4(pcr:${tzpfms.key#)A F6
-(*)A F4(;})A F1 .22(", as the case may be, or equi)B -.25(va)-.25 G .22
-(lent, for back-up \(see \231OPTIONS\232\).).25 F .447(If you ha)108
-434.4 R .747 -.15(ve a s)-.2 H .447(ealed k).15 F .748 -.15(ey y)-.1 H
-.448(ou can access with that or equi).15 F -.25(va)-.25 G .448
-(lent tool and set both of these properties, it).25 F
+398.4 R F2<ad50>4.988 E F0 3.322(,n)C .822(ormalised to be)-3.322 F F2
+(tpm-tools)3.322 E F0 .822(-toolchain-compatible; if needed, it can)B
+.865(be passed to)108 410.4 R F2 2.532(tpm2_unseal \255c)3.366 F F5
+(${tzpfms.key)6.866 E F2(%%)A F5(;)A/F6 10/Symbol SF(*)A F5(})A F0(with)
+3.366 E F2<ad70>5.032 E F0(")6.866 E F5(str:${passphrase})A F0 3.366("o)
+C(r)-3.366 E F2<ad70>109.666 422.4 Q F0(")6.728 E F5(pcr:${tzpfms.key)A
+F2(#)A F6(*)A F5(;})A F0 .728(", as the case may be, or equi)B -.25(va)
+-.25 G .727(lent, for back-up \(see).25 F F1(OPTIONS)3.227 E F0(\).)A
+.447(If you ha)108 434.4 R .747 -.15(ve a s)-.2 H .447(ealed k).15 F
+.748 -.15(ey y)-.1 H .448(ou can access with that or equi).15 F -.25(va)
+-.25 G .448(lent tool and set both of these properties, it).25 F
 (will funxion seamlessly)108 446.4 Q(.)-.65 E(Finally)108 463.2 Q 12.006
-(,t)-.65 G 9.506(he equi)-12.006 F -.25(va)-.25 G 9.506(lent of).25 F F3
-(zfs)12.005 E F4 11.171(change-key \255o)15.505 F 11.171
-(keylocation=prompt \255o)15.505 F(keyformat=raw)108 475.2 Q F5(dataset)
-6.106 E F1 .106(is performed with the ne)2.606 F 2.606(wk)-.25 G -.15
-(ey)-2.706 G 5.106(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606 G .107
+(,t)-.65 G 9.506(he equi)-12.006 F -.25(va)-.25 G 9.506(lent of).25 F F2
+9.505(zfs change-key)12.005 F<ad6f>17.171 E F5(keylocation=prompt)15.505
+E F2<ad6f>17.171 E F5(keyformat=raw)108 475.2 Q F3(dataset)6.106 E F0
+.106(is performed with the ne)2.606 F 2.606(wk)-.25 G -.15(ey)-2.706 G
+5.106(.I)-.5 G 2.606(fa)-5.106 G 2.606(ne)-2.606 G .107
 (rror occurred, best ef)-2.606 F .107(fort is made)-.25 F .289(to clean\
  up the persistent object and properties, or to issue a note for manual\
  interv)108 487.2 R .289(ention into the stan-)-.15 F
 (dard error stream.)108 499.2 Q 2.624<418c>108 516 S .124(nal v)-2.624 F
-.124(eri\214cation should be made by running)-.15 F F3
-(zfs-tpm2-load-key)2.625 E F4<ad6e>7.791 E F5(dataset)6.125 E F1 5.125
-(.I)C 2.625(ft)-5.125 G .125(hat com-)-2.625 F .507
-(mand succeeds, all is well, b)108 528 R .506(ut otherwise the dataset \
-can be manually rolled back to a passphrase with)-.2 F F3
-(zfs-tpm2-clear-key)108 540 Q F5(dataset)11.538 E F1(\(or)8.039 E 8.039
-(,i)-.4 G 8.039(ft)-8.039 G 5.539(hat f)-8.039 F 5.539(ails to w)-.1 F
-(ork,)-.1 E F3(zfs)8.039 E F4 7.205(change-key \255o)11.539 F
-(keyformat=passphrase)108 552 Q F5(dataset)6 E F1
+.124(eri\214cation should be made by running)-.15 F F2 1.791
+(zfs-tpm2-load-key \255n)2.625 F F3(dataset)6.125 E F0 5.125(.I)C 2.625
+(ft)-5.125 G .125(hat com-)-2.625 F .507(mand succeeds, all is well, b)
+108 528 R .506(ut otherwise the dataset can be manually rolled back to \
+a passphrase with)-.2 F F2(zfs-tpm2-clear-key)108 540 Q F3(dataset)
+11.538 E F0(\(or)8.039 E 8.039(,i)-.4 G 8.039(ft)-8.039 G 5.539(hat f)
+-8.039 F 5.539(ails to w)-.1 F(ork,)-.1 E F2 5.539(zfs change-key)8.039
+F<ad6f>13.205 E F5(keyformat=passphrase)108 552 Q F3(dataset)6 E F0
 (\), and you are hereby ask)A(ed to report a b)-.1 E(ug, please.)-.2 E
-F3(zfs-tpm2-clear-key)108 568.8 Q F5(dataset)6.029 E F1 .029
+F2(zfs-tpm2-clear-key)108 568.8 Q F3(dataset)6.029 E F0 .029
 (can be used to free the TPM persistent object and go back to us-)2.529
-F(ing a passphrase.)108 580.8 Q F2(OPTIONS)72 597.6 Q F4<ad62>109.666
-609.6 Q F5(backup-file)6 E F1(Sa)203 609.6 Q .352 -.15(ve a b)-.2 H .052
-(ack-up of the k).15 F .352 -.15(ey t)-.1 H(o).15 E F5(backup-file)2.552
-E F1 2.552(,w)C .052(hich must not e)-2.552 F .053(xist beforehand.)-.15
-F .694(This back-up)203 621.6 R F0(must)3.194 E F1 .694
+F(ing a passphrase.)108 580.8 Q F1(OPTIONS)72 597.6 Q F2<ad62>109.666
+609.6 Q F3(backup-file)6 E F0(Sa)203 609.6 Q .352 -.15(ve a b)-.2 H .052
+(ack-up of the k).15 F .352 -.15(ey t)-.1 H(o).15 E F3(backup-file)2.552
+E F0 2.552(,w)C .052(hich must not e)-2.552 F .053(xist beforehand.)-.15
+F .694(This back-up)203 621.6 R F4(must)3.194 E F0 .694
 (be stored securely)3.194 F 3.194(,o)-.65 G -.25(ff)-3.194 G 3.194
 (-site. In).25 F .693(case of a catastrophic e)3.194 F -.15(ve)-.25 G
 (nt,).15 E(the k)203 633.6 Q .3 -.15(ey c)-.1 H(an be loaded by running)
-.15 E F3(zfs)233 645.6 Q F4(load-key)6 E F5(dataset)6 E F4(<)6 E F5
-(backup-file)6 E F4<ad50>109.666 662.4 Q F5(algorithm)6 E F4(:)A F5(PCR)
-A F1([)A F4(,)A F5(PCR)A F1 1.666(]...)C([)-1.666 E F4(+)A F5(algorithm)
-A F4(:)A F5(PCR)A F1([)A F4(,)A F5(PCR)A F1 1.666(]...)C 1.666(]...)
+.15 E F2(zfs load-key)233 645.6 Q F3(dataset)6 E F5(<)6 E F3
+(backup-file)6 E F2<ad50>109.666 662.4 Q F3(algorithm)6 E F2(:)A F3(PCR)
+A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C([)-1.666 E F2(+)A F3(algorithm)
+A F2(:)A F3(PCR)A F0([)A F2(,)A F3(PCR)A F0 1.666(]...)C 1.666(]...)
 -1.666 G 1.424(Bind the k)203 674.4 R 1.724 -.15(ey t)-.1 H 3.924(os).15
-G 1.424(pace- or comma-separated)-3.924 F F5(PCR)3.925 E F1 3.925(sw)C
-1.425(ithin their corresponding)-3.925 F(hashing)203 686.4 Q F5
-(algorithm)2.524 E F1 2.524<8a69>2.524 G 2.523(ft)-2.524 G(he)-2.523 E
+G 1.424(pace- or comma-separated)-3.924 F F3(PCR)3.925 E F0 3.925(sw)C
+1.425(ithin their corresponding)-3.925 F(hashing)203 686.4 Q F3
+(algorithm)2.524 E F0 2.524<8a69>2.524 G 2.523(ft)-2.524 G(he)-2.523 E
 2.523(yc)-.15 G .023(hange, the wrapping k)-2.523 F .323 -.15(ey w)-.1 H
 .023(ill not be able to be).15 F 2.5(unsealed. There)203 698.4 R(are)2.5
-E F2(24)2.5 E F1(PCRs, numbered [)2.5 E F2(0)A F1(,)A F2(23)2.5 E F1(].)
-A F5(algorithm)203 715.2 Q F1 2.968(may be an)5.468 F 5.468(yo)-.15 G
-5.468(fc)-5.468 G(ase-insensiti)-5.468 E 3.268 -.15(ve ")-.25 H F2(sha1)
-.15 E F1 2.968(", ")B F2(sha256)A F1 2.969(", ")B F2(sha384)A F1(",)A(")
-203 727.2 Q F2(sha512)A F1 4.983(", ")B F2(sm3_256)A F1 4.983(", ")B F2
-(sm3-256)A F1 4.983(", ")B F2(sha3_256)A F1 4.983(", ")B F2(sha3-256)A
-F1 4.983(", ")B F2(sha3_384)A F1(",)A(")203 739.2 Q F2(sha3-384)A F1
-(", ")A F2(sha3_512)A F1(", or ")A F2(sha3-512)A F1
-(", and must be supported by the TPM.)A(tzpfms 0.3.3-7-g893a48c)72
-817.889 Q(No)85.673 E -.15(ve)-.15 G(mber 25, 2023).15 E(1)180.932 E 0
+E F1(24)2.5 E F0(PCRs, numbered [)2.5 E F1(0)A F0(,)A F1(23)2.5 E F0(].)
+A F3(algorithm)203 715.2 Q F0 2.968(may be an)5.468 F 5.468(yo)-.15 G
+5.468(fc)-5.468 G(ase-insensiti)-5.468 E 3.268 -.15(ve ")-.25 H F1(sha1)
+.15 E F0 2.968(", ")B F1(sha256)A F0 2.969(", ")B F1(sha384)A F0(",)A(")
+203 727.2 Q F1(sha512)A F0 4.983(", ")B F1(sm3_256)A F0 4.983(", ")B F1
+(sm3-256)A F0 4.983(", ")B F1(sha3_256)A F0 4.983(", ")B F1(sha3-256)A
+F0 4.983(", ")B F1(sha3_384)A F0(",)A(")203 739.2 Q F1(sha3-384)A F0
+(", ")A F1(sha3_512)A F0(", or ")A F1(sha3-512)A F0
+(", and must be supported by the TPM.)A(tzpfms 0.3.3-8-g286180b)72
+817.889 Q(No)84.553 E -.15(ve)-.15 G(mber 25, 2023).15 E(1)180.932 E 0
 Cg EP
 %%Page: 2 8
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Italic@0 SF(ZFS-TPM2-CHANGE-KEY)72 48 Q/F1 10/Times-Roman@0
-SF 49.123(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G(anual)-2.5 E F0
-(ZFS-TPM2-CHANGE-KEY)49.122 E F1(\(8\))A/F2 10/Courier@0 SF<ad41>109.666
-84 Q F1 -.4(Wi)203 84 S(th).4 E F2<ad50>4.588 E F1 2.922(,a)C .422
-(lso prompt for a passphrase.)-2.922 F .422(This is skipped by def)5.422
-F .423(ault because the)-.1 F .675(passphrase is)203 96 R F0(OR)3.175 E
-F1 .675(ed with the PCR polic)B 3.175(y\212t)-.15 G .675(he wrapping k)
--3.175 F .975 -.15(ey c)-.1 H .675(an be unsealed).15 F F0(either)203
-108 Q F1 1.389(passphraseless with the right PCRs)3.889 F F0(or)3.89 E
-F1 1.39(with the passphrase, and this is)3.89 F(usually not the intent.)
-203 120 Q/F3 10/Times-Bold@0 SF(ENVIR)72 136.8 Q 1.666(ONMENT V)-.3 F
-(ARIABLES)-1.35 E F2(TZPFMS_PASSPHRASE_HELPER)108 148.8 Q F1 .046
+/F0 10/Times-Roman@0 SF 44.133(ZFS-TPM2-CHANGE-KEY\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 41.632(anual ZFS-TPM2-CHANGE-KEY\(8\))-2.5
+F/F1 10/Courier-Bold@0 SF<ad41>109.666 84 Q F0 -.4(Wi)203 84 S(th).4 E
+F1<ad50>4.588 E F0 2.922(,a)C .422(lso prompt for a passphrase.)-2.922 F
+.422(This is skipped by def)5.422 F .423(ault because the)-.1 F .675
+(passphrase is)203 96 R/F2 10/Times-Italic@0 SF(OR)3.175 E F0 .675
+(ed with the PCR polic)B 3.175(y\212t)-.15 G .675(he wrapping k)-3.175 F
+.975 -.15(ey c)-.1 H .675(an be unsealed).15 F F2(either)203 108 Q F0
+1.389(passphraseless with the right PCRs)3.889 F F2(or)3.89 E F0 1.39
+(with the passphrase, and this is)3.89 F(usually not the intent.)203 120
+Q/F3 10/Times-Bold@0 SF(ENVIR)72 136.8 Q 1.666(ONMENT V)-.3 F(ARIABLES)
+-1.35 E/F4 10/Courier@0 SF(TZPFMS_PASSPHRASE_HELPER)108 148.8 Q F0 .046
 (By def)133 160.8 R .045(ault, passphrases are prompted for and read in\
- on the standard output and input streams.)-.1 F(If)5.045 E F2
-(TZPFMS_PASSPHRASE_HELPER)133 172.8 Q F1 .896(is set and nonempty)3.396
-F 3.396(,i)-.65 G 3.396(tw)-3.396 G .896(ill be run via)-3.396 F F0
-(/bin/)3.396 E/F4 10/Courier-Bold@0 SF(sh)A F2<ad63>8.562 E F1 .897
-(to pro-)3.396 F(vide each passphrase, instead.)133 184.8 Q .643
+ on the standard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 172.8 Q F0 1.595(is set and nonempty)4.095
+F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
+(/bin/)4.096 E F1 3.262(sh \255c)B F0(to)4.096 E(pro)133 184.8 Q
+(vide each passphrase, instead.)-.15 E .643
 (The standard output stream of the helper is tied to an anon)133 201.6 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
 133 213.6 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
-(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F2($1)143 225.6 Q F1
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 225.6 Q F0
 (Pre-formatted noun phrase with all the information belo)160 225.6 Q 1.3
--.65(w, f)-.25 H(or use as a prompt).65 E F2($2)143 237.6 Q F1
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 237.6 Q F0
 (Either the dataset name or the element of the TPM hierarch)160 237.6 Q
-2.5(yb)-.05 G(eing prompted for)-2.5 E F2($3)143 249.6 Q F1("ne)160
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 249.6 Q F0("ne)160
 249.6 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
-(assphrase, otherwise blank)-2.5 E F2($4)143 261.6 Q F1("ag)160 261.6 Q
+(assphrase, otherwise blank)-2.5 E F4($4)143 261.6 Q F0("ag)160 261.6 Q
 (ain" if it')-.05 E 2.5(st)-.55 G
 (he second prompt for that passphrase, otherwise blank)-2.5 E .177
 (If the helper doesn')133 278.4 R 2.677(te)-.18 G .177
-(xist \(the shell e)-2.827 F .177(xits with)-.15 F F3(127)2.677 E F1
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F3(127)2.677 E F0
 .178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
 290.4 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
 G(ther reason, the prompting is aborted.)-2.5 E F3 1.666
 (TPM2 back-end con\214guration)72 307.2 R(En)87 319.2 Q(vir)-.4 E .625
-(onment v)-.18 F(ariables)-.1 E F2(TSS2_LOG)108 331.2 Q F1(An)161 331.2
-Q 2.5(yo)-.15 G(f:)-2.5 E F3(NONE)2.5 E F1(,)A F3(ERR)2.5 E(OR)-.3 E F1
-(,)A F3 -1.2(WA)2.5 G(RNING)1.2 E F1(,)A F3(INFO)2.5 E F1(,)A F3(DEB)2.5
-E(UG)-.1 E F1(,)A F3(TRA)2.5 E(CE)-.55 E F1 5(.D)C(ef)-5 E(ault:)-.1 E
-F3 -1.2(WA)2.5 G(RNING)1.2 E F1(.)A F3 .625(TPM selection)87 348 R F1
-.978(The library)108 360 R F4(libtss2-tcti-default.so)3.477 E F1 .977
-(can be link)3.477 F .977(ed to an)-.1 F 3.477(yo)-.15 G 3.477(ft)-3.477
-G(he)-3.477 E F0(libtss2-tcti-)3.477 E/F5 10/Symbol SF(*)A F0(.so)A F1
-.977(libraries to)3.477 F 1.145(select the def)108 372 R 1.145
-(ault, otherwise)-.1 F F0(/de)3.646 E(v/tpmrm0)-.15 E F1 3.646(,t)C(hen)
--3.646 E F0(/de)3.646 E(v/tpm0)-.15 E F1 3.646(,t)C(hen)-3.646 E F0
-(localhost:2321)3.646 E F1 1.146(will be tried, in order)3.646 F(\(see)
-108 384 Q F0(ESYS_CONTEXT)2.5 E F1(\(3\)\).)A F3 .625(See also)87 400.8
-R F1 2.247(The tpm2-tss git repository at https://github)108 412.8 R
+(onment v)-.18 F(ariables)-.1 E F4(TSS2_LOG)108 331.2 Q F0(An)161 331.2
+Q 2.5(yo)-.15 G(f:)-2.5 E F3(NONE)2.5 E F0(,)A F3(ERR)2.5 E(OR)-.3 E F0
+(,)A F3 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F3(INFO)2.5 E F0(,)A F3(DEB)2.5
+E(UG)-.1 E F0(,)A F3(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E
+F3 -1.2(WA)2.5 G(RNING)1.2 E F0(.)A F3 .625(TPM selection)87 348 R F0
+.622(The library)108 360 R F1(libtss2-tcti-default.so)3.122 E F0 .622
+(can be link)3.122 F .621(ed to an)-.1 F 3.121(yo)-.15 G 3.121(ft)-3.121
+G(he)-3.121 E F4(libtss2-tcti-)3.121 E/F5 10/Symbol SF(*)A F4(.so)A F0
+(li-)3.121 E .78(braries to select the def)108 372 R .78
+(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.281 E F0 3.281(,t)C(hen)-3.281 E
+F4(/dev/tpm0)3.281 E F0 3.281(,t)C(hen)-3.281 E F4(localhost:2321)3.281
+E F0(will be tried, in order \(see)108 384 Q F4(ESYS_CONTEXT)2.5 E F0
+(\(3\)\).)A F3 .625(See also)87 400.8 R F0 2.247
+(The tpm2-tss git repository at https://github)108 412.8 R
 (.com/tpm2-softw)-.4 E 2.247(are/tpm2-tss and the documentation at)-.1 F
 (https://tpm2-tss.readthedocs.io.)108 424.8 Q 5.774(The TPM 2.0 speci\
 \214cations, mainly at https://trustedcomputinggroup.or)108 441.6 R
@@ -841,184 +831,182 @@ R F1 2.247(The tpm2-tss git repository at https://github)108 412.8 R
 (speci\214cation/, https://trustedcomputinggroup.or)108 453.6 R
 (g/wp-content/uploads/TPM-)-.18 E(Re)108 465.6 Q(v-2.0-P)-.25 E
 (art-1-Architecture-01.38.pdf, and related pages.)-.15 E F3 1.666
-(SPECIAL THANKS)72 482.4 R F1 1.6 -.8(To a)108 494.4 T
+(SPECIAL THANKS)72 482.4 R F0 1.6 -.8(To a)108 494.4 T
 (ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
-.15 E F3<83>128 506.4 Q F1(ThePhD)7.5 E F3<83>128 518.4 Q F1
-(Embark Studios)7.5 E F3<83>128 530.4 Q F1(Lars Strojn)7.5 E(y)-.15 E F3
-(REPOR)72 547.2 Q 1.666(TING B)-.4 F(UGS)-.1 E F1(https://todo.sr)108
-559.2 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F0(\001nabijaczle)
-108 576 Q(weli/tzpfms@lists.sr)-.15 E(.ht)-1.11 E F1 2.5(,a)C(rchi)-2.5
-E -.15(ve)-.25 G 2.5(da).15 G 2.5(th)-2.5 G(ttps://lists.sr)-2.5 E
-(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E F3 1.666(SEE ALSO)72
-592.8 R F0(tpm2_unseal)108 604.8 Q F1(\(1\))A
-(PCR allocations: https://wiki.archlinux.or)108 621.6 Q(g/title/T)-.18 E
+.15 E F3<83>128 506.4 Q F0(ThePhD)7.5 E F3<83>128 518.4 Q F0
+(Embark Studios)7.5 E F3<83>128 530.4 Q F0(Lars Strojn)7.5 E(y)-.15 E F3
+(REPOR)72 547.2 Q 1.666(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108
+559.2 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F4
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 576 Q F0 83.762(,a)C(rchi)
+-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E(https://lists.sr)
+108 588 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E F3 1.666
+(SEE ALSO)72 604.8 R F4(tpm2_unseal)108 616.8 Q F0(\(1\))A
+(PCR allocations: https://wiki.archlinux.or)108 633.6 Q(g/title/T)-.18 E
 (rusted_Platform_Module#Accessing_PCR_re)-.35 E(gisters)-.15 E
-(and https://trustedcomputinggroup.or)108 633.6 Q
+(and https://trustedcomputinggroup.or)108 645.6 Q
 (g/wp-content/uploads/PC-)-.18 E(ClientSpeci\214c_Platform_Pro\214le_fo\
-r_TPM_2p0_Systems_v51.pdf, Section 2.3.4 "PCR Usage", T)108 645.6 Q
-(able)-.8 E(1.)108 657.6 Q(tzpfms 0.3.3-7-g893a48c)72 817.889 Q(No)
-85.673 E -.15(ve)-.15 G(mber 25, 2023).15 E(2)180.932 E 0 Cg EP
+r_TPM_2p0_Systems_v51.pdf, Section 2.3.4 "PCR Usage", T)108 657.6 Q
+(able)-.8 E(1.)108 669.6 Q(tzpfms 0.3.3-8-g286180b)72 817.889 Q(No)
+84.553 E -.15(ve)-.15 G(mber 25, 2023).15 E(2)180.932 E 0 Cg EP
 %%Page: 1 9
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Italic@0 SF(ZFS-TPM2-CLEAR-KEY)72 48 Q/F1 10/Times-Roman@0
-SF 58.563(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G(anual)-2.5 E F0
-(ZFS-TPM2-CLEAR-KEY)58.562 E F1(\(8\))A/F2 10/Times-Bold@0 SF -.2(NA)72
-84 S(ME).2 E F1(zfs-tpm2-clear)108 96 Q(-k)-.2 E .3 -.15(ey \212 r)-.1 H
--.25(ew).15 G(rap ZFS dataset k).25 E .3 -.15(ey i)-.1 H 2.5(np).15 G
-(asssw)-2.5 E(ord and clear tzpfms TPM2 metadata)-.1 E F2(SYNOPSIS)72
-112.8 Q/F3 10/Courier-Bold@0 SF(zfs-tpm-list)108 124.8 Q/F4 10
-/Courier-Oblique@0 SF(dataset)2.5 E F2(DESCRIPTION)72 141.6 Q F1
-(After v)108 153.6 Q(erifying)-.15 E F4(dataset)2.5 E F1 -.1(wa)2.5 G
-2.5(se).1 G(ncrypted with)-2.5 E F3(tzpfms)2.5 E F1(back)2.5 E(end)-.1 E
-F2(TPM2)2.5 E F1(:)A 5(1. performs)118 165.6 R 5.641(the equi)8.141 F
--.25(va)-.25 G 5.641(lent of).25 F F3(zfs)8.142 E/F5 10/Courier@0 SF
-7.308(change-key \255o)11.642 F 7.308(keylocation=prompt \255o)11.642 F
-(keyformat=passphrase)133 177.6 Q F4(dataset)6 E F1(,)A 5(2. frees)118
+/F0 10/Times-Roman@0 SF 53.013(ZFS-TPM2-CLEAR-KEY\(8\) System)72 48 R
+(Manager')2.5 E 2.5(sM)-.55 G 50.512(anual ZFS-TPM2-CLEAR-KEY\(8\))-2.5
+F/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E F0(zfs-tpm2-clear)108 96
+Q(-k)-.2 E .3 -.15(ey \212 r)-.1 H -.25(ew).15 G(rap ZFS dataset k).25 E
+.3 -.15(ey i)-.1 H 2.5(np).15 G(asssw)-2.5 E
+(ord and clear tzpfms TPM2 metadata)-.1 E F1(SYNOPSIS)72 112.8 Q/F2 10
+/Courier-Bold@0 SF(zfs-tpm-list)108 124.8 Q/F3 10/Courier-Oblique@0 SF
+(dataset)2.5 E F1(DESCRIPTION)72 141.6 Q F0(After v)108 153.6 Q
+(erifying)-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G
+(ncrypted with)-2.5 E F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM2)
+2.5 E F0(:)A 5(1. performs)118 165.6 R 5.642(the equi)8.142 F -.25(va)
+-.25 G 5.642(lent of).25 F F2 5.642(zfs change-key)8.142 F<ad6f>13.307 E
+/F4 10/Courier@0 SF(keylocation=prompt)11.641 E F2<ad6f>13.307 E F4
+(keyformat=passphrase)133 177.6 Q F3(dataset)6 E F0(,)A 5(2. frees)118
 189.6 R(the sealed k)2.5 E .3 -.15(ey p)-.1 H(re).15 E
-(viously used to encrypt)-.25 E F4(dataset)2.5 E F1(,)A 5(3. remo)118
-201.6 R -.15(ve)-.15 G 10.689(st).15 G(he)-10.689 E F5
-(xyz.nabijaczleweli:tzpfms.)10.689 E F1({)A F5(backend)A F1(,)A F5(key)
-14.189 E F1 10.689(}p)C 8.189(roperties from)-10.689 F F4(dataset)133
-213.6 Q F1(.)A(See)108 230.4 Q F0(zfs-tpm2-c)2.5 E(hang)-.15 E(e-k)-.1 E
--.3(ey)-.1 G F1(\(8\) for a detailed description.).3 E F2(ENVIR)72 247.2
-Q 1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F5(TZPFMS_PASSPHRASE_HELPER)108
-259.2 Q F1 .045(By def)133 271.2 R .045(ault, passphrases are prompted \
-for and read in on the standard output and input streams.)-.1 F(If)5.046
-E F5(TZPFMS_PASSPHRASE_HELPER)133 283.2 Q F1 .896(is set and nonempty)
-3.397 F 3.396(,i)-.65 G 3.396(tw)-3.396 G .896(ill be run via)-3.396 F
-F0(/bin/)3.396 E F3(sh)A F5<ad63>8.562 E F1 .896(to pro-)3.396 F
-(vide each passphrase, instead.)133 295.2 Q .643
+(viously used to encrypt)-.25 E F3(dataset)2.5 E F0(,)A 5(3. remo)118
+201.6 R -.15(ve)-.15 G 10.689(st).15 G(he)-10.689 E F4
+(xyz.nabijaczleweli:tzpfms.)10.689 E F0({)A F4(backend)A F0(,)A F4(key)
+14.189 E F0 10.689(}p)C 8.189(roperties from)-10.689 F F3(dataset)133
+213.6 Q F0(.)A(See)108 230.4 Q F4(zfs-tpm2-change-key)2.5 E F0
+(\(8\) for a detailed description.)A F1(ENVIR)72 247.2 Q 1.666(ONMENT V)
+-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 259.2 Q F0 .046
+(By def)133 271.2 R .045(ault, passphrases are prompted for and read in\
+ on the standard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 283.2 Q F0 1.595(is set and nonempty)4.095
+F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
+(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 295.2 Q
+(vide each passphrase, instead.)-.15 E .643
 (The standard output stream of the helper is tied to an anon)133 312 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
 133 324 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
-(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F5($1)143 336 Q F1
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 336 Q F0
 (Pre-formatted noun phrase with all the information belo)160 336 Q 1.3
--.65(w, f)-.25 H(or use as a prompt).65 E F5($2)143 348 Q F1
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 348 Q F0
 (Either the dataset name or the element of the TPM hierarch)160 348 Q
-2.5(yb)-.05 G(eing prompted for)-2.5 E F5($3)143 360 Q F1("ne)160 360 Q
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 360 Q F0("ne)160 360 Q
 (w" if this is for a ne)-.25 E 2.5(wp)-.25 G(assphrase, otherwise blank)
--2.5 E F5($4)143 372 Q F1("ag)160 372 Q(ain" if it')-.05 E 2.5(st)-.55 G
-(he second prompt for that passphrase, otherwise blank)-2.5 E .178
-(If the helper doesn')133 388.8 R 2.678(te)-.18 G .178
-(xist \(the shell e)-2.828 F .177(xits with)-.15 F F2(127)2.677 E F1
-.177(\), a diagnostic is issued and the normal prompt)B(is used as f)133
+-2.5 E F4($4)143 372 Q F0("ag)160 372 Q(ain" if it')-.05 E 2.5(st)-.55 G
+(he second prompt for that passphrase, otherwise blank)-2.5 E .177
+(If the helper doesn')133 388.8 R 2.677(te)-.18 G .177
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
+.178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
 400.8 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
-G(ther reason, the prompting is aborted.)-2.5 E F2 1.666
+G(ther reason, the prompting is aborted.)-2.5 E F1 1.666
 (TPM2 back-end con\214guration)72 417.6 R(En)87 429.6 Q(vir)-.4 E .625
-(onment v)-.18 F(ariables)-.1 E F5(TSS2_LOG)108 441.6 Q F1(An)161 441.6
-Q 2.5(yo)-.15 G(f:)-2.5 E F2(NONE)2.5 E F1(,)A F2(ERR)2.5 E(OR)-.3 E F1
-(,)A F2 -1.2(WA)2.5 G(RNING)1.2 E F1(,)A F2(INFO)2.5 E F1(,)A F2(DEB)2.5
-E(UG)-.1 E F1(,)A F2(TRA)2.5 E(CE)-.55 E F1 5(.D)C(ef)-5 E(ault:)-.1 E
-F2 -1.2(WA)2.5 G(RNING)1.2 E F1(.)A F2 .625(TPM selection)87 458.4 R F1
-.977(The library)108 470.4 R F3(libtss2-tcti-default.so)3.477 E F1 .977
-(can be link)3.477 F .977(ed to an)-.1 F 3.477(yo)-.15 G 3.477(ft)-3.477
-G(he)-3.477 E F0(libtss2-tcti-)3.477 E/F6 10/Symbol SF(*)A F0(.so)A F1
-.978(libraries to)3.477 F 1.146(select the def)108 482.4 R 1.146
-(ault, otherwise)-.1 F F0(/de)3.646 E(v/tpmrm0)-.15 E F1 3.646(,t)C(hen)
--3.646 E F0(/de)3.646 E(v/tpm0)-.15 E F1 3.646(,t)C(hen)-3.646 E F0
-(localhost:2321)3.646 E F1 1.145(will be tried, in order)3.646 F(\(see)
-108 494.4 Q F0(ESYS_CONTEXT)2.5 E F1(\(3\)\).)A F2 .625(See also)87
-511.2 R F1 2.247(The tpm2-tss git repository at https://github)108 523.2
-R(.com/tpm2-softw)-.4 E 2.247(are/tpm2-tss and the documentation at)-.1
-F(https://tpm2-tss.readthedocs.io.)108 535.2 Q 5.774(The TPM 2.0 speci\
+(onment v)-.18 F(ariables)-.1 E F4(TSS2_LOG)108 441.6 Q F0(An)161 441.6
+Q 2.5(yo)-.15 G(f:)-2.5 E F1(NONE)2.5 E F0(,)A F1(ERR)2.5 E(OR)-.3 E F0
+(,)A F1 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F1(INFO)2.5 E F0(,)A F1(DEB)2.5
+E(UG)-.1 E F0(,)A F1(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E
+F1 -1.2(WA)2.5 G(RNING)1.2 E F0(.)A F1 .625(TPM selection)87 458.4 R F0
+.622(The library)108 470.4 R F2(libtss2-tcti-default.so)3.122 E F0 .622
+(can be link)3.122 F .621(ed to an)-.1 F 3.121(yo)-.15 G 3.121(ft)-3.121
+G(he)-3.121 E F4(libtss2-tcti-)3.121 E/F5 10/Symbol SF(*)A F4(.so)A F0
+(li-)3.121 E .78(braries to select the def)108 482.4 R .78
+(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.281 E F0 3.281(,t)C(hen)-3.281 E
+F4(/dev/tpm0)3.281 E F0 3.281(,t)C(hen)-3.281 E F4(localhost:2321)3.281
+E F0(will be tried, in order \(see)108 494.4 Q F4(ESYS_CONTEXT)2.5 E F0
+(\(3\)\).)A F1 .625(See also)87 511.2 R F0 2.247
+(The tpm2-tss git repository at https://github)108 523.2 R
+(.com/tpm2-softw)-.4 E 2.247(are/tpm2-tss and the documentation at)-.1 F
+(https://tpm2-tss.readthedocs.io.)108 535.2 Q 5.774(The TPM 2.0 speci\
 \214cations, mainly at https://trustedcomputinggroup.or)108 552 R
 (g/resource/tpm-library-)-.18 E 111.845
 (speci\214cation/, https://trustedcomputinggroup.or)108 564 R
 (g/wp-content/uploads/TPM-)-.18 E(Re)108 576 Q(v-2.0-P)-.25 E
-(art-1-Architecture-01.38.pdf, and related pages.)-.15 E F2 1.666
-(SPECIAL THANKS)72 592.8 R F1 1.6 -.8(To a)108 604.8 T
+(art-1-Architecture-01.38.pdf, and related pages.)-.15 E F1 1.666
+(SPECIAL THANKS)72 592.8 R F0 1.6 -.8(To a)108 604.8 T
 (ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
-.15 E F2<83>128 616.8 Q F1(ThePhD)7.5 E F2<83>128 628.8 Q F1
-(Embark Studios)7.5 E F2<83>128 640.8 Q F1(Lars Strojn)7.5 E(y)-.15 E F2
-(REPOR)72 657.6 Q 1.666(TING B)-.4 F(UGS)-.1 E F1(https://todo.sr)108
-669.6 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F0(\001nabijaczle)
-108 686.4 Q(weli/tzpfms@lists.sr)-.15 E(.ht)-1.11 E F1 2.5(,a)C(rchi)
--2.5 E -.15(ve)-.25 G 2.5(da).15 G 2.5(th)-2.5 G(ttps://lists.sr)-2.5 E
-(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(tzpfms 0.3.3-7-g893a48c)
-72 817.889 Q(No)85.673 E -.15(ve)-.15 G(mber 25, 2023).15 E(1)180.932 E
-0 Cg EP
+.15 E F1<83>128 616.8 Q F0(ThePhD)7.5 E F1<83>128 628.8 Q F0
+(Embark Studios)7.5 E F1<83>128 640.8 Q F0(Lars Strojn)7.5 E(y)-.15 E F1
+(REPOR)72 657.6 Q 1.666(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108
+669.6 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F4
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 686.4 Q F0 83.762(,a)C(rchi)
+-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E(https://lists.sr)
+108 698.4 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E
+(tzpfms 0.3.3-8-g286180b)72 817.889 Q(No)84.553 E -.15(ve)-.15 G
+(mber 25, 2023).15 E(1)180.932 E 0 Cg EP
 %%Page: 1 10
 %%BeginPageSetup
 BP
 %%EndPageSetup
-/F0 10/Times-Italic@0 SF(ZFS-TPM2-LO)72 48 Q(AD-KEY)-.55 E/F1 10
-/Times-Roman@0 SF 63.563(\(8\) System)B(Manager')2.5 E 2.5(sM)-.55 G
-(anual)-2.5 E F0(ZFS-TPM2-LO)63.562 E(AD-KEY)-.55 E F1(\(8\))A/F2 10
-/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E F1(zfs-tpm2-load-k)108 96 Q .3
--.15(ey \212 l)-.1 H(oad TPM2-encrypted ZFS dataset k).15 E -.15(ey)-.1
-G F2(SYNOPSIS)72 112.8 Q/F3 10/Courier-Bold@0 SF(zfs-tpm-list)108 124.8
-Q F1([)2.5 E/F4 10/Courier@0 SF<ad6e>1.666 E F1(])A/F5 10
-/Courier-Oblique@0 SF(dataset)2.5 E F2(DESCRIPTION)72 141.6 Q F1 .865
-(After v)108 153.6 R(erifying)-.15 E F5(dataset)3.365 E F1 -.1(wa)3.365
-G 3.365(se).1 G .865(ncrypted with)-3.365 F F3(tzpfms)3.365 E F1(back)
-3.365 E(end)-.1 E F2(TPM2)3.365 E F1 3.365(,u)C .864(nseals the k)-3.365
-F 1.164 -.15(ey a)-.1 H .864(nd loads it).15 F(into)108 165.6 Q F5
-(dataset)2.5 E F1(.)A(The user is prompted for the additional passphras\
-e, set when creating the k)108 182.4 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5
-(fo)-2.5 G(ne w)-2.5 E(as set.)-.1 E(See)108 199.2 Q F0(zfs-tpm2-c)2.5 E
-(hang)-.15 E(e-k)-.1 E -.3(ey)-.1 G F1
-(\(8\) for a detailed description.).3 E F2(OPTIONS)72 216 Q F4<ad6e>
-109.666 228 Q F1 3.208(Do a no-op/dry run, can be used e)131 228 R -.15
-(ve)-.25 G 5.708(ni).15 G 5.708(ft)-5.708 G 3.208(he k)-5.708 F 3.508
--.15(ey i)-.1 H 5.708(sa).15 G 3.208(lready loaded.)-5.708 F(Equi)8.208
-E -.25(va)-.25 G 3.208(lent to).25 F F3(zfs)5.708 E F4(load-key)131 240
-Q F1 -.55('s)C F4<ad6e>4.716 E F1(option.)2.5 E F2(ENVIR)72 256.8 Q
-1.666(ONMENT V)-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108
-268.8 Q F1 .046(By def)133 280.8 R .045(ault, passphrases are prompted \
-for and read in on the standard output and input streams.)-.1 F(If)5.045
-E F4(TZPFMS_PASSPHRASE_HELPER)133 292.8 Q F1 .896(is set and nonempty)
-3.396 F 3.396(,i)-.65 G 3.396(tw)-3.396 G .896(ill be run via)-3.396 F
-F0(/bin/)3.396 E F3(sh)A F4<ad63>8.562 E F1 .897(to pro-)3.396 F
-(vide each passphrase, instead.)133 304.8 Q .643
+/F0 10/Times-Roman@0 SF(ZFS-TPM2-LO)72 48 Q 58.373(AD-KEY\(8\) System)
+-.35 F(Manager')2.5 E 2.5(sM)-.55 G 55.872(anual ZFS-TPM2-LO)-2.5 F
+(AD-KEY\(8\))-.35 E/F1 10/Times-Bold@0 SF -.2(NA)72 84 S(ME).2 E F0
+(zfs-tpm2-load-k)108 96 Q .3 -.15(ey \212 l)-.1 H
+(oad TPM2-encrypted ZFS dataset k).15 E -.15(ey)-.1 G F1(SYNOPSIS)72
+112.8 Q/F2 10/Courier-Bold@0 SF(zfs-tpm-list)108 124.8 Q F0([)2.5 E F2
+<ad6e>1.666 E F0(])A/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1
+(DESCRIPTION)72 141.6 Q F0 .865(After v)108 153.6 R(erifying)-.15 E F3
+(dataset)3.365 E F0 -.1(wa)3.365 G 3.365(se).1 G .865(ncrypted with)
+-3.365 F F2(tzpfms)3.365 E F0(back)3.365 E(end)-.1 E F1(TPM2)3.365 E F0
+3.365(,u)C .864(nseals the k)-3.365 F 1.164 -.15(ey a)-.1 H .864
+(nd loads it).15 F(into)108 165.6 Q F3(dataset)2.5 E F0(.)A(The user is\
+ prompted for the additional passphrase, set when creating the k)108
+182.4 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5(fo)-2.5 G(ne w)-2.5 E(as set.)-.1
+E(See)108 199.2 Q/F4 10/Courier@0 SF(zfs-tpm2-change-key)2.5 E F0
+(\(8\) for a detailed description.)A F1(OPTIONS)72 216 Q F2<ad6e>109.666
+228 Q F0 3.208(Do a no-op/dry run, can be used e)131 228 R -.15(ve)-.25
+G 5.708(ni).15 G 5.708(ft)-5.708 G 3.208(he k)-5.708 F 3.508 -.15(ey i)
+-.1 H 5.708(sa).15 G 3.208(lready loaded.)-5.708 F(Equi)8.208 E -.25(va)
+-.25 G 3.208(lent to).25 F F2(zfs)5.708 E(load-key)131 240 Q F0 -.55('s)
+C F2<ad6e>4.716 E F0(option.)2.5 E F1(ENVIR)72 256.8 Q 1.666(ONMENT V)
+-.3 F(ARIABLES)-1.35 E F4(TZPFMS_PASSPHRASE_HELPER)108 268.8 Q F0 .046
+(By def)133 280.8 R .045(ault, passphrases are prompted for and read in\
+ on the standard output and input streams.)-.1 F(If)5.045 E F4
+(TZPFMS_PASSPHRASE_HELPER)133 292.8 Q F0 1.595(is set and nonempty)4.095
+F 4.096(,i)-.65 G 4.096(tw)-4.096 G 1.596(ill be run via)-4.096 F F4
+(/bin/)4.096 E F2 3.262(sh \255c)B F0(to)4.096 E(pro)133 304.8 Q
+(vide each passphrase, instead.)-.15 E .643
 (The standard output stream of the helper is tied to an anon)133 321.6 R
 .643(ymous \214le and used in its entirety as)-.15 F(the passphrase, e)
 133 333.6 Q(xcept for a trailing ne)-.15 E(w-line, if an)-.25 E 3.8 -.65
-(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 345.6 Q F1
+(y. T)-.15 H(he ar).65 E(guments are:)-.18 E F4($1)143 345.6 Q F0
 (Pre-formatted noun phrase with all the information belo)160 345.6 Q 1.3
--.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 357.6 Q F1
+-.65(w, f)-.25 H(or use as a prompt).65 E F4($2)143 357.6 Q F0
 (Either the dataset name or the element of the TPM hierarch)160 357.6 Q
-2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 369.6 Q F1("ne)160
+2.5(yb)-.05 G(eing prompted for)-2.5 E F4($3)143 369.6 Q F0("ne)160
 369.6 Q(w" if this is for a ne)-.25 E 2.5(wp)-.25 G
-(assphrase, otherwise blank)-2.5 E F4($4)143 381.6 Q F1("ag)160 381.6 Q
+(assphrase, otherwise blank)-2.5 E F4($4)143 381.6 Q F0("ag)160 381.6 Q
 (ain" if it')-.05 E 2.5(st)-.55 G
 (he second prompt for that passphrase, otherwise blank)-2.5 E .177
 (If the helper doesn')133 398.4 R 2.677(te)-.18 G .177
-(xist \(the shell e)-2.827 F .177(xits with)-.15 F F2(127)2.677 E F1
+(xist \(the shell e)-2.827 F .177(xits with)-.15 F F1(127)2.677 E F0
 .178(\), a diagnostic is issued and the normal prompt)B(is used as f)133
 410.4 Q 2.5(all-back. If)-.1 F(it f)2.5 E(ails for an)-.1 E 2.5(yo)-.15
-G(ther reason, the prompting is aborted.)-2.5 E F2 1.666
+G(ther reason, the prompting is aborted.)-2.5 E F1 1.666
 (TPM1.X back-end con\214guration)72 427.2 R .625(TPM selection)87 439.2
-R F1(The)108 451.2 Q F3(tzpfms)2.509 E F1 .009
-(suite connects to a local)2.509 F F0(tcsd)2.508 E F1 .008
-(\(8\) process \(at)B F0(localhost:30003)2.508 E F1 2.508(\)b)C 2.508
-(yd)-2.508 G(ef)-2.508 E 2.508(ault. Use)-.1 F .008(the en)2.508 F
-(viron-)-.4 E(ment v)108 463.2 Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F1
-(to specify a remote TCS hostname.)2.5 E .444(The T)108 480 R(rouSerS)
--.35 E F0(tcsd)2.944 E F1 .444(\(8\) daemon will try)B F0(/de)2.945 E
-(v/tpm0)-.15 E F1 2.945(,t)C(hen)-2.945 E F0(/ude)2.945 E(v/tpm0)-.15 E
-F1 2.945(,t)C(hen)-2.945 E F0(/de)2.945 E(v/tpm)-.15 E F1 2.945(;b)C
-2.945(yo)-2.945 G(ccup)-2.945 E .445(ying one of)-.1 F
-(the earlier ones with, for e)108 492 Q
-(xample, shell redirection, a later one can be selected.)-.15 E F2 .625
-(See also)87 508.8 R F1(The T)108 520.8 Q
+R F0(The)108 451.2 Q F2(tzpfms)2.73 E F0 .23(suite connects to a local)
+2.73 F F4(tcsd)2.73 E F0 .23(\(8\) process \(at)B F4(localhost:30003)
+2.729 E F0 2.729(\)b)C 2.729(yd)-2.729 G(ef)-2.729 E 2.729(ault. Use)-.1
+F(the)2.729 E(en)108 463.2 Q(vironment v)-.4 E(ariable)-.25 E F4
+(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .11
+(The T)108 480 R(rouSerS)-.35 E F4(tcsd)2.61 E F0 .11
+(\(8\) daemon will try)B F4(/dev/tpm0)2.61 E F0 2.61(,t)C(hen)-2.61 E F4
+(/udev/tpm0)2.611 E F0 2.611(,t)C(hen)-2.611 E F4(/dev/tpm)2.611 E F0
+2.611(;b)C 2.611(yo)-2.611 G(ccu-)-2.611 E -.1(py)108 492 S
+(ing one of the earlier ones with, for e).1 E
+(xample, shell redirection, a later one can be selected.)-.15 E F1 .625
+(See also)87 508.8 R F0(The T)108 520.8 Q
 (rouSerS project page at https://sourcefor)-.35 E
 (ge.net/projects/trousers.)-.18 E 4.415
 (The TPM 1.2 main speci\214cation inde)108 537.6 R 6.915(xa)-.15 G 6.915
 (th)-6.915 G(ttps://trustedcomputinggroup.or)-6.915 E
-(g/resource/tpm-main-)-.18 E(speci\214cation.)108 549.6 Q F2 1.666
-(SPECIAL THANKS)72 566.4 R F1 1.6 -.8(To a)108 578.4 T
+(g/resource/tpm-main-)-.18 E(speci\214cation.)108 549.6 Q F1 1.666
+(SPECIAL THANKS)72 566.4 R F0 1.6 -.8(To a)108 578.4 T
 (ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
-.15 E F2<83>128 590.4 Q F1(ThePhD)7.5 E F2<83>128 602.4 Q F1
-(Embark Studios)7.5 E F2<83>128 614.4 Q F1(Lars Strojn)7.5 E(y)-.15 E F2
-(REPOR)72 631.2 Q 1.666(TING B)-.4 F(UGS)-.1 E F1(https://todo.sr)108
-643.2 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F0(\001nabijaczle)
-108 660 Q(weli/tzpfms@lists.sr)-.15 E(.ht)-1.11 E F1 2.5(,a)C(rchi)-2.5
-E -.15(ve)-.25 G 2.5(da).15 G 2.5(th)-2.5 G(ttps://lists.sr)-2.5 E
-(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E(tzpfms 0.3.3-7-g893a48c)
-72 817.889 Q(No)85.673 E -.15(ve)-.15 G(mber 25, 2023).15 E(1)180.932 E
-0 Cg EP
+.15 E F1<83>128 590.4 Q F0(ThePhD)7.5 E F1<83>128 602.4 Q F0
+(Embark Studios)7.5 E F1<83>128 614.4 Q F0(Lars Strojn)7.5 E(y)-.15 E F1
+(REPOR)72 631.2 Q 1.666(TING B)-.4 F(UGS)-.1 E F0(https://todo.sr)108
+643.2 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms)-.25 E F4
+(\001nabijaczleweli/tzpfms@lists.sr.ht)108 660 Q F0 83.762(,a)C(rchi)
+-83.762 E -.15(ve)-.25 G 83.763(da).15 G(t)-83.763 E(https://lists.sr)
+108 672 Q(.ht/\001nabijaczle)-.55 E(weli/tzpfms.)-.25 E
+(tzpfms 0.3.3-8-g286180b)72 817.889 Q(No)84.553 E -.15(ve)-.15 G
+(mber 25, 2023).15 E(1)180.932 E 0 Cg EP
 %%Trailer
 end
 %%EOF
diff --git a/zfs-tpm-list.8 b/zfs-tpm-list.8
index b5d8ba9..129d8c6 100644
--- a/zfs-tpm-list.8
+++ b/zfs-tpm-list.8
@@ -3,7 +3,7 @@
 .Dd November 25, 2023
 .ds doc-volume-operating-system
 .Dt ZFS-TPM-LIST 8
-.Os tzpfms 0.3.3-7-g893a48c
+.Os tzpfms 0.3.3-8-g286180b
 .
 .Sh NAME
 .Nm zfs-tpm-list
diff --git a/zfs-tpm-list.8.html b/zfs-tpm-list.8.html
index 525e883..d4da44a 100644
--- a/zfs-tpm-list.8.html
+++ b/zfs-tpm-list.8.html
@@ -165,7 +165,7 @@ tarta-zoot/vm - available yes</div>
 <table class="foot">
   <tr>
     <td class="foot-date">November 25, 2023</td>
-    <td class="foot-os">tzpfms 0.3.3-7-g893a48c</td>
+    <td class="foot-os">tzpfms 0.3.3-8-g286180b</td>
   </tr>
 </table>
 </body>
diff --git a/zfs-tpm1x-change-key.8 b/zfs-tpm1x-change-key.8
index b017bc6..f8688a9 100644
--- a/zfs-tpm1x-change-key.8
+++ b/zfs-tpm1x-change-key.8
@@ -3,7 +3,7 @@
 .Dd November 25, 2023
 .ds doc-volume-operating-system
 .Dt ZFS-TPM1X-CHANGE-KEY 8
-.Os tzpfms 0.3.3-7-g893a48c
+.Os tzpfms 0.3.3-8-g286180b
 .
 .Sh NAME
 .Nm zfs-tpm1x-change-key
diff --git a/zfs-tpm1x-change-key.8.html b/zfs-tpm1x-change-key.8.html
index 057385b..c002c68 100644
--- a/zfs-tpm1x-change-key.8.html
+++ b/zfs-tpm1x-change-key.8.html
@@ -218,7 +218,7 @@
 <table class="foot">
   <tr>
     <td class="foot-date">November 25, 2023</td>
-    <td class="foot-os">tzpfms 0.3.3-7-g893a48c</td>
+    <td class="foot-os">tzpfms 0.3.3-8-g286180b</td>
   </tr>
 </table>
 </body>
diff --git a/zfs-tpm1x-clear-key.8 b/zfs-tpm1x-clear-key.8
index 286599d..e7b0926 100644
--- a/zfs-tpm1x-clear-key.8
+++ b/zfs-tpm1x-clear-key.8
@@ -3,7 +3,7 @@
 .Dd November 25, 2023
 .ds doc-volume-operating-system
 .Dt ZFS-TPM1X-CLEAR-KEY 8
-.Os tzpfms 0.3.3-7-g893a48c
+.Os tzpfms 0.3.3-8-g286180b
 .
 .Sh NAME
 .Nm zfs-tpm1x-clear-key
diff --git a/zfs-tpm1x-clear-key.8.html b/zfs-tpm1x-clear-key.8.html
index f58828d..95a0428 100644
--- a/zfs-tpm1x-clear-key.8.html
+++ b/zfs-tpm1x-clear-key.8.html
@@ -102,7 +102,7 @@
 <table class="foot">
   <tr>
     <td class="foot-date">November 25, 2023</td>
-    <td class="foot-os">tzpfms 0.3.3-7-g893a48c</td>
+    <td class="foot-os">tzpfms 0.3.3-8-g286180b</td>
   </tr>
 </table>
 </body>
diff --git a/zfs-tpm1x-load-key.8 b/zfs-tpm1x-load-key.8
index 0eca2ed..0cb4a1f 100644
--- a/zfs-tpm1x-load-key.8
+++ b/zfs-tpm1x-load-key.8
@@ -3,7 +3,7 @@
 .Dd November 25, 2023
 .ds doc-volume-operating-system
 .Dt ZFS-TPM1X-LOAD-KEY 8
-.Os tzpfms 0.3.3-7-g893a48c
+.Os tzpfms 0.3.3-8-g286180b
 .
 .Sh NAME
 .Nm zfs-tpm1x-load-key
diff --git a/zfs-tpm1x-load-key.8.html b/zfs-tpm1x-load-key.8.html
index 9a0ec8f..91f13d7 100644
--- a/zfs-tpm1x-load-key.8.html
+++ b/zfs-tpm1x-load-key.8.html
@@ -138,7 +138,7 @@
 <table class="foot">
   <tr>
     <td class="foot-date">November 25, 2023</td>
-    <td class="foot-os">tzpfms 0.3.3-7-g893a48c</td>
+    <td class="foot-os">tzpfms 0.3.3-8-g286180b</td>
   </tr>
 </table>
 </body>
diff --git a/zfs-tpm2-change-key.8 b/zfs-tpm2-change-key.8
index af5ddd6..474f486 100644
--- a/zfs-tpm2-change-key.8
+++ b/zfs-tpm2-change-key.8
@@ -3,7 +3,7 @@
 .Dd November 25, 2023
 .ds doc-volume-operating-system
 .Dt ZFS-TPM2-CHANGE-KEY 8
-.Os tzpfms 0.3.3-7-g893a48c
+.Os tzpfms 0.3.3-8-g286180b
 .
 .Sh NAME
 .Nm zfs-tpm2-change-key
diff --git a/zfs-tpm2-change-key.8.html b/zfs-tpm2-change-key.8.html
index 239f475..0a82481 100644
--- a/zfs-tpm2-change-key.8.html
+++ b/zfs-tpm2-change-key.8.html
@@ -264,7 +264,7 @@
 <table class="foot">
   <tr>
     <td class="foot-date">November 25, 2023</td>
-    <td class="foot-os">tzpfms 0.3.3-7-g893a48c</td>
+    <td class="foot-os">tzpfms 0.3.3-8-g286180b</td>
   </tr>
 </table>
 </body>
diff --git a/zfs-tpm2-clear-key.8 b/zfs-tpm2-clear-key.8
index 8d19f63..cf1dfce 100644
--- a/zfs-tpm2-clear-key.8
+++ b/zfs-tpm2-clear-key.8
@@ -3,7 +3,7 @@
 .Dd November 25, 2023
 .ds doc-volume-operating-system
 .Dt ZFS-TPM2-CLEAR-KEY 8
-.Os tzpfms 0.3.3-7-g893a48c
+.Os tzpfms 0.3.3-8-g286180b
 .
 .Sh NAME
 .Nm zfs-tpm2-clear-key
diff --git a/zfs-tpm2-clear-key.8.html b/zfs-tpm2-clear-key.8.html
index 74d857f..40740fb 100644
--- a/zfs-tpm2-clear-key.8.html
+++ b/zfs-tpm2-clear-key.8.html
@@ -153,7 +153,7 @@
 <table class="foot">
   <tr>
     <td class="foot-date">November 25, 2023</td>
-    <td class="foot-os">tzpfms 0.3.3-7-g893a48c</td>
+    <td class="foot-os">tzpfms 0.3.3-8-g286180b</td>
   </tr>
 </table>
 </body>
diff --git a/zfs-tpm2-load-key.8 b/zfs-tpm2-load-key.8
index ac123ba..1827a72 100644
--- a/zfs-tpm2-load-key.8
+++ b/zfs-tpm2-load-key.8
@@ -3,7 +3,7 @@
 .Dd November 25, 2023
 .ds doc-volume-operating-system
 .Dt ZFS-TPM2-LOAD-KEY 8
-.Os tzpfms 0.3.3-7-g893a48c
+.Os tzpfms 0.3.3-8-g286180b
 .
 .Sh NAME
 .Nm zfs-tpm2-load-key
diff --git a/zfs-tpm2-load-key.8.html b/zfs-tpm2-load-key.8.html
index 13e5363..ff790e2 100644
--- a/zfs-tpm2-load-key.8.html
+++ b/zfs-tpm2-load-key.8.html
@@ -137,7 +137,7 @@
 <table class="foot">
   <tr>
     <td class="foot-date">November 25, 2023</td>
-    <td class="foot-os">tzpfms 0.3.3-7-g893a48c</td>
+    <td class="foot-os">tzpfms 0.3.3-8-g286180b</td>
   </tr>
 </table>
 </body>