наб
6b3cc6971d
Don't free() allocated statics
2023-11-25 18:11:01 +01:00
наб
c651450b5d
Axe unused fd.cpp:read_exact()
2023-11-25 17:44:40 +01:00
наб
1ae0e258a7
Correctly echo intr instead of hard ^C
2023-11-25 17:44:39 +01:00
наб
47cd20aa32
Translate to Polish
2023-11-25 17:40:59 +01:00
наб
d2dcf95b0f
Just use pipe to read passphrase from helper instead of memfd weirdness
2022-12-04 02:26:10 +01:00
наб
720a0103a7
Fix ^Ding out of the new passphrase prompt
2022-12-04 01:37:56 +01:00
наб
0f2642ba92
Provide blank Esys_Create{Primary,}() metadata
...
This was yielding
Couldn't create primary encryption key: tpm:parameter(3):structure is the wrong size
errors on ASRock X670E Pro RS + AMD Ryzen 5 7600X: just kill it;
it's unclear if it's remotely useful besides adding some needless salt
Reported and validated by Lars Strojny:
https://twitter.com/lstrojny/status/1599182208752766976
2022-12-04 00:57:36 +01:00
наб
d950de0ae4
Actually copy in the CreatePrimary parameters to the right slots
...
This mimicks tpm2-tools; I don't think it matters any, since I'm pretty
sure these are just unused for our application, but
2022-12-04 00:32:44 +01:00
наб
b811862e0a
swtpm is in Debian now :)
2022-12-03 22:15:22 +01:00
наб
02195933bc
Use SHA256 as the default name algorithm for the TPM2 primary key
...
This mirrors an analogous change in tpm2-tools
5900ed818f3c1e7173b3
2022-12-03 21:32:50 +01:00
наб
62e896642b
Silence SHA256_*() OpenSSL API deprecation warnings for now
2022-09-30 21:07:12 +02:00
наб
aef018ba1e
Fix builds with less header-leaky libstdc++es
2022-09-30 20:08:27 +02:00
наб
00703a1517
Upcast time_t to i64
2021-11-29 16:20:40 +01:00
наб
1937610e54
struct timespec::tv_nsec is the syscall long, not actual long!
2021-11-28 18:17:00 +01:00
наб
e0b0de31b9
Don't force POSIXLY_CORRECT. Reject extraneous argument
2021-11-28 01:40:23 +01:00
наб
49f0a05c33
Add PCR binding. password => passphrase in manuals
...
All logically distinct modes are now:
TPM1.X: passphraseless, PCRs, passphrase, passphrase & PCRs
TPM2: passphraseless, PCRs, passphrase, passphrase | PCRs
TPM2 sees a backward-incompatible ";pcr list" addition to its handle
Cf. https://twitter.com/nabijaczleweli/status/1463707170793562117
2021-11-28 01:33:58 +01:00
наб
303ea58c2f
Import parse_uint() from voreutils. Summarise all .sos. Fix systemd integration in README to match. Flatten hV adding
2021-11-25 16:33:26 +01:00
наб
4e41ae1f14
Add TZPFMS_PASSPHRASE_HELPER{,_MAN} make tunables
2021-11-20 13:12:01 +01:00
наб
ea0a5bd52e
Proof passphrase.h. Fix helper for empty output, fortify against ENOMEM and mmap(2) error
2021-11-19 00:37:08 +01:00
наб
8df40d5506
Fix lib[std]c++ dependency by initialising helper path explicitly
2021-11-15 19:12:19 +01:00
наб
12189bc0d5
Change TPM2 creation metadata to 'UNIX.ns dataset version' from 'dataset RFC3339 version' ‒ there's only 64 bytes to play with
2021-11-15 19:04:40 +01:00
наб
9c8ee8d68c
Add $TZPFMS_PASSPHRASE_HELPER. Always include the TPM back-end and/or dataset name in password what-fors
2021-11-15 18:59:07 +01:00
наб
c1ab9a5a1a
Fold print; return err; into return print, err;
2021-11-10 15:02:43 +01:00
наб
dc8bc7acb7
Use proper PRI* macros for foreign types
2021-11-10 14:48:07 +01:00
наб
7841412225
Take a stance on some TODOs
2020-12-08 17:48:33 +01:00
наб
768b21c2e7
Fix change-key for TPM1.X. Test and unfuck i-t TPM1.X
...
Tested on Toshiba R700
2020-12-06 18:16:07 +01:00
наб
49e22c820e
whoms't a plural
2020-12-05 01:24:38 +01:00
наб
21b928bcf3
Don't do SHA512, Griwes' TPM couldn't handle it
2020-12-03 12:12:21 +01:00
наб
415c83ab0e
Add key -u[nloaded]/-l[oaded] to zfs-tpm-list
2020-10-31 18:36:14 +01:00
наб
321c2cd160
Add zfs-tpm-list manpage
2020-10-31 11:14:25 +01:00
наб
4a561d6e13
Extract display literals
2020-10-31 03:59:17 +01:00
наб
18df30d93b
ILP32 strikes again
2020-10-31 03:47:38 +01:00
наб
75748d388f
zfs-tpm-list also takes -b to restrict to a specific back-end
2020-10-31 03:41:04 +01:00
наб
4da1dbf845
Add zfs-tpm-list
2020-10-31 03:30:16 +01:00
наб
febf3be94d
Only allow at least 8-character new passwords
2020-10-27 20:46:28 +01:00
наб
15a2917902
Read in password for TPM2 if 'tpm2_changeauth -c owner' is in play
2020-10-27 20:36:59 +01:00
наб
201fdf2c0a
Allow for setting passphrases on TPM2 keys. Handle max passphrase lengths
2020-10-27 20:03:28 +01:00
наб
a558ca5b48
Allow to change TCS hostname
2020-10-27 15:40:10 +01:00
наб
8653f24924
Extract zfs-tpm*-clear-key to very common wrapper
2020-10-25 02:51:39 +02:00
наб
675a0c40b7
Prompt for passphrase (or empty for none) in TPM1.X
2020-10-25 02:04:16 +02:00
наб
cc4716c569
Add zfs-tpm1x-clear-key. Move clear_key_props() warning to zfs.cpp
2020-10-24 03:48:32 +02:00
наб
6423713487
Extract TPM 1.x code so it's less bad and more not horseshit
2020-10-24 03:33:18 +02:00
наб
6df053a1b5
it fucking works
2020-10-23 01:50:42 +02:00
наб
92f6927a08
Migrate some meaty zfs funxions out
2020-10-23 01:05:55 +02:00
наб
1d032923c0
I think this kinda works on 1.x TPMs
2020-10-23 00:41:38 +02:00
наб
1cc8ddaa63
I managed to get fucking tcsd to use swtpm
2020-10-19 00:35:16 +02:00
наб
65c2384582
Remove unneeded slice_iter
2020-10-18 17:39:36 +02:00
наб
55fe88aabf
Add TPM2 testing instruxions
2020-10-18 17:36:28 +02:00
наб
fb3eb012b6
Handle -h and -V
2020-10-18 04:00:41 +02:00
наб
a007176d65
Finalise zfs-tpm2-clear-key. Add manpages
2020-10-18 03:22:56 +02:00
