NAME

zfs-tpm1x-clear-key - rewrap ZFS dataset key in passsword and clear tzpfms TPM1.X metadata

SYNOPSIS

zfs-tpm1x-clear-key dataset

DESCRIPTION

zfs-tpm1x-clear-key(8), after verifying that dataset was encrypted with tzpfms backend TPM1.X will:

1. perform the equivalent of zfs(8) change-key -o keylocation=prompt -o keyformat=passphrase dataset,
2. remove the xyz.nabijaczleweli:tzpfms.{backend,key} properties from dataset.

See zfs-tpm1x-change-key(8) for a detailed description.

TPM1.X back-end configuration

TPM selection

The tzpfms suite connects to a local tcsd(8) process (at localhost:30003) by default. Use the environment variable TZPFMS_TPM1X to specify a remote TCS hostname.

The TrouSerS tcsd(8) daemon will try /dev/tpm0, then /udev/tpm0, then /dev/tpm; by occupying one of the earlier ones with, for example, shell redirection, a later one can be selected.

See also

The TrouSerS project page at https://sourceforge.net/projects/trousers.

The TPM 1.2 main specification index at <https://trustedcomputinggroup.org/resource/tpm-main-specification>.

AUTHOR

Written by наб <nabijaczleweli@nabijaczleweli.xyz>

SPECIAL THANKS

To all who support further development, in particular:

• ThePhD
• Embark Studios

REPORTING BUGS

<https://todo.sr.ht/~nabijaczleweli/tzpfms>

<~nabijaczleweli/tzpfms@lists.sr.ht>, archived at <https://lists.sr.ht/~nabijaczleweli/tzpfms>

SEE ALSO

<https://git.sr.ht/~nabijaczleweli/tzpfms>