ZFS-TPM1X-CLEAR-KEY(8) System Manager's Manual ZFS-TPM1X-CLEAR-KEY(8)

zfs-tpm1x-clear-keyrewrap ZFS dataset key in passsword and clear tzpfms TPM1.X metadata

zfs-tpm1x-clear-key dataset

After verifying dataset was encrypted with tzpfms backend :

  1. performs the equivalent of zfs change-key -o keylocation=prompt -o keyformat=passphrase dataset,
  2. removes the xyz.nabijaczleweli:tzpfms.{backend, key} properties from dataset.

See zfs-tpm1x-change-key(8) for a detailed description.

The tzpfms suite connects to a local tcsd(8) process (at localhost:30003) by default. Use the environment variable TZPFMS_TPM1X to specify a remote TCS hostname.

The TrouSerS tcsd(8) daemon will try /dev/tpm0, then /udev/tpm0, then /dev/tpm; by occupying one of the earlier ones with, for example, shell redirection, a later one can be selected.

The TrouSerS project page at https://sourceforge.net/projects/trousers.

The TPM 1.2 main specification index at https://trustedcomputinggroup.org/resource/tpm-main-specification.

To all who support further development, in particular:

https://todo.sr.ht/~nabijaczleweli/tzpfms

~nabijaczleweli/tzpfms@lists.sr.ht, archived at https://lists.sr.ht/~nabijaczleweli/tzpfms.

December 4, 2022 tzpfms 0.3.4-29-g1d39364