NAME

zfs-tpm1x-load-key - load tzpfms TPM1.X-encrypted ZFS dataset key

SYNOPSIS

zfs-tpm1x-load-key [-n] dataset

DESCRIPTION

zfs-tpm1x-load-key(8), after verifying that dataset was encrypted with tzpfms backend TPM1.X will unseal the key and load it into dataset.

The user is prompted for, first, the SRK passphrase, set when taking ownership, if it's not "well-known" (all zeroes), then the additional passphrase set when creating the key, if it was provided.

See zfs-tpm1x-change-key(8) for a detailed description.

OPTIONS

-n

Do a no-op/dry run, can be used even if the key is already loaded. Equivalent to zfs(8) load-key's -n option.

TPM1.X back-end configuration

TPM selection

The tzpfms suite connects to a local tcsd(8) process (at localhost:30003) by default. Use the environment variable TZPFMS_TPM1X to specify a remote TCS hostname.

The TrouSerS tcsd(8) daemon will try /dev/tpm0, then /udev/tpm0, then /dev/tpm; by occupying one of the earlier ones with, for example, shell redirection, a later one can be selected.

See also

The TrouSerS project page at https://sourceforge.net/projects/trousers.

The TPM 1.2 main specification index at <https://trustedcomputinggroup.org/resource/tpm-main-specification>.

AUTHOR

Written by наб <nabijaczleweli@nabijaczleweli.xyz>

SPECIAL THANKS

To all who support further development, in particular:

• ThePhD
• Embark Studios

REPORTING BUGS

<https://todo.sr.ht/~nabijaczleweli/tzpfms>

<~nabijaczleweli/tzpfms@lists.sr.ht>, archived at <https://lists.sr.ht/~nabijaczleweli/tzpfms>

SEE ALSO

<https://git.sr.ht/~nabijaczleweli/tzpfms>