NAME

zfs-tpm2-load-key - load tzpfms TPM2-encrypted ZFS dataset key

SYNOPSIS

zfs-tpm2-load-key [-n] dataset

DESCRIPTION

zfs-tpm2-load-key(8), after verifying that dataset was encrypted with tzpfms backend TPM2 will unseal the key and load it into dataset.

See zfs-tpm2-change-key(8) for a detailed description.

OPTIONS

-n

Do a no-op/dry run, can be used even if the key is already loaded. Equivalent to zfs(8) load-key's -n option.

TPM2 back-end configuration

Environment variables

TSS2_LOG=

Any of: NONE, ERROR, WARNING, INFO, DEBUG, TRACE. Default: WARNING.

TPM selection

The library libtss2-tcti-default.so can be linked to any of the libtss2-tcti-*.so libraries to select the default, otherwise /dev/tpmrm0, then /dev/tpm0, then localhost:2321 will be tried, in order (see ESYS_CONTEXT(3)).

See also

The tpm2-tss git repository at https://github.com/tpm2-software/tpm2-tss and the documentation at https://tpm2-tss.readthedocs.io.

The TPM 2.0 specifications, mainly at <https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf> and related pages.

AUTHOR

Written by наб <nabijaczleweli@nabijaczleweli.xyz>

SPECIAL THANKS

To all who support further development, in particular:

• ThePhD
• Embark Studios

REPORTING BUGS

<https://todo.sr.ht/~nabijaczleweli/tzpfms>

<~nabijaczleweli/tzpfms@lists.sr.ht>, archived at <https://lists.sr.ht/~nabijaczleweli/tzpfms>

SEE ALSO

<https://git.sr.ht/~nabijaczleweli/tzpfms>