ZFS-TPM2-CLEAR-KEY(8) System Manager's Manual ZFS-TPM2-CLEAR-KEY(8)

zfs-tpm2-clear-keyrewrap ZFS dataset key in passsword and clear tzpfms TPM2 metadata

zfs-tpm2-clear-key dataset

After verifying dataset was encrypted with tzpfms backend :

  1. performs the equivalent of zfs change-key -o keylocation=prompt -o keyformat=passphrase dataset,
  2. frees the sealed key previously used to encrypt dataset,
  3. removes the xyz.nabijaczleweli:tzpfms.{backend, key} properties from dataset.

See zfs-tpm2-change-key(8) for a detailed description.

Any of: , , WARNING, , , . Default: WARNING.

The library libtss2-tcti-default.so can be linked to any of the libtss2-tcti-*.so libraries to select the default, otherwise /dev/tpmrm0, then /dev/tpm0, then localhost:2321 will be tried, in order (see ESYS_CONTEXT(3)).

The tpm2-tss git repository at https://github.com/tpm2-software/tpm2-tss and the documentation at https://tpm2-tss.readthedocs.io.

The TPM 2.0 specifications, mainly at https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf and related pages.

To all who support further development, in particular:

https://todo.sr.ht/~nabijaczleweli/tzpfms

~nabijaczleweli/tzpfms@lists.sr.ht, archived at https://lists.sr.ht/~nabijaczleweli/tzpfms.

https://git.sr.ht/~nabijaczleweli/tzpfms

October 15, 2021 tzpfms 0.1-5