third-party-mirrors/tzpfms
1
0
Fork 0
mirror of https://git.sr.ht/~nabijaczleweli/tzpfms synced 2025-04-23 09:50:28 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity
tzpfms/zfs-tpm2-clear-key.8.html
наб autouploader f2bb78cd74 Manpage update by job 1445917
2025-03-09 17:57:25 +00:00

163 lines
7.5 KiB
HTML
Raw Permalink Blame History

<!DOCTYPE html>
<html>
<!-- This is an automatically generated file. Do not edit.
SPDX-License-Identifier: MIT
-->
<head>
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
<link rel="stylesheet" href="style.css" type="text/css" media="all"/>
<title>ZFS-TPM2-CLEAR-KEY(8)</title>
</head>
<body>
<table class="head">
<tr>
<td class="head-ltitle">ZFS-TPM2-CLEAR-KEY(8)</td>
<td class="head-vol">System Manager's Manual</td>
<td class="head-rtitle">ZFS-TPM2-CLEAR-KEY(8)</td>
</tr>
</table>
<div class="manual-text">
<section class="Sh">
<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
<p class="Pp"><code class="Nm">zfs-tpm2-clear-key</code> &#x2014;
<span class="Nd">rewrap ZFS dataset key in passsword and clear tzpfms TPM2
metadata</span></p>
</section>
<section class="Sh">
<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
<table class="Nm">
<tr>
<td><code class="Nm">zfs-tpm2-clear-key</code></td>
<td><var class="Ar">dataset</var></td>
</tr>
</table>
</section>
<section class="Sh">
<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
<p class="Pp">After verifying <var class="Ar">dataset</var> was encrypted with
the <code class="Nm">tzpfms</code>
<a class="permalink" href="#TPM2"><b class="Sy" id="TPM2">TPM2</b></a>
backend:</p>
<ol class="Bl-enum Bd-indent Bl-compact">
<li>performs the equivalent of <code class="Nm">zfs</code>
<code class="Cm">change-key</code> <code class="Fl">-o</code>
<code class="Li">keylocation=prompt</code> <code class="Fl">-o</code>
<code class="Li">keyformat=passphrase</code>
<var class="Ar">dataset</var>,</li>
<li>frees the sealed key previously used to encrypt
<var class="Ar">dataset</var>,</li>
<li>removes the
<code class="Li">xyz.nabijaczleweli:tzpfms.</code>{<code class="Li">backend</code>,
<code class="Li">key</code>} properties from
<var class="Ar">dataset</var>.</li>
</ol>
<p class="Pp">See
<a class="Xr" href="zfs-tpm2-change-key.8.html">zfs-tpm2-change-key(8)</a>
for a detailed description.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
VARIABLES</a></h1>
<dl class="Bl-tag Bl-compact">
<dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
<dd>By default, passphrases are prompted for and read in on the standard
output and input streams. If
<code class="Ev">TZPFMS_PASSPHRASE_HELPER</code> is set and nonempty, it
will be run via <span class="Pa">/bin/</span><code class="Nm">sh</code>
<code class="Fl">-c</code> to provide each passphrase, instead.
<p class="Pp">The standard output stream of the helper is tied to an
anonymous file and used in its entirety as the passphrase, except for a
trailing new-line, if any. The arguments are:</p>
<div class="Bd-indent">
<dl class="Bl-tag Bl-compact">
<dt id="$1"><a class="permalink" href="#$1"><code class="Li">$1</code></a></dt>
<dd>Pre-formatted noun phrase with all the information below, for use as a
prompt</dd>
<dt id="$2"><a class="permalink" href="#$2"><code class="Li">$2</code></a></dt>
<dd>Either the dataset name or the element of the TPM hierarchy being
prompted for</dd>
<dt id="$3"><a class="permalink" href="#$3"><code class="Li">$3</code></a></dt>
<dd>&quot;new&quot; if this is for a new passphrase, otherwise blank</dd>
<dt id="$4"><a class="permalink" href="#$4"><code class="Li">$4</code></a></dt>
<dd>&quot;again&quot; if it's the second prompt for that passphrase,
otherwise blank</dd>
</dl>
</div>
<p class="Pp" id="127">If the helper doesn't exist (the shell exits with
<a class="permalink" href="#127"><b class="Sy">127</b></a>), a
diagnostic is issued and the normal prompt is used as fall-back. If it
fails for any other reason, the prompting is aborted.</p>
</dd>
</dl>
</section>
<section class="Sh">
<h1 class="Sh" id="TPM2_back-end_configuration"><a class="permalink" href="#TPM2_back-end_configuration">TPM2
back-end configuration</a></h1>
<section class="Ss">
<h2 class="Ss" id="Environment_variables"><a class="permalink" href="#Environment_variables">Environment
variables</a></h2>
<dl class="Bl-tag Bl-compact">
<dt id="TSS2_LOG"><a class="permalink" href="#TSS2_LOG"><code class="Ev">TSS2_LOG</code></a></dt>
<dd>Any of:
<a class="permalink" href="#NONE"><b class="Sy" id="NONE">NONE</b></a>,
<a class="permalink" href="#ERROR"><b class="Sy" id="ERROR">ERROR</b></a>,
<b class="Sy">WARNING</b>,
<a class="permalink" href="#INFO"><b class="Sy" id="INFO">INFO</b></a>,
<a class="permalink" href="#DEBUG"><b class="Sy" id="DEBUG">DEBUG</b></a>,
<a class="permalink" href="#TRACE"><b class="Sy" id="TRACE">TRACE</b></a>.
Default: <b class="Sy">WARNING</b>.</dd>
</dl>
</section>
<section class="Ss">
<h2 class="Ss" id="TPM_selection"><a class="permalink" href="#TPM_selection">TPM
selection</a></h2>
<p class="Pp">The library <code class="Nm">libtss2-tcti-default.so</code> can be
linked to any of the <span class="Pa">libtss2-tcti-*.so</span> libraries to
select the default, otherwise <span class="Pa">/dev/tpmrm0</span>, then
<span class="Pa">/dev/tpm0</span>, then
<span class="Pa">localhost:2321</span> will be tried, in order (see
<a class="Xr" href="https://mankier.com/3/ESYS_CONTEXT">ESYS_CONTEXT(3)</a>).</p>
</section>
<section class="Ss">
<h2 class="Ss" id="See_also"><a class="permalink" href="#See_also">See
also</a></h2>
<p class="Pp">The tpm2-tss git repository at
<a class="Lk" href="https://github.com/tpm2-software/tpm2-tss">https://github.com/tpm2-software/tpm2-tss</a>
and the documentation at
<a class="Lk" href="https://tpm2-tss.readthedocs.io">https://tpm2-tss.readthedocs.io</a>.</p>
<p class="Pp">The TPM 2.0 specifications, mainly at
<a class="Lk" href="https://trustedcomputinggroup.org/resource/tpm-library-specification/">https://trustedcomputinggroup.org/resource/tpm-library-specification/</a>,
<a class="Lk" href="https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf">https://trustedcomputinggroup.org/wp-content/uploads/TPM-Rev-2.0-Part-1-Architecture-01.38.pdf</a>,
and related pages.</p>
</section>
</section>
<section class="Sh">
<h1 class="Sh" id="SPECIAL_THANKS"><a class="permalink" href="#SPECIAL_THANKS">SPECIAL
THANKS</a></h1>
<p class="Pp">To all who support further development, in particular:</p>
<ul class="Bl-bullet Bd-indent Bl-compact">
<li>ThePhD</li>
<li>Embark Studios</li>
<li>Jasper Bekkers</li>
<li>EvModder</li>
</ul>
</section>
<section class="Sh">
<h1 class="Sh" id="REPORTING_BUGS"><a class="permalink" href="#REPORTING_BUGS">REPORTING
BUGS</a></h1>
<p class="Pp"><a class="Lk" href="https://todo.sr.ht/~nabijaczleweli/tzpfms">https://todo.sr.ht/~nabijaczleweli/tzpfms</a></p>
<p class="Pp"><a class="Mt" href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht">~nabijaczleweli/tzpfms@lists.sr.ht</a>,
archived at
<a class="Lk" href="https://lists.sr.ht/~nabijaczleweli/tzpfms">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>.</p>
</section>
</div>
<table class="foot">
<tr>
<td class="foot-date">March 11, 2024</td>
<td class="foot-os">tzpfms 0.4.1-1-gfd16dbb</td>
</tr>
</table>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink