2.6 KiB
tzpfms 
TPM-based encryption keys for ZFS datasets.
Manpages
Why?
T P M
Z F S
Plus it's a pretty good annoyed sigh onomatopoeia.
Building
You'll need pkg-config, ronn, libzfslinux-dev, libtss2-dev, and make should hopefully Just Work™ if you have a C++17-capable compiler.
The output binaries are trimmed of extraneous dependencies, so they're all just libc + libzfs and friends + TPM back-end.
Installation
Copy the out/zfs-tpm* binaries corresponding to the back-ends you want to /sbin,
continue as the manpage instructs.
Testing
TPM2
Build swtpm, then prepare and run it:
swtpm_setup --tpmstate tpm-state --tpm2 --createek --display --logfile /dev/stdout --overwrite
swtpm socket --server type=tcp,port=2321 --ctrl type=tcp,port=2322 --tpm2 --tpmstate dir=tpm-state --flags not-need-init --log level=10
If your platform has a TPM, switch to swtpm by default:
ln -s /usr/lib/i386-linux-gnu/libtss2-tcti-{swtpm,default}.so
Reporting bugs
There's the tracker, but also see the list below.
Contributing
Send a patch inline, as an attachment, or a git link and a ref to pull from to the list (~nabijaczleweli/tzpfms@lists.sr.ht) or me directly. I'm not picky, just please include the repo name in the subject prefix.
Discussion
Please use the tracker, the list, or Twitter.
Special thanks
To all who support further development on Patreon, in particular:
- ThePhD
- Embark Studios