third-party-mirrors/tzpfms
1
0
Fork 0
mirror of https://git.sr.ht/~nabijaczleweli/tzpfms synced 2025-05-11 11:01:01 +03:00
Code Issues Actions Packages Projects Releases Wiki Activity
tzpfms/zfs-tpm2-load-key.8.html
наб autouploader cfc92af2ba Manpage update by job 628177
2021-11-15 18:13:33 +00:00

150 lines
6.9 KiB
HTML
Raw Blame History

<!DOCTYPE html>
<html>
<!-- This is an automatically generated file. Do not edit.
SPDX-License-Identifier: MIT
-->
<head>
<meta charset="utf-8"/>
<meta name="viewport" content="width=device-width, initial-scale=1.0"/>
<link rel="stylesheet" href="style.css" type="text/css" media="all"/>
<title>ZFS-TPM2-LOAD-KEY(8)</title>
</head>
<body>
<table class="head">
<tr>
<td class="head-ltitle">ZFS-TPM2-LOAD-KEY(8)</td>
<td class="head-vol">System Manager's Manual</td>
<td class="head-rtitle">ZFS-TPM2-LOAD-KEY(8)</td>
</tr>
</table>
<div class="manual-text">
<section class="Sh">
<h1 class="Sh" id="NAME"><a class="permalink" href="#NAME">NAME</a></h1>
<p class="Pp"><code class="Nm">zfs-tpm2-load-key</code> &#x2014;
<span class="Nd">load TPM2-encrypted ZFS dataset key</span></p>
</section>
<section class="Sh">
<h1 class="Sh" id="SYNOPSIS"><a class="permalink" href="#SYNOPSIS">SYNOPSIS</a></h1>
<table class="Nm">
<tr>
<td><code class="Nm">zfs-tpm2-load-key</code></td>
<td>[<code class="Fl">-n</code>] <var class="Ar">dataset</var></td>
</tr>
</table>
</section>
<section class="Sh">
<h1 class="Sh" id="DESCRIPTION"><a class="permalink" href="#DESCRIPTION">DESCRIPTION</a></h1>
<p class="Pp">After verifying <var class="Ar">dataset</var> was encrypted with
<code class="Nm">tzpfms</code> backend
<a class="permalink" href="#TPM2"><b class="Sy" id="TPM2">TPM2</b></a>,
unseals the key and loads it into <var class="Ar">dataset</var>.</p>
<p class="Pp">The user is prompted for the additional passphrase, set when
creating the key, if one was set.</p>
<p class="Pp">See
<a class="Xr" href="zfs-tpm2-change-key.8.html">zfs-tpm2-change-key(8)</a>
for a detailed description.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="OPTIONS"><a class="permalink" href="#OPTIONS">OPTIONS</a></h1>
<dl class="Bl-tag Bl-compact">
<dt id="n"><a class="permalink" href="#n"><code class="Fl">-n</code></a></dt>
<dd>Do a no-op/dry run, can be used even if the key is already loaded.
Equivalent to <code class="Nm">zfs</code>
<code class="Cm">load-key</code>'s <code class="Fl">-n</code> option.</dd>
</dl>
</section>
<section class="Sh">
<h1 class="Sh" id="ENVIRONMENT_VARIABLES"><a class="permalink" href="#ENVIRONMENT_VARIABLES">ENVIRONMENT
VARIABLES</a></h1>
<dl class="Bl-tag Bl-compact">
<dt id="TZPFMS_PASSPHRASE_HELPER"><a class="permalink" href="#TZPFMS_PASSPHRASE_HELPER"><code class="Ev">TZPFMS_PASSPHRASE_HELPER</code></a></dt>
<dd>If set and nonempty, will be run as
<div class="Bd
Bd-indent"><code class="Li"><span class="Pa">/bin/</span><code class="Nm">sh</code>
<code class="Fl">-c</code>
<code class="Li">&quot;$TZPFMS_PASSPHRASE_HELPER&quot;
&quot;$TZPFMS_PASSPHRASE_HELPER&quot;</code>
&quot;<var class="Ar">prepared prompt</var>&quot;
&quot;<var class="Ar">target</var>&quot;
&quot;[<code class="Li">new</code>]&quot;
&quot;[<code class="Li">again</code>]&quot;</code></div>
to provide a passphrase, instead of reading from the standard input.
<p class="Pp">The standard output stream of the helper is tied to an
anonymous file and used in its entirety as the passphrase, except for a
trailing new-line, if any. The second argument contains either the
dataset name or the element of the TPM hierarchy. The third argument is
<code class="Li">new</code> if this is for a new passphrase, and the
fourth is <code class="Li">again</code> if it's the second prompt for
that passphrase. The first argument already contains all of this
information, as a pre-formatted noun phrase.</p>
<p class="Pp" id="127">If the helper doesn't exist (the shell exits with
<a class="permalink" href="#127"><b class="Sy">127</b></a>), a
diagnostic is issued and the normal prompt is used as fall-back. If it
fails for any other reason, the prompting is aborted.</p>
<p class="Pp">An example value would be:
<span class="No">'</span><code class="Nm">systemd-ask-password</code>
<code class="Fl">--id</code><code class="Li">=</code>&quot;<code class="Li">tzpfms:</code><var class="Ar">$2</var>&quot;
&quot;<var class="Ar">$1</var><code class="Li">: </code>&quot;'.</p>
</dd>
</dl>
</section>
<section class="Sh">
<h1 class="Sh" id="TPM1.X_back-end_configuration"><a class="permalink" href="#TPM1.X_back-end_configuration">TPM1.X
back-end configuration</a></h1>
<section class="Ss">
<h2 class="Ss" id="TPM_selection"><a class="permalink" href="#TPM_selection">TPM
selection</a></h2>
<p class="Pp">The <code class="Nm">tzpfms</code> suite connects to a local
<a class="Xr" href="https://manpages.debian.org/bullseye/tcsd.8">tcsd(8)</a>
process (at <span class="Pa">localhost:30003</span>) by default. Use the
environment variable <code class="Ev">TZPFMS_TPM1X</code> to specify a
remote TCS hostname.</p>
<p class="Pp">The TrouSerS
<a class="Xr" href="https://manpages.debian.org/bullseye/tcsd.8">tcsd(8)</a>
daemon will try <span class="Pa">/dev/tpm0</span>, then
<span class="Pa">/udev/tpm0</span>, then <span class="Pa">/dev/tpm</span>;
by occupying one of the earlier ones with, for example, shell redirection, a
later one can be selected.</p>
</section>
<section class="Ss">
<h2 class="Ss" id="See_also"><a class="permalink" href="#See_also">See
also</a></h2>
<p class="Pp">The TrouSerS project page at
<a class="Lk" href="https://sourceforge.net/projects/trousers">https://sourceforge.net/projects/trousers</a>.</p>
<p class="Pp">The TPM 1.2 main specification index at
<a class="Lk" href="https://trustedcomputinggroup.org/resource/tpm-main-specification">https://trustedcomputinggroup.org/resource/tpm-main-specification</a>.</p>
</section>
</section>
<section class="Sh">
<h1 class="Sh" id="SPECIAL_THANKS"><a class="permalink" href="#SPECIAL_THANKS">SPECIAL
THANKS</a></h1>
<p class="Pp">To all who support further development, in particular:</p>
<ul class="Bl-bullet Bd-indent Bl-compact">
<li>ThePhD</li>
<li>Embark Studios</li>
<li>Jasper Bekkers</li>
</ul>
</section>
<section class="Sh">
<h1 class="Sh" id="REPORTING_BUGS"><a class="permalink" href="#REPORTING_BUGS">REPORTING
BUGS</a></h1>
<p class="Pp"><a class="Lk" href="https://todo.sr.ht/~nabijaczleweli/tzpfms">https://todo.sr.ht/~nabijaczleweli/tzpfms</a></p>
<p class="Pp"><a class="Mt" href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht">~nabijaczleweli/tzpfms@lists.sr.ht</a>,
archived at
<a class="Lk" href="https://lists.sr.ht/~nabijaczleweli/tzpfms">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>.</p>
</section>
<section class="Sh">
<h1 class="Sh" id="SEE_ALSO"><a class="permalink" href="#SEE_ALSO">SEE
ALSO</a></h1>
<p class="Pp"><a class="Lk" href="https://git.sr.ht/~nabijaczleweli/tzpfms">https://git.sr.ht/~nabijaczleweli/tzpfms</a></p>
</section>
</div>
<table class="foot">
<tr>
<td class="foot-date">November 15, 2021</td>
<td class="foot-os">tzpfms 0.1-15</td>
</tr>
</table>
</body>
</html>
Reference in New Issue View Git Blame Copy Permalink