tzpfms/zfs-tpm-list.8.html_fragment

<div class='mp'>

<h2 id="NAME">NAME</h2>
<p class="man-name">
  <code>zfs-tpm-list</code> - <span class="man-whatis">print dataset tzpfms metadata</span>
</p>
<h2 id="SYNOPSIS">SYNOPSIS</h2>

<p><code>zfs-tpm-list</code> [-H] [-r|-d <em>depth</em>] [-a|-b <em>back-end</em>] [-u|-l] [<em>filesystem</em>|<em>volume</em>]…</p>

<h2 id="DESCRIPTION">DESCRIPTION</h2>

<p><a class="man-ref" href="zfs-tpm-list.8.html">zfs-tpm-list<span class="s">(8)</span></a> lists the following properties on encryption roots:</p>

<ul>
  <li>
<code>name</code>,</li>
  <li>
<code>back-end</code>: the tzpfms back-end (e.g. "TPM2" for <a class="man-ref" href="zfs-tpm2-change-key.8.html">zfs-tpm2-change-key<span class="s">(8)</span></a> or "TPM1.X" for <a class="man-ref" href="zfs-tpm1x-change-key.8.html">zfs-tpm1x-change-key<span class="s">(8)</span></a>),
            or "-" if none is configured,</li>
  <li>
<code>keystatus</code>: "available" or "unavailable",</li>
  <li>
<code>coherent</code>: "yes" if either both <code>xyz.nabijaczleweli:tzpfms.backend</code> and <code>xyz.nabijaczleweli:tzpfms.key</code> are present or missing, "no" otherwise.</li>
</ul>

<p>Incoherent datasets require immediate operator attention, with either the appropriate zfs-tpm*-clear-key program or <a class="man-ref" href="https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html">zfs<span class="s">(8)</span></a> change-key and <a class="man-ref" href="https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html">zfs<span class="s">(8)</span></a> inherit —
if the key becomes unloaded, they will require restoration from back-up.
However, they should never occur, unless something went terribly wrong with the dataset properties.</p>

<p>If no datasets are specified, lists all matching encryption roots.
The default filter is to list all roots managed by tzpfms.
The <code>-a</code> and <code>-b</code> <a href="">OPTIONS</a> can be used to either list all roots or only ones backed by a particular end, respectively.</p>

<h2 id="OPTIONS">OPTIONS</h2>

<dl>
<dt><code>-H</code></dt>
<dd>Used for scripting mode. Do not print headers and separate fields by a single tab instead of arbitrary white space.</dd>
<dt><code>-r</code></dt>
<dd>Recurse into all descendant datasets. Default if no datasets listed on the command-line.</dd>
<dt>
<code>-d</code> <em>depth</em>
</dt>
<dd>Recurse at most <em>depth</em> datasets deep. Defaults to zero if datasets were listed on the command-line.</dd>
<dt><code>-a</code></dt>
<dd>List all encryption roots, even ones not managed by tzpfms.</dd>
<dt>
<code>-b</code> <em>back-end</em>
</dt>
<dd>List only encryption roots with tzpfms back-end <em>back-end</em>.</dd>
<dt><code>-l</code></dt>
<dd>List only encryption roots whose keys are available.</dd>
<dt><code>-u</code></dt>
<dd>List only encryption roots whose keys are unavailable.</dd>
</dl>

<h2 id="EXAMPLES">EXAMPLES</h2>

<pre><code>$ zfs-tpm-list
NAME      BACK-END  KEYSTATUS    COHERENT
owo/venc  TPM2      unavailable  yes
owo/enc   TPM1.X    available    yes

$ zfs-tpm-list -ad0
NAME  BACK-END  KEYSTATUS  COHERENT
awa   -         available  yes

$ zfs-tpm-list -b TPM2
NAME      BACK-END  KEYSTATUS    COHERENT
owo/venc  TPM2      unavailable  yes

$ zfs-tpm-list -ra owo
NAME      BACK-END  KEYSTATUS    COHERENT
owo/venc  TPM2      unavailable  yes
owo/vtnc  -         available    yes
owo/v nc  -         available    yes
owo/enc   TPM1.X    available    yes

$ zfs-tpm-list -al
NAME      BACK-END  KEYSTATUS  COHERENT
awa       -         available  yes
owo/vtnc  -         available  yes
owo/v nc  -         available  yes
owo/enc   TPM1.X    available  yes
</code></pre>

<h2 id="AUTHOR">AUTHOR</h2>

<p>Written by наб &lt;<a href="mailto:nabijaczleweli@nabijaczleweli.xyz" data-bare-link="true">nabijaczleweli@nabijaczleweli.xyz</a>&gt;</p>

<h2 id="SPECIAL-THANKS">SPECIAL THANKS</h2>

<p>To all who support further development, in particular:</p>

<ul>
  <li>ThePhD</li>
  <li>Embark Studios</li>
</ul>

<h2 id="REPORTING-BUGS">REPORTING BUGS</h2>

<p>&lt;<a href="https://todo.sr.ht/~nabijaczleweli/tzpfms" data-bare-link="true">https://todo.sr.ht/~nabijaczleweli/tzpfms</a>&gt;</p>

<p>&lt;<a href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht" data-bare-link="true">~nabijaczleweli/tzpfms@lists.sr.ht</a>&gt;, archived at &lt;<a href="https://lists.sr.ht/~nabijaczleweli/tzpfms" data-bare-link="true">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>&gt;</p>

<h2 id="SEE-ALSO">SEE ALSO</h2>

<p>&lt;<a href="https://git.sr.ht/~nabijaczleweli/tzpfms" data-bare-link="true">https://git.sr.ht/~nabijaczleweli/tzpfms</a>&gt;</p>
</div>