mirror of
https://git.sr.ht/~nabijaczleweli/tzpfms
synced 2025-04-25 09:52:11 +03:00
66 lines
3.3 KiB
Plaintext
66 lines
3.3 KiB
Plaintext
<div class='mp'>
|
|
|
|
<h2 id="NAME">NAME</h2>
|
|
<p class="man-name">
|
|
<code>zfs-tpm1x-load-key</code> - <span class="man-whatis">load tzpfms TPM1.X-encrypted ZFS dataset key</span>
|
|
</p>
|
|
<h2 id="SYNOPSIS">SYNOPSIS</h2>
|
|
|
|
<p><code>zfs-tpm1x-load-key</code> [-n] <var>dataset</var></p>
|
|
|
|
<h2 id="DESCRIPTION">DESCRIPTION</h2>
|
|
|
|
<p><a class="man-ref" href="zfs-tpm1x-load-key.8.html">zfs-tpm1x-load-key<span class="s">(8)</span></a>, after verifying that <code>dataset</code> was encrypted with tzpfms backend <em>TPM1.X</em> will unseal the key and load it into <code>dataset</code>.</p>
|
|
|
|
<p>The user is prompted for, first, the SRK passphrase, set when taking ownership, if it's not "well-known" (all zeroes),
|
|
then the additional passphrase set when creating the key, if it was provided.</p>
|
|
|
|
<p>See <a class="man-ref" href="zfs-tpm1x-change-key.8.html">zfs-tpm1x-change-key<span class="s">(8)</span></a> for a detailed description.</p>
|
|
|
|
<h2 id="OPTIONS">OPTIONS</h2>
|
|
|
|
<dl>
|
|
<dt><code>-n</code></dt>
|
|
<dd>Do a no-op/dry run, can be used even if the key is already loaded. Equivalent to <strong><a class="man-ref" href="https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html">zfs<span class="s">(8)</span></a> load-key</strong>'s <code>-n</code> option.</dd>
|
|
</dl>
|
|
|
|
<h2 id="TPM1-X-back-end-configuration">TPM1.X back-end configuration</h2>
|
|
|
|
<h3 id="TPM-selection">TPM selection</h3>
|
|
|
|
<p>The tzpfms suite connects to a local <a class="man-ref" href="https://manpages.debian.org/bullseye/trousers/tcsd.8.en.html">tcsd<span class="s">(8)</span></a> process (at <code>localhost:30003</code>) by default.
|
|
Use the environment variable <code>TZPFMS_TPM1X</code> to specify a remote TCS hostname.</p>
|
|
|
|
<p>The TrouSerS <a class="man-ref" href="https://manpages.debian.org/bullseye/trousers/tcsd.8.en.html">tcsd<span class="s">(8)</span></a> daemon will try <code>/dev/tpm0</code>, then <code>/udev/tpm0</code>, then <code>/dev/tpm</code>;
|
|
by occupying one of the earlier ones with, for example, shell redirection, a later one can be selected.</p>
|
|
|
|
<h3 id="See-also">See also</h3>
|
|
|
|
<p>The TrouSerS project page at <a href="https://sourceforge.net/projects/trousers" data-bare-link="true">https://sourceforge.net/projects/trousers</a>.</p>
|
|
|
|
<p>The TPM 1.2 main specification index at <<a href="https://trustedcomputinggroup.org/resource/tpm-main-specification" data-bare-link="true">https://trustedcomputinggroup.org/resource/tpm-main-specification</a>>.</p>
|
|
|
|
<h2 id="AUTHOR">AUTHOR</h2>
|
|
|
|
<p>Written by наб <<a href="mailto:nabijaczleweli@nabijaczleweli.xyz" data-bare-link="true">nabijaczleweli@nabijaczleweli.xyz</a>></p>
|
|
|
|
<h2 id="SPECIAL-THANKS">SPECIAL THANKS</h2>
|
|
|
|
<p>To all who support further development, in particular:</p>
|
|
|
|
<ul>
|
|
<li>ThePhD</li>
|
|
<li>Embark Studios</li>
|
|
</ul>
|
|
|
|
<h2 id="REPORTING-BUGS">REPORTING BUGS</h2>
|
|
|
|
<p><<a href="https://todo.sr.ht/~nabijaczleweli/tzpfms" data-bare-link="true">https://todo.sr.ht/~nabijaczleweli/tzpfms</a>></p>
|
|
|
|
<p><<a href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht" data-bare-link="true">~nabijaczleweli/tzpfms@lists.sr.ht</a>>, archived at <<a href="https://lists.sr.ht/~nabijaczleweli/tzpfms" data-bare-link="true">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>></p>
|
|
|
|
<h2 id="SEE-ALSO">SEE ALSO</h2>
|
|
|
|
<p><<a href="https://git.sr.ht/~nabijaczleweli/tzpfms" data-bare-link="true">https://git.sr.ht/~nabijaczleweli/tzpfms</a>></p>
|
|
</div>
|