~nabijaczleweli/tzpfms

20b45eb7844e4173ea15eef105b933bb6ed41f72 — наб autouploader a month ago fc4094f
Manpage update by job 608532
A tzpfms.pdf => tzpfms.pdf +0 -0
A tzpfms.ps => tzpfms.ps +803 -0
@@ 0,0 1,803 @@
%!PS-Adobe-3.0
%%Creator: groff version 1.22.4
%%CreationDate: Fri Oct 15 21:38:47 2021
%%DocumentNeededResources: font Times-Roman
%%+ font Times-Bold
%%+ font Courier-Bold
%%+ font Courier-Oblique
%%+ font Courier
%%+ font Symbol
%%+ font Times-Italic
%%DocumentSuppliedResources: procset grops 1.22 4
%%Pages: 10
%%PageOrder: Ascend
%%DocumentMedia: Default 595 842 0 () ()
%%Orientation: Portrait
%%EndComments
%%BeginDefaults
%%PageMedia: Default
%%EndDefaults
%%BeginProlog
%%BeginResource: procset grops 1.22 4
%!PS-Adobe-3.0 Resource-ProcSet
/setpacking where{
pop
currentpacking
true setpacking
}if
/grops 120 dict dup begin
/SC 32 def
/A/show load def
/B{0 SC 3 -1 roll widthshow}bind def
/C{0 exch ashow}bind def
/D{0 exch 0 SC 5 2 roll awidthshow}bind def
/E{0 rmoveto show}bind def
/F{0 rmoveto 0 SC 3 -1 roll widthshow}bind def
/G{0 rmoveto 0 exch ashow}bind def
/H{0 rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/I{0 exch rmoveto show}bind def
/J{0 exch rmoveto 0 SC 3 -1 roll widthshow}bind def
/K{0 exch rmoveto 0 exch ashow}bind def
/L{0 exch rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/M{rmoveto show}bind def
/N{rmoveto 0 SC 3 -1 roll widthshow}bind def
/O{rmoveto 0 exch ashow}bind def
/P{rmoveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/Q{moveto show}bind def
/R{moveto 0 SC 3 -1 roll widthshow}bind def
/S{moveto 0 exch ashow}bind def
/T{moveto 0 exch 0 SC 5 2 roll awidthshow}bind def
/SF{
findfont exch
[exch dup 0 exch 0 exch neg 0 0]makefont
dup setfont
[exch/setfont cvx]cvx bind def
}bind def
/MF{
findfont
[5 2 roll
0 3 1 roll
neg 0 0]makefont
dup setfont
[exch/setfont cvx]cvx bind def
}bind def
/level0 0 def
/RES 0 def
/PL 0 def
/LS 0 def
/MANUAL{
statusdict begin/manualfeed true store end
}bind def
/PLG{
gsave newpath clippath pathbbox grestore
exch pop add exch pop
}bind def
/BP{
/level0 save def
1 setlinecap
1 setlinejoin
DEFS/BPhook known{DEFS begin BPhook end}if
72 RES div dup scale
LS{
90 rotate
}{
0 PL translate
}ifelse
1 -1 scale
}bind def
/EP{
level0 restore
showpage
}def
/DA{
newpath arcn stroke
}bind def
/SN{
transform
.25 sub exch .25 sub exch
round .25 add exch round .25 add exch
itransform
}bind def
/DL{
SN
moveto
SN
lineto stroke
}bind def
/DC{
newpath 0 360 arc closepath
}bind def
/TM matrix def
/DE{
TM currentmatrix pop
translate scale newpath 0 0 .5 0 360 arc closepath
TM setmatrix
}bind def
/RC/rcurveto load def
/RL/rlineto load def
/ST/stroke load def
/MT/moveto load def
/CL/closepath load def
/Fr{
setrgbcolor fill
}bind def
/setcmykcolor where{
pop
/Fk{
setcmykcolor fill
}bind def
}if
/Fg{
setgray fill
}bind def
/FL/fill load def
/LW/setlinewidth load def
/Cr/setrgbcolor load def
/setcmykcolor where{
pop
/Ck/setcmykcolor load def
}if
/Cg/setgray load def
/RE{
findfont
dup maxlength 1 index/FontName known not{1 add}if dict begin
{
1 index/FID ne
2 index/UniqueID ne
and
{def}{pop pop}ifelse
}forall
/Encoding exch def
dup/FontName exch def
currentdict end definefont pop
}bind def
/DEFS 0 def
/EBEGIN{
moveto
DEFS begin
}bind def
/EEND/end load def
/CNT 0 def
/level1 0 def
/PBEGIN{
/level1 save def
translate
div 3 1 roll div exch scale
neg exch neg exch translate
0 setgray
0 setlinecap
1 setlinewidth
0 setlinejoin
10 setmiterlimit
[]0 setdash
/setstrokeadjust where{
pop
false setstrokeadjust
}if
/setoverprint where{
pop
false setoverprint
}if
newpath
/CNT countdictstack def
userdict begin
/showpage{}def
/setpagedevice{}def
mark
}bind def
/PEND{
cleartomark
countdictstack CNT sub{end}repeat
level1 restore
}bind def
end def
/setpacking where{
pop
setpacking
}if
%%EndResource
%%EndProlog
%%BeginSetup
%%BeginFeature: *PageSize Default
<< /PageSize [ 595 842 ] /ImagingBBox null >> setpagedevice
%%EndFeature
%%IncludeResource: font Times-Roman
%%IncludeResource: font Times-Bold
%%IncludeResource: font Courier-Bold
%%IncludeResource: font Courier-Oblique
%%IncludeResource: font Courier
%%IncludeResource: font Symbol
%%IncludeResource: font Times-Italic
grops begin/DEFS 1 dict def DEFS begin/u{.001 mul}bind def end/RES 72
def/PL 841.89 def/LS false def/ENC0[/asciicircum/asciitilde/Scaron
/Zcaron/scaron/zcaron/Ydieresis/trademark/quotesingle/Euro/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef/.notdef
/.notdef/.notdef/.notdef/space/exclam/quotedbl/numbersign/dollar/percent
/ampersand/quoteright/parenleft/parenright/asterisk/plus/comma/hyphen
/period/slash/zero/one/two/three/four/five/six/seven/eight/nine/colon
/semicolon/less/equal/greater/question/at/A/B/C/D/E/F/G/H/I/J/K/L/M/N/O
/P/Q/R/S/T/U/V/W/X/Y/Z/bracketleft/backslash/bracketright/circumflex
/underscore/quoteleft/a/b/c/d/e/f/g/h/i/j/k/l/m/n/o/p/q/r/s/t/u/v/w/x/y
/z/braceleft/bar/braceright/tilde/.notdef/quotesinglbase/guillemotleft
/guillemotright/bullet/florin/fraction/perthousand/dagger/daggerdbl
/endash/emdash/ff/fi/fl/ffi/ffl/dotlessi/dotlessj/grave/hungarumlaut
/dotaccent/breve/caron/ring/ogonek/quotedblleft/quotedblright/oe/lslash
/quotedblbase/OE/Lslash/.notdef/exclamdown/cent/sterling/currency/yen
/brokenbar/section/dieresis/copyright/ordfeminine/guilsinglleft
/logicalnot/minus/registered/macron/degree/plusminus/twosuperior
/threesuperior/acute/mu/paragraph/periodcentered/cedilla/onesuperior
/ordmasculine/guilsinglright/onequarter/onehalf/threequarters
/questiondown/Agrave/Aacute/Acircumflex/Atilde/Adieresis/Aring/AE
/Ccedilla/Egrave/Eacute/Ecircumflex/Edieresis/Igrave/Iacute/Icircumflex
/Idieresis/Eth/Ntilde/Ograve/Oacute/Ocircumflex/Otilde/Odieresis
/multiply/Oslash/Ugrave/Uacute/Ucircumflex/Udieresis/Yacute/Thorn
/germandbls/agrave/aacute/acircumflex/atilde/adieresis/aring/ae/ccedilla
/egrave/eacute/ecircumflex/edieresis/igrave/iacute/icircumflex/idieresis
/eth/ntilde/ograve/oacute/ocircumflex/otilde/odieresis/divide/oslash
/ugrave/uacute/ucircumflex/udieresis/yacute/thorn/ydieresis]def
/Times-Italic@0 ENC0/Times-Italic RE/Courier@0 ENC0/Courier RE
/Courier-Oblique@0 ENC0/Courier-Oblique RE/Courier-Bold@0 ENC0
/Courier-Bold RE/Times-Bold@0 ENC0/Times-Bold RE/Times-Roman@0 ENC0
/Times-Roman RE
%%EndSetup
%%Page: 1 1
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF -.834(ZFS-TPM-LIST \(8\))72 48 R
(System Manager')102.759 E 2.5(sM)-.55 G 97.759(anual ZFS-TPM-LIST)-2.5
F(\(8\))1.666 E/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E/F2 10
/Courier-Bold@0 SF(zfs-tpm-list)102 108 Q F0 2.5<8a70>2.5 G
(rint dataset tzpfms metadata)-2.5 E F1(SYNOPSIS)72 132 Q F2
(zfs-tpm-list)102 144 Q F0([)3.333 E F2<ad48>2.499 E F0 3.333(][).833 G
F2<ad72>-.834 E F0(|)A F2<ad64>1.666 E/F3 10/Courier-Oblique@0 SF(depth)
6 E F0 3.333(][).833 G F2<ad61>-.834 E F0(|)A F2<ad62>1.666 E F3
(back-end)6 E F0 3.333(][).833 G F2<ad75>-.834 E F0(|)A F2<ad6c>1.666 E
F0 2.5(][).833 G F3(filesystem)-2.5 E F0(|)A F3(volume)A F0 1.666(]...)C
F1(DESCRIPTION)72 168 Q F0(Lists the follo)102 180 Q
(wing properties on encryption roots:)-.25 E/F4 10/Courier@0 SF(name)132
192 Q(back-end)132 204 Q F0(the)191 204 Q F2(tzpfms)4.153 E F0 3.318
(back-end \()4.153 F(e.g.)1.666 E F1(TPM2)4.152 E F0(for)4.152 E F4
(zfs-tpm2-change-key)4.152 E F0 1.652(\(8\) or)B F1(TPM1.X)4.152 E F0
(for)191 216 Q F4(zfs-tpm1x-change-key)2.5 E F0 -.834(\(8\) \) ,)B(or ")
2.5 E F1(-)A F0 2.5("i)C 2.5(fn)-2.5 G(one is con\214gured)-2.5 E F4
(keystatus)132 228 Q F1 -2.1 -.25(av a)191 228 T(ilable).25 E F0(or)2.5
E F1(una)2.5 E -.1(va)-.25 G(ilable).1 E F4(coherent)132 240 Q F1 -.1
(ye)191 240 S(s).1 E F0 12.834(if either both)15.334 F F4
(xyz.nabijaczleweli:tzpfms.backend)15.334 E F0(and)15.334 E F4
(xyz.nabijaczleweli:tzpfms.key)191 252 Q F0(are present or missing,)2.5
E F1(no)2.5 E F0(otherwise)2.5 E 11.268(Incoherent datasets require imm\
ediate operator attention, with either the appropriate)102 270 R F2
(zfs-tpm)102 282 Q/F5 10/Symbol SF(*)A F2(-clear-key)A F0 .462
(program or)2.962 F F2 .462(zfs change-key)2.962 F F0(and)2.962 E F2
.462(zfs inherit)2.962 F F0 2.962<8a69>2.962 G 2.963(ft)-2.962 G .463
(he k)-2.963 F .763 -.15(ey b)-.1 H .463(ecomes un-).15 F 1.642
(loaded, the)102 294 R 4.142(yw)-.15 G 1.642
(ill require restoration from back-up.)-4.142 F(Ho)6.642 E(we)-.25 E
-.15(ve)-.25 G 2.441 -.4(r, t).15 H(he).4 E 4.141(ys)-.15 G 1.641
(hould ne)-4.141 F -.15(ve)-.25 G 4.141(ro).15 G(ccur)-4.141 E 4.141(,u)
-.4 G 1.641(nless something)-4.141 F
(went terribly wrong with the dataset properties.)102 306 Q .468
(If no datasets are speci\214ed, lists all matching encryption roots.)
102 324 R .468(The def)5.468 F .468
(ault \214lter is to list all roots managed)-.1 F(by)102 336 Q F2
(tzpfms)2.5 E F0(.)A F2(\255ab)6.666 E F0
(can be used to either list all roots or only ones back)2.5 E
(ed by a particular end, respecti)-.1 E -.15(ve)-.25 G(ly).15 E(.)-.65 E
F1(OPTIONS)72 360 Q F2<ad48>103.666 372 Q F0 .093(Scripting mode \212 d\
o not print headers and separate \214elds by a single tab instead of co\
lum-)173 372 R(nating with spaces.)173 384 Q F2<ad72>103.666 402 Q F0
(Recurse into all descendants of speci\214ed datasets.)173 402 Q F2
<ad64>103.666 414 Q F3(depth)6 E F0(Recurse at most)173 414 Q F3(depth)
2.5 E F0(datasets deep.)2.5 E(Def)5 E(ault:)-.1 E F1(0)2.5 E F0(.)A F2
<ad61>103.666 432 Q F0(List all encryption roots, e)173 432 Q -.15(ve)
-.25 G 2.5(no).15 G(nes not managed by)-2.5 E F2(tzpfms)2.5 E F0(.)A F2
<ad62>103.666 444 Q F3(back-end)6 E F0(List only encryption roots with)
173 456 Q F3(tzpfms)2.5 E F0(back-end)2.5 E F3(back-end)2.5 E F0(.)A F2
<ad6c>103.666 474 Q F0(List only encryption roots whose k)173 474 Q -.15
(ey)-.1 G 2.5(sa).15 G(re a)-2.5 E -.25(va)-.2 G(ilable.).25 E F2<ad79>
103.666 486 Q F0(List only encryption roots whose k)173 486 Q -.15(ey)
-.1 G 2.5(sa).15 G(re una)-2.5 E -.25(va)-.2 G(ilable.).25 E F1
(EXAMPLES)72 510 Q F4($)102 522 Q F2(zfs-tpm-list)6 E F4
(NAME BACK-END KEYSTATUS COHERENT)102 534 Q
(owo/venc TPM2 unavailable yes)102 546 Q(owo/enc TPM1.X available yes)
102 558 Q($)102 582 Q F2 1.666(zfs-tpm-list \255ad0)6 F F4
(NAME BACK-END KEYSTATUS COHERENT)102 594 Q(awa - available yes)102 606
Q($)102 630 Q F2 1.666(zfs-tpm-list \255b)6 F F1(TPM2)6 E F4
(NAME BACK-END KEYSTATUS COHERENT)102 642 Q
(owo/venc TPM2 unavailable yes)102 654 Q($)102 678 Q F2 1.666
(zfs-tpm-list \255ra)6 F F3(owo)6 E F4(NAME BACK-END KEYSTATUS COHERENT)
102 690 Q(owo/venc TPM2 unavailable yes)102 702 Q F0(tzpfms 0.1-6)72 750
Q(October 15, 2021)148.595 E(1)194.145 E 0 Cg EP
%%Page: 2 2
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF -.834(ZFS-TPM-LIST \(8\))72 48 R
(System Manager')102.759 E 2.5(sM)-.55 G 97.759(anual ZFS-TPM-LIST)-2.5
F(\(8\))1.666 E/F1 10/Courier@0 SF(owo/vtnc - available yes)102 96 Q
(owo/v nc - available yes)102 108 Q(owo/enc TPM1.X available yes)102 120
Q($)102 144 Q/F2 10/Courier-Bold@0 SF 1.666(zfs-tpm-list \255al)6 F F1
(NAME BACK-END KEYSTATUS COHERENT)102 156 Q(awa - available yes)102 168
Q(owo/vtnc - available yes)102 180 Q(owo/v nc - available yes)102 192 Q
(owo/enc TPM1.X available yes)102 204 Q/F3 10/Times-Bold@0 SF 1.666
(SPECIAL THANKS)72 228 R F0 1.6 -.8(To a)102 240 T
(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
.15 E F3<83>122 252 Q F0(ThePhD)2.5 E F3<83>122 264 Q F0(Embark Studios)
2.5 E F3(REPOR)72 288 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102
300 Q(.ht/~nabijaczleweli/tzpfms)-1 E F1
(~nabijaczleweli/tzpfms@lists.sr.ht)102 318 Q F0 2.5(,a)C(rchi)-2.5 E
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F3(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F3 1.666(SEE ALSO)72 342 R
(https://git.sr)102 354 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-6)72 750 Q(October 15, 2021)148.595 E(2)194.145 E 0 Cg EP
%%Page: 3 3
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF -.834(ZFS-TPM1X-CHANGE-KEY \(8\))72 48 R
(System Manager')46.109 E 2.5(sM)-.55 G 41.109
(anual ZFS-TPM1X-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF
-.2(NA)72 96 S(ME).2 E/F2 10/Courier-Bold@0 SF(zfs-tpm1x-change-key)102
108 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)-2.5 E .3 -.15(ey t)-.1 H
2.5(oo).15 G(ne stored on the TPM)-2.5 E F1(SYNOPSIS)72 132 Q F2
(zfs-tpm1x-change-key)102 144 Q F0([)3.333 E F2<ad62>2.499 E/F3 10
/Courier-Oblique@0 SF(backup-file)6 E F0(]).833 E F3(dataset)2.5 E F1
(DESCRIPTION)72 168 Q F0 4.76 -.8(To n)102 180 T 3.16(ormalise the).8 F
F3(dataset)5.66 E F0(,)A F2(zfs-tpm1x-change-key)5.66 E F0 3.16
(will open its encryption root in its stead.)5.66 F F2
(zfs-tpm1x-change-key)102 192 Q F0(will)3.264 E/F4 10/Times-Italic@0 SF
(ne)3.264 E(ver)-.15 E F0 .764(create or destro)3.264 F 3.264(ye)-.1 G
.764(ncryption roots; use)-3.264 F/F5 10/Courier@0 SF(zfs-change-key)
3.264 E F0 .764(\(8\) for)B(that.)102 204 Q
(First, a connection is made to the TPM, which)102 222 Q F4(must)2.5 E
F0(be TPM-1.X-compatible.)2.5 E(If)102 240 Q F3(dataset)2.553 E F0 -.1
(wa)2.553 G 2.553(sp).1 G(re)-2.553 E .053(viously encrypted with)-.25 F
F2(tzpfms)2.553 E F0 .053(and the)2.553 F F1(TPM1.X)2.553 E F0 .054
(back-end w)2.553 F .054(as used, the metadata will)-.1 F .203
(be silently cleared.)102 252 R .203(Otherwise, or in case of an error)
5.203 F 2.703(,d)-.4 G .203(ata required for manual interv)-2.703 F .202
(ention will be printed to)-.15 F(the standard error stream.)102 264 Q
(Ne)102 282 Q .519(xt, a ne)-.15 F 3.019(ww)-.25 G .519(rapping k)-3.019
F .819 -.15(ey i)-.1 H 3.019(sb).15 G 3.019(eg)-3.019 G .519
(enerated on the TPM, optionally back)-3.019 F .519(ed up)-.1 F 1.666
(\(s)4.685 G(ee)-1.666 E F1(OPTIONS)3.02 E F0 -2.812 1.666(\), a)1.666 H
.52(nd sealed)-1.666 F 1.782(on the TPM; the user is prompted for an op\
tional passphrase to protect the k)102 294 R 2.081 -.15(ey w)-.1 H 1.781
(ith, and for the SRK).15 F(passphrase, set when taking o)102 306 Q
(wnership, if it is not "well-kno)-.25 E(wn" \(all zeroes\).)-.25 E
(The follo)102 324 Q(wing properties are set on)-.25 E F3(dataset)2.5 E
F0(:)A F1<83>122 336 Q F5(xyz.nabijaczleweli:tzpfms.backend)2.5 E F0(=)A
F1(TPM1.X)A<83>122 348 Q F5(xyz.nabijaczleweli:tzpfms.key)2.5 E F0(=)A
F3(parent-key-blob)A F2(:)A F3(sealed-object-blob)A F5(tzpfms.backend)
102 366 Q F0 2.231(identi\214es this dataset for w)4.73 F 2.231
(ork with)-.1 F F1(TPM1.X)4.731 E F0(-back-ended)A F2(tzpfms)4.731 E F0
3.897(tools \()4.731 F(namely)1.666 E F5(zfs-tpm1x-change-key)102 378 Q
F0(\(8\),)A F5(zfs-tpm1x-load-key)2.5 E F0(\(8\), and)A F5
(zfs-tpm1x-clear-key)2.5 E F0 -.834(\(8\) \) .)B F5(tzpfms.key)102 396 Q
F0 .334(is a colon-separated pair of he)2.834 F .333
(xadecimal-string \(i.e. "4F7730" for "Ow0"\) blobs; the \214rst one)
-.15 F .676(represents the RSA k)102 408 R .976 -.15(ey p)-.1 H .676
(rotecting the blob, and it is protected with either the passw).15 F
.676(ord, if pro)-.1 F .677(vided, or the)-.15 F .236(SHA1 constant)102
420 R F5(CE4CF677875B5EB8993591D5A9AF1ED24A3A8736)2.736 E F0 2.736(;t)C
.236(he second represents the sealed)-2.736 F 11.923
(object containing the wrapping k)102 432 R -.15(ey)-.1 G 14.424(,a)-.5
G 11.924(nd is protected with the SHA1 constant)-14.424 F F5
(B9EE715DBE4B243FAA81EA04306E063710383E35)102 444 Q F0 7.438(.T)C 2.438
(here e)-7.438 F 2.438(xists no other user)-.15 F 2.437
(-land tool for de-)-.2 F(crypting this; perhaps there should be.)102
456 Q(Finally)102 474 Q 4.14(,t)-.65 G 1.641(he equi)-4.14 F -.25(va)
-.25 G 1.641(lent of).25 F F2 1.641(zfs change-key)4.141 F<ad6f>9.307 E
F5(keylocation=prompt)7.641 E F2<ad6f>9.307 E F5(keyformat=raw)7.641 E
F3(dataset)102 486 Q F0 .118(is performed with the ne)2.618 F 2.618(wk)
-.25 G -.15(ey)-2.718 G 5.118(.I)-.5 G 2.617(fa)-5.118 G 2.617(ne)-2.617
G .117(rror occurred, best ef)-2.617 F .117
(fort is made to clean up the properties,)-.25 F
(or to issue a note for manual interv)102 498 Q
(ention into the standard error stream.)-.15 E 3.911<418c>102 516 S
1.411(nal v)-3.911 F 1.411(eri\214cation should be made by running)-.15
F F2 3.077(zfs-tpm1x-load-key \255n)3.911 F F3(dataset)7.411 E F0 6.411
(.I)C 3.911(ft)-6.411 G 1.412(hat com-)-3.911 F 2.176
(mand succeeds, all is well, b)102 528 R 2.175
(ut otherwise the dataset can be manually rolled back to a passw)-.2 F
2.175(ord with)-.1 F F2(zfs-tpm1x-clear-key)102 540 Q F3(dataset)12.878
E F0 1.666(\(o)11.044 G 7.678 -.4(r, i)-1.666 H 9.378(ft).4 G 6.878
(hat f)-9.378 F 6.878(ails to w)-.1 F(ork,)-.1 E F2 6.879
(zfs change-key)9.378 F<ad6f>14.545 E F5(keyformat=passphrase)102 552 Q
F3(dataset)6 E F0 -3.332 1.666(\), a)1.666 H(nd you are hereby ask)
-1.666 E(ed to report a b)-.1 E(ug, please.)-.2 E F2
(zfs-tpm1x-clear-key)102 570 Q F3(dataset)6 E F0
(can be used to clear the properties and go back to using a passw)2.5 E
(ord.)-.1 E F1(OPTIONS)72 594 Q F2<ad62>103.666 606 Q F3(backup-file)6 E
F0(Sa)191 618 Q .806 -.15(ve a b)-.2 H .506(ack-up of the k).15 F .805
-.15(ey t)-.1 H(o).15 E F3(backup-file)3.005 E F0 3.005(,w)C .505
(hich must not e)-3.005 F .505(xist beforehand.)-.15 F(This)5.505 E
(back-up)191 630 Q F4(must)3.181 E F0 .681(be stored securely)3.181 F
3.181(,o)-.65 G -.25(ff)-3.181 G 3.181(-site. In).25 F .682
(case of a catastrophic e)3.181 F -.15(ve)-.25 G .682(nt, the k).15 F
.982 -.15(ey c)-.1 H(an).15 E(be loaded by running)191 642 Q F2
(zfs load-key)221 654 Q F3(dataset)6 E F5(<)6 E F3(backup-file)6 E F1
1.666(TPM1.X back-end con\214guration)72 678 R F0(tzpfms 0.1-6)72 750 Q
(October 15, 2021)148.595 E(3)194.145 E 0 Cg EP
%%Page: 4 4
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF -.834(ZFS-TPM1X-CHANGE-KEY \(8\))72 48 R
(System Manager')46.109 E 2.5(sM)-.55 G 41.109
(anual ZFS-TPM1X-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF
.625(TPM selection)84 96 R F0(The)102 108 Q/F2 10/Courier-Bold@0 SF
(tzpfms)2.768 E F0 .267(suite connects to a local)2.767 F/F3 10
/Courier@0 SF(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)
-1.666 E F3(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433
G(ef)-2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102
120 Q(ariable)-.25 E F3(TZPFMS_TPM1X)2.5 E F0
(to specify a remote TCS hostname.)2.5 E .391(The T)102 138 R(rouSerS)
-.35 E F3(tcsd)2.891 E F0 .391(\(8\) daemon will try)B F3(/dev/tpm0)
2.892 E F0 2.892(,t)C(hen)-2.892 E F3(/udev/tpm0)2.892 E F0 2.892(,t)C
(hen)-2.892 E F3(/dev/tpm)2.892 E F0 2.892(;b)C 2.892(yo)-2.892 G(ccup)
-2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 150 Q
(xample, shell redirection, a later one can be selected.)-.15 E F1 .625
(See also)84 174 R F0(The T)102 186 Q(rouSerS project page at)-.35 E F1
(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102
204 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E
(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
(speci\214cation)102 216 Q F0(.)A F1 1.666(SPECIAL THANKS)72 240 R F0
1.6 -.8(To a)102 252 T(ll who support further de).8 E -.15(ve)-.25 G
(lopment, in particular:).15 E F1<83>122 264 Q F0(ThePhD)2.5 E F1<83>122
276 Q F0(Embark Studios)2.5 E F1(REPOR)72 300 Q 1.666(TING B)-.4 F(UGS)
-.1 E(https://todo.sr)102 312 Q(.ht/~nabijaczleweli/tzpfms)-1 E F3
(~nabijaczleweli/tzpfms@lists.sr.ht)102 330 Q F0 2.5(,a)C(rchi)-2.5 E
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 354 R
(https://git.sr)102 366 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-6)72 750 Q(October 15, 2021)148.595 E(4)194.145 E 0 Cg EP
%%Page: 5 5
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF -.834(ZFS-TPM1X-CLEAR-KEY \(8\))72 48 R
(System Manager')54.989 E 2.5(sM)-.55 G 49.989
(anual ZFS-TPM1X-CLEAR-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF
-.2(NA)72 96 S(ME).2 E/F2 10/Courier-Bold@0 SF(zfs-tpm1x-clear-key)102
108 Q F0 2.5<8a72>2.5 G -.25(ew)-2.5 G(rap ZFS dataset k).25 E .3 -.15
(ey i)-.1 H 2.5(np).15 G(asssw)-2.5 E
(ord and clear tzpfms TPM1.X metadata)-.1 E F1(SYNOPSIS)72 132 Q F2
(zfs-tpm1x-clear-key)102 144 Q/F3 10/Courier-Oblique@0 SF(dataset)2.5 E
F1(DESCRIPTION)72 168 Q F0(After v)102 180 Q(erifying)-.15 E F3(dataset)
2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E F2(tzpfms)2.5 E
F0(back)2.5 E(end)-.1 E F1(TPM1.X)2.5 E F0(:)A 6.984
(1. performs the equi)122 192 R -.25(va)-.25 G 6.984(lent of).25 F F2
6.984(zfs change-key)9.484 F<ad6f>14.65 E/F4 10/Courier@0 SF
(keylocation=prompt)12.985 E F2<ad6f>14.651 E F4(keyformat=passphrase)
127 204 Q F3(dataset)6 E F0(,)A(2. remo)122 216 Q -.15(ve)-.15 G 2.5(st)
.15 G(he)-2.5 E F4(xyz.nabijaczleweli:tzpfms.)2.5 E F0({)A F4(backend)A
F0(,)A F4(key)6 E F0 2.5(}p)C(roperties from)-2.5 E F3(dataset)2.5 E F0
(.)A(See)102 234 Q F4(zfs-tpm1x-change-key)2.5 E F0
(\(8\) for a detailed description.)A F1 1.666
(TPM1.X back-end con\214guration)72 258 R .625(TPM selection)84 270 R F0
(The)102 282 Q F2(tzpfms)2.768 E F0 .267(suite connects to a local)2.767
F F4(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E
F4(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)
-2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102 294
Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0
(to specify a remote TCS hostname.)2.5 E .391(The T)102 312 R(rouSerS)
-.35 E F4(tcsd)2.891 E F0 .391(\(8\) daemon will try)B F4(/dev/tpm0)
2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.892(,t)C
(hen)-2.892 E F4(/dev/tpm)2.892 E F0 2.892(;b)C 2.892(yo)-2.892 G(ccup)
-2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 324 Q
(xample, shell redirection, a later one can be selected.)-.15 E F1 .625
(See also)84 348 R F0(The T)102 360 Q(rouSerS project page at)-.35 E F1
(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102
378 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E
(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
(speci\214cation)102 390 Q F0(.)A F1 1.666(SPECIAL THANKS)72 414 R F0
1.6 -.8(To a)102 426 T(ll who support further de).8 E -.15(ve)-.25 G
(lopment, in particular:).15 E F1<83>122 438 Q F0(ThePhD)2.5 E F1<83>122
450 Q F0(Embark Studios)2.5 E F1(REPOR)72 474 Q 1.666(TING B)-.4 F(UGS)
-.1 E(https://todo.sr)102 486 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4
(~nabijaczleweli/tzpfms@lists.sr.ht)102 504 Q F0 2.5(,a)C(rchi)-2.5 E
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 528 R
(https://git.sr)102 540 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-6)72 750 Q(October 15, 2021)148.595 E(5)194.145 E 0 Cg EP
%%Page: 6 6
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(ZFS-TPM1X-LO)72 48 Q -.834(AD-KEY \(8\))-.35 F
(System Manager')60.349 E 2.5(sM)-.55 G 55.349(anual ZFS-TPM1X-LO)-2.5 F
-.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E
/F2 10/Courier-Bold@0 SF(zfs-tpm1x-load-key)102 108 Q F0 2.5<8a6c>2.5 G
(oad tzpfms TPM1.X-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1
(SYNOPSIS)72 132 Q F2(zfs-tpm1x-load-key)102 144 Q F0([)3.333 E F2<ad6e>
2.499 E F0(]).833 E/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1
(DESCRIPTION)72 168 Q F0 1.155(After v)102 180 R(erifying)-.15 E F3
(dataset)3.655 E F0 -.1(wa)3.655 G 3.655(se).1 G 1.155(ncrypted with)
-3.655 F F2(tzpfms)3.655 E F0(back)3.655 E(end)-.1 E F1(TPM1.X)3.655 E
F0 1.156(will unseal the k)3.655 F 1.456 -.15(ey a)-.1 H 1.156
(nd load it).15 F(into)102 192 Q F3(dataset)2.5 E F0(.)A .422
(The user is prompted for)102 210 R 2.922<2c8c>-.4 G .422
(rst, the SRK passphrase, set when taking o)-2.922 F .422
(wnership, if it')-.25 F 2.921(sn)-.55 G .421(ot "well-kno)-2.921 F .421
(wn" \(all)-.25 F
(zeroes\), then the additional passphrase set when creating the k)102
222 Q -.15(ey)-.1 G 2.5(,i)-.5 G 2.5(fi)-2.5 G 2.5(tw)-2.5 G(as pro)-2.6
E(vided.)-.15 E(See)102 240 Q/F4 10/Courier@0 SF(zfs-tpm1x-change-key)
2.5 E F0(\(8\) for a detailed description.)A F1(OPTIONS)72 264 Q F2
<ad6e>103.666 276 Q F0 .178(Do a no-op/dry run, can be used e)119 288 R
-.15(ve)-.25 G 2.678(ni).15 G 2.679(ft)-2.678 G .179(he k)-2.679 F .479
-.15(ey i)-.1 H 2.679(sa).15 G .179(lready loaded.)-2.679 F(Equi)5.179 E
-.25(va)-.25 G .179(lent to).25 F F2 .179(zfs load-key)2.679 F F0 -.55
('s)C F2<ad6e>4.895 E F0(option.)119 300 Q F1 1.666
(TPM1.X back-end con\214guration)72 324 R .625(TPM selection)84 336 R F0
(The)102 348 Q F2(tzpfms)2.768 E F0 .267(suite connects to a local)2.767
F F4(tcsd)2.767 E F0 .267(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E
F4(localhost:30003)2.767 E F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)
-2.767 E 2.767(ault. Use)-.1 F .267(the en-)2.767 F(vironment v)102 360
Q(ariable)-.25 E F4(TZPFMS_TPM1X)2.5 E F0
(to specify a remote TCS hostname.)2.5 E .391(The T)102 378 R(rouSerS)
-.35 E F4(tcsd)2.891 E F0 .391(\(8\) daemon will try)B F4(/dev/tpm0)
2.892 E F0 2.892(,t)C(hen)-2.892 E F4(/udev/tpm0)2.892 E F0 2.892(,t)C
(hen)-2.892 E F4(/dev/tpm)2.892 E F0 2.892(;b)C 2.892(yo)-2.892 G(ccup)
-2.892 E(ying)-.1 E(one of the earlier ones with, for e)102 390 Q
(xample, shell redirection, a later one can be selected.)-.15 E F1 .625
(See also)84 414 R F0(The T)102 426 Q(rouSerS project page at)-.35 E F1
(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
E(ousers)-.18 E F0(.)A 5.109(The TPM 1.2 main speci\214cation inde)102
444 R 7.608(xa)-.15 G(t)-7.608 E F1(https://trustedcomputinggr)7.608 E
(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
(speci\214cation)102 456 Q F0(.)A F1 1.666(SPECIAL THANKS)72 480 R F0
1.6 -.8(To a)102 492 T(ll who support further de).8 E -.15(ve)-.25 G
(lopment, in particular:).15 E F1<83>122 504 Q F0(ThePhD)2.5 E F1<83>122
516 Q F0(Embark Studios)2.5 E F1(REPOR)72 540 Q 1.666(TING B)-.4 F(UGS)
-.1 E(https://todo.sr)102 552 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4
(~nabijaczleweli/tzpfms@lists.sr.ht)102 570 Q F0 2.5(,a)C(rchi)-2.5 E
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 594 R
(https://git.sr)102 606 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-6)72 750 Q(October 15, 2021)148.595 E(6)194.145 E 0 Cg EP
%%Page: 7 7
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R
(System Manager')53.329 E 2.5(sM)-.55 G 48.329
(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF
-.2(NA)72 96 S(ME).2 E/F2 10/Courier-Bold@0 SF(zfs-tpm2-change-key)102
108 Q F0 2.5<8a63>2.5 G(hange ZFS dataset k)-2.5 E .3 -.15(ey t)-.1 H
2.5(oo).15 G(ne stored on the TPM)-2.5 E F1(SYNOPSIS)72 132 Q F2
(zfs-tpm2-change-key)102 144 Q F0([)3.333 E F2<ad62>2.499 E/F3 10
/Courier-Oblique@0 SF(backup-file)6 E F0(]).833 E F3(dataset)2.5 E F1
(DESCRIPTION)72 168 Q F0 6.93 -.8(To n)102 180 T(ormalise).8 E F3
(dataset)7.831 E F0(,)A F2(zfs-tpm2-change-key)7.831 E F0 5.331
(will open its encryption root in its stead.)7.831 F F2
(zfs-tpm2-change-key)102 192 Q F0(will)3.864 E/F4 10/Times-Italic@0 SF
(ne)3.864 E(ver)-.15 E F0 1.364(create or destro)3.864 F 3.864(ye)-.1 G
1.364(ncryption roots; use)-3.864 F/F5 10/Courier@0 SF(zfs-change-key)
3.864 E F0 1.364(\(8\) for)B(that.)102 204 Q
(First, a connection is made to the TPM, which)102 222 Q F4(must)2.5 E
F0(be TPM-2.0-compatible.)2.5 E(If)102 240 Q F3(dataset)3.42 E F0 -.1
(wa)3.42 G 3.42(sp).1 G(re)-3.42 E .92(viously encrypted with)-.25 F F2
(tzpfms)3.42 E F0 .92(and the)3.42 F F1(TPM2)3.42 E F0 .92(back-end w)
3.42 F .92(as used, the pre)-.1 F .92(vious k)-.25 F -.15(ey)-.1 G .382
(will be freed from the TPM.)102 252 R .382
(Otherwise, or in case of an error)5.382 F 2.882(,d)-.4 G .382
(ata required for manual interv)-2.882 F .382(ention will be)-.15 F
(printed to the standard error stream.)102 264 Q(Ne)102 282 Q .519
(xt, a ne)-.15 F 3.019(ww)-.25 G .519(rapping k)-3.019 F .819 -.15(ey i)
-.1 H 3.019(sb).15 G 3.019(eg)-3.019 G .519
(enerated on the TPM, optionally back)-3.019 F .519(ed up)-.1 F 1.666
(\(s)4.685 G(ee)-1.666 E F1(OPTIONS)3.02 E F0 -2.812 1.666(\), a)1.666 H
.52(nd sealed)-1.666 F .248
(to a persistent object on the TPM under the o)102 294 R .248
(wner hierarch)-.25 F .248(y; if there is a passphrase set on the o)-.05
F .248(wner hierar)-.25 F(-)-.2 E(ch)102 306 Q 1.772 -.65(y, t)-.05 H
.472(he user is prompted for it; the user is al).65 F -.1(wa)-.1 G .472
(ys prompted for an optional passphrase to protect the sealed).1 F
(object with.)102 318 Q(The follo)102 336 Q(wing properties are set on)
-.25 E F3(dataset)2.5 E F0(:)A F1<83>122 348 Q F5
(xyz.nabijaczleweli:tzpfms.backend)2.5 E F0(=)A F1(TPM2)A<83>122 360 Q
F5(xyz.nabijaczleweli:tzpfms.key)2.5 E F0(=)A F3
(ID of persistent object)A F5(tzpfms.backend)102 378 Q F0 3.203
(identi\214es this dataset for w)5.703 F 3.203(ork with)-.1 F F1(TPM2)
5.703 E F0(-back-ended)A F2(tzpfms)5.703 E F0 4.868(tools \()5.702 F
(namely)1.666 E F5(zfs-tpm2-change-key)102 390 Q F0(\(8\),)A F5
(zfs-tpm2-load-key)2.5 E F0(\(8\), and)A F5(zfs-tpm2-clear-key)2.5 E F0
-.834(\(8\) \) .)B F5(tzpfms.key)102 408 Q F0 1.11(is an inte)3.61 F
1.111
(ger representing the sealed object; if needed, it can be passed to)-.15
F F2(tpm2_unseal)3.611 E<ad63>103.666 420 Q F5(${tzpfms.key})6.032 E F0
([)6.865 E F2<ad70>2.499 E F5(${password})6.032 E F0 2.532(]o).833 G
2.532(re)-2.532 G(qui)-2.532 E -.25(va)-.25 G .032(lent for back-up).25
F 1.666(\(s)4.198 G(ee)-1.666 E F1(OPTIONS)2.532 E F0 -.8 1.666(\). I)
1.666 H 2.532(fy)-1.666 G .032(ou ha)-2.532 F .331 -.15(ve a)-.2 H .434
(sealed k)102 432 R .734 -.15(ey y)-.1 H .434
(ou can access with that or equi).15 F -.25(va)-.25 G .435
(lent tool and set both of these properties, it will funxion seam-).25 F
(lessly)102 444 Q(.)-.65 E(Finally)102 462 Q 4.141(,t)-.65 G 1.641
(he equi)-4.141 F -.25(va)-.25 G 1.641(lent of).25 F F2 1.641
(zfs change-key)4.141 F<ad6f>9.307 E F5(keylocation=prompt)7.641 E F2
<ad6f>9.307 E F5(keyformat=raw)7.64 E F3(dataset)102 474 Q F0 .336
(is performed with the ne)2.836 F 2.836(wk)-.25 G -.15(ey)-2.936 G 5.336
(.I)-.5 G 2.836(fa)-5.336 G 2.836(ne)-2.836 G .336
(rror occurred, best ef)-2.836 F .337
(fort is made to clean up the persistent)-.25 F
(object and properties, or to issue a note for manual interv)102 486 Q
(ention into the standard error stream.)-.15 E 2.92<418c>102 504 S .42
(nal v)-2.92 F .42(eri\214cation should be made by running)-.15 F F2
2.085(zfs-tpm2-load-key \255n)2.919 F F3(dataset)6.419 E F0 5.419(.I)C
2.919(ft)-5.419 G .419(hat command)-2.919 F 3.856
(succeeds, all is well, b)102 516 R 3.856
(ut otherwise the dataset can be manually rolled back to a passw)-.2 F
3.857(ord with)-.1 F F2(zfs-tpm2-clear-key)102 528 Q F3(dataset)13.479 E
F0 1.666(\(o)11.645 G 8.278 -.4(r, i)-1.666 H 9.978(ft).4 G 7.478(hat f)
-9.978 F 7.478(ails to w)-.1 F(ork,)-.1 E F2 7.478(zfs change-key)9.978
F<ad6f>15.144 E F5(keyformat=passphrase)102 540 Q F3(dataset)6 E F0
-3.332 1.666(\), a)1.666 H(nd you are hereby ask)-1.666 E
(ed to report a b)-.1 E(ug, please.)-.2 E F2(zfs-tpm2-clear-key)102 558
Q F3(dataset)6.423 E F0 .423
(can be used to free the TPM persistent object and go back to using a)
2.923 F(passw)102 570 Q(ord.)-.1 E F1(OPTIONS)72 594 Q F2<ad62>103.666
606 Q F3(backup-file)6 E F0(Sa)191 618 Q .806 -.15(ve a b)-.2 H .506
(ack-up of the k).15 F .805 -.15(ey t)-.1 H(o).15 E F3(backup-file)3.005
E F0 3.005(,w)C .505(hich must not e)-3.005 F .505(xist beforehand.)-.15
F(This)5.505 E(back-up)191 630 Q F4(must)3.181 E F0 .681
(be stored securely)3.181 F 3.181(,o)-.65 G -.25(ff)-3.181 G 3.181
(-site. In).25 F .682(case of a catastrophic e)3.181 F -.15(ve)-.25 G
.682(nt, the k).15 F .982 -.15(ey c)-.1 H(an).15 E(be loaded by running)
191 642 Q F2(zfs load-key)221 654 Q F3(dataset)6 E F5(<)6 E F3
(backup-file)6 E F1 1.666(TPM2 back-end con\214guration)72 678 R F0
(tzpfms 0.1-6)72 750 Q(October 15, 2021)148.595 E(7)194.145 E 0 Cg EP
%%Page: 8 8
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CHANGE-KEY \(8\))72 48 R
(System Manager')53.329 E 2.5(sM)-.55 G 48.329
(anual ZFS-TPM2-CHANGE-KEY)-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF
(En)84 96 Q(vir)-.4 E .625(onment v)-.18 F(ariables)-.1 E/F2 10
/Courier@0 SF(TSS2_LOG)102 108 Q F0(An)155 108 Q 2.5(yo)-.15 G(f:)-2.5 E
F1(NONE)2.5 E F0(,)A F1(ERR)2.5 E(OR)-.3 E F0(,)A F1 -1.2(WA)2.5 G
(RNING)1.2 E F0(,)A F1(INFO)2.5 E F0(,)A F1(DEB)2.5 E(UG)-.1 E F0(,)A F1
(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E F1 -1.2(WA)2.5 G
(RNING)1.2 E F0(.)A F1 .625(TPM selection)84 132 R F0 .517(The library)
102 144 R/F3 10/Courier-Bold@0 SF(libtss2-tcti-default.so)3.017 E F0
.517(can be link)3.017 F .516(ed to an)-.1 F 3.016(yo)-.15 G 3.016(ft)
-3.016 G(he)-3.016 E F2(libtss2-tcti-)3.016 E/F4 10/Symbol SF(*)A F2
(.so)A F0(libraries)3.016 E .575(to select the def)102 156 R .576
(ault, otherwise)-.1 F F2(/dev/tpmrm0)3.076 E F0 3.076(,t)C(hen)-3.076 E
F2(/dev/tpm0)3.076 E F0 3.076(,t)C(hen)-3.076 E F2(localhost:2321)3.076
E F0 .576(will be tried,)3.076 F(in order)102 168 Q 1.666(\(s)4.166 G
(ee)-1.666 E F2(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F1 .625
(See also)84 192 R F0 3.488(The tpm2-tss git repository at)102 204 R F1
(https://github)5.988 E(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0
3.487(and the documentation at)5.988 F F1(https://tpm2-tss.r)102 216 Q
(eadthedocs.io)-.18 E F0(.)A 3.092
(The TPM 2.0 speci\214cations, mainly at)102 234 R F1
(https://trustedcomputinggr)5.592 E(oup.or)-.18 E
(g/wp-content/uploads/TPM-)-.1 E(Re)102 246 Q(v-2.0-P)-.15 E(art-1-Ar)
-.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0(and related pages.)2.5 E F1
1.666(SPECIAL THANKS)72 270 R F0 1.6 -.8(To a)102 282 T
(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
.15 E F1<83>122 294 Q F0(ThePhD)2.5 E F1<83>122 306 Q F0(Embark Studios)
2.5 E F1(REPOR)72 330 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102
342 Q(.ht/~nabijaczleweli/tzpfms)-1 E F2
(~nabijaczleweli/tzpfms@lists.sr.ht)102 360 Q F0 2.5(,a)C(rchi)-2.5 E
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 384 R F2
(tpm2_unseal)102 396 Q F0(\(1\))A F1(https://git.sr)102 414 Q
(.ht/~nabijaczleweli/tzpfms)-1 E F0(tzpfms 0.1-6)72 750 Q
(October 15, 2021)148.595 E(8)194.145 E 0 Cg EP
%%Page: 9 9
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF -.834(ZFS-TPM2-CLEAR-KEY \(8\))72 48 R
(System Manager')62.209 E 2.5(sM)-.55 G 57.209(anual ZFS-TPM2-CLEAR-KEY)
-2.5 F(\(8\))1.666 E/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E/F2 10
/Courier-Bold@0 SF(zfs-tpm2-clear-key)102 108 Q F0 2.5<8a72>2.5 G -.25
(ew)-2.5 G(rap ZFS dataset k).25 E .3 -.15(ey i)-.1 H 2.5(np).15 G
(asssw)-2.5 E(ord and clear tzpfms TPM2 metadata)-.1 E F1(SYNOPSIS)72
132 Q F2(zfs-tpm2-clear-key)102 144 Q/F3 10/Courier-Oblique@0 SF
(dataset)2.5 E F1(DESCRIPTION)72 168 Q F0(After v)102 180 Q(erifying)
-.15 E F3(dataset)2.5 E F0 -.1(wa)2.5 G 2.5(se).1 G(ncrypted with)-2.5 E
F2(tzpfms)2.5 E F0(back)2.5 E(end)-.1 E F1(TPM2)2.5 E F0(:)A 6.985
(1. performs the equi)122 192 R -.25(va)-.25 G 6.984(lent of).25 F F2
6.984(zfs change-key)9.484 F<ad6f>14.65 E/F4 10/Courier@0 SF
(keylocation=prompt)12.984 E F2<ad6f>14.65 E F4(keyformat=passphrase)127
204 Q F3(dataset)6 E F0(,)A(2. frees the sealed k)122 216 Q .3 -.15
(ey p)-.1 H(re).15 E(viously used to encrypt)-.25 E F3(dataset)2.5 E F0
(,)A(3. remo)122 228 Q -.15(ve)-.15 G 2.5(st).15 G(he)-2.5 E F4
(xyz.nabijaczleweli:tzpfms.)2.5 E F0({)A F4(backend)A F0(,)A F4(key)6 E
F0 2.5(}p)C(roperties from)-2.5 E F3(dataset)2.5 E F0(.)A(See)102 246 Q
F4(zfs-tpm2-change-key)2.5 E F0(\(8\) for a detailed description.)A F1
1.666(TPM2 back-end con\214guration)72 270 R(En)84 282 Q(vir)-.4 E .625
(onment v)-.18 F(ariables)-.1 E F4(TSS2_LOG)102 294 Q F0(An)155 294 Q
2.5(yo)-.15 G(f:)-2.5 E F1(NONE)2.5 E F0(,)A F1(ERR)2.5 E(OR)-.3 E F0(,)
A F1 -1.2(WA)2.5 G(RNING)1.2 E F0(,)A F1(INFO)2.5 E F0(,)A F1(DEB)2.5 E
(UG)-.1 E F0(,)A F1(TRA)2.5 E(CE)-.55 E F0 5(.D)C(ef)-5 E(ault:)-.1 E F1
-1.2(WA)2.5 G(RNING)1.2 E F0(.)A F1 .625(TPM selection)84 318 R F0 .516
(The library)102 330 R F2(libtss2-tcti-default.so)3.016 E F0 .516
(can be link)3.016 F .516(ed to an)-.1 F 3.017(yo)-.15 G 3.017(ft)-3.017
G(he)-3.017 E F4(libtss2-tcti-)3.017 E/F5 10/Symbol SF(*)A F4(.so)A F0
(libraries)3.017 E .576(to select the def)102 342 R .576
(ault, otherwise)-.1 F F4(/dev/tpmrm0)3.076 E F0 3.076(,t)C(hen)-3.076 E
F4(/dev/tpm0)3.076 E F0 3.076(,t)C(hen)-3.076 E F4(localhost:2321)3.076
E F0 .575(will be tried,)3.076 F(in order)102 354 Q 1.666(\(s)4.166 G
(ee)-1.666 E F4(ESYS_CONTEXT)2.5 E F0 -.834(\(3\) \) .)B F1 .625
(See also)84 378 R F0 3.487(The tpm2-tss git repository at)102 390 R F1
(https://github)5.988 E(.com/tpm2-softwar)-.4 E(e/tpm2-tss)-.18 E F0
3.488(and the documentation at)5.988 F F1(https://tpm2-tss.r)102 402 Q
(eadthedocs.io)-.18 E F0(.)A 3.092
(The TPM 2.0 speci\214cations, mainly at)102 420 R F1
(https://trustedcomputinggr)5.591 E(oup.or)-.18 E
(g/wp-content/uploads/TPM-)-.1 E(Re)102 432 Q(v-2.0-P)-.15 E(art-1-Ar)
-.1 E(chitectur)-.18 E(e-01.38.pdf)-.18 E F0(and related pages.)2.5 E F1
1.666(SPECIAL THANKS)72 456 R F0 1.6 -.8(To a)102 468 T
(ll who support further de).8 E -.15(ve)-.25 G(lopment, in particular:)
.15 E F1<83>122 480 Q F0(ThePhD)2.5 E F1<83>122 492 Q F0(Embark Studios)
2.5 E F1(REPOR)72 516 Q 1.666(TING B)-.4 F(UGS)-.1 E(https://todo.sr)102
528 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4
(~nabijaczleweli/tzpfms@lists.sr.ht)102 546 Q F0 2.5(,a)C(rchi)-2.5 E
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 570 R
(https://git.sr)102 582 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-6)72 750 Q(October 15, 2021)148.595 E(9)194.145 E 0 Cg EP
%%Page: 10 10
%%BeginPageSetup
BP
%%EndPageSetup
/F0 10/Times-Roman@0 SF(ZFS-TPM2-LO)72 48 Q -.834(AD-KEY \(8\))-.35 F
(System Manager')67.569 E 2.5(sM)-.55 G 62.569(anual ZFS-TPM2-LO)-2.5 F
-.834(AD-KEY \(8\))-.35 F/F1 10/Times-Bold@0 SF -.2(NA)72 96 S(ME).2 E
/F2 10/Courier-Bold@0 SF(zfs-tpm2-load-key)102 108 Q F0 2.5<8a6c>2.5 G
(oad tzpfms TPM2-encrypted ZFS dataset k)-2.5 E -.15(ey)-.1 G F1
(SYNOPSIS)72 132 Q F2(zfs-tpm2-load-key)102 144 Q F0([)3.333 E F2<ad6e>
2.499 E F0(]).833 E/F3 10/Courier-Oblique@0 SF(dataset)2.5 E F1
(DESCRIPTION)72 168 Q F0 1.118(After v)102 180 R(erifying)-.15 E F3
(dataset)3.618 E F0 -.1(wa)3.618 G 3.618(se).1 G 1.118(ncrypted with)
-3.618 F F2(tzpfms)3.618 E F0(back)3.618 E(end)-.1 E F1(TPM2)3.618 E F0
3.618(,u)C 1.118(nseals the k)-3.618 F 1.418 -.15(ey a)-.1 H 1.118
(nd loads it into).15 F F3(dataset)102 192 Q F0(.)A(See)102 210 Q/F4 10
/Courier@0 SF(zfs-tpm2-change-key)2.5 E F0
(\(8\) for a detailed description.)A F1(OPTIONS)72 234 Q F2<ad6e>103.666
246 Q F0 .179(Do a no-op/dry run, can be used e)119 258 R -.15(ve)-.25 G
2.679(ni).15 G 2.679(ft)-2.679 G .179(he k)-2.679 F .478 -.15(ey i)-.1 H
2.678(sa).15 G .178(lready loaded.)-2.678 F(Equi)5.178 E -.25(va)-.25 G
.178(lent to).25 F F2 .178(zfs load-key)2.678 F F0 -.55('s)C F2<ad6e>
4.894 E F0(option.)119 270 Q F1 1.666(TPM1.X back-end con\214guration)72
294 R .625(TPM selection)84 306 R F0(The)102 318 Q F2(tzpfms)2.767 E F0
.267(suite connects to a local)2.767 F F4(tcsd)2.767 E F0 .267
(\(8\) process)B 1.666(\(a)4.433 G(t)-1.666 E F4(localhost:30003)2.767 E
F0 4.433(\)b)1.666 G 2.767(yd)-4.433 G(ef)-2.767 E 2.767(ault. Use)-.1 F
.268(the en-)2.767 F(vironment v)102 330 Q(ariable)-.25 E F4
(TZPFMS_TPM1X)2.5 E F0(to specify a remote TCS hostname.)2.5 E .392
(The T)102 348 R(rouSerS)-.35 E F4(tcsd)2.892 E F0 .392
(\(8\) daemon will try)B F4(/dev/tpm0)2.892 E F0 2.892(,t)C(hen)-2.892 E
F4(/udev/tpm0)2.892 E F0 2.891(,t)C(hen)-2.891 E F4(/dev/tpm)2.891 E F0
2.891(;b)C 2.891(yo)-2.891 G(ccup)-2.891 E(ying)-.1 E
(one of the earlier ones with, for e)102 360 Q
(xample, shell redirection, a later one can be selected.)-.15 E F1 .625
(See also)84 384 R F0(The T)102 396 Q(rouSerS project page at)-.35 E F1
(https://sour)2.5 E(cef)-.18 E(or)-.25 E(ge.net/pr)-.1 E(ojects/tr)-.18
E(ousers)-.18 E F0(.)A 5.108(The TPM 1.2 main speci\214cation inde)102
414 R 7.609(xa)-.15 G(t)-7.609 E F1(https://trustedcomputinggr)7.609 E
(oup.or)-.18 E(g/r)-.1 E(esour)-.18 E(ce/tpm-main-)-.18 E
(speci\214cation)102 426 Q F0(.)A F1 1.666(SPECIAL THANKS)72 450 R F0
1.6 -.8(To a)102 462 T(ll who support further de).8 E -.15(ve)-.25 G
(lopment, in particular:).15 E F1<83>122 474 Q F0(ThePhD)2.5 E F1<83>122
486 Q F0(Embark Studios)2.5 E F1(REPOR)72 510 Q 1.666(TING B)-.4 F(UGS)
-.1 E(https://todo.sr)102 522 Q(.ht/~nabijaczleweli/tzpfms)-1 E F4
(~nabijaczleweli/tzpfms@lists.sr.ht)102 540 Q F0 2.5(,a)C(rchi)-2.5 E
-.15(ve)-.25 G 2.5(da).15 G(t)-2.5 E F1(https://lists.sr)2.5 E
(.ht/~nabijaczleweli/tzpfms)-1 E F0(.)A F1 1.666(SEE ALSO)72 564 R
(https://git.sr)102 576 Q(.ht/~nabijaczleweli/tzpfms)-1 E F0
(tzpfms 0.1-6)72 750 Q(October 15, 2021)148.595 E(10)189.145 E 0 Cg EP
%%Trailer
end
%%EOF

M zfs-tpm-list.8 => zfs-tpm-list.8 +1 -1
@@ 1,7 1,7 @@
.Dd October 15, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM-LIST 8
.Os tzpfms 0.1-5
.Os tzpfms 0.1-6
.
.Sh NAME
.Nm zfs-tpm-list

M zfs-tpm-list.8.html => zfs-tpm-list.8.html +1 -1
@@ 168,7 168,7 @@ owo/enc TPM1.X available yes</div>
<table class="foot">
  <tr>
    <td class="foot-date">October 15, 2021</td>
    <td class="foot-os">tzpfms 0.1-5</td>
    <td class="foot-os">tzpfms 0.1-6</td>
  </tr>
</table>
</body>

M zfs-tpm1x-change-key.8 => zfs-tpm1x-change-key.8 +1 -1
@@ 1,7 1,7 @@
.Dd October 15, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM1X-CHANGE-KEY 8
.Os tzpfms 0.1-5
.Os tzpfms 0.1-6
.
.Sh NAME
.Nm zfs-tpm1x-change-key

M zfs-tpm1x-change-key.8.html => zfs-tpm1x-change-key.8.html +1 -1
@@ 163,7 163,7 @@
<table class="foot">
  <tr>
    <td class="foot-date">October 15, 2021</td>
    <td class="foot-os">tzpfms 0.1-5</td>
    <td class="foot-os">tzpfms 0.1-6</td>
  </tr>
</table>
</body>

M zfs-tpm1x-clear-key.8 => zfs-tpm1x-clear-key.8 +1 -1
@@ 1,7 1,7 @@
.Dd October 15, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM1X-CLEAR-KEY 8
.Os tzpfms 0.1-5
.Os tzpfms 0.1-6
.
.Sh NAME
.Nm zfs-tpm1x-clear-key

M zfs-tpm1x-clear-key.8.html => zfs-tpm1x-clear-key.8.html +1 -1
@@ 103,7 103,7 @@
<table class="foot">
  <tr>
    <td class="foot-date">October 15, 2021</td>
    <td class="foot-os">tzpfms 0.1-5</td>
    <td class="foot-os">tzpfms 0.1-6</td>
  </tr>
</table>
</body>

M zfs-tpm1x-load-key.8 => zfs-tpm1x-load-key.8 +1 -1
@@ 1,7 1,7 @@
.Dd October 15, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM1X-LOAD-KEY 8
.Os tzpfms 0.1-5
.Os tzpfms 0.1-6
.
.Sh NAME
.Nm zfs-tpm1x-load-key

M zfs-tpm1x-load-key.8.html => zfs-tpm1x-load-key.8.html +1 -1
@@ 104,7 104,7 @@
<table class="foot">
  <tr>
    <td class="foot-date">October 15, 2021</td>
    <td class="foot-os">tzpfms 0.1-5</td>
    <td class="foot-os">tzpfms 0.1-6</td>
  </tr>
</table>
</body>

M zfs-tpm2-change-key.8 => zfs-tpm2-change-key.8 +1 -1
@@ 1,7 1,7 @@
.Dd October 15, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM2-CHANGE-KEY 8
.Os tzpfms 0.1-5
.Os tzpfms 0.1-6
.
.Sh NAME
.Nm zfs-tpm2-change-key

M zfs-tpm2-change-key.8.html => zfs-tpm2-change-key.8.html +1 -1
@@ 176,7 176,7 @@
<table class="foot">
  <tr>
    <td class="foot-date">October 15, 2021</td>
    <td class="foot-os">tzpfms 0.1-5</td>
    <td class="foot-os">tzpfms 0.1-6</td>
  </tr>
</table>
</body>

M zfs-tpm2-clear-key.8 => zfs-tpm2-clear-key.8 +1 -1
@@ 1,7 1,7 @@
.Dd October 15, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM2-CLEAR-KEY 8
.Os tzpfms 0.1-5
.Os tzpfms 0.1-6
.
.Sh NAME
.Nm zfs-tpm2-clear-key

M zfs-tpm2-clear-key.8.html => zfs-tpm2-clear-key.8.html +1 -1
@@ 118,7 118,7 @@
<table class="foot">
  <tr>
    <td class="foot-date">October 15, 2021</td>
    <td class="foot-os">tzpfms 0.1-5</td>
    <td class="foot-os">tzpfms 0.1-6</td>
  </tr>
</table>
</body>

M zfs-tpm2-load-key.8 => zfs-tpm2-load-key.8 +1 -1
@@ 1,7 1,7 @@
.Dd October 15, 2021
.ds doc-volume-operating-system
.Dt ZFS-TPM2-LOAD-KEY 8
.Os tzpfms 0.1-5
.Os tzpfms 0.1-6
.
.Sh NAME
.Nm zfs-tpm2-load-key

M zfs-tpm2-load-key.8.html => zfs-tpm2-load-key.8.html +1 -1
@@ 101,7 101,7 @@
<table class="foot">
  <tr>
    <td class="foot-date">October 15, 2021</td>
    <td class="foot-os">tzpfms 0.1-5</td>
    <td class="foot-os">tzpfms 0.1-6</td>
  </tr>
</table>
</body>