~nabijaczleweli/tzpfms

4bf1b95ee1e32ade276c815683332661f919bde5 — наб autouploader 26 days ago 3fd07a3
Manpage update by job 331876
M index.txt => index.txt +11 -7
@@ 1,9 1,13 @@
zfs-tpm2-change-key(8)  zfs-tpm2-change-key.8.ronn
zfs-tpm2-load-key(8)    zfs-tpm2-load-key.8.ronn
zfs-tpm2-clear-key(8)   zfs-tpm2-clear-key.8.ronn
zfs-tpm2-change-key(8)   zfs-tpm2-change-key.8.ronn
zfs-tpm2-load-key(8)     zfs-tpm2-load-key.8.ronn
zfs-tpm2-clear-key(8)    zfs-tpm2-clear-key.8.ronn
zfs-tpm1x-change-key(8)  zfs-tpm1x-change-key.8.ronn
zfs-tpm1x-load-key(8)    zfs-tpm1x-load-key.8.ronn
zfs-tpm1x-clear-key(8)   zfs-tpm1x-clear-key.8.ronn
zfs-tpm-list(8)          zfs-tpm-list.8.ronn

zfs(8)                  https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html
tcsd(8)                 https://manpages.debian.org/bullseye/trousers/tcsd.8.en.html
tpm2_unseal(1)          https://manpages.debian.org/bullseye/tpm2-tools/tpm2_unseal.1.en.html
zfs(8)                   https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html
tcsd(8)                  https://manpages.debian.org/bullseye/trousers/tcsd.8.en.html
tpm2_unseal(1)           https://manpages.debian.org/bullseye/tpm2-tools/tpm2_unseal.1.en.html

ESYS_CONTEXT(3)         https://www.mankier.com/3/ESYS_CONTEXT
ESYS_CONTEXT(3)          https://www.mankier.com/3/ESYS_CONTEXT

A zfs-tpm-list.8 => zfs-tpm-list.8 +75 -0
@@ 0,0 1,75 @@
.\" generated with Ronn-NG/v0.9.1
.\" http://github.com/apjanke/ronn-ng/tree/0.9.1
.TH "ZFS\-TPM\-LIST" "8" "October 2020" "tzpfms developers"
.SH "NAME"
\fBzfs\-tpm\-list\fR \- print dataset tzpfms metadata
.SH "SYNOPSIS"
\fBzfs\-tpm\-list\fR [\-H] [\-r|\-d \fIdepth\fR] [\-a|\-b \fIback\-end\fR] [\fIfilesystem\fR|\fIvolume\fR]…
.SH "DESCRIPTION"
zfs\-tpm\-list(8) lists the following properties on encryption roots:
.IP "\[ci]" 4
\fBname\fR,
.IP "\[ci]" 4
\fBback\-end\fR: the tzpfms back\-end (e\.g\. "TPM2" for zfs\-tpm2\-change\-key(8) or "TPM1\.X" for zfs\-tpm1x\-change\-key(8)), or "\-" if none is configured,
.IP "\[ci]" 4
\fBkeystatus\fR: "available" or "unavailable",
.IP "\[ci]" 4
\fBcoherent\fR: "yes" if either both \fBxyz\.nabijaczleweli:tzpfms\.backend\fR and \fBxyz\.nabijaczleweli:tzpfms\.key\fR are present or missing, "no" otherwise\.
.IP "" 0
.P
Incoherent datasets require immediate operator attention, with either the appropriate zfs\-tpm*\-clear\-key program or zfs(8) change\-key \(em if the key becomes unloaded, they will require restoration from back\-up\. However, they should never occur, unless something went terribly wrong with the dataset properties\.
.P
If no datasets are specified, lists all matching encryption roots\. The default filter is to list all roots managed by tzpfms\. The \fB\-a\fR and \fB\-b\fR OPTIONS \fI\fR can be used to list all roots or only ones backed by a particular end\.
.SH "OPTIONS"
.TP
\fB\-H\fR
Used for scripting mode\. Do not print headers and separate fields by a single tab instead of arbitrary white space\.
.TP
\fB\-r\fR
Recurse into all descendant datasets\. Default if no datasets listed on the command\-line\.
.TP
\fB\-d\fR \fIdepth\fR
Recurse at most \fIdepth\fR datasets deep\. Defaults to zero if datasets were listed on the command\-line\.
.TP
\fB\-a\fR
List all encryption roots, even ones not managed by tzpfms\.
.TP
\fB\-b\fR \fIback\-end\fR
List only encryption roots with tzpfms back\-end \fIback\-end\fR\.
.SH "EXAMPLES"
.nf
$ zfs\-tpm\-list
NAME      BACK\-END  KEYSTATUS    COHERENT
owo/venc  TPM2      unavailable  yes
owo/enc   TPM1\.X    available    yes

$ zfs\-tpm\-list \-ad0
NAME  BACK\-END  KEYSTATUS  COHERENT
awa   \-         available  yes

$ zfs\-tpm\-list \-b TPM2
NAME      BACK\-END  KEYSTATUS    COHERENT
owo/venc  TPM2      unavailable  yes

$ zfs\-tpm\-list \-ra owo
NAME      BACK\-END  KEYSTATUS    COHERENT
owo/venc  TPM2      unavailable  yes
owo/vtnc  \-         available    yes
owo/v nc  \-         available    yes
owo/enc   TPM1\.X    available    yes
.fi
.SH "AUTHOR"
Written by наб <\fInabijaczleweli@nabijaczleweli\.xyz\fR>
.SH "SPECIAL THANKS"
To all who support further development, in particular:
.IP "\[ci]" 4
ThePhD
.IP "\[ci]" 4
Embark Studios
.IP "" 0
.SH "REPORTING BUGS"
<\fIhttps://todo\.sr\.ht/~nabijaczleweli/tzpfms\fR>
.P
<\fI~nabijaczleweli/tzpfms@lists\.sr\.ht\fR>, archived at <\fIhttps://lists\.sr\.ht/~nabijaczleweli/tzpfms\fR>
.SH "SEE ALSO"
<\fIhttps://git\.sr\.ht/~nabijaczleweli/tzpfms\fR>

A zfs-tpm-list.8.html => zfs-tpm-list.8.html +180 -0
@@ 0,0 1,180 @@
<!DOCTYPE html>
<html>
<head>
  <meta http-equiv='content-type' content='text/html;charset=utf8'>
  <meta name='generator' content='Ronn-NG/v0.9.1 (http://github.com/apjanke/ronn-ng/tree/0.9.1)'>
  <title>zfs-tpm-list(8) - print dataset tzpfms metadata</title>
  <style type='text/css' media='all'>
  /* style: man */
  body#manpage {margin:0}
  .mp {max-width:100ex;padding:0 9ex 1ex 4ex}
  .mp p,.mp pre,.mp ul,.mp ol,.mp dl {margin:0 0 20px 0}
  .mp h2 {margin:10px 0 0 0}
  .mp > p,.mp > pre,.mp > ul,.mp > ol,.mp > dl {margin-left:8ex}
  .mp h3 {margin:0 0 0 4ex}
  .mp dt {margin:0;clear:left}
  .mp dt.flush {float:left;width:8ex}
  .mp dd {margin:0 0 0 9ex}
  .mp h1,.mp h2,.mp h3,.mp h4 {clear:left}
  .mp pre {margin-bottom:20px}
  .mp pre+h2,.mp pre+h3 {margin-top:22px}
  .mp h2+pre,.mp h3+pre {margin-top:5px}
  .mp img {display:block;margin:auto}
  .mp h1.man-title {display:none}
  .mp,.mp code,.mp pre,.mp tt,.mp kbd,.mp samp,.mp h3,.mp h4 {font-family:monospace;font-size:14px;line-height:1.42857142857143}
  .mp h2 {font-size:16px;line-height:1.25}
  .mp h1 {font-size:20px;line-height:2}
  .mp {text-align:justify;background:#fff}
  .mp,.mp code,.mp pre,.mp pre code,.mp tt,.mp kbd,.mp samp {color:#131211}
  .mp h1,.mp h2,.mp h3,.mp h4 {color:#030201}
  .mp u {text-decoration:underline}
  .mp code,.mp strong,.mp b {font-weight:bold;color:#131211}
  .mp em,.mp var {font-style:italic;color:#232221;text-decoration:none}
  .mp a,.mp a:link,.mp a:hover,.mp a code,.mp a pre,.mp a tt,.mp a kbd,.mp a samp {color:#0000ff}
  .mp b.man-ref {font-weight:normal;color:#434241}
  .mp pre {padding:0 4ex}
  .mp pre code {font-weight:normal;color:#434241}
  .mp h2+pre,h3+pre {padding-left:0}
  ol.man-decor,ol.man-decor li {margin:3px 0 10px 0;padding:0;float:left;width:33%;list-style-type:none;text-transform:uppercase;color:#999;letter-spacing:1px}
  ol.man-decor {width:100%}
  ol.man-decor li.tl {text-align:left}
  ol.man-decor li.tc {text-align:center;letter-spacing:4px}
  ol.man-decor li.tr {text-align:right;float:right}
  </style>
</head>
<!--
  The following styles are deprecated and will be removed at some point:
  div#man, div#man ol.man, div#man ol.head, div#man ol.man.

  The .man-page, .man-decor, .man-head, .man-foot, .man-title, and
  .man-navigation should be used instead.
-->
<body id='manpage'>
  <div class='mp' id='man'>

  <div class='man-navigation' style='display:none'>
    <a href="#NAME">NAME</a>
    <a href="#SYNOPSIS">SYNOPSIS</a>
    <a href="#DESCRIPTION">DESCRIPTION</a>
    <a href="#OPTIONS">OPTIONS</a>
    <a href="#EXAMPLES">EXAMPLES</a>
    <a href="#AUTHOR">AUTHOR</a>
    <a href="#SPECIAL-THANKS">SPECIAL THANKS</a>
    <a href="#REPORTING-BUGS">REPORTING BUGS</a>
    <a href="#SEE-ALSO">SEE ALSO</a>
  </div>

  <ol class='man-decor man-head man head'>
    <li class='tl'>zfs-tpm-list(8)</li>
    <li class='tc'></li>
    <li class='tr'>zfs-tpm-list(8)</li>
  </ol>

  

<h2 id="NAME">NAME</h2>
<p class="man-name">
  <code>zfs-tpm-list</code> - <span class="man-whatis">print dataset tzpfms metadata</span>
</p>
<h2 id="SYNOPSIS">SYNOPSIS</h2>

<p><code>zfs-tpm-list</code> [-H] [-r|-d <em>depth</em>] [-a|-b <em>back-end</em>] [<em>filesystem</em>|<em>volume</em>]…</p>

<h2 id="DESCRIPTION">DESCRIPTION</h2>

<p><a class="man-ref" href="zfs-tpm-list.8.html">zfs-tpm-list<span class="s">(8)</span></a> lists the following properties on encryption roots:</p>

<ul>
  <li>
<code>name</code>,</li>
  <li>
<code>back-end</code>: the tzpfms back-end (e.g. "TPM2" for <a class="man-ref" href="zfs-tpm2-change-key.8.html">zfs-tpm2-change-key<span class="s">(8)</span></a> or "TPM1.X" for <a class="man-ref" href="zfs-tpm1x-change-key.8.html">zfs-tpm1x-change-key<span class="s">(8)</span></a>),
            or "-" if none is configured,</li>
  <li>
<code>keystatus</code>: "available" or "unavailable",</li>
  <li>
<code>coherent</code>: "yes" if either both <code>xyz.nabijaczleweli:tzpfms.backend</code> and <code>xyz.nabijaczleweli:tzpfms.key</code> are present or missing, "no" otherwise.</li>
</ul>

<p>Incoherent datasets require immediate operator attention, with either the appropriate zfs-tpm*-clear-key program or <a class="man-ref" href="https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html">zfs<span class="s">(8)</span></a> change-key —
if the key becomes unloaded, they will require restoration from back-up.
However, they should never occur, unless something went terribly wrong with the dataset properties.</p>

<p>If no datasets are specified, lists all matching encryption roots.
The default filter is to list all roots managed by tzpfms.
The <code>-a</code> and <code>-b</code> <a href="">OPTIONS</a> can be used to list all roots or only ones backed by a particular end.</p>

<h2 id="OPTIONS">OPTIONS</h2>

<dl>
<dt><code>-H</code></dt>
<dd>Used for scripting mode. Do not print headers and separate fields by a single tab instead of arbitrary white space.</dd>
<dt><code>-r</code></dt>
<dd>Recurse into all descendant datasets. Default if no datasets listed on the command-line.</dd>
<dt>
<code>-d</code> <em>depth</em>
</dt>
<dd>Recurse at most <em>depth</em> datasets deep. Defaults to zero if datasets were listed on the command-line.</dd>
<dt><code>-a</code></dt>
<dd>List all encryption roots, even ones not managed by tzpfms.</dd>
<dt>
<code>-b</code> <em>back-end</em>
</dt>
<dd>List only encryption roots with tzpfms back-end <em>back-end</em>.</dd>
</dl>

<h2 id="EXAMPLES">EXAMPLES</h2>

<pre><code>$ zfs-tpm-list
NAME      BACK-END  KEYSTATUS    COHERENT
owo/venc  TPM2      unavailable  yes
owo/enc   TPM1.X    available    yes

$ zfs-tpm-list -ad0
NAME  BACK-END  KEYSTATUS  COHERENT
awa   -         available  yes

$ zfs-tpm-list -b TPM2
NAME      BACK-END  KEYSTATUS    COHERENT
owo/venc  TPM2      unavailable  yes

$ zfs-tpm-list -ra owo
NAME      BACK-END  KEYSTATUS    COHERENT
owo/venc  TPM2      unavailable  yes
owo/vtnc  -         available    yes
owo/v nc  -         available    yes
owo/enc   TPM1.X    available    yes
</code></pre>

<h2 id="AUTHOR">AUTHOR</h2>

<p>Written by наб &lt;<a href="mailto:nabijaczleweli@nabijaczleweli.xyz" data-bare-link="true">nabijaczleweli@nabijaczleweli.xyz</a>&gt;</p>

<h2 id="SPECIAL-THANKS">SPECIAL THANKS</h2>

<p>To all who support further development, in particular:</p>

<ul>
  <li>ThePhD</li>
  <li>Embark Studios</li>
</ul>

<h2 id="REPORTING-BUGS">REPORTING BUGS</h2>

<p>&lt;<a href="https://todo.sr.ht/~nabijaczleweli/tzpfms" data-bare-link="true">https://todo.sr.ht/~nabijaczleweli/tzpfms</a>&gt;</p>

<p>&lt;<a href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht" data-bare-link="true">~nabijaczleweli/tzpfms@lists.sr.ht</a>&gt;, archived at &lt;<a href="https://lists.sr.ht/~nabijaczleweli/tzpfms" data-bare-link="true">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>&gt;</p>

<h2 id="SEE-ALSO">SEE ALSO</h2>

<p>&lt;<a href="https://git.sr.ht/~nabijaczleweli/tzpfms" data-bare-link="true">https://git.sr.ht/~nabijaczleweli/tzpfms</a>&gt;</p>

  <ol class='man-decor man-foot man foot'>
    <li class='tl'>tzpfms developers</li>
    <li class='tc'>October 2020</li>
    <li class='tr'>zfs-tpm-list(8)</li>
  </ol>

  </div>
</body>
</html>

A zfs-tpm-list.8.html_fragment => zfs-tpm-list.8.html_fragment +99 -0
@@ 0,0 1,99 @@
<div class='mp'>

<h2 id="NAME">NAME</h2>
<p class="man-name">
  <code>zfs-tpm-list</code> - <span class="man-whatis">print dataset tzpfms metadata</span>
</p>
<h2 id="SYNOPSIS">SYNOPSIS</h2>

<p><code>zfs-tpm-list</code> [-H] [-r|-d <em>depth</em>] [-a|-b <em>back-end</em>] [<em>filesystem</em>|<em>volume</em>]…</p>

<h2 id="DESCRIPTION">DESCRIPTION</h2>

<p><a class="man-ref" href="zfs-tpm-list.8.html">zfs-tpm-list<span class="s">(8)</span></a> lists the following properties on encryption roots:</p>

<ul>
  <li>
<code>name</code>,</li>
  <li>
<code>back-end</code>: the tzpfms back-end (e.g. "TPM2" for <a class="man-ref" href="zfs-tpm2-change-key.8.html">zfs-tpm2-change-key<span class="s">(8)</span></a> or "TPM1.X" for <a class="man-ref" href="zfs-tpm1x-change-key.8.html">zfs-tpm1x-change-key<span class="s">(8)</span></a>),
            or "-" if none is configured,</li>
  <li>
<code>keystatus</code>: "available" or "unavailable",</li>
  <li>
<code>coherent</code>: "yes" if either both <code>xyz.nabijaczleweli:tzpfms.backend</code> and <code>xyz.nabijaczleweli:tzpfms.key</code> are present or missing, "no" otherwise.</li>
</ul>

<p>Incoherent datasets require immediate operator attention, with either the appropriate zfs-tpm*-clear-key program or <a class="man-ref" href="https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html">zfs<span class="s">(8)</span></a> change-key —
if the key becomes unloaded, they will require restoration from back-up.
However, they should never occur, unless something went terribly wrong with the dataset properties.</p>

<p>If no datasets are specified, lists all matching encryption roots.
The default filter is to list all roots managed by tzpfms.
The <code>-a</code> and <code>-b</code> <a href="">OPTIONS</a> can be used to list all roots or only ones backed by a particular end.</p>

<h2 id="OPTIONS">OPTIONS</h2>

<dl>
<dt><code>-H</code></dt>
<dd>Used for scripting mode. Do not print headers and separate fields by a single tab instead of arbitrary white space.</dd>
<dt><code>-r</code></dt>
<dd>Recurse into all descendant datasets. Default if no datasets listed on the command-line.</dd>
<dt>
<code>-d</code> <em>depth</em>
</dt>
<dd>Recurse at most <em>depth</em> datasets deep. Defaults to zero if datasets were listed on the command-line.</dd>
<dt><code>-a</code></dt>
<dd>List all encryption roots, even ones not managed by tzpfms.</dd>
<dt>
<code>-b</code> <em>back-end</em>
</dt>
<dd>List only encryption roots with tzpfms back-end <em>back-end</em>.</dd>
</dl>

<h2 id="EXAMPLES">EXAMPLES</h2>

<pre><code>$ zfs-tpm-list
NAME      BACK-END  KEYSTATUS    COHERENT
owo/venc  TPM2      unavailable  yes
owo/enc   TPM1.X    available    yes

$ zfs-tpm-list -ad0
NAME  BACK-END  KEYSTATUS  COHERENT
awa   -         available  yes

$ zfs-tpm-list -b TPM2
NAME      BACK-END  KEYSTATUS    COHERENT
owo/venc  TPM2      unavailable  yes

$ zfs-tpm-list -ra owo
NAME      BACK-END  KEYSTATUS    COHERENT
owo/venc  TPM2      unavailable  yes
owo/vtnc  -         available    yes
owo/v nc  -         available    yes
owo/enc   TPM1.X    available    yes
</code></pre>

<h2 id="AUTHOR">AUTHOR</h2>

<p>Written by наб &lt;<a href="mailto:nabijaczleweli@nabijaczleweli.xyz" data-bare-link="true">nabijaczleweli@nabijaczleweli.xyz</a>&gt;</p>

<h2 id="SPECIAL-THANKS">SPECIAL THANKS</h2>

<p>To all who support further development, in particular:</p>

<ul>
  <li>ThePhD</li>
  <li>Embark Studios</li>
</ul>

<h2 id="REPORTING-BUGS">REPORTING BUGS</h2>

<p>&lt;<a href="https://todo.sr.ht/~nabijaczleweli/tzpfms" data-bare-link="true">https://todo.sr.ht/~nabijaczleweli/tzpfms</a>&gt;</p>

<p>&lt;<a href="mailto:~nabijaczleweli/tzpfms@lists.sr.ht" data-bare-link="true">~nabijaczleweli/tzpfms@lists.sr.ht</a>&gt;, archived at &lt;<a href="https://lists.sr.ht/~nabijaczleweli/tzpfms" data-bare-link="true">https://lists.sr.ht/~nabijaczleweli/tzpfms</a>&gt;</p>

<h2 id="SEE-ALSO">SEE ALSO</h2>

<p>&lt;<a href="https://git.sr.ht/~nabijaczleweli/tzpfms" data-bare-link="true">https://git.sr.ht/~nabijaczleweli/tzpfms</a>&gt;</p>
</div>

A zfs-tpm-list.md => zfs-tpm-list.md +82 -0
@@ 0,0 1,82 @@
zfs-tpm-list(8) -- print dataset tzpfms metadata
================================================

## SYNOPSIS

`zfs-tpm-list` [-H] [-r\|-d *depth*] [-a\|-b *back-end*] [*filesystem*\|*volume*]…

## DESCRIPTION

zfs-tpm-list(8) lists the following properties on encryption roots:

  * `name`,
  * `back-end`: the tzpfms back-end (e.g. "TPM2" for zfs-tpm2-change-key(8) or "TPM1.X" for zfs-tpm1x-change-key(8)),
                or "-" if none is configured,
  * `keystatus`: "available" or "unavailable",
  * `coherent`: "yes" if either both `xyz.nabijaczleweli:tzpfms.backend` and `xyz.nabijaczleweli:tzpfms.key` are present or missing, "no" otherwise.

Incoherent datasets require immediate operator attention, with either the appropriate zfs-tpm\*-clear-key program or zfs(8) change-key —
if the key becomes unloaded, they will require restoration from back-up.
However, they should never occur, unless something went terribly wrong with the dataset properties.

If no datasets are specified, lists all matching encryption roots.
The default filter is to list all roots managed by tzpfms.
The `-a` and `-b` [OPTIONS]() can be used to list all roots or only ones backed by a particular end.

## OPTIONS

  * `-H`:
    Used for scripting mode. Do not print headers and separate fields by a single tab instead of arbitrary white space.

  * `-r`:
    Recurse into all descendant datasets. Default if no datasets listed on the command-line.
  * `-d` *depth*:
    Recurse at most *depth* datasets deep. Defaults to zero if datasets were listed on the command-line.

  * `-a`:
    List all encryption roots, even ones not managed by tzpfms.
  * `-b` *back-end*:
    List only encryption roots with tzpfms back-end *back-end*.

## EXAMPLES

    $ zfs-tpm-list
    NAME      BACK-END  KEYSTATUS    COHERENT
    owo/venc  TPM2      unavailable  yes
    owo/enc   TPM1.X    available    yes

    $ zfs-tpm-list -ad0
    NAME  BACK-END  KEYSTATUS  COHERENT
    awa   -         available  yes

    $ zfs-tpm-list -b TPM2
    NAME      BACK-END  KEYSTATUS    COHERENT
    owo/venc  TPM2      unavailable  yes

    $ zfs-tpm-list -ra owo
    NAME      BACK-END  KEYSTATUS    COHERENT
    owo/venc  TPM2      unavailable  yes
    owo/vtnc  -         available    yes
    owo/v nc  -         available    yes
    owo/enc   TPM1.X    available    yes

## AUTHOR

Written by наб &lt;<nabijaczleweli@nabijaczleweli.xyz>&gt;

## SPECIAL THANKS

To all who support further development, in particular:

  * ThePhD
  * Embark Studios

## REPORTING BUGS

&lt;<https://todo.sr.ht/~nabijaczleweli/tzpfms>&gt;

&lt;<mailto:~nabijaczleweli/tzpfms@lists.sr.ht>&gt;, archived at &lt;<https://lists.sr.ht/~nabijaczleweli/tzpfms>&gt;

## SEE ALSO

&lt;<https://git.sr.ht/~nabijaczleweli/tzpfms>&gt;

M zfs-tpm1x-change-key.8.html => zfs-tpm1x-change-key.8.html +6 -6
@@ 82,8 82,8 @@

<h2 id="DESCRIPTION">DESCRIPTION</h2>

<p>To normalise <code>dataset</code>, <span class="man-ref">zfs-tpm1x-change-key<span class="s">(8)</span></span> will open its encryption root in its stead.
<span class="man-ref">zfs-tpm1x-change-key<span class="s">(8)</span></span> will <em>never</em> create or destroy encryption roots; use <strong><a class="man-ref" href="https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html">zfs<span class="s">(8)</span></a> change-key</strong> for that.</p>
<p>To normalise <code>dataset</code>, <a class="man-ref" href="zfs-tpm1x-change-key.8.html">zfs-tpm1x-change-key<span class="s">(8)</span></a> will open its encryption root in its stead.
<a class="man-ref" href="zfs-tpm1x-change-key.8.html">zfs-tpm1x-change-key<span class="s">(8)</span></a> will <em>never</em> create or destroy encryption roots; use <strong><a class="man-ref" href="https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html">zfs<span class="s">(8)</span></a> change-key</strong> for that.</p>

<p>First, a connection is made to the TPM, which <em>must</em> be TPM-1.X-compatible.</p>



@@ 107,7 107,7 @@ and for the SRK passphrase, set when taking ownership, if it is not "well-known"
</ul>

<p><code>tzpfms.backend</code> identifies this dataset for work with <em>TPM1.X</em>-back-ended tzpfms tools
(namely <span class="man-ref">zfs-tpm1x-change-key<span class="s">(8)</span></span>, <span class="man-ref">zfs-tpm1x-load-key<span class="s">(8)</span></span>, and <span class="man-ref">zfs-tpm1x-clear-key<span class="s">(8)</span></span>).</p>
(namely <a class="man-ref" href="zfs-tpm1x-change-key.8.html">zfs-tpm1x-change-key<span class="s">(8)</span></a>, <a class="man-ref" href="zfs-tpm1x-load-key.8.html">zfs-tpm1x-load-key<span class="s">(8)</span></a>, and <a class="man-ref" href="zfs-tpm1x-clear-key.8.html">zfs-tpm1x-clear-key<span class="s">(8)</span></a>).</p>

<p><code>tzpfms.key</code> is a colon-separated pair of hexadecimal-string (i.e. "4F7730" for "Ow0") blobs;
the first one represents the RSA key protecting the blob,


@@ 120,11 120,11 @@ There exists no other user-land tool for decrypting this. (TODO: make an LD_PREL
If an error occurred, best effort is made to clean up the properties,
or to issue a note for manual intervention into the standard error stream.</p>

<p>A final verification should be made by running <strong><span class="man-ref">zfs-tpm1x-load-key<span class="s">(8)</span></span> -n dataset</strong>.
<p>A final verification should be made by running <strong><a class="man-ref" href="zfs-tpm1x-load-key.8.html">zfs-tpm1x-load-key<span class="s">(8)</span></a> -n dataset</strong>.
If that command succeeds, all is well,
but otherwise the dataset can be manually rolled back to a password with <strong><span class="man-ref">zfs-tpm1x-clear-key<span class="s">(8)</span></span> dataset</strong> (or, if that fails to work, <strong><a class="man-ref" href="https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html">zfs<span class="s">(8)</span></a> change-key -o keyformat=passphrase dataset</strong>), and you are hereby asked to report a bug, please.</p>
but otherwise the dataset can be manually rolled back to a password with <strong><a class="man-ref" href="zfs-tpm1x-clear-key.8.html">zfs-tpm1x-clear-key<span class="s">(8)</span></a> dataset</strong> (or, if that fails to work, <strong><a class="man-ref" href="https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html">zfs<span class="s">(8)</span></a> change-key -o keyformat=passphrase dataset</strong>), and you are hereby asked to report a bug, please.</p>

<p><strong><span class="man-ref">zfs-tpm1x-clear-key<span class="s">(8)</span></span> dataset</strong> can be used to clear the properties and go back to using a password.</p>
<p><strong><a class="man-ref" href="zfs-tpm1x-clear-key.8.html">zfs-tpm1x-clear-key<span class="s">(8)</span></a> dataset</strong> can be used to clear the properties and go back to using a password.</p>

<h2 id="OPTIONS">OPTIONS</h2>


M zfs-tpm1x-change-key.8.html_fragment => zfs-tpm1x-change-key.8.html_fragment +6 -6
@@ 10,8 10,8 @@

<h2 id="DESCRIPTION">DESCRIPTION</h2>

<p>To normalise <code>dataset</code>, <span class="man-ref">zfs-tpm1x-change-key<span class="s">(8)</span></span> will open its encryption root in its stead.
<span class="man-ref">zfs-tpm1x-change-key<span class="s">(8)</span></span> will <em>never</em> create or destroy encryption roots; use <strong><a class="man-ref" href="https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html">zfs<span class="s">(8)</span></a> change-key</strong> for that.</p>
<p>To normalise <code>dataset</code>, <a class="man-ref" href="zfs-tpm1x-change-key.8.html">zfs-tpm1x-change-key<span class="s">(8)</span></a> will open its encryption root in its stead.
<a class="man-ref" href="zfs-tpm1x-change-key.8.html">zfs-tpm1x-change-key<span class="s">(8)</span></a> will <em>never</em> create or destroy encryption roots; use <strong><a class="man-ref" href="https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html">zfs<span class="s">(8)</span></a> change-key</strong> for that.</p>

<p>First, a connection is made to the TPM, which <em>must</em> be TPM-1.X-compatible.</p>



@@ 35,7 35,7 @@ and for the SRK passphrase, set when taking ownership, if it is not "well-known"
</ul>

<p><code>tzpfms.backend</code> identifies this dataset for work with <em>TPM1.X</em>-back-ended tzpfms tools
(namely <span class="man-ref">zfs-tpm1x-change-key<span class="s">(8)</span></span>, <span class="man-ref">zfs-tpm1x-load-key<span class="s">(8)</span></span>, and <span class="man-ref">zfs-tpm1x-clear-key<span class="s">(8)</span></span>).</p>
(namely <a class="man-ref" href="zfs-tpm1x-change-key.8.html">zfs-tpm1x-change-key<span class="s">(8)</span></a>, <a class="man-ref" href="zfs-tpm1x-load-key.8.html">zfs-tpm1x-load-key<span class="s">(8)</span></a>, and <a class="man-ref" href="zfs-tpm1x-clear-key.8.html">zfs-tpm1x-clear-key<span class="s">(8)</span></a>).</p>

<p><code>tzpfms.key</code> is a colon-separated pair of hexadecimal-string (i.e. "4F7730" for "Ow0") blobs;
the first one represents the RSA key protecting the blob,


@@ 48,11 48,11 @@ There exists no other user-land tool for decrypting this. (TODO: make an LD_PREL
If an error occurred, best effort is made to clean up the properties,
or to issue a note for manual intervention into the standard error stream.</p>

<p>A final verification should be made by running <strong><span class="man-ref">zfs-tpm1x-load-key<span class="s">(8)</span></span> -n dataset</strong>.
<p>A final verification should be made by running <strong><a class="man-ref" href="zfs-tpm1x-load-key.8.html">zfs-tpm1x-load-key<span class="s">(8)</span></a> -n dataset</strong>.
If that command succeeds, all is well,
but otherwise the dataset can be manually rolled back to a password with <strong><span class="man-ref">zfs-tpm1x-clear-key<span class="s">(8)</span></span> dataset</strong> (or, if that fails to work, <strong><a class="man-ref" href="https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html">zfs<span class="s">(8)</span></a> change-key -o keyformat=passphrase dataset</strong>), and you are hereby asked to report a bug, please.</p>
but otherwise the dataset can be manually rolled back to a password with <strong><a class="man-ref" href="zfs-tpm1x-clear-key.8.html">zfs-tpm1x-clear-key<span class="s">(8)</span></a> dataset</strong> (or, if that fails to work, <strong><a class="man-ref" href="https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html">zfs<span class="s">(8)</span></a> change-key -o keyformat=passphrase dataset</strong>), and you are hereby asked to report a bug, please.</p>

<p><strong><span class="man-ref">zfs-tpm1x-clear-key<span class="s">(8)</span></span> dataset</strong> can be used to clear the properties and go back to using a password.</p>
<p><strong><a class="man-ref" href="zfs-tpm1x-clear-key.8.html">zfs-tpm1x-clear-key<span class="s">(8)</span></a> dataset</strong> can be used to clear the properties and go back to using a password.</p>

<h2 id="OPTIONS">OPTIONS</h2>


M zfs-tpm1x-clear-key.8.html => zfs-tpm1x-clear-key.8.html +2 -2
@@ 81,14 81,14 @@

<h2 id="DESCRIPTION">DESCRIPTION</h2>

<p><span class="man-ref">zfs-tpm1x-clear-key<span class="s">(8)</span></span>, after verifying that <code>dataset</code> was encrypted with tzpfms backend <em>TPM1.X</em> will:</p>
<p><a class="man-ref" href="zfs-tpm1x-clear-key.8.html">zfs-tpm1x-clear-key<span class="s">(8)</span></a>, after verifying that <code>dataset</code> was encrypted with tzpfms backend <em>TPM1.X</em> will:</p>

<ol>
  <li>perform the equivalent of <strong><a class="man-ref" href="https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html">zfs<span class="s">(8)</span></a> change-key -o keylocation=prompt -o keyformat=passphrase dataset</strong>,</li>
  <li>remove the <code>xyz.nabijaczleweli:tzpfms.{backend,key}</code> properties from <code>dataset</code>.</li>
</ol>

<p>See <span class="man-ref">zfs-tpm1x-change-key<span class="s">(8)</span></span> for a detailed description.</p>
<p>See <a class="man-ref" href="zfs-tpm1x-change-key.8.html">zfs-tpm1x-change-key<span class="s">(8)</span></a> for a detailed description.</p>

<h2 id="TPM1-X-back-end-configuration">TPM1.X back-end configuration</h2>


M zfs-tpm1x-clear-key.8.html_fragment => zfs-tpm1x-clear-key.8.html_fragment +2 -2
@@ 10,14 10,14 @@

<h2 id="DESCRIPTION">DESCRIPTION</h2>

<p><span class="man-ref">zfs-tpm1x-clear-key<span class="s">(8)</span></span>, after verifying that <code>dataset</code> was encrypted with tzpfms backend <em>TPM1.X</em> will:</p>
<p><a class="man-ref" href="zfs-tpm1x-clear-key.8.html">zfs-tpm1x-clear-key<span class="s">(8)</span></a>, after verifying that <code>dataset</code> was encrypted with tzpfms backend <em>TPM1.X</em> will:</p>

<ol>
  <li>perform the equivalent of <strong><a class="man-ref" href="https://manpages.debian.org/bullseye/zfsutils-linux/zfs.8.en.html">zfs<span class="s">(8)</span></a> change-key -o keylocation=prompt -o keyformat=passphrase dataset</strong>,</li>
  <li>remove the <code>xyz.nabijaczleweli:tzpfms.{backend,key}</code> properties from <code>dataset</code>.</li>
</ol>

<p>See <span class="man-ref">zfs-tpm1x-change-key<span class="s">(8)</span></span> for a detailed description.</p>
<p>See <a class="man-ref" href="zfs-tpm1x-change-key.8.html">zfs-tpm1x-change-key<span class="s">(8)</span></a> for a detailed description.</p>

<h2 id="TPM1-X-back-end-configuration">TPM1.X back-end configuration</h2>


M zfs-tpm1x-load-key.8.html => zfs-tpm1x-load-key.8.html +2 -2
@@ 82,12 82,12 @@

<h2 id="DESCRIPTION">DESCRIPTION</h2>

<p><span class="man-ref">zfs-tpm1x-load-key<span class="s">(8)</span></span>, after verifying that <code>dataset</code> was encrypted with tzpfms backend <em>TPM1.X</em> will unseal the key and load it into <code>dataset</code>.</p>
<p><a class="man-ref" href="zfs-tpm1x-load-key.8.html">zfs-tpm1x-load-key<span class="s">(8)</span></a>, after verifying that <code>dataset</code> was encrypted with tzpfms backend <em>TPM1.X</em> will unseal the key and load it into <code>dataset</code>.</p>

<p>The user is prompted for, first, the SRK passphrase, set when taking ownership, if it's not "well-known" (all zeroes),
then the additional passphrase set when creating the key, if it was provided.</p>

<p>See <span class="man-ref">zfs-tpm1x-change-key<span class="s">(8)</span></span> for a detailed description.</p>
<p>See <a class="man-ref" href="zfs-tpm1x-change-key.8.html">zfs-tpm1x-change-key<span class="s">(8)</span></a> for a detailed description.</p>

<h2 id="OPTIONS">OPTIONS</h2>


M zfs-tpm1x-load-key.8.html_fragment => zfs-tpm1x-load-key.8.html_fragment +2 -2
@@ 10,12 10,12 @@

<h2 id="DESCRIPTION">DESCRIPTION</h2>

<p><span class="man-ref">zfs-tpm1x-load-key<span class="s">(8)</span></span>, after verifying that <code>dataset</code> was encrypted with tzpfms backend <em>TPM1.X</em> will unseal the key and load it into <code>dataset</code>.</p>
<p><a class="man-ref" href="zfs-tpm1x-load-key.8.html">zfs-tpm1x-load-key<span class="s">(8)</span></a>, after verifying that <code>dataset</code> was encrypted with tzpfms backend <em>TPM1.X</em> will unseal the key and load it into <code>dataset</code>.</p>

<p>The user is prompted for, first, the SRK passphrase, set when taking ownership, if it's not "well-known" (all zeroes),
then the additional passphrase set when creating the key, if it was provided.</p>

<p>See <span class="man-ref">zfs-tpm1x-change-key<span class="s">(8)</span></span> for a detailed description.</p>
<p>See <a class="man-ref" href="zfs-tpm1x-change-key.8.html">zfs-tpm1x-change-key<span class="s">(8)</span></a> for a detailed description.</p>

<h2 id="OPTIONS">OPTIONS</h2>