~nabijaczleweli/tzpfms

75748d388f1d9c94a631de769e961f7bbb8e17d6 — наб 26 days ago 4da1dbf
zfs-tpm-list also takes -b to restrict to a specific back-end
3 files changed, 18 insertions(+), 11 deletions(-)

M README.md
M man/zfs-tpm1x-change-key.md.pp
M src/bin/zfs-tpm-list.cpp
M README.md => README.md +1 -1
@@ 15,7 15,7 @@ Plus it's a pretty good annoyed sigh onomatopoeia.
### Building

You'll need `pkg-config`, `ronn`, `libzfslinux-dev`, `libtss2-dev`, `libtspi-dev`, and `make` should hopefully Just Work™ if you have a C++17-capable compiler.
The output binaries are trimmed of extraneous dependencies, so they're all just libc + libzfs and friends + the chosen TPM back-end.
The output binaries are trimmed of extraneous dependencies, so they're all just libc + libzfs and friends + the chosen TPM back-end, if any.

### Installation


M man/zfs-tpm1x-change-key.md.pp => man/zfs-tpm1x-change-key.md.pp +2 -2
@@ 17,8 17,8 @@ Otherwise, or in case of an error, data required for manual intervention will be

Next, a new wrapping key is be generated on the TPM, optionally backed up (see [OPTIONS][]),
and sealed on the TPM;
if the SRK passphrase, set when taking ownership, is not "well-known" (all zeroes), the user is prompted for it;
the user is always prompted for an optional passphrase to protect the key with.
the user is prompted for an optional passphrase to protect the key with,
and for the SRK passphrase, set when taking ownership, if it is not "well-known" (all zeroes).

The following properties are set on `dataset`:


M src/bin/zfs-tpm-list.cpp => src/bin/zfs-tpm-list.cpp +15 -8
@@ 6,7 6,6 @@
#include "../zfs.hpp"

#include <algorithm>
#include <sys/mman.h>


#define TZPFMS_BACKEND_MAX_LEN 16


@@ 18,15 17,20 @@ struct output_line {
	char backend[TZPFMS_BACKEND_MAX_LEN + 1];
	bool key_available : 1;
	bool coherent : 1;

	bool included(bool print_nontzpfms, const char * backend_restrixion) const {
		return (print_nontzpfms || this->backend[0] != '\0') && (!backend_restrixion || !strcmp(backend_restrixion, this->backend));
	}
};


int main(int argc, char ** argv) {
	bool human           = true;
	bool print_nontzpfms = false;
	size_t maxdepth      = MAXDEPTH_UNSET;
	bool human                      = true;
	bool print_nontzpfms            = false;
	size_t maxdepth                 = MAXDEPTH_UNSET;
	const char * backend_restrixion = nullptr;
	return do_bare_main(
	    argc, argv, "Hrd:a", "[-H] [-r|-d max] [-a]",
	    argc, argv, "Hrd:ab:", "[-H] [-r|-d max] [-a|-b back-end]",
	    [&](auto arg) {
		    switch(arg) {
			    case 'H':


@@ 44,6 48,9 @@ int main(int argc, char ** argv) {
			    case 'a':
				    print_nontzpfms = true;
				    break;
			    case 'b':
				    backend_restrixion = optarg;
				    break;
		    }
		    return 0;
	    },


@@ 71,7 78,7 @@ int main(int argc, char ** argv) {
			    strncpy(cur_line.backend, (backend && strlen(backend) <= TZPFMS_BACKEND_MAX_LEN) ? backend : "\0", TZPFMS_BACKEND_MAX_LEN);
			    // Tristate available/unavailable/none, but it's gonna be either available or unavailable on envryption roots, so
			    cur_line.key_available = zfs_prop_get_int(dataset, ZFS_PROP_KEYSTATUS) == ZFS_KEYSTATUS_AVAILABLE;
			    cur_line.coherent = !!backend == !!handle;
			    cur_line.coherent      = !!backend == !!handle;

			    return 0;
		    }));


@@ 89,7 96,7 @@ int main(int argc, char ** argv) {
			    separator             = "  ";

			    for(auto cur = lines; cur != lines + lines_len; ++cur)
				    if(print_nontzpfms || cur->backend[0] != '\0') {
				    if(cur->included(print_nontzpfms, backend_restrixion)) {
					    max_name_len          = std::max(max_name_len, strlen(cur->name));
					    max_backend_len       = std::max(max_backend_len, (cur->backend[0] != '\0') ? strlen(cur->backend) : strlen("-"));
					    max_key_available_len = std::max(max_key_available_len, cur->key_available ? strlen("available") : strlen("unavailable"));


@@ 106,7 113,7 @@ int main(int argc, char ** argv) {
		    if(human)
			    println("NAME", "BACK-END", "KEYSTATUS", "COHERENT");
		    for(auto cur = lines; cur != lines + lines_len; ++cur)
			    if(print_nontzpfms || cur->backend[0] != '\0')
			    if(cur->included(print_nontzpfms, backend_restrixion))
				    println(cur->name, (cur->backend[0] != '\0') ? cur->backend : "-", cur->key_available ? "available" : "unavailable", cur->coherent ? "yes" : "no");

		    return 0;