Skip to content

Zlevis

Zlevis is a tool that enables the automatic decryption of a ZFS root pool with TPM 2.0. It is based on the pin-tpm2 feature of Clevis and is rewritten in POSIX shell to omit the presence of bash in the initramfs. Just like Clevis' pin-tmp2 feature, zlevis also depends on jose; to format configuration and generate or encrypt/decrypt keys, and on tpm2-tools; to read and create objects in the TPM.

Zlevis is thus a minimal fork of Clevis, solely optimised for the automatic decryption of a ZFS root pool with TPM 2.0.