mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-24 21:34:08 +03:00
cryptsetup: fall back to traditional unlocking if any TPM2 operation fails
If any TPM2 operation fails, the boot process should continue and prompt for a text password (if configured to do so). Fixes #22870
This commit is contained in:
parent
9e83d3e45f
commit
49be03838d
@ -1322,8 +1322,11 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2(
|
||||
return log_error_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 PIN unlock failed, falling back to traditional unlocking.");
|
||||
if (ERRNO_IS_NOT_SUPPORTED(r)) /* TPM2 support not compiled in? */
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 support not available, falling back to traditional unlocking.");
|
||||
if (r != -EAGAIN) /* EAGAIN means: no tpm2 chip found */
|
||||
return r;
|
||||
/* EAGAIN means: no tpm2 chip found */
|
||||
if (r != -EAGAIN) {
|
||||
log_notice_errno(r, "TPM2 operation failed, falling back to traditional unlocking: %m");
|
||||
return -EAGAIN; /* Mangle error code: let's make any form of TPM2 failure non-fatal. */
|
||||
}
|
||||
} else {
|
||||
r = attach_luks2_by_tpm2(cd, name, flags);
|
||||
/* EAGAIN means: no tpm2 chip found
|
||||
@ -1334,8 +1337,10 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2(
|
||||
if (r == -ENOENT)
|
||||
return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN),
|
||||
"No TPM2 metadata enrolled in LUKS2 header or TPM2 support not available, falling back to traditional unlocking.");
|
||||
if (!IN_SET(r, -EOPNOTSUPP, -EAGAIN))
|
||||
return r;
|
||||
if (!IN_SET(r, -EOPNOTSUPP, -EAGAIN)) {
|
||||
log_notice_errno(r, "TPM2 operation failed, falling back to traditional unlocking: %m");
|
||||
return -EAGAIN; /* Mangle error code: let's make any form of TPM2 failure non-fatal. */
|
||||
}
|
||||
}
|
||||
|
||||
if (r == -EOPNOTSUPP) {
|
||||
@ -1402,8 +1407,11 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2(
|
||||
|
||||
if (r >= 0)
|
||||
break;
|
||||
if (r != -EAGAIN) /* EAGAIN means: no tpm2 chip found */
|
||||
return r;
|
||||
/* EAGAIN means: no tpm2 chip found */
|
||||
if (r != -EAGAIN) {
|
||||
log_notice_errno(r, "TPM2 operation failed, falling back to traditional unlocking: %m");
|
||||
return -EAGAIN; /* Mangle error code: let's make any form of TPM2 failure non-fatal. */
|
||||
}
|
||||
}
|
||||
|
||||
if (!monitor) {
|
||||
|
Loading…
Reference in New Issue
Block a user