1
1
mirror of https://github.com/systemd/systemd-stable.git synced 2024-12-24 21:34:08 +03:00

cryptsetup: fall back to traditional unlocking if any TPM2 operation fails

If any TPM2 operation fails, the boot process should continue and
prompt for a text password (if configured to do so).

Fixes #22870
This commit is contained in:
Antonio Alvarez Feijoo 2022-03-31 10:09:29 +02:00 committed by Luca Boccassi
parent 9e83d3e45f
commit 49be03838d

View File

@ -1322,8 +1322,11 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2(
return log_error_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 PIN unlock failed, falling back to traditional unlocking.");
if (ERRNO_IS_NOT_SUPPORTED(r)) /* TPM2 support not compiled in? */
return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 support not available, falling back to traditional unlocking.");
if (r != -EAGAIN) /* EAGAIN means: no tpm2 chip found */
return r;
/* EAGAIN means: no tpm2 chip found */
if (r != -EAGAIN) {
log_notice_errno(r, "TPM2 operation failed, falling back to traditional unlocking: %m");
return -EAGAIN; /* Mangle error code: let's make any form of TPM2 failure non-fatal. */
}
} else {
r = attach_luks2_by_tpm2(cd, name, flags);
/* EAGAIN means: no tpm2 chip found
@ -1334,8 +1337,10 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2(
if (r == -ENOENT)
return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN),
"No TPM2 metadata enrolled in LUKS2 header or TPM2 support not available, falling back to traditional unlocking.");
if (!IN_SET(r, -EOPNOTSUPP, -EAGAIN))
return r;
if (!IN_SET(r, -EOPNOTSUPP, -EAGAIN)) {
log_notice_errno(r, "TPM2 operation failed, falling back to traditional unlocking: %m");
return -EAGAIN; /* Mangle error code: let's make any form of TPM2 failure non-fatal. */
}
}
if (r == -EOPNOTSUPP) {
@ -1402,8 +1407,11 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2(
if (r >= 0)
break;
if (r != -EAGAIN) /* EAGAIN means: no tpm2 chip found */
return r;
/* EAGAIN means: no tpm2 chip found */
if (r != -EAGAIN) {
log_notice_errno(r, "TPM2 operation failed, falling back to traditional unlocking: %m");
return -EAGAIN; /* Mangle error code: let's make any form of TPM2 failure non-fatal. */
}
}
if (!monitor) {