diff --git a/units/systemd-pcrlock-file-system.service.in b/units/systemd-pcrlock-file-system.service.in index d68a42e09a6..dd0d358793f 100644 --- a/units/systemd-pcrlock-file-system.service.in +++ b/units/systemd-pcrlock-file-system.service.in @@ -13,6 +13,7 @@ Documentation=man:systemd-pcrlock(8) DefaultDependencies=no Conflicts=shutdown.target Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service +After=systemd-remount-fs.service var.mount ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki diff --git a/units/systemd-pcrlock-firmware-code.service.in b/units/systemd-pcrlock-firmware-code.service.in index a24f2ba015f..b2716713939 100644 --- a/units/systemd-pcrlock-firmware-code.service.in +++ b/units/systemd-pcrlock-firmware-code.service.in @@ -12,7 +12,7 @@ Description=Lock Firmware Code to TPM2 PCR Policy Documentation=man:systemd-pcrlock(8) DefaultDependencies=no Conflicts=shutdown.target -After=systemd-tpm2-setup.service +After=systemd-tpm2-setup.service systemd-remount-fs.service var.mount Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki diff --git a/units/systemd-pcrlock-firmware-config.service.in b/units/systemd-pcrlock-firmware-config.service.in index 64e63f86a68..8440f5982b9 100644 --- a/units/systemd-pcrlock-firmware-config.service.in +++ b/units/systemd-pcrlock-firmware-config.service.in @@ -12,7 +12,7 @@ Description=Lock Firmware Configuration to TPM2 PCR Policy Documentation=man:systemd-pcrlock(8) DefaultDependencies=no Conflicts=shutdown.target -After=systemd-tpm2-setup.service +After=systemd-tpm2-setup.service systemd-remount-fs.service var.mount Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki diff --git a/units/systemd-pcrlock-machine-id.service.in b/units/systemd-pcrlock-machine-id.service.in index 0ff22c586e3..16c6a99251f 100644 --- a/units/systemd-pcrlock-machine-id.service.in +++ b/units/systemd-pcrlock-machine-id.service.in @@ -13,6 +13,7 @@ Documentation=man:systemd-pcrlock(8) DefaultDependencies=no Conflicts=shutdown.target Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service +After=systemd-remount-fs.service var.mount ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki diff --git a/units/systemd-pcrlock-make-policy.service.in b/units/systemd-pcrlock-make-policy.service.in index 4127cc7c614..444e1e49f11 100644 --- a/units/systemd-pcrlock-make-policy.service.in +++ b/units/systemd-pcrlock-make-policy.service.in @@ -14,6 +14,7 @@ DefaultDependencies=no Conflicts=shutdown.target After=systemd-tpm2-setup.service Before=sysinit.target shutdown.target +After=systemd-remount-fs.service var.mount ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki diff --git a/units/systemd-pcrlock-secureboot-authority.service.in b/units/systemd-pcrlock-secureboot-authority.service.in index a8d55bad3c0..d5c722cf311 100644 --- a/units/systemd-pcrlock-secureboot-authority.service.in +++ b/units/systemd-pcrlock-secureboot-authority.service.in @@ -14,6 +14,7 @@ DefaultDependencies=no Conflicts=shutdown.target After=systemd-tpm2-setup.service Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service +After=systemd-remount-fs.service var.mount ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki diff --git a/units/systemd-pcrlock-secureboot-policy.service.in b/units/systemd-pcrlock-secureboot-policy.service.in index 10e603c1b6c..fc50e17aaa5 100644 --- a/units/systemd-pcrlock-secureboot-policy.service.in +++ b/units/systemd-pcrlock-secureboot-policy.service.in @@ -14,6 +14,7 @@ DefaultDependencies=no Conflicts=shutdown.target After=systemd-tpm2-setup.service Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service +After=systemd-remount-fs.service var.mount ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki