kmod-setup: Make sure the tpm module is available early

Required for early boot services such as systemd-pcrphase-sysinit which need early access to the tpm.
2024-12-27 07:22:31 +03:00 · 2022-11-17 12:35:46 +01:00 · 2022-11-17 12:35:46 +01:00 · 0ae03a0fe7
commit 0ae03a0fe7
parent 1d679b208d
1 changed files with 13 additions and 7 deletions
--- a/src/core/kmod-setup.c
+++ b/src/core/kmod-setup.c
@ -5,6 +5,7 @@
 #include "alloc-util.h"
 #include "bus-util.h"
 #include "capability-util.h"
+#include "efi-api.h"
 #include "fileio.h"
 #include "kmod-setup.h"
 #include "macro.h"
@ -99,27 +100,32 @@ int kmod_setup(void) {
        } kmod_table[] = {
                /* This one we need to load explicitly, since auto-loading on use doesn't work
                 * before udev created the ghost device nodes, and we need it earlier than that. */
-                { "autofs4",   "/sys/class/misc/autofs",    true,   false,   NULL      },
+                { "autofs4",     "/sys/class/misc/autofs",    true,  false, NULL           },

                /* This one we need to load explicitly, since auto-loading of IPv6 is not done when
                 * we try to configure ::1 on the loopback device. */
-                { "ipv6",      "/sys/module/ipv6",          false,  true,    NULL      },
+                { "ipv6",        "/sys/module/ipv6",          false, true,  NULL           },

                /* This should never be a module */
-                { "unix",      "/proc/net/unix",            true,   true,    NULL      },
+                { "unix",        "/proc/net/unix",            true,  true,  NULL           },

 #if HAVE_LIBIPTC
                /* netfilter is needed by networkd, nspawn among others, and cannot be autoloaded */
-                { "ip_tables", "/proc/net/ip_tables_names", false,  false,   NULL      },
+                { "ip_tables",   "/proc/net/ip_tables_names", false, false, NULL           },
 #endif
                /* virtio_rng would be loaded by udev later, but real entropy might be needed very early */
-                { "virtio_rng", NULL,                       false,  false,   has_virtio_rng },
+                { "virtio_rng",  NULL,                        false, false, has_virtio_rng },

                /* qemu_fw_cfg would be loaded by udev later, but we want to import credentials from it super early */
-                { "qemu_fw_cfg", "/sys/firmware/qemu_fw_cfg", false, false,  in_qemu   },
+                { "qemu_fw_cfg", "/sys/firmware/qemu_fw_cfg", false, false, in_qemu        },

                /* dmi-sysfs is needed to import credentials from it super early */
-                { "dmi-sysfs", "/sys/firmware/dmi/entries", false, false,  NULL   },
+                { "dmi-sysfs",   "/sys/firmware/dmi/entries", false, false, NULL           },
+
+#if HAVE_TPM2
+                /* Make sure the tpm subsystem is available which ConditionSecurity=tpm2 depends on. */
+                { "tpm",         "/sys/class/tpmrm",          false, false, efi_has_tpm2   },
+#endif
        };
        _cleanup_(kmod_unrefp) struct kmod_ctx *ctx = NULL;
        unsigned i;