cryptsetup: don't bother waiting for TPM2 devices if we are on EFI and EFI says there is no TPM2 device

Note that this means EFI-systems with a manually added TPM device won't be supported automatically, but given that the TPM2 trust model kinda requires firmware support I doubt it matters supporting this. And in all other cases it speeds things up a bit.
2024-11-01 00:51:24 +03:00 · 2021-06-01 16:35:13 +02:00 · 2021-06-01 16:35:13 +02:00 · 71b25deae3
commit 71b25deae3
parent cad105442d
1 changed files with 5 additions and 0 deletions
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@ -17,6 +17,7 @@
 #include "cryptsetup-tpm2.h"
 #include "cryptsetup-util.h"
 #include "device-util.h"
+#include "efi-loader.h"
 #include "escape.h"
 #include "fileio.h"
 #include "fs-util.h"
@ -1136,6 +1137,10 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2(

                        assert(!event);

+                        if (is_efi_boot() && !efi_has_tpm2())
+                                return log_notice_errno(SYNTHETIC_ERRNO(EAGAIN),
+                                                        "No TPM2 hardware discovered and EFI bios indicates no support for it either, assuming TPM2-less system, falling back to traditional unocking.");
+
                        r = sd_event_default(&event);
                        if (r < 0)
                                return log_error_errno(r, "Failed to allocate event loop: %m");