shaba/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd.git synced 2025-02-03 17:47:28 +03:00
Code

cryptenroll: don't try to get PCR bank if we know the device key

Browse Source 
If we operate in "offline" mode, i.e. know the device key, then we will
not have a TPM2 connection, hence don't try to read the PCR bank to use form
it.

We don't need it anyway because we are not going to test unseal things.

Fixes: #33855
This commit is contained in:
Lennart Poettering 2024-09-11 17:28:43 +02:00
parent c3563dc6d9
commit 8d647ed2ff
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/cryptenroll/cryptenroll-tpm2.c
View File

@ -425,7 +425,8 @@ int enroll_tpm2(struct crypt_device *cd,
r = tpm2_pcr_values_to_mask(hash_pcr_values, n_hash_pcr_values, hash_pcr_bank, &hash_pcr_mask);
if (r < 0)
return log_error_errno(r, "Could not get hash mask: %m");
} else if (pubkey_pcr_mask != 0) {
} else if (pubkey_pcr_mask != 0 && !device_key) {
/* If no literal PCR value policy is used, then let's determine the mask to use automatically
* from the measurements of the TPM. */