mirror of
https://github.com/systemd/systemd.git
synced 2024-12-27 07:22:31 +03:00
3719dcb0bc
I was looking at the logs in some bug and saw this: Mar 13 15:55:12 fedora systemd[1]: systemd-pcrmachine.service - TPM2 PCR Machine ID Measurement was skipped because of an unmet condition check (ConditionSecurity=measured-uki). Mar 13 15:55:12 fedora systemd[1]: Starting systemd-remount-fs.service - Remount Root and Kernel File Systems... Mar 13 15:55:12 fedora systemd[1]: systemd-tpm2-setup-early.service - TPM2 SRK Setup (Early) was skipped because of an unmet condition check (ConditionSecurity=measured-uki). This is overly technical, for most units we don't provide this level of detail about the implementation. So retitle the units to be more accessible. Also, the fact that it's a v. 2 of the TPM is not that important. We don't support TPM 1.2, but computers without TPM v2 are getting rare. For other units we don't advertise the version of hardware, and let's not do this here, to reduce some complexity.
28 lines
856 B
SYSTEMD
28 lines
856 B
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Lock UEFI SecureBoot Policy to TPM PCR Policy
|
|
Documentation=man:systemd-pcrlock(8)
|
|
DefaultDependencies=no
|
|
Conflicts=shutdown.target
|
|
After=systemd-tpm2-setup.service
|
|
Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service
|
|
After=systemd-remount-fs.service var.mount
|
|
ConditionPathExists=!/etc/initrd-release
|
|
ConditionSecurity=measured-uki
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart={{LIBEXECDIR}}/systemd-pcrlock lock-secureboot-policy
|
|
|
|
[Install]
|
|
WantedBy=sysinit.target
|