mirror of
https://github.com/systemd/systemd.git
synced 2024-12-25 01:34:28 +03:00
d6518003f8
The TPM might be password/pin protected for various reasons even if there is no SRK yet. Let's handle those cases gracefully instead of failing the unit as it is enabled by default.
28 lines
952 B
SYSTEMD
28 lines
952 B
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=TPM SRK Setup
|
|
Documentation=man:systemd-tpm2-setup.service(8)
|
|
DefaultDependencies=no
|
|
Conflicts=shutdown.target
|
|
After=tpm2.target systemd-tpm2-setup-early.service systemd-remount-fs.service
|
|
Before=sysinit.target shutdown.target
|
|
RequiresMountsFor=/var/lib/systemd/tpm2-srk-public-key.pem
|
|
ConditionSecurity=measured-uki
|
|
ConditionPathExists=!/etc/initrd-release
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart={{LIBEXECDIR}}/systemd-tpm2-setup --graceful
|
|
|
|
# The tool returns 76 if the TPM cannot be accessed due to an authorization failure and we can't generate an SRK.
|
|
SuccessExitStatus=76
|