mirror of
https://github.com/systemd/systemd.git
synced 2025-03-11 20:58:27 +03:00
b493502475
storagetm mode means we we are network accessible. let's lock down access to TPM secrets in this case: let's measure a pcr "phase" string into PCR 11. This is good as it means that if we are exploited in this state FDE secrets protected by TPM are likely to remain protected, since the PCR values wouldn't allow access.
28 lines
963 B
SYSTEMD
28 lines
963 B
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Storage Target Mode (NVMe-TCP)
|
|
Documentation=man:systemd-storagetm.service(8)
|
|
ConditionVirtualization=!container
|
|
DefaultDependencies=no
|
|
Wants=modprobe@nvmet_tcp.service modprobe@thunderbolt_net.service sys-kernel-config.mount
|
|
After=modprobe@nvmet_tcp.service modprobe@thunderbolt_net.service sys-kernel-config.mount plymouth-start.service systemd-pcrphase-storage-target-mode.service
|
|
Conflicts=shutdown.target
|
|
Before=shutdown.target
|
|
FailureAction=reboot
|
|
SuccessAction=reboot
|
|
|
|
[Service]
|
|
Type=notify
|
|
RemainAfterExit=yes
|
|
StandardInput=tty
|
|
StandardOutput=tty
|
|
ExecStart={{LIBEXECDIR}}/systemd-storagetm --all
|