mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
09e6921758
These write to /var and as such need to wait until after the rootfs has been remounted read-write.
28 lines
857 B
SYSTEMD
28 lines
857 B
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Lock UEFI SecureBoot Policy to TPM2 PCR Policy
|
|
Documentation=man:systemd-pcrlock(8)
|
|
DefaultDependencies=no
|
|
Conflicts=shutdown.target
|
|
After=systemd-tpm2-setup.service
|
|
Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service
|
|
After=systemd-remount-fs.service var.mount
|
|
ConditionPathExists=!/etc/initrd-release
|
|
ConditionSecurity=measured-uki
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart={{LIBEXECDIR}}/systemd-pcrlock lock-secureboot-policy
|
|
|
|
[Install]
|
|
WantedBy=sysinit.target
|