mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
30df42a927
The TPM might be password/pin protected for various reasons even if
there is no SRK yet. Let's handle those cases gracefully instead of
failing the unit as it is enabled by default.
(cherry picked from commit d6518003f8
)
28 lines
952 B
SYSTEMD
28 lines
952 B
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=TPM SRK Setup
|
|
Documentation=man:systemd-tpm2-setup.service(8)
|
|
DefaultDependencies=no
|
|
Conflicts=shutdown.target
|
|
After=tpm2.target systemd-tpm2-setup-early.service systemd-remount-fs.service
|
|
Before=sysinit.target shutdown.target
|
|
RequiresMountsFor=/var/lib/systemd/tpm2-srk-public-key.pem
|
|
ConditionSecurity=measured-uki
|
|
ConditionPathExists=!/etc/initrd-release
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart={{LIBEXECDIR}}/systemd-tpm2-setup --graceful
|
|
|
|
# The tool returns 76 if the TPM cannot be accessed due to an authorization failure and we can't generate an SRK.
|
|
SuccessExitStatus=76
|