mirror of
https://github.com/systemd/systemd.git
synced 2025-01-05 13:18:06 +03:00
30df42a927
The TPM might be password/pin protected for various reasons even if
there is no SRK yet. Let's handle those cases gracefully instead of
failing the unit as it is enabled by default.
(cherry picked from commit d6518003f8)
27 lines
900 B
SYSTEMD
27 lines
900 B
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Early TPM SRK Setup
|
|
Documentation=man:systemd-tpm2-setup.service(8)
|
|
DefaultDependencies=no
|
|
Conflicts=shutdown.target
|
|
After=tpm2.target systemd-pcrphase-initrd.service
|
|
Before=sysinit.target shutdown.target
|
|
ConditionSecurity=measured-uki
|
|
ConditionPathExists=!/run/systemd/tpm2-srk-public-key.pem
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart={{LIBEXECDIR}}/systemd-tpm2-setup --early=yes --graceful
|
|
|
|
# The tool returns 76 if the TPM cannot be accessed due to an authorization failure and we can't generate an SRK.
|
|
SuccessExitStatus=76
|