diff options
| author | Lennart Poettering <lennart@poettering.net> | 2023-11-24 18:01:56 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-01-03 13:49:02 +0100 |
| commit | 4e1f0037b85d1b3c272e13862f44eb35844a18b1 (patch) | |
| tree | 4dc975d7a968241a756335a29af76efce12a358f /man/systemd.special.xml | |
| parent | test-64: only look at plugged devices, not all of them (diff) | |
| download | systemd-4e1f0037b85d1b3c272e13862f44eb35844a18b1.tar.xz systemd-4e1f0037b85d1b3c272e13862f44eb35844a18b1.zip | |
units: add a tpm2.target synchronization point and small generator that pulls in
Distributions apparently only compile a subset of TPM2 drivers into the
kernel. For those not compiled it but provided as kmod we need a
synchronization point: we must wait before the first TPM2 interaction
until the driver is available and accessible.
This adds a tpm2.target unit as such a synchronization point. It's
ordered after /dev/tpmrm0, and is pulled in by a generator whenever we
detect that the kernel reported a TPM2 to exist but we have no device
for it yet.
This should solve the issue, but might create problems: if there are TPM
devices supported by firmware that we don't have Linux drivers for we'll
hang for a bit. Hence let's add a kernel cmdline switch to disable (or
alternatively force) this logic.
Fixes: #30164
Diffstat (limited to 'man/systemd.special.xml')
| -rw-r--r-- | man/systemd.special.xml | 19 |
1 files changed, 19 insertions, 0 deletions
diff --git a/man/systemd.special.xml b/man/systemd.special.xml index ff0f73f191..988b7175ba 100644 --- a/man/systemd.special.xml +++ b/man/systemd.special.xml @@ -92,6 +92,7 @@ <filename>time-set.target</filename>, <filename>time-sync.target</filename>, <filename>timers.target</filename>, + <filename>tpm2.target</filename>, <filename>umount.target</filename>, <filename>usb-gadget.target</filename>, <!-- slices --><filename>-.slice</filename>, @@ -948,6 +949,24 @@ <xi:include href="version-info.xml" xpointer="v242"/> </listitem> </varlistentry> + <varlistentry> + <term><filename>tpm2.target</filename></term> + <listitem> + <para>This target is started automatically if a TPM2 device is discovered, either by the OS or by + the firmware. It acts as synchronization point for services that require TPM2 device access. The + target unit is enqueued by + <citerefentry><refentrytitle>systemd-tpm2-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> + if it detects that the firmware has discovered a TPM2 device but the OS kernel has not activated + a driver for it yet. It is also pulled in whenever + <citerefentry><refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> + discovers a TPM2 device. The target unit is ordered after the <filename>/dev/tpmrm0</filename> + device node, so that it only becomes active once the TPM2 device is actually accessible. Early + boot programs that intend to access the TPM2 device should hence order themselves after this + target unit, but not pull it in.</para> + + <xi:include href="version-info.xml" xpointer="v256"/> + </listitem> + </varlistentry> </variablelist> </refsect2> |