diff options
| author | Lennart Poettering <lennart@poettering.net> | 2023-11-24 18:01:56 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2024-01-03 13:49:02 +0100 |
| commit | 4e1f0037b85d1b3c272e13862f44eb35844a18b1 (patch) | |
| tree | 4dc975d7a968241a756335a29af76efce12a358f /units/systemd-pcrfs@.service.in | |
| parent | test-64: only look at plugged devices, not all of them (diff) | |
| download | systemd-4e1f0037b85d1b3c272e13862f44eb35844a18b1.tar.xz systemd-4e1f0037b85d1b3c272e13862f44eb35844a18b1.zip | |
units: add a tpm2.target synchronization point and small generator that pulls in
Distributions apparently only compile a subset of TPM2 drivers into the
kernel. For those not compiled it but provided as kmod we need a
synchronization point: we must wait before the first TPM2 interaction
until the driver is available and accessible.
This adds a tpm2.target unit as such a synchronization point. It's
ordered after /dev/tpmrm0, and is pulled in by a generator whenever we
detect that the kernel reported a TPM2 to exist but we have no device
for it yet.
This should solve the issue, but might create problems: if there are TPM
devices supported by firmware that we don't have Linux drivers for we'll
hang for a bit. Hence let's add a kernel cmdline switch to disable (or
alternatively force) this logic.
Fixes: #30164
Diffstat (limited to 'units/systemd-pcrfs@.service.in')
| -rw-r--r-- | units/systemd-pcrfs@.service.in | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/units/systemd-pcrfs@.service.in b/units/systemd-pcrfs@.service.in index fbaec4b999..262a82fb04 100644 --- a/units/systemd-pcrfs@.service.in +++ b/units/systemd-pcrfs@.service.in @@ -13,7 +13,7 @@ Documentation=man:systemd-pcrfs@.service(8) DefaultDependencies=no BindsTo=%i.mount Conflicts=shutdown.target -After=%i.mount systemd-pcrfs-root.service +After=%i.mount tpm2.target systemd-pcrfs-root.service Before=shutdown.target ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki |