mirror of
https://github.com/systemd/systemd.git
synced 2024-11-30 13:53:39 +08:00
3719dcb0bc
I was looking at the logs in some bug and saw this: Mar 13 15:55:12 fedora systemd[1]: systemd-pcrmachine.service - TPM2 PCR Machine ID Measurement was skipped because of an unmet condition check (ConditionSecurity=measured-uki). Mar 13 15:55:12 fedora systemd[1]: Starting systemd-remount-fs.service - Remount Root and Kernel File Systems... Mar 13 15:55:12 fedora systemd[1]: systemd-tpm2-setup-early.service - TPM2 SRK Setup (Early) was skipped because of an unmet condition check (ConditionSecurity=measured-uki). This is overly technical, for most units we don't provide this level of detail about the implementation. So retitle the units to be more accessible. Also, the fact that it's a v. 2 of the TPM is not that important. We don't support TPM 1.2, but computers without TPM v2 are getting rare. For other units we don't advertise the version of hardware, and let's not do this here, to reduce some complexity.
27 lines
837 B
SYSTEMD
27 lines
837 B
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Lock Firmware Code to TPM PCR Policy
|
|
Documentation=man:systemd-pcrlock(8)
|
|
DefaultDependencies=no
|
|
Conflicts=shutdown.target
|
|
After=systemd-tpm2-setup.service systemd-remount-fs.service var.mount
|
|
Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service
|
|
ConditionPathExists=!/etc/initrd-release
|
|
ConditionSecurity=measured-uki
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart={{LIBEXECDIR}}/systemd-pcrlock lock-firmware-code
|
|
|
|
[Install]
|
|
WantedBy=sysinit.target
|