mirror of
https://github.com/systemd/systemd.git
synced 2024-11-23 10:13:34 +08:00
d6518003f8
The TPM might be password/pin protected for various reasons even if there is no SRK yet. Let's handle those cases gracefully instead of failing the unit as it is enabled by default.
27 lines
900 B
SYSTEMD
27 lines
900 B
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Early TPM SRK Setup
|
|
Documentation=man:systemd-tpm2-setup.service(8)
|
|
DefaultDependencies=no
|
|
Conflicts=shutdown.target
|
|
After=tpm2.target systemd-pcrphase-initrd.service
|
|
Before=sysinit.target shutdown.target
|
|
ConditionSecurity=measured-uki
|
|
ConditionPathExists=!/run/systemd/tpm2-srk-public-key.pem
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart={{LIBEXECDIR}}/systemd-tpm2-setup --early=yes --graceful
|
|
|
|
# The tool returns 76 if the TPM cannot be accessed due to an authorization failure and we can't generate an SRK.
|
|
SuccessExitStatus=76
|