tpm2-clear: make getenv() failure fatal, correct one log level

This operation is destructive, and we bail if the proc_cmdline_get_bool()
call below fails already. Better be safe than sorry.

diff --git a/src/tpm2-setup/tpm2-clear.c b/src/tpm2-setup/tpm2-clear.c
index 3f76798a6fbc801c50d6c6aecf2c83b90af6c687..0dcee96a07ad21098b19590730a36196f79ec820 100644 (file)
--- a/src/tpm2-setup/tpm2-clear.c
+++ b/src/tpm2-setup/tpm2-clear.c
@@ -88,7 +88,7 @@ static int request_tpm2_clear(void) {
 
         r = secure_getenv_bool("SYSTEMD_TPM2_ALLOW_CLEAR");
         if (r < 0 && r != -ENXIO)
-                log_warning_errno(r, "Failed to parse $SYSTEMD_TPM2_ALLOW_CLEAR, ignoring: %m");
+                return log_error_errno(r, "Failed to parse $SYSTEMD_TPM2_ALLOW_CLEAR: %m");
         if (r >= 0)
                 clear = r;
 
@@ -96,7 +96,7 @@ static int request_tpm2_clear(void) {
                 bool b;
                 r = proc_cmdline_get_bool("systemd.tpm2_allow_clear", /* flags= */ 0, &b);
                 if (r < 0)
-                        return log_debug_errno(r, "Failed to parse systemd.tpm2_allow_clear kernel command line argument: %m");
+                        return log_error_errno(r, "Failed to parse systemd.tpm2_allow_clear kernel command line argument: %m");
                 if (r > 0)
                         clear = b;
         }