cryptsetup: don't bother waiting for TPM2 devices if we are on EFI and EFI says there...

Note that this means EFI-systems with a manually added TPM device won't
be supported automatically, but given that the TPM2 trust model kinda
requires firmware support I doubt it matters supporting this. And in all
other cases it speeds things up a bit.

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index ebd59ca68c4c903c5b8ae734337647951d22accc..dcaedac53eded892dcebedd6aaa99d5c99222aac 100644 (file)
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -17,6 +17,7 @@
 #include "cryptsetup-tpm2.h"
 #include "cryptsetup-util.h"
 #include "device-util.h"
+#include "efi-loader.h"
 #include "escape.h"
 #include "fileio.h"
 #include "fs-util.h"
@@ -1136,6 +1137,10 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2(
 
                         assert(!event);
 
+                        if (is_efi_boot() && !efi_has_tpm2())
+                                return log_notice_errno(SYNTHETIC_ERRNO(EAGAIN),
+                                                        "No TPM2 hardware discovered and EFI bios indicates no support for it either, assuming TPM2-less system, falling back to traditional unocking.");
+
                         r = sd_event_default(&event);
                         if (r < 0)
                                 return log_error_errno(r, "Failed to allocate event loop: %m");