]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0ea911d) | patch
creds-tool: add new "has-tpm2" verb
authorLennart Poettering <lennart@poettering.net>
Tue, 19 Apr 2022 12:47:02 +0000 (14:47 +0200)
committerLennart Poettering <lennart@poettering.net>
Wed, 20 Apr 2022 14:58:18 +0000 (16:58 +0200)
commit6e0cb81505deb8fd785492f90cdac10388d1858e
treefcc1a7ed9515e944ff3a9df830739b7678009bcatree | snapshot
parent0ea911d14c738447511b5a807750b356e0758895commit | diff
creds-tool: add new "has-tpm2" verb

Sometimes it's useful from shell scripts to check if we have a working
TPM2 chip around. For example, when putting together encrypted
credentials for the initrd (after all: it might be wise to place the
root pw in a credential for the initrd to consume, but do so only if we
can lock it to the TPM2, and not otherwise, so that we risk nothing).

Hence, let's add a new "systemd-creds has-tpm2" verb: it returns zero if we
have a working TPM2 (which means: supported by kernel + firmware + us),
or non-zero otherwise. Also show which parts are available.

Use-case: in future the 'kernel-install' script should use this when
deciding whether to augment kernels with security sensitive credentials.
src/creds/creds.c diff | blob | blame | history
src/shared/tpm2-util.h diff | blob | blame | history
Unnamed repository; edit this file 'description' to name the repository.