git.ipfire.org Git - thirdparty/systemd.git/commit

author	Lennart Poettering <lennart@poettering.net>
	Tue, 11 Mar 2025 16:28:47 +0000 (17:28 +0100)
committer	Yu Watanabe <watanabe.yu+github@gmail.com>
	Mon, 31 Mar 2025 12:13:33 +0000 (21:13 +0900)
commit	8b21bbd6f0fb9898ed31472ef9f4e204da984890
tree	8debccf212ffa705a25d8c255d0add14dff85fc4	tree \| snapshot
parent	1220625a81581327daffbdbcaf06b0fa539143e5	commit \| diff

pcrextend: whenever we fail to extend PCRs, reboot immediately

PCR extensions are supposed to be useful for "destroying" the ability to
access TPM bound secrets. Hence, if for some reason we fail to extend a
PCR, it's safer to just reboot, instead of going on without the
extension, leaving secrets potentially accessible which should not be
accessible.

Note that the services exit gracefully if no TPM is found, hence this
should not be triggered on TPM-less systems. However, this enforces that
if there is a TPM that is accessible to Linux and that works properly,
the PCR measurement must complete too.

Inspired by this thread:

https://lists.freedesktop.org/archives/systemd-devel/2025-March/051244.html

units/systemd-pcrfs-root.service.in		diff \| blob \| blame \| history
units/systemd-pcrfs@.service.in		diff \| blob \| blame \| history
units/systemd-pcrmachine.service.in		diff \| blob \| blame \| history
units/systemd-pcrphase-factory-reset.service.in		diff \| blob \| blame \| history
units/systemd-pcrphase-initrd.service.in		diff \| blob \| blame \| history
units/systemd-pcrphase-storage-target-mode.service.in		diff \| blob \| blame \| history
units/systemd-pcrphase-sysinit.service.in		diff \| blob \| blame \| history
units/systemd-pcrphase.service.in		diff \| blob \| blame \| history