]> git.ipfire.org Git - thirdparty/systemd.git/commit
projects / thirdparty / systemd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: b493502) | patch
units: measure "factory-reset" into PCR 11 when we request factory reset 36543/head
authorLennart Poettering <lennart@poettering.net>
Thu, 27 Feb 2025 11:41:57 +0000 (12:41 +0100)
committerLennart Poettering <lennart@poettering.net>
Thu, 27 Feb 2025 12:20:23 +0000 (13:20 +0100)
commit6ee3bc046bdee676d34e890c82d56f935891cb75
treeac134a4c2cb9d5ec28bfa341bde4cdfccb512b52tree | snapshot
parentb493502475fe433d7da4460a5e126f38158d432acommit | diff
units: measure "factory-reset" into PCR 11 when we request factory reset

Let's make sure that the moment where factory reset is requested is
visible in the TPM PCR state, so that access to secrets is terminated.

This is particulary interesting when the system is booted with
systemd.unit=factory-reset.target on the kernel command line, requesting
a factory reset on the following boot. The preparations done in
userspace should already lose access to the TPM in that case.
units/meson.build diff | blob | blame | history
units/systemd-pcrphase-factory-reset.service.in [new file with mode: 0644] blob
Unnamed repository; edit this file 'description' to name the repository.