git.ipfire.org Git - thirdparty/systemd.git/commit

author	Paul Meyer <katexochen0@gmail.com>
	Tue, 23 Jun 2026 14:07:34 +0000 (16:07 +0200)
committer	Paul Meyer <katexochen0@gmail.com>
	Thu, 25 Jun 2026 11:50:24 +0000 (13:50 +0200)
commit	e3ebdb8ec57c976db393723dbd969cde3165d0e7
tree	f5968083877c3e4d30aa190f527870d06d78db56	tree \| snapshot
parent	abf96165a6ecf22e26a39e1ec95fc65859b6b542	commit \| diff

tpm2: re-manufacture software TPM when state dir is incomplete

setup_swtpm() decided whether a software TPM had already been
manufactured by checking whether the state directory was empty. But
manufacture_swtpm() writes swtpm's config files before forking
swtpm_setup, so an interrupted manufacture leaves the directory
non-empty yet without a usable TPM. The next boot then mistook it for a
complete TPM and started swtpm against a broken state directory.

Keying off a swtpm state file like tpm2-00.permall is no better, as
swtpm_setup gives no guarantee any single one is written atomically or
last. Instead, have manufacture_swtpm() write a marker (.manufactured)
as its very last step, once swtpm_setup has exited successfully, and
gate on it: re-manufacture when it is missing in the initrd, and refuse
rather than start a broken TPM outside it.

Signed-off-by: Paul Meyer <katexochen0@gmail.com>

src/shared/swtpm-util.c		diff \| blob \| blame \| history
src/shared/swtpm-util.h		diff \| blob \| blame \| history
src/tpm2-setup/tpm2-swtpm.c		diff \| blob \| blame \| history
test/units/TEST-92-TPM2-SWTPM.sh		diff \| blob \| blame \| history