From: Daan De Meyer Date: Fri, 26 Jan 2024 10:29:35 +0000 (+0100) Subject: units: Order pcrlock services after systemd-remounts-fs.service X-Git-Tag: v256-rc1~1024 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=09e69217581f3eed821926c591dc2e6cec5ec036;p=thirdparty%2Fsystemd.git units: Order pcrlock services after systemd-remounts-fs.service These write to /var and as such need to wait until after the rootfs has been remounted read-write. --- diff --git a/units/systemd-pcrlock-file-system.service.in b/units/systemd-pcrlock-file-system.service.in index d68a42e09a6..dd0d358793f 100644 --- a/units/systemd-pcrlock-file-system.service.in +++ b/units/systemd-pcrlock-file-system.service.in @@ -13,6 +13,7 @@ Documentation=man:systemd-pcrlock(8) DefaultDependencies=no Conflicts=shutdown.target Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service +After=systemd-remount-fs.service var.mount ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki diff --git a/units/systemd-pcrlock-firmware-code.service.in b/units/systemd-pcrlock-firmware-code.service.in index a24f2ba015f..b2716713939 100644 --- a/units/systemd-pcrlock-firmware-code.service.in +++ b/units/systemd-pcrlock-firmware-code.service.in @@ -12,7 +12,7 @@ Description=Lock Firmware Code to TPM2 PCR Policy Documentation=man:systemd-pcrlock(8) DefaultDependencies=no Conflicts=shutdown.target -After=systemd-tpm2-setup.service +After=systemd-tpm2-setup.service systemd-remount-fs.service var.mount Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki diff --git a/units/systemd-pcrlock-firmware-config.service.in b/units/systemd-pcrlock-firmware-config.service.in index 64e63f86a68..8440f5982b9 100644 --- a/units/systemd-pcrlock-firmware-config.service.in +++ b/units/systemd-pcrlock-firmware-config.service.in @@ -12,7 +12,7 @@ Description=Lock Firmware Configuration to TPM2 PCR Policy Documentation=man:systemd-pcrlock(8) DefaultDependencies=no Conflicts=shutdown.target -After=systemd-tpm2-setup.service +After=systemd-tpm2-setup.service systemd-remount-fs.service var.mount Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki diff --git a/units/systemd-pcrlock-machine-id.service.in b/units/systemd-pcrlock-machine-id.service.in index 0ff22c586e3..16c6a99251f 100644 --- a/units/systemd-pcrlock-machine-id.service.in +++ b/units/systemd-pcrlock-machine-id.service.in @@ -13,6 +13,7 @@ Documentation=man:systemd-pcrlock(8) DefaultDependencies=no Conflicts=shutdown.target Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service +After=systemd-remount-fs.service var.mount ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki diff --git a/units/systemd-pcrlock-make-policy.service.in b/units/systemd-pcrlock-make-policy.service.in index 4127cc7c614..444e1e49f11 100644 --- a/units/systemd-pcrlock-make-policy.service.in +++ b/units/systemd-pcrlock-make-policy.service.in @@ -14,6 +14,7 @@ DefaultDependencies=no Conflicts=shutdown.target After=systemd-tpm2-setup.service Before=sysinit.target shutdown.target +After=systemd-remount-fs.service var.mount ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki diff --git a/units/systemd-pcrlock-secureboot-authority.service.in b/units/systemd-pcrlock-secureboot-authority.service.in index a8d55bad3c0..d5c722cf311 100644 --- a/units/systemd-pcrlock-secureboot-authority.service.in +++ b/units/systemd-pcrlock-secureboot-authority.service.in @@ -14,6 +14,7 @@ DefaultDependencies=no Conflicts=shutdown.target After=systemd-tpm2-setup.service Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service +After=systemd-remount-fs.service var.mount ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki diff --git a/units/systemd-pcrlock-secureboot-policy.service.in b/units/systemd-pcrlock-secureboot-policy.service.in index 10e603c1b6c..fc50e17aaa5 100644 --- a/units/systemd-pcrlock-secureboot-policy.service.in +++ b/units/systemd-pcrlock-secureboot-policy.service.in @@ -14,6 +14,7 @@ DefaultDependencies=no Conflicts=shutdown.target After=systemd-tpm2-setup.service Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service +After=systemd-remount-fs.service var.mount ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki