From: Daan De Meyer <daan@amutable.com>
Date: Wed, 18 Feb 2026 13:02:53 +0000 (+0100)
Subject: vmspawn: Don't keep tpmstate around in auto mode if ephemeral
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=cec9eb5e7e28bb65ccc9880c6c9c986ee24a856a;p=thirdparty%2Fsystemd.git

vmspawn: Don't keep tpmstate around in auto mode if ephemeral
---

diff --git a/man/systemd-vmspawn.xml b/man/systemd-vmspawn.xml
index dc56c590587..0f2f6649e30 100644
--- a/man/systemd-vmspawn.xml
+++ b/man/systemd-vmspawn.xml
@@ -221,6 +221,9 @@
           when the VM shuts down. This mode is not suitable for VMs which lock disk encryption keys to the
           TPM, as these keys will be lost on every reboot. Defaults to <literal>auto</literal>.</para>
 
+          <para>If <option>--ephemeral</option> is specified, <literal>auto</literal> behaves like
+          <literal>off</literal>.</para>
+
           <xi:include href="version-info.xml" xpointer="v258"/></listitem>
         </varlistentry>
 
diff --git a/src/vmspawn/vmspawn.c b/src/vmspawn/vmspawn.c
index 988a391cda7..0c957b48aae 100644
--- a/src/vmspawn/vmspawn.c
+++ b/src/vmspawn/vmspawn.c
@@ -85,7 +85,7 @@
 
 typedef enum TpmStateMode {
         TPM_STATE_OFF,      /* keep no state around */
-        TPM_STATE_AUTO,     /* keep state around, derive path from image/directory */
+        TPM_STATE_AUTO,     /* keep state around if not ephemeral, derive path from image/directory */
         TPM_STATE_PATH,     /* explicitly specified location */
         _TPM_STATE_MODE_MAX,
         _TPM_STATE_MODE_INVALID = -EINVAL,
@@ -2569,7 +2569,7 @@ static int run_virtual_machine(int kvm_device_fd, int vhost_device_fd) {
 
         _cleanup_free_ char *swtpm = NULL;
         if (arg_tpm != 0) {
-                if (arg_tpm_state_mode == TPM_STATE_AUTO) {
+                if (arg_tpm_state_mode == TPM_STATE_AUTO && !arg_ephemeral) {
                         assert(!arg_tpm_state_path);
 
                         const char *p = ASSERT_PTR(arg_image ?: arg_directory);