From: Paul Meyer Date: Tue, 23 Jun 2026 12:46:24 +0000 (+0200) Subject: tpm2: stop the software TPM before the ESP is unmounted on shutdown X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=df2baac2b9a54ccc1043c71b190e1b684bb19cfc;p=thirdparty%2Fsystemd.git tpm2: stop the software TPM before the ESP is unmounted on shutdown swtpm keeps its state on the ESP (--tpmstate=dir=) and thus holds it busy for as long as it runs, but nothing ensured it was stopped before the ESP was unmounted on shutdown, leaving boot.mount failing to unmount. Two things were missing: - systemd-tpm2-swtpm.service has DefaultDependencies=no, which strips the implicit shutdown.target membership, so it was torn down late rather than stopped in an ordered manner. Add Conflicts=/Before=shutdown.target, as the sibling systemd-tpm2-setup{,-early}.service units already do. - The generator only ordered the service After=boot.automount/efi.automount. Ordering after the .automount units is enough for start-up, but only an ordering against the actual .mount units makes the service stop (releasing the ESP) before the file system is unmounted. Add boot.mount/efi.mount to the After= line; this is a no-op at start-up, as the mount has no job of its own there (it is triggered on access via the automount). Signed-off-by: Paul Meyer --- diff --git a/src/tpm2-setup/tpm2-generator.c b/src/tpm2-setup/tpm2-generator.c index 65f450daaff..5a4a88bf9f4 100644 --- a/src/tpm2-setup/tpm2-generator.c +++ b/src/tpm2-setup/tpm2-generator.c @@ -114,14 +114,18 @@ static int generate_swtpm_symlink(Tpm2Support support) { else /* Order (but not pull in) the regular ESP automount so that swtpm has a place to store its * data. Note that it might be mounted to two different places depending on the existence of - * XBOOTLDR, hence order after both. */ + * XBOOTLDR, hence order after both. We also order after the .mount units (not just the + * .automount units): ordering after the automount is enough for start-up, but only an + * ordering against the actual mount unit ensures swtpm is stopped (releasing the ESP) before + * the file system is unmounted on shutdown. This is a no-op at start-up, as the mount has no + * job of its own there (it is triggered on access via the automount). */ r = write_drop_in( arg_dest, "systemd-tpm2-swtpm.service", 50, "esp", "# Automatically generated by systemd-tpm2-generator\n\n" "[Unit]\n" - "After=boot.automount efi.automount\n"); + "After=boot.automount efi.automount boot.mount efi.mount\n"); if (r < 0) return log_error_errno(r, "Failed to hook ESP mount before systemd-tpm2-swtpm.service: %m"); diff --git a/units/systemd-tpm2-swtpm.service.in b/units/systemd-tpm2-swtpm.service.in index 10856f70d9e..5ca946248c4 100644 --- a/units/systemd-tpm2-swtpm.service.in +++ b/units/systemd-tpm2-swtpm.service.in @@ -11,10 +11,11 @@ Description=Fallback Software TPM Documentation=man:systemd-tpm2-swtpm.service(8) DefaultDependencies=no +Conflicts=shutdown.target After=systemd-sysusers.service Wants=modprobe@tpm_vtpm_proxy.service After=modprobe@tpm_vtpm_proxy.service -Before=tpm2.target sysinit.target +Before=tpm2.target sysinit.target shutdown.target [Service] Type=notify