From 82d69529cb6be01c65eec69ba8189b9bac9ba3a3 Mon Sep 17 00:00:00 2001 From: Daan De Meyer Date: Wed, 25 Mar 2026 15:34:58 +0100 Subject: [PATCH] swtpm-util: Write our own CA options rather than using the distro ones --- src/shared/swtpm-util.c | 18 ++++++++++++++++-- 1 file changed, 16 insertions(+), 2 deletions(-) diff --git a/src/shared/swtpm-util.c b/src/shared/swtpm-util.c index 1a475f0e08f..55e3f2f34c5 100644 --- a/src/shared/swtpm-util.c +++ b/src/shared/swtpm-util.c @@ -138,6 +138,19 @@ int manufacture_swtpm(const char *state_dir, const char *secret) { if (r < 0) return log_error_errno(r, "Failed to write swtpm-localca.conf: %m"); + _cleanup_free_ char *localca_options = path_join(state_dir, "swtpm-localca.options"); + if (!localca_options) + return log_oom(); + + r = write_string_file( + localca_options, + "--platform-manufacturer systemd\n" + "--platform-version 2.1\n" + "--platform-model swtpm\n", + WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_TRUNCATE|WRITE_STRING_FILE_MKDIR_0755); + if (r < 0) + return log_error_errno(r, "Failed to write swtpm-localca.options: %m"); + _cleanup_free_ char *swtpm_localca = NULL; r = find_executable("swtpm_localca", &swtpm_localca); if (r < 0) @@ -152,9 +165,10 @@ int manufacture_swtpm(const char *state_dir, const char *secret) { WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_TRUNCATE|WRITE_STRING_FILE_MKDIR_0755, "create_certs_tool = %1$s\n" "create_certs_tool_config = %2$s\n" - "create_certs_tool_options = /etc/swtpm-localca.options\n", + "create_certs_tool_options = %3$s\n", swtpm_localca, - localca_conf); + localca_conf, + localca_options); if (r < 0) return log_error_errno(r, "Failed to write swtpm_setup.conf: %m"); -- 2.47.3