]> git.ipfire.org Git - thirdparty/systemd.git/commit
credentials: add policy that can allow key=null creds from the ESP
authorMichael Vogt <michael@amutable.com>
Wed, 10 Jun 2026 11:02:01 +0000 (13:02 +0200)
committerMichael Vogt <michael@amutable.com>
Thu, 9 Jul 2026 14:48:26 +0000 (16:48 +0200)
commitcb7f95ff5f25a28afeadd668d3c0530005982b3b
treeb4af7d93397932c790b678d0899e33d40a767195
parentadd910a838ea718abd7f70d221fd5a69408c7026
credentials: add policy that can allow key=null creds from the ESP

This commit adds a new `systemd.credentials_boot_policy=` kernel
commandline that allows to control if credentials with
a `null` key are accepted.

The possible options are:
* strict: always insist on tpm encryption
* tofu: allow null encryption in firstboot mode and when no tpm is available
* relaxed: allow null encryption when sb is off, or no tpm is available
* off: allow null encryption always

The default is currently `relaxed` which is the same behavior
as before.

This replaces the initial idea of using plaintext credentials
at firstboot (thanks to Lennart for this nicer and simpler design).

Note that this also moves `in_first_boot()` to `basic/initrd-util`
which is a better fit now.
docs/CREDENTIALS.md
man/kernel-command-line.xml
man/systemd.xml
src/basic/initrd-util.c
src/basic/initrd-util.h
src/shared/condition.c
src/shared/creds-util.c
src/shared/creds-util.h
src/test/test-creds.c
test/units/TEST-54-CREDS.sh