units: make use of nvpcrs only after the NV anchor completion measurement is done

This makes sure we don't use the "hardware" or "verity" nvpcrs before
the NV anchor measurement is done.

This is mostly to avoid confusing output, and to indirectly ensure the
nvpcr allocation in tpm2-setup is the load bearing one, but it should
not be load bearing for security afaics.

diff --git a/units/systemd-pcrnvdone.service.in b/units/systemd-pcrnvdone.service.in
index 7593dedfed189422b4b9479eb365395bb86540a6..bbd0e66e605ce5d09f00223f78f1f94c65ebe4e7 100644 (file)
--- a/units/systemd-pcrnvdone.service.in
+++ b/units/systemd-pcrnvdone.service.in
@@ -13,7 +13,7 @@ Documentation=man:systemd-pcrnvdone.service(8)
 DefaultDependencies=no
 Conflicts=shutdown.target
 After=systemd-tpm2-setup-early.service systemd-tpm2-setup.service
-Before=sysinit.target shutdown.target
+Before=sysinit.target cryptsetup-pre.target cryptsetup.target shutdown.target
 ConditionSecurity=measured-os
 ConditionPathExists=!/etc/initrd-release
 FailureAction=reboot-force

diff --git a/units/systemd-pcrproduct.service.in b/units/systemd-pcrproduct.service.in
index 2562dea18fe4e61ad44e82eecc5e9518e88686de..1b121416a9423dd447813d533a5d68c1ed45b7c6 100644 (file)
--- a/units/systemd-pcrproduct.service.in
+++ b/units/systemd-pcrproduct.service.in
@@ -12,7 +12,7 @@ Description=TPM NvPCR Product ID Measurement
 Documentation=man:systemd-pcrproduct.service(8)
 DefaultDependencies=no
 Conflicts=shutdown.target
-After=tpm2.target
+After=tpm2.target systemd-pcrnvdone.service
 Before=sysinit.target shutdown.target
 RequiresMountsFor=/var/lib/systemd/nvpcr
 ConditionPathExists=!/etc/initrd-release