From: Luca Boccassi Date: Thu, 28 Dec 2023 16:32:06 +0000 (+0100) Subject: units: add ConditionSecurity=tpm2 to systemd-tpm2-setup units X-Git-Tag: v256-rc1~1372 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=aa735b02196cf6f947fd1e4b2ec46b544ec7c3e1;p=thirdparty%2Fsystemd.git units: add ConditionSecurity=tpm2 to systemd-tpm2-setup units ConditionSecurity=measured-uki can be true even with TPM 1.2 which we don't support, so add an explicit check for TPM 2.0. Fixes https://github.com/systemd/systemd/issues/30650 Follow-up for 2e64cb71b9c0160c3 --- diff --git a/units/systemd-tpm2-setup-early.service.in b/units/systemd-tpm2-setup-early.service.in index c1597ea3f9f..57fe5e2537a 100644 --- a/units/systemd-tpm2-setup-early.service.in +++ b/units/systemd-tpm2-setup-early.service.in @@ -14,6 +14,7 @@ DefaultDependencies=no Conflicts=shutdown.target Before=sysinit.target shutdown.target ConditionSecurity=measured-uki +ConditionSecurity=tpm2 ConditionPathExists=!/run/systemd/tpm2-srk-public-key.pem [Service] diff --git a/units/systemd-tpm2-setup.service.in b/units/systemd-tpm2-setup.service.in index 6c99f3af0a6..9d882d690fa 100644 --- a/units/systemd-tpm2-setup.service.in +++ b/units/systemd-tpm2-setup.service.in @@ -16,6 +16,7 @@ After=systemd-tpm2-setup-early.service systemd-remount-fs.service Before=sysinit.target shutdown.target RequiresMountsFor=/var/lib/systemd/tpm2-srk-public-key.pem ConditionSecurity=measured-uki +ConditionSecurity=tpm2 ConditionPathExists=!/etc/initrd-release [Service]