From: Lennart Poettering Date: Tue, 1 Jun 2021 14:34:34 +0000 (+0200) Subject: cryptsetup: if TPM2 support is not compiled in, fallback to non-TPM2 mode gracefully X-Git-Tag: v249-rc1~118^2~1 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=cad105442d15344e39466c02d8ffe7daaff92901;p=thirdparty%2Fsystemd.git cryptsetup: if TPM2 support is not compiled in, fallback to non-TPM2 mode gracefully Fixes: #19177 --- diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c index 28ac78cd378..ebd59ca68c4 100644 --- a/src/cryptsetup/cryptsetup.c +++ b/src/cryptsetup/cryptsetup.c @@ -1070,6 +1070,8 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2( &decrypted_key, &decrypted_key_size); if (r >= 0) break; + if (ERRNO_IS_NOT_SUPPORTED(r)) /* TPM2 support not compiled in? */ + return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 support not available, falling back to traditional unlocking."); if (r != -EAGAIN) /* EAGAIN means: no tpm2 chip found */ return r; } else { @@ -1100,6 +1102,8 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2( found_some ? "No TPM2 metadata matching the current system state found in LUKS2 header, falling back to traditional unlocking." : "No TPM2 metadata enrolled in LUKS2 header, falling back to traditional unlocking."); + if (ERRNO_IS_NOT_SUPPORTED(r)) /* TPM2 support not compiled in? */ + return log_debug_errno(SYNTHETIC_ERRNO(EAGAIN), "TPM2 support not available, falling back to traditional unlocking."); if (r < 0) return r;