From 71b25deae3fee6e16941ddc4055b443d449f62a8 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Tue, 1 Jun 2021 16:35:13 +0200
Subject: [PATCH] cryptsetup: don't bother waiting for TPM2 devices if we are
 on EFI and EFI says there is no TPM2 device

Note that this means EFI-systems with a manually added TPM device won't
be supported automatically, but given that the TPM2 trust model kinda
requires firmware support I doubt it matters supporting this. And in all
other cases it speeds things up a bit.
---
 src/cryptsetup/cryptsetup.c | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/src/cryptsetup/cryptsetup.c b/src/cryptsetup/cryptsetup.c
index ebd59ca68c4..dcaedac53ed 100644
--- a/src/cryptsetup/cryptsetup.c
+++ b/src/cryptsetup/cryptsetup.c
@@ -17,6 +17,7 @@
 #include "cryptsetup-tpm2.h"
 #include "cryptsetup-util.h"
 #include "device-util.h"
+#include "efi-loader.h"
 #include "escape.h"
 #include "fileio.h"
 #include "fs-util.h"
@@ -1136,6 +1137,10 @@ static int attach_luks_or_plain_or_bitlk_by_tpm2(
 
                         assert(!event);
 
+                        if (is_efi_boot() && !efi_has_tpm2())
+                                return log_notice_errno(SYNTHETIC_ERRNO(EAGAIN),
+                                                        "No TPM2 hardware discovered and EFI bios indicates no support for it either, assuming TPM2-less system, falling back to traditional unocking.");
+
                         r = sd_event_default(&event);
                         if (r < 0)
                                 return log_error_errno(r, "Failed to allocate event loop: %m");
-- 
2.47.3