diff options
| author | Lennart Poettering <lennart@poettering.net> | 2022-11-14 17:26:49 +0100 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2022-11-15 23:14:13 +0100 |
| commit | 34906680afe60d724ea435b79b9b830a4bf2e7e9 (patch) | |
| tree | 14f65847fdbc2b273a6b0a8b73e0c32dad3bcb4b | |
| parent | MemoryZSwapMax directive to configure new memory.zswap.max cgroup file (diff) | |
| download | systemd-34906680afe60d724ea435b79b9b830a4bf2e7e9.tar.xz systemd-34906680afe60d724ea435b79b9b830a4bf2e7e9.zip | |
tpm2-util: force default TCTI to be "device" with parameter "/dev/tpmrm0"
Apparently some distros default to tss-abmrd. Let's bypass that and
always go to the kernel resource manager.
abmrd cannot really work for us, since we want to access the TPM already
in earliest boot i.e. in environments the abmrd service is not available
in.
Fixes: #25352
| -rw-r--r-- | src/shared/tpm2-util.c | 13 |
1 files changed, 12 insertions, 1 deletions
diff --git a/src/shared/tpm2-util.c b/src/shared/tpm2-util.c index ba8a23e18c..b4808691da 100644 --- a/src/shared/tpm2-util.c +++ b/src/shared/tpm2-util.c @@ -152,8 +152,19 @@ int tpm2_context_init(const char *device, struct tpm2_context *ret) { if (r < 0) return log_error_errno(r, "TPM2 support not installed: %m"); - if (!device) + if (!device) { device = secure_getenv("SYSTEMD_TPM2_DEVICE"); + if (device) + /* Setting the env var to an empty string forces tpm2-tss' own device picking + * logic to be used. */ + device = empty_to_null(device); + else + /* If nothing was specified explicitly, we'll use a hardcoded default: the "device" tcti + * driver and the "/dev/tpmrm0" device. We do this since on some distributions the tpm2-abrmd + * might be used and we really don't want that, since it is a system service and that creates + * various ordering issues/deadlocks during early boot. */ + device = "device:/dev/tpmrm0"; + } if (device) { const char *param, *driver, *fn; |