diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-01-26 11:29:35 +0100 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@gmail.com> | 2024-01-26 22:15:59 +0100 |
| commit | 09e69217581f3eed821926c591dc2e6cec5ec036 (patch) | |
| tree | 829e27ed82ab9059c6c5cf4f9900ed8b69b708bb /units | |
| parent | timesyncd: make the transmit timestamp in requests fully random (diff) | |
| download | systemd-09e69217581f3eed821926c591dc2e6cec5ec036.tar.xz systemd-09e69217581f3eed821926c591dc2e6cec5ec036.zip | |
units: Order pcrlock services after systemd-remounts-fs.service
These write to /var and as such need to wait until after the rootfs
has been remounted read-write.
Diffstat (limited to 'units')
| -rw-r--r-- | units/systemd-pcrlock-file-system.service.in | 1 | ||||
| -rw-r--r-- | units/systemd-pcrlock-firmware-code.service.in | 2 | ||||
| -rw-r--r-- | units/systemd-pcrlock-firmware-config.service.in | 2 | ||||
| -rw-r--r-- | units/systemd-pcrlock-machine-id.service.in | 1 | ||||
| -rw-r--r-- | units/systemd-pcrlock-make-policy.service.in | 1 | ||||
| -rw-r--r-- | units/systemd-pcrlock-secureboot-authority.service.in | 1 | ||||
| -rw-r--r-- | units/systemd-pcrlock-secureboot-policy.service.in | 1 |
7 files changed, 7 insertions, 2 deletions
diff --git a/units/systemd-pcrlock-file-system.service.in b/units/systemd-pcrlock-file-system.service.in index d68a42e09a..dd0d358793 100644 --- a/units/systemd-pcrlock-file-system.service.in +++ b/units/systemd-pcrlock-file-system.service.in @@ -13,6 +13,7 @@ Documentation=man:systemd-pcrlock(8) DefaultDependencies=no Conflicts=shutdown.target Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service +After=systemd-remount-fs.service var.mount ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki diff --git a/units/systemd-pcrlock-firmware-code.service.in b/units/systemd-pcrlock-firmware-code.service.in index a24f2ba015..b271671393 100644 --- a/units/systemd-pcrlock-firmware-code.service.in +++ b/units/systemd-pcrlock-firmware-code.service.in @@ -12,7 +12,7 @@ Description=Lock Firmware Code to TPM2 PCR Policy Documentation=man:systemd-pcrlock(8) DefaultDependencies=no Conflicts=shutdown.target -After=systemd-tpm2-setup.service +After=systemd-tpm2-setup.service systemd-remount-fs.service var.mount Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki diff --git a/units/systemd-pcrlock-firmware-config.service.in b/units/systemd-pcrlock-firmware-config.service.in index 64e63f86a6..8440f5982b 100644 --- a/units/systemd-pcrlock-firmware-config.service.in +++ b/units/systemd-pcrlock-firmware-config.service.in @@ -12,7 +12,7 @@ Description=Lock Firmware Configuration to TPM2 PCR Policy Documentation=man:systemd-pcrlock(8) DefaultDependencies=no Conflicts=shutdown.target -After=systemd-tpm2-setup.service +After=systemd-tpm2-setup.service systemd-remount-fs.service var.mount Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki diff --git a/units/systemd-pcrlock-machine-id.service.in b/units/systemd-pcrlock-machine-id.service.in index 0ff22c586e..16c6a99251 100644 --- a/units/systemd-pcrlock-machine-id.service.in +++ b/units/systemd-pcrlock-machine-id.service.in @@ -13,6 +13,7 @@ Documentation=man:systemd-pcrlock(8) DefaultDependencies=no Conflicts=shutdown.target Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service +After=systemd-remount-fs.service var.mount ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki diff --git a/units/systemd-pcrlock-make-policy.service.in b/units/systemd-pcrlock-make-policy.service.in index 4127cc7c61..444e1e49f1 100644 --- a/units/systemd-pcrlock-make-policy.service.in +++ b/units/systemd-pcrlock-make-policy.service.in @@ -14,6 +14,7 @@ DefaultDependencies=no Conflicts=shutdown.target After=systemd-tpm2-setup.service Before=sysinit.target shutdown.target +After=systemd-remount-fs.service var.mount ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki diff --git a/units/systemd-pcrlock-secureboot-authority.service.in b/units/systemd-pcrlock-secureboot-authority.service.in index a8d55bad3c..d5c722cf31 100644 --- a/units/systemd-pcrlock-secureboot-authority.service.in +++ b/units/systemd-pcrlock-secureboot-authority.service.in @@ -14,6 +14,7 @@ DefaultDependencies=no Conflicts=shutdown.target After=systemd-tpm2-setup.service Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service +After=systemd-remount-fs.service var.mount ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki diff --git a/units/systemd-pcrlock-secureboot-policy.service.in b/units/systemd-pcrlock-secureboot-policy.service.in index 10e603c1b6..fc50e17aaa 100644 --- a/units/systemd-pcrlock-secureboot-policy.service.in +++ b/units/systemd-pcrlock-secureboot-policy.service.in @@ -14,6 +14,7 @@ DefaultDependencies=no Conflicts=shutdown.target After=systemd-tpm2-setup.service Before=sysinit.target shutdown.target systemd-pcrlock-make-policy.service +After=systemd-remount-fs.service var.mount ConditionPathExists=!/etc/initrd-release ConditionSecurity=measured-uki |