Merge pull request #29345 from poettering/measured-uki-condition

pid1: introduce ConditionSecurity=measured-uki

6 files changed, 6 insertions, 12 deletions

diff --git a/units/systemd-pcrfs-root.service.in b/units/systemd-pcrfs-root.service.in
index d7941fc1f6..11dc747194 100644
--- a/units/systemd-pcrfs-root.service.in
+++ b/units/systemd-pcrfs-root.service.in
@@ -15,8 +15,7 @@ Conflicts=shutdown.target
 After=systemd-pcrmachine.service
 Before=shutdown.target
 ConditionPathExists=!/etc/initrd-release
-ConditionSecurity=tpm2
-ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
+ConditionSecurity=measured-uki
 
 [Service]
 Type=oneshot
diff --git a/units/systemd-pcrfs@.service.in b/units/systemd-pcrfs@.service.in
index 9ada988f5b..fbaec4b999 100644
--- a/units/systemd-pcrfs@.service.in
+++ b/units/systemd-pcrfs@.service.in
@@ -16,8 +16,7 @@ Conflicts=shutdown.target
 After=%i.mount systemd-pcrfs-root.service
 Before=shutdown.target
 ConditionPathExists=!/etc/initrd-release
-ConditionSecurity=tpm2
-ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
+ConditionSecurity=measured-uki
 
 [Service]
 Type=oneshot
diff --git a/units/systemd-pcrmachine.service.in b/units/systemd-pcrmachine.service.in
index 9088a66acf..fb7d3ce601 100644
--- a/units/systemd-pcrmachine.service.in
+++ b/units/systemd-pcrmachine.service.in
@@ -14,8 +14,7 @@ DefaultDependencies=no
 Conflicts=shutdown.target
 Before=sysinit.target shutdown.target
 ConditionPathExists=!/etc/initrd-release
-ConditionSecurity=tpm2
-ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
+ConditionSecurity=measured-uki
 
 [Service]
 Type=oneshot
diff --git a/units/systemd-pcrphase-initrd.service.in b/units/systemd-pcrphase-initrd.service.in
index 357c7c5869..b337d602ba 100644
--- a/units/systemd-pcrphase-initrd.service.in
+++ b/units/systemd-pcrphase-initrd.service.in
@@ -14,8 +14,7 @@ DefaultDependencies=no
 Conflicts=shutdown.target initrd-switch-root.target
 Before=sysinit.target cryptsetup-pre.target cryptsetup.target shutdown.target initrd-switch-root.target systemd-sysext.service
 ConditionPathExists=/etc/initrd-release
-ConditionSecurity=tpm2
-ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
+ConditionSecurity=measured-uki
 
 [Service]
 Type=oneshot
diff --git a/units/systemd-pcrphase-sysinit.service.in b/units/systemd-pcrphase-sysinit.service.in
index 5ca986fdf7..08f73973be 100644
--- a/units/systemd-pcrphase-sysinit.service.in
+++ b/units/systemd-pcrphase-sysinit.service.in
@@ -15,8 +15,7 @@ Conflicts=shutdown.target
 After=sysinit.target
 Before=basic.target shutdown.target
 ConditionPathExists=!/etc/initrd-release
-ConditionSecurity=tpm2
-ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
+ConditionSecurity=measured-uki
 
 [Service]
 Type=oneshot
diff --git a/units/systemd-pcrphase.service.in b/units/systemd-pcrphase.service.in
index 88d41c2c5d..c94ad756d4 100644
--- a/units/systemd-pcrphase.service.in
+++ b/units/systemd-pcrphase.service.in
@@ -13,8 +13,7 @@ Documentation=man:systemd-pcrphase.service(8)
 After=remote-fs.target remote-cryptsetup.target
 Before=systemd-user-sessions.service
 ConditionPathExists=!/etc/initrd-release
-ConditionSecurity=tpm2
-ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
+ConditionSecurity=measured-uki
 
 [Service]
 Type=oneshot