diff options
| author | Lennart Poettering <lennart@poettering.net> | 2024-02-12 15:48:03 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2024-02-12 15:48:03 +0100 |
| commit | a85daa97d9c6835ddede3ddd8ac6244c28f80315 (patch) | |
| tree | 21d7010264bb70641aeb08695f3494b7e28430bb /units | |
| parent | core/load-fragment: fix typo (sanety -> sanity) (diff) | |
| parent | update TODO (diff) | |
| download | systemd-a85daa97d9c6835ddede3ddd8ac6244c28f80315.tar.xz systemd-a85daa97d9c6835ddede3ddd8ac6244c28f80315.zip | |
Merge pull request #31233 from poettering/pcrlock-varlink
pcrlock: add simple Varlink API + some varlinkctl tweaks
Diffstat (limited to 'units')
| -rw-r--r-- | units/meson.build | 9 | ||||
| -rw-r--r-- | units/systemd-pcrlock.socket | 25 | ||||
| -rw-r--r-- | units/systemd-pcrlock@.service.in | 21 |
3 files changed, 55 insertions, 0 deletions
diff --git a/units/meson.build b/units/meson.build index efd2eac583..acfd8d1dcb 100644 --- a/units/meson.build +++ b/units/meson.build @@ -520,6 +520,15 @@ units = [ 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], }, { + 'file' : 'systemd-pcrlock@.service.in', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], + }, + { + 'file' : 'systemd-pcrlock.socket', + 'conditions' : ['ENABLE_BOOTLOADER', 'HAVE_OPENSSL', 'HAVE_TPM2'], + 'symlinks' : ['sockets.target.wants/'], + }, + { 'file' : 'systemd-portabled.service.in', 'conditions' : ['ENABLE_PORTABLED'], 'symlinks' : ['dbus-org.freedesktop.portable1.service'], diff --git a/units/systemd-pcrlock.socket b/units/systemd-pcrlock.socket new file mode 100644 index 0000000000..21431478b8 --- /dev/null +++ b/units/systemd-pcrlock.socket @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Make TPM2 PCR Policy (Varlink) +Documentation=man:systemd-pcrlock(8) +DefaultDependencies=no +After=tpm2.target +Before=sockets.target +ConditionSecurity=measured-uki + +[Socket] +ListenStream=/run/systemd/io.systemd.PCRLock +FileDescriptorName=varlink +SocketMode=0600 +Accept=yes + +[Install] +WantedBy=sockets.target diff --git a/units/systemd-pcrlock@.service.in b/units/systemd-pcrlock@.service.in new file mode 100644 index 0000000000..50a0a3de8e --- /dev/null +++ b/units/systemd-pcrlock@.service.in @@ -0,0 +1,21 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Make TPM2 PCR Policy (Varlink) +Documentation=man:systemd-pcrlock(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-tpm2-setup.service +Before=sysinit.target shutdown.target +After=systemd-remount-fs.service var.mount + +[Service] +Environment=LISTEN_FDNAMES=varlink +ExecStart={{LIBEXECDIR}}/systemd-pcrlock --location=770 |