diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2024-05-17 16:20:11 +0200 |
|---|---|---|
| committer | Yu Watanabe <watanabe.yu+github@gmail.com> | 2024-06-12 11:31:21 +0200 |
| commit | d6518003f8ebbfb6f85dbf227736ae05b0961199 (patch) | |
| tree | 040a876d50056be1d18acd434d5dd4522348dc82 /units | |
| parent | Merge pull request #32847 from YHNdnzj/exitrd (diff) | |
| download | systemd-d6518003f8ebbfb6f85dbf227736ae05b0961199.tar.xz systemd-d6518003f8ebbfb6f85dbf227736ae05b0961199.zip | |
tpm2-setup: Don't fail if we can't access the TPM due to authorization failure
The TPM might be password/pin protected for various reasons even if
there is no SRK yet. Let's handle those cases gracefully instead of
failing the unit as it is enabled by default.
Diffstat (limited to 'units')
| -rw-r--r-- | units/systemd-tpm2-setup-early.service.in | 3 | ||||
| -rw-r--r-- | units/systemd-tpm2-setup.service.in | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/units/systemd-tpm2-setup-early.service.in b/units/systemd-tpm2-setup-early.service.in index 9982c84aba..7fdb99b53f 100644 --- a/units/systemd-tpm2-setup-early.service.in +++ b/units/systemd-tpm2-setup-early.service.in @@ -21,3 +21,6 @@ ConditionPathExists=!/run/systemd/tpm2-srk-public-key.pem Type=oneshot RemainAfterExit=yes ExecStart={{LIBEXECDIR}}/systemd-tpm2-setup --early=yes --graceful + +# The tool returns 76 if the TPM cannot be accessed due to an authorization failure and we can't generate an SRK. +SuccessExitStatus=76 diff --git a/units/systemd-tpm2-setup.service.in b/units/systemd-tpm2-setup.service.in index 0af7292528..ac29a76966 100644 --- a/units/systemd-tpm2-setup.service.in +++ b/units/systemd-tpm2-setup.service.in @@ -22,3 +22,6 @@ ConditionPathExists=!/etc/initrd-release Type=oneshot RemainAfterExit=yes ExecStart={{LIBEXECDIR}}/systemd-tpm2-setup --graceful + +# The tool returns 76 if the TPM cannot be accessed due to an authorization failure and we can't generate an SRK. +SuccessExitStatus=76 |