diff options
| author | Aidan Dang <dang@aidan.gg> | 2023-02-22 00:02:31 +1100 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2023-02-21 21:07:02 +0100 |
| commit | d59025698f6261aa65ac074a3b46e8babed0d05d (patch) | |
| tree | 456c4c8c90eda42278d3c1b4e1e337d7ef833a1f /src | |
| parent | 024951fb2263935cc8d7b3932915c8dee927a14f (diff) | |
| download | systemd-d59025698f6261aa65ac074a3b46e8babed0d05d.tar.gz | |
Enable TPM by default with SetCredentialEncrypted
Diffstat (limited to 'src')
| -rw-r--r-- | src/core/unit.c | 21 |
1 files changed, 14 insertions, 7 deletions
diff --git a/src/core/unit.c b/src/core/unit.c index be7b19877f..8cd1e0370d 100644 --- a/src/core/unit.c +++ b/src/core/unit.c @@ -4213,14 +4213,21 @@ int unit_patch_contexts(Unit *u) { } /* If there are encrypted credentials we might need to access the TPM. */ - ExecLoadCredential *cred; - HASHMAP_FOREACH(cred, ec->load_credentials) - if (cred->encrypted) { - r = cgroup_add_device_allow(cc, "/dev/tpmrm0", "rw"); - if (r < 0) - return r; + bool allow_tpm = false; + ExecLoadCredential *load_cred; + ExecSetCredential *set_cred; + HASHMAP_FOREACH(load_cred, ec->load_credentials) + if ((allow_tpm |= load_cred->encrypted)) break; - } + HASHMAP_FOREACH(set_cred, ec->set_credentials) + if ((allow_tpm |= set_cred->encrypted)) + break; + + if (allow_tpm) { + r = cgroup_add_device_allow(cc, "/dev/tpmrm0", "rw"); + if (r < 0) + return r; + } } } |