From 40f1856791cc157fb5b88af35e50fbb15e6085ba Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Sat, 17 Sep 2022 00:50:38 +0200 Subject: units: add pcrphase units --- units/meson.build | 4 ++++ units/systemd-pcrphase-initrd.service.in | 24 ++++++++++++++++++++++++ units/systemd-pcrphase.service.in | 23 +++++++++++++++++++++++ 3 files changed, 51 insertions(+) create mode 100644 units/systemd-pcrphase-initrd.service.in create mode 100644 units/systemd-pcrphase.service.in (limited to 'units') diff --git a/units/meson.build b/units/meson.build index 2010a5566f..072640e992 100644 --- a/units/meson.build +++ b/units/meson.build @@ -260,6 +260,10 @@ in_units = [ 'sysinit.target.wants/ initrd-root-fs.target.wants/'], ['user-runtime-dir@.service', ''], ['user@.service', ''], + ['systemd-pcrphase-initrd.service', 'HAVE_GNU_EFI ENABLE_INITRD', + 'initrd.target.wants/'], + ['systemd-pcrphase.service', 'HAVE_GNU_EFI', + 'sysinit.target.wants/'], ] add_wants = [] diff --git a/units/systemd-pcrphase-initrd.service.in b/units/systemd-pcrphase-initrd.service.in new file mode 100644 index 0000000000..c1ad5ef844 --- /dev/null +++ b/units/systemd-pcrphase-initrd.service.in @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=TPM2 PCR Barrier (initrd) +Documentation=man:systemd-pcrphase-initrd.service(8) +DefaultDependencies=no +Conflicts=shutdown.target initrd-switch-root.target +Before=sysinit.target cryptsetup-pre.target cryptsetup.target shutdown.target initrd-switch-root.target systemd-sysext.service +AssertPathExists=/etc/initrd-release +ConditionSecurity=tpm2 +ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-pcrphase enter-initrd +ExecStop={{ROOTLIBEXECDIR}}/systemd-pcrphase leave-initrd diff --git a/units/systemd-pcrphase.service.in b/units/systemd-pcrphase.service.in new file mode 100644 index 0000000000..1ef8ed6e6a --- /dev/null +++ b/units/systemd-pcrphase.service.in @@ -0,0 +1,23 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=TPM2 PCR Barrier (Host) +Documentation=man:systemd-pcrphase.service(8) +After=remote-fs.target remote-cryptsetup.target +Before=systemd-user-sessions.service +AssertPathExists=!/etc/initrd-release +ConditionSecurity=tpm2 +ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-pcrphase ready +ExecStop={{ROOTLIBEXECDIR}}/systemd-pcrphase shutdown -- cgit v1.2.1