tpm2-setup-early: order against pcrphase-initrd

Right now systemd-tpm2-setup-early and systemd-pcrphase-initrd.service are not ordered against each other. However, they require the same slow resource to operate: the TPM2. If we allow them to access the device simultaneously, the kernel resource manager like has to save/restore TPM state while they operate, slowing things down further. hence, let's avoid all this mess, and just order them against each other so that the shared resource is first used in full by one and then by the other. I opted to order systemd-pcrphase-initrd before systemd-tpm2-setup-early, since there's value in having the former as early as possible in userspace, to be a good marker for the transition from kernel to first userspace. I can see no benefit in the opposite order however.
2024-10-02 22:37:25 +00:00 · 2024-04-22 14:47:58 +02:00 · 2024-04-22 14:47:58 +02:00 · a6e9c37f5e
parent f64222b748
commit a6e9c37f5e
1 changed files with 1 additions and 1 deletions
--- a/units/systemd-tpm2-setup-early.service.in
+++ b/units/systemd-tpm2-setup-early.service.in
@ -12,10 +12,10 @@ Description=Early TPM SRK Setup
 Documentation=man:systemd-tpm2-setup.service(8)
 DefaultDependencies=no
 Conflicts=shutdown.target
+After=tpm2.target systemd-pcrphase-initrd.service
 Before=sysinit.target shutdown.target
 ConditionSecurity=measured-uki
 ConditionPathExists=!/run/systemd/tpm2-srk-public-key.pem
-After=tpm2.target

 [Service]
 Type=oneshot