system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-08 20:15:55 +00:00
Code Issues Projects Releases Wiki Activity

tmpfiles: copy PCR sig/pkey from initrd /.extra/ into /run/

Browse Source 
Now that sd-stub will place the PCR signature and its public key in
the initrd's /.extra/ directory, let's copy it from there into /run/
from userspace. This is done because /.extra/ is on the initrd's tmpfs
which will be emptied during the initrd → host transition. Since we want
these two files to survive we'll copy them – if they exist – into /run/
where they will survive the transition.

Thus, with this last change the files will have safely propagated from
their PE sections into files in /run/ where userspace can find them

The paths in /run/ happen to be the exact ones that
systemd-cryptenroll/systemd-cryptsetup/systemd-creds look for them.
This commit is contained in:
Lennart Poettering 2022-08-25 17:16:52 +02:00
parent 23002b45b1
commit f51b49c675
1 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
tmpfiles.d/systemd.conf.in
View File

@ -64,3 +64,9 @@ d /var/lib/systemd/coredump 0755 root root 3d
d /var/lib/private 0700 root root -
d /var/log/private 0700 root root -
d /var/cache/private 0700 root root -
{% if ENABLE_EFI %}
# Copy sd-stub provided PCR signature and and public key file from initrd into /run/, so that it will survive the initrd stage
C /run/systemd/tpm2-pcr-signature.json 0444 root root - /.extra/tpm2-pcr-signature.json
C /run/systemd/tpm2-pcr-public-key.pem 0444 root root - /.extra/tpm2-pcr-public-key.pem
{% endif %}