mirror of
https://github.com/systemd/systemd
synced 2024-07-05 17:39:42 +00:00
a6e9c37f5e
Right now systemd-tpm2-setup-early and systemd-pcrphase-initrd.service are not ordered against each other. However, they require the same slow resource to operate: the TPM2. If we allow them to access the device simultaneously, the kernel resource manager like has to save/restore TPM state while they operate, slowing things down further. hence, let's avoid all this mess, and just order them against each other so that the shared resource is first used in full by one and then by the other. I opted to order systemd-pcrphase-initrd before systemd-tpm2-setup-early, since there's value in having the former as early as possible in userspace, to be a good marker for the transition from kernel to first userspace. I can see no benefit in the opposite order however.
24 lines
764 B
SYSTEMD
24 lines
764 B
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Early TPM SRK Setup
|
|
Documentation=man:systemd-tpm2-setup.service(8)
|
|
DefaultDependencies=no
|
|
Conflicts=shutdown.target
|
|
After=tpm2.target systemd-pcrphase-initrd.service
|
|
Before=sysinit.target shutdown.target
|
|
ConditionSecurity=measured-uki
|
|
ConditionPathExists=!/run/systemd/tpm2-srk-public-key.pem
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart={{LIBEXECDIR}}/systemd-tpm2-setup --early=yes --graceful
|