-
Notifications
You must be signed in to change notification settings - Fork 393
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
systemd-pcrphase-initrd.service
fails ConditionSecurity=tpm2
because tpm
module is not loaded yet
#2066
Comments
systemd-pcrphase-initrd.service
fails ConditionSecurity=tpm2
because tpm
module is not loaded yet
We needs something to work with here ( logs ) in anycase are you sure the condition is failing? If so it indicates that the firmware does not report a TPM device and or the TPM subsystem is not enabled in the kernel which should result in the error msg "Failed to determine whether system has TPM2 support" you can simply disable the condition check to see if that's the case here. |
Hey, I am sure, but I was reading source code of I'm in the process of testing if this is indeed the case. On a side note about logs, I do get the following
but once I enabled debug logging, I felt I was missing some lines. Is it possible that some log lines are lost before the journal is started? I was under the impression that this shouldn't happen--thanks. |
Okay, Arch packages systemd-stable 252.1, which contains the mentioned commit as a backport. Hence, the actual check which is being performed on my system is
I believe the Solutions that come to mind:
I don't know which one is best Regarding the logging side quest: once I enable debug logging, I no longer see the |
|
Just |
My machine needed |
I've also modified systemd to load the tpm module early so that |
As requested by Christian, for systemd. These should match the built-in TPM drivers of the Fedora kernel. See: dracutdevs/dracut#2066 (comment) git-svn-id: file:///srv/repos/svn-packages/svn@462603 eb2447ed-0c53-47e4-bac8-5bc4a241df78
As requested by Christian, for systemd. These should match the built-in TPM drivers of the Fedora kernel. See: dracutdevs/dracut#2066 (comment) git-svn-id: file:///srv/repos/svn-packages/svn@462603 eb2447ed-0c53-47e4-bac8-5bc4a241df78
@DaanDeMeyer did you make pr/file issues with your changes in upstream systemd ? |
It's in |
@sammko is it safe to assume that all underlying issues have been resolved now and this issue can be closed? |
The particular case on Arch is fixed, since the modules are now built in the kernel. The issue with the Condition is fixed in general as well by the patch in systemd. I think the only case that remains is if the modules are not built in and pcrphase runs before the concrete tpm driver is loaded (CONFIG_TCG_CRB in my case) and crashes. Maybe this is not relevant to dracut, however. |
As requested by Christian, for systemd. These should match the built-in TPM drivers of the Fedora kernel. See: dracutdevs/dracut#2066 (comment)
Describe the bug
The
systemd-pcrphase-initrd.service
added in #2014 failsConditionSecurity=tpm2
on my system because it is evaluated before thetpm
module is loaded. When I get a shell later in theinitrd
, the module is loaded and the condition is fine (as reported bysystemd-analyze condition
or trying to start the service).Distribution used
Arch
Dracut version
git master (62f7e06)
Init system
systemd
To Reproduce
I don't know past enabling the
systemd-pcrphase
module and trying it.Expected behavior
The
systemd-pcrphase-initrd.service
should be startedThe text was updated successfully, but these errors were encountered: