Skip to content
This repository has been archived by the owner on May 30, 2023. It is now read-only.

app-crypt/trousers: Skip tscd.service for TPM2 devices #1364

Merged
merged 1 commit into from
Oct 22, 2021

Conversation

sayanchowdhury
Copy link
Contributor

@sayanchowdhury sayanchowdhury commented Oct 21, 2021

trousers supports TPM 1.2, and fails for TPM 2. This commits
skips the tcsd service if TPM 2 is detected.

Fixes flatcar/Flatcar#208

Signed-off-by: Sayan Chowdhury schowdhury@microsoft.com

Testing done

CI Running http://jenkins.infra.kinvolk.io:8080/job/os/job/manifest/3911/cldsv/

@@ -4,6 +4,7 @@ ConditionPathExists=/dev/tpm0

Copy link
Contributor

@pothos pothos Oct 21, 2021

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggested change
ConditionSecurity=!tpm2

This could be used in [Unit] instead of ExecCondition under [Service], as suggested in flatcar/Flatcar#208 (comment)

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Yet, only for Alpha, and for Stable/Beta we should pick the change as it is here. Maybe the above suggestion is better for a follow-up PR only for Alpha.

trousers supports TPM 1.2, and fails for TPM 2. This commits
skips the tcsd service if TPM 2 is detected.

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
@sayanchowdhury sayanchowdhury force-pushed the sayan/skip-tcsd-for-tpm2 branch from d7b2ee1 to b521a07 Compare October 22, 2021 06:58
@sayanchowdhury
Copy link
Contributor Author

CI Passed

  • TPM 2
core@localhost ~ $ sudo systemctl status tcsd
○ tcsd.service - TCG Core Services Daemon
     Loaded: loaded (8;;file://localhost/usr/lib/systemd/system/tcsd.service^G/usr/lib/systemd/system/tcsd.service8;;^G; disabled; vendor preset: disabled)
     Active: inactive (dead) (Result: exec-condition) since Fri 2021-10-22 10:43:50 UTC; 1min 28s ago
  Condition: start condition failed at Fri 2021-10-22 10:43:49 UTC; 1min 29s ago
    Process: 915 ExecCondition=/bin/bash -c /usr/bin/test $(cat /sys/class/tpm/*/tpm_version_major | grep -m 1 1 || echo 0) -eq 1 (code=exited, status=1/FAILURE)
        CPU: 20ms

Oct 22 10:43:49 localhost systemd[1]: Starting TCG Core Services Daemon...
Oct 22 10:43:50 localhost systemd[1]: tcsd.service: Skipped due to 'exec-condition'.
Oct 22 10:43:50 localhost systemd[1]: Condition check resulted in TCG Core Services Daemon being skipped.
  • For TPM 1.2
● tcsd.service - TCG Core Services Daemon
     Loaded: loaded (8;;file://localhost/usr/lib/systemd/system/tcsd.service^G/usr/lib/systemd/system/tcsd.service8;;^G; disabled; vendor preset: disabled)
     Active: active (running) since Fri 2021-10-22 10:46:53 UTC; 13s ago
    Process: 802 ExecCondition=/bin/bash -c /usr/bin/test $(cat /sys/class/tpm/*/tpm_version_major | grep -m 1 1 || echo 0) -eq 1 (code=exited, status=0/SUCCESS)
   Main PID: 814 (tcsd)
      Tasks: 1 (limit: 7456)
     Memory: 824.0K
        CPU: 23ms
     CGroup: /system.slice/tcsd.service
             └─814 /usr/sbin/tcsd -f

Oct 22 10:46:53 localhost systemd[1]: Starting TCG Core Services Daemon...
Oct 22 10:46:53 localhost systemd[1]: Started TCG Core Services Daemon.

@sayanchowdhury sayanchowdhury merged commit a76324a into main Oct 22, 2021
@sayanchowdhury sayanchowdhury deleted the sayan/skip-tcsd-for-tpm2 branch October 22, 2021 10:51
sayanchowdhury added a commit that referenced this pull request Oct 22, 2021
app-crypt/trousers: Skip tscd.service for TPM2 devices
sayanchowdhury added a commit that referenced this pull request Oct 22, 2021
app-crypt/trousers: Skip tscd.service for TPM2 devices
sayanchowdhury added a commit that referenced this pull request Oct 22, 2021
app-crypt/trousers: Skip tscd.service for TPM2 devices
sayanchowdhury added a commit that referenced this pull request Oct 22, 2021
app-crypt/trousers: Skip tscd.service for TPM2 devices
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Projects
None yet
Development

Successfully merging this pull request may close these issues.

tcsd.service starts up on a TPM 2.0 machine
2 participants