Skip to content
This repository has been archived by the owner on May 30, 2023. It is now read-only.

app-crypt/trousers: Skip tscd.service for TPM2 devices (using ConditionSecurity) #1365

Merged
merged 1 commit into from Oct 22, 2021
Merged

app-crypt/trousers: Skip tscd.service for TPM2 devices (using ConditionSecurity) #1365

merged 1 commit into from Oct 22, 2021

Conversation

sayanchowdhury
Copy link
Contributor

@sayanchowdhury sayanchowdhury commented Oct 21, 2021
edited

trousers supports TPM 1.2, and fails for TPM 2. This commits
skips the tcsd service if TPM 2 is detected.

Uses ConditionSecurity introduced in systemd v248

Fixes flatcar/Flatcar#208

Signed-off-by: Sayan Chowdhury schowdhury@microsoft.com

To be merged as a follow up PR to #1364

Testing done

CI Running: http://jenkins.infra.kinvolk.io:8080/job/os/job/manifest/3914/cldsv/

@sayanchowdhury
app-crypt/trousers: Skip tscd.service for TPM2 devices
683334e 
trousers supports TPM 1.2, and fails for TPM 2. This commits
skips the tcsd service if TPM 2 is detected.

Uses ConditionSecurity introduced in systemd v248

Fixes flatcar/Flatcar#208

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
@sayanchowdhury sayanchowdhury changed the title app-crypt/trousers: Skip tscd.service for TPM2 devices app-crypt/trousers: Skip tscd.service for TPM2 devices (using ConditionSecurity) Oct 21, 2021
@sayanchowdhury
Copy link
Contributor Author

works as expected:

  • with tpm2
core@localhost ~ $ sudo systemctl status tcsd
○ tcsd.service - TCG Core Services Daemon
     Loaded: loaded (8;;file://localhost/usr/lib/systemd/system/tcsd.service^G/>
     Active: inactive (dead)
  Condition: start condition failed at Fri 2021-10-22 07:26:03 UTC; 17s ago
             └─ ConditionSecurity=!tpm2 was not met
  • with tpm 1.2
● tcsd.service - TCG Core Services Daemon
     Loaded: loaded (8;;file://localhost/usr/lib/systemd/system/tcsd.service^G/>
     Active: active (running) since Fri 2021-10-22 07:27:33 UTC; 41s ago
   Main PID: 798 (tcsd)
      Tasks: 1 (limit: 7456)
     Memory: 764.0K
        CPU: 10ms
     CGroup: /system.slice/tcsd.service
             └─798 /usr/sbin/tcsd -f

@sayanchowdhury sayanchowdhury requested a review from a team October 22, 2021 07:33
@sayanchowdhury sayanchowdhury moved this from In Progress to Ready to Review in Flatcar Container Linux Releases Planning Oct 22, 2021
@sayanchowdhury sayanchowdhury marked this pull request as ready for review October 22, 2021 07:33
@sayanchowdhury
Copy link
Contributor Author

CI Passed

tormath1
tormath1 approved these changes Oct 22, 2021
View reviewed changes
Copy link
Contributor

@tormath1 tormath1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM :)

@sayanchowdhury sayanchowdhury merged commit 80cfc74 into main Oct 22, 2021
@sayanchowdhury sayanchowdhury deleted the sayan/skip-tcsd-for-tpm2-v249 branch October 22, 2021 10:56
sayanchowdhury added a commit that referenced this pull request Oct 22, 2021
@sayanchowdhury
Merge pull request #1365 from flatcar-linux/coreos-overlay
6f99039 
app-crypt/trousers: Skip tscd.service for TPM2 devices (using ConditionSecurity)
@dongsupark dongsupark moved this from Ready to Review to Ready to Release - 2021-10-25 in Flatcar Container Linux Releases Planning Oct 25, 2021
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@tormath1 tormath1 tormath1 approved these changes

Assignees
No one assigned
Labels
alpha main
Projects
None yet
Milestone
No milestone
2 participants
@sayanchowdhury @tormath1