diff options
| author | Lennart Poettering <lennart@poettering.net> | 2022-10-16 23:25:04 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2023-01-17 09:42:16 +0100 |
| commit | 04959faa632272a8fc9cdac3121b2e4af721c1b6 (patch) | |
| tree | 71b689e13950e8464c66653d67970aa178567db1 /units | |
| parent | 50072ccf1bfee8a53563a083a3a52b26f0d5678f (diff) | |
| download | systemd-04959faa632272a8fc9cdac3121b2e4af721c1b6.tar.gz | |
generators: optionally, measure file systems at boot
If we use gpt-auto-generator, automatically measure root fs and /var.
Otherwise, add x-systemd.measure option to request this.
Diffstat (limited to 'units')
| -rw-r--r-- | units/meson.build | 2 | ||||
| -rw-r--r-- | units/systemd-pcrfs-root.service.in | 24 | ||||
| -rw-r--r-- | units/systemd-pcrfs@.service.in | 25 |
3 files changed, 51 insertions, 0 deletions
diff --git a/units/meson.build b/units/meson.build index 62ce438a3f..d59796b62b 100644 --- a/units/meson.build +++ b/units/meson.build @@ -267,6 +267,8 @@ in_units = [ 'sysinit.target.wants/'], ['systemd-pcrmachine.service', 'HAVE_GNU_EFI HAVE_OPENSSL HAVE_TPM2', 'sysinit.target.wants/'], + ['systemd-pcrfs-root.service', ''], + ['systemd-pcrfs@.service', ''], ['systemd-growfs-root.service', ''], ['systemd-growfs@.service', ''], ] diff --git a/units/systemd-pcrfs-root.service.in b/units/systemd-pcrfs-root.service.in new file mode 100644 index 0000000000..b0da413bb4 --- /dev/null +++ b/units/systemd-pcrfs-root.service.in @@ -0,0 +1,24 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=TPM2 PCR Root File System Measurement +Documentation=man:systemd-pcrfs-root.service(8) +DefaultDependencies=no +Conflicts=shutdown.target +After=systemd-pcrmachine.service +Before=shutdown.target +AssertPathExists=!/etc/initrd-release +ConditionSecurity=tpm2 +ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-pcrphase --file-system=/ diff --git a/units/systemd-pcrfs@.service.in b/units/systemd-pcrfs@.service.in new file mode 100644 index 0000000000..ec1ff118c3 --- /dev/null +++ b/units/systemd-pcrfs@.service.in @@ -0,0 +1,25 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=TPM2 PCR File System Measurement of %f +Documentation=man:systemd-pcrfs@.service(8) +DefaultDependencies=no +BindsTo=%i.mount +Conflicts=shutdown.target +After=%i.mount systemd-pcrfs-root.service +Before=shutdown.target +AssertPathExists=!/etc/initrd-release +ConditionSecurity=tpm2 +ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f + +[Service] +Type=oneshot +RemainAfterExit=yes +ExecStart={{ROOTLIBEXECDIR}}/systemd-pcrphase --file-system=%f |