[systemd-devel] Issues supporting systems with and without TPM and firmware TPM (was Re: Handle device node timeout?)
Mikko Rapeli
mikko.rapeli at linaro.org
Tue Apr 16 12:02:25 UTC 2024
Hi,
On Mon, Apr 15, 2024 at 05:41:00PM +0200, Lennart Poettering wrote:
> Would be good to have that with systemd.log_target=debug, to see if
> tpm2.target even gets enqueued.
Here is the verbose log:
https://people.linaro.org/~mikko.rapeli/systemd_255_tpm2_target_qemu_swtpm_boot_encryption_failure.txt
System is qemu arm64 with UEFI / ARM System Ready compatible firmware,
secure boot and TPM2 device via swtpm.
It boots a uki binary with kernel 6.6.20 and systemd based initramfs which
creates a TPM2 backed encrypted rootfs. Kernel TPM drivers are modules and available
in the initramfs for udev to load. .wic file system image for qemu contains
empty space for the rootfs and dm-verity protected /usr partition which
is auto-detected based on kernel command line. systemd is version 255 from
stable branch commit 387a14a7b67b8b76adaed4175e14bb7e39b2f738 and following
patches applied to try to fix these TPM and module loading issues:
cryptsetup-tokens: fix argument order mismatch in function
tpm2-setup: Add --graceful
units: add a tpm2.target synchronization point and small generator that pulls in
units: order repart after systemd-tpm2-setup-early.service
Creating the new rootfs via systemd-repart.service succeeds like blkid debug
command also shows. Mounting the newly created rootfs fails at systemd-cryptsetup at root.service
step. For some reason it is trying to open the disk with password or pin, it should
be using keys etc protected with the TPM2 device. ConditionSecurity=measured-uki seems
to fail in multiple locations. tpm_tis support gets detected by udev and modules
are loaded, which is visible in the emergency shell with lsmod. tpm2.target does
run.
systemd-tpm2-setup-early.service: ConditionPathExists=!/run/systemd/tpm2-srk-public-key.pem succeeded.
but
systemd-tpm2-setup-early.service: ConditionSecurity=measured-uki failed.
AFAIK this used to be ConditionSecurity=tpm2 in systemd 254 where this step
worked for me, but with more backported patches. uki binary is not run with
--measure/systemd-measure since the uki binary is already protected with UEFI
secure boot signatures and /usr is dm-verity protected with kernel command line
inside uki binding the two. TPM2 device is only used to setup a device specific
protected and writable root partition on first boot.
So something with the tpm2 drivers-as-modules approach is still not working even
with the tpm2.target patches.
Same system with built in TPM drivers is able mount the newly created TPM backed
rootfs, and after initramfs phase, boot to the dm-verity protected /usr partition
works too.
Cheers,
-Mikko
More information about the systemd-devel
mailing list