[systemd-devel] systemd-measure in cross compile environment, and measured-uki vs tpm2 in ConditionSecurity?
Lennart Poettering
mzxreary at 0pointer.de
Thu Aug 22 12:21:36 UTC 2024
On Fr, 09.08.24 14:49, Mikko Rapeli (mikko.rapeli at linaro.org) wrote:
> Hi,
>
> After update from systemd 254 to 256 (and even 256.4) I had some failures
> related to TPM related services depending on ConditionSecurity=measured-uki.
>
> I have basic ukify.py and sbsign signatures working in yocto cross compile
> environment but I have doubts that systemd-measure will work there.
> It looks like systemd-measure in src/boot/measure.c open TPM devices files
> to calculate the PCR values and this doesn't work in cross compile environment.
> Thus it looks systemd-measure and ukify.py --measure will not work in
> yocto, at least without qemu and swtpm hacks. Am I right on this?
It should work fine in "offline" mode. It only talks to a TPM if you
invoke it with the "status" verb. But you wouldn't do that for signing.
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list