On 17.08.2022 16:23, Michael Cassaniti wrote: > Hi, > > I'm trying to order my units and targets during early boot so that: > 1. A symlink to the specific FIDO2 token I'm using gets created. I > already have a udev rule in place for this and it successfully creates > the symlink under /dev. Because I have two tokens I need to specify > which one to use. > 2. The unit for systemd-cryptsetup@root.service has to wait for this > unit. The unit gets generated from systemd-cryptsetup-generator so I > can't just add Requires= stanzas to the unit. I do have a /etc/crypttab > file. > > I have the following shell code generating everything a the right time > within dracut, but this hasn't solved my problem. > > cat > /etc/systemd/system/dev-yubico\x2dfido2.device << EOF I wonder if this is even valid to have device unit file and whether systemd will merge it with auto-generated device. In any case, more traditional approach is drop-in. > [Unit] > Description=Device for Yubico FIDO2 token > DefaultDependencies=no > RequiredBy=cryptsetup-pre.target > RequiredBy is only valid in [Install] section. Where in documentation is your usage described? > [Install] > WantedBy=cryptsetup-pre.target > > EOF > > systemctl enable dev-yubico\x2dfido2.device > systemctl add-wants cryptsetup.target cryptsetup-pre.target > This is very round-about way for simply creating necessary links in /run/systemd/system/cryptsetup-pre.target and running "systemctl daemon-reload". Even better would be to create these links in generator to avoid daemon-reload. > > Any help here is appreciated. The issue is that the FIDO2 token shows up > on the USB bus after the disk is detected and the unit > systemd-cryptsetup@root.service starts. Is device /dev/yubico-fido2 actually present and visible to systemd? In this case just drop necessary symlinks into /etc. > I don't have a TPM2 chip so that > rules out using a TPM instead. > > Thanks in advance, > Michael Cassaniti, Australia >
Re: Ordering units and targets with devices
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: Ordering units and targets with devices
- From: Andrei Borzenkov <arvidjaar@xxxxxxxxx>
- Date: Thu, 25 Aug 2022 09:37:19 +0300
- In-reply-to: <01000182abf8f157-0994149b-150a-45d3-8ad7-75eab0624f4c-000000@email.amazonses.com>
- References: <01000182abf8f157-0994149b-150a-45d3-8ad7-75eab0624f4c-000000@email.amazonses.com>
- User-agent: Mozilla/5.0 (X11; Linux x86_64; rv:91.0) Gecko/20100101 Thunderbird/91.11.0
- References:
- Ordering units and targets with devices
- From: Michael Cassaniti
- Ordering units and targets with devices
- Prev by Date: Ordering units and targets with devices
- Next by Date: Re: socket activation selinux context on create
- Previous by thread: Ordering units and targets with devices
- Next by thread: Re: Ordering units and targets with devices
- Index(es):
 |