On Fr, 09.08.24 14:49, Mikko Rapeli (mikko.rapeli@xxxxxxxxxx) wrote: > Hi, > > After update from systemd 254 to 256 (and even 256.4) I had some failures > related to TPM related services depending on ConditionSecurity=measured-uki. > > I have basic ukify.py and sbsign signatures working in yocto cross compile > environment but I have doubts that systemd-measure will work there. > It looks like systemd-measure in src/boot/measure.c open TPM devices files > to calculate the PCR values and this doesn't work in cross compile environment. > Thus it looks systemd-measure and ukify.py --measure will not work in > yocto, at least without qemu and swtpm hacks. Am I right on this? It should work fine in "offline" mode. It only talks to a TPM if you invoke it with the "status" verb. But you wouldn't do that for signing. Lennart -- Lennart Poettering, Berlin
Re: systemd-measure in cross compile environment, and measured-uki vs tpm2 in ConditionSecurity?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Re: systemd-measure in cross compile environment, and measured-uki vs tpm2 in ConditionSecurity?
- From: Lennart Poettering <mzxreary@xxxxxxxxxxx>
- Date: Thu, 22 Aug 2024 14:21:36 +0200
- Cc: systemd-devel@xxxxxxxxxxxxxxxxxxxxx
- In-reply-to: <ZrYCZCK3IgMPX0XY@nuoska>
- References: <ZrYCZCK3IgMPX0XY@nuoska>
- References:
- Prev by Date: Re: CREDENTIALS_DIRECTORY vs %d
- Next by Date: Re: CREDENTIALS_DIRECTORY vs %d
- Previous by thread: systemd-measure in cross compile environment, and measured-uki vs tpm2 in ConditionSecurity?
- Next by thread: journal: question regarding retention options by priority/identifier/unit
- Index(es):
 |