Skip to content
This repository was archived by the owner on May 30, 2023. It is now read-only.

app-crypt/trousers: Skip tscd.service for TPM2 devices (using ConditionSecurity)#1365

Merged
sayanchowdhury merged 1 commit intomainfrom
sayan/skip-tcsd-for-tpm2-v249
Oct 22, 2021
Merged

app-crypt/trousers: Skip tscd.service for TPM2 devices (using ConditionSecurity)#1365
sayanchowdhury merged 1 commit intomainfrom
sayan/skip-tcsd-for-tpm2-v249

Conversation

@sayanchowdhury
Copy link
Copy Markdown
Contributor

@sayanchowdhury sayanchowdhury commented Oct 21, 2021
edited
Loading

trousers supports TPM 1.2, and fails for TPM 2. This commits
skips the tcsd service if TPM 2 is detected.

Uses ConditionSecurity introduced in systemd v248

Fixes flatcar/Flatcar#208

Signed-off-by: Sayan Chowdhury schowdhury@microsoft.com

To be merged as a follow up PR to #1364

Testing done

CI Running: http://jenkins.infra.kinvolk.io:8080/job/os/job/manifest/3914/cldsv/

@sayanchowdhury
app-crypt/trousers: Skip tscd.service for TPM2 devices
683334e 
trousers supports TPM 1.2, and fails for TPM 2. This commits
skips the tcsd service if TPM 2 is detected.

Uses ConditionSecurity introduced in systemd v248

Fixes flatcar/Flatcar#208

Signed-off-by: Sayan Chowdhury <schowdhury@microsoft.com>
@sayanchowdhury sayanchowdhury changed the title app-crypt/trousers: Skip tscd.service for TPM2 devices app-crypt/trousers: Skip tscd.service for TPM2 devices (using ConditionSecurity) Oct 21, 2021
@sayanchowdhury
Copy link
Copy Markdown
Contributor Author

sayanchowdhury commented Oct 22, 2021

works as expected:

  • with tpm2
core@localhost ~ $ sudo systemctl status tcsd
○ tcsd.service - TCG Core Services Daemon
     Loaded: loaded (8;;file://localhost/usr/lib/systemd/system/tcsd.service^G/>
     Active: inactive (dead)
  Condition: start condition failed at Fri 2021-10-22 07:26:03 UTC; 17s ago
             └─ ConditionSecurity=!tpm2 was not met
  • with tpm 1.2
● tcsd.service - TCG Core Services Daemon
     Loaded: loaded (8;;file://localhost/usr/lib/systemd/system/tcsd.service^G/>
     Active: active (running) since Fri 2021-10-22 07:27:33 UTC; 41s ago
   Main PID: 798 (tcsd)
      Tasks: 1 (limit: 7456)
     Memory: 764.0K
        CPU: 10ms
     CGroup: /system.slice/tcsd.service
             └─798 /usr/sbin/tcsd -f

@sayanchowdhury sayanchowdhury requested a review from a team October 22, 2021 07:33
@sayanchowdhury sayanchowdhury marked this pull request as ready for review October 22, 2021 07:33
@sayanchowdhury
Copy link
Copy Markdown
Contributor Author

sayanchowdhury commented Oct 22, 2021

CI Passed

tormath1
tormath1 approved these changes Oct 22, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@tormath1 tormath1 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM :)

@sayanchowdhury sayanchowdhury merged commit 80cfc74 into main Oct 22, 2021
@sayanchowdhury sayanchowdhury deleted the sayan/skip-tcsd-for-tpm2-v249 branch October 22, 2021 10:56
sayanchowdhury added a commit that referenced this pull request Oct 22, 2021
@sayanchowdhury
Merge pull request #1365 from flatcar-linux/coreos-overlay
6f99039 
app-crypt/trousers: Skip tscd.service for TPM2 devices (using ConditionSecurity)
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.

Reviewers

1 more reviewer

@tormath1 tormath1 tormath1 approved these changes

Reviewers whose approvals may not affect merge requirements

Assignees

No one assigned

Labels

alpha main

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

tcsd.service starts up on a TPM 2.0 machine

3 participants

@sayanchowdhury @tormath1 @dongsupark