Hi,
I have services which depend on a specific device node. How can I run
some recovery actions when the default 90s timeout for finding this
device is hit?
OnFailure= doesn't work as the service is not even started.
Specifically the case is about supporting TPM2 encrypted rootfs but falling
bac
Hi,
Following up to my previous question which worked around with
Wants: and After: to dev-tpmrm0.device and tee-supplicant@teepriv0.service,
which don't seem to work fully.
In short, I want to support devices with and without TPM. The TPM device
can also be a firmware fTPM device which depends o
Hi,
On Fri, Feb 16, 2024 at 11:28:31AM +0200, Mikko Rapeli wrote:
> Hi,
>
> Following up to my previous question which worked around with
> Wants: and After: to dev-tpmrm0.device and tee-supplicant@teepriv0.service,
> which don't seem to work fully.
>
> In short, I wa
Hi,
On Mon, Feb 19, 2024 at 11:18:13AM +0100, Lennart Poettering wrote:
> On Di, 16.01.24 16:06, Mikko Rapeli (mikko.rap...@linaro.org) wrote:
>
> > Hi,
> >
> > I have services which depend on a specific device node. How can I run
> > some recovery actions wh
Hi,
On Mon, Feb 19, 2024 at 11:47:52AM +0100, Lennart Poettering wrote:
> On Fr, 16.02.24 11:28, Mikko Rapeli (mikko.rap...@linaro.org) wrote:
>
> > Support for fTPM devices is problematic. First, the kernel support must be
> > modules
> > but loading needs to be
Hi,
On Mon, Feb 19, 2024 at 11:53:14AM +0100, Lennart Poettering wrote:
> On Mo, 19.02.24 10:36, Mikko Rapeli (mikko.rap...@linaro.org) wrote:
>
> > > After=dev-tpmrm0.device tee-supplicant@teepriv0.service
> > > Wants=dev-tpmrm0.device tee-supplicant@teepriv0.service
>
Hi,
On Mon, Feb 19, 2024 at 01:54:02PM +0300, Andrei Borzenkov wrote:
> On Mon, Feb 19, 2024 at 11:37 AM Mikko Rapeli wrote:
> >
> > Hi,
> >
> > On Fri, Feb 16, 2024 at 11:28:31AM +0200, Mikko Rapeli wrote:
> > > Hi,
> > >
> > > Followi
Hi,
On Tue, Feb 20, 2024 at 02:35:27PM +0100, Lennart Poettering wrote:
> On Di, 20.02.24 10:24, Mikko Rapeli (mikko.rap...@linaro.org) wrote:
>
> > Thanks, I will check this. It sounds like optee needs a similar dependency
> > generator.
> >
> > I wonder how many k
Hi,
On Mon, Feb 19, 2024 at 11:53:14AM +0100, Lennart Poettering wrote:
> For your usecase the new tpm2.target available in git main is what you
> really should focus on: all TPM using services should order themselves
> after that. All stuff needed to make a TPM device appear should be
> placed be
On Tue, Apr 09, 2024 at 11:37:39AM +0300, Mikko Rapeli wrote:
> Hi,
>
> On Mon, Feb 19, 2024 at 11:53:14AM +0100, Lennart Poettering wrote:
> > For your usecase the new tpm2.target available in git main is what you
> > really should focus on: all TPM using services sh
Hi,
On Fri, Apr 12, 2024 at 05:03:18PM +0300, Aleksandar Kostadinov wrote:
> Shouldn't the kernel automatically load the necessary modues when
> devices are detected... given proper udev rules and module
> availability in the initrd filesystem? I guess it depends on how you
> build your initrd sys
Hi,
On Mon, Apr 15, 2024 at 04:02:46PM +0200, Lennart Poettering wrote:
> On Mo, 15.04.24 10:38, Mikko Rapeli (mikko.rap...@linaro.org) wrote:
>
> > Hi,
> >
> > On Fri, Apr 12, 2024 at 05:03:18PM +0300, Aleksandar Kostadinov wrote:
> > > Shouldn't the k
On Mon, Apr 15, 2024 at 05:45:49PM +0200, Lennart Poettering wrote:
> On Mo, 15.04.24 17:41, Lennart Poettering (lenn...@poettering.net) wrote:
>
> > > or the services needed for systemd-repart config with Encrypt=tpm2
> >
> > Ah, repart is interesting. We are missing the tpm2.target dependency
>
Hi,
On Mon, Apr 15, 2024 at 05:41:00PM +0200, Lennart Poettering wrote:
> Would be good to have that with systemd.log_target=debug, to see if
> tpm2.target even gets enqueued.
Here is the verbose log:
https://people.linaro.org/~mikko.rapeli/systemd_255_tpm2_target_qemu_swtpm_boot_encryption_fail
Hi,
On Tue, Apr 16, 2024 at 04:03:25PM +0200, Lennart Poettering wrote:
> On Di, 16.04.24 15:02, Mikko Rapeli (mikko.rap...@linaro.org) wrote:
>
> > Hi,
> >
> > On Mon, Apr 15, 2024 at 05:41:00PM +0200, Lennart Poettering wrote:
> > > Would be good to have that
Hi,
On Tue, Apr 16, 2024 at 04:03:25PM +0200, Lennart Poettering wrote:
> On Di, 16.04.24 15:02, Mikko Rapeli (mikko.rap...@linaro.org) wrote:
>
> > Hi,
> >
> > On Mon, Apr 15, 2024 at 05:41:00PM +0200, Lennart Poettering wrote:
> > > Would be good to have that
Hi,
I'm running in circles and failing to start optee userspace daemon
tee-supplicant
correctly with systemd in initrd.
In certain firmware/HW configurations with optee and firmware TPM trusted
application,
the setup needs tee-supplicant to start in initrd userspace before the fTPM
kernel
modu
Hi,
On Thu, May 23, 2024 at 06:00:07PM +0200, Lennart Poettering wrote:
> On Do, 23.05.24 10:54, Mikko Rapeli (mikko.rap...@linaro.org) wrote:
>
> > Hi,
> >
> > I'm running in circles and failing to start optee userspace daemon
> > tee-supplicant
> > cor
Hi,
On Fri, May 24, 2024 at 10:12:52AM +0200, Lennart Poettering wrote:
> On Fr, 24.05.24 10:10, Mikko Rapeli (mikko.rap...@linaro.org) wrote:
>
> > > > EnvironmentFile=-@sysconfdir@/default/tee-supplicant
> > > > ExecStart=@sbindir@/tee-supplicant $OP
Hi,
On Fri, May 24, 2024 at 10:20:22AM +0200, Lennart Poettering wrote:
> On Fr, 24.05.24 10:12, Lennart Poettering (lenn...@poettering.net) wrote:
>
> > And that's really all.
> >
> > To summarize, a unit file like this:
> >
> > [Unit]
> > Description=TEE Supplicant on %i
> > Documen
Hi,
The initrd side startup and shutdown of tee-supplicant works now correctly
with:
[Unit]
Description=TEE Supplicant on %i
DefaultDependencies=no
After=dev-%i.device
Wants=dev-%i.device
Conflicts=shutdown.target
Before=systemd-pcrextend.socket systemd-pcrextend@.service
systemd-pcrfs-root.serv
Hi,
On Thu, Jun 06, 2024 at 06:43:11PM +0200, Lennart Poettering wrote:
> On Do, 06.06.24 18:05, Mikko Rapeli (mikko.rap...@linaro.org) wrote:
>
> > Hi,
> >
> > The initrd side startup and shutdown of tee-supplicant works now correctly
> > with:
> >
> >
Hi,
On Fri, Jun 07, 2024 at 09:12:12AM +0200, Lennart Poettering wrote:
> On Fr, 07.06.24 14:09, Mikko Rapeli (mikko.rap...@linaro.org) wrote:
>
> > > How is this supposed to work anyway? is the supplicant supposed to
> > > exit before initd transition, and b
Hi,
I've got a systemd repart config for rootfs with TPM encryption:
[Partition]
Type=root
Weight=100
Format=ext4
Encrypt=tpm2
FactoryReset=yes
MakeDirectories=/boot /usr /home /home/root
# copying etc from build time /usr image
CopyFiles=/usr/etc:/etc
/usr partition is a dm-verity one. But for
Hi,
After update from systemd 254 to 256 (and even 256.4) I had some failures
related to TPM related services depending on ConditionSecurity=measured-uki.
I have basic ukify.py and sbsign signatures working in yocto cross compile
environment but I have doubts that systemd-measure will work there.
Hi,
On Fri, Aug 23, 2024 at 04:28:24PM +0700, Renjaya Raga Zenta wrote:
> Hi,
>
> I want to duplicate partition 1 and partition 2 using systemd-repart.
> This is for SBC, I use mkosi to create the OS image.
>
> By default, it needs 2 partitions
>
> 1. Boot partition: FAT32 used by 1st stage boo
Hi,
On Tue, Oct 08, 2024 at 09:22:05AM +0200, Lennart Poettering wrote:
> On Mo, 07.10.24 13:54, Mah, Yock Gen (yock.gen@intel.com) wrote:
>
> > My Mariner OS is built with following features:
> >
> > 1, Unified Kernel Image (kernel+initrd+cmdline)
> > 2. Systemd-boot as boot loader
> > 3. Se
Hi,
I'm trying to create a simple systemd based initrd with yocto
tooling. Main rootfs runs systemd too. The initrd should only
measure boot to TPM device and then detect rootfs from
mass storage on a number of boards. No graphics or other use cases
are needed at the moment. The initrd is created
Hi,
We're cross compiling and booting into u-boot based UEFI secure boot firmware
which should load a UKI with kernel and initramfs to find the real rootfs.
This has been working for months now with systemd 256 but is now broken with
257.1.
UKI is generated in the cross compile environment with:
ivers has already booted
and initialized. Why would these trigger udev side events and why is udev
in userspace so slow to handle them?
I can try to move these driver from built-in to modules but I still find it odd
that udev is slow at handling them in userspace.
If it helps, I could reduce the
Hi,
On Tue, Feb 18, 2025 at 12:50:51PM -0600, Jeremy Linton wrote:
> Hi,
>
> On 2/12/25 5:10 AM, Mikko Rapeli wrote:
> > Hi,
> >
> > I'm trying to create a simple systemd based initrd with yocto
> > tooling. Main rootfs runs systemd too. The initrd should o
Hi,
On Mon, Mar 10, 2025 at 11:16:25AM -0400, Adrian Vovk wrote:
> Hello,
>
> Just to see if I understand your concern correctly, I'll try boiling it
> down to its simplest, by cutting out the need for two partitions. Here's
> the scenario:
>
> - An attacker replaces the real rootfs with a malic
Hi,
I'm able to shave 7 seconds from initrd udev work by changing
systemd-udev-trigger.service udevadm trigger argument from
--type=all to --type=devices which is the default also
without --type argument. Now initrd boottime on qemu drops
from 30 seconds to 23 seconds. In my case this could be ok
Hi,
On Tue, Jun 17, 2025 at 11:32:37AM +0200, Claudius Heine wrote:
> On Tue Jun 17, 2025 at 10:54 AM CEST, Lennart Poettering wrote:
> > On Di, 17.06.25 10:33, Claudius Heine (c...@denx.de) wrote:
> >> > systemd-repart seems to be what you are looking for. It can
> >> > create partitions at boot
Hi,
On Tue, Jun 17, 2025 at 01:37:19PM +0200, Claudius Heine wrote:
> On Tue Jun 17, 2025 at 11:56 AM CEST, Mikko Rapeli wrote:
> > On Tue, Jun 17, 2025 at 11:32:37AM +0200, Claudius Heine wrote:
> >> On Tue Jun 17, 2025 at 10:54 AM CEST, Lennart Poettering wrote:
> >&
35 matches
Mail list logo
