[systemd-devel] oomd wake-up frequency

Hi! Over the past few months I've been working on improving GNOME's whole-system profiling story in the form of Sysprof¹. The primary thing I see showing up when profiling an idle system is oomd. My casual reading through the code would lead me to believe it's waking up a CPU every .15 secon

Re: [systemd-devel] systemd-cryptenroll with TPM2

On Tue, Aug 22, 2023 at 8:10 PM Lennart Poettering wrote: > On Di, 22.08.23 19:16, Aleksandar Kostadinov (akost...@redhat.com) wrote: <...> > > If attacker replaces volume with unencrypted one, and it boots without > > messing up the sealing PCRs, then probably attacker can query the TPM > > and o

Re: [systemd-devel] systemd-cryptenroll with TPM2

On Di, 22.08.23 19:16, Aleksandar Kostadinov (akost...@redhat.com) wrote: > > > I'm concerned though about an attacker replacing the encrypted root volume > > > with a non-encrypted one. Which may result in system booting an attacker > > > controlled environment while PCRs may be in a state that a

Re: [systemd-devel] systemd-cryptenroll with TPM2

On Tue, Aug 22, 2023 at 4:16 PM Lennart Poettering wrote: > > On Mo, 21.08.23 17:40, Aleksandar Kostadinov (akost...@redhat.com) wrote: > > > Hello, > > > > This is more of a user question but I didn't find any other suitable forum > > to ask. > > > > I want to install a server that should have an

[systemd-devel] Unable to login with /home marked as nofail (Issue #28890)

Hello, I have a mobile phone with /home on an encrypted sdcard. I am trying to make sure that the phone will boot into a usable state regardless of whether /home is mounted or not. Reasons that it might not be mounted include some type of sdcard failure/corruption, or the user removing the card

Re: [systemd-devel] udev remove event no longer contains ID_VENDOR_ID/ID_MODEL_ID

On Thu, Aug 17, 2023 at 11:09 AM Matt Turner wrote: > > Hello, > > I'm working on updating ChromeOS's ancient udev-225 + 24 patches to > udev-249.9. > > In the course of testing, we discovered that udev remove events no > longer contain ID_VENDOR_ID or ID_MODEL_ID. Apparently this change > happen

Re: [systemd-devel] systemd-cryptenroll with TPM2

On Mo, 21.08.23 19:56, Aleksandar Kostadinov (akost...@redhat.com) wrote: > Thanks, this is what I was also considering the feasibility of. And whether > it made sense to begin with. Any idea how can this be done with systemd? > > In man I read: > > > Note that currently when enrolling a new

Re: [systemd-devel] systemd-cryptenroll with TPM2

On Mo, 21.08.23 17:40, Aleksandar Kostadinov (akost...@redhat.com) wrote: > Hello, > > This is more of a user question but I didn't find any other suitable forum > to ask. > > I want to install a server that should have an encrypted root but be able > to reboot unattended. > > systemd-cryptenroll