On Fr, 09.08.24 14:49, Mikko Rapeli (mikko.rap...@linaro.org) wrote: > Hi, > > After update from systemd 254 to 256 (and even 256.4) I had some failures > related to TPM related services depending on ConditionSecurity=measured-uki. > > I have basic ukify.py and sbsign signatures working in yocto cross compile > environment but I have doubts that systemd-measure will work there. > It looks like systemd-measure in src/boot/measure.c open TPM devices files > to calculate the PCR values and this doesn't work in cross compile > environment. > Thus it looks systemd-measure and ukify.py --measure will not work in > yocto, at least without qemu and swtpm hacks. Am I right on this?
It should work fine in "offline" mode. It only talks to a TPM if you invoke it with the "status" verb. But you wouldn't do that for signing. Lennart -- Lennart Poettering, Berlin
