From 5c7b3335dbd87f5bef335efa553a1173a584df1a Mon Sep 17 00:00:00 2001
From: Mike Yuan <me@yhndnzj.com>
Date: Wed, 5 Mar 2025 16:07:50 +0100
Subject: [PATCH] tpm2-clear: make getenv() failure fatal, correct one log
 level

This operation is destructive, and we bail if the proc_cmdline_get_bool()
call below fails already. Better be safe than sorry.
---
 src/tpm2-setup/tpm2-clear.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/tpm2-setup/tpm2-clear.c b/src/tpm2-setup/tpm2-clear.c
index 3f76798a6f..0dcee96a07 100644
--- a/src/tpm2-setup/tpm2-clear.c
+++ b/src/tpm2-setup/tpm2-clear.c
@@ -88,7 +88,7 @@ static int request_tpm2_clear(void) {
 
         r = secure_getenv_bool("SYSTEMD_TPM2_ALLOW_CLEAR");
         if (r < 0 && r != -ENXIO)
-                log_warning_errno(r, "Failed to parse $SYSTEMD_TPM2_ALLOW_CLEAR, ignoring: %m");
+                return log_error_errno(r, "Failed to parse $SYSTEMD_TPM2_ALLOW_CLEAR: %m");
         if (r >= 0)
                 clear = r;
 
@@ -96,7 +96,7 @@ static int request_tpm2_clear(void) {
                 bool b;
                 r = proc_cmdline_get_bool("systemd.tpm2_allow_clear", /* flags= */ 0, &b);
                 if (r < 0)
-                        return log_debug_errno(r, "Failed to parse systemd.tpm2_allow_clear kernel command line argument: %m");
+                        return log_error_errno(r, "Failed to parse systemd.tpm2_allow_clear kernel command line argument: %m");
                 if (r > 0)
                         clear = b;
         }