units: measure a separator event into PCR 9 after completing NvPCR initialization

We do this in a separate service (rather than inside of systemd-tpm2-setup), since we want failures of this measurement to result in an instant reboot, like for most our measurements. Failures to initialize nvpcrs, or allocate an SRK are somewhat OK (and more likely), as long as this separator communicates clearly where they have to have taken place, if they worked.
2026-04-14 00:14:32 +09:00 · 2025-11-13 14:47:57 +01:00
parent 86dc140b9f
commit 867e64737a
7 changed files with 53 additions and 7 deletions
--- a/docs/TPM2_PCR_MEASUREMENTS.md
+++ b/docs/TPM2_PCR_MEASUREMENTS.md
@@ -260,6 +260,15 @@ colon-separated strings, identifying the file system type, UUID, label as well
 as the GPT partition entry UUID, entry type UUID and entry label (in UTF-8,
 without trailing NUL bytes).

+### PCR 9, NvPCR initialization separator
+
+After completion of `systemd-tpm2-setup.service` (which initializes all NvPCRs
+and measures their initial state) at arly boot the `systemd-pcrnvdone.service`
+service will measure a separator event into PCR 9, isolating the early-boot
+NvPCR initializations from any later additions.
+
+→ **Measured hash** covers the string `nvpcr-separator`.
+
 ## PCR/NvPCR Measurements Made by `systemd-cryptsetup` (Userspace)

 ### PCR 15, volume key