6eab4cd44c
It turns out checking sysfs is not 100% reliable to figure out whether the firmware had TPM2 support enabled or not. For example with EDK2 arm64, the default upstream build config bundles TPM2 support with SecureBoot support, so if the latter is disabled, TPM2 is also unavailable. But still, the ACPI TPM2 table is created just as if it was enabled. So /sys/firmware/acpi/tables/TPM2 exists and looks correct, but there are no measurements, neither the firmware nor the loader/stub can do them, and /sys/kernel/security/tpm0/binary_bios_measurements does not exist. The loader can use the apposite UEFI protocol to check, which is a more definitive answer. Given userspace can also make use of this information, export the bitmask with the list of active banks as-is. If it's not 0, then we can be sure a working TPM2 was available in EFI mode. Partially fixes https://github.com/systemd/systemd/issues/38071
System and Service Manager
Details
Most documentation is available on systemd's web site.
Assorted, older, general information about systemd can be found in the systemd Wiki.
Information about build requirements is provided in the README file.
Consult our NEWS file for information about what's new in the most recent systemd versions.
Please see the Code Map for information about this repository's layout and content.
Please see the Hacking guide for information on how to hack on systemd and test your modifications.
Please see our Contribution Guidelines for more information about filing GitHub Issues and posting GitHub Pull Requests.
When preparing patches for systemd, please follow our Coding Style Guidelines.
If you are looking for support, please contact our mailing list, join our IRC channel #systemd on libera.chat or Matrix channel
Stable branches with backported patches are available in the stable repo.
We have a security bug bounty program sponsored by the Sovereign Tech Fund hosted on YesWeHack
Repositories with distribution packages built from git main are available on OBS