F34 compatibility: tpm2-abrmd cannot start due to dependency on dev-tpm0.device

[kkaarreell]

On F34 tpm2-abrmd-2.4.0-3.fc34.x86_64 won't start since it depends on dev-tpm0.device which won't be present. The unit file contains the following note

# These settings are needed when using the device TCTI. If the
# TCP mssim is used then the settings should be commented out.
After=dev-tpm0.device
Requires=dev-tpm0.device

which is exactly the setup that is being used. Therefore Unit file should be updated to unset dependencies.

[mpeters]

I'm not sure this is a bug in Keylime as much as it is in the Fedora packaging which would need to modify the systemd unit file. Or am I missing something?

[kkaarreell]

Well, it is this ansible playbook applying unit file updates from https://github.com/keylime/keylime-vagrant-ansible-tpm-emulator/tree/master/roles/ansible-keylime-tpm20/files/tpm2-abrmd.service.d so that made me think it could also apply this change too. And given it configures IBM TMP emulator (which is not something Fedora would have as a default) and targets Fedora distro too.

[THS-on]

We are no longer using tpm2-abrmd for the emulator. @mpeters can you make a PR removing the now unused files?

[kkaarreell]

FYI, keylime-tests are still using abrmd since CentOS Stream 8 doesn't have the required (>=5.4) kernel version. TBH, I am not sure whether the required feature has been backported.

[THS-on]

@kkaarreell because the tests use a SW TPM it should be possible to remove the tpm2-abrmd dependency there. I'll try to do that when I find the time.

[mpeters]

PR in https://github.com/keylime/keylime-vagrant-ansible-tpm-emulator/pull/60 for the vagrant side