search

tpm2-software / tpm2-totp

Attest the trustworthiness of a device against a human using time-based one-time passwords
https://tpm2-software.github.io
BSD 3-Clause "New" or "Revised" License
159 stars 35 forks source link

dist: add sd-plymouth-tpm2-totp mkinitcpio hook #75

Closed diabonas closed 3 years ago

diabonas commented 3 years ago

mkinitcpio supports two different kinds of initramfs images: one with a busybox init (HOOKS=(base udev ...)) and one with a systemd init (HOOKS=(systemd sd-...)). Only the former supports the runtime hooks in dist/initcpio/hooks that we use to start show-/plymouth-tpm2-totp, the latter relies on system unit files to start programs.

This commit adds a new mkinitcpio hook sd-plymouth-tpm2-totp to be used for systemd-based mkinitcpio initramfs images. It adds a systemd service plymouth-tpm2-totp.service that triggers plymouth-tpm2-totp once Plymouth has been started and /dev/tpm0 is available. While the hook itself is specific to mkinitcpio, this service might be useful for other systemd-based initramfs generators as well.

Unlike the other currently available hooks, this service currently does not allow selecting a different NV index using the kernel command line. As far as I am aware, there is no built-in way to supply arguments from the kernel command line to systemd units, so the easiest approach might be parsing /proc/cmdline directly in plymouth-tpm2-totp. However, this feature is out of scope for this commit.

Closes: #74