Description¶

systemd-tpm2-generator is a generator that adds a Wants= dependency from sysinit.target to tpm2.target when it detects that the firmware discovered a TPM2 device but the OS kernel so far did not. tpm2.target is supposed to act as synchronization point for all services that require TPM2 device access. See systemd.special(7) for details.

The systemd.tpm2_wait= kernel command line option may be used to override behaviour of the generator. It accepts a boolean value: if true then tpm2.target will be added as synchronization point even if the firmware has not detected a TPM2 device. If false, the target will not be inserted even if firmware reported a device but the OS kernel does not expose a device for it yet. The latter might be useful in environments where a suitable TPM2 driver for the available hardware is not available.

The systemd.tpm2_software_fallback= kernel command line option (which takes a boolean argument, defaulting to false) may be used to enable an automatic software TPM fallback in case a hardware TPM is not detected and swtpm(8) is available. This pulls in the systemd-tpm2-swtpm.service(8) service.

systemd-tpm2-generator implements systemd.generator(7).

See Also¶

systemd(1), systemd.special(7), kernel-command-line(7), systemd-tpm2-swtpm.service(8)