systemd: enable TPM support

Enable "tpm2" support if "tpm2" is in DISTRO_FEATURES.
Also enable cryptsetup, openssl and repart features which
are needed to use TPM device to encrypt filesystems with
systemd configuration. See:

https://www.freedesktop.org/software/systemd/man/latest/systemd-repart.html#--tpm2-device=

Signed-off-by: Mikko Rapeli <mikko.rapeli@linaro.org>
Signed-off-by: Armin Kuster <akuster808@gmail.com>

1 files changed, 17 insertions, 0 deletions

diff --git a/meta-tpm/recipes-core/systemd/systemd_%.bbappend b/meta-tpm/recipes-core/systemd/systemd_%.bbappend
new file mode 100644
index 0000000..82b79ba
--- /dev/null
+++ b/meta-tpm/recipes-core/systemd/systemd_%.bbappend
@@ -0,0 +1,17 @@
+PACKAGECONFIG:append = " ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'tpm2', '', d)}"
+
+# for encrypted filesystems
+PACKAGECONFIG:append = " \
+    ${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'cryptsetup cryptsetup-plugins efi openssl repart', '', d)} \
+"
+
+# ukify.py and systemd-measure don't work in cross compile environment without
+# a tpm2 device, thus switch from measured-uki (new in v256) back to tpm2 
+# (default before v256).
+# TODO: use swtpm-native to calculate TPM measurements
+do_install:append() {
+    if "${@bb.utils.contains('DISTRO_FEATURES', 'tpm2', 'true', 'false', d)}"; then
+        sed -i -e "s/^ConditionSecurity=measured-uki/ConditionSecurity=tpm2/g" \
+            $( grep -rl ^ConditionSecurity=measured-uki ${D} )
+    fi
+}