| # Copyright 2021 The ChromiumOS Authors |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Chromium OS tpm2-simulator daemon" |
| author "chromium-os-dev@chromium.org" |
| |
| stop on stopping boot-services and stopped trunksd |
| |
| # This daemon should very unlikely to be killed by the OOM killer otherwise |
| # the other TPM related daemons(trunksd/chapsd/cryptohomed...) may crash. |
| oom score -100 |
| |
| respawn |
| |
| # mount-encrypted need this TPM simulator to create the encstateful, and |
| # the TPM simulator need to store its data in the persistent location. |
| env SIMULATOR_DIR=/mnt/stateful_partition/unencrypted/tpm2-simulator |
| env DEV_VTPMX=/dev/vtpmx |
| |
| pre-start script |
| modprobe tpm_vtpm_proxy |
| mkdir -p -m 755 "${SIMULATOR_DIR}" |
| chown -R tpm2-simulator:tpm2-simulator "${SIMULATOR_DIR}" |
| end script |
| |
| expect stop |
| |
| # We would initialize the minijail seccomp when this daemon is already started. |
| # And it need root permission to create vTPM device. |
| exec /usr/bin/tpm2-simulator |
| |
| post-start exec /usr/bin/tpm2-simulator-init |
| |
| # Add timeout and sync the disk to prevent blocking the shutdown. |
| pre-stop script |
| sync |
| timeout 10 /usr/bin/tpm2-simulator-stop |
| end script |
| |
| post-stop script |
| # Kill the remaining simulator processes. |
| pgrep -u tpm2-simulator | xargs -r kill |
| # Sync the disk to prevent losing data. |
| sync |
| end script |
