| # Copyright 2022 The ChromiumOS Authors |
| # Use of this source code is governed by a BSD-style license that can be |
| # found in the LICENSE file. |
| |
| description "Chromium OS device service." |
| author "chromium-os-dev@chromium.org" |
| |
| start on started trunksd \ |
| and started tpm_managerd \ |
| and started attestationd \ |
| and started boot-services |
| stop on hwsec-stop-clients-signal |
| respawn |
| |
| oom score -100 |
| |
| respawn |
| |
| expect fork |
| |
| script |
| # -b /mnt/stateful_partition/... are required for writing profraw files. |
| PROFILING_ARGS="" |
| if [ -d "/mnt/stateful_partition/unencrypted/profraws" ]; then |
| PROFILING_ARGS="-b /mnt/stateful_partition/unencrypted/profraws,,1" |
| fi |
| |
| # Uses minijail (drop root, set no_new_privs, set seccomp filter). |
| exec minijail0 --config /usr/share/minijail/vtpm.conf \ |
| ${PROFILING_ARGS} \ |
| -S /usr/share/policy/vtpmd-seccomp.policy \ |
| -- /usr/sbin/vtpmd |
| end script |
| |
| # Wait for daemon to claim its D-Bus name. |
| post-start exec minijail0 -u vtpm -G \ |
| /usr/bin/gdbus wait --system --timeout 15 org.chromium.Vtpm |
