mirror of
https://github.com/token2/snapd.git
synced 2026-03-13 11:15:47 -07:00
573d8a9816
This commit fixes the issue that the detection of TPM key sealing does not take into account if the system is already has the lockout auth attribute set. If this is the case an install will not be successful but currently this is detected very late. Note that lockoutAuthSet() is exactly the same 5 lines of code like https://github.com/snapcore/secboot/pull/220/files Once we can use secboot master this can be removed and `secboot.LockoutAuthSet()` can be used instead. * devicestate: take tpm provision mode into account when checking for encryption * devicestate: tweak MockSecbootCheckTPMKeySealingSupported() usage and tests * secboot: improve test coverage for CheckTPMKeySealingSupported() * secboot: use LockoutAuthSet from secboot * devicestate: more mode->tpmMode