TODO

@@ -171,10 +171,6 @@ Features:
   so that we might even open up up the random seed logic to non-SecureBoot
   systems?
 
-* sd-boot: also include the hyperv "vm generation id" in the random seed hash,
-  to cover nicely for machine clones. It's found in the ACPI tables, which
-  should be easily accessible from UEFI.
-
 * sd-boot: add menu item for shutdown? or hotkey?
 
 * sd-device has an API to create an sd_device object from a device id, but has

src/shared/tpm2-util.c

@@ -5,7 +5,6 @@
 #include "parse-util.h"
 #include "stat-util.h"
 #include "tpm2-util.h"
-#include "virt.h"
 
 #if HAVE_TPM2
 #include "alloc-util.h"
@@ -1461,18 +1460,12 @@ Tpm2Support tpm2_support(void) {
         Tpm2Support support = TPM2_SUPPORT_NONE;
         int r;
 
-        if (detect_container() <= 0) {
-                /* Check if there's a /dev/tpmrm* device via sysfs. If we run in a container we likely just
-                 * got the host sysfs mounted. Since devices are generally not virtualized for containers,
-                 * let's assume containers never have a TPM, at least for now. */
-
         r = dir_is_empty("/sys/class/tpmrm");
         if (r < 0) {
                 if (r != -ENOENT)
                         log_debug_errno(r, "Unable to test whether /sys/class/tpmrm/ exists and is populated, assuming it is not: %m");
         } else if (r == 0) /* populated! */
                 support |= TPM2_SUPPORT_DRIVER;
-        }
 
         if (efi_has_tpm2())
                 support |= TPM2_SUPPORT_FIRMWARE;