TODO

@@ -171,10 +171,6 @@ Features:
   so that we might even open up up the random seed logic to non-SecureBoot
   systems?
 
-* sd-boot: also include the hyperv "vm generation id" in the random seed hash,
-  to cover nicely for machine clones. It's found in the ACPI tables, which
-  should be easily accessible from UEFI.
-
 * sd-boot: add menu item for shutdown? or hotkey?
 
 * sd-device has an API to create an sd_device object from a device id, but has

src/shared/tpm2-util.c

@@ -5,7 +5,6 @@
 #include "parse-util.h"
 #include "stat-util.h"
 #include "tpm2-util.h"
-#include "virt.h"
 
 #if HAVE_TPM2
 #include "alloc-util.h"
@@ -1461,18 +1460,12 @@ Tpm2Support tpm2_support(void) {
         Tpm2Support support = TPM2_SUPPORT_NONE;
         int r;
 
-        if (detect_container() <= 0) {
+        r = dir_is_empty("/sys/class/tpmrm");
-                /* Check if there's a /dev/tpmrm* device via sysfs. If we run in a container we likely just
+        if (r < 0) {
-                 * got the host sysfs mounted. Since devices are generally not virtualized for containers,
+                if (r != -ENOENT)
-                 * let's assume containers never have a TPM, at least for now. */
+                        log_debug_errno(r, "Unable to test whether /sys/class/tpmrm/ exists and is populated, assuming it is not: %m");
-
+        } else if (r == 0) /* populated! */
-                r = dir_is_empty("/sys/class/tpmrm");
+                support |= TPM2_SUPPORT_DRIVER;
-                if (r < 0) {
-                        if (r != -ENOENT)
-                                log_debug_errno(r, "Unable to test whether /sys/class/tpmrm/ exists and is populated, assuming it is not: %m");
-                } else if (r == 0) /* populated! */
-                        support |= TPM2_SUPPORT_DRIVER;
-        }
 
         if (efi_has_tpm2())
                 support |= TPM2_SUPPORT_FIRMWARE;