handle broken TPM better

Signed-off-by: eriknordmark <erik@zededa.com> (cherry picked from commit 8ac2408)
lf-edge · Nov 3, 2021 · 908b8f7 · 908b8f7
1 parent 213ac27
commit 908b8f7
Showing 1 changed file with 3 additions and 2 deletions.
diff --git a/pkg/pillar/scripts/device-steps.sh b/pkg/pillar/scripts/device-steps.sh
@@ -161,7 +161,7 @@ fi
 if [ -f $PERSISTDIR/reboot-reason ]; then
     echo "Reboot reason: $(cat $PERSISTDIR/reboot-reason)" > /dev/console
 elif [ -f $FIRSTBOOTFILE ]; then
-    exho "Reboot reason: NORMAL: First boot of device - at $(date -Ins -u)" > /dev/console
+    echo "Reboot reason: NORMAL: First boot of device - at $(date -Ins -u)" > /dev/console
 else
     echo "Reboot reason: UNKNOWN: reboot reason - power failure or crash - at $(date -Ins -u)" > /dev/console
 fi
@@ -384,8 +384,9 @@ if [ ! -f $CONFIGDIR/device.cert.pem ]; then
     if [ -c $TPM_DEVICE_PATH ] && ! [ -f $CONFIGDIR/disable-tpm ]; then
         echo "$(date -Ins -u) TPM device is present and allowed, creating TPM based device key"
         if ! $BINDIR/generate-device.sh -b $CONFIGDIR/device -t; then
-            echo "$(date -Ins -u) TPM is malfunctioning, falling back to software certs"
+            echo "$(date -Ins -u) TPM is malfunctioning, falling back to software certs; disabling tpm"
             $BINDIR/generate-device.sh -b $CONFIGDIR/device
+            touch $CONFIGDIR/disable-tpm
         fi
     else
         $BINDIR/generate-device.sh -b $CONFIGDIR/device