It appears that `systemd-tpm2-setup.service` and `systemd-tpm2-setup-early.service` are slowing down the boot process. Some logging: ### systemd-analyze critical-chain ``` The time when unit became active or started is printed after the "@" character. The time the unit took to start is printed after the "+" character. graphical.target @13.129s └─multi-user.target @13.129s └─tuned-ppd.service @9.450s +724ms └─tuned.service @9.161s +286ms └─polkit.service @8.966s +193ms └─basic.target @8.100s └─systemd-pcrphase-sysinit.service @8.058s +40ms └─sysinit.target @8.037s └─systemd-pcrnvdone.service @8.002s +33ms └─systemd-tpm2-setup.service @5.632s +2.368s └─systemd-tpm2-setup-early.service @728ms +4.901s └─tpm2.target @1.127s └─dev-tpm0.device ``` ### systemctl status systemd-tpm2-setup.service ``` ● systemd-tpm2-setup.service - TPM SRK Setup Loaded: loaded (/usr/lib/systemd/system/systemd-tpm2-setup.service; static) Active: active (exited) since Sat 2026-02-21 11:39:35 MST; 2min 31s ago Invocation: b729d38682414241abd86e7fa5bc53ff Docs: man:systemd-tpm2-setup.service(8) Main PID: 1091 (code=exited, status=0/SUCCESS) Mem peak: 3.4M CPU: 34ms Feb 21 11:39:33 engine systemd[1]: Starting TPM SRK Setup... Feb 21 11:39:33 engine systemd-tpm2-setup[1091]: SRK already stored in the TPM. Feb 21 11:39:33 engine systemd-tpm2-setup[1091]: SRK fingerprint is [redacted in case it's supposed to be a secret]. Feb 21 11:39:33 engine systemd-tpm2-setup[1091]: SRK saved in '/var/lib/systemd/tpm2-srk-public-key.pem' matches SRK in TPM2. Feb 21 11:39:35 engine systemd-tpm2-setup[1091]: 2 NvPCRs already initialized. Feb 21 11:39:35 engine systemd[1]: Finished TPM SRK Setup. ``` ### systemctl status systemd-tpm2-setup-early.service ``` ● systemd-tpm2-setup-early.service - Early TPM SRK Setup Loaded: loaded (/usr/lib/systemd/system/systemd-tpm2-setup-early.service; static) Active: active (exited) since Sat 2026-02-21 11:39:33 MST; 3min 5s ago Invocation: 2183b8d260e14716b1bb75234e2502c9 Docs: man:systemd-tpm2-setup.service(8) Main PID: 805 (code=exited, status=0/SUCCESS) Mem peak: 2.9M CPU: 33ms Feb 21 11:39:28 engine systemd-tpm2-setup[805]: SRK already stored in the TPM. Feb 21 11:39:28 engine systemd-tpm2-setup[805]: SRK fingerprint is [redacted in case it's supposed to be a secret]. Feb 21 11:39:28 engine systemd-tpm2-setup[805]: SRK public key saved to '/run/systemd/tpm2-srk-public-key.pem' in PEM format. Feb 21 11:39:28 engine systemd-tpm2-setup[805]: SRK public key saved to '/run/systemd/tpm2-srk-public-key.tpm2b_public' in TPM2B_PUBLIC format. Feb 21 11:39:33 engine systemd-tpm2-setup[805]: WARNING:esys:src/tss2-esys/api/Esys_NV_DefineSpace.c:345:Esys_NV_DefineSpace_Finish() Received TPM Error Feb 21 11:39:33 engine systemd-tpm2-setup[805]: ERROR:esys:src/tss2-esys/api/Esys_NV_DefineSpace.c:121:Esys_NV_DefineSpace() Esys Finish ErrorCode (0x0000014c) Feb 21 11:39:33 engine systemd-tpm2-setup[805]: 1 NvPCRs initialized. (1 NvPCRs were already initialized.) Feb 21 11:39:33 engine systemd[1]: Finished Early TPM SRK Setup. ``` I found https://github.com/systemd/systemd/issues/40159 which seems to be reporting this exact issue in systemd 259, and https://github.com/systemd/systemd/issues/40485 which has the same 0x0000014c error, but it's about a boot loop, not a boot slowdown. Seems *something* is fishy with TPM support in systemd 259.