diff options
| author | Luca Boccassi <bluca@debian.org> | 2022-11-16 15:07:54 +0100 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-11-16 15:07:54 +0100 |
| commit | 39a306ba34ab65dfd7689013e31f26b2690bc36a (patch) | |
| tree | 5db44778970c0792059031beb2f5a05ba2b4dca3 /man/systemd-boot.xml | |
| parent | Merge pull request #25310 from jlinton/fpdt_dev_mem_alt (diff) | |
| parent | random-seed: refresh EFI boot seed when writing a new seed (diff) | |
| download | systemd-39a306ba34ab65dfd7689013e31f26b2690bc36a.tar.xz systemd-39a306ba34ab65dfd7689013e31f26b2690bc36a.zip | |
Merge pull request #25319 from zx2c4-forks/krngseed
boot: implement kernel EFI RNG seed protocol with proper hashing
Diffstat (limited to 'man/systemd-boot.xml')
| -rw-r--r-- | man/systemd-boot.xml | 22 |
1 files changed, 0 insertions, 22 deletions
diff --git a/man/systemd-boot.xml b/man/systemd-boot.xml index 57b66803fa..f96c4c6512 100644 --- a/man/systemd-boot.xml +++ b/man/systemd-boot.xml @@ -436,28 +436,6 @@ </varlistentry> <varlistentry> - <term><varname>LoaderRandomSeed</varname></term> - - <listitem><para>A binary random seed <command>systemd-boot</command> may optionally pass to the - OS. This is a volatile EFI variable that is hashed at boot from the combination of a random seed - stored in the ESP (in <filename>/loader/random-seed</filename>) and a "system token" persistently - stored in the EFI variable <varname>LoaderSystemToken</varname> (see below). During early OS boot the - system manager reads this variable and passes it to the OS kernel's random pool, crediting the full - entropy it contains. This is an efficient way to ensure the system starts up with a fully initialized - kernel random pool — as early as the initrd phase. <command>systemd-boot</command> reads - the random seed from the ESP, combines it with the "system token", and both derives a new random seed - to update in-place the seed stored in the ESP, and the random seed to pass to the OS from it via - SHA256 hashing in counter mode. This ensures that different physical systems that boot the same - "golden" OS image — i.e. containing the same random seed file in the ESP — will still pass a - different random seed to the OS. It is made sure the random seed stored in the ESP is fully - overwritten before the OS is booted, to ensure different random seed data is used between subsequent - boots.</para> - - <para>See <ulink url="https://systemd.io/RANDOM_SEEDS">Random Seeds</ulink> for - further information.</para></listitem> - </varlistentry> - - <varlistentry> <term><varname>LoaderSystemToken</varname></term> <listitem><para>A binary random data field, that is used for generating the random seed to pass to |