summaryrefslogtreecommitdiffstats
path: root/man
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2022-07-15 08:50:28 +0200
committerGitHub <noreply@github.com>2022-07-15 08:50:28 +0200
commit5eab88a569c1bb5f79093f38e872e588d64a2b26 (patch)
tree30ca70b11fe90a6aecbf1d197246307e7b2107d3 /man
parentMerge pull request #24021 from poettering/man-rlimit-comments (diff)
parentupdate TODO (diff)
downloadsystemd-5eab88a569c1bb5f79093f38e872e588d64a2b26.tar.xz
systemd-5eab88a569c1bb5f79093f38e872e588d64a2b26.zip
Merge pull request #24005 from poettering/smbios-creds
pid1: import credentials also from SMBIOS data
Diffstat (limited to 'man')
-rw-r--r--man/systemd.exec.xml14
-rw-r--r--man/systemd.xml3
2 files changed, 13 insertions, 4 deletions
diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 3d7ec1e202..055858ef04 100644
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -3125,12 +3125,20 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX
<para>The service manager itself may receive system credentials that can be propagated to services
from a hosting container manager or VM hypervisor. See the <ulink
url="https://systemd.io/CONTAINER_INTERFACE">Container Interface</ulink> documentation for details
- about the former. For the latter, use the <command>qemu</command> <literal>fw_cfg</literal> node
+ about the former. For the latter, pass <ulink
+ url="https://www.dmtf.org/standards/smbios">DMI/SMBIOS</ulink> OEM string table entries (field type
+ 11) with a prefix of <literal>io.systemd.credential:</literal> or
+ <literal>io.systemd.credential.binary:</literal>. In both cases a key/value pair separated by
+ <literal>=</literal> is expected, in the latter case the right-hand side is Base64 decoded when
+ parsed (thus permitting binary data to be passed in). Example qemu switch: <literal>-smbios
+ type=11,value=io.systemd.credential:xx=yy</literal>, or <literal>-smbios
+ type=11,value=io.systemd.credential.binary:rick=TmV2ZXIgR29ubmEgR2l2ZSBZb3UgVXA=</literal>. Alternatively,
+ use the <command>qemu</command> <literal>fw_cfg</literal> node
<literal>opt/io.systemd.credentials/</literal>. Example qemu switch: <literal>-fw_cfg
name=opt/io.systemd.credentials/mycred,string=supersecret</literal>. They may also be specified on
the kernel command line using the <literal>systemd.set_credential=</literal> switch (see
- <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>)
- and from the UEFI firmware environment via
+ <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>) and from
+ the UEFI firmware environment via
<citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
<para>If referencing an <constant>AF_UNIX</constant> stream socket to connect to, the connection will
diff --git a/man/systemd.xml b/man/systemd.xml
index e526a1caea..30484e09a9 100644
--- a/man/systemd.xml
+++ b/man/systemd.xml
@@ -965,7 +965,8 @@
<term><varname>systemd.import_credentials=</varname></term>
<listitem><para>Takes a boolean argument. If false disables importing credentials from the kernel
- command line, qemu_fw_cfg subsystem or the kernel command line.</para></listitem>
+ command line, the DMI/SMBIOS OEM string table, the qemu_fw_cfg subsystem or the EFI kernel
+ stub.</para></listitem>
</varlistentry>
<varlistentry>