diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2022-11-21 16:40:24 +0100 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@gmail.com> | 2022-11-22 01:30:03 +0100 |
| commit | 47b3e96647e18e8ca219c4792ab769344eea11bb (patch) | |
| tree | 04e7d83fa6829bfc06d82f14b06bdb29a2e6b2ec /docs | |
| parent | a0c544ee09c735ef3a6e04147c2e03f9dddbd98e (diff) | |
| download | systemd-47b3e96647e18e8ca219c4792ab769344eea11bb.tar.gz | |
boot: remove random-seed-mode
Now that the random seed is used on virtualized systems, there's no
point in having a random-seed-mode toggle switch. Let's just always
require it now, with the existing logic already being there to allow not
having it if EFI itself has an RNG. In other words, the logic for this
can now be automatic.
Diffstat (limited to 'docs')
| -rw-r--r-- | docs/RANDOM_SEEDS.md | 8 |
1 files changed, 0 insertions, 8 deletions
diff --git a/docs/RANDOM_SEEDS.md b/docs/RANDOM_SEEDS.md index a1134d6417..4cb2bb9cfa 100644 --- a/docs/RANDOM_SEEDS.md +++ b/docs/RANDOM_SEEDS.md @@ -232,14 +232,6 @@ boot, in order to ensure the entropy pool is filled up quickly. too), which should be safe even with FAT file system drivers built into low-quality EFI firmwares. - If the system token is not desired but this seeding mechanism still is, OS - builders that know that they are not going to replicate the built image on - multiple systems may opt to turn off the 'system token' concept by setting - `random-seed-mode always` in the ESP's - [`/loader/loader.conf`](https://www.freedesktop.org/software/systemd/man/loader.conf.html) - file. If done, `systemd-boot` will use the random seed file even if no - system token is found in EFI variables. - 4. A kernel command line option `systemd.random_seed=` may be used to pass in a base64 encoded seed to initialize the kernel's entropy pool from during early service manager initialization. This option is only safe in testing |