diff options
| author | Jason A. Donenfeld <Jason@zx2c4.com> | 2022-11-21 16:40:24 +0100 |
|---|---|---|
| committer | Luca Boccassi <luca.boccassi@gmail.com> | 2022-11-22 01:30:03 +0100 |
| commit | 47b3e96647e18e8ca219c4792ab769344eea11bb (patch) | |
| tree | 04e7d83fa6829bfc06d82f14b06bdb29a2e6b2ec /man/loader.conf.xml | |
| parent | a0c544ee09c735ef3a6e04147c2e03f9dddbd98e (diff) | |
| download | systemd-47b3e96647e18e8ca219c4792ab769344eea11bb.tar.gz | |
boot: remove random-seed-mode
Now that the random seed is used on virtualized systems, there's no
point in having a random-seed-mode toggle switch. Let's just always
require it now, with the existing logic already being there to allow not
having it if EFI itself has an RNG. In other words, the logic for this
can now be automatic.
Diffstat (limited to 'man/loader.conf.xml')
| -rw-r--r-- | man/loader.conf.xml | 19 |
1 files changed, 0 insertions, 19 deletions
diff --git a/man/loader.conf.xml b/man/loader.conf.xml index cf84119df0..245f4c4536 100644 --- a/man/loader.conf.xml +++ b/man/loader.conf.xml @@ -309,25 +309,6 @@ sign-efi-sig-list -c KEK.crt -k KEK.key db db.esl db.auth encrypted drive to change. If PCR 4 is not measured, this setting can be disabled to speed up booting into Windows.</para></listitem> </varlistentry> - - <varlistentry> - <term>random-seed-mode</term> - - <listitem><para>Takes one of <literal>off</literal>, <literal>with-system-token</literal> and - <literal>always</literal>. If <literal>off</literal> no random seed data is read off the ESP, nor - passed to the OS. If <literal>with-system-token</literal> (the default) - <command>systemd-boot</command> will read a random seed from the ESP (from the file - <filename>/loader/random-seed</filename>) only if the <varname>LoaderSystemToken</varname> EFI - variable is set, and then derive the random seed to pass to the OS from the combination. If - <literal>always</literal> the boot loader will do so even if <varname>LoaderSystemToken</varname> is - not set. This mode is useful in environments where protection against OS image reuse is not a - concern, and the random seed shall be used even with no further setup in place. Use <command>bootctl - random-seed</command> to initialize both the random seed file in the ESP and the system token EFI - variable.</para> - - <para>See <ulink url="https://systemd.io/RANDOM_SEEDS">Random Seeds</ulink> for further - information.</para></listitem> - </varlistentry> </variablelist> </refsect1> |