2020-11-09 13:23:58 +09:00
# SPDX-License-Identifier: LGPL-2.1-or-later
2019-07-19 18:06:00 +02:00
#
# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
[Unit]
Description = Store a System Token in an EFI Variable
Documentation = man:systemd-boot-system-token.service(8)
2022-09-14 12:39:10 +01:00
2019-07-19 18:06:00 +02:00
DefaultDependencies = no
After = local-fs.target systemd-random-seed.service
units: add ordering dependencies on initrd-switch-root.target
For shutdown, we queue shutdown.target/start, so in every unit which should be
stopped *before* shutdown, we need both Conflicts and an ordering dependency
with shutdown.target (either Before= or After= would work, because stop jobs
are always ordered before start jobs).
For initrd transition, we queue initrd-switch-root.service/isolate. This
automatically creates a /stop job for every running unit without
IgnoreOnIsolate. But no ordering dependency is created, unless the unit has a
(possibly transitive) ordering dependency on initrd-switch-root.service.
Since most units must stop before the transition, we should add the ordering
dependency. It is nicer to use Before=initrd-switch-root.target for this.
initrd-switch-root.target is ordered before initrd-switch-root.service, so
the effect it the same when both are in a transaction.
Fixes #23745.
To also cover the case where somebody is emergency mode in the initrd and
queues initrd-switch-root.service/start (not isolate), also add
Conflicts=initrd-switch-root.target, so various units are stopped properly.
This extends 2525682565b372b9b83c848bfe89c025fed47a1d to cover all the other
services that are touched. It could be consider "operator error", but it's
easy to make and it's nicer if we can make this more foolproof.
2022-09-14 12:39:10 +01:00
Conflicts = shutdown.target initrd-switch-root.target
Before = shutdown.target initrd-switch-root.target
2019-07-19 18:06:00 +02:00
# Only run this if the boot loader can support random seed initialization.
2022-11-24 10:01:59 +00:00
ConditionPathExists = |/sys/firmware/efi/efivars/LoaderFeatures-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
ConditionPathExists = |/sys/firmware/efi/efivars/StubFeatures-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
2019-07-19 18:06:00 +02:00
bootctl: install system token on virtualized systems
Removing the virtualization check might not be the worst thing in the
world, and would potentially get many, many more systems properly seeded
rather than not seeded. There are a few reasons to consider this:
- In most QEMU setups and most guides on how to setup QEMU, a separate
pflash file is used for nvram variables, and this generally isn't
copied around.
- We're now hashing in a timestamp, which should provide some level of
differentiation, given that EFI_TIME has a nanoseconds field.
- The kernel itself will additionally hash in: a high resolution time
stamp, a cycle counter, RDRAND output, the VMGENID uniquely
identifying the virtual machine, any other seeds from the hypervisor
(like from FDT or setup_data).
- During early boot, the RNG is reseeded quite frequently to account for
the importance of early differentiation.
So maybe the mitigating factors make the actual feared problem
significantly less likely and therefore the pros of having file-based
seeding might outweigh the cons of weird misconfigured setups having a
hypothetical problem on first boot.
2022-11-17 16:11:44 +01:00
# Only run this if there is no system token defined yet
ConditionPathExists = !/sys/firmware/efi/efivars/LoaderSystemToken-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
2019-07-19 18:06:00 +02:00
[Service]
Type = oneshot
RemainAfterExit = yes
2019-12-18 09:14:57 +01:00
ExecStart = bootctl random-seed --graceful