mirror of
https://github.com/systemd/systemd.git
synced 2024-11-05 23:51:28 +03:00
351de38e4b
Apparently some firmwares don't allow us to write this token, and refuse it with EINVAL. We should normally consider that a fatal error, but not really in the case of "bootctl random-seed" when called from the systemd-boot-system-token.service since it's called as "best effort" service after boot on various systems, and hence we shouldn't fail loudly. Similar, when we cannot find the ESP don't fail either, since there are systems (arch install ISOs) that carry a boot loader capable of the random seed logic but don't mount it after boot. Fixes: #13603
35 lines
1.3 KiB
SYSTEMD
35 lines
1.3 KiB
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1+
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Store a System Token in an EFI Variable
|
|
Documentation=man:systemd-boot-system-token.service(8)
|
|
DefaultDependencies=no
|
|
Conflicts=shutdown.target
|
|
After=local-fs.target systemd-random-seed.service
|
|
Before=shutdown.target
|
|
|
|
# Don't run this in a VM environment, because there EFI variables are not
|
|
# actually stored in NVRAM, independent of regular storage.
|
|
ConditionVirtualization=no
|
|
|
|
# Only run this if the boot loader can support random seed initialization.
|
|
ConditionPathExists=/sys/firmware/efi/efivars/LoaderFeatures-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
|
|
|
|
# Only run this if there is no system token defined yet, or …
|
|
ConditionPathExists=|!/sys/firmware/efi/efivars/LoaderSystemToken-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
|
|
|
|
# … if the boot loader didn't pass the OS a random seed (and thus probably was missing the random seed file)
|
|
ConditionPathExists=|!/sys/firmware/efi/efivars/LoaderRandomSeed-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart=@bindir@/bootctl random-seed --graceful
|