mirror of
https://github.com/systemd/systemd.git
synced 2024-11-01 00:51:24 +03:00
08b04ec7e7
This adds the support for veritytab. The veritytab file contains at most five fields, the first four are mandatory, the last one is optional: - The first field contains the name of the resulting verity volume; its block device is set up /dev/mapper/</filename>. - The second field contains a path to the underlying block data device, or a specification of a block device via UUID= followed by the UUID. - The third field contains a path to the underlying block hash device, or a specification of a block device via UUID= followed by the UUID. - The fourth field is the roothash in hexadecimal. - The fifth field, if present, is a comma-delimited list of options. The following options are recognized only: ignore-corruption, restart-on-corruption, panic-on-corruption, ignore-zero-blocks, check-at-most-once and root-hash-signature. The others options will be implemented later. Also, this adds support for the new kernel verity command line boolean option "veritytab" which enables the read for veritytab, and the new environment variable SYSTEMD_VERITYTAB which sets the path to the file veritytab to read.
542 lines
27 KiB
XML
542 lines
27 KiB
XML
<?xml version='1.0'?> <!--*-nxml-*-->
|
|
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
|
|
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
|
|
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
|
|
|
|
<refentry id="kernel-command-line">
|
|
|
|
<refentryinfo>
|
|
<title>kernel-command-line</title>
|
|
<productname>systemd</productname>
|
|
</refentryinfo>
|
|
|
|
<refmeta>
|
|
<refentrytitle>kernel-command-line</refentrytitle>
|
|
<manvolnum>7</manvolnum>
|
|
</refmeta>
|
|
|
|
<refnamediv>
|
|
<refname>kernel-command-line</refname>
|
|
<refpurpose>Kernel command line parameters</refpurpose>
|
|
</refnamediv>
|
|
|
|
<refsynopsisdiv>
|
|
<para><filename>/proc/cmdline</filename></para>
|
|
</refsynopsisdiv>
|
|
|
|
<refsect1>
|
|
<title>Description</title>
|
|
|
|
<para>The kernel, the initial RAM disk (initrd) and basic userspace functionality may be configured at
|
|
boot via kernel command line arguments. In addition, various systemd tools look at the EFI variable
|
|
<literal>SystemdOptions</literal> (if available). Both sources are combined, but the kernel command line
|
|
has higher priority. Please note that <emphasis>the EFI variable is only used by systemd tools, and is
|
|
ignored by the kernel and other user space tools</emphasis>, so it is not a replacement for the kernel
|
|
command line.</para>
|
|
|
|
<para>For command line parameters understood by the kernel, please
|
|
see
|
|
<ulink url="https://www.kernel.org/doc/html/latest/admin-guide/kernel-parameters.html"><filename>kernel-parameters.html</filename></ulink>
|
|
and
|
|
<citerefentry project='man-pages'><refentrytitle>bootparam</refentrytitle><manvolnum>7</manvolnum></citerefentry>.</para>
|
|
|
|
<para>For command line parameters understood by the initial RAM
|
|
disk, please see
|
|
<citerefentry project='man-pages'><refentrytitle>dracut.cmdline</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
|
or the documentation of the specific initrd implementation of your
|
|
installation.</para>
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>Core OS Command Line Arguments</title>
|
|
|
|
<variablelist class='kernel-commandline-options'>
|
|
<varlistentry>
|
|
<term><varname>systemd.unit=</varname></term>
|
|
<term><varname>rd.systemd.unit=</varname></term>
|
|
<term><varname>systemd.dump_core</varname></term>
|
|
<term><varname>systemd.early_core_pattern=</varname></term>
|
|
<term><varname>systemd.crash_chvt</varname></term>
|
|
<term><varname>systemd.crash_shell</varname></term>
|
|
<term><varname>systemd.crash_reboot</varname></term>
|
|
<term><varname>systemd.confirm_spawn</varname></term>
|
|
<term><varname>systemd.service_watchdogs</varname></term>
|
|
<term><varname>systemd.show_status</varname></term>
|
|
<term><varname>systemd.status_unit_format=</varname></term>
|
|
<term><varname>systemd.log_target=</varname></term>
|
|
<term><varname>systemd.log_level=</varname></term>
|
|
<term><varname>systemd.log_location=</varname></term>
|
|
<term><varname>systemd.log_color</varname></term>
|
|
<term><varname>systemd.default_standard_output=</varname></term>
|
|
<term><varname>systemd.default_standard_error=</varname></term>
|
|
<term><varname>systemd.setenv=</varname></term>
|
|
<term><varname>systemd.machine_id=</varname></term>
|
|
<term><varname>systemd.unified_cgroup_hierarchy</varname></term>
|
|
<term><varname>systemd.legacy_systemd_cgroup_controller</varname></term>
|
|
<listitem>
|
|
<para>Parameters understood by the system and service
|
|
manager to control system behavior. For details, see
|
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>systemd.mask=</varname></term>
|
|
<term><varname>systemd.wants=</varname></term>
|
|
<term><varname>systemd.debug_shell</varname></term>
|
|
<listitem>
|
|
<para>Additional parameters understood by
|
|
<citerefentry><refentrytitle>systemd-debug-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
to mask or start specific units at boot, or invoke a debug
|
|
shell on tty9.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>systemd.run=</varname></term>
|
|
<term><varname>systemd.run_success_action=</varname></term>
|
|
<term><varname>systemd.run_failure_action=</varname></term>
|
|
<listitem>
|
|
<para>Additional parameters understood by
|
|
<citerefentry><refentrytitle>systemd-run-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>, to
|
|
run a command line specified on the kernel command line as system service after booting up.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>systemd.early_core_pattern=</varname></term>
|
|
<listitem>
|
|
<para>During early boot, the generation of core dump files is disabled until a core dump handler (if any)
|
|
takes over. This parameter allows specifying an absolute path where core dump files should be stored until
|
|
a handler is installed. The path should be absolute and may contain specifiers, see
|
|
<citerefentry project='man-pages'><refentrytitle>core</refentrytitle><manvolnum>5</manvolnum></citerefentry> for details.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>systemd.restore_state=</varname></term>
|
|
<listitem>
|
|
<para>This parameter is understood by several system tools
|
|
to control whether or not they should restore system state
|
|
from the previous boot. For details, see
|
|
<citerefentry><refentrytitle>systemd-backlight@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
and
|
|
<citerefentry><refentrytitle>systemd-rfkill.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.
|
|
</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>systemd.volatile=</varname></term>
|
|
<listitem>
|
|
<para>This parameter controls whether the system shall boot up in volatile mode. Takes a boolean argument, or
|
|
the special value <literal>state</literal>. If false (the default), normal boot mode is selected, the root
|
|
directory and <filename>/var/</filename> are mounted as specified on the kernel command line or
|
|
<filename>/etc/fstab</filename>, or otherwise configured. If true, full state-less boot mode is selected. In
|
|
this case the root directory is mounted as volatile memory file system (<literal>tmpfs</literal>), and only
|
|
<filename>/usr/</filename> is mounted from the file system configured as root device, in read-only mode. This
|
|
enables fully state-less boots were the vendor-supplied OS is used as shipped, with only default
|
|
configuration and no stored state in effect, as <filename>/etc/</filename> and <filename>/var/</filename> (as
|
|
well as all other resources shipped in the root file system) are reset at boot and lost on shutdown. If this
|
|
setting is set to <literal>state</literal> the root file system is mounted read-only, however
|
|
<filename>/var/</filename> is mounted as a volatile memory file system (<literal>tmpfs</literal>), so that the
|
|
system boots up with the normal configuration applied, but all state reset at boot and lost at shutdown. If
|
|
this setting is set to <literal>overlay</literal> the root file system is set up as
|
|
<literal>overlayfs</literal> mount combining the read-only root directory with a writable
|
|
<literal>tmpfs</literal>, so that no modifications are made to disk, but the file system may be modified
|
|
nonetheless with all changes being lost at reboot. For details, see
|
|
<citerefentry><refentrytitle>systemd-volatile-root.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
and
|
|
<citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>quiet</varname></term>
|
|
<listitem>
|
|
<para>Parameter understood by both the kernel and the system
|
|
and service manager to control console log verbosity. For
|
|
details, see
|
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>debug</varname></term>
|
|
<listitem>
|
|
<para>Parameter understood by both the kernel and the system
|
|
and service manager to control console log verbosity. For
|
|
details, see
|
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>-b</varname></term>
|
|
<term><varname>rd.emergency</varname></term>
|
|
<term><varname>emergency</varname></term>
|
|
<term><varname>rd.rescue</varname></term>
|
|
<term><varname>rescue</varname></term>
|
|
<term><varname>single</varname></term>
|
|
<term><varname>s</varname></term>
|
|
<term><varname>S</varname></term>
|
|
<term><varname>1</varname></term>
|
|
<term><varname>2</varname></term>
|
|
<term><varname>3</varname></term>
|
|
<term><varname>4</varname></term>
|
|
<term><varname>5</varname></term>
|
|
<listitem>
|
|
<para>Parameters understood by the system and service
|
|
manager, as compatibility and convenience options. For details, see
|
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>locale.LANG=</varname></term>
|
|
<term><varname>locale.LANGUAGE=</varname></term>
|
|
<term><varname>locale.LC_CTYPE=</varname></term>
|
|
<term><varname>locale.LC_NUMERIC=</varname></term>
|
|
<term><varname>locale.LC_TIME=</varname></term>
|
|
<term><varname>locale.LC_COLLATE=</varname></term>
|
|
<term><varname>locale.LC_MONETARY=</varname></term>
|
|
<term><varname>locale.LC_MESSAGES=</varname></term>
|
|
<term><varname>locale.LC_PAPER=</varname></term>
|
|
<term><varname>locale.LC_NAME=</varname></term>
|
|
<term><varname>locale.LC_ADDRESS=</varname></term>
|
|
<term><varname>locale.LC_TELEPHONE=</varname></term>
|
|
<term><varname>locale.LC_MEASUREMENT=</varname></term>
|
|
<term><varname>locale.LC_IDENTIFICATION=</varname></term>
|
|
<listitem>
|
|
<para>Parameters understood by the system and service
|
|
manager to control locale and language settings. For
|
|
details, see
|
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>fsck.mode=</varname></term>
|
|
<term><varname>fsck.repair=</varname></term>
|
|
|
|
<listitem>
|
|
<para>Parameters understood by the file system checker
|
|
services. For details, see
|
|
<citerefentry><refentrytitle>systemd-fsck@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>quotacheck.mode=</varname></term>
|
|
|
|
<listitem>
|
|
<para>Parameter understood by the file quota checker
|
|
service. For details, see
|
|
<citerefentry><refentrytitle>systemd-quotacheck.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>systemd.journald.forward_to_syslog=</varname></term>
|
|
<term><varname>systemd.journald.forward_to_kmsg=</varname></term>
|
|
<term><varname>systemd.journald.forward_to_console=</varname></term>
|
|
<term><varname>systemd.journald.forward_to_wall=</varname></term>
|
|
|
|
<listitem>
|
|
<para>Parameters understood by the journal service. For
|
|
details, see
|
|
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>vconsole.keymap=</varname></term>
|
|
<term><varname>vconsole.keymap_toggle=</varname></term>
|
|
<term><varname>vconsole.font=</varname></term>
|
|
<term><varname>vconsole.font_map=</varname></term>
|
|
<term><varname>vconsole.font_unimap=</varname></term>
|
|
|
|
<listitem>
|
|
<para>Parameters understood by the virtual console setup logic. For details, see
|
|
<citerefentry><refentrytitle>vconsole.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>udev.log_level=</varname></term>
|
|
<term><varname>rd.udev.log_level=</varname></term>
|
|
<term><varname>udev.children_max=</varname></term>
|
|
<term><varname>rd.udev.children_max=</varname></term>
|
|
<term><varname>udev.exec_delay=</varname></term>
|
|
<term><varname>rd.udev.exec_delay=</varname></term>
|
|
<term><varname>udev.event_timeout=</varname></term>
|
|
<term><varname>rd.udev.event_timeout=</varname></term>
|
|
<term><varname>udev.timeout_signal=</varname></term>
|
|
<term><varname>rd.udev.timeout_signal=</varname></term>
|
|
<term><varname>udev.blockdev_read_only</varname></term>
|
|
<term><varname>rd.udev.blockdev_read_only</varname></term>
|
|
<term><varname>net.ifnames=</varname></term>
|
|
<term><varname>net.naming-scheme=</varname></term>
|
|
|
|
<listitem>
|
|
<para>Parameters understood by the device event managing
|
|
daemon. For details, see
|
|
<citerefentry><refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>plymouth.enable=</varname></term>
|
|
|
|
<listitem>
|
|
<para>May be used to disable the Plymouth boot splash. For
|
|
details, see
|
|
<citerefentry project='die-net'><refentrytitle>plymouth</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>luks=</varname></term>
|
|
<term><varname>rd.luks=</varname></term>
|
|
<term><varname>luks.crypttab=</varname></term>
|
|
<term><varname>rd.luks.crypttab=</varname></term>
|
|
<term><varname>luks.name=</varname></term>
|
|
<term><varname>rd.luks.name=</varname></term>
|
|
<term><varname>luks.uuid=</varname></term>
|
|
<term><varname>rd.luks.uuid=</varname></term>
|
|
<term><varname>luks.options=</varname></term>
|
|
<term><varname>rd.luks.options=</varname></term>
|
|
<term><varname>luks.key=</varname></term>
|
|
<term><varname>rd.luks.key=</varname></term>
|
|
|
|
<listitem>
|
|
<para>Configures the LUKS full-disk encryption logic at
|
|
boot. For details, see
|
|
<citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>fstab=</varname></term>
|
|
<term><varname>rd.fstab=</varname></term>
|
|
|
|
<listitem>
|
|
<para>Configures the <filename>/etc/fstab</filename> logic
|
|
at boot. For details, see
|
|
<citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>root=</varname></term>
|
|
<term><varname>rootfstype=</varname></term>
|
|
<term><varname>rootflags=</varname></term>
|
|
<term><varname>ro</varname></term>
|
|
<term><varname>rw</varname></term>
|
|
|
|
<listitem>
|
|
<para>Configures the root file system and its file system
|
|
type and mount options, as well as whether it shall be
|
|
mounted read-only or read-write initially. For details,
|
|
see
|
|
<citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>mount.usr=</varname></term>
|
|
<term><varname>mount.usrfstype=</varname></term>
|
|
<term><varname>mount.usrflags=</varname></term>
|
|
|
|
<listitem>
|
|
<para>Configures the /usr file system (if required) and
|
|
its file system type and mount options. For details, see
|
|
<citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>veritytab=</varname></term>
|
|
<term><varname>rd.veritytab=</varname></term>
|
|
<term><varname>roothash=</varname></term>
|
|
<term><varname>systemd.verity=</varname></term>
|
|
<term><varname>rd.systemd.verity=</varname></term>
|
|
<term><varname>systemd.verity_root_data=</varname></term>
|
|
<term><varname>systemd.verity_root_hash=</varname></term>
|
|
<term><varname>systemd.verity.root_options=</varname></term>
|
|
<listitem>
|
|
<para>Configures the integrity protection root hash for the root file system, and other related
|
|
parameters. For details, see
|
|
<citerefentry><refentrytitle>systemd-veritysetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>systemd.gpt_auto=</varname></term>
|
|
<term><varname>rd.systemd.gpt_auto=</varname></term>
|
|
|
|
<listitem>
|
|
<para>Configures whether GPT based partition auto-discovery
|
|
shall be attempted. For details, see
|
|
<citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>systemd.default_timeout_start_sec=</varname></term>
|
|
|
|
<listitem>
|
|
<para>Overwrites the default start job timeout <varname>DefaultTimeoutStartSec=</varname> at boot. For details,
|
|
see <citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>systemd.watchdog_device=</varname></term>
|
|
|
|
<listitem>
|
|
<para>Overwrites the watchdog device path <varname>WatchdogDevice=</varname>. For details, see
|
|
<citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>systemd.cpu_affinity=</varname></term>
|
|
|
|
<listitem>
|
|
<para>Overrides the CPU affinity mask for the service manager and the default for all child
|
|
processes it forks. This takes precedence over <varname>CPUAffinity=</varname>, see
|
|
<citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>
|
|
for details.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>modules_load=</varname></term>
|
|
<term><varname>rd.modules_load=</varname></term>
|
|
|
|
<listitem>
|
|
<para>Load a specific kernel module early at boot. For
|
|
details, see
|
|
<citerefentry><refentrytitle>systemd-modules-load.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>resume=</varname></term>
|
|
<term><varname>resumeflags=</varname></term>
|
|
|
|
<listitem>
|
|
<para>Enables resume from hibernation using the specified
|
|
device and mount options. All
|
|
<citerefentry project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>-like
|
|
paths are supported. For details, see
|
|
<citerefentry><refentrytitle>systemd-hibernate-resume-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>systemd.firstboot=</varname></term>
|
|
|
|
<listitem><para>Takes a boolean argument, defaults to on. If off,
|
|
<citerefentry><refentrytitle>systemd-firstboot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
|
|
will not query the user for basic system settings, even if the system boots up for the first time and
|
|
the relevant settings are not initialized yet. Not to be confused with
|
|
<varname>systemd.condition-first-boot=</varname> (see below), which overrides the result of the
|
|
<varname>ConditionFirstBoot=</varname> unit file condition, and thus controls more than just
|
|
<filename>systemd-firstboot.service</filename> behaviour.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>systemd.condition-needs-update=</varname></term>
|
|
|
|
<listitem><para>Takes a boolean argument. If specified, overrides the result of
|
|
<varname>ConditionNeedsUpdate=</varname> unit condition checks. See
|
|
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
|
|
details.</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>systemd.condition-first-boot=</varname></term>
|
|
|
|
<listitem><para>Takes a boolean argument. If specified, overrides the result of
|
|
<varname>ConditionFirstBoot=</varname> unit condition checks. See
|
|
<citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
|
|
details. Not to be confused with <varname>systemd.firstboot=</varname> which only controls behaviour
|
|
of the <filename>systemd-firstboot.service</filename> system service but has no effect on the
|
|
condition check (see above).</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>systemd.clock-usec=</varname></term>
|
|
|
|
<listitem><para>Takes a decimal, numeric timestamp in µs since January 1st 1970, 00:00am, to set the
|
|
system clock to. The system time is set to the specified timestamp early during boot. It is not
|
|
propagated to the hardware clock (RTC).</para></listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>systemd.random-seed=</varname></term>
|
|
|
|
<listitem><para>Takes a base64 encoded random seed value to credit with full entropy to the kernel's
|
|
random pool during early service manager initialization. This option is useful in testing
|
|
environments where delays due to random pool initialization in entropy starved virtual machines shall
|
|
be avoided.</para>
|
|
|
|
<para>Note that if this option is used the seed is accessible to unprivileged programs from
|
|
<filename>/proc/cmdline</filename>. This option is hence a security risk when used outside of test
|
|
systems, since the (possibly) only seed used for initialization of the kernel's entropy pool might be
|
|
easily acquired by unprivileged programs.</para>
|
|
|
|
<para>It is recommended to pass 512 bytes of randomized data (as that matches the Linux kernel pool
|
|
size), which may be generated with a command like the following:</para>
|
|
|
|
<programlisting>dd if=/dev/urandom bs=512 count=1 status=none | base64 -w 0</programlisting>
|
|
|
|
<para>Again: do not use this option outside of testing environments, it's a security risk elsewhere,
|
|
as secret key material derived from the entropy pool can possibly be reconstructed by unprivileged
|
|
programs.</para>
|
|
</listitem>
|
|
</varlistentry>
|
|
|
|
<varlistentry>
|
|
<term><varname>systemd.hostname=</varname></term>
|
|
|
|
<listitem><para>Accepts a hostname to set during early boot. If specified takes precedence over what
|
|
is set in <filename>/etc/hostname</filename>. Note that this does not bar later runtime changes to
|
|
the hostname, it simply controls the initial hostname set during early boot.</para></listitem>
|
|
</varlistentry>
|
|
</variablelist>
|
|
|
|
</refsect1>
|
|
|
|
<refsect1>
|
|
<title>See Also</title>
|
|
<para>
|
|
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-system.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
|
|
<citerefentry project='man-pages'><refentrytitle>bootparam</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
|
<citerefentry project='man-pages'><refentrytitle>dracut.cmdline</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-debug-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-fsck@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-quotacheck.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-journald.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-vconsole-setup.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-udevd.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry project='die-net'><refentrytitle>plymouth</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-cryptsetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-veritysetup-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-volatile-root.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-modules-load.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-backlight@.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-rfkill.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-hibernate-resume-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>systemd-firstboot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
|
|
<citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
|
|
</para>
|
|
</refsect1>
|
|
|
|
</refentry>
|