# SOME DESCRIPTIVE TITLE # Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR , YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2024-06-01 06:26+0200\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME \n" "Language-Team: LANGUAGE \n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: TH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "SYSTEMD-BOOT-RANDOM-SEED\\&.SERVICE" msgstr "" #. type: TH #: archlinux fedora-40 mageia-cauldron #, no-wrap msgid "systemd 255" msgstr "" #. type: TH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "systemd-boot-random-seed.service" msgstr "" #. ----------------------------------------------------------------- #. * MAIN CONTENT STARTS HERE * #. ----------------------------------------------------------------- #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "NAME" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "systemd-boot-random-seed.service - Refresh boot loader random seed at boot" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "SYNOPSIS" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "systemd-boot-random-seed\\&.service" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "DESCRIPTION" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "systemd-boot-random-seed\\&.service is a system service that automatically " "refreshes the boot loader random seed stored in the EFI System Partition " "(ESP), from the Linux kernel entropy pool\\&. The boot loader random seed is " "primarily consumed and updated by B(7) from the UEFI " "environment (or B(7) if the former is not used, but the " "latter is), and passed as initial RNG seed to the OS\\&. It is an effective " "way to ensure the OS comes up with a random pool that is fully " "initialized\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The service also automatically generates a \\*(Aqsystem token\\*(Aq to store " "in an EFI variable in the system\\*(Aqs NVRAM\\&. The boot loader may then " "combine the on-disk random seed and the system token by cryptographic " "hashing, and pass it to the OS it boots as initialization seed for its " "entropy pool\\&. Note: the random seed stored in the ESP is refreshed on " "I reboot ensuring that multiple subsequent boots will boot with " "different seeds\\&. On the other hand, the system token is generated " "randomly I, and then persistently stored in the system\\*(Aqs EFI " "variable storage, ensuring the same disk image won\\*(Aqt result in the same " "series of boot loader seed values if used on multiple systems in parallel\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "The systemd-boot-random-seed\\&.service unit invokes the B command, which updates the random seed in the ESP, and initializes the " "system token if it\\*(Aqs not initialized yet\\&. The service is " "conditionalized so that it is run only when a boot loader is used that " "implements the \\m[blue]B\\m[]\\&\\s-2\\u[1]\\d\\s+2\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "For further details see B(1), regarding the command this service " "invokes\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "Note the relationship between systemd-boot-random-seed\\&.service and " "B(8)\\&. The former maintains the random seed consumed " "and updated by the boot environment (i\\&.e\\&. by B(7) or " "B(7)), the latter maintains a random seed consumed and updated " "by the OS itself\\&. The former ensures that the OS has a filled entropy " "pool already during earliest boot when regular disk access is not available " "yet (i\\&.e\\&. when the OS random seed cannot be loaded yet)\\&. The latter " "is processed much later, once writable disk access is available\\&. Thus it " "cannot be used to seed the initial boot phase, but typically has much higher " "quality of entropy\\&. Both files are consumed and updated at boot, but at " "different times\\&. Specifically:" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "In UEFI mode, the B(7) or B(7) components load " "the boot loader random seed from the ESP, hash it with available entropy and " "the system token, and then update it on disk\\&. A derived seed is passed to " "the kernel which writes it to its entropy pool\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "In userspace the systemd-random-seed\\&.service service loads the OS random " "seed, writes it to the kernel entropy pool, and then updates it on disk with " "a new value derived from the kernel entropy pool\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "In userspace the systemd-boot-random-seed\\&.service service updates the " "boot loader random seed with a new value derived from the kernel entropy " "pool\\&." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "This logic should ensure that the kernel\\*(Aqs entropy pool is seeded " "during earliest bool already, if possible, but the highest quality entropy " "is propagated back to both on-disk seeds\\&." msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "SEE ALSO" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "" "B(1), B(4), B(1), B(7), B(7), B(8)" msgstr "" #. type: SH #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid "NOTES" msgstr "" #. type: IP #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron #, no-wrap msgid " 1." msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "Boot Loader Interface" msgstr "" #. type: Plain text #: archlinux debian-bookworm debian-unstable fedora-40 fedora-rawhide #: mageia-cauldron msgid "\\%https://systemd.io/BOOT_LOADER_INTERFACE" msgstr "" #. type: TH #: debian-bookworm #, no-wrap msgid "systemd 254" msgstr "" #. type: TH #: debian-unstable fedora-rawhide #, no-wrap msgid "systemd 256~rc3" msgstr ""