'\" t .TH "SYSTEMD\-RANDOM\-SEED\&.SERVICE" "8" "" "systemd 256~rc3" "systemd-random-seed.service" .\" ----------------------------------------------------------------- .\" * Define some portability stuff .\" ----------------------------------------------------------------- .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .\" http://bugs.debian.org/507673 .\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html .\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ .ie \n(.g .ds Aq \(aq .el .ds Aq ' .\" ----------------------------------------------------------------- .\" * set default formatting .\" ----------------------------------------------------------------- .\" disable hyphenation .nh .\" disable justification (adjust text to left margin only) .ad l .\" ----------------------------------------------------------------- .\" * MAIN CONTENT STARTS HERE * .\" ----------------------------------------------------------------- .SH "NAME" systemd-random-seed.service, systemd-random-seed \- Load and save the OS system random seed at boot and shutdown .SH "SYNOPSIS" .PP systemd\-random\-seed\&.service .PP /usr/lib/systemd/systemd\-random\-seed .SH "DESCRIPTION" .PP systemd\-random\-seed\&.service is a service that loads an on\-disk random seed into the kernel entropy pool during boot and saves it at shutdown\&. See \fBrandom\fR(4) for details\&. By default, no entropy is credited when the random seed is written into the kernel entropy pool, but this may be changed with \fI$SYSTEMD_RANDOM_SEED_CREDIT\fR, see below\&. On disk the random seed is stored in /var/lib/systemd/random\-seed\&. .PP Note that this service runs relatively late during the early boot phase, i\&.e\&. generally after the initrd phase has finished and the /var/ file system has been mounted\&. Many system services require entropy much earlier than this \(em this service is hence of limited use for complex system\&. It is recommended to use a boot loader that can pass an initial random seed to the kernel to ensure that entropy is available from earliest boot on, for example \fBsystemd-boot\fR(7), with its \fBbootctl random\-seed\fR functionality\&. .PP When loading the random seed from disk, the file is immediately updated with a new seed retrieved from the kernel, in order to ensure no two boots operate with the same random seed\&. This new seed is retrieved synchronously from the kernel, which means the service will not complete start\-up until the random pool is fully initialized\&. On entropy\-starved systems this may take a while\&. This functionality is intended to be used as synchronization point for ordering services that require an initialized entropy pool to function securely (i\&.e\&. services that access /dev/urandom without any further precautions)\&. .PP Care should be taken when creating OS images that are replicated to multiple systems: if the random seed file is included unmodified each system will initialize its entropy pool with the same data, and thus \(em if otherwise entropy\-starved \(em generate the same or at least guessable random seed streams\&. As a safety precaution crediting entropy is thus disabled by default\&. It is recommended to remove the random seed from OS images intended for replication on multiple systems, in which case it is safe to enable entropy crediting, see below\&. Also see \m[blue]\fBSafely Building Images\fR\m[]\&\s-2\u[1]\d\s+2\&. .PP See \m[blue]\fBRandom Seeds\fR\m[]\&\s-2\u[2]\d\s+2 for further information\&. .SH "ENVIRONMENT" .PP \fI$SYSTEMD_RANDOM_SEED_CREDIT\fR .RS 4 By default, systemd\-random\-seed\&.service does not credit any entropy when loading the random seed\&. With this option this behaviour may be changed: it either takes a boolean parameter or the special string "force"\&. Defaults to false, in which case no entropy is credited\&. If true, entropy is credited if the random seed file and system state pass various superficial concisistency checks\&. If set to "force" entropy is credited, regardless of these checks, as long as the random seed file exists\&. .sp Added in version 243\&. .RE .SH "SEE ALSO" .PP \fBsystemd\fR(1), \fBrandom\fR(4), \fBsystemd-boot\fR(7), \fBsystemd-stub\fR(7), \fBbootctl\fR(4), \fBsystemd-boot-random-seed.service\fR(8) .SH "NOTES" .IP " 1." 4 Safely Building Images .RS 4 \%https://systemd.io/BUILDING_IMAGES .RE .IP " 2." 4 Random Seeds .RS 4 \%https://systemd.io/RANDOM_SEEDS .RE