1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
|
# SOME DESCRIPTIVE TITLE
# Copyright (C) YEAR Free Software Foundation, Inc.
# This file is distributed under the same license as the PACKAGE package.
# FIRST AUTHOR <EMAIL@ADDRESS>, YEAR.
#
#, fuzzy
msgid ""
msgstr ""
"Project-Id-Version: PACKAGE VERSION\n"
"POT-Creation-Date: 2023-06-27 19:54+0200\n"
"PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n"
"Last-Translator: FULL NAME <EMAIL@ADDRESS>\n"
"Language-Team: LANGUAGE <LL@li.org>\n"
"Language: \n"
"MIME-Version: 1.0\n"
"Content-Type: text/plain; charset=UTF-8\n"
"Content-Transfer-Encoding: 8bit\n"
#. type: TH
#: debian-bookworm
#, no-wrap
msgid "SYSTEMD-BOOT-SYSTEM-TOKEN\\&.SERVICE"
msgstr ""
#. type: TH
#: debian-bookworm
#, no-wrap
msgid "systemd 252"
msgstr ""
#. type: TH
#: debian-bookworm
#, no-wrap
msgid "systemd-boot-system-token.service"
msgstr ""
#. -----------------------------------------------------------------
#. * MAIN CONTENT STARTS HERE *
#. -----------------------------------------------------------------
#. type: SH
#: debian-bookworm
#, no-wrap
msgid "NAME"
msgstr ""
#. type: Plain text
#: debian-bookworm
msgid ""
"systemd-boot-system-token.service - Generate an initial boot loader system "
"token and random seed"
msgstr ""
#. type: SH
#: debian-bookworm
#, no-wrap
msgid "SYNOPSIS"
msgstr ""
#. type: Plain text
#: debian-bookworm
msgid "systemd-boot-system-token\\&.service"
msgstr ""
#. type: SH
#: debian-bookworm
#, no-wrap
msgid "DESCRIPTION"
msgstr ""
#. type: Plain text
#: debian-bookworm
msgid ""
"systemd-boot-system-token\\&.service is a system service that automatically "
"generates a \\*(Aqsystem token\\*(Aq to store in an EFI variable in the "
"system\\*(Aqs NVRAM and a random seed to store on the EFI System Partition "
"ESP on disk\\&. The boot loader may then combine these two randomized data "
"fields by cryptographic hashing, and pass it to the OS it boots as "
"initialization seed for its entropy pool\\&. The random seed stored in the "
"ESP is refreshed on each reboot ensuring that multiple subsequent boots will "
"boot with different seeds\\&. The \\*(Aqsystem token\\*(Aq is generated "
"randomly once, and then persistently stored in the system\\*(Aqs EFI "
"variable storage\\&."
msgstr ""
#. type: Plain text
#: debian-bookworm
msgid ""
"The systemd-boot-system-token\\&.service unit invokes the B<bootctl random-"
"seed> command, which updates the random seed in the ESP, and initializes the "
"\\*(Aqsystem token\\*(Aq if it\\*(Aqs not initialized yet\\&. The service is "
"conditionalized so that it is run only when all of the below apply:"
msgstr ""
#. type: Plain text
#: debian-bookworm
msgid ""
"A boot loader is used that implements the \\m[blue]B<Boot Loader "
"Interface>\\m[]\\&\\s-2\\u[1]\\d\\s+2 (which defines the \\*(Aqsystem "
"token\\*(Aq concept)\\&."
msgstr ""
#. type: Plain text
#: debian-bookworm
msgid ""
"Either a \\*(Aqsystem token\\*(Aq was not set yet, or the boot loader has "
"not passed the OS a random seed yet (and thus most likely has been missing "
"the random seed file in the ESP)\\&."
msgstr ""
#. type: Plain text
#: debian-bookworm
msgid ""
"The system is not running in a VM environment\\&. This case is explicitly "
"excluded since on VM environments the ESP backing storage and EFI variable "
"storage is typically not physically separated and hence booting the same OS "
"image in multiple instances would replicate both, thus reusing the same "
"random seed and \\*(Aqsystem token\\*(Aq among all instances, which defeats "
"its purpose\\&. Note that it\\*(Aqs still possible to use boot loader random "
"seed provisioning in this mode, but the automatic logic implemented by this "
"service has no effect then, and the user instead has to manually invoke the "
"B<bootctl random-seed> acknowledging these restrictions\\&."
msgstr ""
#. type: Plain text
#: debian-bookworm
msgid ""
"For further details see B<bootctl>(1), regarding the command this service "
"invokes\\&."
msgstr ""
#. type: SH
#: debian-bookworm
#, no-wrap
msgid "SEE ALSO"
msgstr ""
#. type: Plain text
#: debian-bookworm
msgid "B<systemd>(1), B<bootctl>(1), B<systemd-boot>(7)"
msgstr ""
#. type: SH
#: debian-bookworm
#, no-wrap
msgid "NOTES"
msgstr ""
#. type: IP
#: debian-bookworm
#, no-wrap
msgid " 1."
msgstr ""
#. type: Plain text
#: debian-bookworm
msgid "Boot Loader Interface"
msgstr ""
#. type: Plain text
#: debian-bookworm
msgid "\\%https://systemd.io/BOOT_LOADER_INTERFACE"
msgstr ""
|