systemd-random-seed(8) — Linux manual page

NAME | SYNOPSIS | DESCRIPTION | ENVIRONMENT | SEE ALSO | NOTES | COLOPHON

SYSTEMD-RANDOM-SEED.SERVICE(8)md-random-seed.serviceD-RANDOM-SEED.SERVICE(8)

NAME         top

       systemd-random-seed.service, systemd-random-seed - Load and save the
       system random seed at boot and shutdown

SYNOPSIS         top

       systemd-random-seed.service

       /usr/lib/systemd/random-seed

DESCRIPTION         top

       systemd-random-seed.service is a service that loads an on-disk random
       seed into the kernel entropy pool during boot and saves it at
       shutdown. See random(4) for details. By default, no entropy is
       credited when the random seed is written into the kernel entropy
       pool, but this may be changed with $SYSTEMD_RANDOM_SEED_CREDIT, see
       below. On disk the random seed is stored in
       /var/lib/systemd/random-seed.

       Note that this service runs relatively late during the early boot
       phase, i.e. generally after the initial RAM disk (initrd) completed
       its work, and the /var/ file system has been mounted writable. Many
       system services require entropy much earlier than this — this service
       is hence of limited use for complex system. It is recommended to use
       a boot loader that can pass an initial random seed to the kernel to
       ensure that entropy is available from earliest boot on, for example
       systemd-boot(7), with its bootctl random-seed functionality.

       When loading the random seed from disk, the file is immediately
       updated with a new seed retrieved from the kernel, in order to ensure
       no two boots operate with the same random seed. This new seed is
       retrieved synchronously from the kernel, which means the service will
       not complete start-up until the random pool is fully initialized. On
       entropy-starved systems this may take a while. This functionality is
       intended to be used as synchronization point for ordering services
       that require an initialized entropy pool to function securely (i.e.
       services that access /dev/urandom without any further precautions).

       Care should be taken when creating OS images that are replicated to
       multiple systems: if the random seed file is included unmodified each
       system will initialize its entropy pool with the same data, and thus
       — if otherwise entropy-starved — generate the same or at least
       guessable random seed streams. As a safety precaution crediting
       entropy is thus disabled by default. It is recommended to remove the
       random seed from OS images intended for replication on multiple
       systems, in which case it is safe to enable entropy crediting, see
       below.

       See Random Seeds[1] for further information.

ENVIRONMENT         top

       $SYSTEMD_RANDOM_SEED_CREDIT
           By default, systemd-random-seed.service does not credit any
           entropy when loading the random seed. With this option this
           behaviour may be changed: it either takes a boolean parameter or
           the special string "force". Defaults to false, in which case no
           entropy is credited. If true, entropy is credited if the random
           seed file and system state pass various superficial concisistency
           checks. If set to "force" entropy is credited, regardless of
           these checks, as long as the random seed file exists.

SEE ALSO         top

       systemd(1), random(4), systemd-boot(7), bootctl(4)

NOTES         top

        1. Random Seeds
           https://systemd.io/RANDOM_SEEDS

COLOPHON         top

       This page is part of the systemd (systemd system and service manager)
       project.  Information about the project can be found at 
       ⟨http://www.freedesktop.org/wiki/Software/systemd⟩.  If you have a bug
       report for this manual page, see
       ⟨http://www.freedesktop.org/wiki/Software/systemd/#bugreports⟩.  This
       page was obtained from the project's upstream Git repository
       ⟨https://github.com/systemd/systemd.git⟩ on 2020-07-14.  (At that
       time, the date of the most recent commit that was found in the repos‐
       itory was 2020-07-14.)  If you discover any rendering problems in
       this HTML version of the page, or you believe there is a better or
       more up-to-date source for the page, or you have corrections or
       improvements to the information in this COLOPHON (which is not part
       of the original manual page), send a mail to man-pages@man7.org

systemd 246                                   SYSTEMD-RANDOM-SEED.SERVICE(8)

Pages that refer to this page: 30-systemd-environment-d-generator(7)systemd.index(7)