units/systemd-boot-system-token.service

   1 #  SPDX-License-Identifier: LGPL-2.1-or-later
   2 #
   3 #  This file is part of systemd.
   4 #
   5 #  systemd is free software; you can redistribute it and/or modify it
   6 #  under the terms of the GNU Lesser General Public License as published by
   7 #  the Free Software Foundation; either version 2.1 of the License, or
   8 #  (at your option) any later version.
   9
  10 [Unit]
  11 Description=Store a System Token in an EFI Variable
  12 Documentation=man:systemd-boot-system-token.service(8)
  13
  14 DefaultDependencies=no
  15 Conflicts=shutdown.target
  16 After=local-fs.target systemd-random-seed.service
  17 Before=shutdown.target
  18
  19 # Don't run this in a VM environment, because there EFI variables are not
  20 # actually stored in NVRAM, independent of regular storage.
  21 ConditionVirtualization=no
  22
  23 # Only run this if the boot loader can support random seed initialization.
  24 ConditionPathExists=/sys/firmware/efi/efivars/LoaderFeatures-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
  25
  26 # Only run this if there is no system token defined yet, or …
  27 ConditionPathExists=|!/sys/firmware/efi/efivars/LoaderSystemToken-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
  28
  29 # … if the boot loader didn't pass the OS a random seed (and thus probably was missing the random seed file)
  30 ConditionPathExists=|!/sys/firmware/efi/efivars/LoaderRandomSeed-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
  31
  32 [Service]
  33 Type=oneshot
  34 RemainAfterExit=yes
  35 ExecStart=bootctl random-seed --graceful