<?xml version='1.0'?> <!--*-nxml-*-->
-<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
-
<!-- SPDX-License-Identifier: LGPL-2.1+ -->
<refentry id="loader.conf" conditional='ENABLE_EFI'
<refnamediv>
<refname>loader.conf</refname>
- <refpurpose>Configuration file for sd-boot</refpurpose>
+ <refpurpose>Configuration file for systemd-boot</refpurpose>
</refnamediv>
<refsynopsisdiv>
<para><filename><replaceable>ESP</replaceable>/loader/loader.conf</filename>,
- <filename><replaceable>ESP</replaceable>/loader/loader.conf.d/*.conf</filename>
+ <filename><replaceable>ESP</replaceable>/loader/entries/*.conf</filename>
</para>
</refsynopsisdiv>
<title>Description</title>
<para>
- <citerefentry><refentrytitle>sd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>
- will read <filename>/loader/loader.conf</filename> and any files with the
+ <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ will read <filename><replaceable>ESP</replaceable>/loader/loader.conf</filename> and any files with the
<literal>.conf</literal> extension under
- <filename>/loader/loader.conf.d/</filename> on the EFI system partition (ESP).
+ <filename><replaceable>ESP</replaceable>/loader/entries/</filename> on the EFI system partition (ESP).
</para>
<para>Each configuration file must consist of an option name, followed by
<refsect1>
<title>Options</title>
- <para>The following configuration options are understood:</para>
+ <para>The following configuration options in <filename>loader.conf</filename> are understood:</para>
<variablelist>
<varlistentry>
<para>If the timeout is disabled, the default entry will be booted
immediately. The menu can be shown by pressing and holding a key before
- sd-boot is launched.</para>
+ systemd-boot is launched.</para>
</listitem>
</varlistentry>
<listitem><para>Takes a boolean argument. Enable (the default) or disable
the "Reboot into firmware" entry.</para></listitem>
</varlistentry>
+
+ <varlistentry>
+ <term>random-seed-mode</term>
+
+ <listitem><para>Takes one of <literal>off</literal>, <literal>with-system-token</literal> and
+ <literal>always</literal>. If <literal>off</literal> no random seed data is read off the ESP, nor
+ passed to the OS. If <literal>with-system-token</literal> (the default)
+ <command>systemd-boot</command> will read a random seed from the ESP (from the file
+ <filename>/loader/random-seed</filename>) only if the <varname>LoaderSystemToken</varname> EFI
+ variable is set, and then derive the random seed to pass to the OS from the combination. If
+ <literal>always</literal> the boot loader will do so even if <varname>LoaderSystemToken</varname> is
+ not set. This mode is useful in environments where protection against OS image reuse is not a
+ concern, and the random seed shall be used even with no further setup in place. Use <command>bootctl
+ random-seed</command> to initialize both the random seed file in the ESP and the system token EFI
+ variable.</para>
+
+ <para>See <ulink url="https://systemd.io/RANDOM_SEEDS">Random Seeds</ulink> for further
+ information.</para></listitem>
+ </varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>See Also</title>
<para>
- <citerefentry><refentrytitle>sd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
<citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
</para>
</refsect1>