From: Lennart Poettering Date: Fri, 30 Jun 2023 09:46:16 +0000 (+0200) Subject: man: document where PID 1 imports credentials from X-Git-Tag: v254-rc1~33^2~2 X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=49850c1ee34ce047940e4b0fa537a11365b05f5b;p=thirdparty%2Fsystemd.git man: document where PID 1 imports credentials from --- diff --git a/man/systemd.xml b/man/systemd.xml index 2cffe01aff1..754aadbb6aa 100644 --- a/man/systemd.xml +++ b/man/systemd.xml @@ -1051,7 +1051,40 @@ System credentials - The service manager when run as PID 1 reads the following system credentials: + During initialization the service manager will import credentials from various sources into the + system's set of credentials, which can then be propagated into services and consumed by + generators: + + + When the service manager first initializes it will read system credentials from SMBIOS + Type 11 vendor strings + io.systemd.credential:name=value, + and + io.systemd.credential.binary:name=value. + + At the same time it will import credentials from QEMU fw_cfg. (Note + that the SMBIOS mechanism is generally preferred, because it is faster and generic.) + + Credentials may be passed via the kernel command line, using the + systemd.set-credential= parameter, see above. + + Credentials may be passed from the UEFI environment via + systemd-stub7. + + When the service manager is invoked during the initrd → host transition it will import + all files in /run/credentials/@initrd/ as system credentials. + + + Invoke + systemd-creds1 as + follows to see the list of credentials passed into the system: + + # systemd-creds --system list + + For further information see System and Service + Credentials documentation. + + The service manager when run as PID 1 consumes the following system credentials: