diff options
author | Jason A. Donenfeld <Jason@zx2c4.com> | 2022-11-17 16:35:12 +0100 |
---|---|---|
committer | Luca Boccassi <luca.boccassi@gmail.com> | 2022-11-17 18:15:04 +0100 |
commit | 1d679b208d982bd5b8ba893981774cac5959b4b4 (patch) | |
tree | dcd2bdd69bf2b9108e9f8fa7325461d909444453 /NEWS | |
parent | fa4c01933d16f54444ec66271510b4c18a9501a8 (diff) | |
download | systemd-1d679b208d982bd5b8ba893981774cac5959b4b4.tar.gz |
Update NEWS and TODO with sd-boot random seed developments
Diffstat (limited to 'NEWS')
-rw-r--r-- | NEWS | 20 |
1 files changed, 20 insertions, 0 deletions
@@ -1,5 +1,25 @@ systemd System and Service Manager +CHANGES WITH 253 in spe: + + Changes in sd-boot, bootctl, and the Boot Loader Specification: + + * systemd-boot now passes its random seed directly to the kernel's RNG + via the LINUX_EFI_RANDOM_SEED_TABLE_GUID configuration table, which + means the RNG gets seeded very early in boot before userspace has + started. + + * systemd-boot will pass a random seed when secure boot is enabled if + it can additionally get a random seed from EFI itself, via EFI's RNG + protocol or a prior seed in LINUX_EFI_RANDOM_SEED_TABLE_GUID from a + preceding bootloader. + + * The random seed stored in ESP is now refreshed whenever + systemd-random-seed.service is run. + + * systemd-boot handles various seed inputs using a domain- and + field-separated hashing scheme. + CHANGES WITH 252 🎃: Announcements of Future Feature Removals: |