systemd-boot-system-token.service failing

[dmp1ce]

systemd-boot-system-token.service is failing with the message Failed to open random seed file for writing: Operation not permitted

On IRC, the #archlinux channel was kind enough to help me.

That's bootctl trying to write the random seed. (A new feature in systemd 243.) Is /boot mounted read-only for some reason?

I was not sure if /boot is mounted as read-only but I thought it probably was.

Could you help me to get bootctl to write the random seed with the ALEZ setup?

[dmp1ce]

More information about the issue: https://bbs.archlinux.org/viewtopic.php?id=249348

[dmp1ce]

Also, trying to set the random seed doesn't work once the system is booted.

sudo bootctl random-seed
Failed to open random seed file for writing: Operation not permitted

[johnramsden]

You need to set the esp path, try:

bootctl random-seed --esp-path=/mnt/efi

Then set in /mnt/efi/loader/loader.conf:

random-seed-mode always

If that doesn't work, check if your boot partition is mounted read only, it shouldn't be by default, but if you have file system errors it could be.

[dmp1ce]

That did it. Thank you!