Support systemd-boot random seed

nix-community / lanzaboote

Secure Boot for NixOS [maintainers=@blitz @raitobezarius @nikstur]

GNU General Public License v3.0

888 stars 45 forks source link

Support systemd-boot random seed #129

Open Conni2461 opened 1 year ago

Conni2461 commented 1 year ago

Thanks for your work on this amazing project.

I've just successfully setup lanzaboote and enabled random seed using bootctl. After a reboot i noticed that random seed exists but isn't passed to the OS.

Random Seed:
 Passed to OS: no
 System Token: set
       Exists: yes

nikstur commented 1 year ago

Relates to #126 because it requires writing a "system secret" into the efivars.

blitz commented 1 year ago

Is there documentation on how the random seed is supposed to work?

nikstur commented 1 year ago

There is this article that explains it fairly well.

Edit: This https://github.com/systemd/systemd/commit/0be72218f1c90af5755ab40f94d047ee6864aea8 describes the current implementation.