-
Jonas Termansen authored
The bootloader will now load the /boot/random.seed file if it exists, in which case the kernel will use it as the initial kernel entropy. The kernel warns if no random seed was loaded, unless the --no-random-seed option was given. This option is used for live environments that inherently have no prior secret state. The kernel initializes its entropy pool from the random seed as of the first things, so randomness is available very early on. init(8) will emit a fresh /boot/random.seed file on boot to avoid the same entropy being used twice. init(8) also writes out /boot/random.seed on system shutdown where the system has the most entropy. init(8) will warn if writing the file fails, except if /boot is a real-only filesystem, and keeping such state is impossible. The system administrator is then responsible for ensuring the bootloader somehow passes a fresh random seed on the next boot. /boot/random.seed must be owned by the root user and root gro...
84c0844f