1# SPDX-License-Identifier: LGPL-2.1-or-later 2# 3# This file is part of systemd. 4# 5# systemd is free software; you can redistribute it and/or modify it 6# under the terms of the GNU Lesser General Public License as published by 7# the Free Software Foundation; either version 2.1 of the License, or 8# (at your option) any later version. 9 10[Unit] 11Description=Store a System Token in an EFI Variable 12Documentation=man:systemd-boot-system-token.service(8) 13DefaultDependencies=no 14Conflicts=shutdown.target 15After=local-fs.target systemd-random-seed.service 16Before=shutdown.target 17 18# Don't run this in a VM environment, because there EFI variables are not 19# actually stored in NVRAM, independent of regular storage. 20ConditionVirtualization=no 21 22# Only run this if the boot loader can support random seed initialization. 23ConditionPathExists=/sys/firmware/efi/efivars/LoaderFeatures-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f 24 25# Only run this if there is no system token defined yet, or … 26ConditionPathExists=|!/sys/firmware/efi/efivars/LoaderSystemToken-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f 27 28# … if the boot loader didn't pass the OS a random seed (and thus probably was missing the random seed file) 29ConditionPathExists=|!/sys/firmware/efi/efivars/LoaderRandomSeed-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f 30 31[Service] 32Type=oneshot 33RemainAfterExit=yes 34ExecStart=bootctl random-seed --graceful 35