From 49850c1ee34ce047940e4b0fa537a11365b05f5b Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Fri, 30 Jun 2023 11:46:16 +0200 Subject: [PATCH] man: document where PID 1 imports credentials from --- man/systemd.xml | 35 ++++++++++++++++++++++++++++++++++- 1 file changed, 34 insertions(+), 1 deletion(-) diff --git a/man/systemd.xml b/man/systemd.xml index 2cffe01aff..754aadbb6a 100644 --- a/man/systemd.xml +++ b/man/systemd.xml @@ -1051,7 +1051,40 @@ System credentials - The service manager when run as PID 1 reads the following system credentials: + During initialization the service manager will import credentials from various sources into the + system's set of credentials, which can then be propagated into services and consumed by + generators: + + + When the service manager first initializes it will read system credentials from SMBIOS + Type 11 vendor strings + io.systemd.credential:name=value, + and + io.systemd.credential.binary:name=value. + + At the same time it will import credentials from QEMU fw_cfg. (Note + that the SMBIOS mechanism is generally preferred, because it is faster and generic.) + + Credentials may be passed via the kernel command line, using the + systemd.set-credential= parameter, see above. + + Credentials may be passed from the UEFI environment via + systemd-stub7. + + When the service manager is invoked during the initrd → host transition it will import + all files in /run/credentials/@initrd/ as system credentials. + + + Invoke + systemd-creds1 as + follows to see the list of credentials passed into the system: + + # systemd-creds --system list + + For further information see System and Service + Credentials documentation. + + The service manager when run as PID 1 consumes the following system credentials: -- 2.25.1