systemd seti yehurongwa hwekutonga madhimoni, maraibhurari, uye maturusi akagadzirwa seyepakati manejimendi uye yekumisikidza chikuva chekudyidzana neLinux inoshanda system kernel.
Mushure memwedzi mitatu nehafu yebudiriro, kuburitswa kweiyo vhezheni itsva ye systemd 253 yakaziviswa, vhezheni umo utility. 'ukify' inosanganisirwa kuunganidza, kuona uye kugadzira masiginecha emifananidzo yakabatana kernel (UKI, Unified Kernel Image), kusanganisa mutyairi wekurodha kernel kubva kuUEFI (UEFI boot stub), mufananidzo weLinux kernel, uye nharaunda yesystem yakarodha muinitrd ndangariro inoshandiswa kutanga munhanho usati waisa mudzi weFS.
Zvinobatsira inotsiva kushanda kwakambopihwa neiyo 'dracut -uefi' command uye inoipedzisa nemaitiro ekuverenga otomatiki mafisi mumafaira ePE, kusanganisa kwekutanga, kusaina inomisikidzwa kernel mifananidzo, kugadzira mifananidzo yakasanganiswa ne sbsign, heuristics yekutarisa zita re kernel, kusimbiswa kwechifananidzo neboot screen, uye nekuwedzera kweakasainwa PCR mitemo inogadzirwa ne. iyo systemd-chiyero chinoshandiswa.
Imwe shanduko inomira pachena ndeyekuti systemd-boot yakagadziridzwa kutanga kwepseudorandom nhamba jenareta kernel uye ye disk backend. Yakawedzerwa rutsigiro rwekurodha kernel kwete chete kubva kuESP (EFI System Partition), semuenzaniso, kubva kufirmware kana zvakananga kuQEMU. Uye zvakare, ongororo yeSMBIOS paramita yakapihwa kuti ione kutangwa munzvimbo yekuona. Iyo nyowani "kana yakachengeteka" modhi yakashandiswa apo chitupa cheUEFI Chengetedza Boot chinotakurwa kubva kuESP chete kana ichinzi yakachengeteka (ichimhanya mumuchina chaiwo).
Zvinobatsira bootctl inoshandisa system token generation pane ese EFI masisitimu, kunze kweiyo virtualization nharaunda. Yakawedzerwa 'kernel-identify' uye 'kernel-inspect' mirairo kuratidza kernel mufananidzo rudzi uye ruzivo pamusoro pekuraira mutsara sarudzo uye kernel vhezheni, 'unlink' kubvisa faira rine chekuita neyokutanga boot rekodhi mhando, "kuchenesa" kubvisa mafaera ese. kubva ku "entry-token" dhairekitori paESP neXBOOTLDR, isingabatanidzwe nemhando yekutanga yekupinda bhutsu. Kubata kweiyo KERNEL_INSTALL_CONF_ROOT kusiyanisa kunopihwa.
Parameter "OpenFile" yakawedzerwa kumasevhisi ekuvhura mafaera asina kupokana muFS (kana kuti ubatanidze kune Unix sockets) uye pfuudza iyo yakabatana faira tsananguro kune inomhanya maitiro (semuenzaniso, kana iwe uchifanira kuronga kuwana faira kune asina kurongeka mushandisi).
En systemd-cryptenroll, nekunyoresa makiyi matsva, zvinokwanisika kuvhura zvikamu zvakavharidzirwa uchishandisa FIDO2 tokens (-unlock-fido2-device) pasina chikonzero chekuisa password. Inochengeta PIN yakatsanangurwa nemushandisi nemunyu kuita kuti kutsunga kwechisimba kunyanye kuoma.
Of the dzimwe shanduko dzinomira pachena:
- Yakawedzerwa rutsigiro rwekunze-kwe-memory initrd nharaunda dzinoshandisa overlayfs panzvimbo yetmpfs. Kune nharaunda dzakadai, systemd haibvisi mafaera ese muinitrd mushure mekuchinja midzi faira.
- Yakawedzerwa ReloadLimitIntervalSec uye ReloadLimitBurst marongero, pamwe nekernel command line sarudzo (systemd.reload_limit_interval_sec uye /systemd.reload_limit_burst) kudzikamisa kumashure maitiro ekutangazve mwero.
- Pamadhiraivha, iyo "MemoryZSwapMax" sarudzo inoshandiswa kugadzirisa memory.zswap.max pfuma, iyo inosarudza iyo yakawanda zswap saizi.
- Kune mayunitsi, iyo "LogFilterPatterns" sarudzo inoshandiswa, iyo inokutendera iwe kuti uise mataurirwo enguva dzose kusefa ruzivo rwunoratidzwa mugiyo (rinogona kushandiswa kusabvisa chimwe chinobuda kana kuchengetedza imwe data chete).
- Iyo 'systemctl list-dependencies' command ikozvino inobata iyo '-type' uye '-state' sarudzo, uye iyo 'systemctl kexec' yekuraira inowedzera rutsigiro rweXen hypervisor-yakavakirwa nharaunda.
- Yakawedzerwa tsigiro yesarudzo dzeSocketPriority uye QuickAck, RouteMetric=high|medium|low, kune .network mafaira muchikamu che[DHCPv4].
- systemd-journal-remote inobvumira MaxUse, KeepFree, MaxFileSize, uye MaxFiles marongero kudzikamisa disk nzvimbo yekushandisa.
- Yakawedzera tsigiro yesystemd-cryptsetup kutumira zvikumbiro zvinobatika kune FIDO2 tokens kuti vaone kuvepo kwavo kusati kwasimbiswa.
- Yakawedzera mitsva mitsva tpm2-measure-bank uye tpm2-measure-pcr kune crypttab.
Chekupedzisira, kana iwe uchifarira kuziva zvakawanda nezvazvo, unogona kubvunza iyo ruzivo mune inotevera chinongedzo.