This is because of the update to systemd 254. It now emits this warning when the random-seed file is world readable, which it would be by default with vfat. Yes, the fix is to add umask=0077 (or, equivalently, fmask=0077 and dmask=0077) to the mount options. This is what systemd-gpt-auto-generator does, for example. We didn’t end up adding anything to NixOS to add those options automatically because there are some awkward edge cases that make it not so trivial. And the warning should only come up when doing something that has to do with the random-seed, such as the initial install.
8 Likes