Systemd-boot: Difference between revisions
No edit summary |
→Installation: It is possible to install gummiboot from a legacy OS - provided you change the firmware's settings after the install |
||
| Line 21: | Line 21: | ||
== Installation == | == Installation == | ||
=== EFI boot === | |||
First, make sure your are booted in UEFI mode, [[UEFI#Requirements for UEFI Variables support to work properly|your EFI variables are accessible]], your EFI System Partition is properly mounted and your kernel and initramfs are copied onto that ESP as gummiboot cannot load EFI binaries from other partitions. It is therefore strongly recommended to mount your ESP to {{ic|/boot}} if you use gummiboot. | First, make sure your are booted in UEFI mode, [[UEFI#Requirements for UEFI Variables support to work properly|your EFI variables are accessible]], your EFI System Partition is properly mounted and your kernel and initramfs are copied onto that ESP as gummiboot cannot load EFI binaries from other partitions. It is therefore strongly recommended to mount your ESP to {{ic|/boot}} if you use gummiboot. | ||
| Line 28: | Line 29: | ||
# gummiboot --path=''$esp'' install | # gummiboot --path=''$esp'' install | ||
=== Legacy boot === | |||
You can also successfully install gummiboot if booted with a legacy OS. However, this requires that you later on tell your firmware to launch gummiboot's EFI file on boot: either you have a working EFI shell somewhere or your firmware interface provides you with a way of properly setting the EFI file that will be loaded at boot time. | |||
{{Note|This is for example possible on Dell's Latitude series that will simply refuse you touch the firmware with an EFI shell}} | |||
If you can do so, the installation is easier: [[install]] {{Pkg|gummiboot}} from the [[official repositories]], go into your EFI shell or your firmware configuration interface and change your machine's defualt EFI file to {{ic|/boot/efi/gummiboot/gummibootx64.efi}}. | |||
=== Updating === | === Updating === | ||
Revision as of 22:06, 4 December 2014
From gummiboot homepage:
- gummiboot is a simple UEFI boot manager which executes configured EFI images. The default entry is selected by a configured pattern (glob) or an on-screen menu.
It is simple to configure, but can only start EFI executables, the Linux kernel EFISTUB, UEFI Shell, grub.efi, and such.
$esp denotes the mountpoint of the EFI System Partition aka ESP.Installation
EFI boot
First, make sure your are booted in UEFI mode, your EFI variables are accessible, your EFI System Partition is properly mounted and your kernel and initramfs are copied onto that ESP as gummiboot cannot load EFI binaries from other partitions. It is therefore strongly recommended to mount your ESP to /boot if you use gummiboot.
Then, install the package gummiboot from the official repositories.
Finally, type the following command to copy the gummiboot binary to your EFI System Partition and add gummiboot itself as the default EFI application (default boot entry) loaded by the EFI Boot Manager. If you are not booted in UEFI mode and your EFI variables are not accessible, creating the boot entry will fail. You should however still be able to boot gummiboot as it copies the binary to the default EFI binary location on your ESP ($esp/EFI/boot/bootx64.efi on x64 systems) unless a non-gummiboot EFI application is already present as the same filename.
# gummiboot --path=$esp install
Legacy boot
You can also successfully install gummiboot if booted with a legacy OS. However, this requires that you later on tell your firmware to launch gummiboot's EFI file on boot: either you have a working EFI shell somewhere or your firmware interface provides you with a way of properly setting the EFI file that will be loaded at boot time.
If you can do so, the installation is easier: install gummiboot from the official repositories, go into your EFI shell or your firmware configuration interface and change your machine's defualt EFI file to /boot/efi/gummiboot/gummibootx64.efi.
Updating
gummiboot assumes that your EFI System Partition is mounted on /boot in which case, each time a new gummiboot version is installed, the command gummiboot --path=$esp update will be called automatically by the post_install method of the install script. If your ESP is not mounted on /boot, you will have to call manually that command.
Configuration
Basic Configuration
The basic configuration is kept in $esp/loader/loader.conf, with just two possible configuration options:
default– default entry to select (without the.confsuffix); can be a wildcard likearch-*
timeout– menu timeout in seconds. If this is not set, the menu will only be shown when you hold the space key while booting.
Example:
$esp/loader/loader.conf
default arch timeout 4
Note that both options can be changed in the boot menu itself, which will store them as EFI variables.
Adding boot entries
gummiboot searches for boot menu items in $esp/loader/entries/*.conf – each file found must contain exactly one boot entry. The possible options are:
title– operating system name. Required.
version– kernel version, shown only when multiple entries with same title exist. Optional.
machine-id– machine identifier from/etc/machine-id, shown only when multiple entries with same title and version exist. Optional.
efi– EFI program to start, relative to your ESP ($esp); e.g./vmlinuz-linux. Either this orlinux(see below) is required.
options– Command-line options to pass to the EFI program. Optional, but you will need at leastinitrd=efipathandroot=devif booting Linux.
For Linux, you can specify linux path-to-vmlinuz and initrd path-to-initramfs; this will be automatically translated to efi path and options initrd=path – this syntax is only supported for convenience and has no differences in function.
You can find your PARTUUID with blkid -s PARTUUID -o value /dev/sdxx (/dev/sdxx should be your root partition and not $esp)
An example entry for Arch Linux:
$esp/loader/entries/arch.conf
title Arch Linux linux /vmlinuz-linux initrd /initramfs-linux.img options root=PARTUUID=14420948-2cea-4de7-b042-40f67c618660 rw
Please note in the example above that PARTUUID/PARTLABEL identifies a GPT partition, and differs from UUID/LABEL, which identifies a filesystem. Using the PARTUUID/PARTLABEL is advantageous because it is invariant if you reformat the partition with another filesystem or the /dev/sd* mapping changed for some reason. It is also useful if you do not have a filesystem on the partition (or use LUKS, which does not support LABELs).
An example entry for encrypted root (dm-crypt with LUKS)
$esp/loader/entries/arch-encrypted.conf
title Arch Linux (Encrypted) linux /path/to/vmlinuz-linux options initrd=/path/to/initramfs-linux.img cryptdevice=UUID=<UUID>:luks-<UUID> root=UUID=<luks-UUID> rw
In the encrypted example, note that the initrd is in options -- this does not appear to be discretionary at this time. Note that UUID is used for in this example. PARTUUID should be able to replace the UUID, if so desired.
You can also add other EFI programs such as \EFI\arch\grub.efi.
\EFI\Microsoft\Boot\Bootmgfw.efi), "EFI Shell" (\shellx64.efi) and "EFI Default Loader" (\EFI\Boot\bootx64.efi), and display entries for them if they are present, so you do not have to manually create entries for them. However it does not autodetect other EFI applications (unlike rEFInd), so for booting the kernel, manual config entries must be created as mentioned above.Add security
You have to note that the kernel command line parameters can be edited from the gummiboot's boot manager menu (see #Keys) by pressing e. This is a major security flaw since if you redefine the init= kernel argument with init=/bin/bash for example, this will boot your machine directly as root without any password, bypassing easily the root password that has been defined! Since gummiboot does not currently have a password feature and has no ability to prevent kernel parameters changes, you need to make sure to define a password at hardware level (UEFI/BIOS) which prevents the computer to boot if the right password has not been entered.
Since security is made of several levels and physical access already breaks any security systems, maybe encrypting your disk with dm-crypt would come in handy especially if your machine is a laptop. But this is another concern not related to gummiboot.
Support hibernation
Please refer to that article Suspend and hibernate, especially the Example for gummiboot.
Keys
The following keys are used inside the menu:
Up/Down- select entryEnter- boot the selected entryd- select the default entry to boot (stored in a non-volatile EFI variable)-/T- decrease the timeout (stored in a non-volatile EFI variable)+/t- increase the timeout (stored in a non-volatile EFI variable)e- edit the kernel command linev- show the gummiboot and UEFI versionQ- quitP- print the current configurationh/?- help
These hotkeys will, when pressed inside the menu or during bootup, directly boot a specific entry:
l- Linuxw- Windowsa- OS Xs- EFI Shell1-9- number of entry
Troubleshooting
Manual entry using efibootmgr
If gummiboot install command failed, you can create a EFI boot entry manually using efibootmgr utility:
# efibootmgr -c -d /dev/sdX -p Y -l /EFI/gummiboot/gummibootx64.efi -L "Gummiboot"
where /dev/sdXY is the EFISYS partition.
Menu does not appear after Windows upgrade
For example, if you upgraded from Windows 8 to Windows 8.1, and you no longer see a boot menu after the upgrade (i.e., Windows boots immediately):
- Make sure Secure Boot (BIOS setting) and Fast Startup (Windows power option setting) are both disabled.
- Make sure your BIOS prefers Linux Boot Manager over Windows Boot Manager (depending on your BIOS, this might appear under a BIOS setting like Hard Disk Drive Priority).