Difference between revisions of "Systemd-boot"

From ArchWiki
Jump to: navigation, search
m (spelling)
(okay, then i'll literally copy that from https://www.freedesktop.org/wiki/Software/systemd/systemd-boot/)
 
(257 intermediate revisions by 83 users not shown)
Line 1: Line 1:
 +
{{lowercase title}}
 
[[Category:Boot loaders]]
 
[[Category:Boot loaders]]
[http://freedesktop.org/wiki/Software/gummiboot Gummiboot] is a UEFI boot manager written by Kay Sievers and Harald Hoyer. It is simple to configure, but can only start EFI executables, the Linux kernel (with CONFIG_EFI_STUB enabled), grub.efi, and such.
+
[[de:Gummiboot]]
 +
[[es:Systemd-boot]]
 +
[[ja:Systemd-boot]]
 +
[[ru:Systemd-boot]]
 +
[[zh-hans:Systemd-boot]]
 +
{{Related articles start}}
 +
{{Related|Arch boot process}}
 +
{{Related|Boot loaders}}
 +
{{Related|Secure Boot}}
 +
{{Related|Unified Extensible Firmware Interface}}
 +
{{Related articles end}}
  
{{Note|
+
'''systemd-boot''', previously called '''gummiboot''', is a simple UEFI boot manager which executes configured EFI images. The default entry is selected by a configured pattern (glob) or an on-screen menu. It is included with {{pkg|systemd}}, which is installed on Arch system by default.
In the following steps replace {{ic|$esp}} with path to your [[UEFI#Create_an_UEFI_System_Partition_in_Linux|EFI System Partition]], which is normally mounted on {{ic|/boot/efi}} (although some users have it on {{ic|/boot}} directly).
+
 
}}
+
It is simple to configure but it can only start EFI executables such as the Linux kernel [[EFISTUB]], UEFI Shell, GRUB, the Windows Boot Manager.
 +
 
 +
== Installation ==
 +
 
 +
=== EFI boot ===
 +
 
 +
# Make sure you are booted in UEFI mode.
 +
# Verify [[Unified_Extensible_Firmware_Interface#Requirements_for_UEFI_variable_support|your EFI variables are accessible]].
 +
# Mount your [[EFI System Partition]] (ESP) properly. {{ic|''esp''}} is used to denote the mountpoint in this article. {{Note|''systemd-boot'' cannot load EFI binaries from other partitions. It is therefore recommended to mount your ESP to {{ic|/boot}}. In case you want to separate {{ic|/boot}} from the ESP see [[#Manually]] for more information.}}
 +
# If the ESP is '''not''' mounted at {{ic|/boot}}, then copy your kernel and initramfs onto that ESP. {{Note|For a way to automatically keep the kernel updated on the ESP, have a look at [[EFISTUB#Using systemd]] for some systemd units that can be adapted. If your EFI System Partition is using automount, you may need to add {{ic|vfat}} to a file in {{ic|/etc/modules-load.d/}} to ensure the current running kernel has the {{ic|vfat}} module loaded at boot, before any kernel update happens that could replace the module for the currently running version making the mounting of {{ic|/boot/efi}} impossible until reboot.}}
 +
# Type the following command to install ''systemd-boot'': {{bc|1=# bootctl --path=''esp'' install}} It will copy the ''systemd-boot'' binary to your EFI System Partition ({{ic|''esp''/EFI/systemd/systemd-bootx64.efi}} and {{ic|''esp''/EFI/Boot/BOOTX64.EFI}} – both of which are identical – on x86-64 systems) and add ''systemd-boot'' itself as the default EFI application (default boot entry) loaded by the EFI Boot Manager.
 +
# Finally you must [[#Configuration|configure]] the boot loader to function properly.
 +
 
 +
=== BIOS boot ===
 +
 
 +
{{Warning|This is not recommended.}}
 +
You can successfully install ''systemd-boot'' if booted with in BIOS mode. However, this process requires you to tell firmware to launch ''systemd-boot'''s EFI file at boot, usually via two ways:
 +
 
 +
* you have a working EFI Shell somewhere else.
 +
 
 +
* your firmware interface provides a way of properly setting the EFI file that needs to be loaded at boot time.
 +
 
 +
If you can do it, the installation is easier: go into your EFI Shell or your firmware configuration interface and change your machine's default EFI file to {{ic|''esp''/EFI/systemd/systemd-bootx64.efi}} ( or {{ic|systemd-bootia32.efi}} depending if your system firmware is 32 bit).
 +
 
 +
{{Note|the firmware interface of Dell Latitude series provides everything you need to setup EFI boot but the EFI Shell won't be able to write to the computer's ROM.}}
 +
 
 +
=== Updating ===
 +
 
 +
Unlike the previous separate ''gummiboot'' package, which updated automatically on a new package release with a {{ic|post_install}} script, updates of new ''systemd-boot'' versions must now be done manually by the user. However the procedure can be automated using pacman hooks.
 +
 
 +
==== Manually ====
 +
 
 +
''systemd-boot'' ({{man|1|bootctl}}) assumes that your EFI System Partition is mounted on {{ic|/boot}}.
 +
 
 +
# bootctl update
 +
 
 +
If the ESP is not mounted on {{ic|/boot}}, the {{ic|1=--path=}} option can pass it. For example:
 +
 
 +
# bootctl --path=''esp'' update
  
== Installing ==
+
{{Note|This is also the command to use when migrating from ''gummiboot'', before removing that package. If that package has already been removed, however, run {{ic|1=bootctl --path=''esp'' install}}.}}
  
Install {{Pkg|gummiboot-efi}} from [extra] and copy the bootloader to the EFI partition:
+
==== Automatically ====
  
If you are on a 64-bit UEFI system:
+
The [[AUR]] package {{AUR|systemd-boot-pacman-hook}} provides a [[Pacman#Hooks|Pacman hook]] to automate the update process. [[Install|Installing]] the package will add a hook which will be executed every time the {{Pkg|systemd}} package is upgraded.
# cp /usr/lib/gummiboot/gummibootx64.efi $esp/EFI/gummiboot/gummiboot.efi
 
  
If you are on a 32-bit UEFI system:
+
Alternatively, place the following pacman hook in the {{ic|/etc/pacman.d/hooks/}} directory:
# cp /usr/lib/gummiboot/gummibootia32.efi $esp/EFI/gummiboot/gummiboot.efi
 
  
Then add it to the boot configuration: (only needs to be done once; skip this when upgrading)
+
{{hc|/etc/pacman.d/hooks/systemd-boot.hook|2=
 +
[Trigger]
 +
Type = Package
 +
Operation = Upgrade
 +
Target = systemd
  
# efibootmgr -c -g -d /dev/sdX -p Y -w -L "Gummiboot" -l '\EFI\gummiboot\gummiboot.efi'
+
[Action]
 +
Description = Updating systemd-boot...
 +
When = PostTransaction
 +
Exec = /usr/bin/bootctl update
 +
}}
  
where /dev/sdX is the drive and Y is the partition number of your UEFISYS partition.
+
== Configuration ==
  
{{note|{{ic|efibootmgr}} can be used only when already booted in UEFI mode. If you do not have another UEFI bootloader set up, you can either run {{ic|gummiboot.efi}} from the UEFI Shell, or copy it to the "default" location {{ic|$esp/EFI/boot/bootx64.efi}} for x86_64 systems.}}
+
=== Basic configuration ===
  
== Configuring ==
+
The basic configuration is stored in {{ic|''esp''/loader/loader.conf}} file and it is composed by three options:
  
The basic configuration is kept in {{ic|$esp/loader/loader.conf}}, with just two possible configuration options:
+
* {{ic|default}} – default entry to select (without the {{ic|.conf}} suffix); can be a wildcard like {{ic|arch-*}}.
  
* {{ic|default}} – default entry to select (without the {{ic|.conf}} suffix); can be a wildcard like {{ic|arch-*}}
+
* {{ic|timeout}} – menu timeout in seconds. If this is not set, the menu will only be shown on {{ic|Space}} key (or most other keys actually work too) press during boot.
  
* {{ic|timeout}} – menu timeout in seconds. If this is not set, the menu will only be shows when you hold the space key while booting.
+
* {{ic|editor}} – whether to enable the kernel parameters editor or not. {{ic|1}} (default) is enabled, {{ic|0}} is disabled; since the user can add {{ic|1=init=/bin/bash}} to bypass root password and gain root access, it is strongly recommended to set this option to {{ic|0}}.
  
 
Example:
 
Example:
  
{{hc|$esp/loader/loader.conf|
+
{{hc|''esp''/loader/loader.conf|
 
default  arch
 
default  arch
 
timeout  4
 
timeout  4
 +
editor  0
 
}}
 
}}
  
Note that both options can be changed in the boot menu itself, which will store them as EFI variables.
+
{{Note|The first 2 options can be changed in the boot menu itself and changes will be stored as EFI variables.}}
  
== Adding boot entries ==
+
{{Tip|A basic configuration file example is located at {{ic|/usr/share/systemd/bootctl/loader.conf}}.}}
  
{{note|
+
=== Adding boot entries ===
If you have separate partitions for {{ic|/boot}} and {{ic|/boot/efi}}, you '''must''' copy the kernel and initramfs to the EFI partition. Gummiboot does not support loading kernels from other partitions than itself. See the section below on how to automate this.
+
 
 +
{{Note|
 +
* ''bootctl'' will automatically check for "'''Windows Boot Manager'''" ({{ic|\EFI\Microsoft\Boot\Bootmgfw.efi}}), "'''EFI Shell'''" ({{ic|\shellx64.efi}}) and "'''EFI Default Loader'''" ({{ic|\EFI\Boot\bootx64.efi}}) at boot time, as well as specially prepared kernel files found in {{ic|\EFI\Linux}}. When detected, corresponding entries with titles {{ic|auto-windows}}, {{ic|auto-efi-shell}} and {{ic|auto-efi-default}}, respectively, will be automatically generated. These entries do not require manual loader configuration. However, it does not auto-detect other EFI applications (unlike [[rEFInd]]), so for booting the Linux kernel, manual configuration entries must be created.
 +
 
 +
* If you dual-boot Windows, it is strongly recommended to disable its default [[Dual boot with Windows#Fast_Start-Up|Fast Start-Up]] option.
 +
* Remember to load the intel [[microcode]] with {{ic|initrd}} if applicable.
 +
* You can find the {{ic|PARTUUID}} for your root partition with the command {{ic|1=blkid -s PARTUUID -o value /dev/sd''xY''}}, where {{ic|''x''}} is the device letter and {{ic|''Y''}} is the partition number. This is required only for your root partition, not {{ic|''esp''}}.}}
 +
 
 +
''bootctl'' searches for boot menu items in {{ic|''esp''/loader/entries/*.conf}} – each file found must contain exactly one boot entry. The possible options are:
 +
 
 +
* {{ic|title}} – operating system name. '''Required.'''
 +
 
 +
* {{ic|version}} – kernel version, shown only when multiple entries with same title exist. Optional.
 +
 
 +
* {{ic|machine-id}} – machine identifier from {{ic|/etc/machine-id}}, shown only when multiple entries with same title and version exist. Optional.
 +
 
 +
* {{ic|efi}} – EFI program to start, relative to your ESP ({{ic|''esp''}}); e.g. {{ic|/vmlinuz-linux}}. Either this or {{ic|linux}} (see below) is '''required.'''
 +
 
 +
* {{ic|options}} – command line options to pass to the EFI program or kernel boot parameters. Optional, but you will need at least {{ic|1=initrd=''efipath''}} and {{ic|1=root=''dev''}} if booting Linux.
 +
 
 +
For Linux, you can specify {{ic|linux ''path-to-vmlinuz''}} and {{ic|initrd ''path-to-initramfs''}}; this will be automatically translated to {{ic|efi ''path''}} and {{ic|1=options initrd=''path''}} – this syntax is only supported for convenience and has no differences in function.
 +
 
 +
{{Style|There shouldn't be so many examples for specifying mount options or [[kernel parameters]].}}
 +
 
 +
==== Standard root installations ====
 +
 
 +
Here is an example entry for a root partition without LVM or LUKS:
 +
 
 +
{{hc|''esp''/loader/entries/arch.conf|2=
 +
title          Arch Linux
 +
linux          /vmlinuz-linux
 +
initrd        /initramfs-linux.img
 +
options        root=PARTUUID=14420948-2cea-4de7-b042-40f67c618660 rw
 
}}
 
}}
  
Gummiboot searches for boot menu items in {{ic|$esp/loader/entries/*.conf}} – each file found must contain exactly one boot entry. The possible options are:
+
Please note in the example above that {{ic|PARTUUID}}/{{ic|PARTLABEL}} identifies a GPT partition, and differs from {{ic|UUID}}/{{ic|LABEL}}, which identifies a filesystem. Using the {{ic|PARTUUID}}/{{ic|PARTLABEL}} is advantageous because it is invariant (i.e. unchanging) if you reformat the partition with another filesystem, or if the {{ic|/dev/sd* }}mapping changed for some reason. It is also useful if you do not have a filesystem on the partition (or use LUKS, which does not support {{ic|LABEL}}s).
  
* {{ic|title}} – operating system name. '''Required.'''
+
{{Tip|An example entry file is located at {{ic|/usr/share/systemd/bootctl}}.}}
 +
 
 +
==== LVM root installations ====
 +
 
 +
{{Warning|''systemd-boot'' cannot be used without a separate {{ic|/boot}} filesystem outside of LVM.}}
 +
 
 +
Here is an example for a root partition using [[LVM|Logical Volume Management]]:
 +
 
 +
{{hc|''esp''/loader/entries/arch-lvm.conf|2=
 +
title         Arch Linux (LVM)
 +
linux          /vmlinuz-linux
 +
initrd        /initramfs-linux.img
 +
options        root=/dev/mapper/<VolumeGroup-LogicalVolume> rw
 +
}}
 +
 
 +
Replace {{ic|<VolumeGroup-LogicalVolume>}} with the actual VG and LV names (e.g. {{ic|1=root=/dev/mapper/volgroup00-lvolroot}}). Alternatively, it is also possible to use a UUID instead:
 +
....
 +
options  root=UUID=<UUID identifier> rw
 +
 
 +
Note that {{ic|1=root='''UUID'''=}} is used instead of {{ic|1=root='''PARTUUID'''=}}, which is used for Root partitions without LVM or LUKS.
 +
 
 +
==== Encrypted Root Installations ====
 +
 
 +
Here is an example configuration file for an encrypted root partition ([[Dm-crypt|DM-Crypt / LUKS]]) using the {{ic|encrypt}} [[mkinitcpio]] hook:
 +
 
 +
{{hc|''esp''/loader/entries/arch-encrypted.conf|2=
 +
title Arch Linux Encrypted
 +
linux /vmlinuz-linux
 +
initrd /initramfs-linux.img
 +
options cryptdevice=UUID=<UUID>:<mapped-name> root=/dev/mapper/<mapped-name> quiet rw
 +
}}
  
* {{ic|title-version}} – kernel version, shown only when multiple entries with same title exist. Optional.
+
UUID is used in this example; {{ic|PARTUUID}} should be able to replace the UUID, if so desired. You may also replace the {{ic|/dev}} path with a regular UUID. {{ic|mapped-name}} is whatever you want it to be called. See [[Dm-crypt/System configuration#Boot loader]].
  
* {{ic|title-machine}} – machine identifier (usually first few letters from {{ic|/etc/machine-id}}, shown only when multiple entries with same title+version exist. Optional.
+
If you are using LVM, your cryptdevice line will look like this:
  
* {{ic|efi}} – EFI program to start; e.g. {{ic|\EFI\arch\vmlinuz-linux.efi}}. '''Required.'''
+
{{hc|''esp''/loader/entries/arch-encrypted-lvm.conf|2=
 +
title Arch Linux Encrypted LVM
 +
linux /vmlinuz-linux
 +
initrd /initramfs-linux.img
 +
options cryptdevice=UUID=<UUID>:MyVolGroup root=/dev/mapper/MyVolGroup-MyVolRoot quiet rw
 +
}}
  
* {{ic|options}} – Command-line options to pass to the EFI program. Optional, but you will need at least {{ic|1=initrd=''efipath''}} and {{ic|1=root=''dev''}} if booting Linux.
+
You can also add other EFI programs such as {{ic|\EFI\arch\grub.efi}}.
  
An example entry for Arch Linux:
+
==== btrfs subvolume root installations ====
  
{{hc|$esp/loader/entries/arch.conf|2=
+
If booting a [[btrfs]] subvolume as root, amend the {{ic|options}} line with {{ic|rootflags<nowiki>=</nowiki>subvol<nowiki>=</nowiki><root subvolume>}}. In the example below, root has been mounted as a btrfs subvolume called 'ROOT' (e.g. {{ic|mount -o subvol<nowiki>=</nowiki>ROOT /dev/sdxY /mnt}}):
 +
 
 +
{{hc|''esp''/loader/entries/arch-btrfs-subvol.conf|2=
 
title          Arch Linux
 
title          Arch Linux
linux          /vmlinuz-linux.efi
+
linux          /vmlinuz-linux
 +
initrd        /initramfs-linux.img
 +
options        root=PARTUUID=14420948-2cea-4de7-b042-40f67c618660 rw rootflags<nowiki>=</nowiki>subvol<nowiki>=</nowiki>ROOT
 +
}}
 +
 
 +
A failure to do so will otherwise result in the following error message: {{ic|ERROR: Root device mounted successfully, but /sbin/init does not exist.}}
 +
 
 +
==== ZFS root installations ====
 +
 
 +
When booting from a [[ZFS]] dataset, add {{ic|zfs<nowiki>=</nowiki><root dataset>}} to the {{ic|options}} line. Here the root dataset has been set to 'zroot/ROOT/default':
 +
 
 +
{{hc|''esp''/loader/entries/arch-zfs.conf|2=
 +
title          Arch Linux ZFS
 +
linux          /vmlinuz-linux
 
initrd        /initramfs-linux.img
 
initrd        /initramfs-linux.img
options        root=PARTUUID=14420948-2cea-4de7-b042-40f67c618660 ro
+
options        zfs=zroot/ROOT/default rw
 
}}
 
}}
  
For Linux, you can specify {{ic|linux ''path-to-vmlinuz''}} and {{ic|initrd ''path-to-initramfs''}}; this will be automatically translated to {{ic|efi ''path''}} and {{ic|1=options initrd=''path''}} – this syntax is only supported for convenience and has no differences in function.
+
When booting off of a ZFS dataset ensure that it has had the {{ic|bootfs}} property set with {{ic| zpool set bootfs<nowiki>=</nowiki><root dataset> <zpool>}}.
 +
 
 +
==== EFI Shells or other EFI apps ====
 +
 
 +
In case you installed EFI shells and other EFI application into the ESP, you can use the following snippets:
  
You can also add other EFI programs such as {{ic|\EFI\arch\grub.efi}} or {{ic|\EFI\Microsoft\Boot\Bootmgfw.efi}} (the Windows 7 boot manager). The EFI Shell, if installed, will be shown automatically.
+
{{hc|''esp''/loader/entries/uefi-shell-v1-x86_64.conf|2=
 +
title  UEFI Shell x86_64 v1
 +
efi   /EFI/shellx64_v1.efi
 +
}}
  
{{hc|$esp/loader/entries/shell.conf|2=
+
{{hc|''esp''/loader/entries/uefi-shell-v2-x86_64.conf|2=
title         UEFI Shell
+
title UEFI Shell x86_64 v2
efi           /shellx64.efi
+
efi   /EFI/shellx64_v2.efi
 
}}
 
}}
  
== Automatic copy on update ==
+
{{Expansion|Add example on how to boot into EFI firmware setup.}}
 +
 
 +
=== Preparing kernels for EFI\Linux ===
 +
 
 +
{{Style|Does not belong here, not specific to systemd-boot.}}
 +
 
 +
''EFI\Linux'' is searched for specially prepared kernel files, which bundle the kernel, the initrd, the kernel command line and /etc/os-release into one file. This file can be easily signed for secure boot.
 +
 
 +
Create the bundle file like this:
 +
 
 +
{{hc|Kernel packaging command:|<nowiki>objcopy \
 +
    --add-section .osrel="/usr/lib/os-release" --change-section-vma .osrel=0x20000 \
 +
    --add-section .cmdline="kernel command line" --change-section-vma .cmdline=0x30000 \
 +
    --add-section .linux="vmlinuz-file" --change-section-vma .linux=0x40000 \
 +
    --add-section .initrd="initrd-file" --change-section-vma .initrd=0x3000000 \
 +
    "/usr/lib/systemd/boot/efi/linuxx64.efi.stub" "linux.efi"</nowiki>}}
 +
 
 +
Optionally sign ''linux.efi'' now (e.g. using ''sbsigntools'' from AUR).
 +
 
 +
Copying ''linux.efi'' into ''{{ic|''esp''\EFI\Linux}}''.
 +
 
 +
=== Support hibernation ===
 +
 
 +
See [[Suspend and hibernate]].
 +
 
 +
=== Kernel parameters editor with password protection ===
 +
 
 +
Alternatively you can install {{AUR|systemd-boot-password}} which supports {{ic|password}} basic configuration option. Use {{ic|sbpctl generate}} to generate a value for this option.
 +
 
 +
Install ''systemd-boot-password'' with the following command:
 +
 
 +
{{bc|1=# sbpctl install ''esp''}}
 +
 
 +
With enabled editor you will be prompted for your password before you can edit kernel parameters.
  
The copying of the {{ic|/usr/lib/gummiboot/gummiboot*.efi}} to the EFI System partition can be automated with systemd (as can eg. be done for the [[UEFI_Bootloaders#Sync_EFISTUB_Kernel_in_UEFISYS_partition_using_Systemd|EFISTUB kernel]]):
+
== Keys inside the boot menu ==
  
{{hc|/etc/systemd/system/gummiboot_copy.path|<nowiki>
+
The following keys are used inside the menu:
[Unit]
+
* {{ic|Up/Down}} - select entry
Description=Copy new version of Gummiboot to UEFISYS Partition
+
* {{ic|Enter}} - boot the selected entry
 +
* {{ic|d}} - select the default entry to boot (stored in a non-volatile EFI variable)
 +
* {{ic|-/T}} - decrease the timeout (stored in a non-volatile EFI variable)
 +
* {{ic|+/t}} - increase the timeout (stored in a non-volatile EFI variable)
 +
* {{ic|e}} - edit the kernel command line. It has no effect if the {{ic|editor}} config option is set to {{ic|0}}.
 +
* {{ic|v}} - show the gummiboot and UEFI version
 +
* {{ic|Q}} - quit
 +
* {{ic|P}} - print the current configuration
 +
* {{ic|h/?}} - help
  
[Path]
+
These hotkeys will, when pressed inside the menu or during bootup, directly boot
PathChanged=/usr/lib/gummiboot/gummibootx64.efi
+
a specific entry:
Unit=gummiboot_copy.service
 
  
[Install]
+
* {{ic|l}} - Linux
WantedBy=multi-user.target</nowiki>}}
+
* {{ic|w}} - Windows
 +
* {{ic|a}} - OS X
 +
* {{ic|s}} - EFI Shell
 +
* {{ic|1-9}} - number of entry
  
{{hc|/etc/systemd/system/gummiboot_copy.service|<nowiki>
+
== Troubleshooting ==
[Unit]
 
Description=Copy new version of Gummiboot to UEFISYS Partition
 
  
[Service]
+
=== Manual entry using efibootmgr ===
Type=oneshot
 
ExecStart=/bin/cp -f /usr/lib/gummiboot/gummibootx64.efi /boot/efi/EFI/gummiboot/gummiboot.efi
 
</nowiki>}}
 
  
Change {{ic|gummibootx64.efi}} to {{ic|gummibootia32.efi}} for a 32-bit UEFI system.
+
If {{ic|bootctl install}} command failed, you can create a EFI boot entry manually using {{Pkg|efibootmgr}}:
  
After creating the files run:
+
# efibootmgr -c -d /dev/sdX -p Y -l /EFI/systemd/systemd-bootx64.efi -L "Linux Boot Manager"
  
# systemctl enable gummiboot_copy.path
+
where {{ic|/dev/sdXY}} is the [[EFI System Partition]].
# systemctl start gummiboot_copy.path
 
  
== Separate boot and EFI partitions ==
+
=== Menu does not appear after Windows upgrade ===
  
TODO: link my kernel-post-upgrade stuff, https://github.com/grawity/code/tree/master/os/arch
+
See [[UEFI#Windows changes boot order]].
  
== Inside the boot menu ==
+
== See also ==
  
TODO: document keybindings from http://freedesktop.org/wiki/Software/gummiboot
+
* http://www.freedesktop.org/wiki/Software/systemd/systemd-boot/

Latest revision as of 19:48, 5 November 2017

systemd-boot, previously called gummiboot, is a simple UEFI boot manager which executes configured EFI images. The default entry is selected by a configured pattern (glob) or an on-screen menu. It is included with systemd, which is installed on Arch system by default.

It is simple to configure but it can only start EFI executables such as the Linux kernel EFISTUB, UEFI Shell, GRUB, the Windows Boot Manager.

Installation

EFI boot

  1. Make sure you are booted in UEFI mode.
  2. Verify your EFI variables are accessible.
  3. Mount your EFI System Partition (ESP) properly. esp is used to denote the mountpoint in this article.
    Note: systemd-boot cannot load EFI binaries from other partitions. It is therefore recommended to mount your ESP to /boot. In case you want to separate /boot from the ESP see #Manually for more information.
  4. If the ESP is not mounted at /boot, then copy your kernel and initramfs onto that ESP.
    Note: For a way to automatically keep the kernel updated on the ESP, have a look at EFISTUB#Using systemd for some systemd units that can be adapted. If your EFI System Partition is using automount, you may need to add vfat to a file in /etc/modules-load.d/ to ensure the current running kernel has the vfat module loaded at boot, before any kernel update happens that could replace the module for the currently running version making the mounting of /boot/efi impossible until reboot.
  5. Type the following command to install systemd-boot:
    # bootctl --path=esp install
    It will copy the systemd-boot binary to your EFI System Partition (esp/EFI/systemd/systemd-bootx64.efi and esp/EFI/Boot/BOOTX64.EFI – both of which are identical – on x86-64 systems) and add systemd-boot itself as the default EFI application (default boot entry) loaded by the EFI Boot Manager.
  6. Finally you must configure the boot loader to function properly.

BIOS boot

Warning: This is not recommended.

You can successfully install systemd-boot if booted with in BIOS mode. However, this process requires you to tell firmware to launch systemd-boot's EFI file at boot, usually via two ways:

  • you have a working EFI Shell somewhere else.
  • your firmware interface provides a way of properly setting the EFI file that needs to be loaded at boot time.

If you can do it, the installation is easier: go into your EFI Shell or your firmware configuration interface and change your machine's default EFI file to esp/EFI/systemd/systemd-bootx64.efi ( or systemd-bootia32.efi depending if your system firmware is 32 bit).

Note: the firmware interface of Dell Latitude series provides everything you need to setup EFI boot but the EFI Shell won't be able to write to the computer's ROM.

Updating

Unlike the previous separate gummiboot package, which updated automatically on a new package release with a post_install script, updates of new systemd-boot versions must now be done manually by the user. However the procedure can be automated using pacman hooks.

Manually

systemd-boot (bootctl(1)) assumes that your EFI System Partition is mounted on /boot.

# bootctl update

If the ESP is not mounted on /boot, the --path= option can pass it. For example:

# bootctl --path=esp update
Note: This is also the command to use when migrating from gummiboot, before removing that package. If that package has already been removed, however, run bootctl --path=esp install.

Automatically

The AUR package systemd-boot-pacman-hookAUR provides a Pacman hook to automate the update process. Installing the package will add a hook which will be executed every time the systemd package is upgraded.

Alternatively, place the following pacman hook in the /etc/pacman.d/hooks/ directory:

/etc/pacman.d/hooks/systemd-boot.hook
[Trigger]
Type = Package
Operation = Upgrade
Target = systemd

[Action]
Description = Updating systemd-boot...
When = PostTransaction
Exec = /usr/bin/bootctl update

Configuration

Basic configuration

The basic configuration is stored in esp/loader/loader.conf file and it is composed by three options:

  • default – default entry to select (without the .conf suffix); can be a wildcard like arch-*.
  • timeout – menu timeout in seconds. If this is not set, the menu will only be shown on Space key (or most other keys actually work too) press during boot.
  • editor – whether to enable the kernel parameters editor or not. 1 (default) is enabled, 0 is disabled; since the user can add init=/bin/bash to bypass root password and gain root access, it is strongly recommended to set this option to 0.

Example:

esp/loader/loader.conf
default  arch
timeout  4
editor   0
Note: The first 2 options can be changed in the boot menu itself and changes will be stored as EFI variables.
Tip: A basic configuration file example is located at /usr/share/systemd/bootctl/loader.conf.

Adding boot entries

Note:
  • bootctl will automatically check for "Windows Boot Manager" (\EFI\Microsoft\Boot\Bootmgfw.efi), "EFI Shell" (\shellx64.efi) and "EFI Default Loader" (\EFI\Boot\bootx64.efi) at boot time, as well as specially prepared kernel files found in \EFI\Linux. When detected, corresponding entries with titles auto-windows, auto-efi-shell and auto-efi-default, respectively, will be automatically generated. These entries do not require manual loader configuration. However, it does not auto-detect other EFI applications (unlike rEFInd), so for booting the Linux kernel, manual configuration entries must be created.
  • If you dual-boot Windows, it is strongly recommended to disable its default Fast Start-Up option.
  • Remember to load the intel microcode with initrd if applicable.
  • You can find the PARTUUID for your root partition with the command blkid -s PARTUUID -o value /dev/sdxY, where x is the device letter and Y is the partition number. This is required only for your root partition, not esp.

bootctl searches for boot menu items in esp/loader/entries/*.conf – each file found must contain exactly one boot entry. The possible options are:

  • title – operating system name. Required.
  • version – kernel version, shown only when multiple entries with same title exist. Optional.
  • machine-id – machine identifier from /etc/machine-id, shown only when multiple entries with same title and version exist. Optional.
  • efi – EFI program to start, relative to your ESP (esp); e.g. /vmlinuz-linux. Either this or linux (see below) is required.
  • options – command line options to pass to the EFI program or kernel boot parameters. Optional, but you will need at least initrd=efipath and root=dev if booting Linux.

For Linux, you can specify linux path-to-vmlinuz and initrd path-to-initramfs; this will be automatically translated to efi path and options initrd=path – this syntax is only supported for convenience and has no differences in function.

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements.Tango-edit-clear.png

Reason: There shouldn't be so many examples for specifying mount options or kernel parameters. (Discuss in Talk:Systemd-boot#)

Standard root installations

Here is an example entry for a root partition without LVM or LUKS:

esp/loader/entries/arch.conf
title          Arch Linux
linux          /vmlinuz-linux
initrd         /initramfs-linux.img
options        root=PARTUUID=14420948-2cea-4de7-b042-40f67c618660 rw

Please note in the example above that PARTUUID/PARTLABEL identifies a GPT partition, and differs from UUID/LABEL, which identifies a filesystem. Using the PARTUUID/PARTLABEL is advantageous because it is invariant (i.e. unchanging) if you reformat the partition with another filesystem, or if the /dev/sd* mapping changed for some reason. It is also useful if you do not have a filesystem on the partition (or use LUKS, which does not support LABELs).

Tip: An example entry file is located at /usr/share/systemd/bootctl.

LVM root installations

Warning: systemd-boot cannot be used without a separate /boot filesystem outside of LVM.

Here is an example for a root partition using Logical Volume Management:

esp/loader/entries/arch-lvm.conf
title          Arch Linux (LVM)
linux          /vmlinuz-linux
initrd         /initramfs-linux.img
options        root=/dev/mapper/<VolumeGroup-LogicalVolume> rw

Replace <VolumeGroup-LogicalVolume> with the actual VG and LV names (e.g. root=/dev/mapper/volgroup00-lvolroot). Alternatively, it is also possible to use a UUID instead:

....
options  root=UUID=<UUID identifier> rw

Note that root=UUID= is used instead of root=PARTUUID=, which is used for Root partitions without LVM or LUKS.

Encrypted Root Installations

Here is an example configuration file for an encrypted root partition (DM-Crypt / LUKS) using the encrypt mkinitcpio hook:

esp/loader/entries/arch-encrypted.conf
title Arch Linux Encrypted
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=UUID=<UUID>:<mapped-name> root=/dev/mapper/<mapped-name> quiet rw

UUID is used in this example; PARTUUID should be able to replace the UUID, if so desired. You may also replace the /dev path with a regular UUID. mapped-name is whatever you want it to be called. See Dm-crypt/System configuration#Boot loader.

If you are using LVM, your cryptdevice line will look like this:

esp/loader/entries/arch-encrypted-lvm.conf
title Arch Linux Encrypted LVM
linux /vmlinuz-linux
initrd /initramfs-linux.img
options cryptdevice=UUID=<UUID>:MyVolGroup root=/dev/mapper/MyVolGroup-MyVolRoot quiet rw

You can also add other EFI programs such as \EFI\arch\grub.efi.

btrfs subvolume root installations

If booting a btrfs subvolume as root, amend the options line with rootflags=subvol=<root subvolume>. In the example below, root has been mounted as a btrfs subvolume called 'ROOT' (e.g. mount -o subvol=ROOT /dev/sdxY /mnt):

esp/loader/entries/arch-btrfs-subvol.conf
title          Arch Linux
linux          /vmlinuz-linux
initrd         /initramfs-linux.img
options        root=PARTUUID=14420948-2cea-4de7-b042-40f67c618660 rw rootflags=subvol=ROOT

A failure to do so will otherwise result in the following error message: ERROR: Root device mounted successfully, but /sbin/init does not exist.

ZFS root installations

When booting from a ZFS dataset, add zfs=<root dataset> to the options line. Here the root dataset has been set to 'zroot/ROOT/default':

esp/loader/entries/arch-zfs.conf
title          Arch Linux ZFS
linux          /vmlinuz-linux
initrd         /initramfs-linux.img
options        zfs=zroot/ROOT/default rw

When booting off of a ZFS dataset ensure that it has had the bootfs property set with zpool set bootfs=<root dataset> <zpool>.

EFI Shells or other EFI apps

In case you installed EFI shells and other EFI application into the ESP, you can use the following snippets:

esp/loader/entries/uefi-shell-v1-x86_64.conf
title  UEFI Shell x86_64 v1
efi    /EFI/shellx64_v1.efi
esp/loader/entries/uefi-shell-v2-x86_64.conf
title  UEFI Shell x86_64 v2
efi    /EFI/shellx64_v2.efi

Tango-view-fullscreen.pngThis article or section needs expansion.Tango-view-fullscreen.png

Reason: Add example on how to boot into EFI firmware setup. (Discuss in Talk:Systemd-boot#)

Preparing kernels for EFI\Linux

Tango-edit-clear.pngThis article or section needs language, wiki syntax or style improvements.Tango-edit-clear.png

Reason: Does not belong here, not specific to systemd-boot. (Discuss in Talk:Systemd-boot#)

EFI\Linux is searched for specially prepared kernel files, which bundle the kernel, the initrd, the kernel command line and /etc/os-release into one file. This file can be easily signed for secure boot.

Create the bundle file like this:

Kernel packaging command:
objcopy \
    --add-section .osrel="/usr/lib/os-release" --change-section-vma .osrel=0x20000 \
    --add-section .cmdline="kernel command line" --change-section-vma .cmdline=0x30000 \
    --add-section .linux="vmlinuz-file" --change-section-vma .linux=0x40000 \
    --add-section .initrd="initrd-file" --change-section-vma .initrd=0x3000000 \
    "/usr/lib/systemd/boot/efi/linuxx64.efi.stub" "linux.efi"

Optionally sign linux.efi now (e.g. using sbsigntools from AUR).

Copying linux.efi into esp\EFI\Linux.

Support hibernation

See Suspend and hibernate.

Kernel parameters editor with password protection

Alternatively you can install systemd-boot-passwordAUR which supports password basic configuration option. Use sbpctl generate to generate a value for this option.

Install systemd-boot-password with the following command:

# sbpctl install esp

With enabled editor you will be prompted for your password before you can edit kernel parameters.

Keys inside the boot menu

The following keys are used inside the menu:

  • Up/Down - select entry
  • Enter - boot the selected entry
  • d - select the default entry to boot (stored in a non-volatile EFI variable)
  • -/T - decrease the timeout (stored in a non-volatile EFI variable)
  • +/t - increase the timeout (stored in a non-volatile EFI variable)
  • e - edit the kernel command line. It has no effect if the editor config option is set to 0.
  • v - show the gummiboot and UEFI version
  • Q - quit
  • P - print the current configuration
  • h/? - help

These hotkeys will, when pressed inside the menu or during bootup, directly boot a specific entry:

  • l - Linux
  • w - Windows
  • a - OS X
  • s - EFI Shell
  • 1-9 - number of entry

Troubleshooting

Manual entry using efibootmgr

If bootctl install command failed, you can create a EFI boot entry manually using efibootmgr:

# efibootmgr -c -d /dev/sdX -p Y -l /EFI/systemd/systemd-bootx64.efi -L "Linux Boot Manager"

where /dev/sdXY is the EFI System Partition.

Menu does not appear after Windows upgrade

See UEFI#Windows changes boot order.

See also