Difference between revisions of "Unified Extensible Firmware Interface"

From ArchWiki
Jump to: navigation, search
m (Booting 64-bit kernel on 32-bit UEFI: Gummiboot -> systemd-boot)
m (efibootmgr: clarified ESP)
(44 intermediate revisions by 15 users not shown)
Line 4: Line 4:
 
[[ja:Unified Extensible Firmware Interface]]
 
[[ja:Unified Extensible Firmware Interface]]
 
[[ru:Unified Extensible Firmware Interface]]
 
[[ru:Unified Extensible Firmware Interface]]
[[zh-CN:Unified Extensible Firmware Interface]]
+
[[zh-hans:Unified Extensible Firmware Interface]]
 
{{Related articles start}}
 
{{Related articles start}}
 
{{Related|Arch boot process}}
 
{{Related|Arch boot process}}
Line 13: Line 13:
 
{{Related|UEFI/Hardware}}
 
{{Related|UEFI/Hardware}}
 
{{Related articles end}}
 
{{Related articles end}}
{{Warning|While the choice to install in UEFI mode is forward looking, early vendor UEFI implementations may carry more bugs than their BIOS counterparts. It is advised to do a search relating to your particular mainboard model before proceeding.}}
+
{{Warning|While the choice to install in UEFI mode is forward looking, early vendor UEFI implementations ''may'' carry more bugs than their BIOS counterparts. It is advised to do a search relating to your particular motherboard model before proceeding.}}
  
The [http://www.uefi.org/ Unified Extensible Firmware Interface] (EFI or UEFI for short) is a new model for the interface between operating systems and firmware. It provides a standard environment for booting an operating system and running pre-boot applications.  
+
The [http://www.uefi.org/ Unified Extensible Firmware Interface] (EFI or UEFI for short) is a new model for the interface between operating systems and firmware. It provides a standard environment for booting an operating system and running pre-boot applications.
  
 
It is distinct from the commonly used "[[MBR]] boot code" method followed for [[Wikipedia:BIOS|BIOS]] systems. See [[Arch boot process]] for their differences and the boot process using UEFI. To set up UEFI Boot Loaders, see [[Boot loaders]].
 
It is distinct from the commonly used "[[MBR]] boot code" method followed for [[Wikipedia:BIOS|BIOS]] systems. See [[Arch boot process]] for their differences and the boot process using UEFI. To set up UEFI Boot Loaders, see [[Boot loaders]].
  
 
== UEFI versions ==
 
== UEFI versions ==
* UEFI started as Intel's EFI in versions 1.x.  
+
* UEFI started as Intel's EFI in versions 1.x.
* Later, a group of companies called the UEFI Forum took over its development, which renamed it as Unified EFI starting with version 2.0.  
+
* Later, a group of companies called the UEFI Forum took over its development, which renamed it as Unified EFI starting with version 2.0.
* Unless specified as EFI 1.x, EFI and UEFI terms are used interchangeably to denote UEFI 2.x firmware.
+
* Unless specified as EFI 1.x, EFI and UEFI terms are used interchangeably to denote UEFI 2.x firmware.
* As of 15 April 2015, UEFI Specification 2.5 is the most recent version.  
 
 
* Apple's EFI implementation is neither a EFI 1.x version nor UEFI 2.x version but mixes up both. This kind of firmware does not fall under any one (U)EFI specification and therefore is not a standard UEFI firmware. Unless stated explicitly, these instructions are general and some of them may not work or may be different in [[MacBook|Apple Macs]].
 
* Apple's EFI implementation is neither a EFI 1.x version nor UEFI 2.x version but mixes up both. This kind of firmware does not fall under any one (U)EFI specification and therefore is not a standard UEFI firmware. Unless stated explicitly, these instructions are general and some of them may not work or may be different in [[MacBook|Apple Macs]].
  
== UEFI Firmware bitness ==
+
The latest UEFI Specification can be found at http://uefi.org/specifications.
  
Under UEFI, every program whether it is an OS loader or a utility (e.g. a memory testing app or recovery tool), should be a UEFI Application corresponding to the EFI firmware bitness/architecture.  
+
== UEFI firmware bitness ==
 +
 
 +
Under UEFI, every program whether it is an OS loader or a utility (e.g. a memory testing app or recovery tool), should be a UEFI Application corresponding to the EFI firmware bitness/architecture.
  
 
The vast majority of UEFI firmwares, including recent Apple Macs, use x86_64 EFI firmware. The only known devices that use IA32 (32-bit) EFI are older (pre 2008) Apple Macs, some Intel Cloverfield ultrabooks and some older Intel Server boards that are known to operate on Intel EFI 1.10 firmware.
 
The vast majority of UEFI firmwares, including recent Apple Macs, use x86_64 EFI firmware. The only known devices that use IA32 (32-bit) EFI are older (pre 2008) Apple Macs, some Intel Cloverfield ultrabooks and some older Intel Server boards that are known to operate on Intel EFI 1.10 firmware.
Line 38: Line 39:
 
Check whether the dir {{ic|/sys/firmware/efi}} exists, if it exists it means the kernel has booted in EFI mode. In that case the UEFI bitness is same as kernel bitness. (ie. i686 or x86_64)
 
Check whether the dir {{ic|/sys/firmware/efi}} exists, if it exists it means the kernel has booted in EFI mode. In that case the UEFI bitness is same as kernel bitness. (ie. i686 or x86_64)
  
{{Note|Intel Atom System-on-Chip systems ship with 32-bit UEFI (as on 2 November 2013). See [[#Booting 64-bit kernel on 32-bit UEFI]] for more info.}}
+
{{Note|Intel Atom System-on-Chip systems ship with 32-bit UEFI (as on 2 November 2013). See [[#Booting 64-bit kernel on 32-bit UEFI]] for more info. Also see [https://blogs.intel.com/evangelists/2015/07/22/why-cheap-systems-run-32-bit-uefi-on-x64-systems/ this Intel blog post].}}
  
 
=== Apple Macs ===
 
=== Apple Macs ===
  
Pre-2008 Macs mostly have i386-efi firmware while >=2008 Macs have mostly x86_64-efi. All Macs capable of running Mac OS X Snow Leopard 64-bit Kernel have x86_64 EFI 1.x firmware.  
+
Pre-2008 Macs mostly have i386-efi firmware while >=2008 Macs have mostly x86_64-efi. All Macs capable of running Mac OS X Snow Leopard 64-bit Kernel have x86_64 EFI 1.x firmware.
  
 
To find out the arch of the efi firmware in a Mac, type the following into the Mac OS X terminal:
 
To find out the arch of the efi firmware in a Mac, type the following into the Mac OS X terminal:
Line 50: Line 51:
 
If the command returns EFI32 then it is IA32 (32-bit) EFI firmware. If it returns EFI64 then it is x86_64 EFI firmware. Most of the Macs do not have UEFI 2.x firmware as Apple's EFI implementation is not fully compliant with UEFI 2.x Specification.
 
If the command returns EFI32 then it is IA32 (32-bit) EFI firmware. If it returns EFI64 then it is x86_64 EFI firmware. Most of the Macs do not have UEFI 2.x firmware as Apple's EFI implementation is not fully compliant with UEFI 2.x Specification.
  
== Linux Kernel Config options for UEFI ==
+
== Linux kernel config options for UEFI ==
  
 
The required Linux Kernel configuration options for UEFI systems are :
 
The required Linux Kernel configuration options for UEFI systems are :
Line 76: Line 77:
 
Retrieved from https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/plain/Documentation/x86/x86_64/uefi.txt .
 
Retrieved from https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/plain/Documentation/x86/x86_64/uefi.txt .
  
== UEFI Variables ==
+
== UEFI variables ==
  
UEFI defines variables through which an operating system can interact with the firmware. UEFI Boot Variables are used by the boot-loader and used by the OS only for early system start-up. UEFI Runtime Variables allow an OS to manage certain settings of the firmware like the UEFI Boot Manager or managing the keys for UEFI Secure Boot Protocol etc. You can get the list using  
+
UEFI defines variables through which an operating system can interact with the firmware. UEFI Boot Variables are used by the boot-loader and used by the OS only for early system start-up. UEFI Runtime Variables allow an OS to manage certain settings of the firmware like the UEFI Boot Manager or managing the keys for UEFI Secure Boot Protocol etc. You can get the list using
 
  $ efivar -l
 
  $ efivar -l
  
=== UEFI Variables Support in Linux Kernel ===
+
=== UEFI variables support in Linux kernel ===
  
 
Linux kernel exposes EFI variables data to userspace via '''efivarfs''' ('''EFI''' '''VAR'''iable '''F'''ile'''S'''ystem) interface ({{ic|CONFIG_EFIVAR_FS}}) - mounted using {{ic|efivarfs}} kernel module at {{ic|/sys/firmware/efi/efivars}} - it has no maximum per-variable size limitation and supports UEFI Secure Boot variables. Introduced in kernel 3.8.
 
Linux kernel exposes EFI variables data to userspace via '''efivarfs''' ('''EFI''' '''VAR'''iable '''F'''ile'''S'''ystem) interface ({{ic|CONFIG_EFIVAR_FS}}) - mounted using {{ic|efivarfs}} kernel module at {{ic|/sys/firmware/efi/efivars}} - it has no maximum per-variable size limitation and supports UEFI Secure Boot variables. Introduced in kernel 3.8.
Line 87: Line 88:
 
=== Requirements for UEFI variable support ===
 
=== Requirements for UEFI variable support ===
  
 +
# Kernel processor [[#UEFI firmware bitness|bitness]] and EFI processor bitness should match.
 +
# Kernel should be booted in EFI mode (via [[EFISTUB]] or any [[Boot loaders|EFI boot loader]], not via BIOS/CSM or Apple's "bootcamp" which is also BIOS/CSM).
 
# EFI Runtime Services support should be present in the kernel ({{ic|1=CONFIG_EFI=y}}, check if present with {{ic|zgrep CONFIG_EFI /proc/config.gz}}).
 
# EFI Runtime Services support should be present in the kernel ({{ic|1=CONFIG_EFI=y}}, check if present with {{ic|zgrep CONFIG_EFI /proc/config.gz}}).
# Kernel processor [[#UEFI Firmware bitness|bitness]] and EFI processor bitness should match.
 
# Kernel should be booted in EFI mode (via [[EFISTUB]] or any [[Boot loaders|EFI boot loader]], not via BIOS/CSM or Apple's "bootcamp" which is also BIOS/CSM).
 
 
# EFI Runtime Services in the kernel SHOULD NOT be disabled via kernel cmdline, i.e. {{ic|noefi}} kernel parameter SHOULD NOT be used.
 
# EFI Runtime Services in the kernel SHOULD NOT be disabled via kernel cmdline, i.e. {{ic|noefi}} kernel parameter SHOULD NOT be used.
 
# {{ic|efivarfs}} filesystem should be mounted at {{ic|/sys/firmware/efi/efivars}}, otherwise follow [[#Mount efivarfs]] section below.
 
# {{ic|efivarfs}} filesystem should be mounted at {{ic|/sys/firmware/efi/efivars}}, otherwise follow [[#Mount efivarfs]] section below.
Line 103: Line 104:
 
==== Mount efivarfs ====
 
==== Mount efivarfs ====
  
{{Warning|1=''efivars'' is mounted writeable by default [https://github.com/systemd/systemd/issues/2402], which may cause permanent damage to the system. [https://bbs.archlinux.org/viewtopic.php?id=207549] As such, consider mounting ''efivars'' read-only ({{ic|-o ro}}) as described below. Note that when it is mounted read-only, tools such as ''efibootmgr'' and bootloaders will not be able to change boot settings, nor will commands like {{ic|systemctl reboot --firmware-setup}} work.}}
+
{{Out of date|1=efivars is chattr +i since linux 4.5, see [https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=0389075ecfb6231818de9b0225d3a5a21a661171]}}
 +
{{Warning|1=''efivars'' is mounted writeable by default [https://github.com/systemd/systemd/issues/2402], which may cause permanent damage to the system. [https://bbs.archlinux.org/viewtopic.php?id=207549]{{Dead link|2016|08|21}} As such, consider mounting ''efivars'' read-only ({{ic|-o ro}}) as described below. Note that when it is mounted read-only, tools such as ''efibootmgr'' and bootloaders will not be able to change boot settings, nor will commands like {{ic|systemctl reboot --firmware-setup}} work.}}
  
 
If {{ic|efivarfs}} is not automatically mounted at {{ic|/sys/firmware/efi/efivars}} by [[systemd]] during boot, then you need to manually mount it to expose UEFI variables to [[#Userspace tools]] like {{ic|efibootmgr}}:
 
If {{ic|efivarfs}} is not automatically mounted at {{ic|/sys/firmware/efi/efivars}} by [[systemd]] during boot, then you need to manually mount it to expose UEFI variables to [[#Userspace tools]] like {{ic|efibootmgr}}:
Line 125: Line 127:
 
There are few tools that can access/modify the UEFI variables, namely
 
There are few tools that can access/modify the UEFI variables, namely
  
# '''efivar''' - Library and Tool to manipulate UEFI Variables (used by efibootmgr) - https://github.com/vathpela/efivar - {{Pkg|efivar}} or {{AUR|efivar-git}}
+
* {{App|efivar|Library and Tool to manipulate UEFI Variables (used by efibootmgr)|https://github.com/vathpela/efivar|{{Pkg|efivar}}, {{AUR|efivar-git}}}}
# '''efibootmgr''' - Tool to manipulate UEFI Firmware Boot Manager Settings - https://github.com/vathpela/efibootmgr - {{Pkg|efibootmgr}} or {{AUR|efibootmgr-git}}
+
* {{App|efibootmgr|Tool to manipulate UEFI Firmware Boot Manager Settings|https://github.com/vathpela/efibootmgr|{{Pkg|efibootmgr}}, {{AUR|efibootmgr-git}}{{Broken package link|package not found}}}}
# '''uefivars''' - Dumps list of EFI variables with some additional PCI related info (uses efibootmgr code internally) - https://github.com/fpmurphy/Various/tree/master/uefivars-2.0 supports only efivarfs and https://github.com/fpmurphy/Various/tree/master/uefivars-1.0 supports only sysfs-efivars . AUR package {{AUR|uefivars-git}}  
+
* {{App|uefivars|Dumps list of EFI variables with some additional PCI related info (uses efibootmgr code internally)|https://github.com/fpmurphy/Various/tree/master/uefivars-2.0|{{AUR|uefivars-git}}}}
# '''efitools''' - Tools for manipulating UEFI secure boot platforms - {{Pkg|efitools}} or {{AUR|efitools-git}}
+
* {{App|efitools|Tools for manipulating UEFI secure boot platforms|http://git.kernel.org/cgit/linux/kernel/git/jejb/efitools.git|{{Pkg|efitools}}, {{AUR|efitools-git}}}}
# '''Ubuntu's Firmware Test Suite''' - https://wiki.ubuntu.com/FirmwareTestSuite/ - {{AUR|fwts}}{{Broken package link|{{aur-mirror|fwts}}}} (along with {{AUR|fwts-efi-runtime-dkms}}{{Broken package link|{{aur-mirror|fwts-efi-runtime-dkms}}}}) or {{AUR|fwts-git}}
+
* {{App|Ubuntu's Firmware Test Suite|Test suite that performs sanity checks on Intel/AMD PC firmware|https://wiki.ubuntu.com/FirmwareTestSuite/|{{AUR|fwts-git}}}}
  
 
==== efibootmgr ====
 
==== efibootmgr ====
  
 
{{Note|
 
{{Note|
* If {{ic|efibootmgr}} completely fails to work in your system, you can reboot into UEFI Shell v2 and use {{ic|bcfg}} command to create a boot entry for the bootloader.
+
* If ''efibootmgr'' does not work on your system, you can reboot into [[#UEFI Shell]] and use {{ic|bcfg}} to create a boot entry for the bootloader.
* If you are unable to use {{ic|efibootmgr}}, some UEFI firmwares allow users to directly manage uefi boot entries from within its boot-time interface.  For example, some ASUS firmwares have an "Add New Boot Option" choice which enables you to select a local EFI System Partition and manually enter the EFI stub location. (for example {{ic|\EFI\refind\refind_x64.efi}}).
+
* If you are unable to use {{ic|efibootmgr}}, some UEFI firmwares allow users to directly manage uefi boot entries from within its boot-time interface.  For example, some ASUS firmwares have an "Add New Boot Option" choice which enables you to select a local EFI System Partition and manually enter the EFI application location e.g. {{ic|\EFI\refind\refind_x64.efi}}.
* The below commands use {{Pkg|refind-efi}} boot-loader as example.
+
* The below commands use [[rEFInd]] boot-loader as example.
 
}}
 
}}
  
Assuming the boot-loader file to be launched is {{ic|/boot/efi/EFI/refind/refind_x64.efi}}, {{ic|/boot/efi/EFI/refind/refind_x64.efi}} can be split up as {{ic|/boot/efi}} and {{ic|/EFI/refind/refind_x64.efi}}, wherein {{ic|/boot/efi}} is the mountpoint of the EFI System Partition, which is assumed to be {{ic|/dev/sdXY}} (here {{ic|X}} and {{ic|Y}} are just placeholders for the actual values - eg:- in {{ic|/dev/sda1}} , {{ic|1=X==a}} {{ic|1=Y==1}}).
+
To add a new boot option using ''efibootmgr'' you need to know three things:
 +
 
 +
# The disk containing the EFI System Partition (ESP): {{ic|/dev/sd''X''}}
 +
# The partition number of the ESP on that disk: the {{ic|''Y''}} in {{ic|/dev/sdX''Y''}}
 +
# The path to the UEFI application (relative to the root of the ESP)
  
To determine the actual device path for the EFI System Partition (assuming mountpoint {{ic|/boot/efi}} for example) (should be in the form {{ic|/dev/sdXY}}), try :
+
For example, if you want to add a boot option for {{ic|/boot/efi/EFI/refind/refind_x64.efi}} where {{ic|/boot/efi}} is the mount point of the ESP, run
  
{{hc|# findmnt /boot/efi|2=
+
{{hc|$ findmnt /boot/efi|2=
TARGET SOURCE FSTYPE OPTIONS
+
TARGET   SOURCE     FSTYPE OPTIONS
/boot/efi /dev/sdXY vfat         rw,flush,tz=UTC
+
/boot/efi /dev/sda1 vfat   rw,flush,tz=UTC
 
}}
 
}}
  
Verify that uefi variables support in kernel is working properly by running:
+
In this example, this indicates that the ESP is on disk {{ic|/dev/sda}} and has partition number 1. The path to the UEFI application relative to the root of the ESP is {{ic|/EFI/refind/refind_x64.efi}}. So you would create the boot entry as follows:
 
 
# efivar -l
 
 
 
If efivar lists the uefi variables without any error, then you can proceed. If not, check whether all the conditions in [[#Requirements for UEFI variable support]] are met.
 
 
 
Then create the boot entry using efibootmgr as follows:
 
 
 
# efibootmgr --create --disk /dev/sdX --part Y --loader /EFI/refind/refind_x64.efi --label "rEFInd Boot Manager"
 
 
 
{{Note|1=UEFI uses backward slash {{ic|\}} as path separator (similar to Windows paths), but the official {{Pkg|efibootmgr}} pkg support passing unix-style paths with forward-slash {{ic|/}} as path-separator for the {{ic|-l}}/{{ic|--loader}} option. Efibootmgr internally converts {{ic|/}} to {{ic|\}} before encoding the loader path. The relevant git commit that incorporated this feature in efibootmgr is http://linux.dell.com/cgi-bin/cgit.cgi/efibootmgr.git/commit/?id=f38f4aaad1dfa677918e417c9faa6e3286411378 .}}
 
  
In the above command {{ic|/boot/efi/EFI/refind/refind_x64.efi}} translates to {{ic|/boot/efi}} and {{ic|/EFI/refind/refind_x64.efi}} which in turn translate to drive {{ic|/dev/sdX}} -> partition {{ic|Y}} -> file {{ic|/EFI/refind/refind_x64.efi}}.
+
# efibootmgr --create --disk /dev/sda --part 1 --loader /EFI/refind/refind_x64.efi --label "rEFInd Boot Manager"
  
The 'label' is the name of the menu entry shown in the UEFI boot menu. This name is user's choice and does not affect the booting of the system. More info can be obtained from [http://linux.dell.com/cgi-bin/cgit.cgi/efibootmgr.git/plain/README efibootmgr GIT README] .
+
See {{man|8|efibootmgr}} or [https://raw.githubusercontent.com/rhinstaller/efibootmgr/master/README efibootmgr README] for more info.
  
FAT32 filesystem is case-insensitive since it does not use UTF-8 encoding by default. In that case the firmware uses capital 'EFI' instead of small 'efi', therefore using {{ic|\EFI\refind\refindx64.efi}} or {{ic|\efi\refind\refind_x64.efi}} does not matter (this will change if the filesystem encoding is UTF-8).
+
{{Note|1=UEFI uses backward slash {{ic|\}} as path separator but ''efibootmgr'' automatically converts UNIX-style {{ic|/}} path separators.}}
  
 
== UEFI Shell ==
 
== UEFI Shell ==
  
The UEFI Shell is a shell/terminal for the firmware which allows launching uefi applications which include uefi bootloaders. Apart from that, the shell can also be used to obtain various other information about the system or the firmware like memory map (memmap), modifying boot manager variables (bcfg), running partitioning programs (diskpart), loading uefi drivers, editing text files (edit), hexedit etc.  
+
The UEFI Shell is a shell/terminal for the firmware which allows launching uefi applications which include uefi bootloaders. Apart from that, the shell can also be used to obtain various other information about the system or the firmware like memory map (memmap), modifying boot manager variables (bcfg), running partitioning programs (diskpart), loading uefi drivers, editing text files (edit), hexedit etc.
  
 
=== Obtaining UEFI Shell ===
 
=== Obtaining UEFI Shell ===
Line 177: Line 173:
 
* [https://github.com/tianocore/edk2/tree/master/ShellBinPkg Precompiled UEFI Shell v2 binaries] (may not be up-to-date)
 
* [https://github.com/tianocore/edk2/tree/master/ShellBinPkg Precompiled UEFI Shell v2 binaries] (may not be up-to-date)
 
* [https://github.com/tianocore/edk2/tree/master/EdkShellBinPkg Precompiled UEFI Shell v1 binaries] (not updated anymore upstream)
 
* [https://github.com/tianocore/edk2/tree/master/EdkShellBinPkg Precompiled UEFI Shell v1 binaries] (not updated anymore upstream)
 +
* [http://dl.dropbox.com/u/17629062/Shell2.zip Precompiled UEFI Shell v2 binary with bcfg modified to work with UEFI pre-2.3 firmware] - from Clover EFI bootloader
  
Shell v2 works best in UEFI 2.3+ systems and is recommended over Shell v1 in those systems. Shell v1 should work in all UEFI systems irrespective of the spec. version the firmware follows. More info at [http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=ShellPkg ShellPkg] and [http://sourceforge.net/mailarchive/message.php?msg_id=28690732 this mail]
+
Shell v2 works best in UEFI 2.3+ systems and is recommended over Shell v1 in those systems. Shell v1 should work in all UEFI systems irrespective of the spec. version the firmware follows. More info at [http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=ShellPkg ShellPkg] and [http://sourceforge.net/mailarchive/message.php?msg_id=28690732 this mail]{{Dead link|2016|08|21}}
  
 
=== Launching UEFI Shell ===
 
=== Launching UEFI Shell ===
Line 188: Line 185:
 
{{Note|If you are unable to launch UEFI Shell from the firmware directly using any of the above mentioned methods, create a FAT32 USB pen drive with {{ic|Shell.efi}} copied as {{ic|(USB)/efi/boot/bootx64.efi}}. This USB should come up in the firmware boot menu. Launching this option will launch the UEFI Shell for you.}}
 
{{Note|If you are unable to launch UEFI Shell from the firmware directly using any of the above mentioned methods, create a FAT32 USB pen drive with {{ic|Shell.efi}} copied as {{ic|(USB)/efi/boot/bootx64.efi}}. This USB should come up in the firmware boot menu. Launching this option will launch the UEFI Shell for you.}}
  
=== Important UEFI Shell Commands ===
+
=== Important UEFI Shell commands ===
  
 
UEFI Shell commands usually support {{ic|-b}} option which makes output pause after each page. Run {{ic|help -b}} to list available commands.
 
UEFI Shell commands usually support {{ic|-b}} option which makes output pause after each page. Run {{ic|help -b}} to list available commands.
Line 196: Line 193:
 
==== bcfg ====
 
==== bcfg ====
  
{{ic|bcfg}} modifies the UEFI NVRAM entries which allows the user to change the boot entries or driver options. This command is described in detail in page 83 (Section 5.3) of "UEFI Shell Specification 2.0" PDF document.
+
{{ic|bcfg}} modifies the UEFI NVRAM entries which allows the user to change the boot entries or driver options. This command is described in detail in page 83 (Section 5.3) of the [http://www.uefi.org/sites/default/files/resources/UEFI_Shell_Spec_2_0.pdf UEFI Shell Specification 2.0] document.
  
 
{{Note|
 
{{Note|
 
* Try {{ic|bcfg}} only if {{ic|efibootmgr}} fails to create working boot entries on your system.
 
* Try {{ic|bcfg}} only if {{ic|efibootmgr}} fails to create working boot entries on your system.
* UEFI Shell v1 official binary does not support {{ic|bcfg}} command. You can download a [http://dl.dropbox.com/u/17629062/Shell2.zip modified UEFI Shell v2 binary] which may work in UEFI pre-2.3 firmwares.
+
* UEFI Shell v1 official binary does not support {{ic|bcfg}} command. See [[#Obtaining UEFI Shell]] for a modified UEFI Shell v2 binary which may work in UEFI pre-2.3 firmwares.
 
}}
 
}}
  
Line 242: Line 239:
 
Before running file system commands such as {{ic|cd}} or {{ic|ls}}, you need to change the shell to the appropriate file system by typing its name:
 
Before running file system commands such as {{ic|cd}} or {{ic|ls}}, you need to change the shell to the appropriate file system by typing its name:
  
  Shell> fs0:
+
Shell> fs0:
  fs0:\> cd EFI/
+
fs0:\> cd EFI/
  
 
==== edit ====
 
==== edit ====
Line 251: Line 248:
 
For example, to edit rEFInd's {{ic|refind.conf}} in the EFI System Partition ({{ic|fs0:}} in the firmware),
 
For example, to edit rEFInd's {{ic|refind.conf}} in the EFI System Partition ({{ic|fs0:}} in the firmware),
  
  Shell> fs0:
+
  Shell> edit FS0:\EFI\refind\refind.conf
FS0:\> cd \EFI\arch\refind
 
FS0:\EFI\arch\refind\> edit refind.conf
 
  
 
Type {{ic|Ctrl-E}} for help.
 
Type {{ic|Ctrl-E}} for help.
  
== UEFI Linux Hardware Compatibility ==
+
== UEFI Linux hardware compatibility ==
  
 
See [[Unified Extensible Firmware Interface/Hardware]] for more information.
 
See [[Unified Extensible Firmware Interface/Hardware]] for more information.
Line 265: Line 260:
 
=== Create UEFI bootable USB from ISO ===
 
=== Create UEFI bootable USB from ISO ===
  
Follow [[USB flash installation media#BIOS and UEFI Bootable USB]]
+
Follow [[USB flash installation media#BIOS and UEFI bootable USB]]
  
=== Remove UEFI boot support from Optical Media ===
+
=== Remove UEFI boot support from optical media ===
  
 
{{Note|This section mentions removing UEFI boot support from a '''CD/DVD only''' (Optical Media), not from a USB flash drive.}}
 
{{Note|This section mentions removing UEFI boot support from a '''CD/DVD only''' (Optical Media), not from a USB flash drive.}}
Line 296: Line 291:
 
== Testing UEFI in systems without native support ==
 
== Testing UEFI in systems without native support ==
  
=== OVMF for Virtual Machines ===
+
=== OVMF for virtual machines ===
 +
 
 +
[https://tianocore.github.io/ovmf/ OVMF] is a tianocore project to enable UEFI support for Virtual Machines. OVMF contains a sample UEFI firmware and a separate non-volatile variable store for QEMU.
 +
 
 +
You can install {{pkg|ovmf}} from the extra repository.
 +
 
 +
It is [http://www.linux-kvm.org/downloads/lersek/ovmf-whitepaper-c770f8c.txt advised] to make a local copy of the non-volatile variable store for your virtual machine:
  
[https://tianocore.github.io/ovmf/ OVMF] is a tianocore project to enable UEFI support for Virtual Machines. OVMF contains a sample UEFI firmware for QEMU.
+
$ cp /usr/share/ovmf/ovmf_vars_x64.bin my_uefi_vars.bin
  
You can install {{pkg|ovmf}} from the extra repository and run it as follows:
+
To use the OVMF firmware and this variable store, add following to your QEMU command:
  
  $ qemu-system-x86_64 -enable-kvm -net none -m 1024 -drive file=/usr/share/ovmf/ovmf_x64.bin,format=raw,if=pflash,readonly
+
  -drive if=pflash,format=raw,readonly,file=/usr/share/ovmf/ovmf_code_x64.bin \
 +
-drive if=pflash,format=raw,file=my_uefi_vars.bin
  
As shorter alternative, {{Pkg|ovmf}} can be loaded using {{ic|-bios}} parameter
+
For example:
  
  $ qemu-system-x86_64 -enable-kvm -m 1G -bios /usr/share/ovmf/ovmf_x64.bin
+
  $ qemu-system-x86_64 -enable-kvm -m 1G -drive if=pflash,format=raw,readonly,file=/usr/share/ovmf/ovmf_code_x64.bin -drive if=pflash,format=raw,file=efi_vars.bin …
  
 
=== DUET for BIOS only systems ===
 
=== DUET for BIOS only systems ===
  
DUET is a tianocore project that enables chainloading a full UEFI environment from a BIOS system, in a way similar to BIOS OS booting. This method is being discussed extensively in http://www.insanelymac.com/forum/topic/186440-linux-and-windows-uefi-boot-using-tianocore-duet-firmware/. Pre-build DUET images can be downloaded from one of the repos at https://gitorious.org/tianocore_uefi_duet_builds. Specific instructions for setting up DUET is available at https://gitorious.org/tianocore_uefi_duet_builds/tianocore_uefi_duet_installer/blobs/raw/master/Migle_BootDuet_INSTALL.txt.  
+
DUET is a tianocore project that enables chainloading a full UEFI environment from a BIOS system, in a way similar to BIOS OS booting. This method is being discussed extensively in http://www.insanelymac.com/forum/topic/186440-linux-and-windows-uefi-boot-using-tianocore-duet-firmware/. Pre-build DUET images can be downloaded from one of the repos at https://gitorious.org/tianocore_uefi_duet_builds {{Dead link|2016|08|21}}. Specific instructions for setting up DUET is available at https://gitorious.org/tianocore_uefi_duet_builds/tianocore_uefi_duet_installer/blobs/raw/master/Migle_BootDuet_INSTALL.txt {{Dead link|2016|08|21}}.
  
 
You can also try http://sourceforge.net/projects/cloverefiboot/ which provides modified DUET images that may contain some system specific fixes and is more frequently updated compared to the gitorious repos.
 
You can also try http://sourceforge.net/projects/cloverefiboot/ which provides modified DUET images that may contain some system specific fixes and is more frequently updated compared to the gitorious repos.
Line 316: Line 318:
 
== Troubleshooting ==
 
== Troubleshooting ==
  
=== Windows 7 will not boot in UEFI Mode ===
+
=== Windows 7 will not boot in UEFI mode ===
  
 
If you have installed Windows to a different hard disk with GPT partitioning and still have a MBR partitioned hard disk in your computer, then it is possible that the firmware (UEFI) is starting its CSM support (for booting MBR partitions) and therefore Windows will not boot. To solve this merge your MBR hard disk to GPT partitioning or disable the SATA port where the MBR hard disk is plugged in or unplug the SATA connector from this hard disk.
 
If you have installed Windows to a different hard disk with GPT partitioning and still have a MBR partitioned hard disk in your computer, then it is possible that the firmware (UEFI) is starting its CSM support (for booting MBR partitions) and therefore Windows will not boot. To solve this merge your MBR hard disk to GPT partitioning or disable the SATA port where the MBR hard disk is plugged in or unplug the SATA connector from this hard disk.
Line 331: Line 333:
 
* Ensure [[Dual boot with Windows#Fast_Start-Up|Fast Startup]] is disabled in your Windows power options
 
* Ensure [[Dual boot with Windows#Fast_Start-Up|Fast Startup]] is disabled in your Windows power options
 
* Ensure [[Secure Boot]] is disabled in your BIOS (if you are not using a signed boot loader)
 
* Ensure [[Secure Boot]] is disabled in your BIOS (if you are not using a signed boot loader)
* Ensure your UEFI boot order does not have Windows Boot Manager set first e.g. using [[#efibootmgr]] and what you see in the configuration tool of the UEFI. Some motherboards override by default any settings set with efibootmgr by Windows if it detects it. This is confirmed in a Packard Bell laptop.
+
* Ensure your UEFI boot order does not have Windows Boot Manager set first e.g. using [[#efibootmgr]] and what you see in the configuration tool of the UEFI. Some motherboards override by default any settings set with efibootmgr by Windows if it detects it. This is confirmed in a Packard Bell laptop.
 
* If your motherboard is booting the default UEFI path ({{ic|\EFI\BOOT\BOOTX64.EFI}}), this file may have been overwritten with the Windows boot loader. Try setting the correct boot path e.g. using [[#efibootmgr]].
 
* If your motherboard is booting the default UEFI path ({{ic|\EFI\BOOT\BOOTX64.EFI}}), this file may have been overwritten with the Windows boot loader. Try setting the correct boot path e.g. using [[#efibootmgr]].
* If the previous steps do not work, you can tell the Windows boot loader to run a different UEFI application. From a Windows Administrator command prompt: {{bc|# bcdedit /set {bootmgr} path \EFI\''path''\''to''\''app.efi''}}
+
* If the previous steps do not work, you can tell the Windows boot loader to run a different UEFI application. From a Windows Administrator command prompt: {{bc|# bcdedit /set "{bootmgr}" path "\EFI\''path''\''to''\''app.efi''"}}
 
* Alternatively, you can set a startup script in Windows that ensures that the boot order is set correctly every time you boot Windows.
 
* Alternatively, you can set a startup script in Windows that ensures that the boot order is set correctly every time you boot Windows.
 
*# Open a command prompt with admin privlages. Run {{ic|bcdedit /enum firmware}} and find your desired boot entry.
 
*# Open a command prompt with admin privlages. Run {{ic|bcdedit /enum firmware}} and find your desired boot entry.
 
*# Copy the Identifier, including the brackets, e.g. {{ic|<nowiki>{31d0d5f4-22ad-11e5-b30b-806e6f6e6963}</nowiki>}}
 
*# Copy the Identifier, including the brackets, e.g. {{ic|<nowiki>{31d0d5f4-22ad-11e5-b30b-806e6f6e6963}</nowiki>}}
*# Create a batch file with the command {{ic|bcdedit /set {fwbootmgr} DEFAULT ''{copied boot identifier}''}}
+
*# Create a batch file with the command {{ic|bcdedit /set "{fwbootmgr}" DEFAULT "{''copied boot identifier''}"}}
*# Open ''gpedit'' and under ''Local Computer Policy > Computer Configuration > Windows Settings > Scripts(Startup/Shutdown)'', choose ''Startup''
+
*# Open ''gpedit.msc'' and under ''Local Computer Policy > Computer Configuration > Windows Settings > Scripts(Startup/Shutdown)'', choose ''Startup''
 
*# Under the ''Scripts'' tab, choose the ''Add'' button, and select your batch file
 
*# Under the ''Scripts'' tab, choose the ''Add'' button, and select your batch file
  
 
=== USB media gets struck with black screen ===
 
=== USB media gets struck with black screen ===
  
This issue can occur either due to [[KMS]] issue. Try [[Kernel mode setting#Disabling_modesetting|Disabling KMS]] while booting the USB.
+
This issue can occur due to [[KMS]] issue. Try [[Kernel mode setting#Disabling_modesetting|Disabling KMS]] while booting the USB.
  
 
=== Booting 64-bit kernel on 32-bit UEFI ===
 
=== Booting 64-bit kernel on 32-bit UEFI ===
  
Both Official ISO ([[Archiso]]) and [[Archboot]] iso use EFISTUB (via [[systemd-boot]] Boot Manager for menu) for booting the kernel in UEFI mode. In such a case you have to use [[GRUB]] as the USB's UEFI bootloader by following the below section.
+
Both Official ISO ([[Archiso]]) and [[Archboot]] iso use EFISTUB (via [[systemd-boot]] Boot Manager for menu) for booting the kernel in UEFI mode. To boot 64-bit kernel with 32-bit UEFI you have to use [[GRUB]] as the USB's UEFI bootloader by following the below section.
  
 
==== Using GRUB ====
 
==== Using GRUB ====
 
{{Tip|The given configuration entries can also be entered inside a [[GRUB#Using_the_command_shell|GRUB command-shell]].}}
 
{{Tip|The given configuration entries can also be entered inside a [[GRUB#Using_the_command_shell|GRUB command-shell]].}}
  
* [[USB flash installation media#BIOS_and_UEFI_Bootable_USB|Create an USB Flash Installation]]
+
* [[USB flash installation media#Using_manual_formatting|Create an editable USB Flash Installation]]. Since we are going to use GRUB, you only need to follow the steps up until the {{ic|syslinux}} part
  
 
* Backup {{ic|EFI/boot/loader.efi}} to {{ic|EFI/boot/gummiboot.efi}}
 
* Backup {{ic|EFI/boot/loader.efi}} to {{ic|EFI/boot/gummiboot.efi}}
  
* [[GRUB#GRUB_standalone|Create a GRUB standalone image]] and copy the generate {{ic|grub*.efi}} to the USB as {{ic|EFI/boot/loader.efi}}, {{ic|EFI/boot/bootx64.efi}} and/or {{ic|EFI/boot/bootia32.efi}} (useful when running on a 32-bit UEFI)
+
* [[GRUB/Tips and tricks#GRUB standalone|Create a GRUB standalone image]] for i686 system and copy the generated {{ic|grub*.efi}} to the USB as {{ic|EFI/boot/loader.efi}} and/or {{ic|EFI/boot/bootia32.efi}}
  
 
* Create {{ic|EFI/boot/grub.cfg}} with the following contents (replace {{ic|ARCH_YYYYMM}} with the required archiso label e.g. {{ic|ARCH_201507}}):
 
* Create {{ic|EFI/boot/grub.cfg}} with the following contents (replace {{ic|ARCH_YYYYMM}} with the required archiso label e.g. {{ic|ARCH_201507}}):
  
{{hc|grub.cfg for Official ISO|<nowiki>
+
{{hc|grub.cfg for official ISO|<nowiki>
 
insmod part_gpt
 
insmod part_gpt
 
insmod part_msdos
 
insmod part_msdos
Line 390: Line 392:
 
     chainloader /EFI/shellx64_v2.efi
 
     chainloader /EFI/shellx64_v2.efi
 
}
 
}
   
+
 
 
menuentry "UEFI Shell x86_64 v1" {
 
menuentry "UEFI Shell x86_64 v1" {
 
     search --no-floppy --set=root --label ARCH_YYYYMM
 
     search --no-floppy --set=root --label ARCH_YYYYMM
Line 427: Line 429:
 
     chainloader /EFI/tools/shellx64_v2.efi
 
     chainloader /EFI/tools/shellx64_v2.efi
 
}
 
}
   
+
 
 
menuentry "UEFI Shell x86_64 v1" {
 
menuentry "UEFI Shell x86_64 v1" {
 
     search --no-floppy --set=root --file /boot/vmlinuz_x86_64
 
     search --no-floppy --set=root --file /boot/vmlinuz_x86_64
Line 458: Line 460:
 
* [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/plain/Documentation/x86/x86_64/uefi.txt Linux Kernel x86_64 UEFI Documentation]
 
* [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/plain/Documentation/x86/x86_64/uefi.txt Linux Kernel x86_64 UEFI Documentation]
 
* [http://www.intel.com/technology/efi/ Intel's page on EFI]{{Dead link|2016|07|16}}
 
* [http://www.intel.com/technology/efi/ Intel's page on EFI]{{Dead link|2016|07|16}}
* [http://uefidk.intel.com/ Intel UEFI Community Resource Center]{{Dead link|2016|07|16}}
+
* [http://firmware.intel.com/ Intel Architecture Firmware Resource Center]
* [http://uefidk.intel.com/blog/linux-efi-boot-stub Matt Fleming - The Linux EFI Boot Stub]{{Dead link|2016|07|16}}
+
* [http://firmware.intel.com/blog/linux-efi-boot-stub Matt Fleming - The Linux EFI Boot Stub]
* [http://uefidk.intel.com/blog/accessing-uefi-variables-linux Matt Fleming - Accessing UEFI Variables from Linux]{{Dead link|2016|07|16}}
+
* [http://firmware.intel.com/blog/accessing-uefi-variables-linux Matt Fleming - Accessing UEFI Variables from Linux]
 
* [http://www.rodsbooks.com/linux-uefi/ Rod Smith - Linux on UEFI: A Quick Installation Guide]
 
* [http://www.rodsbooks.com/linux-uefi/ Rod Smith - Linux on UEFI: A Quick Installation Guide]
 
* [https://lkml.org/lkml/2011/6/8/322 UEFI Boot problems on some newer machines (LKML)]
 
* [https://lkml.org/lkml/2011/6/8/322 UEFI Boot problems on some newer machines (LKML)]
Line 467: Line 469:
 
* [http://linuxplumbers.ubicast.tv/videos/uefi-tutorial-part-2/ LPC 2012 UEFI Tutorial : part 2]
 
* [http://linuxplumbers.ubicast.tv/videos/uefi-tutorial-part-2/ LPC 2012 UEFI Tutorial : part 2]
 
* [http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome_to_TianoCore Intel's Tianocore Project] for Open-Source UEFI firmware which includes DuetPkg for direct BIOS based booting and OvmfPkg used in QEMU and Oracle VirtualBox
 
* [http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome_to_TianoCore Intel's Tianocore Project] for Open-Source UEFI firmware which includes DuetPkg for direct BIOS based booting and OvmfPkg used in QEMU and Oracle VirtualBox
* [http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/efi-boot-process.html FGA: The EFI boot process]
+
* [https://jdebp.eu/FGA/efi-boot-process.html FGA: The EFI boot process]
 
* [http://www.microsoft.com/whdc/device/storage/GPT_FAQ.mspx Microsoft's Windows and GPT FAQ]
 
* [http://www.microsoft.com/whdc/device/storage/GPT_FAQ.mspx Microsoft's Windows and GPT FAQ]
* [https://gitorious.org/tianocore_uefi_duet_builds/pages/Windows_x64_BIOS_to_UEFI Convert Windows x64 from BIOS-MBR mode to UEFI-GPT mode without Reinstall]
+
* [https://gitorious.org/tianocore_uefi_duet_builds/pages/Windows_x64_BIOS_to_UEFI Convert Windows x64 from BIOS-MBR mode to UEFI-GPT mode without Reinstall]{{Dead link|2016|08|21}}
* [https://gitorious.org/tianocore_uefi_duet_builds/pages/Linux_Windows_BIOS_UEFI_boot_USB Create a Linux BIOS+UEFI and Windows x64 BIOS+UEFI bootable USB drive]
+
* [https://gitorious.org/tianocore_uefi_duet_builds/pages/Linux_Windows_BIOS_UEFI_boot_USB Create a Linux BIOS+UEFI and Windows x64 BIOS+UEFI bootable USB drive]{{Dead link|2016|08|21}}
 
* [http://rodsbooks.com/bios2uefi/ Rod Smith - A BIOS to UEFI Transformation]
 
* [http://rodsbooks.com/bios2uefi/ Rod Smith - A BIOS to UEFI Transformation]
 
* [http://software.intel.com/en-us/articles/efi-shells-and-scripting/ EFI Shells and Scripting - Intel Documentation]
 
* [http://software.intel.com/en-us/articles/efi-shells-and-scripting/ EFI Shells and Scripting - Intel Documentation]
 
* [http://software.intel.com/en-us/articles/uefi-shell/ UEFI Shell  - Intel Documentation]
 
* [http://software.intel.com/en-us/articles/uefi-shell/ UEFI Shell  - Intel Documentation]
 
* [http://www.hpuxtips.es/?q=node/293 UEFI Shell - bcfg command info]
 
* [http://www.hpuxtips.es/?q=node/293 UEFI Shell - bcfg command info]
* [http://dl.dropbox.com/u/17629062/Shell2.zip UEFI Shell v2 binary with bcfg modified to work with UEFI pre-2.3 firmware - from Clover efiboot]
 

Revision as of 17:01, 13 September 2017

Warning: While the choice to install in UEFI mode is forward looking, early vendor UEFI implementations may carry more bugs than their BIOS counterparts. It is advised to do a search relating to your particular motherboard model before proceeding.

The Unified Extensible Firmware Interface (EFI or UEFI for short) is a new model for the interface between operating systems and firmware. It provides a standard environment for booting an operating system and running pre-boot applications.

It is distinct from the commonly used "MBR boot code" method followed for BIOS systems. See Arch boot process for their differences and the boot process using UEFI. To set up UEFI Boot Loaders, see Boot loaders.

UEFI versions

  • UEFI started as Intel's EFI in versions 1.x.
  • Later, a group of companies called the UEFI Forum took over its development, which renamed it as Unified EFI starting with version 2.0.
  • Unless specified as EFI 1.x, EFI and UEFI terms are used interchangeably to denote UEFI 2.x firmware.
  • Apple's EFI implementation is neither a EFI 1.x version nor UEFI 2.x version but mixes up both. This kind of firmware does not fall under any one (U)EFI specification and therefore is not a standard UEFI firmware. Unless stated explicitly, these instructions are general and some of them may not work or may be different in Apple Macs.

The latest UEFI Specification can be found at http://uefi.org/specifications.

UEFI firmware bitness

Under UEFI, every program whether it is an OS loader or a utility (e.g. a memory testing app or recovery tool), should be a UEFI Application corresponding to the EFI firmware bitness/architecture.

The vast majority of UEFI firmwares, including recent Apple Macs, use x86_64 EFI firmware. The only known devices that use IA32 (32-bit) EFI are older (pre 2008) Apple Macs, some Intel Cloverfield ultrabooks and some older Intel Server boards that are known to operate on Intel EFI 1.10 firmware.

An x86_64 EFI firmware does not include support for launching 32-bit EFI apps (unlike x86_64 Linux and Windows versions which include such support). Therefore the UEFI application must be compiled for that specific firmware processor bitness/architecture.

Non Macs

Check whether the dir /sys/firmware/efi exists, if it exists it means the kernel has booted in EFI mode. In that case the UEFI bitness is same as kernel bitness. (ie. i686 or x86_64)

Note: Intel Atom System-on-Chip systems ship with 32-bit UEFI (as on 2 November 2013). See #Booting 64-bit kernel on 32-bit UEFI for more info. Also see this Intel blog post.

Apple Macs

Pre-2008 Macs mostly have i386-efi firmware while >=2008 Macs have mostly x86_64-efi. All Macs capable of running Mac OS X Snow Leopard 64-bit Kernel have x86_64 EFI 1.x firmware.

To find out the arch of the efi firmware in a Mac, type the following into the Mac OS X terminal:

$ ioreg -l -p IODeviceTree | grep firmware-abi

If the command returns EFI32 then it is IA32 (32-bit) EFI firmware. If it returns EFI64 then it is x86_64 EFI firmware. Most of the Macs do not have UEFI 2.x firmware as Apple's EFI implementation is not fully compliant with UEFI 2.x Specification.

Linux kernel config options for UEFI

The required Linux Kernel configuration options for UEFI systems are :

CONFIG_RELOCATABLE=y
CONFIG_EFI=y
CONFIG_EFI_STUB=y
CONFIG_FB_EFI=y
CONFIG_FRAMEBUFFER_CONSOLE=y

UEFI Runtime Variables Support (efivarfs filesystem - /sys/firmware/efi/efivars). This option is important as this is required to manipulate UEFI Runtime Variables using tools like /usr/bin/efibootmgr. The below config option has been added in kernel 3.10 and above.

CONFIG_EFIVAR_FS=y

UEFI Runtime Variables Support (old efivars sysfs interface - /sys/firmware/efi/vars). This option should be disabled to prevent any potential issues with both efivarfs and sysfs-efivars enabled.

CONFIG_EFI_VARS=n

GUID Partition Table GPT config option - mandatory for UEFI support

CONFIG_EFI_PARTITION=y
Note: All of the above options are required to boot Linux via UEFI, and are enabled in Archlinux kernels in official repos.

Retrieved from https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/plain/Documentation/x86/x86_64/uefi.txt .

UEFI variables

UEFI defines variables through which an operating system can interact with the firmware. UEFI Boot Variables are used by the boot-loader and used by the OS only for early system start-up. UEFI Runtime Variables allow an OS to manage certain settings of the firmware like the UEFI Boot Manager or managing the keys for UEFI Secure Boot Protocol etc. You can get the list using

$ efivar -l

UEFI variables support in Linux kernel

Linux kernel exposes EFI variables data to userspace via efivarfs (EFI VARiable FileSystem) interface (CONFIG_EFIVAR_FS) - mounted using efivarfs kernel module at /sys/firmware/efi/efivars - it has no maximum per-variable size limitation and supports UEFI Secure Boot variables. Introduced in kernel 3.8.

Requirements for UEFI variable support

  1. Kernel processor bitness and EFI processor bitness should match.
  2. Kernel should be booted in EFI mode (via EFISTUB or any EFI boot loader, not via BIOS/CSM or Apple's "bootcamp" which is also BIOS/CSM).
  3. EFI Runtime Services support should be present in the kernel (CONFIG_EFI=y, check if present with zgrep CONFIG_EFI /proc/config.gz).
  4. EFI Runtime Services in the kernel SHOULD NOT be disabled via kernel cmdline, i.e. noefi kernel parameter SHOULD NOT be used.
  5. efivarfs filesystem should be mounted at /sys/firmware/efi/efivars, otherwise follow #Mount efivarfs section below.
  6. efivar should list (option -l) the EFI Variables without any error.

If EFI Variables support does not work even after the above conditions are satisfied, try the below workarounds:

  1. If any userspace tool is unable to modify efi variables data, check for existence of /sys/firmware/efi/efivars/dump-* files. If they exist, delete them, reboot and retry again.
  2. If the above step does not fix the issue, try booting with efi_no_storage_paranoia kernel parameter to disable kernel efi variable storage space check that may prevent writing/modification of efi variables.
Note: efi_no_storage_paranoia should only be used when needed and should not be left as a normal boot option. The effect of this kernel command line parameter turns off a safeguard that was put in place to help avoid the bricking of machines when the NVRAM gets too full.

Mount efivarfs

Tango-view-refresh-red.pngThis article or section is out of date.Tango-view-refresh-red.png

Reason: efivars is chattr +i since linux 4.5, see [1] (Discuss in Talk:Unified Extensible Firmware Interface#)
Warning: efivars is mounted writeable by default [2], which may cause permanent damage to the system. [3][dead link 2016-08-21] As such, consider mounting efivars read-only (-o ro) as described below. Note that when it is mounted read-only, tools such as efibootmgr and bootloaders will not be able to change boot settings, nor will commands like systemctl reboot --firmware-setup work.

If efivarfs is not automatically mounted at /sys/firmware/efi/efivars by systemd during boot, then you need to manually mount it to expose UEFI variables to #Userspace tools like efibootmgr:

# mount -t efivarfs efivarfs /sys/firmware/efi/efivars
Note: The above command should be run both outside (before) and inside the chroot, if any.

To mount efivarfs read-only during boot, add to /etc/fstab:

/etc/fstab
efivarfs    /sys/firmware/efi/efivars    efivarfs    ro,nosuid,nodev,noexec,noatime 0 0

To remount with write support, run:

# mount -o remount /sys/firmware/efi/efivars -o rw,nosuid,nodev,noexec,noatime

Userspace tools

There are few tools that can access/modify the UEFI variables, namely

  • efivar — Library and Tool to manipulate UEFI Variables (used by efibootmgr)
https://github.com/vathpela/efivar || efivar, efivar-gitAUR
  • efibootmgr — Tool to manipulate UEFI Firmware Boot Manager Settings
https://github.com/vathpela/efibootmgr || efibootmgr, efibootmgr-gitAUR[broken link: package not found]
  • uefivars — Dumps list of EFI variables with some additional PCI related info (uses efibootmgr code internally)
https://github.com/fpmurphy/Various/tree/master/uefivars-2.0 || uefivars-gitAUR
  • efitools — Tools for manipulating UEFI secure boot platforms
http://git.kernel.org/cgit/linux/kernel/git/jejb/efitools.git || efitools, efitools-gitAUR
  • Ubuntu's Firmware Test Suite — Test suite that performs sanity checks on Intel/AMD PC firmware
https://wiki.ubuntu.com/FirmwareTestSuite/ || fwts-gitAUR

efibootmgr

Note:
  • If efibootmgr does not work on your system, you can reboot into #UEFI Shell and use bcfg to create a boot entry for the bootloader.
  • If you are unable to use efibootmgr, some UEFI firmwares allow users to directly manage uefi boot entries from within its boot-time interface. For example, some ASUS firmwares have an "Add New Boot Option" choice which enables you to select a local EFI System Partition and manually enter the EFI application location e.g. \EFI\refind\refind_x64.efi.
  • The below commands use rEFInd boot-loader as example.

To add a new boot option using efibootmgr you need to know three things:

  1. The disk containing the EFI System Partition (ESP): /dev/sdX
  2. The partition number of the ESP on that disk: the Y in /dev/sdXY
  3. The path to the UEFI application (relative to the root of the ESP)

For example, if you want to add a boot option for /boot/efi/EFI/refind/refind_x64.efi where /boot/efi is the mount point of the ESP, run

$ findmnt /boot/efi
TARGET    SOURCE     FSTYPE OPTIONS
/boot/efi /dev/sda1  vfat   rw,flush,tz=UTC

In this example, this indicates that the ESP is on disk /dev/sda and has partition number 1. The path to the UEFI application relative to the root of the ESP is /EFI/refind/refind_x64.efi. So you would create the boot entry as follows:

# efibootmgr --create --disk /dev/sda --part 1 --loader /EFI/refind/refind_x64.efi --label "rEFInd Boot Manager"

See efibootmgr(8) or efibootmgr README for more info.

Note: UEFI uses backward slash \ as path separator but efibootmgr automatically converts UNIX-style / path separators.

UEFI Shell

The UEFI Shell is a shell/terminal for the firmware which allows launching uefi applications which include uefi bootloaders. Apart from that, the shell can also be used to obtain various other information about the system or the firmware like memory map (memmap), modifying boot manager variables (bcfg), running partitioning programs (diskpart), loading uefi drivers, editing text files (edit), hexedit etc.

Obtaining UEFI Shell

You can download a BSD licensed UEFI Shell from Intel's Tianocore UDK/EDK2 Sourceforge.net project:

Shell v2 works best in UEFI 2.3+ systems and is recommended over Shell v1 in those systems. Shell v1 should work in all UEFI systems irrespective of the spec. version the firmware follows. More info at ShellPkg and this mail[dead link 2016-08-21]

Launching UEFI Shell

Few Asus and other AMI Aptio x86_64 UEFI firmware based motherboards (from Sandy Bridge onwards) provide an option called "Launch EFI Shell from filesystem device" . For those motherboards, download the x86_64 UEFI Shell and copy it to your EFI System Partition as <EFI_SYSTEM_PARTITION>/shellx64.efi (mostly /boot/efi/shellx64.efi) .

Systems with Phoenix SecureCore Tiano UEFI firmware are known to have embedded UEFI Shell which can be launched using either F6, F11 or F12 key.

Note: If you are unable to launch UEFI Shell from the firmware directly using any of the above mentioned methods, create a FAT32 USB pen drive with Shell.efi copied as (USB)/efi/boot/bootx64.efi. This USB should come up in the firmware boot menu. Launching this option will launch the UEFI Shell for you.

Important UEFI Shell commands

UEFI Shell commands usually support -b option which makes output pause after each page. Run help -b to list available commands.

More info at http://software.intel.com/en-us/articles/efi-shells-and-scripting/

bcfg

bcfg modifies the UEFI NVRAM entries which allows the user to change the boot entries or driver options. This command is described in detail in page 83 (Section 5.3) of the UEFI Shell Specification 2.0 document.

Note:
  • Try bcfg only if efibootmgr fails to create working boot entries on your system.
  • UEFI Shell v1 official binary does not support bcfg command. See #Obtaining UEFI Shell for a modified UEFI Shell v2 binary which may work in UEFI pre-2.3 firmwares.

To dump a list of current boot entries:

Shell> bcfg boot dump -v

To add a boot menu entry for rEFInd (for example) as 4th (numbering starts from zero) option in the boot menu:

Shell> bcfg boot add 3 fs0:\EFI\refind\refind_x64.efi "rEFInd"

where fs0: is the mapping corresponding to the EFI System Partition and fs0:\EFI\refind\refind_x64.efi is the file to be launched.

To add an entry to boot directly into your system without a bootloader, configure a boot option using your kernel as an EFISTUB:

Shell> bcfg boot add N fsV:\vmlinuz-linux "Arch Linux"
Shell> bcfg boot -opt N "root=/dev/sdX# initrd=\initramfs-linux.img"

where N is the priority, V is the volume number of your EFI partition, and /dev/sdX# is your root partition.

To remove the 4th boot option:

Shell> bcfg boot rm 3

To move the boot option #3 to #0 (i.e. 1st or the default entry in the UEFI Boot menu):

Shell> bcfg boot mv 3 0

For bcfg help text:

Shell> help bcfg -v -b

or:

Shell> bcfg -? -v -b

map

map displays a list of device mappings i.e. the names of available file systems (fs0) and storage devices (blk0).

Before running file system commands such as cd or ls, you need to change the shell to the appropriate file system by typing its name:

Shell> fs0:
fs0:\> cd EFI/

edit

edit provides a basic text editor with an interface similar to nano, but slightly less functional. It handles UTF-8 encoding and takes care or LF vs CRLF line endings.

For example, to edit rEFInd's refind.conf in the EFI System Partition (fs0: in the firmware),

Shell> edit FS0:\EFI\refind\refind.conf

Type Ctrl-E for help.

UEFI Linux hardware compatibility

See Unified Extensible Firmware Interface/Hardware for more information.

UEFI Bootable Media

Create UEFI bootable USB from ISO

Follow USB flash installation media#BIOS and UEFI bootable USB

Remove UEFI boot support from optical media

Note: This section mentions removing UEFI boot support from a CD/DVD only (Optical Media), not from a USB flash drive.

Most of the 32-bit EFI Macs and some 64-bit EFI Macs refuse to boot from a UEFI(X64)+BIOS bootable CD/DVD. If one wishes to proceed with the installation using optical media, it might be necessary to remove UEFI support first.

  • Mount the official installation media and obtain the archisolabel as shown in the previous section.
# mount -o loop input.iso /mnt/iso
  • Then rebuild the ISO, excluding the UEFI Optical Media booting support, using xorriso from libisoburn. Be sure to set the correct archisolabel, e.g. "ARCH_201411" or similar:
$ xorriso -as mkisofs -iso-level 3 \
    -full-iso9660-filenames\
    -volid "archisolabel" \
    -appid "Arch Linux CD" \
    -publisher "Arch Linux <https://www.archlinux.org>" \
    -preparer "prepared by $USER" \
    -eltorito-boot isolinux/isolinux.bin \
    -eltorito-catalog isolinux/boot.cat \
    -no-emul-boot -boot-load-size 4 -boot-info-table \
    -isohybrid-mbr "/mnt/iso/isolinux/isohdpfx.bin" \
    -output output.iso /mnt/iso/
  • Burn output.iso to optical media and proceed with installation normally.

Testing UEFI in systems without native support

OVMF for virtual machines

OVMF is a tianocore project to enable UEFI support for Virtual Machines. OVMF contains a sample UEFI firmware and a separate non-volatile variable store for QEMU.

You can install ovmf from the extra repository.

It is advised to make a local copy of the non-volatile variable store for your virtual machine:

$ cp /usr/share/ovmf/ovmf_vars_x64.bin my_uefi_vars.bin

To use the OVMF firmware and this variable store, add following to your QEMU command:

-drive if=pflash,format=raw,readonly,file=/usr/share/ovmf/ovmf_code_x64.bin \
-drive if=pflash,format=raw,file=my_uefi_vars.bin

For example:

$ qemu-system-x86_64 -enable-kvm -m 1G -drive if=pflash,format=raw,readonly,file=/usr/share/ovmf/ovmf_code_x64.bin -drive if=pflash,format=raw,file=efi_vars.bin …

DUET for BIOS only systems

DUET is a tianocore project that enables chainloading a full UEFI environment from a BIOS system, in a way similar to BIOS OS booting. This method is being discussed extensively in http://www.insanelymac.com/forum/topic/186440-linux-and-windows-uefi-boot-using-tianocore-duet-firmware/. Pre-build DUET images can be downloaded from one of the repos at https://gitorious.org/tianocore_uefi_duet_builds [dead link 2016-08-21]. Specific instructions for setting up DUET is available at https://gitorious.org/tianocore_uefi_duet_builds/tianocore_uefi_duet_installer/blobs/raw/master/Migle_BootDuet_INSTALL.txt [dead link 2016-08-21].

You can also try http://sourceforge.net/projects/cloverefiboot/ which provides modified DUET images that may contain some system specific fixes and is more frequently updated compared to the gitorious repos.

Troubleshooting

Windows 7 will not boot in UEFI mode

If you have installed Windows to a different hard disk with GPT partitioning and still have a MBR partitioned hard disk in your computer, then it is possible that the firmware (UEFI) is starting its CSM support (for booting MBR partitions) and therefore Windows will not boot. To solve this merge your MBR hard disk to GPT partitioning or disable the SATA port where the MBR hard disk is plugged in or unplug the SATA connector from this hard disk.

Mainboards with this kind of problem:

  • Gigabyte Z77X-UD3H rev. 1.1 (UEFI version F19e)
    • The firmware option for booting "UEFI Only" does not prevent the firmware from starting CSM.

Windows changes boot order

If you dual boot with Windows and your motherboard just boots Windows immediately instead of your chosen UEFI application, there are several possible causes and workarounds.

  • Ensure Fast Startup is disabled in your Windows power options
  • Ensure Secure Boot is disabled in your BIOS (if you are not using a signed boot loader)
  • Ensure your UEFI boot order does not have Windows Boot Manager set first e.g. using #efibootmgr and what you see in the configuration tool of the UEFI. Some motherboards override by default any settings set with efibootmgr by Windows if it detects it. This is confirmed in a Packard Bell laptop.
  • If your motherboard is booting the default UEFI path (\EFI\BOOT\BOOTX64.EFI), this file may have been overwritten with the Windows boot loader. Try setting the correct boot path e.g. using #efibootmgr.
  • If the previous steps do not work, you can tell the Windows boot loader to run a different UEFI application. From a Windows Administrator command prompt:
    # bcdedit /set "{bootmgr}" path "\EFI\path\to\app.efi"
  • Alternatively, you can set a startup script in Windows that ensures that the boot order is set correctly every time you boot Windows.
    1. Open a command prompt with admin privlages. Run bcdedit /enum firmware and find your desired boot entry.
    2. Copy the Identifier, including the brackets, e.g. {31d0d5f4-22ad-11e5-b30b-806e6f6e6963}
    3. Create a batch file with the command bcdedit /set "{fwbootmgr}" DEFAULT "{copied boot identifier}"
    4. Open gpedit.msc and under Local Computer Policy > Computer Configuration > Windows Settings > Scripts(Startup/Shutdown), choose Startup
    5. Under the Scripts tab, choose the Add button, and select your batch file

USB media gets struck with black screen

This issue can occur due to KMS issue. Try Disabling KMS while booting the USB.

Booting 64-bit kernel on 32-bit UEFI

Both Official ISO (Archiso) and Archboot iso use EFISTUB (via systemd-boot Boot Manager for menu) for booting the kernel in UEFI mode. To boot 64-bit kernel with 32-bit UEFI you have to use GRUB as the USB's UEFI bootloader by following the below section.

Using GRUB

Tip: The given configuration entries can also be entered inside a GRUB command-shell.
  • Backup EFI/boot/loader.efi to EFI/boot/gummiboot.efi
  • Create EFI/boot/grub.cfg with the following contents (replace ARCH_YYYYMM with the required archiso label e.g. ARCH_201507):
grub.cfg for official ISO
insmod part_gpt
insmod part_msdos
insmod fat

insmod efi_gop
insmod efi_uga
insmod video_bochs
insmod video_cirrus

insmod font

if loadfont "${prefix}/fonts/unicode.pf2" ; then
    insmod gfxterm
    set gfxmode="1024x768x32;auto"
    terminal_input console
    terminal_output gfxterm
fi

menuentry "Arch Linux archiso x86_64" {
    set gfxpayload=keep
    search --no-floppy --set=root --label ARCH_YYYYMM
    linux /arch/boot/x86_64/vmlinuz archisobasedir=arch archisolabel=ARCH_YYYYMM add_efi_memmap
    initrd /arch/boot/x86_64/archiso.img
}

menuentry "UEFI Shell x86_64 v2" {
    search --no-floppy --set=root --label ARCH_YYYYMM
    chainloader /EFI/shellx64_v2.efi
}

menuentry "UEFI Shell x86_64 v1" {
    search --no-floppy --set=root --label ARCH_YYYYMM
    chainloader /EFI/shellx64_v1.efi
}
grub.cfg for Archboot ISO
insmod part_gpt
insmod part_msdos
insmod fat

insmod efi_gop
insmod efi_uga
insmod video_bochs
insmod video_cirrus

insmod font

if loadfont "${prefix}/fonts/unicode.pf2" ; then
    insmod gfxterm
    set gfxmode="1024x768x32;auto"
    terminal_input console
    terminal_output gfxterm
fi

menuentry "Arch Linux x86_64 Archboot" {
    set gfxpayload=keep
    search --no-floppy --set=root --file /boot/vmlinuz_x86_64
    linux /boot/vmlinuz_x86_64 cgroup_disable=memory loglevel=7 add_efi_memmap
    initrd /boot/initramfs_x86_64.img
}

menuentry "UEFI Shell x86_64 v2" {
    search --no-floppy --set=root --file /boot/vmlinuz_x86_64
    chainloader /EFI/tools/shellx64_v2.efi
}

menuentry "UEFI Shell x86_64 v1" {
    search --no-floppy --set=root --file /boot/vmlinuz_x86_64
    chainloader /EFI/tools/shellx64_v1.efi
}

UEFI boot loader does not show up in firmware menu

On certain UEFI motherboards like some boards with an Intel Z77 chipset, adding entries with efibootmgr or bcfg from the EFI Shell will not work because they do not show up on the boot menu list after being added to NVRAM.

This issue is caused because the motherboards can only load Microsoft Windows. To solve this you have to place the .efi file in the location that Windows uses.

Copy the bootx64.efi file from the Arch Linux installation medium (FSO:) to the Microsoft directory your ESP partition on your hard drive (FS1:). Do this by booting into EFI shell and typing:

FS1:
cd EFI
mkdir Microsoft
cd Microsoft
mkdir Boot
cp FS0:\EFI\BOOT\bootx64.efi FS1:\EFI\Microsoft\Boot\bootmgfw.efi

After reboot, any entries added to NVRAM should show up in the boot menu.

See also