Difference between revisions of "Unified Extensible Firmware Interface"

From ArchWiki
Jump to: navigation, search
m
(UEFI Variables Support in Linux Kernel: Template:ic for variable names (Help:Style#Code formatting))
 
(218 intermediate revisions by 56 users not shown)
Line 5: Line 5:
 
[[ru:Unified Extensible Firmware Interface]]
 
[[ru:Unified Extensible Firmware Interface]]
 
[[zh-CN:Unified Extensible Firmware Interface]]
 
[[zh-CN:Unified Extensible Firmware Interface]]
{{Article summary start}}
+
{{Related articles start}}
{{Article summary text|An overview of the Unified Extensible Firmware Interface.}}
+
{{Related|Arch boot process}}
{{Article summary heading|Overview}}
+
{{Related|Master Boot Record}}
{{Article summary text|{{Boot process overview}}}}
+
{{Related|EFI System Partition}}
{{Article summary heading|Related}}
+
{{Related|GUID Partition Table}}
{{Article summary wiki|GUID Partition Table}}
+
{{Related|UEFI/Hardware}}
{{Article summary wiki|Master Boot Record}}
+
{{Related articles end}}
{{Article summary wiki|Arch Boot Process}}
+
{{Warning|While the choice to install in UEFI mode is forward looking, early vendor UEFI implementations may carry more bugs than their BIOS counterparts. It is advised to do a search relating to your particular mainboard model before proceeding.}}
{{Article summary end}}
+
  
'''Unified Extensible Firmware Interface''' (or UEFI for short) is a new type of firmware that was initially designed by Intel (known as EFI then) mainly for its Itanium based systems. It introduces new ways of booting an OS that is distinct from the commonly used "MBR boot code" method followed for BIOS systems. It started as Intel's EFI in versions 1.x and then a group of companies called the UEFI Forum took over its development from which it was called Unified EFI starting with version 2.0 . As of 24 July 2013, UEFI Specification 2.4 (released July 11, 2013) is the most recent version.
+
The [http://www.uefi.org/ Unified Extensible Firmware Interface] (EFI or UEFI for short) is a new model for the interface between operating systems and firmware. It provides a standard environment for booting an operating system and running pre-boot applications.  
  
{{Note|Unless specified as EFI 1.x , EFI and UEFI terms are used interchangeably to denote UEFI 2.x firmware. Also unless stated explicitly, these instructions are general and some of them may not work or may be different in Macs. Apple's EFI implementation is neither a EFI 1.x version nor UEFI 2.x version but mixes up both. This kind of firmware does not fall under any one UEFI Specification version and therefore it is not a standard UEFI firmware.}}
+
It is distinct from the commonly used "[[MBR]] boot code" method followed for [[Wikipedia:BIOS|BIOS]] systems. See [[Arch boot process]] for their differences and the boot process using UEFI. To set up UEFI Boot Loaders, see [[Boot loaders]].
  
Before understanding UEFI, it is important to understand how the pre-UEFI (BIOS) systems boot. This is explained in subsequent sections.
+
== UEFI versions ==
 +
* UEFI started as Intel's EFI in versions 1.x.
 +
* Later, a group of companies called the UEFI Forum took over its development, which renamed it as Unified EFI starting with version 2.0.
 +
* Unless specified as EFI 1.x, EFI and UEFI terms are used interchangeably to denote UEFI 2.x firmware.
 +
* As of 15 April 2015, UEFI Specification 2.5 is the most recent version.
 +
* Apple's EFI implementation is neither a EFI 1.x version nor UEFI 2.x version but mixes up both. This kind of firmware does not fall under any one (U)EFI specification and therefore is not a standard UEFI firmware. Unless stated explicitly, these instructions are general and some of them may not work or may be different in [[MacBook|Apple Macs]].
  
= BIOS =
+
== UEFI Firmware bitness ==
  
A BIOS or Basic Input-Output System is the very first program (firmware) that is executed once the system is switched on. In most cases it is stored in a flash memory in the motherboard itself and independent of the system storage.
+
Under UEFI, every program whether it is an OS loader or a utility (e.g. a memory testing app or recovery tool), should be a UEFI Application corresponding to the EFI firmware bitness/architecture.  
  
== Boot Process under BIOS ==
+
The vast majority of UEFI firmwares, including recent Apple Macs, use x86_64 EFI firmware. The only known devices that use IA32 (32-bit) EFI are older (pre 2008) Apple Macs, some Intel Cloverfield ultrabooks and some older Intel Server boards that are known to operate on Intel EFI 1.10 firmware.
 
+
# System switched on - Power On Self Test, or POST process
+
# After POST BIOS initializes the necessary system hardware for booting (disk, keyboard controllers etc.)
+
# BIOS launches the first 440 bytes (MBR boot code region) of the first disk in the BIOS disk order
+
# The MBR boot code then takes control from BIOS and launches its next stage code (if any) (mostly bootloader code)
+
# The launched (2nd stage) code (actual bootloader) then reads its support and config files
+
# Based on the data in its config files, the bootloader loads the kernel and initramfs into system memory (RAM) and launches the kernel
+
 
+
== Multibooting in BIOS ==
+
 
+
Since very little can be achieved by a program that fits into the 440-byte boot code area, multi-booting using BIOS requires a multi-boot capable bootloader (multi-boot refers to booting multiple operating systems, not to booting a kernel in the Multiboot format specified by the GRUB developers). So usually a common bootloader like [[GRUB]] or [[Syslinux]] or [[LILO]] would be loaded by the BIOS, and it would load an operating system by either chain-loading or directly loading the kernel.
+
 
+
= UEFI =
+
 
+
UEFI has support for reading both the partition table as well as understanding filesystems. Hence it is not limited by 440 byte code limitation (MBR boot code) as in BIOS systems. It does not use the MBR boot code at all.
+
 
+
The commonly used UEFI firmwares support both MBR and GPT partition table. EFI in Apple-Intel Macs are known to also support Apple Partition Map besides MBR and GPT. Most UEFI firmwares have support for accessing FAT12 (floppy disks), FAT16 and FAT32 filesystems in HDDs and ISO9660 (and UDF) in CD/DVDs. EFI in Apple-Intel Macs can access HFS/HFS+ filesystems also apart from the mentioned ones.
+
 
+
UEFI does not launch any boot code in the MBR whether it exists or not. Instead it uses a special partition in the partition table called ''EFI SYSTEM PARTITION'' in which files required to be launched by the firmware are stored. Each vendor can store its files under {{ic|<EFI SYSTEM PARTITION>/EFI/<VENDOR NAME>/}} folder and can use the firmware or its shell (UEFI shell) to launch the boot program. An EFI System Partition is usually formatted as FAT32.
+
 
+
Under UEFI, every program whether it is an OS loader or a utility (e.g. a memory testing app or recovery tool), should be an UEFI Application corresponding to the EFI firmware bitness/architecture. The vast majority of UEFI firmwares, including recent Apple Macs, use x86_64 EFI firmware. The only known devices that use IA32 (32-bit) EFI are older (pre 2008) Apple Macs, some recent Intel Cloverfield ultrabooks and some older Intel Server boards are known to operate on Intel EFI 1.10 firmware
+
  
 
An x86_64 EFI firmware does not include support for launching 32-bit EFI apps (unlike x86_64 Linux and Windows versions which include such support). Therefore the UEFI application must be compiled for that specific firmware processor bitness/architecture.
 
An x86_64 EFI firmware does not include support for launching 32-bit EFI apps (unlike x86_64 Linux and Windows versions which include such support). Therefore the UEFI application must be compiled for that specific firmware processor bitness/architecture.
 
== Boot Process under UEFI ==
 
 
# System switched on - Power On Self Test, or POST process.
 
# UEFI firmware is loaded. Firmware initializes the hardware required for booting.
 
# Firmware then reads its Boot Manager data to determine which UEFI application to be launched and from where (i.e. from which disk and partition).
 
# Firmware then launches the UEFI application as defined in the boot entry in the firmware's boot manager.
 
# The launched UEFI application may launch another application (in case of UEFI Shell or a boot manager like rEFInd) or the kernel and initramfs (in case of a bootloader like GRUB) depending on how the UEFI application was configured.
 
 
{{Note|On some UEFI systems the only possible way to launch UEFI application on boot (if it doesn't have custom entry in UEFI boot menu) is to put it in this fixed location: {{ic|<EFI SYSTEM PARTITION>/EFI/boot/bootx64.efi}} (for 64-bit x86 system)}}
 
 
== Multibooting in UEFI ==
 
 
Since each OS or vendor can maintain its own files within the EFI SYSTEM PARTITION without affecting the other, multi-booting using UEFI is just a matter of launching a different UEFI application corresponding to the particular OS's bootloader. This removes the need for relying on chainloading mechanisms of one bootloader to load another to switch OSes.
 
 
=== Booting Microsoft Windows ===
 
 
64-bit Windows Vista (SP1+), Windows 7 and Windows 8 versions support booting using x86_64 EFI firmware. Windows forces type of partitioning depending on the firmware used, i.e. if Windows is booted in UEFI mode, it can be installed only to a GPT disk. If the Windows is booted in Legacy BIOS mode, it can be installed only to a MBR disk. This is a limitation enforced by Windows installer. Thus Windows supports either UEFI-GPT boot or BIOS-MBR boot only, not UEFI-MBR or BIOS-GPT boot.
 
 
This limitation is not enforced by Linux kernel itself, but rather depends on how the bootloader is configured. However this Windows limitation should be considered if the user wishes to boot Windows and Linux from the same disk, since setting up the bootloader itself depends on the firmware type and disk partitioning used. In case of Windows and Linux dual boot in the same disk, it is advisable to follow the method used by Windows, either go for UEFI-GPT boot or BIOS-MBR boot only, not the other two cases.
 
versions use the type of partition table do determine the boot method, and thus support either UEFI-GPT booting or BIOS-MBR booting.
 
 
32-bit Windows versions only support BIOS-MBR booting. So, in case of Linux and 32-bit Windows booting from the same disk, the disk can use only MBR. See http://support.microsoft.com/kb/2581408 for more info.
 
 
== Detecting UEFI Firmware bitness ==
 
  
 
=== Non Macs ===
 
=== Non Macs ===
Line 79: Line 37:
 
Check whether the dir {{ic|/sys/firmware/efi}} exists, if it exists it means the kernel has booted in EFI mode. In that case the UEFI bitness is same as kernel bitness. (ie. i686 or x86_64)
 
Check whether the dir {{ic|/sys/firmware/efi}} exists, if it exists it means the kernel has booted in EFI mode. In that case the UEFI bitness is same as kernel bitness. (ie. i686 or x86_64)
  
=== Apple Macs ===  
+
{{Note|Intel Atom System-on-Chip systems ship with 32-bit UEFI (as on 2 November 2013). See [[#Using GRUB]] for more info.}}
 +
 
 +
=== Apple Macs ===
  
 
Pre-2008 Macs mostly have i386-efi firmware while >=2008 Macs have mostly x86_64-efi. All Macs capable of running Mac OS X Snow Leopard 64-bit Kernel have x86_64 EFI 1.x firmware.  
 
Pre-2008 Macs mostly have i386-efi firmware while >=2008 Macs have mostly x86_64-efi. All Macs capable of running Mac OS X Snow Leopard 64-bit Kernel have x86_64 EFI 1.x firmware.  
Line 85: Line 45:
 
To find out the arch of the efi firmware in a Mac, type the following into the Mac OS X terminal:
 
To find out the arch of the efi firmware in a Mac, type the following into the Mac OS X terminal:
  
  ioreg -l -p IODeviceTree | grep firmware-abi
+
  $ ioreg -l -p IODeviceTree | grep firmware-abi
  
 
If the command returns EFI32 then it is IA32 (32-bit) EFI firmware. If it returns EFI64 then it is x86_64 EFI firmware. Most of the Macs do not have UEFI 2.x firmware as Apple's EFI implementation is not fully compliant with UEFI 2.x Specification.
 
If the command returns EFI32 then it is IA32 (32-bit) EFI firmware. If it returns EFI64 then it is x86_64 EFI firmware. Most of the Macs do not have UEFI 2.x firmware as Apple's EFI implementation is not fully compliant with UEFI 2.x Specification.
 
== UEFI Variables ==
 
 
UEFI defines variables through which an operating system can interact with the firmware. UEFI Boot Variables are used by the boot-loader and used by the OS only for early system start-up. UEFI Runtime Variables allow an OS to manage certain settings of the firmware like the UEFI Boot Manager or managing the keys for UEFI Secure Boot Protocol etc.
 
 
=== Sample List of UEFI Variables ===
 
 
Sample list of UEFI Variables in a Lenovo Thinkpad E430 3254-DAQ (UEFI 2.3.1, x86_64 firmware, Secure Boot support present):
 
 
{{hc|UEFI Variables List|<nowiki>
 
$ efivar -l
 
0b7646a4-6b44-4332-8588-c8998117f2ef-BmEssentialVariableNames
 
0ec1a7f5-4904-40a0-8eab-4bcc4666da45-PbaStatusVar
 
1054354b-b543-4dfe-558b-a7ad6351c9d8-DptfProtocolSetupVar
 
1827cfc7-4e61-4273-b796-d35f4b0c88fc-LenovoHiddenSetting
 
1bad711c-d451-4241-b1f3-8537812e0c70-MeBiosExtensionSetup
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBC
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBL
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOL
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0000
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0001
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0002
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0003
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0004
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0005
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0006
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0007
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0008
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0009
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP000A
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP000B
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP000C
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP000D
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP000E
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP000F
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0010
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0011
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0012
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0013
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0014
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0015
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0016
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0017
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LBOP0018
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LenovoConfig
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LenovoSystemConfig
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LKOP0000
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LKOP0001
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LKOP0002
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LKOP0003
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LKOP0004
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LKOP0005
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LKOP0006
 
2a4dc6b7-41f5-45dd-b46f-2dd334c1cf65-LWO
 
34f73d4d-963e-4c65-b3b3-515e720175d6-SaProtocolSetupVar
 
3e72b3ad-2b91-424a-ad73-c3270e91ed88-PwdStatusVar
 
4650c401-93f1-4aeb-b87d-c8204c047dec-SctHotkey
 
47355e9f-0857-45e1-8a6f-a4f5eda89a77-LocalSecurityVars
 
4a67b082-0a4c-41cf-b6c7-440b29bb8c4f-LoaderDeviceIdentifier
 
4a67b082-0a4c-41cf-b6c7-440b29bb8c4f-LoaderDevicePartUUID
 
4a67b082-0a4c-41cf-b6c7-440b29bb8c4f-LoaderEntriesAuto
 
4a67b082-0a4c-41cf-b6c7-440b29bb8c4f-LoaderEntrySelected
 
4a67b082-0a4c-41cf-b6c7-440b29bb8c4f-LoaderFirmwareInfo
 
4a67b082-0a4c-41cf-b6c7-440b29bb8c4f-LoaderFirmwareType
 
4a67b082-0a4c-41cf-b6c7-440b29bb8c4f-LoaderImageIdentifier
 
4a67b082-0a4c-41cf-b6c7-440b29bb8c4f-LoaderInfo
 
4a67b082-0a4c-41cf-b6c7-440b29bb8c4f-LoaderTimeExecUSec
 
4a67b082-0a4c-41cf-b6c7-440b29bb8c4f-LoaderTimeInitUSec
 
4a67b082-0a4c-41cf-b6c7-440b29bb8c4f-LoaderTimeMenuUSec
 
4c19049f-4137-4dd3-9c10-8b97a83ffdfa-MemoryTypeInformation
 
4c19049f-4137-4dd3-9c10-8b97a83ffdfa-MemoryTypeInformationBackup
 
4dfbbaab-1392-4fde-abb8-c41cc5ad7d5d-Setup
 
5e724c0c-5c03-4543-bcb6-c1e23de24136-TpmSaveState
 
608dc793-15de-4a7f-a0c5-6c29beaf5d23-MemRestoreVariable
 
6403753b-abde-4da2-aa11-6983ef2a7a69-TpmAcpiData
 
65827a61-99e2-4f07-a7aa-0b1f98edad39-PlatformOpRomSetup
 
67c3208e-4fcb-498f-9729-0760bb4109a7-LenovoFlashScratch1
 
67c3208e-4fcb-498f-9729-0760bb4109a7-LenovoScratchData
 
67c3208e-4fcb-498f-9729-0760bb4109a7-MailBoxQ
 
753ab903-444c-41f8-a235-569e8341147e-TcgSetup
 
7d4adce1-930d-40c7-9cd2-6d2148413dc7-CpuProtocolSetupVar
 
7da81437-866b-4143-8e08-a25c6ef0fa5b-SaPpiSetupVar
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0000
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0001
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0002
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0003
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0004
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0005
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0006
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0007
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0008
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0009
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot000A
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot000B
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot000C
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot000D
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot000E
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot000F
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0010
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0011
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0012
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0013
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0014
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0015
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0016
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0017
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0018
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-BootCurrent
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-BootOptionSupport
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-BootOrder
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-BootOrderDefault
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-ConIn
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-ConInDev
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-ConOut
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-ConOutDev
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-DIAGSPLSHSCRN
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-ErrOutDev
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-HDDPWD
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-KEK
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Key0000
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Key0001
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Key0002
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Key0003
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Key0004
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Key0005
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Key0006
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-LastBootCurrent
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-OsIndications
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-OsIndicationsSupported
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-PlatformLang
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-PlatformLangCodes
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-ProtectedBootOptions
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-SecureBoot
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-SetupHotKey
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-SetupMode
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-SimpleBootFlag
 
8be4df61-93ca-11d2-aa0d-00e098032b8c-Timeout
 
955b9041-133a-4bcf-90d1-97e1693c0e30-IEIT
 
955b9041-133a-4bcf-90d1-97e1693c0e30-SecureBootOption
 
9da5909e-ef5e-4851-8715-bf9e22b7a600-BGRTLogoIndex
 
9dab39a4-3f8a-47ac-80c3-400729332c81-FirmwarePerformanceDataTable
 
a2c1808f-0d4f-4cc9-a619-d1e641d39d49-LenovoSecurityConfig
 
af9ffd67-ec10-488a-9dfc-6cbf5ee22c2e-AcpiGlobalVariable
 
c3eeae98-23bf-412b-ab60-efcbb48e1534-SMBIOSELOG000
 
c3eeae98-23bf-412b-ab60-efcbb48e1534-SMBIOSELOGNUMBER
 
c3eeae98-23bf-412b-ab60-efcbb48e1534-SMBIOSMEMSIZE
 
c4975200-64f1-4fb6-9773-f6a9f89d985e-SaPegData
 
d719b2cb-3d3a-4596-a3bc-dad00e67656f-db
 
d719b2cb-3d3a-4596-a3bc-dad00e67656f-dbx
 
e5bbf7be-2417-499b-97db-39f4896391bc-BuildDate
 
e5bbf7be-2417-499b-97db-39f4896391bc-BuildTime
 
e6c2f70a-b604-4877-85ba-deec89e117eb-PchInit
 
e6c2f70a-b604-4877-85ba-deec89e117eb-PchS3Peim
 
eb704011-1402-11d3-8e77-00a0c969723b-MTC
 
f9f0b131-f346-4f16-80dd-f941072b3a7d-iFfsData
 
</nowiki>}}
 
 
= Linux Kernel UEFI Support =
 
  
 
== Linux Kernel Config options for UEFI ==
 
== Linux Kernel Config options for UEFI ==
Line 257: Line 59:
 
  CONFIG_FRAMEBUFFER_CONSOLE=y
 
  CONFIG_FRAMEBUFFER_CONSOLE=y
  
UEFI Runtime Variables Support ('''efivarfs''' filesystem - {{ic|/sys/firmware/efi/efivars}}). This option is important as this is required to manipulate UEFI Runtime Variables using tools like {{ic|/usr/bin/gummiboot}}. '''Efivarfs''' is recommended over '''efivars sysfs''' interface (described below). The below config option has been added in kernel 3.10 and above.
+
UEFI Runtime Variables Support ('''efivarfs''' filesystem - {{ic|/sys/firmware/efi/efivars}}). This option is important as this is required to manipulate UEFI Runtime Variables using tools like {{ic|/usr/bin/efibootmgr}}. The below config option has been added in kernel 3.10 and above.
  
 
  CONFIG_EFIVAR_FS=y
 
  CONFIG_EFIVAR_FS=y
  
UEFI Runtime Variables Support ('''efivars sysfs''' interface - {{ic|/sys/firmware/efi/vars}}). This option is important as this is required to manipulate UEFI Runtime Variables using tools like {{ic|efibootmgr}}.
+
UEFI Runtime Variables Support (old '''efivars sysfs''' interface - {{ic|/sys/firmware/efi/vars}}). This option should be disabled to prevent any potential issues with both efivarfs and sysfs-efivars enabled.
  
  CONFIG_EFI_VARS=m
+
  CONFIG_EFI_VARS=n
CONFIG_EFI_VARS_PSTORE=m
+
CONFIG_EFI_VARS_PSTORE_DEFAULT_DISABLE=y
+
  
 
GUID Partition Table [[GPT]] config option - mandatory for UEFI support
 
GUID Partition Table [[GPT]] config option - mandatory for UEFI support
Line 273: Line 73:
 
{{Note|All of the above options are required to boot Linux via UEFI, and are enabled in Archlinux kernels in official repos.}}
 
{{Note|All of the above options are required to boot Linux via UEFI, and are enabled in Archlinux kernels in official repos.}}
  
Retrieved from http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=blob_plain;f=Documentation/x86/x86_64/uefi.txt;hb=HEAD .
+
Retrieved from https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/plain/Documentation/x86/x86_64/uefi.txt .
  
== UEFI Variables Support in Kernel ==
+
== UEFI Variables ==
  
Linux kernel exposes EFI variables data to userspace via 2 interfaces:
+
UEFI defines variables through which an operating system can interact with the firmware. UEFI Boot Variables are used by the boot-loader and used by the OS only for early system start-up. UEFI Runtime Variables allow an OS to manage certain settings of the firmware like the UEFI Boot Manager or managing the keys for UEFI Secure Boot Protocol etc. You can get the list using
 +
$ efivar -l
  
# sysfs-efivars (efivars kernel module, /sys/firmware/efi/vars) which is not recommended by kernel devs
+
=== UEFI Variables Support in Linux Kernel ===
# efivarfs (efivarfs kernel module, /sys/firmware/efi/efivars) that was designed to overcome the limitations of sysfs-efivars interface
+
  
efivarfs was introduced in kernel 3.8 and most of its bugs were ironed out in kernel 3.10 . Subsequently until kernel 3.9.X, sysfs-efivars was built-in in the Arch's core/linux kernel. However since core/linux 3.10 efivarfs is built-in and efivars is again a separate module.
+
Linux kernel exposes EFI variables data to userspace via '''efivarfs''' ('''EFI''' '''VAR'''iable '''F'''ile'''S'''ystem) interface ({{ic|CONFIG_EFIVAR_FS}}) - mounted using {{ic|efivarfs}} kernel module at {{ic|/sys/firmware/efi/efivars}} - it has no maximum per-variable size limitation and supports UEFI Secure Boot variables. Introduced in kernel 3.8.
  
Gummiboot (/usr/bin/gummiboot), systemd, and all tools that modify UEFI Secure Boot functions use only efivarfs. As of 2013-08, it seems that only efibootmgr uses sysfs-efivars. Running both sysfs-efivars and efivarfs can create inconsistencies in EFI variables data in the kernel and is discouraged. Going forward efivarfs is the recommended way for tools to interact with kernel reg EFI variables.
+
=== Requirements for UEFI variable support ===
  
=== Requirements for UEFI Variables support to work properly ===
+
# EFI Runtime Services support should be present in the kernel ({{ic|1=CONFIG_EFI=y}}, check if present with {{ic|zgrep CONFIG_EFI /proc/config.gz}}).
 +
# Kernel processor [[#UEFI Firmware bitness|bitness]] and EFI processor bitness should match.
 +
# Kernel should be booted in EFI mode (via [[EFISTUB]] or any [[Boot loaders|EFI boot loader]], not via BIOS/CSM or Apple's "bootcamp" which is also BIOS/CSM).
 +
# EFI Runtime Services in the kernel SHOULD NOT be disabled via kernel cmdline, i.e. {{ic|noefi}} kernel parameter SHOULD NOT be used.
 +
# {{ic|efivarfs}} filesystem should be mounted at {{ic|/sys/firmware/efi/efivars}}, otherwise follow [[#Mount efivarfs]] section below.
 +
# {{ic|efivar}} should list (option {{ic|-l}}) the EFI Variables without any error.
 +
 
 +
If EFI Variables support does not work even after the above conditions are satisfied, try the below workarounds:
  
# EFI Runtime Services support should be present in the kernel (CONFIG_EFI=y).
 
# Kernel processor bitness/arch and EFI processor bitness/arch should match.
 
# Kernel should be booted in EFI mode (via EFISTUB or any EFI bootloader, not via BIOS/CSM or Apple's "bootcamp" which is also BIOS/CSM)
 
# EFI Runtime Services in the kernel SHOULD NOT be disabled via kernel cmdline, i.e. "noefi" kernel parameter SHOULD NOT be used.
 
 
# If any userspace tool is unable to modify efi variables data, check for existence of {{ic|/sys/firmware/efi/efivars/dump-*}} files. If they exist, delete them, reboot and retry again.
 
# If any userspace tool is unable to modify efi variables data, check for existence of {{ic|/sys/firmware/efi/efivars/dump-*}} files. If they exist, delete them, reboot and retry again.
# If the above step does not fix the issue, try booting with{{ic|efi_no_storage_paranoia}} kernel parameter to disable kernel efi variable storage space check that may prevent writing/modification of efi variables.
+
# If the above step does not fix the issue, try booting with {{ic|efi_no_storage_paranoia}} kernel parameter to disable kernel efi variable storage space check that may prevent writing/modification of efi variables.
 +
 
 
{{Note|{{ic|efi_no_storage_paranoia}} should only be used when needed and should not be left as a normal boot option. The effect of this kernel command line parameter turns off a safeguard that was put in place to help avoid the bricking of machines when the NVRAM gets too full.}}
 
{{Note|{{ic|efi_no_storage_paranoia}} should only be used when needed and should not be left as a normal boot option. The effect of this kernel command line parameter turns off a safeguard that was put in place to help avoid the bricking of machines when the NVRAM gets too full.}}
  
=== Inconsistency between efivarfs and sysfs-efivars ===
+
==== Mount efivarfs ====
  
Both sysfs-efivars and efivarfs can run simultaneously, but this can cause inconsistency between sysfs-efivars data and efivarfs data, especially if data in both are simultaneously modified. See https://lkml.org/lkml/2013/4/16/473 for more info. Therefore it is advisable to use enable only one interface at a time and disable the other one.
+
{{Warning|1=''efivars'' is mounted writeable by default [https://github.com/systemd/systemd/issues/2402], which may cause permanent damage to the system. [https://bbs.archlinux.org/viewtopic.php?id=207549] As such, consider mounting ''efivars'' read-only ({{ic|-o ro}}) as described below. Note that when it is mounted read-only, tools such as ''efibootmgr'' and bootloaders will not be able to change boot settings, nor will commands like {{ic|systemctl reboot --firmware-setup}} work.}}
  
==== Switch to efivarfs ====
+
If {{ic|efivarfs}} is not automatically mounted at {{ic|/sys/firmware/efi/efivars}} by [[systemd]] during boot, then you need to manually mount it to expose UEFI variables to [[#Userspace tools]] like {{ic|efibootmgr}}:
  
{{Note|The below commands should be run BEFORE '''chroot''', if any.}}
+
# mount -t efivarfs efivarfs /sys/firmware/efi/efivars
  
# umount /sys/firmware/efi/efivars
+
{{Note|The above command should be run both '''outside''' ('''before''') and '''inside''' the [[chroot]], if any.}}
# modprobe -r efivars
+
  
# modprobe efivarfs
+
To mount {{ic|efivarfs}} read-only during boot, add to {{ic|/etc/fstab}}:
# mount -t efivarfs efivarfs /sys/firmware/efi/efivars
+
  
Verify that there are files in {{ic|/sys/firmware/efi/efivars/}} directory. If not, check whether all the conditions in [[#Requirements_for_UEFI_Variables_support_to_work_properly]] are met.
+
{{hc|/etc/fstab|2=
 +
efivarfs    /sys/firmware/efi/efivars   efivarfs    '''ro''',nosuid,nodev,noexec,noatime 0 0
 +
}}
  
==== Switch to sysfs-efivars ====
+
To remount with write support, run:
  
{{Note|The below commands should be run BEFORE '''chroot''', if any.}}
+
# mount -o remount /sys/firmware/efi/efivars -o '''rw''',nosuid,nodev,noexec,noatime
  
# umount /sys/firmware/efi/efivars
+
=== Userspace tools ===
# modprobe -r efivars
+
  
# modprobe efivars
+
There are few tools that can access/modify the UEFI variables, namely
  
Verify that there are files/directories within {{ic|/sys/firmware/efi/vars/}} directory. If not, check whether all the conditions in [[#Requirements_for_UEFI_Variables_support_to_work_properly]] are met.
+
# '''efivar''' - Library and Tool to manipulate UEFI Variables (used by efibootmgr) - https://github.com/vathpela/efivar - {{Pkg|efivar}} or {{AUR|efivar-git}}
 +
# '''efibootmgr''' - Tool to manipulate UEFI Firmware Boot Manager Settings - https://github.com/vathpela/efibootmgr - {{Pkg|efibootmgr}} or {{AUR|efibootmgr-git}}
 +
# '''uefivars''' - Dumps list of EFI variables with some additional PCI related info (uses efibootmgr code internally) - https://github.com/fpmurphy/Various/tree/master/uefivars-2.0 supports only efivarfs and https://github.com/fpmurphy/Various/tree/master/uefivars-1.0 supports only sysfs-efivars . AUR package {{AUR|uefivars-git}}
 +
# '''efitools''' - Tools for manipulating UEFI secure boot platforms - {{Pkg|efitools}} or {{AUR|efitools-git}}
 +
# '''Ubuntu's Firmware Test Suite''' - https://wiki.ubuntu.com/FirmwareTestSuite/ - {{AUR|fwts}}{{Broken package link|{{aur-mirror|fwts}}}} (along with {{AUR|fwts-efi-runtime-dkms}}{{Broken package link|{{aur-mirror|fwts-efi-runtime-dkms}}}}) or {{AUR|fwts-git}}
  
= Userspace Tools =
+
==== efibootmgr ====
  
== Supporting both efivarfs and sysfs-efivars ==
+
{{Note|
 +
* If {{ic|efibootmgr}} completely fails to work in your system, you can reboot into UEFI Shell v2 and use {{ic|bcfg}} command to create a boot entry for the bootloader.
 +
* If you are unable to use {{ic|efibootmgr}}, some UEFI firmwares allow users to directly manage uefi boot entries from within its boot-time interface.  For example, some ASUS firmwares have an "Add New Boot Option" choice which enables you to select a local EFI System Partition and manually enter the EFI stub location. (for example {{ic|\EFI\refind\refind_x64.efi}}).
 +
* The below commands use {{Pkg|refind-efi}} boot-loader as example.
 +
}}
  
There are few tools that can access/modify the UEFI variables, namely
+
Assuming the boot-loader file to be launched is {{ic|/boot/efi/EFI/refind/refind_x64.efi}}, {{ic|/boot/efi/EFI/refind/refind_x64.efi}} can be split up as {{ic|/boot/efi}} and {{ic|/EFI/refind/refind_x64.efi}}, wherein {{ic|/boot/efi}} is the mountpoint of the EFI System Partition, which is assumed to be {{ic|/dev/sdXY}} (here {{ic|X}} and {{ic|Y}} are just placeholders for the actual values - eg:- in {{ic|/dev/sda1}} , {{ic|1=X==a}} {{ic|1=Y==1}}).
  
# efivar - Library and Tool to manipulate UEFI Variables (supports both efivarfs and sysfs-efivars) - {{Pkg|efivar}} or {{AUR|efivar-git}}
+
To determine the actual device path for the EFI System Partition (assuming mountpoint {{ic|/boot/efi}} for example) (should be in the form {{ic|/dev/sdXY}}), try :
  
== Supporting efivarfs only ==
+
# findmnt /boot/efi
 +
TARGET SOURCE  FSTYPE OPTIONS
 +
/boot/efi  /dev/sdXY  vfat        rw,flush,tz=UTC
  
# efitools - Tools to Create and Setup own UEFI Secure Boot Certificates, Keys and Signed Binaries (requires efivarfs) - {{AUR|efitools-git}}
+
Verify that uefi variables support in kernel is working properly by running:
  
== Supporting sysfs-efivars only ==
+
# efivar -l
  
# efibootmgr - Tool to manipulate UEFI Firmware Boot Manager Settings (supports only sysfs-efivars currently) - {{Pkg|efibootmgr}} or {{AUR|efibootmgr-git}}
+
If efivar lists the uefi variables without any error, then you can proceed. If not, check whether all the conditions in [[#Requirements for UEFI variable support]] are met.
# uefivars - simply dumps list of EFI variables with some additional info - uses efibootmgr code internally - {{AUR|uefivars-git}}
+
# Ubuntu's Firmware Test Suite - to run some firmware related tests, includes efi variables test code - {{AUR|fwts}} or {{AUR|fwts-git}}
+
  
=== efibootmgr ===
+
Then create the boot entry using efibootmgr as follows:
  
{{Warning|Using {{ic|efibootmgr}} in Apple Macs may brick the firmware and may need reflash of the motherboard ROM. There have been bug reports regarding this in Ubuntu/Launchpad bug tracker. Use bless command alone in case of Macs. Experimental "bless" utility for Linux by Fedora developers - {{AUR|mactel-boot}}.}}
+
# efibootmgr -c -d /dev/sdX -p Y -l /EFI/refind/refind_x64.efi -L "rEFInd"
  
{{Note|If {{ic|efibootmgr}} completely fails to work in your system, you can reboot into UEFI Shell v2 and use {{ic|bcfg}} command to create a boot entry for the bootloader.}}
+
{{Note|1=UEFI uses backward slash {{ic|\}} as path separator (similar to Windows paths), but the official {{Pkg|efibootmgr}} pkg support passing unix-style paths with forward-slash {{ic|/}} as path-separator for the {{ic|-l}} option. Efibootmgr internally converts {{ic|/}} to {{ic|\}} before encoding the loader path. The relevant git commit that incorporated this feature in efibootmgr is http://linux.dell.com/cgi-bin/cgit.cgi/efibootmgr.git/commit/?id=f38f4aaad1dfa677918e417c9faa6e3286411378 .}}
  
{{Note| If you are unable to use {{ic|efibootmgr}}, some UEFI BIOSes allow users to directly manage uefi boot options from within the BIOS. For example, some ASUS BIOSes have a "Add New Boot Option" choice which enables you to select a local EFI system partition and manually enter the EFI stub location. (for example '\EFI\refind\refind_x64.efi')}}
+
In the above command {{ic|/boot/efi/EFI/refind/refind_x64.efi}} translates to {{ic|/boot/efi}} and {{ic|/EFI/refind/refind_x64.efi}} which in turn translate to drive {{ic|/dev/sdX}} -> partition {{ic|Y}} -> file {{ic|/EFI/refind/refind_x64.efi}}.
  
To use efibootmgr, first switch to sysfs-efivars interface (do this always, to prevent inconsistency between efivarfs and sysfs-efivars data so that the firmware does not get confused)
+
The 'label' is the name of the menu entry shown in the UEFI boot menu. This name is user's choice and does not affect the booting of the system. More info can be obtained from [http://linux.dell.com/cgi-bin/cgit.cgi/efibootmgr.git/plain/README efibootmgr GIT README] .
  
{{Note| The below commands use {{Pkg|refind-efi}} boot-loader as example.}}
+
FAT32 filesystem is case-insensitive since it does not use UTF-8 encoding by default. In that case the firmware uses capital 'EFI' instead of small 'efi', therefore using {{ic|\EFI\refind\refindx64.efi}} or {{ic|\efi\refind\refind_x64.efi}} does not matter (this will change if the filesystem encoding is UTF-8).
  
Assuming the boot-loader file to be launched is {{ic|/boot/efi/EFI/refind/refind_x64.efi}}, {{ic|/boot/efi/EFI/refind/refind_x64.efi}} can be split up as {{ic|/boot/efi}} and {{ic|/EFI/refind/refind_x64.efi}}, wherein {{ic|/boot/efi}} is the mountpoint of the EFI System Partition, which is assumed to be {{ic|/dev/sdXY}} (here X and Y are just placeholders for the actual values - eg:- in {{ic|/dev/sda1}} , X==a Y==1).
+
== UEFI Shell ==
  
To determine the actual device path for the UEFI System Partition (should be in the form {{ic|/dev/sdXY}}), try :
+
The UEFI Shell is a shell/terminal for the firmware which allows launching uefi applications which include uefi bootloaders. Apart from that, the shell can also be used to obtain various other information about the system or the firmware like memory map (memmap), modifying boot manager variables (bcfg), running partitioning programs (diskpart), loading uefi drivers, editing text files (edit), hexedit etc.
  
# findmnt /boot/efi
+
=== Obtaining UEFI Shell ===
TARGET SOURCE  FSTYPE OPTIONS
+
/boot/efi  /dev/sdXY  vfat        rw,flush,tz=UTC
+
  
Then create the boot entry using efibootmgr as follows :
+
You can download a BSD licensed UEFI Shell from Intel's Tianocore UDK/EDK2 Sourceforge.net project:
 +
* [[AUR]] package {{AUR|uefi-shell-git}} (recommended) - provides x86_64 Shell in x86_64 system and IA32 Shell in i686 system - compiled directly from latest Tianocore EDK2 SVN source
 +
* There are copies of Shell v1 and Shell v2 in the EFI directory on the Arch install media image.
 +
* [https://github.com/tianocore/edk2/tree/master/ShellBinPkg Precompiled UEFI Shell v2 binaries] (may not be up-to-date)
 +
* [https://github.com/tianocore/edk2/tree/master/EdkShellBinPkg Precompiled UEFI Shell v1 binaries] (not updated anymore upstream)
  
# efibootmgr -c -d /dev/sdX -p Y -l /EFI/refind/refind_x64.efi -L "rEFInd"
+
Shell v2 works best in UEFI 2.3+ systems and is recommended over Shell v1 in those systems. Shell v1 should work in all UEFI systems irrespective of the spec. version the firmware follows. More info at [http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=ShellPkg ShellPkg] and [http://sourceforge.net/mailarchive/message.php?msg_id=28690732 this mail]
  
{{Note|1=UEFI uses backward slash {{ic|\}} as path separator (similar to Windows paths), but the {{Pkg|efibootmgr}}-0.6.0-3 and above pkgs support passing unix-style paths with forward-slash {{ic|/}} as path-separator for the {{ic|-l}} option. Efibootmgr internally converts {{ic|/}} to {{ic|\}} before encoding the loader path. The relevant commit that added this feature to efibootmgr is http://linux.dell.com/cgi-bin/cgit.cgi/efibootmgr.git/commit/?id=f38f4aaad1dfa677918e417c9faa6e3286411378 .}}
+
=== Launching UEFI Shell ===
  
In the above command {{ic|/boot/efi/EFI/refind/refind_x64.efi}} translates to {{ic|/boot/efi}} and {{ic|/EFI/refind/refind_x64.efi}} which in turn translate to drive {{ic|/dev/sdX}} -> partition {{ic|Y}} -> file {{ic|/EFI/refind/refind_x64.efi}}.
+
Few Asus and other AMI Aptio x86_64 UEFI firmware based motherboards (from Sandy Bridge onwards) provide an option called {{ic|"Launch EFI Shell from filesystem device"}} . For those motherboards, download the x86_64 UEFI Shell and copy it to your EFI System Partition as {{ic|<EFI_SYSTEM_PARTITION>/shellx64.efi}} (mostly {{ic|/boot/efi/shellx64.efi}}) .
  
The 'label' is the name of the menu entry shown in the UEFI boot menu. This name is user's choice and does not affect the booting of the system. More info can be obtained from [http://linux.dell.com/cgi-bin/cgit.cgi/efibootmgr.git/plain/README efibootmgr GIT README] .
+
Systems with Phoenix SecureCore Tiano UEFI firmware are known to have embedded UEFI Shell which can be launched using either {{ic|F6}}, {{ic|F11}} or {{ic|F12}} key.
  
FAT32 filesystem is case-insensitive since it does not use UTF-8 encoding by default. In that case the firmware uses capital 'EFI' instead of small 'efi', therefore using {{ic|\EFI\refind\refindx64.efi}} or {{ic|\efi\refind\refind_x64.efi}} does not matter (this will change if the filesystem encoding is UTF-8).
+
{{Note|If you are unable to launch UEFI Shell from the firmware directly using any of the above mentioned methods, create a FAT32 USB pen drive with {{ic|Shell.efi}} copied as {{ic|(USB)/efi/boot/bootx64.efi}}. This USB should come up in the firmware boot menu. Launching this option will launch the UEFI Shell for you.}}
  
= UEFI Bootloaders =
+
=== Important UEFI Shell Commands ===
  
See [[UEFI Bootloaders]] for the main article.
+
UEFI Shell commands usually support {{ic|-b}} option which makes output pause after each page. Run {{ic|help -b}} to list available commands.
  
= EFI System Partition =
+
More info at http://software.intel.com/en-us/articles/efi-shells-and-scripting/
  
{{Note|UEFI System Partition and EFI System Partition (ESP) are same, the terminologies are used interchangeably in some places.}}
+
==== bcfg ====
  
{{Note|The ESP should be accessible by the UEFI firmware, which cannot read LVM and software RAID systems.}}
+
{{ic|bcfg}} modifies the UEFI NVRAM entries which allows the user to change the boot entries or driver options. This command is described in detail in page 83 (Section 5.3) of "UEFI Shell Specification 2.0" PDF document.
  
{{Note|Setting "boot" flag in parted in a MBR partition marks that partition as active, while the same "boot" flag in a GPT partition marks that partition as "UEFI System Partition".}}
+
{{Note|
 +
* Try {{ic|bcfg}} only if {{ic|efibootmgr}} fails to create working boot entries on your system.
 +
* UEFI Shell v1 official binary does not support {{ic|bcfg}} command. You can download a [http://dl.dropbox.com/u/17629062/Shell2.zip modified UEFI Shell v2 binary] which may work in UEFI pre-2.3 firmwares.
 +
}}
  
The EFI System Partition needs to be formatted with a FAT32 filesystem (non-FAT filesystems like ext2/3/4, reiserfs, NTFS, UDF etc. are not supported). Although ESPs with size >=100 MiB and formatted as FAT32 are allowed by Microsoft Windows and many Linux distros, Microsoft documentation specifies that the minimum partition/volume size for FAT32 is 512 MiB. Therefore an ESP should be at least 512 MiB size for maximum compatibility. If you are using Linux EFISTUB booting, then you need to make sure there is adequate space available for keeping the Kernel and Initramfs files in the ESP.
+
To dump a list of current boot entries:
  
It is recommended to use always GPT for UEFI boot as some UEFI firmwares do not allow UEFI-MBR boot.
+
Shell> bcfg boot dump -v
  
== GPT partitioned disks ==
+
To add a boot menu entry for rEFInd (for example) as 4th (numbering starts from zero) option in the boot menu:
  
Two choices:
+
Shell> bcfg boot add 3 fs0:\EFI\refind\refind_x64.efi "rEFInd"
  
* Using GNU Parted/GParted: Create a FAT32 partition. Set "boot" flag on for that partition.
+
where {{ic|fs0:}} is the mapping corresponding to the EFI System Partition and {{ic|fs0:\EFI\refind\refind_x64.efi}} is the file to be launched.
* Using GPT fdisk (aka gdisk): Create a partition with partition type {{ic|ef00}}. Then format that partition as FAT32 using {{ic|mkfs.vfat -F32 /dev/<THAT_PARTITION>}}
+
  
If you get the message <code>WARNING: Not enough clusters for a 32 bit FAT!</code>, reduce cluster size with <code>mkfs.vfat -s2 -F32 ...</code> or <code>-s1</code>, otherwise the partition may be unreadable by UEFI.
+
To add an entry to boot directly into your system without a bootloader, configure a boot option using your kernel as an [[EFISTUB#UEFI_Shell|EFISTUB]]:
  
== MBR partitioned disks ==
+
Shell> bcfg boot add '''N''' fs'''V''':\vmlinuz-linux "Arch Linux"
 +
Shell> bcfg boot -opt '''N''' "root='''/dev/sdX#''' initrd=\initramfs-linux.img"
  
Two choices:
+
where {{ic|N}} is the priority, {{ic|V}} is the volume number of your EFI partition, and {{ic|/dev/sdX#}} is your root partition.
  
* Using GNU Parted/GParted: Create FAT32 partition. Change the type code of that partition to {{ic|0xEF}} using fdisk, cfdisk or sfdisk.
+
To remove the 4th boot option:
* Using fdisk: Create a partition with partition type {{ic|0xEF}}. Then format that partition as FAT32 using {{ic|mkfs.vfat -F32 /dev/<THAT_PARTITION>}}
+
  
= UEFI Shell =
+
Shell> bcfg boot rm 3
  
The UEFI Shell is a shell/terminal for the firmware which allows launching uefi applications which include uefi bootloaders. Apart from that, the shell can also be used to obtain various other information about the system or the firmware like memory map (memmap), modifying boot manager variables (bcfg), running partitioning programs (diskpart), loading uefi drivers, editing text files (edit), hexedit etc.
+
To move the boot option #3 to #0 (i.e. 1st or the default entry in the UEFI Boot menu):
  
== Obtaining UEFI Shell ==
+
Shell> bcfg boot mv 3 0
  
You can download a BSD licensed UEFI Shell from Intel's Tianocore UDK/EDK2 Sourceforge.net project.
+
For bcfg help text:
  
* [[AUR]] '''{{AUR|uefi-shell-svn}}''' pkg (recommended) - provides x86_64 Shell in x86_64 system and IA32 Shell in i686 system - compiled directly from latest Tianocore EDK2 SVN source
+
Shell> help bcfg -v -b
* [https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/ShellBinPkg/UefiShell/X64/Shell.efi Precompiled x86_64 UEFI Shell v2 binary] (may not be up-to-date)
+
* [https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/EdkShellBinPkg/FullShell/X64/Shell_Full.efi Precompiled x86_64 UEFI Shell v1 binary] (not updated anymore upstream)
+
* [https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/ShellBinPkg/UefiShell/Ia32/Shell.efi Precompiled IA32 UEFI Shell v2 binary] (may not be up-to-date)
+
* [https://edk2.svn.sourceforge.net/svnroot/edk2/trunk/edk2/EdkShellBinPkg/FullShell/Ia32/Shell_Full.efi Precompiled IA32 UEFI Shell v1 binary] (not updated anymore upstream)
+
  
Shell v2 works best in UEFI 2.3+ systems and is recommended over Shell v1 in those systems. Shell v1 should work in all UEFI systems irrespective of the spec. version the firmware follows. More info at [http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=ShellPkg ShellPkg] and [http://sourceforge.net/mailarchive/message.php?msg_id=28690732 this mail]
+
or:
  
== Launching UEFI Shell ==
+
Shell> bcfg -? -v -b
  
Few Asus and other AMI Aptio x86_64 UEFI firmware based motherboards (from Sandy Bridge onwards) provide an option called {{ic|"Launch EFI Shell from filesystem device"}} . For those motherboards, download the x86_64 UEFI Shell and copy it to your UEFI SYSTEM PARTITION as {{ic|<UEFI_SYSTEM_PARTITION>/shellx64.efi}} (mostly {{ic|/boot/efi/shellx64.efi}}) .
+
==== map ====
  
Systems with Phoenix SecureCore Tiano UEFI firmware are known to have embedded UEFI Shell which can be launched using either F6, F11 or F12 key.
+
{{ic|map}} displays a list of device mappings i.e. the names of available file systems ({{ic|fs0}}) and storage devices ({{ic|blk0}}).
  
{{Note|If you are unable to launch UEFI Shell from the firmware directly using any of the above mentioned methods, create a FAT32 USB pen drive with Shell.efi copied as (USB)/efi/boot/bootx64.efi . This USB should come up in the firmware boot menu. Launching this option will launch the UEFI Shell for you.}}
+
Before running file system commands such as {{ic|cd}} or {{ic|ls}}, you need to change the shell to the appropriate file system by typing its name:
  
== Important UEFI Shell Commands ==
+
  Shell> fs0:
 +
  fs0:\> cd EFI/
  
UEFI Shell commands usually support {{ic|-b}} option which makes output pause after each page. {{ic|map}} lists recognized filesystems ({{ic|fs0}}, ...) and data storage devices ({{ic|blk0}}, ...). Run {{ic|help -b}} to list available commands.
+
==== edit ====
  
More info at http://software.intel.com/en-us/articles/efi-shells-and-scripting/
+
{{ic|edit}} provides a basic text editor with an interface similar to nano, but slightly less functional. It handles UTF-8 encoding and takes care or LF vs CRLF line endings.
  
=== bcfg ===
+
For example, to edit rEFInd's {{ic|refind.conf}} in the EFI System Partition ({{ic|fs0:}} in the firmware),
  
BCFG command is used to modify the UEFI NVRAM entries, which allow the user to change the boot entries or driver options. This command is described in detail in page 83 (Section 5.3) of "UEFI Shell Specification 2.0" pdf document.
+
Shell> fs0:
 +
FS0:\> cd \EFI\arch\refind
 +
FS0:\EFI\arch\refind\> edit refind.conf
  
{{Note| Users are recommended to try {{ic|bcfg}} only if {{ic|efibootmgr}} fails to create working boot entries in their system.}}
+
Type {{ic|Ctrl-E}} for help.
  
{{Note| UEFI Shell v1 official binary does not support {{ic|bcfg}} command. You can download a [http://dl.dropbox.com/u/17629062/Shell2.zip modified UEFI Shell v2 binary] which may work in UEFI pre-2.3 firmwares.}}
+
== UEFI Linux Hardware Compatibility ==
  
To dump a list of current boot entries -
+
See [[Unified Extensible Firmware Interface/Hardware]] for more information.
  
Shell> bcfg boot dump -v
+
== UEFI Bootable Media ==
  
To add a boot menu entry for rEFInd (for example) as 4th (numbering starts from zero) option in the boot menu
+
=== Create UEFI bootable USB from ISO ===
  
Shell> bcfg boot add 3 fs0:\EFI\refind\refind_x64.efi "rEFInd"
+
Follow [[USB flash installation media#BIOS and UEFI Bootable USB]]
  
where fs0: is the mapping corresponding to the UEFI System Partition and fs0:\EFI\refind\refind_x64.efi is the file to be launched.
+
=== Remove UEFI boot support from Optical Media ===
  
To remove the 4th boot option
+
{{Note|This section mentions removing UEFI boot support from a '''CD/DVD only''' (Optical Media), not from a USB flash drive.}}
  
Shell> bcfg boot rm 3
+
Most of the 32-bit EFI Macs and some 64-bit EFI Macs refuse to boot from a UEFI(X64)+BIOS bootable CD/DVD. If one wishes to proceed with the installation using optical media, it might be necessary to remove UEFI support first.
  
To move the boot option #3 to #0 (i.e. 1st or the default entry in the UEFI Boot menu)
+
* Mount the official installation media and obtain the {{ic|archisolabel}} as shown in the previous section.
  
  Shell> bcfg boot mv 3 0
+
  # mount -o loop ''input.iso'' /mnt/iso
  
For bcfg help text
+
* Then rebuild the ISO, excluding the UEFI Optical Media booting support, using {{ic|xorriso}} from {{pkg|libisoburn}}. Be sure to set the correct archisolabel, e.g. "ARCH_201411" or similar:
 +
{{bc|1=
 +
$ xorriso -as mkisofs -iso-level 3 \
 +
    -full-iso9660-filenames\
 +
    -volid "''archisolabel''" \
 +
    -appid "Arch Linux CD" \
 +
    -publisher "Arch Linux <https://www.archlinux.org>" \
 +
    -preparer "prepared by $USER" \
 +
    -eltorito-boot isolinux/isolinux.bin \
 +
    -eltorito-catalog isolinux/boot.cat \
 +
    -no-emul-boot -boot-load-size 4 -boot-info-table \
 +
    -isohybrid-mbr "/mnt/iso/isolinux/isohdpfx.bin" \
 +
    -output ''output.iso'' /mnt/iso/
 +
}}
  
Shell> help bcfg -v -b
+
* Burn {{ic|''output.iso''}} to optical media and proceed with installation normally.
  
or
+
== Testing UEFI in systems without native support ==
  
Shell> bcfg -? -v -b
+
=== OVMF for Virtual Machines ===
  
=== edit ===
+
[https://tianocore.github.io/ovmf/ OVMF] is a tianocore project to enable UEFI support for Virtual Machines. OVMF contains a sample UEFI firmware for QEMU.
  
EDIT command provides a basic text editor with an interface similar to nano text editor, but slightly less functional. It handles UTF-8 encoding and takes care or LF vs CRLF line endings.
+
You can install {{pkg|ovmf}} from the extra repository and run it as follows:
  
To edit, for example rEFInd's refind.conf in the UEFI System Partition (fs0: in the firmware)
+
$ qemu-system-x86_64 -enable-kvm -net none -m 1024 -drive file=/usr/share/ovmf/ovmf_x64.bin,format=raw,if=pflash,readonly
  
Shell> fs0:
+
=== DUET for BIOS only systems ===
FS0:\> cd \EFI\arch\refind
+
FS0:\EFI\arch\refind\> edit refind.conf
+
  
Type {{ic|Ctrl-E}} for help.
+
DUET is a tianocore project that enables chainloading a full UEFI environment from a BIOS system, in a way similar to BIOS OS booting. This method is being discussed extensively in http://www.insanelymac.com/forum/topic/186440-linux-and-windows-uefi-boot-using-tianocore-duet-firmware/. Pre-build DUET images can be downloaded from one of the repos at https://gitorious.org/tianocore_uefi_duet_builds. Specific instructions for setting up DUET is available at https://gitorious.org/tianocore_uefi_duet_builds/tianocore_uefi_duet_installer/blobs/raw/master/Migle_BootDuet_INSTALL.txt.  
  
= UEFI Linux Hardware Compatibility =
+
You can also try http://sourceforge.net/projects/cloverefiboot/ which provides modified DUET images that may contain some system specific fixes and is more frequently updated compared to the gitorious repos.
  
See [[HCL/Firmwares/UEFI]] for the main article.
+
== Troubleshooting ==
  
= UEFI Bootable Media =
+
=== Windows 7 will not boot in UEFI Mode ===
  
== Create UEFI bootable USB from ISO ==
+
If you have installed Windows to a different hard disk with GPT partitioning and still have a MBR partitioned hard disk in your computer, then it is possible that the firmware (UEFI) is starting its CSM support (for booting MBR partitions) and therefore Windows will not boot. To solve this merge your MBR hard disk to GPT partitioning or disable the SATA port where the MBR hard disk is plugged in or unplug the SATA connector from this hard disk.
  
{{Note|1=The instructions below are specifically for [[Archiso]]/official media; [[Archboot]] preparation is identical, with this [https://bbs.archlinux.org/viewtopic.php?pid=1190788#p1190788 refind.conf] instead of the one mentioned below (which is for Archiso) and without the filesystem label requirement.}}
+
Mainboards with this kind of problem:
  
* [[Beginners_Guide#Prepare_the_storage_drive|First create either a MBR or GPT (recommended) partition table and at least one partition in the USB]] (so it is fine to use an already partitioned USB). {{Note|Using a GPT partition table is recommended as some firmwares don't support booting from MBR devices in full UEFI mode (e.g. Gigabyte).}}
+
* Gigabyte Z77X-UD3H rev. 1.1 (UEFI version F19e)
 +
** The firmware option for booting "UEFI Only" does not prevent the firmware from starting CSM.
  
* Mount the ISO image from the [https://www.archlinux.org/download/ Arch Linux download page].
+
=== Windows changes boot order ===
 +
In some motherboards (confirmed in ASRock Z77 Extreme4), Windows 8 changes the boot order in the NVRAM everytime is booted. This can be fixed making the Windows Boot Manager to load another loader instead of booting Windows.
 +
Run this command in a Administrator mode console in Windows:
 +
# bcdedit /set {bootmgr} path \EFI\boot_app_dir\boot_app.efi
  
# mkdir -p /mnt/{usb,iso}
+
=== USB media gets struck with black screen ===
# mount -o loop archlinux-2013.06.01-dual.iso /mnt/iso
+
  
* Then create a FAT32 filesystem in the partition on the USB (unmount before if necessary) with LABEL as used in the Archiso configuration. Obtain the label from {{ic|/mnt/iso/loader/entries/archiso-x86_64.conf}}; this is used by the {{ic|archiso}} hook in initramfs to identify the udev path to the installation media. {{ic|mkfs.vfat}} is part of package {{Pkg|dosfstools}}. {{Note|The filesystem should be either FAT32 (recommended), FAT16, or FAT12.}}
+
* This issue can occur either due to [[KMS]] issue. Try [[Kernel mode setting#Disabling_modesetting|Disabling KMS]] while booting the USB.
  
# awk 'BEGIN {FS="="} /archisolabel/ {print $3}' /mnt/iso/loader/entries/archiso-x86_64.conf | xargs mkfs.vfat -F32 /dev/sdXY -n
+
* If the issue is not due to KMS, then it may be due to bug in [[EFISTUB]] booting (see {{Bug|33745}} and [https://bbs.archlinux.org/viewtopic.php?id=156670] for more information.). Both Official ISO ([[Archiso]]) and [[Archboot]] iso use EFISTUB (via [[Gummiboot]] Boot Manager for menu) for booting the kernel in UEFI mode. In such a case you have to use [[GRUB]] as the USB's UEFI bootloader by following the below section.
  
* Mount the newly created FAT32 USB partition, and copy the contents of the installation media to the USB media.
+
==== Using GRUB ====
 +
{{Deletion|Through bug report this issue should be fixed in kernel 3.16 and after, so this workaround is not needed anymore.}}
 +
{{Tip|The given configuration entries can also be entered inside a [[GRUB#Using_the_command_shell|GRUB command-shell]].}}
  
# mount /dev/sdXY /mnt/usb
+
* [[USB flash installation media#BIOS_and_UEFI_Bootable_USB|Create an USB Flash Installation]]
# cp -a /mnt/iso/* /mnt/usb
+
# sync
+
# umount /mnt/{usb,iso}
+
  
== Remove UEFI boot support from ISO ==
+
* Backup {{ic|EFI/boot/loader.efi}} to {{ic|EFI/boot/gummiboot.efi}}
  
{{Warning|In the event that UEFI+isohybrid El Torito/MBR really causes problems, it would be better to just UEFI boot using the USB stick instructions in the previous section}}
+
* [[GRUB#GRUB_standalone|Create a GRUB standalone image]] and copy the generate {{ic|grub*.efi}} to the USB as {{ic|EFI/boot/loader.efi}}, {{ic|EFI/boot/bootx64.efi}} and/or {{ic|EFI/boot/bootia32.efi}} (useful when running on a 32-bit UEFI)
  
Most of the 32-bit EFI Macs and some 64-bit EFI Macs refuse to boot from an UEFI(X64)+BIOS bootable CD/DVD. If one wishes to proceed with the installation using optical media, it might be necessary to remove UEFI support first.
+
* Create {{ic|EFI/boot/grub.cfg}} with the following contents (replace {{ic|ARCH_YYYYMM}} with the required archiso label e.g. {{ic|ARCH_201507}}):
  
Mount the official installation media and obtain the {{ic|archisolabel}} as shown in the previous section.
+
{{hc|grub.cfg for Official ISO|<nowiki>
 +
insmod part_gpt
 +
insmod part_msdos
 +
insmod fat
  
Rebuild the ISO using {{ic|xorriso}} from {{pkg|libisoburn}}:
+
insmod efi_gop
 +
insmod efi_uga
 +
insmod video_bochs
 +
insmod video_cirrus
  
{{bc|1=<nowiki>
+
insmod font
$ xorriso -as mkisofs -iso-level 3 \
+
    -full-iso9660-filenames\
+
    -volid "ARCH_201212" \
+
    -appid "Arch Linux CD" \
+
    -publisher "Arch Linux <https://www.archlinux.org>" \
+
    -preparer "prepared like a BAWSE" \
+
    -eltorito-boot isolinux/isolinux.bin \
+
    -eltorito-catalog isolinux/boot.cat \
+
    -no-emul-boot -boot-load-size 4 -boot-info-table \
+
    -isohybrid-mbr "/mnt/iso/isolinux/isohdpfx.bin" \
+
    -output "~/archiso.iso" "/mnt/iso/"</nowiki>}}
+
  
Burn {{ic|~/archiso.iso}} to optical media and proceed with installation normally.
+
if loadfont "${prefix}/fonts/unicode.pf2" ; then
 +
    insmod gfxterm
 +
    set gfxmode="1024x768x32;auto"
 +
    terminal_input console
 +
    terminal_output gfxterm
 +
fi
  
= Testing UEFI in systems without native support =
+
menuentry "Arch Linux archiso x86_64" {
 +
    set gfxpayload=keep
 +
    search --no-floppy --set=root --label ARCH_YYYYMM
 +
    linux /arch/boot/x86_64/vmlinuz archisobasedir=arch archisolabel=ARCH_YYYYMM add_efi_memmap
 +
    initrd /arch/boot/x86_64/archiso.img
 +
}
  
== OVMF for Virtual Machines ==
+
menuentry "UEFI Shell x86_64 v2" {
 +
    search --no-floppy --set=root --label ARCH_YYYYMM
 +
    chainloader /EFI/shellx64_v2.efi
 +
}
 +
   
 +
menuentry "UEFI Shell x86_64 v1" {
 +
    search --no-floppy --set=root --label ARCH_YYYYMM
 +
    chainloader /EFI/shellx64_v1.efi
 +
}
 +
</nowiki>}}
  
OVMF [http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=OVMF] is a tianocore project to enable UEFI support for Virtual Machines. OVMF contains a sample UEFI firmware for QEMU.
+
{{hc|grub.cfg for Archboot ISO|<nowiki>
 +
insmod part_gpt
 +
insmod part_msdos
 +
insmod fat
  
You can build OVMF (with Secure Boot support) from AUR {{AUR|ovmf-svn}} and run it as follows:
+
insmod efi_gop
 +
insmod efi_uga
 +
insmod video_bochs
 +
insmod video_cirrus
  
qemu-system-x86_64 -enable-kvm -net none -m 1024 -bios /usr/share/ovmf/x86_64/bios.bin
+
insmod font
  
== DUET for BIOS only systems ==
+
if loadfont "${prefix}/fonts/unicode.pf2" ; then
 +
    insmod gfxterm
 +
    set gfxmode="1024x768x32;auto"
 +
    terminal_input console
 +
    terminal_output gfxterm
 +
fi
  
DUET is a tianocore project that enables chainloading a full UEFI environment from a BIOS system, in a way similar to BIOS OS booting. This method is being discussed extensively in http://www.insanelymac.com/forum/topic/186440-linux-and-windows-uefi-boot-using-tianocore-duet-firmware/ . Pre-build DUET images can be downloaded from one of the repos at https://gitorious.org/tianocore_uefi_duet_builds . Specific instructions for setting up DUET is available at https://gitorious.org/tianocore_uefi_duet_builds/tianocore_uefi_duet_installer/blobs/raw/master/Migle_BootDuet_INSTALL.txt .  
+
menuentry "Arch Linux x86_64 Archboot" {
 +
    set gfxpayload=keep
 +
    search --no-floppy --set=root --file /boot/vmlinuz_x86_64
 +
    linux /boot/vmlinuz_x86_64 cgroup_disable=memory loglevel=7 add_efi_memmap
 +
    initrd /boot/initramfs_x86_64.img
 +
}
  
You can also try http://sourceforge.net/projects/cloverefiboot/ which provides modified DUET images that may contain some system specific fixes and is more frequently updated compared to the gitorious repos.
+
menuentry "UEFI Shell x86_64 v2" {
 +
    search --no-floppy --set=root --file /boot/vmlinuz_x86_64
 +
    chainloader /EFI/tools/shellx64_v2.efi
 +
}
 +
   
 +
menuentry "UEFI Shell x86_64 v1" {
 +
    search --no-floppy --set=root --file /boot/vmlinuz_x86_64
 +
    chainloader /EFI/tools/shellx64_v1.efi
 +
}
 +
</nowiki>}}
  
= Troubleshooting =
+
=== UEFI boot loader does not show up in firmware menu ===
  
== Windows 7 won't boot in UEFI Mode ==
+
On some UEFI motherboards like boards with an Intel Z77 chipset, adding entries with {{ic|efibootmgr}} or {{ic|bcfg}} from the EFI Shell will not work because they do not show up on the boot menu list after being added to NVRAM.
  
If you have installed Windows to a different harddisk with GPT partitioning and still have a MBR partitioned harddisk in your computer, then it is possible that the UEFI BIOS is starting it's CSM support (for booting MBR partitions) and therefor Windows won't boot. To solve this merge your MBR harddisk to GPT partitioning or disable the SATA port where the MBR harddisk is plugged in or unplug the SATA connector from this harddisk.
+
This issue is caused because the motherboards can only load Microsoft Windows. To solve this you have to place the {{ic|.efi}} file in the location that Windows uses.
  
Mainboards with this kind of problem:
+
Copy the {{ic|bootx64.efi}} file from the Arch Linux installation medium ({{ic|FSO:}}) to the Microsoft directory your [[ESP]] partition on your hard drive ({{ic|FS1:}}). Do this by booting into EFI shell and typing:
  
Gigabyte Z77X-UD3H rev. 1.1 (UEFI BIOS version F19e)
+
FS1:
 +
cd EFI
 +
mkdir Microsoft
 +
cd Microsoft
 +
mkdir Boot
 +
cp FS0:\EFI\BOOT\bootx64.efi FS1:\EFI\Microsoft\Boot\bootmgfw.efi
  
- UEFI BIOS option for booting UEFI Only doesn't pretend the UEFI BIOS from starting CSM
+
After reboot, any entries added to NVRAM should show up in the boot menu.
  
= See also =
+
== See also ==
  
* Wikipedia's page on [http://en.wikipedia.org/wiki/UEFI UEFI]
+
* [[Wikipedia:UEFI]]
* Wikipedia's page on [http://en.wikipedia.org/wiki/EFI_System_partition UEFI SYSTEM Partition]
+
* [http://www.uefi.org/home/ UEFI Forum] - contains the official [http://uefi.org/specifications UEFI Specifications] - GUID Partition Table is part of UEFI Specification
* [http://git.kernel.org/?p=linux/kernel/git/torvalds/linux.git;a=blob_plain;f=Documentation/x86/x86_64/uefi.txt;hb=HEAD Linux Kernel UEFI Documentation]
+
* [https://www.happyassassin.net/2014/01/25/uefi-boot-how-does-that-actually-work-then/ UEFI boot: how does that actually work, then? - A blog post by AdamW]
* [http://www.uefi.org/home/ UEFI Forum] - contains the official [http://www.uefi.org/specs/ UEFI Specifications] - GUID Partition Table is part of UEFI Specification
+
* [https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/plain/Documentation/x86/x86_64/uefi.txt Linux Kernel x86_64 UEFI Documentation]
 +
* [http://www.intel.com/technology/efi/ Intel's page on EFI]
 +
* [http://uefidk.intel.com/ Intel UEFI Community Resource Center]
 +
* [http://uefidk.intel.com/blog/linux-efi-boot-stub Matt Fleming - The Linux EFI Boot Stub]
 +
* [http://uefidk.intel.com/blog/accessing-uefi-variables-linux Matt Fleming - Accessing UEFI Variables from Linux]
 +
* [http://www.rodsbooks.com/linux-uefi/ Rod Smith - Linux on UEFI: A Quick Installation Guide]
 +
* [https://lkml.org/lkml/2011/6/8/322 UEFI Boot problems on some newer machines (LKML)]
 +
* [http://linuxplumbers.ubicast.tv/videos/plumbing-uefi-into-linux/ LPC 2012 Plumbing UEFI into Linux]
 +
* [http://linuxplumbers.ubicast.tv/videos/uefi-tutorial-part-1/ LPC 2012 UEFI Tutorial : part 1]
 +
* [http://linuxplumbers.ubicast.tv/videos/uefi-tutorial-part-2/ LPC 2012 UEFI Tutorial : part 2]
 
* [http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome_to_TianoCore Intel's Tianocore Project] for Open-Source UEFI firmware which includes DuetPkg for direct BIOS based booting and OvmfPkg used in QEMU and Oracle VirtualBox
 
* [http://sourceforge.net/apps/mediawiki/tianocore/index.php?title=Welcome_to_TianoCore Intel's Tianocore Project] for Open-Source UEFI firmware which includes DuetPkg for direct BIOS based booting and OvmfPkg used in QEMU and Oracle VirtualBox
* [http://www.intel.com/technology/efi/ Intel's page on EFI]
 
 
* [http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/efi-boot-process.html FGA: The EFI boot process]
 
* [http://homepage.ntlworld.com/jonathan.deboynepollard/FGA/efi-boot-process.html FGA: The EFI boot process]
* [http://www.microsoft.com/whdc/device/storage/GPT_FAQ.mspx Microsoft's Windows and GPT FAQ] - Contains info on Windows UEFI booting also
+
* [http://www.microsoft.com/whdc/device/storage/GPT_FAQ.mspx Microsoft's Windows and GPT FAQ]
* [https://gitorious.org/tianocore_uefi_duet_builds/pages/Windows_x64_BIOS_to_UEFI Convert Windows Vista SP1+ or 7 x86_64 boot from BIOS-MBR mode to UEFI-GPT mode without Reinstall]
+
* [https://gitorious.org/tianocore_uefi_duet_builds/pages/Windows_x64_BIOS_to_UEFI Convert Windows x64 from BIOS-MBR mode to UEFI-GPT mode without Reinstall]
 
* [https://gitorious.org/tianocore_uefi_duet_builds/pages/Linux_Windows_BIOS_UEFI_boot_USB Create a Linux BIOS+UEFI and Windows x64 BIOS+UEFI bootable USB drive]
 
* [https://gitorious.org/tianocore_uefi_duet_builds/pages/Linux_Windows_BIOS_UEFI_boot_USB Create a Linux BIOS+UEFI and Windows x64 BIOS+UEFI bootable USB drive]
 
* [http://rodsbooks.com/bios2uefi/ Rod Smith - A BIOS to UEFI Transformation]
 
* [http://rodsbooks.com/bios2uefi/ Rod Smith - A BIOS to UEFI Transformation]
* [https://lkml.org/lkml/2011/6/8/322 UEFI Boot problems on some newer machines (LKML)]
 
 
* [http://software.intel.com/en-us/articles/efi-shells-and-scripting/ EFI Shells and Scripting - Intel Documentation]
 
* [http://software.intel.com/en-us/articles/efi-shells-and-scripting/ EFI Shells and Scripting - Intel Documentation]
 
* [http://software.intel.com/en-us/articles/uefi-shell/ UEFI Shell  - Intel Documentation]
 
* [http://software.intel.com/en-us/articles/uefi-shell/ UEFI Shell  - Intel Documentation]
 
* [http://www.hpuxtips.es/?q=node/293 UEFI Shell - bcfg command info]
 
* [http://www.hpuxtips.es/?q=node/293 UEFI Shell - bcfg command info]
 
* [http://dl.dropbox.com/u/17629062/Shell2.zip UEFI Shell v2 binary with bcfg modified to work with UEFI pre-2.3 firmware - from Clover efiboot]
 
* [http://dl.dropbox.com/u/17629062/Shell2.zip UEFI Shell v2 binary with bcfg modified to work with UEFI pre-2.3 firmware - from Clover efiboot]
* [http://linuxplumbers.ubicast.tv/videos/plumbing-uefi-into-linux/ LPC 2012 Plumbing UEFI into Linux]
 
* [http://linuxplumbers.ubicast.tv/videos/uefi-tutorial-part-1/ LPC 2012 UEFI Tutorial : part 1]
 
* [http://linuxplumbers.ubicast.tv/videos/uefi-tutorial-part-2/ LPC 2012 UEFI Tutorial : part 2]
 

Latest revision as of 18:59, 19 June 2016

Warning: While the choice to install in UEFI mode is forward looking, early vendor UEFI implementations may carry more bugs than their BIOS counterparts. It is advised to do a search relating to your particular mainboard model before proceeding.

The Unified Extensible Firmware Interface (EFI or UEFI for short) is a new model for the interface between operating systems and firmware. It provides a standard environment for booting an operating system and running pre-boot applications.

It is distinct from the commonly used "MBR boot code" method followed for BIOS systems. See Arch boot process for their differences and the boot process using UEFI. To set up UEFI Boot Loaders, see Boot loaders.

UEFI versions

  • UEFI started as Intel's EFI in versions 1.x.
  • Later, a group of companies called the UEFI Forum took over its development, which renamed it as Unified EFI starting with version 2.0.
  • Unless specified as EFI 1.x, EFI and UEFI terms are used interchangeably to denote UEFI 2.x firmware.
  • As of 15 April 2015, UEFI Specification 2.5 is the most recent version.
  • Apple's EFI implementation is neither a EFI 1.x version nor UEFI 2.x version but mixes up both. This kind of firmware does not fall under any one (U)EFI specification and therefore is not a standard UEFI firmware. Unless stated explicitly, these instructions are general and some of them may not work or may be different in Apple Macs.

UEFI Firmware bitness

Under UEFI, every program whether it is an OS loader or a utility (e.g. a memory testing app or recovery tool), should be a UEFI Application corresponding to the EFI firmware bitness/architecture.

The vast majority of UEFI firmwares, including recent Apple Macs, use x86_64 EFI firmware. The only known devices that use IA32 (32-bit) EFI are older (pre 2008) Apple Macs, some Intel Cloverfield ultrabooks and some older Intel Server boards that are known to operate on Intel EFI 1.10 firmware.

An x86_64 EFI firmware does not include support for launching 32-bit EFI apps (unlike x86_64 Linux and Windows versions which include such support). Therefore the UEFI application must be compiled for that specific firmware processor bitness/architecture.

Non Macs

Check whether the dir /sys/firmware/efi exists, if it exists it means the kernel has booted in EFI mode. In that case the UEFI bitness is same as kernel bitness. (ie. i686 or x86_64)

Note: Intel Atom System-on-Chip systems ship with 32-bit UEFI (as on 2 November 2013). See #Using GRUB for more info.

Apple Macs

Pre-2008 Macs mostly have i386-efi firmware while >=2008 Macs have mostly x86_64-efi. All Macs capable of running Mac OS X Snow Leopard 64-bit Kernel have x86_64 EFI 1.x firmware.

To find out the arch of the efi firmware in a Mac, type the following into the Mac OS X terminal:

$ ioreg -l -p IODeviceTree | grep firmware-abi

If the command returns EFI32 then it is IA32 (32-bit) EFI firmware. If it returns EFI64 then it is x86_64 EFI firmware. Most of the Macs do not have UEFI 2.x firmware as Apple's EFI implementation is not fully compliant with UEFI 2.x Specification.

Linux Kernel Config options for UEFI

The required Linux Kernel configuration options for UEFI systems are :

CONFIG_RELOCATABLE=y
CONFIG_EFI=y
CONFIG_EFI_STUB=y
CONFIG_FB_EFI=y
CONFIG_FRAMEBUFFER_CONSOLE=y

UEFI Runtime Variables Support (efivarfs filesystem - /sys/firmware/efi/efivars). This option is important as this is required to manipulate UEFI Runtime Variables using tools like /usr/bin/efibootmgr. The below config option has been added in kernel 3.10 and above.

CONFIG_EFIVAR_FS=y

UEFI Runtime Variables Support (old efivars sysfs interface - /sys/firmware/efi/vars). This option should be disabled to prevent any potential issues with both efivarfs and sysfs-efivars enabled.

CONFIG_EFI_VARS=n

GUID Partition Table GPT config option - mandatory for UEFI support

CONFIG_EFI_PARTITION=y
Note: All of the above options are required to boot Linux via UEFI, and are enabled in Archlinux kernels in official repos.

Retrieved from https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux.git/plain/Documentation/x86/x86_64/uefi.txt .

UEFI Variables

UEFI defines variables through which an operating system can interact with the firmware. UEFI Boot Variables are used by the boot-loader and used by the OS only for early system start-up. UEFI Runtime Variables allow an OS to manage certain settings of the firmware like the UEFI Boot Manager or managing the keys for UEFI Secure Boot Protocol etc. You can get the list using

$ efivar -l

UEFI Variables Support in Linux Kernel

Linux kernel exposes EFI variables data to userspace via efivarfs (EFI VARiable FileSystem) interface (CONFIG_EFIVAR_FS) - mounted using efivarfs kernel module at /sys/firmware/efi/efivars - it has no maximum per-variable size limitation and supports UEFI Secure Boot variables. Introduced in kernel 3.8.

Requirements for UEFI variable support

  1. EFI Runtime Services support should be present in the kernel (CONFIG_EFI=y, check if present with zgrep CONFIG_EFI /proc/config.gz).
  2. Kernel processor bitness and EFI processor bitness should match.
  3. Kernel should be booted in EFI mode (via EFISTUB or any EFI boot loader, not via BIOS/CSM or Apple's "bootcamp" which is also BIOS/CSM).
  4. EFI Runtime Services in the kernel SHOULD NOT be disabled via kernel cmdline, i.e. noefi kernel parameter SHOULD NOT be used.
  5. efivarfs filesystem should be mounted at /sys/firmware/efi/efivars, otherwise follow #Mount efivarfs section below.
  6. efivar should list (option -l) the EFI Variables without any error.

If EFI Variables support does not work even after the above conditions are satisfied, try the below workarounds:

  1. If any userspace tool is unable to modify efi variables data, check for existence of /sys/firmware/efi/efivars/dump-* files. If they exist, delete them, reboot and retry again.
  2. If the above step does not fix the issue, try booting with efi_no_storage_paranoia kernel parameter to disable kernel efi variable storage space check that may prevent writing/modification of efi variables.
Note: efi_no_storage_paranoia should only be used when needed and should not be left as a normal boot option. The effect of this kernel command line parameter turns off a safeguard that was put in place to help avoid the bricking of machines when the NVRAM gets too full.

Mount efivarfs

Warning: efivars is mounted writeable by default [1], which may cause permanent damage to the system. [2] As such, consider mounting efivars read-only (-o ro) as described below. Note that when it is mounted read-only, tools such as efibootmgr and bootloaders will not be able to change boot settings, nor will commands like systemctl reboot --firmware-setup work.

If efivarfs is not automatically mounted at /sys/firmware/efi/efivars by systemd during boot, then you need to manually mount it to expose UEFI variables to #Userspace tools like efibootmgr:

# mount -t efivarfs efivarfs /sys/firmware/efi/efivars
Note: The above command should be run both outside (before) and inside the chroot, if any.

To mount efivarfs read-only during boot, add to /etc/fstab:

/etc/fstab
efivarfs    /sys/firmware/efi/efivars    efivarfs    ro,nosuid,nodev,noexec,noatime 0 0

To remount with write support, run:

# mount -o remount /sys/firmware/efi/efivars -o rw,nosuid,nodev,noexec,noatime

Userspace tools

There are few tools that can access/modify the UEFI variables, namely

  1. efivar - Library and Tool to manipulate UEFI Variables (used by efibootmgr) - https://github.com/vathpela/efivar - efivar or efivar-gitAUR
  2. efibootmgr - Tool to manipulate UEFI Firmware Boot Manager Settings - https://github.com/vathpela/efibootmgr - efibootmgr or efibootmgr-gitAUR
  3. uefivars - Dumps list of EFI variables with some additional PCI related info (uses efibootmgr code internally) - https://github.com/fpmurphy/Various/tree/master/uefivars-2.0 supports only efivarfs and https://github.com/fpmurphy/Various/tree/master/uefivars-1.0 supports only sysfs-efivars . AUR package uefivars-gitAUR
  4. efitools - Tools for manipulating UEFI secure boot platforms - efitools or efitools-gitAUR
  5. Ubuntu's Firmware Test Suite - https://wiki.ubuntu.com/FirmwareTestSuite/ - fwtsAUR[broken link: archived in aur-mirror] (along with fwts-efi-runtime-dkmsAUR[broken link: archived in aur-mirror]) or fwts-gitAUR

efibootmgr

Note:
  • If efibootmgr completely fails to work in your system, you can reboot into UEFI Shell v2 and use bcfg command to create a boot entry for the bootloader.
  • If you are unable to use efibootmgr, some UEFI firmwares allow users to directly manage uefi boot entries from within its boot-time interface. For example, some ASUS firmwares have an "Add New Boot Option" choice which enables you to select a local EFI System Partition and manually enter the EFI stub location. (for example \EFI\refind\refind_x64.efi).
  • The below commands use refind-efi boot-loader as example.

Assuming the boot-loader file to be launched is /boot/efi/EFI/refind/refind_x64.efi, /boot/efi/EFI/refind/refind_x64.efi can be split up as /boot/efi and /EFI/refind/refind_x64.efi, wherein /boot/efi is the mountpoint of the EFI System Partition, which is assumed to be /dev/sdXY (here X and Y are just placeholders for the actual values - eg:- in /dev/sda1 , X==a Y==1).

To determine the actual device path for the EFI System Partition (assuming mountpoint /boot/efi for example) (should be in the form /dev/sdXY), try :

# findmnt /boot/efi
TARGET SOURCE  FSTYPE OPTIONS
/boot/efi  /dev/sdXY  vfat         rw,flush,tz=UTC

Verify that uefi variables support in kernel is working properly by running:

# efivar -l

If efivar lists the uefi variables without any error, then you can proceed. If not, check whether all the conditions in #Requirements for UEFI variable support are met.

Then create the boot entry using efibootmgr as follows:

# efibootmgr -c -d /dev/sdX -p Y -l /EFI/refind/refind_x64.efi -L "rEFInd"
Note: UEFI uses backward slash \ as path separator (similar to Windows paths), but the official efibootmgr pkg support passing unix-style paths with forward-slash / as path-separator for the -l option. Efibootmgr internally converts / to \ before encoding the loader path. The relevant git commit that incorporated this feature in efibootmgr is http://linux.dell.com/cgi-bin/cgit.cgi/efibootmgr.git/commit/?id=f38f4aaad1dfa677918e417c9faa6e3286411378 .

In the above command /boot/efi/EFI/refind/refind_x64.efi translates to /boot/efi and /EFI/refind/refind_x64.efi which in turn translate to drive /dev/sdX -> partition Y -> file /EFI/refind/refind_x64.efi.

The 'label' is the name of the menu entry shown in the UEFI boot menu. This name is user's choice and does not affect the booting of the system. More info can be obtained from efibootmgr GIT README .

FAT32 filesystem is case-insensitive since it does not use UTF-8 encoding by default. In that case the firmware uses capital 'EFI' instead of small 'efi', therefore using \EFI\refind\refindx64.efi or \efi\refind\refind_x64.efi does not matter (this will change if the filesystem encoding is UTF-8).

UEFI Shell

The UEFI Shell is a shell/terminal for the firmware which allows launching uefi applications which include uefi bootloaders. Apart from that, the shell can also be used to obtain various other information about the system or the firmware like memory map (memmap), modifying boot manager variables (bcfg), running partitioning programs (diskpart), loading uefi drivers, editing text files (edit), hexedit etc.

Obtaining UEFI Shell

You can download a BSD licensed UEFI Shell from Intel's Tianocore UDK/EDK2 Sourceforge.net project:

Shell v2 works best in UEFI 2.3+ systems and is recommended over Shell v1 in those systems. Shell v1 should work in all UEFI systems irrespective of the spec. version the firmware follows. More info at ShellPkg and this mail

Launching UEFI Shell

Few Asus and other AMI Aptio x86_64 UEFI firmware based motherboards (from Sandy Bridge onwards) provide an option called "Launch EFI Shell from filesystem device" . For those motherboards, download the x86_64 UEFI Shell and copy it to your EFI System Partition as <EFI_SYSTEM_PARTITION>/shellx64.efi (mostly /boot/efi/shellx64.efi) .

Systems with Phoenix SecureCore Tiano UEFI firmware are known to have embedded UEFI Shell which can be launched using either F6, F11 or F12 key.

Note: If you are unable to launch UEFI Shell from the firmware directly using any of the above mentioned methods, create a FAT32 USB pen drive with Shell.efi copied as (USB)/efi/boot/bootx64.efi. This USB should come up in the firmware boot menu. Launching this option will launch the UEFI Shell for you.

Important UEFI Shell Commands

UEFI Shell commands usually support -b option which makes output pause after each page. Run help -b to list available commands.

More info at http://software.intel.com/en-us/articles/efi-shells-and-scripting/

bcfg

bcfg modifies the UEFI NVRAM entries which allows the user to change the boot entries or driver options. This command is described in detail in page 83 (Section 5.3) of "UEFI Shell Specification 2.0" PDF document.

Note:
  • Try bcfg only if efibootmgr fails to create working boot entries on your system.
  • UEFI Shell v1 official binary does not support bcfg command. You can download a modified UEFI Shell v2 binary which may work in UEFI pre-2.3 firmwares.

To dump a list of current boot entries:

Shell> bcfg boot dump -v

To add a boot menu entry for rEFInd (for example) as 4th (numbering starts from zero) option in the boot menu:

Shell> bcfg boot add 3 fs0:\EFI\refind\refind_x64.efi "rEFInd"

where fs0: is the mapping corresponding to the EFI System Partition and fs0:\EFI\refind\refind_x64.efi is the file to be launched.

To add an entry to boot directly into your system without a bootloader, configure a boot option using your kernel as an EFISTUB:

Shell> bcfg boot add N fsV:\vmlinuz-linux "Arch Linux"
Shell> bcfg boot -opt N "root=/dev/sdX# initrd=\initramfs-linux.img"

where N is the priority, V is the volume number of your EFI partition, and /dev/sdX# is your root partition.

To remove the 4th boot option:

Shell> bcfg boot rm 3

To move the boot option #3 to #0 (i.e. 1st or the default entry in the UEFI Boot menu):

Shell> bcfg boot mv 3 0

For bcfg help text:

Shell> help bcfg -v -b

or:

Shell> bcfg -? -v -b

map

map displays a list of device mappings i.e. the names of available file systems (fs0) and storage devices (blk0).

Before running file system commands such as cd or ls, you need to change the shell to the appropriate file system by typing its name:

  Shell> fs0:
  fs0:\> cd EFI/

edit

edit provides a basic text editor with an interface similar to nano, but slightly less functional. It handles UTF-8 encoding and takes care or LF vs CRLF line endings.

For example, to edit rEFInd's refind.conf in the EFI System Partition (fs0: in the firmware),

Shell> fs0:
FS0:\> cd \EFI\arch\refind
FS0:\EFI\arch\refind\> edit refind.conf

Type Ctrl-E for help.

UEFI Linux Hardware Compatibility

See Unified Extensible Firmware Interface/Hardware for more information.

UEFI Bootable Media

Create UEFI bootable USB from ISO

Follow USB flash installation media#BIOS and UEFI Bootable USB

Remove UEFI boot support from Optical Media

Note: This section mentions removing UEFI boot support from a CD/DVD only (Optical Media), not from a USB flash drive.

Most of the 32-bit EFI Macs and some 64-bit EFI Macs refuse to boot from a UEFI(X64)+BIOS bootable CD/DVD. If one wishes to proceed with the installation using optical media, it might be necessary to remove UEFI support first.

  • Mount the official installation media and obtain the archisolabel as shown in the previous section.
# mount -o loop input.iso /mnt/iso
  • Then rebuild the ISO, excluding the UEFI Optical Media booting support, using xorriso from libisoburn. Be sure to set the correct archisolabel, e.g. "ARCH_201411" or similar:
$ xorriso -as mkisofs -iso-level 3 \
    -full-iso9660-filenames\
    -volid "archisolabel" \
    -appid "Arch Linux CD" \
    -publisher "Arch Linux <https://www.archlinux.org>" \
    -preparer "prepared by $USER" \
    -eltorito-boot isolinux/isolinux.bin \
    -eltorito-catalog isolinux/boot.cat \
    -no-emul-boot -boot-load-size 4 -boot-info-table \
    -isohybrid-mbr "/mnt/iso/isolinux/isohdpfx.bin" \
    -output output.iso /mnt/iso/
  • Burn output.iso to optical media and proceed with installation normally.

Testing UEFI in systems without native support

OVMF for Virtual Machines

OVMF is a tianocore project to enable UEFI support for Virtual Machines. OVMF contains a sample UEFI firmware for QEMU.

You can install ovmf from the extra repository and run it as follows:

$ qemu-system-x86_64 -enable-kvm -net none -m 1024 -drive file=/usr/share/ovmf/ovmf_x64.bin,format=raw,if=pflash,readonly

DUET for BIOS only systems

DUET is a tianocore project that enables chainloading a full UEFI environment from a BIOS system, in a way similar to BIOS OS booting. This method is being discussed extensively in http://www.insanelymac.com/forum/topic/186440-linux-and-windows-uefi-boot-using-tianocore-duet-firmware/. Pre-build DUET images can be downloaded from one of the repos at https://gitorious.org/tianocore_uefi_duet_builds. Specific instructions for setting up DUET is available at https://gitorious.org/tianocore_uefi_duet_builds/tianocore_uefi_duet_installer/blobs/raw/master/Migle_BootDuet_INSTALL.txt.

You can also try http://sourceforge.net/projects/cloverefiboot/ which provides modified DUET images that may contain some system specific fixes and is more frequently updated compared to the gitorious repos.

Troubleshooting

Windows 7 will not boot in UEFI Mode

If you have installed Windows to a different hard disk with GPT partitioning and still have a MBR partitioned hard disk in your computer, then it is possible that the firmware (UEFI) is starting its CSM support (for booting MBR partitions) and therefore Windows will not boot. To solve this merge your MBR hard disk to GPT partitioning or disable the SATA port where the MBR hard disk is plugged in or unplug the SATA connector from this hard disk.

Mainboards with this kind of problem:

  • Gigabyte Z77X-UD3H rev. 1.1 (UEFI version F19e)
    • The firmware option for booting "UEFI Only" does not prevent the firmware from starting CSM.

Windows changes boot order

In some motherboards (confirmed in ASRock Z77 Extreme4), Windows 8 changes the boot order in the NVRAM everytime is booted. This can be fixed making the Windows Boot Manager to load another loader instead of booting Windows. Run this command in a Administrator mode console in Windows:

# bcdedit /set {bootmgr} path \EFI\boot_app_dir\boot_app.efi

USB media gets struck with black screen

  • This issue can occur either due to KMS issue. Try Disabling KMS while booting the USB.
  • If the issue is not due to KMS, then it may be due to bug in EFISTUB booting (see FS#33745 and [3] for more information.). Both Official ISO (Archiso) and Archboot iso use EFISTUB (via Gummiboot Boot Manager for menu) for booting the kernel in UEFI mode. In such a case you have to use GRUB as the USB's UEFI bootloader by following the below section.

Using GRUB

Tango-edit-cut.pngThis section is being considered for removal.Tango-edit-cut.png

Reason: Through bug report this issue should be fixed in kernel 3.16 and after, so this workaround is not needed anymore. (Discuss in Talk:Unified Extensible Firmware Interface#)
Tip: The given configuration entries can also be entered inside a GRUB command-shell.
  • Backup EFI/boot/loader.efi to EFI/boot/gummiboot.efi
  • Create a GRUB standalone image and copy the generate grub*.efi to the USB as EFI/boot/loader.efi, EFI/boot/bootx64.efi and/or EFI/boot/bootia32.efi (useful when running on a 32-bit UEFI)
  • Create EFI/boot/grub.cfg with the following contents (replace ARCH_YYYYMM with the required archiso label e.g. ARCH_201507):
grub.cfg for Official ISO
insmod part_gpt
insmod part_msdos
insmod fat

insmod efi_gop
insmod efi_uga
insmod video_bochs
insmod video_cirrus

insmod font

if loadfont "${prefix}/fonts/unicode.pf2" ; then
    insmod gfxterm
    set gfxmode="1024x768x32;auto"
    terminal_input console
    terminal_output gfxterm
fi

menuentry "Arch Linux archiso x86_64" {
    set gfxpayload=keep
    search --no-floppy --set=root --label ARCH_YYYYMM
    linux /arch/boot/x86_64/vmlinuz archisobasedir=arch archisolabel=ARCH_YYYYMM add_efi_memmap
    initrd /arch/boot/x86_64/archiso.img
}

menuentry "UEFI Shell x86_64 v2" {
    search --no-floppy --set=root --label ARCH_YYYYMM
    chainloader /EFI/shellx64_v2.efi
}
    
menuentry "UEFI Shell x86_64 v1" {
    search --no-floppy --set=root --label ARCH_YYYYMM
    chainloader /EFI/shellx64_v1.efi
}
grub.cfg for Archboot ISO
insmod part_gpt
insmod part_msdos
insmod fat

insmod efi_gop
insmod efi_uga
insmod video_bochs
insmod video_cirrus

insmod font

if loadfont "${prefix}/fonts/unicode.pf2" ; then
    insmod gfxterm
    set gfxmode="1024x768x32;auto"
    terminal_input console
    terminal_output gfxterm
fi

menuentry "Arch Linux x86_64 Archboot" {
    set gfxpayload=keep
    search --no-floppy --set=root --file /boot/vmlinuz_x86_64
    linux /boot/vmlinuz_x86_64 cgroup_disable=memory loglevel=7 add_efi_memmap
    initrd /boot/initramfs_x86_64.img
}

menuentry "UEFI Shell x86_64 v2" {
    search --no-floppy --set=root --file /boot/vmlinuz_x86_64
    chainloader /EFI/tools/shellx64_v2.efi
}
    
menuentry "UEFI Shell x86_64 v1" {
    search --no-floppy --set=root --file /boot/vmlinuz_x86_64
    chainloader /EFI/tools/shellx64_v1.efi
}

UEFI boot loader does not show up in firmware menu

On some UEFI motherboards like boards with an Intel Z77 chipset, adding entries with efibootmgr or bcfg from the EFI Shell will not work because they do not show up on the boot menu list after being added to NVRAM.

This issue is caused because the motherboards can only load Microsoft Windows. To solve this you have to place the .efi file in the location that Windows uses.

Copy the bootx64.efi file from the Arch Linux installation medium (FSO:) to the Microsoft directory your ESP partition on your hard drive (FS1:). Do this by booting into EFI shell and typing:

FS1:
cd EFI
mkdir Microsoft
cd Microsoft
mkdir Boot
cp FS0:\EFI\BOOT\bootx64.efi FS1:\EFI\Microsoft\Boot\bootmgfw.efi

After reboot, any entries added to NVRAM should show up in the boot menu.

See also