From ArchWiki
(Redirected from Gummiboot)
Jump to navigation Jump to search

systemd-boot, previously called gummiboot (German for: 'rubber dinghy'), is a simple UEFI boot manager which executes configured EFI images. The default entry is selected by a configured pattern (glob) or an on-screen menu to be navigated via arrow-keys. It is included with systemd, which is installed on an Arch system by default.

It is simple to configure but it can only start EFI executables such as the Linux kernel EFISTUB, UEFI shell, GRUB, or the Windows Boot Manager.


Installing the EFI boot manager

To install the systemd-boot EFI boot manager, first make sure the system has booted in UEFI mode and that UEFI variables are accessible. This can be checked by running the command efivar --list or, if efivar is not installed, by doing ls /sys/firmware/efi/efivars (if the directory exists, the system is booted in UEFI mode).

esp will be used throughout this page to denote the ESP mountpoint, e.g. /boot or /efi. This assumes that you have chrooted to your system's mount point.

With the ESP mounted to esp, use bootctl to install systemd-boot into the EFI system partition by running:

# bootctl install

This will copy the systemd-boot boot loader to the EFI partition: on a x64 architecture system /usr/lib/systemd/boot/efi/systemd-bootx64.efi will be copied to esp/EFI/systemd/systemd-bootx64.efi and esp/EFI/BOOT/BOOTX64.EFI. It will then set systemd-boot as the default EFI application (default boot entry) loaded by the EFI Boot Manager.

Note: Installing systemd-boot will overwrite any existing /EFI/BOOT/BOOTX64.EFI, for example Microsoft's version of this file.

Show information about the system firmware, current boot loader, boot loaders listed in EFI variables, etc:

$ bootctl status

To conclude the installation, configure systemd-boot.

Installation using XBOOTLDR

A separate boot partition of type "Linux extended boot" can be created to keep the kernel and initramfs separate from the esp partition. XBOOTLDR [1] must have a partition type GUID of bc13c2ff-59e6-4262-a352-b275fd6f7172.

This is particularly helpful to dual boot with Windows with an existing EFI system partition that is too small. Otherwise create an esp partition as normal plus another for boot on the same physical drive. The size of boot should be enough to accommodate all of the kernels you are going to install.

  • systemd-boot does not do a file system check like it does for the ESP. Hence, it is possible to use other file systems but only if your UEFI implementation can read it during boot.
  • A UEFI firmware may skip loading partitions other than the ESP when a "fast boot" mode is enabled. This can lead to "systemd-boot" failing to find entries on the XBOOTLDR partition. You may have to disable "fast boot" for XBOOTLDR to work.
  • The XBOOTLDR partition needs to be on the same physical disk as the ESP for systemd-boot to recognize it.

During install mount esp to /mnt/efi and boot to /mnt/boot.

Once in chroot use the command:

# bootctl --esp-path=/efi --boot-path=/boot install

To conclude the installation, configure systemd-boot.

Updating the EFI boot manager

Whenever there is a new version of systemd-boot, the boot manager can be optionally reinstalled by the user. This can be performed manually, or the update can be automatically triggered using pacman hooks. The two approaches are described thereafter.

Note: The boot manager is a standalone EFI executable and any version can be used to boot the system (partial updates do not apply, since pacman only installs the systemd-boot installer, not systemd-boot itself). However, new versions may add new features or fix bugs, so it is probably a good idea to update it anyway.

Manual update

Use bootctl to update systemd-boot:

# bootctl update

If the location of the ESP is non-standard (i.e., it is not /efi, /boot, or /boot/efi), you need to explicitly provide it using the --esp-path parameter.

Automatic update

The package systemd-boot-pacman-hookAUR provides a Pacman hook to automate the update process. Installing the package will add a hook which will be executed every time the systemd package is upgraded. Alternatively, to replicate what the systemd-boot-pacman-hook package does without installing it, place the following pacman hook in the /etc/pacman.d/hooks/ directory:

Type = Package
Operation = Upgrade
Target = systemd

Description = Updating systemd-boot
When = PostTransaction
Exec = /usr/bin/bootctl update

If you have Secure Boot enabled, you may want to install a pacman hook to automatically re-sign the kernel and systemd-boot when the former is updated.

Operation = Install
Operation = Upgrade
Type = Package
Target = linux
Target = systemd

Description = Signing Kernel for SecureBoot
When = PostTransaction
Exec = /usr/bin/find /boot -type f ( -name vmlinuz-* -o -name systemd* ) -exec /usr/bin/sh -c 'if ! /usr/bin/sbverify --list {} 2>/dev/null | /usr/bin/grep -q "signature certificates"; then /usr/bin/sbsign --key db.key --cert db.crt --output "$1" "$1"; fi' _ {} ;
Depends = sbsigntools
Depends = findutils
Depends = grep

The Target needs to be duplicated each time you want to add a new package. With respect to the find statement, since we had a condition with the filenames and ALPM hooks are being split on spaces, we had to surround the whole statement by quotes in order for the hook to be parsed properly. Since systemd-boot is located in sub-directories, the depth needed to be adjusted as well so that we removed the -maxdepth argument. In order to avoid hassle, if you are unsure, try to reinstall the package you want to test to see if the hook and signing part are processed successfully. See Pacman#Hooks or alpm-hooks(5) for more information.


Loader configuration

The loader configuration is stored in the file esp/loader/loader.conf. See loader.conf(5) § OPTIONS for details.

A loader configuration example is provided below:

default  arch.conf
timeout  4
console-mode max
editor   no
  • systemd-boot does not accept tabs for indentation, use spaces instead.
  • default and timeout can be changed in the boot menu itself and changes will be stored as EFI variables LoaderEntryDefault and LoaderConfigTimeout, overriding these options.
  • bootctl set-default "" can be used to clear the EFI variable overriding the default option.
  • A basic loader configuration file is located at /usr/share/systemd/bootctl/loader.conf.

Adding loaders

systemd-boot will search for boot menu items in esp/loader/entries/*.conf and additionally in boot/loader/entries/*.conf if using XBOOTLDR. Note that entries in esp can only use files (e.g. kernels, initramfs, images, etc.) in esp. Similarly, entries in boot can only use files in boot.

Tango-edit-cut.pngThis section is being considered for removal.Tango-edit-cut.png

The possible options are:

  • title – operating system name. Required.
  • version – kernel version, shown only when multiple entries with same title exist. Optional.
  • machine-id – machine identifier from /etc/machine-id, shown only when multiple entries with same title and version exist. Optional.
  • efi – EFI program to start, relative to your ESP (esp); e.g. /vmlinuz-linux. Either this parameter or linux (see below) is required.
  • options – space-separated command line options to pass to the EFI program or kernel parameters. Optional, but you will need at least root=dev if booting Linux. This parameter can be omitted if the root partition is assigned the correct Root Partition Type GUID as defined in Discoverable Partitions Specification and if the systemd mkinitcpio hook is present.

For Linux boot, you can also use linux instead of efi. Or initrd in addition to options. The syntax is:

  • linux and initrd followed by the relative path of the corresponding files in the ESP; e.g. /vmlinuz-linux; this will be automatically translated into efi path and options initrd=path – this syntax is only supported for convenience and has no differences in function.
Note: If options is present in a boot entry and Secure Boot is disabled, the value of options will override any .cmdline string embedded in the EFI image that is specified by efi or linux (see #Preparing a unified kernel image). With Secure Boot, however, options (and any edits made to the kernel command line in the bootloader UI) will be ignored, and only the embedded .cmdline will be used.

An example of loader files launching Arch from a volume labeled arch_os and loading Intel CPU microcode is:

title   Arch Linux
linux   /vmlinuz-linux
initrd  /intel-ucode.img
initrd  /initramfs-linux.img
options root="LABEL=arch_os" rw
title   Arch Linux (fallback initramfs)
linux   /vmlinuz-linux
initrd  /intel-ucode.img
initrd  /initramfs-linux-fallback.img
options root="LABEL=arch_os" rw

systemd-boot will automatically check at boot time for Windows Boot Manager at the location /EFI/Microsoft/Boot/Bootmgfw.efi, UEFI shell /shellx64.efi and EFI Default Loader /EFI/BOOT/bootx64.efi, as well as specially prepared kernel files found in /EFI/Linux/. When detected, corresponding entries with titles auto-windows, auto-efi-shell and auto-efi-default, respectively, will be generated. These entries do not require manual loader configuration. However, it does not auto-detect other EFI applications (unlike rEFInd), so for booting the Linux kernel, manual configuration entries must be created.

  • The available boot entries which have been configured can be listed with the command bootctl list.
  • An example entry file is located at /usr/share/systemd/bootctl/arch.conf.
  • The kernel parameters for scenarios such as LVM, LUKS or dm-crypt can be found on the relevant pages.

EFI Shells or other EFI applications

In case you installed EFI shells and other EFI application into the ESP, you can use the following snippets.

Note: The file path parameter for the efi line is relative to your esp mount point. If you are mounted on /boot and your EFI binaries reside at /boot/EFI/xx.efi and /boot/yy.efi, then you would specify the parameters as efi /EFI/xx.efi and efi /yy.efi respectively.
title  Firmware updator
efi     /EFI/fwupx64.efi
title  GPT fdisk (gdisk)
efi     /EFI/tools/gdisk_x64.efi

Booting into EFI Firmware Setup

Most system firmware configured for EFI booting will add its own efibootmgr entries to boot into UEFI Firmware Setup.

Support hibernation

See Suspend and hibernate.

Kernel parameters editor with password protection

Alternatively you can install systemd-boot-passwordAUR which supports password basic configuration option. Use sbpctl generate to generate a value for this option.

Install systemd-boot-password with the following command:

# sbpctl install esp

With enabled editor you will be prompted for your password before you can edit kernel parameters.

Tips and tricks

Keys inside the boot menu

See systemd-boot(7) § KEY BINDINGS for the available key bindings inside the boot menu.

Choosing next boot

The boot manager is integrated with the systemctl command, allowing you to choose what option you want to boot after a reboot. For example, suppose you have built a custom kernel and created an entry file esp/loader/entries/arch-custom.conf to boot into it, you can just launch

$ systemctl reboot --boot-loader-entry=arch-custom.conf

and your system will reboot into that entry maintaining the default option intact for subsequent boots. To see a list of possible entries pass the --boot-loader-entry=help option.

If you want to boot into the firmware of your motherboard directly, then you can use this command:

$ systemctl reboot --firmware-setup

Unified kernel images

Unified kernel images in esp/EFI/Linux/ are automatically sourced by systemd-boot, and do not need an entry in /boot/loader/entries.

Tip: Files in /boot/loader/entries will be booted first if no default is set in /boot/loader/loader.conf. Remove those entries, or set the default with the full file name, ie default=archlinux-linux.efi

Grml on ESP

Note: The following instructions are not exclusive to Grml. With slight adjustments, installing other software (e.g., SystemRescueCD) is possible.
Tip: A PKGBUILD is available: grml-systemd-bootAUR.

Grml is a small live system with a collection of software for system administration and rescue.

In order to install Grml on the ESP, we only need to copy the kernel vmlinuz, the initramfs initrd.img, and the squashed image grml64-small.squashfs from the iso file to the ESP. To do so, first download grml64-small.iso and mount the file (the mountpoint is henceforth denoted mnt); the kernel and initramfs are located in mnt/boot/grml64small/, and the squashed image resides in mnt/live/grml64-small/.

Next, create a directory for Grml in your ESP,

# mkdir -p esp/grml

and copy the above-mentioned files in there:

# cp mnt/boot/grml64small/vmlinuz esp/grml
# cp mnt/boot/grml64small/initrd.img esp/grml
# cp mnt/live/grml64-small/grml64-small.squashfs esp/grml

In the last step, create an entry for the systemd-boot loader: In esp/loader/entries create a grml.conf file with the following content:

title   Grml Live Linux
linux   /grml/vmlinuz
initrd  /grml/initrd.img
options apm=power-off boot=live live-media-path=/grml/ nomce net.ifnames=0

For an overview of the available boot options, consult the cheatcode for Grml.

systemd-boot on BIOS systems

If you need a bootloader for BIOS systems that follows The Boot Loader Specification, then systemd-boot can be pressed into service on BIOS systems. The Clover boot loader supports booting from BIOS systems and provides a simulated EFI environment.


Installing after booting in BIOS mode

Note: This is not recommended.

If booted in BIOS mode, you can still install systemd-boot, however this process requires you to tell firmware to launch systemd-boot's EFI file at boot, usually via two ways:

  • you have a working EFI Shell somewhere else.
  • your firmware interface provides a way of properly setting the EFI file that needs to be loaded at boot time.

If you can do it, the installation is easier: go into your EFI Shell or your firmware configuration interface and change your machine's default EFI file to esp/EFI/systemd/systemd-bootx64.efi.

Note: The firmware interface of Dell Latitude series provides everything you need to setup EFI boot but the EFI Shell will not be able to write to the computer's ROM.

Manual entry using efibootmgr

If the bootctl install command failed, you can create a EFI boot entry manually using efibootmgr:

# efibootmgr --create --disk /dev/sdX --part Y --loader "\EFI\systemd\systemd-bootx64.efi" --label "Linux Boot Manager" --verbose

where /dev/sdXY is the EFI system partition.

Note: The path to the EFI image must use the backslash (\) as the separator

Manual entry using bcdedit from Windows

If for any reason you need to create an EFI boot entry from Windows, you can use the following commands from an Administrator prompt:

> bcdedit /copy {bootmgr} /d "Linux Boot Manager"
> bcdedit /set {guid} path \EFI\systemd\systemd-bootx64.efi

Replace guid with the id returned by the first command. You can also set it as the default entry using

> bcdedit /default {guid}

Menu does not appear after Windows upgrade

See UEFI#Windows changes boot order.

See also