From ArchWiki
(Redirected from Gummiboot)

systemd-boot, previously called gummiboot (German for "rubber dinghy"), is an easy-to-configure UEFI boot manager. It provides a textual menu to select the boot entry and an editor for the kernel command line. It is included with systemd.

Note that systemd-boot can only start EFI executables (e.g., the Linux kernel EFISTUB, UEFI shell, GRUB, or the Windows Boot Manager).


Installing the EFI boot manager

To install systemd-boot, first make sure that the system is booted into UEFI mode and UEFI variables are accessible. This can be verified by running efivar --list or, if efivar is not installed, by running ls /sys/firmware/efi/efivars (if the directory exists, the system is booted into UEFI mode.)

Throughout, esp will denote the ESP mountpoint, e.g. /efi or /boot. This assumes that you have chrooted to the system's mount point.

Use bootctl(1) to install systemd-boot to the ESP:

# bootctl install

This will copy the systemd-boot EFI boot manager to the ESP, create a UEFI boot entry for it and set it as the first in the UEFI boot order.

  • On an x64 UEFI, /usr/lib/systemd/boot/efi/systemd-bootx64.efi will be copied to esp/EFI/systemd/systemd-bootx64.efi and esp/EFI/BOOT/BOOTX64.EFI.
  • On an IA32 UEFI, /usr/lib/systemd/boot/efi/systemd-bootia32.efi will be copied to esp/EFI/systemd/systemd-bootia32.efi and esp/EFI/BOOT/BOOTIA32.EFI.

The UEFI boot entry will be called "Linux Boot Manager" and will point to, depending on the UEFI bitness, either \EFI\systemd\systemd-bootx64.efi or \EFI\systemd\systemd-bootia32.efi on the ESP.

  • When running bootctl install, systemd-boot will try to locate the ESP at /efi, /boot, and /boot/efi. Setting esp to a different location requires passing the --esp-path=esp option. (See bootctl(1) § OPTIONS for details.)
  • Installing systemd-boot will overwrite any existing esp/EFI/BOOT/BOOTX64.EFI (or esp/EFI/BOOT/BOOTIA32.EFI on IA32 UEFI), e.g. Microsoft's version of the file.

To conclude the installation, configure systemd-boot.

Installation using XBOOTLDR

A separate /boot partition of type "Linux extended boot" (XBOOTLDR) can be created to keep the kernel and initramfs separate from the ESP. This is particularly helpful to dual boot with Windows with an existing ESP that is too small.

Prepare an ESP as usual and create another partition for XBOOTLDR on the same physical drive. The XBOOTLDR partition must have a partition type GUID of bc13c2ff-59e6-4262-a352-b275fd6f7172 [1]. The size of the XBOOTLDR partition should be large enough to accommodate all of the kernels you are going to install.

  • systemd-boot does not do a file system check like it does for the ESP. Hence, it is possible to use any file system that your UEFI implementation can read.
  • UEFI may skip loading partitions other than the ESP when a "fast boot" mode is enabled. This can lead to systemd-boot failing to find entries on the XBOOTLDR partition; in that case, disable the "fast boot" mode.
  • The XBOOTLDR partition must be on the same physical disk as the ESP for systemd-boot to recognize it.

During install, mount the ESP to /mnt/efi and the XBOOTLDR partition to /mnt/boot.

Once in chroot, use the command:

# bootctl --esp-path=/efi --boot-path=/boot install

To conclude the installation, configure systemd-boot.

Updating the EFI boot manager

Whenever there is a new version of systemd-boot, the EFI boot manager can be optionally reinstalled by the user. This can be done manually or automatically; the two approaches are described thereafter.

Note: The EFI boot manager is a standalone EFI executable and any version can be used to boot the system (partial updates do not apply, since pacman only installs the systemd-boot installer, not systemd-boot itself.) However, new versions may add new features or fix bugs, so it is probably a good idea to update systemd-boot.

Manual update

Use bootctl to update systemd-boot:

# bootctl update
Note: As with bootctl install, systemd-boot will try to locate the ESP at /efi, /boot, and /boot/efi. Setting esp to a different location requires passing the --esp-path=esp option.

Automatic update

To update systemd-boot automatically, either use a systemd service or a pacman hook. The two methods are described below.

systemd service

As of version 250, systemd ships with systemd-boot-update.service. Enabling this service will update the bootloader upon the next boot.

Warning: If you have Secure Boot enabled, you need to sign your bootloader after updating. See #pacman hook below for an example of how to do so.
Tip: bootctl install and bootctl update search .efi.signed files under /usr/lib/systemd/boot/efi/ before .efi files. A .efi.signed bootloader under /usr/lib/systemd/boot/efi/ allows systemd-boot-update.service to update the bootloader without invoking Secure Boot signing tools. (See bootctl(1) § SIGNED .EFI FILES for details.)
pacman hook

The package systemd-boot-pacman-hookAUR adds a pacman hook which is executed every time systemd is upgraded.

Rather than installing systemd-boot-pacman-hook, you may prefer to manually place the following file in /etc/pacman.d/hooks/:

Type = Package
Operation = Upgrade
Target = systemd

Description = Gracefully upgrading systemd-boot...
When = PostTransaction
Exec = /usr/bin/systemctl restart systemd-boot-update.service

If you have Secure Boot enabled, you may want to add a pacman hook to automatically sign the boot manager upon every upgrade of the package:

Operation = Install
Operation = Upgrade
Type = Path
Target = usr/lib/systemd/boot/efi/systemd-boot*.efi

Description = Signing systemd-boot EFI binary for Secure Boot
When = PostTransaction
Exec = /bin/sh -c 'while read -r i; do sbsign --key /path/to/keyfile.key --cert /path/to/certificate.crt "$i"; done;'
Depends = sh
Depends = sbsigntools

Replace /path/to/keyfile.key and /path/to/certificate.crt with your signing key and certificate respectively. For better understanding of this hook, consult sbsign(1).

Tip: If you are using sbctl then resigning of the files enrolled in its database is automatically done through the hook provided at /usr/share/libalpm/hooks/zz-sbctl.hook. Remember to enroll the files necessary to your bootchain first.


Loader configuration

The loader configuration is stored in the file esp/loader/loader.conf. See loader.conf(5) § OPTIONS for details.

A loader configuration example is provided below:

default  arch.conf
timeout  4
console-mode max
editor   no
  • systemd-boot does not accept tabs for indentation, use spaces instead.
  • default and timeout can be changed in the boot menu itself and changes will be stored as EFI variables LoaderEntryDefault and LoaderConfigTimeout, overriding these options.
  • bootctl set-default "" and bootctl set-timeout "" can be used to clear the EFI variables overriding the default and timeout options, respectively.
  • If you have set timeout 0, the boot menu can be accessed by pressing Space.
  • A basic loader configuration file is located at /usr/share/systemd/bootctl/loader.conf.
  • If the bootloader (during the entry selection) appears distorted/uses the wrong resolution you can try to set the console-mode to auto (uses heuristics to select the best resolution), keep (keeps the firmware provided resolution) or 2 (tries to select the first non-UEFI-standard resolution).

Adding loaders

systemd-boot will search for boot menu items in esp/loader/entries/*.conf and additionally in boot/loader/entries/*.conf if using XBOOTLDR. Note that entries in esp can only use files (e.g. kernels, initramfs, images, etc.) in esp. Similarly, entries in boot can only use files in boot.

The possible options are:

  • title – operating system name. Required.
  • version – kernel version, shown only when multiple entries with same title exist. Optional.
  • machine-id – machine identifier from /etc/machine-id, shown only when multiple entries with same title and version exist. Optional.
  • efi – EFI program to start, relative to your ESP (esp); e.g. /vmlinuz-linux. Either this parameter or linux (see below) is required.
  • options – space-separated command line options to pass to the EFI program or kernel parameters. Optional, but you will need at least root=dev rw if booting Linux where dev is a block device specifier for the root (/) volume. See persistent block device naming for more information. This parameter can be omitted if the root partition is assigned the correct Root Partition Type GUID as defined in Discoverable Partitions Specification and if the systemd mkinitcpio hook is present.

For Linux boot, you can also use linux instead of efi. Or initrd in addition to options. The syntax is:

  • linux or initrd followed by the relative path of the corresponding files in the ESP; e.g. /vmlinuz-linux; this will be automatically translated into efi path and options initrd=path – this syntax is only supported for convenience and has no differences in function.
Note: If options is present in a boot entry and Secure Boot is disabled, the value of options will override any .cmdline string embedded in a UKI that is specified by efi or linux (see Unified kernel image#Preparing a unified kernel image). With Secure Boot, however, options (and any edits made to the kernel command line in the bootloader UI) will be ignored, and only the embedded .cmdline will be used.

An example of loader files launching Arch from a volume labeled Arch OS and loading Intel CPU microcode is:

title   Arch Linux
linux   /vmlinuz-linux
initrd  /intel-ucode.img
initrd  /initramfs-linux.img
options root="LABEL=Arch OS" rw
title   Arch Linux (fallback initramfs)
linux   /vmlinuz-linux
initrd  /intel-ucode.img
initrd  /initramfs-linux-fallback.img
options root="LABEL=Arch OS" rw

systemd-boot will automatically check at boot time for Windows Boot Manager at the location /EFI/Microsoft/Boot/Bootmgfw.efi, UEFI shell /shellx64.efi and EFI Default Loader /EFI/BOOT/bootx64.efi, as well as specially prepared kernel files found in /EFI/Linux/. When detected, corresponding entries with titles auto-windows, auto-efi-shell and auto-efi-default, respectively, will be generated. These entries do not require manual loader configuration. However, it does not auto-detect other EFI applications (unlike rEFInd), so for booting the Linux kernel, manual configuration entries must be created.

  • The available boot entries which have been configured can be listed with the command bootctl list.
  • An example entry file is located at /usr/share/systemd/bootctl/arch.conf.
  • The kernel parameters for scenarios such as LVM, LUKS, dm-crypt or Btrfs can be found on the relevant pages.

EFI Shells or other EFI applications

In case you installed an EFI shell with the package edk2-shell, systemd-boot will auto-detect and create a new entry if the EFI file is placed in esp/shellx64.efi. To perform this and example command after installing the package would be:

# cp /usr/share/edk2-shell/x64/Shell.efi /boot/shellx64.efi

Otherwise in case you installed other EFI applications into the ESP, you can use the following snippets.

Note: The file path parameter for the efi line is relative to your esp mount point. If you are mounted on /boot and your EFI binaries reside at /boot/EFI/xx.efi and /boot/yy.efi, then you would specify the parameters as efi /EFI/xx.efi and efi /yy.efi respectively.
title  Firmware updator
efi     /EFI/tools/fwupdx64.efi
title  GPT fdisk (gdisk)
efi     /EFI/tools/gdisk_x64.efi

Boot from another disk

systemd-boot cannot launch binaries from partitions other than the ESP or the XBOOTLDR partition, but it can run an external script to do so.

First we need to install edk2-shell (will be the interpreter to be used). We also need the PARTUUID of the partition where the destination EFI file is located which can be obtained by using the blkid command. Using the EFI shell (as explained above) we can use the map command to take notes of the FS alias (ex: HD0a66666a2) and the full path of the destination EFI file (ex: EFI\Microsoft\Boot\Bootmgfw.efi). The FS alias corresponds to the PARTUUID of the partition where the destination EFI file is located.

Then using the exit command we can boot back into Linux where we can create the new entry. To do so we need to first create in the root of the esp mount point a .nsh filename with the FS alias, a colon and the EFI path, here an example:


Once we created this file we can proceed to create the loader entry to run the script:

title  Windows
efi     /shellx64.efi
options -nointerrupt -noconsolein -noconsoleout windows.nsh

Its important that the efi path matches where the edk2-shell has been copied in the esp partition, and the last argument of options matches the .nsh filename in the root of the esp partition. Also note that the edk2-shell EFI file can be moved to avoid the entry auto-creation of systemd-boot.

Booting into EFI Firmware Setup

systemd-boot will automatically add an entry to boot into UEFI Firmware Setup if your device's firmware supports rebooting into setup from the OS.

Support hibernation

See Suspend and hibernate.

Kernel parameters editor with password protection

Alternatively you can install systemd-boot-passwordAUR which supports password basic configuration option. Use sbpctl generate to generate a value for this option.

Install systemd-boot-password with the following command:

# sbpctl install esp

With enabled editor you will be prompted for your password before you can edit kernel parameters.

Tips and tricks

Keys inside the boot menu

You can use t and T while in the menu to adjust the menu timeout and e to edit the kernel parameters for this boot. Press h to see a short list of useful hotkeys. See systemd-boot(7) § KEY BINDINGS for the full list of available key bindings inside the boot menu.

Choosing next boot

The boot manager is integrated with the systemctl command, allowing you to choose what option you want to boot after a reboot. For example, suppose you have built a custom kernel and created an entry file esp/loader/entries/arch-custom.conf to boot into it, you can just launch

$ systemctl reboot --boot-loader-entry=arch-custom.conf

and your system will reboot into that entry maintaining the default option intact for subsequent boots. To see a list of possible entries pass the --boot-loader-entry=help option.

If you want to boot into the firmware of your motherboard directly, then you can use this command:

$ systemctl reboot --firmware-setup

Unified kernel images

Unified kernel images in esp/EFI/Linux/ are automatically sourced by systemd-boot, and do not need an entry in esp/loader/entries. (Note that unified kernel images must have a .efi extension to be identified by systemd-boot.)

Tip: Files in esp/loader/entries/ will be booted first if no default is set in esp/loader/loader.conf. Remove those entries, or set the default with the full file name, i.e. default arch-linux.efi

Grml on ESP

Note: The following instructions are not exclusive to Grml. With slight adjustments, installing other software (e.g., SystemRescueCD) is possible.
Tip: A PKGBUILD is available: grml-systemd-bootAUR.

Grml is a small live system with a collection of software for system administration and rescue.

In order to install Grml on the ESP, we only need to copy the kernel vmlinuz, the initramfs initrd.img, and the squashed image grml64-small.squashfs from the iso file to the ESP. To do so, first download grml64-small.iso and mount the file (the mountpoint is henceforth denoted mnt); the kernel and initramfs are located in mnt/boot/grml64small/, and the squashed image resides in mnt/live/grml64-small/.

Next, create a directory for Grml in your ESP,

# mkdir -p esp/grml

and copy the above-mentioned files in there:

# cp mnt/boot/grml64small/vmlinuz esp/grml
# cp mnt/boot/grml64small/initrd.img esp/grml
# cp mnt/live/grml64-small/grml64-small.squashfs esp/grml

In the last step, create an entry for the systemd-boot loader: In esp/loader/entries create a grml.conf file with the following content:

title   Grml Live Linux
linux   /grml/vmlinuz
initrd  /grml/initrd.img
options apm=power-off boot=live live-media-path=/grml/ nomce net.ifnames=0

For an overview of the available boot options, consult the cheatcode for Grml.

systemd-boot on BIOS systems

If you need a bootloader for BIOS systems that follows The Boot Loader Specification, then systemd-boot can be pressed into service on BIOS systems. The Clover boot loader supports booting from BIOS systems and provides a simulated EFI environment.


Installing after booting in BIOS mode

Note: This is not recommended.

If booted in BIOS mode, you can still install systemd-boot, however this process requires you to tell firmware to launch systemd-boot's EFI file at boot, usually via two ways:

  • you have a working EFI Shell somewhere else.
  • your firmware interface provides a way of properly setting the EFI file that needs to be loaded at boot time.

If you can do it, the installation is easier: go into your EFI Shell or your firmware configuration interface and change your machine's default EFI file to esp/EFI/systemd/systemd-bootx64.efi.

Note: The firmware interface of Dell Latitude series provides everything you need to setup EFI boot but the EFI Shell will not be able to write to the computer's ROM.

Manual entry using efibootmgr

If the bootctl install command failed, you can create a EFI boot entry manually using efibootmgr:

# efibootmgr --create --disk /dev/sdX --part Y --loader "\EFI\systemd\systemd-bootx64.efi" --label "Linux Boot Manager" --unicode

where /dev/sdXY is the EFI system partition.

Note: The path to the EFI binary must use the backslash (\) as the separator

Manual entry using bcdedit from Windows

If for any reason you need to create an EFI boot entry from Windows, you can use the following commands from an Administrator prompt:

> bcdedit /copy {bootmgr} /d "Linux Boot Manager"
> bcdedit /set {guid} path \EFI\systemd\systemd-bootx64.efi

Replace guid with the id returned by the first command. You can also set it as the default entry using

> bcdedit /default {guid}

Menu does not appear after Windows upgrade

See UEFI#Windows changes boot order.

Add support for Windows BitLocker TPM unlocking

To stop BitLocker from requesting the recovery key, add the following to loader.conf:

reboot-for-bitlocker yes

This will set the BootNext UEFI variable, whereby Windows Boot Manager is loaded without BitLocker requiring the recovery key. This is a one-time change, and systemd-boot remains the default bootloader. There is no need to specify Windows as an entry if it was autodetected.

This is an experimental feature, so make sure to consult loader.conf(5).

See also