diff options
Diffstat (limited to '')
-rw-r--r-- | man/bootctl.xml | 537 |
1 files changed, 537 insertions, 0 deletions
diff --git a/man/bootctl.xml b/man/bootctl.xml new file mode 100644 index 0000000..dfc56d6 --- /dev/null +++ b/man/bootctl.xml @@ -0,0 +1,537 @@ +<?xml version='1.0'?> <!--*-nxml-*--> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> +<!-- SPDX-License-Identifier: LGPL-2.1-or-later --> + +<refentry id="bootctl" conditional='HAVE_GNU_EFI' + xmlns:xi="http://www.w3.org/2001/XInclude"> + <refentryinfo> + <title>bootctl</title> + <productname>systemd</productname> + </refentryinfo> + + <refmeta> + <refentrytitle>bootctl</refentrytitle> + <manvolnum>1</manvolnum> + </refmeta> + + <refnamediv> + <refname>bootctl</refname> + <refpurpose>Control EFI firmware boot settings and manage boot loader</refpurpose> + </refnamediv> + + <refsynopsisdiv> + <cmdsynopsis> + <command>bootctl</command> + <arg choice="opt" rep="repeat">OPTIONS</arg> + <arg choice="req">COMMAND</arg> + </cmdsynopsis> + </refsynopsisdiv> + + <refsect1> + <title>Description</title> + + <para><command>bootctl</command> can check the EFI firmware and boot loader status, list and manage + available boot loaders and boot loader entries, and install, update, or remove the + <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry> boot + loader on the current system.</para> + </refsect1> + + <refsect1> + <title>Generic EFI Firmware/Boot Loader Commands</title> + + <para>These commands are available on any EFI system, regardless of the boot loader used.</para> + + <variablelist> + <varlistentry> + <term><option>status</option></term> + + <listitem><para>Shows brief information about the system firmware, the boot loader that was used to + boot the system, the boot loaders currently available in the ESP, the boot loaders listed in the + firmware's list of boot loaders and the current default boot loader entry. If no command is + specified, this is the implied default.</para> + + <para>See the example below for details of the output.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>reboot-to-firmware</option> <optional><replaceable>BOOL</replaceable></optional></term> + + <listitem><para>Query or set the "Reboot-Into-Firmware-Setup" flag of the EFI firmware. Takes a + boolean argument which controls whether to show the firmware setup on next system reboot. If the + argument is omitted shows the current status of the flag, or whether the flag is supported. This + controls the same flag as <command>systemctl reboot --firmware-setup</command>, but is more low-level + and allows setting the flag independently from actually requesting a reboot.</para> + + <para>Hint: use <command>systemctl reboot --firmware-setup</command> to reboot into firmware setup + once. See + <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> + for details.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>systemd-efi-options</option> <optional><replaceable>STRING</replaceable></optional></term> + + <listitem><para>When called without the optional argument, prints the current value of the + <literal>SystemdOptions</literal> EFI variable. When called with an argument, sets the variable to + that value. See + <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for the + meaning of that variable.</para></listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1> + <title>Boot Loader Specification Commands</title> + + <para>These commands are available for all boot loaders that implement the <ulink + url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink> and/or the <ulink + url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>, such as + <command>systemd-boot</command>.</para> + + <variablelist> + <varlistentry> + <term><option>list</option></term> + + <listitem><para>Shows all available boot loader entries implementing the <ulink + url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink>, as well as any + other entries discovered or automatically generated by a boot loader implementing the <ulink + url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>. + JSON output may be requested with <option>--json=</option>.</para> + + <para>See the example below for details of the output.</para> + </listitem> + </varlistentry> + + <varlistentry> + <term><option>set-default</option> <replaceable>ID</replaceable></term> + <term><option>set-oneshot</option> <replaceable>ID</replaceable></term> + + <listitem><para>Sets the default boot loader entry. Takes a single boot loader entry ID string or a glob + pattern as argument. The <option>set-oneshot</option> command will set the default entry only for the next boot, + the <option>set-default</option> will set it persistently for all future boots.</para> + + <para><command>bootctl list</command> can be used to list available boot loader entries and their + IDs.</para> + + <para>In addition, the boot loader entry ID may be specified as one of: <option>@default</option>, + <option>@oneshot</option> or <option>@current</option>, which correspond to the current default boot loader + entry for all future boots, the current default boot loader entry for the next boot, and the currently booted + boot loader entry. These special IDs are resolved to the current values of the EFI variables + <varname>LoaderEntryDefault</varname>, <varname>LoaderEntryOneShot</varname> and <varname>LoaderEntrySelected</varname>, + see <ulink url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink> for details. + These special IDs are primarily useful as a quick way to persistently make the currently booted boot loader + entry the default choice, or to upgrade the default boot loader entry for the next boot to the default boot + loader entry for all future boots, but may be used for other operations too.</para> + + <para>If set to <option>@saved</option> the chosen entry will be saved as an EFI variable + on every boot and automatically selected the next time the boot loader starts.</para> + + <para>When an empty string ("") is specified as the ID, then the corresponding EFI variable will be + unset.</para> + + <para>Hint: use <command>systemctl reboot --boot-loader-entry=<replaceable>ID</replaceable></command> + to reboot into a specific boot entry and + <command>systemctl reboot --boot-loader-menu=<replaceable>timeout</replaceable></command> + to reboot into the boot loader menu once. See + <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> + for details.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>set-timeout</option> <replaceable>TIMEOUT</replaceable></term> + <term><option>set-timeout-oneshot</option> <replaceable>TIMEOUT</replaceable></term> + + <listitem><para>Sets the boot loader menu timeout in seconds. The <option>set-timeout-oneshot</option> + command will set the timeout only for the next boot. See + <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry> + for details about the syntax of time spans.</para> + + <para>If this is set to <option>menu-hidden</option> or <option>0</option> no menu is shown and + the default entry will be booted immediately, while setting this to <option>menu-force</option> + disables the timeout while always showing the menu. When an empty string ("") is specified the + bootloader will revert to its default menu timeout.</para></listitem> + </varlistentry> + </variablelist> + </refsect1> + + <refsect1> + <title><command>systemd-boot</command> Commands</title> + + <para>These commands manage the <command>systemd-boot</command> EFI boot loader, and do not work in + conjunction with other boot loaders.</para> + + <variablelist> + <varlistentry> + <term><option>install</option></term> + + <listitem><para>Installs <command>systemd-boot</command> into the EFI system partition. A copy of + <command>systemd-boot</command> will be stored as the EFI default/fallback loader at + <filename><replaceable>ESP</replaceable>/EFI/BOOT/BOOT*.EFI</filename>. The boot loader is then added + to the top of the firmware's boot loader list.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>update</option></term> + + <listitem><para>Updates all installed versions of + <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>, if the + available version is newer than the version installed in the EFI system partition. This also includes the EFI + default/fallback loader at <filename><replaceable>ESP</replaceable>/EFI/BOOT/BOOT*.EFI</filename>. The boot + loader is then added to end of the firmware's boot loader list if missing.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>remove</option></term> + + <listitem><para>Removes all installed versions of <command>systemd-boot</command> from the EFI system partition + and the firmware's boot loader list.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>is-installed</option></term> + + <listitem><para>Checks whether <command>systemd-boot</command> is installed in the ESP. Note that a + single ESP might host multiple boot loaders; this hence checks whether + <command>systemd-boot</command> is one (of possibly many) installed boot loaders — and neither + whether it is the default nor whether it is registered in any EFI variables.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>random-seed</option></term> + + <listitem><para>Generates a random seed and stores it in the EFI System Partition, for use by the + <command>systemd-boot</command> boot loader. Also, generates a random 'system token' and stores it + persistently as an EFI variable, if one has not been set before. If the boot loader finds the random + seed in the ESP and the system token in the EFI variable it will derive a random seed to pass to the + OS and a new seed to store in the ESP from the combination of both. The random seed passed to the OS + is credited to the kernel's entropy pool by the system manager during early boot, and permits + userspace to boot up with an entropy pool fully initialized very early on. Also see + <citerefentry><refentrytitle>systemd-boot-system-token.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para> + + <para>See <ulink url="https://systemd.io/RANDOM_SEEDS">Random Seeds</ulink> for further + information.</para></listitem> + </varlistentry> + + </variablelist> + </refsect1> + + <refsect1> + <title>Options</title> + <para>The following options are understood:</para> + + <variablelist> + <varlistentry> + <term><option>--esp-path=</option></term> + <listitem><para>Path to the EFI System Partition (ESP). If not specified, <filename>/efi/</filename>, + <filename>/boot/</filename>, and <filename>/boot/efi/</filename> are checked in turn. It is + recommended to mount the ESP to <filename>/efi/</filename>, if possible.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--boot-path=</option></term> + <listitem><para>Path to the Extended Boot Loader partition, as defined in the <ulink + url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink>. If not + specified, <filename>/boot/</filename> is checked. It is recommended to mount the Extended Boot + Loader partition to <filename>/boot/</filename>, if possible.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--root=<replaceable>root</replaceable></option></term> + <listitem><para>Takes a directory path as an argument. All + paths will be prefixed with the given alternate + <replaceable>root</replaceable> path, including config search + paths. </para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--image=<replaceable>image</replaceable></option></term> + + <listitem><para>Takes a path to a disk image file or block device node. If specified, all operations + are applied to file system in the indicated disk image. This option is similar to + <option>--root=</option>, but operates on file systems stored in disk images or block devices. The + disk image should either contain just a file system or a set of file systems within a GPT partition + table, following the <ulink url="https://systemd.io/DISCOVERABLE_PARTITIONS">Discoverable Partitions + Specification</ulink>. For further information on supported disk images, see + <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s + switch of the same name.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--install-source=</option></term> + <listitem><para>When installing binaries with <option>--root=</option> or + <option>--image=</option>, selects where to source them from. Takes one of <literal>auto</literal> + (the default), <literal>image</literal> or <literal>host</literal>. With <literal>auto</literal> + binaries will be picked from the specified directory or image, and if not found they will be picked + from the host. With <literal>image</literal> or <literal>host</literal> no fallback search will be + performed if the binaries are not found in the selected source.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>-p</option></term> + <term><option>--print-esp-path</option></term> + <listitem><para>This option modifies the behaviour of <command>status</command>. Only prints the path + to the EFI System Partition (ESP) to standard output and exits.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>-x</option></term> + <term><option>--print-boot-path</option></term> + <listitem><para>This option modifies the behaviour of <command>status</command>. Only prints the path + to the Extended Boot Loader partition if it exists, and the path to the ESP otherwise to standard + output and exit. This command is useful to determine where to place boot loader entries, as they are + preferably placed in the Extended Boot Loader partition if it exists and in the ESP otherwise.</para> + + <para>Boot Loader Specification Type #1 entries should generally be placed in the directory + <literal>$(bootctl -x)/loader/entries/</literal>. Existence of that directory may also be used as + indication that boot loader entry support is available on the system. Similarly, Boot Loader + Specification Type #2 entries should be placed in the directory <literal>$(bootctl + -x)/EFI/Linux/</literal>.</para> + + <para>Note that this option (similarly to the <option>--print-booth-path</option> option mentioned + above), is available independently from the boot loader used, i.e. also without + <command>systemd-boot</command> being installed.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--no-variables</option></term> + <listitem><para>Do not touch the firmware's boot loader list stored in EFI variables.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--graceful</option></term> + <listitem><para>Ignore failure when the EFI System Partition cannot be found, when EFI variables + cannot be written, or a different or newer boot loader is already installed. Currently only applies + to <command>is-installed</command>, <command>update</command>, and <command>random-seed</command> + verbs.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>-q</option></term> + <term><option>--quiet</option></term> + + <listitem><para>Suppress printing of the results of various commands and also the hints about ESP + being unavailable.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--make-entry-directory=yes|no</option></term> + <listitem><para>Controls creation and deletion of the <ulink + url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink> Type #1 entry + directory on the file system containing resources such as kernel and initrd images during + <option>install</option> and <option>remove</option>, respectively. The directory is named after the + entry token, as specified with <option>--entry-token=</option> parameter described below, and is + placed immediately below the <varname>$BOOT</varname> root directory (i.e. beneath the file system + returned by the <option>--print-boot-path</option> option, see above). Defaults to + <literal>no</literal>.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--entry-token=</option></term> + + <listitem><para>Controls how to name and identify boot loader entries for this OS + installation. Accepted during <option>install</option>, and takes one of <literal>auto</literal>, + <literal>machine-id</literal>, <literal>os-id</literal>, <literal>os-image-id</literal> or an + arbitrary string prefixed by <literal>literal:</literal> as argument.</para> + + <para>If set to <option>machine-id</option> the entries are named after the machine ID of the running + system (e.g. <literal>b0e793a9baf14b5fa13ecbe84ff637ac</literal>). See + <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for + details about the machine ID concept and file.</para> + + <para>If set to <option>os-id</option> the entries are named after the OS ID of the running system, + i.e. the <varname>ID=</varname> field of + <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> (e.g. + <literal>fedora</literal>). Similarly, if set to <option>os-image-id</option> the entries are named + after the OS image ID of the running system, i.e. the <varname>IMAGE_ID=</varname> field of + <filename>os-release</filename> (e.g. <literal>vendorx-cashier-system</literal>).</para> + + <para>If set to <option>auto</option> (the default), the <filename>/etc/kernel/entry-token</filename> + file will be read if it exists, and the stored value used. Otherwise if the local machine ID is + initialized it is used. Otherwise <varname>IMAGE_ID=</varname> from <filename>os-release</filename> + will be used, if set. Otherwise, <varname>ID=</varname> from <filename>os-release</filename> will be + used, if set.</para> + + <para>Unless set to <literal>machine-id</literal>, or when + <option>--make-entry-directory=yes</option> is used the selected token string is written to a file + <filename>/etc/kernel/entry-token</filename>, to ensure it will be used for future entries. This file + is also read by + <citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + in order to identify under which name to generate boot loader entries for newly installed kernels, or + to determine the entry names for removing old ones.</para> + + <para>Using the machine ID for naming the entries is generally preferable, however there are cases + where using the other identifiers is a good option. Specifically: if the identification data that the + machine ID entails shall not be stored on the (unencrypted) <varname>$BOOT</varname> partition, or if + the ID shall be generated on first boot and is not known when the entries are prepared. Note that + using the machine ID has the benefit that multiple parallel installations of the same OS can coexist + on the same medium, and they can update their boot loader entries independently. When using another + identifier (such as the OS ID or the OS image ID), parallel installations of the same OS would try to + use the same entry name. To support parallel installations, the installer must use a different entry + token when adding a second installation.</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--all-architectures</option></term> + <listitem><para>Install binaries for all supported EFI architectures (this implies <option>--no-variables</option>).</para></listitem> + </varlistentry> + + <varlistentry> + <term><option>--efi-boot-option-description=</option></term> + <listitem><para>Description of the entry added to the firmware's boot option list. Defaults to <literal>Linux + Boot Manager</literal>.</para> + + <para>Using the default entry name <literal>Linux Boot Manager</literal> is generally preferable as only + one bootloader installed to a single ESP partition should be used to boot any number of OS installations + found on the various disks installed in the system. Specifically distributions should not use this flag + to install a branded entry in the boot option list. However in situations with multiple disks, each with + their own ESP partition, it can be beneficial to make it easier to identify the bootloader being used in + the firmware's boot option menu.</para></listitem> + </varlistentry> + + <xi:include href="standard-options.xml" xpointer="no-pager"/> + <xi:include href="standard-options.xml" xpointer="json" /> + <xi:include href="standard-options.xml" xpointer="help"/> + <xi:include href="standard-options.xml" xpointer="version"/> + </variablelist> + </refsect1> + + <refsect1> + <title>Signed .efi files</title> + <para><command>bootctl</command> <option>install</option> and <option>update</option> will look for a + <command>systemd-boot</command> file ending with the <literal>.efi.signed</literal> suffix first, and copy + that instead of the normal <literal>.efi</literal> file. This allows distributions or end-users to provide + signed images for UEFI SecureBoot.</para> + </refsect1> + + <refsect1> + <title>Exit status</title> + <para>On success, 0 is returned, a non-zero failure code otherwise.</para> + </refsect1> + + <refsect1> + <title>Environment</title> + <para>If <varname>$SYSTEMD_RELAX_ESP_CHECKS=1</varname> is set the validation checks for the ESP are + relaxed, and the path specified with <option>--esp-path=</option> may refer to any kind of file system on + any kind of partition.</para> + + <para>Similarly, <varname>$SYSTEMD_RELAX_XBOOTLDR_CHECKS=1</varname> turns off some validation checks for + the Extended Boot Loader partition.</para> + </refsect1> + + <refsect1> + <title>Examples</title> + + <example> + <title>Output from <command>status</command> and <command>list</command></title> + + <programlisting>$ <command>bootctl status</command> +System: + Firmware: UEFI 2.40 (<replaceable>firmware-version</replaceable>) ← firmware vendor and version + Secure Boot: disabled (setup) ← secure boot status + TPM2 Support: yes + Boot into FW: supported ← does the firmware support booting into itself + +Current Boot Loader: ← details about sd-boot or another boot loader + Product: systemd-boot <replaceable>version</replaceable> implementing the <ulink + url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink> + Features: ✓ Boot counting + ✓ Menu timeout control + ✓ One-shot menu timeout control + ✓ Default entry control + ✓ One-shot entry control + ✓ Support for XBOOTLDR partition + ✓ Support for passing random seed to OS + ✓ Load drop-in drivers + ✓ Boot loader sets ESP information + ESP: /dev/disk/by-partuuid/01234567-89ab-cdef-dead-beef00000000 + File: └─/EFI/systemd/systemd-bootx64.efi + +Random Seed: ← random seed used for entropy in early boot + Passed to OS: yes + System Token: set + Exists: yes + +Available Boot Loaders on ESP: + ESP: /boot/efi (/dev/disk/by-partuuid/01234567-89ab-cdef-dead-beef00000000) + File: └─/EFI/systemd/systemd-bootx64.efi (systemd-boot 251 + File: └─/EFI/BOOT/BOOTX64.EFI (systemd-boot 251 + +Boot Loaders Listed in EFI Variables: + Title: Linux Boot Manager + ID: 0x0001 + Status: active, boot-order + Partition: /dev/disk/by-partuuid/… + File: └─/EFI/systemd/systemd-bootx64.efi + + Title: Fedora + ID: 0x0000 + Status: active, boot-order + Partition: /dev/disk/by-partuuid/… + File: └─/EFI/fedora/shimx64.efi + + Title: Linux-Firmware-Updater + ID: 0x0002 + Status: active, boot-order + Partition: /dev/disk/by-partuuid/… + File: └─/EFI/fedora/fwupdx64.efi + +Boot Loader Entries: + $BOOT: /boot/efi (/dev/disk/by-partuuid/01234567-89ab-cdef-dead-beef00000000) + +Default Boot Loader Entry: + type: Boot Loader Specification Type #1 (.conf) + title: Fedora Linux 36 (Workstation Edition) + id: … + source: /boot/efi/loader/entries/<replaceable>entry-token</replaceable>-<replaceable>kernel-version</replaceable>.conf + version: <replaceable>kernel-version</replaceable> + machine-id: … + linux: /<replaceable>entry-token</replaceable>/<replaceable>kernel-version</replaceable>/linux + initrd: /<replaceable>entry-token</replaceable>/<replaceable>kernel-version</replaceable>/initrd + options: root=… +</programlisting> + + <programlisting>$ <command>bootctl list</command> +Boot Loader Entries: + type: Boot Loader Specification Type #1 (.conf) + title: Fedora Linux 36 (Workstation Edition) (default) (selected) + id: … + source: /boot/efi/loader/entries/<replaceable>entry-token</replaceable>-<replaceable>kernel-version</replaceable>.conf + version: <replaceable>kernel-version</replaceable> + machine-id: … + linux: /<replaceable>entry-token</replaceable>/<replaceable>kernel-version</replaceable>/linux + initrd: /<replaceable>entry-token</replaceable>/<replaceable>kernel-version</replaceable>/initrd + options: root=… + + type: Boot Loader Specification Type #2 (.efi) + title: Fedora Linux 35 (Workstation Edition) + id: … + source: /boot/efi/EFI/Linux/fedora-<replaceable>kernel-version</replaceable>.efi + version: <replaceable>kernel-version</replaceable> + machine-id: … + linux: /EFI/Linux/fedora-<replaceable>kernel-version</replaceable>.efi + options: root=… + + type: Automatic + title: Reboot Into Firmware Interface + id: auto-reboot-to-firmware-setup + source: /sys/firmware/efi/efivars/LoaderEntries-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f +</programlisting> + + <para>In the listing, <literal>(default)</literal> specifies the entry that will be + used by default, and <literal>(selected)</literal> specifies the entry that was + selected the last time (i.e. is currently running).</para> + </example> + </refsect1> + + <refsect1> + <title>See Also</title> + <para> + <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>, + <ulink url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink>, + <ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>, + <citerefentry><refentrytitle>systemd-boot-system-token.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> + </para> + </refsect1> +</refentry> |