summaryrefslogtreecommitdiffstats
path: root/man/systemd-boot.xml
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-10 20:49:52 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-04-10 20:49:52 +0000
commit55944e5e40b1be2afc4855d8d2baf4b73d1876b5 (patch)
tree33f869f55a1b149e9b7c2b7e201867ca5dd52992 /man/systemd-boot.xml
parentInitial commit. (diff)
downloadsystemd-55944e5e40b1be2afc4855d8d2baf4b73d1876b5.tar.xz
systemd-55944e5e40b1be2afc4855d8d2baf4b73d1876b5.zip
Adding upstream version 255.4.upstream/255.4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'man/systemd-boot.xml')
-rw-r--r--man/systemd-boot.xml650
1 files changed, 650 insertions, 0 deletions
diff --git a/man/systemd-boot.xml b/man/systemd-boot.xml
new file mode 100644
index 0000000..2b0ea9b
--- /dev/null
+++ b/man/systemd-boot.xml
@@ -0,0 +1,650 @@
+<?xml version='1.0'?> <!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
+
+<refentry id="systemd-boot" conditional='ENABLE_BOOTLOADER'
+ xmlns:xi="http://www.w3.org/2001/XInclude">
+ <refentryinfo>
+ <title>systemd-boot</title>
+ <productname>systemd</productname>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>systemd-boot</refentrytitle>
+ <manvolnum>7</manvolnum>
+ </refmeta>
+
+ <refnamediv>
+ <refname>systemd-boot</refname>
+ <refname>sd-boot</refname>
+ <refpurpose>A simple UEFI boot manager</refpurpose>
+ </refnamediv>
+
+ <refsect1>
+ <title>Description</title>
+
+ <para><command>systemd-boot</command> (short: <command>sd-boot</command>) is a simple UEFI boot
+ manager. It provides a textual menu to select the entry to boot and an editor for the kernel command
+ line. <command>systemd-boot</command> supports systems with UEFI firmware only.</para>
+
+ <para><command>systemd-boot</command> loads boot entry information from the EFI system partition (ESP),
+ usually mounted at <filename>/efi/</filename>, <filename>/boot/</filename>, or
+ <filename>/boot/efi/</filename> during OS runtime, as well as from the Extended Boot Loader partition
+ (XBOOTLDR) if it exists (usually mounted to <filename>/boot/</filename>). Configuration file fragments,
+ kernels, initrds and other EFI images to boot generally need to reside on the ESP or the Extended Boot
+ Loader partition. Linux kernels must be built with <option>CONFIG_EFI_STUB</option> to be able to be
+ directly executed as an EFI image. During boot <command>systemd-boot</command> automatically assembles a
+ list of boot entries from the following sources:</para>
+
+ <itemizedlist>
+ <listitem><para>Boot entries defined with <ulink
+ url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> Type #1
+ description files located in <filename>/loader/entries/</filename> on the ESP and the Extended Boot
+ Loader Partition. These usually describe Linux kernel images with associated initrd images, but
+ alternatively may also describe other arbitrary EFI executables.</para></listitem>
+
+ <listitem><para>Unified kernel images, <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot
+ Loader Specification</ulink> Type #2, which are executable EFI binaries in
+ <filename>/EFI/Linux/</filename> on the ESP and the Extended Boot Loader Partition.</para></listitem>
+
+ <listitem><para>The Microsoft Windows EFI boot manager, if installed.</para></listitem>
+
+ <listitem><para>The Apple macOS boot manager, if installed.</para></listitem>
+
+ <listitem><para>The EFI Shell binary, if installed.</para></listitem>
+
+ <listitem><para>A <literal>Reboot Into Firmware Interface option</literal>, if supported by the UEFI
+ firmware.</para></listitem>
+
+ <listitem><para>Secure Boot variables enrollment if the UEFI firmware is in setup-mode and files are provided
+ on the ESP.</para></listitem>
+ </itemizedlist>
+
+ <para><command>systemd-boot</command> supports the following features:</para>
+
+ <itemizedlist>
+ <listitem><para>Basic boot manager configuration changes (such as timeout
+ configuration, default boot entry selection, …) may be made directly from the boot loader UI at
+ boot-time, as well as during system runtime with EFI variables.</para></listitem>
+
+ <listitem><para>The boot manager integrates with the <command>systemctl</command> command to implement
+ features such as <command>systemctl reboot --boot-loader-entry=…</command> (for rebooting into a
+ specific boot menu entry, i.e. "reboot into Windows") and <command>systemctl reboot
+ --boot-loader-menu=…</command> (for rebooting into the boot loader menu), by implementing the <ulink
+ url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>. See
+ <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
+ details.</para></listitem>
+
+ <listitem><para>An EFI variable set by the boot loader informs the OS about the EFI System Partition used
+ during boot. This is then used to automatically mount the correct EFI System Partition to
+ <filename>/efi/</filename> or <filename>/boot/</filename> during OS runtime. See
+ <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ for details.</para></listitem>
+
+ <listitem><para>The boot manager provides information about the boot time spent in UEFI firmware using
+ the <ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>. This
+ information can be displayed using
+ <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
+ </para></listitem>
+
+ <listitem><para>The boot manager implements boot counting and automatic fallback to older, working boot
+ entries on failure. See <ulink url="https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT">Automatic Boot
+ Assessment</ulink>.</para></listitem>
+
+ <listitem><para>The boot manager optionally reads a random seed from the ESP partition, combines it
+ with a 'system token' stored in a persistent EFI variable and derives a random seed to use by the OS as
+ entropy pool initialization, providing a full entropy pool during early boot.</para></listitem>
+
+ <listitem><para>The boot manager allows for Secure Boot variables to be enrolled if the UEFI firmware is
+ in setup-mode. Additionally, variables can be automatically enrolled if configured.</para></listitem>
+ </itemizedlist>
+
+ <para><citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ may be used from a running system to locate the ESP and the Extended Boot Loader Partition, list
+ available entries, and install <command>systemd-boot</command> itself.</para>
+
+ <para><citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ may be used to copy kernel images onto the ESP or the Extended Boot Loader Partition and to generate
+ description files compliant with the Boot Loader
+ Specification.</para>
+
+ <para><citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ may be used as UEFI boot stub for executed kernels, which is useful to show graphical boot splashes
+ before transitioning into the Linux world. It is also capable of automatically picking up auxiliary
+ credential files (for boot parameterization) and system extension images, as companion files to the
+ booted kernel images.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>Key bindings</title>
+ <para>The following keys may be used in the boot menu:</para>
+
+ <!-- Developer commands Q/v/Ctrl+l deliberately not advertised. -->
+
+ <variablelist>
+ <varlistentry>
+ <term><keycap>↑</keycap> (Up)</term>
+ <term><keycap>↓</keycap> (Down)</term>
+ <term><keycap>j</keycap></term>
+ <term><keycap>k</keycap></term>
+ <term><keycap>PageUp</keycap></term>
+ <term><keycap>PageDown</keycap></term>
+ <term><keycap>Home</keycap></term>
+ <term><keycap>End</keycap></term>
+ <listitem><para>Navigate up/down in the entry list</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>↵</keycap> (Enter)</term>
+ <term><keycap>→</keycap> (Right)</term>
+ <listitem><para>Boot selected entry</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>d</keycap></term>
+ <listitem><para>Make selected entry the default</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>e</keycap></term>
+ <listitem><para>Edit the kernel command line for selected entry</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>+</keycap></term>
+ <term><keycap>t</keycap></term>
+ <listitem><para>Increase the timeout before default entry is booted</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>-</keycap></term>
+ <term><keycap>T</keycap></term>
+ <listitem><para>Decrease the timeout</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>r</keycap></term>
+ <listitem><para>Change screen resolution, skipping any unsupported modes.</para>
+
+ <xi:include href="version-info.xml" xpointer="v250"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>R</keycap></term>
+ <listitem><para>Reset screen resolution to firmware or configuration file default.</para>
+
+ <xi:include href="version-info.xml" xpointer="v250"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>p</keycap></term>
+ <listitem><para>Print status</para>
+
+ <xi:include href="version-info.xml" xpointer="v250"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>h</keycap></term>
+ <term><keycap>?</keycap></term>
+ <term><keycap>F1</keycap></term>
+ <listitem><para>Show a help screen</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>f</keycap></term>
+ <listitem><para>Reboot into firmware interface.</para>
+
+ <para>For compatibility with the keybindings of several firmware implementations this operation
+ may also be reached with <keycap>F2</keycap>, <keycap>F10</keycap>, <keycap>Del</keycap> and
+ <keycap>Esc</keycap>.</para>
+
+ <xi:include href="version-info.xml" xpointer="v250"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycombo><keycap>Shift</keycap><keycap>o</keycap></keycombo></term>
+ <listitem><para>Power off the system.</para>
+
+ <xi:include href="version-info.xml" xpointer="v255"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycombo><keycap>Shift</keycap><keycap>b</keycap></keycombo></term>
+ <listitem><para>Reboot the system.</para>
+
+ <xi:include href="version-info.xml" xpointer="v255"/></listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>The following keys may be pressed during bootup or in the boot menu to directly boot a specific
+ entry:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><keycap>l</keycap></term>
+ <listitem><para>Linux</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>w</keycap></term>
+ <listitem><para>Windows</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>a</keycap></term>
+ <listitem><para>macOS</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>s</keycap></term>
+ <listitem><para>EFI shell</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>1</keycap></term>
+ <term><keycap>2</keycap></term>
+ <term><keycap>3</keycap></term>
+ <term><keycap>4</keycap></term>
+ <term><keycap>5</keycap></term>
+ <term><keycap>6</keycap></term>
+ <term><keycap>7</keycap></term>
+ <term><keycap>8</keycap></term>
+ <term><keycap>9</keycap></term>
+ <listitem><para>Boot entry number 1 … 9</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>The boot menu is shown when a non-zero menu timeout has been configured. If the menu timeout has
+ been set to zero, it is sufficient to press any key — before the boot loader initializes — to bring up
+ the boot menu, except for the keys listed immediately above as they directly boot into the selected boot
+ menu item. Note that depending on the firmware implementation the time window where key presses are
+ accepted before the boot loader initializes might be short. If the window is missed, reboot and try
+ again, possibly pressing a suitable key (e.g. the space bar) continuously; on most systems it should be
+ possible to hit the time window after a few attempts. To avoid this problem, consider setting a non-zero
+ timeout, thus showing the boot menu unconditionally. Some desktop environments might offer an option to
+ directly boot into the boot menu, to avoid the problem altogether. Alternatively, use the command line
+ <command>systemctl reboot --boot-loader-menu=0</command> from the shell.</para>
+
+ <para>In the editor, most keys simply insert themselves, but the following keys
+ may be used to perform additional actions:</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><keycap>←</keycap> (Left)</term>
+ <term><keycap>→</keycap> (Right)</term>
+ <term><keycap>Home</keycap></term>
+ <term><keycap>End</keycap></term>
+ <listitem><para>Navigate left/right</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>Esc</keycap></term>
+ <term><keycombo><keycap>Ctrl</keycap><keycap>c</keycap></keycombo></term>
+ <listitem><para>Abort the edit and quit the editor</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycombo><keycap>Ctrl</keycap><keycap>k</keycap></keycombo></term>
+ <listitem><para>Clear the command line forwards</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycombo><keycap>Ctrl</keycap><keycap>w</keycap></keycombo></term>
+ <term><keycombo><keycap>Alt</keycap><keycap>Backspace</keycap></keycombo></term>
+ <listitem><para>Delete word backwards</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycombo><keycap>Ctrl</keycap><keycap>Del</keycap></keycombo></term>
+ <term><keycombo><keycap>Alt</keycap><keycap>d</keycap></keycombo></term>
+ <listitem><para>Delete word forwards</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><keycap>↵</keycap> (Enter)</term>
+ <listitem><para>Boot entry with the edited command line</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>Note that unless configured otherwise in the UEFI firmware, systemd-boot will
+ use the US keyboard layout, so key labels might not match for keys like +/-.
+ </para>
+ </refsect1>
+
+ <refsect1>
+ <title>Files</title>
+
+ <para>The files <command>systemd-boot</command> processes generally reside on the UEFI ESP which is
+ usually mounted to <filename>/efi/</filename>, <filename>/boot/</filename> or
+ <filename>/boot/efi/</filename> during OS runtime. It also processes files on the Extended Boot Loader
+ partition which is typically mounted to <filename>/boot/</filename>, if it
+ exists.</para>
+
+ <para><command>systemd-boot</command> reads runtime configuration such as the boot timeout and default
+ entry from <filename>/loader/loader.conf</filename> on the ESP (in combination with data read from EFI
+ variables). See
+ <citerefentry><refentrytitle>loader.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+
+ <para>Boot entry description files following the <ulink
+ url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> are read from
+ <filename>/loader/entries/</filename> on the ESP and the Extended Boot Loader partition.</para>
+
+ <para>Unified kernel boot entries following the <ulink
+ url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> are read from
+ <filename>/EFI/Linux/</filename> on the ESP and the Extended Boot Loader partition.</para>
+
+ <para>Optionally, a random seed for early boot entropy pool provisioning is stored in
+ <filename>/loader/random-seed</filename> in the ESP.</para>
+
+ <para>During initialization, <command>sd-boot</command> automatically loads all driver files placed in
+ the <filename>/EFI/systemd/drivers/</filename> directory of the ESP. The files placed there must have an
+ extension of the EFI architecture ID followed by <filename>.efi</filename> (e.g. for x86-64 this means a
+ suffix of <filename>x64.efi</filename>). This may be used to automatically load file system drivers and
+ similar, to extend the native firmware support.</para>
+
+ <para>Enrollment of Secure Boot variables can be performed manually or automatically if files are available
+ under <filename>/loader/keys/<replaceable>NAME</replaceable>/{db,KEK,PK}.auth</filename>, <replaceable>NAME</replaceable>
+ being the display name for the set of variables in the menu. If one of the sets is named <filename>auto</filename>
+ then it might be enrolled automatically depending on whether <literal>secure-boot-enroll</literal> is set
+ to force or not.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>EFI Variables</title>
+
+ <para>The following EFI variables are defined, set and read by <command>systemd-boot</command>, under the
+ vendor UUID <literal>4a67b082-0a4c-41cf-b6c7-440b29bb8c4f</literal>, for communication between the boot
+ loader and the OS:</para>
+
+ <variablelist class='efi-variables'>
+ <varlistentry>
+ <term><varname>LoaderBootCountPath</varname></term>
+ <listitem><para>If boot counting is enabled, contains the path to the file in whose name the boot counters are
+ encoded. Set by the boot
+ loader. <citerefentry><refentrytitle>systemd-bless-boot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ uses this information to mark a boot as successful as determined by the successful activation of the
+ <filename>boot-complete.target</filename> target unit.</para>
+
+ <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderConfigTimeout</varname></term>
+ <term><varname>LoaderConfigTimeoutOneShot</varname></term>
+ <listitem><para>The menu timeout in seconds. Read by the boot loader. <varname>LoaderConfigTimeout</varname>
+ is maintained persistently, while <varname>LoaderConfigTimeoutOneShot</varname> is a one-time override which is
+ read once (in which case it takes precedence over <varname>LoaderConfigTimeout</varname>) and then
+ removed. <varname>LoaderConfigTimeout</varname> may be manipulated with the
+ <keycap>t</keycap>/<keycap>T</keycap> keys, see above.</para>
+
+ <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderConfigConsoleMode</varname></term>
+ <listitem><para>The numerical menu console mode. Read by the boot loader. <varname>LoaderConfigConsoleMode</varname>
+ is maintained persistently. <varname>LoaderConfigConsoleMode</varname> may be manipulated with the
+ <keycap>r</keycap>/<keycap>R</keycap> keys, see above.</para>
+
+ <xi:include href="version-info.xml" xpointer="v250"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderDevicePartUUID</varname></term>
+
+ <listitem><para>Contains the partition UUID of the EFI System Partition the boot loader was run from. Set by
+ the boot
+ loader. <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ uses this information to automatically find the disk booted from, in order to discover various other partitions
+ on the same disk automatically.</para>
+
+ <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderEntries</varname></term>
+
+ <listitem><para>A list of the identifiers of all discovered boot loader entries. Set by the boot
+ loader.</para>
+
+ <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderEntryDefault</varname></term>
+ <term><varname>LoaderEntryOneShot</varname></term>
+
+ <listitem><para>The identifier of the default boot loader entry. Set primarily by the OS and read by the boot
+ loader. <varname>LoaderEntryOneShot</varname> sets the default entry for the next boot only, while
+ <varname>LoaderEntryDefault</varname> sets it persistently for all future
+ boots. <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
+ <option>set-default</option> and <option>set-oneshot</option> commands make use of these variables. The boot
+ loader modifies <varname>LoaderEntryDefault</varname> on request, when the <keycap>d</keycap> key is used, see
+ above.</para>
+
+ <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderEntryLastBooted</varname></term>
+
+ <listitem><para>The identifier of the boot loader entry last attempted. Set and read by the boot loader,
+ only when <filename>/loader/loader.conf</filename> has default set to <literal>@saved</literal>. See
+ <citerefentry><refentrytitle>loader.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+
+ <para> The boot loader will ensure <varname>LoaderEntryLastBooted</varname> is up-to date for every boot,
+ updating it as needed and will omit changing it all together when <varname>LoaderEntryOneShot</varname>
+ is set.</para>
+
+ <para>The boot loader reads the variable, which takes higher priority than
+ <varname>LoaderEntryDefault</varname>. The variable is ignored when <varname>LoaderEntryOneShot</varname>
+ is set.</para>
+
+ <para><varname>LoaderEntryLastBooted</varname> cannot be used as indication that the last boot was
+ successful or not.</para>
+
+ <xi:include href="version-info.xml" xpointer="v250"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderEntrySelected</varname></term>
+
+ <listitem><para>The identifier of the boot loader entry currently being booted. Set by the boot
+ loader.</para>
+
+ <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderFeatures</varname></term>
+
+ <listitem><para>A set of flags indicating the features the boot loader supports. Set by the boot loader. Use
+ <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this
+ data.</para>
+
+ <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderFirmwareInfo</varname></term>
+ <term><varname>LoaderFirmwareType</varname></term>
+
+ <listitem><para>Brief firmware information. Set by the boot loader. Use
+ <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this
+ data.</para>
+
+ <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderImageIdentifier</varname></term>
+
+ <listitem><para>The path of executable of the boot loader used for the current boot, relative to the EFI System
+ Partition's root directory. Set by the boot loader. Use
+ <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this
+ data.</para>
+
+ <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderInfo</varname></term>
+
+ <listitem><para>Brief information about the boot loader. Set by the boot loader. Use
+ <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this
+ data.</para>
+
+ <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderTimeExecUSec</varname></term>
+ <term><varname>LoaderTimeInitUSec</varname></term>
+ <term><varname>LoaderTimeMenuUsec</varname></term>
+
+ <listitem><para>Information about the time spent in various parts of the boot loader. Set by the boot
+ loader. Use <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ to view this data. </para>
+
+ <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><varname>LoaderSystemToken</varname></term>
+
+ <listitem><para>A binary random data field, that is used for generating the random seed to pass to
+ the OS (see above). Note that this random data is generally only generated once, during OS
+ installation, and is then never updated again.</para>
+
+ <xi:include href="version-info.xml" xpointer="v243"/></listitem>
+ </varlistentry>
+ </variablelist>
+
+ <para>Many of these variables are defined by the <ulink
+ url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>Boot Counting</title>
+
+ <para><command>systemd-boot</command> implements a simple boot counting mechanism on top of the <ulink
+ url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink>, for automatic and unattended
+ fallback to older kernel versions/boot loader entries when a specific entry continuously fails. Any boot loader
+ entry file and unified kernel image file that contains a <literal>+</literal> followed by one or two numbers (if
+ two they need to be separated by a <literal>-</literal>), before the <filename>.conf</filename> or
+ <filename>.efi</filename> suffix is subject to boot counting: the first of the two numbers ('tries left') is
+ decreased by one on every boot attempt, the second of the two numbers ('tries done') is increased by one (if 'tries
+ done' is absent it is considered equivalent to 0). Depending on the current value of these two counters the boot
+ entry is considered to be in one of three states:</para>
+
+ <orderedlist>
+ <listitem><para>If the 'tries left' counter of an entry is greater than zero the entry is considered to be in
+ 'indeterminate' state. This means the entry has not completed booting successfully yet, but also hasn't been
+ determined not to work.</para></listitem>
+
+ <listitem><para>If the 'tries left' counter of an entry is zero it is considered to be in 'bad' state. This means
+ no further attempts to boot this item will be made (that is, unless all other boot entries are also in 'bad'
+ state), as all attempts to boot this entry have not completed successfully.</para></listitem>
+
+ <listitem><para>If the 'tries left' and 'tries done' counters of an entry are absent it is considered to be in
+ 'good' state. This means further boot counting for the entry is turned off, as it successfully booted at least
+ once. The
+ <citerefentry><refentrytitle>systemd-bless-boot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ service moves the currently booted entry from 'indeterminate' into 'good' state when a boot attempt completed
+ successfully.</para></listitem>
+ </orderedlist>
+
+ <para>Generally, when new entries are added to the boot loader, they first start out in 'indeterminate' state,
+ i.e. with a 'tries left' counter greater than zero. The boot entry remains in this state until either it managed to
+ complete a full boot successfully at least once (in which case it will be in 'good' state) — or the 'tries left'
+ counter reaches zero (in which case it will be in 'bad' state).</para>
+
+ <para>Example: let's say a boot loader entry file <filename>foo.conf</filename> is set up for 3 boot tries. The
+ installer will hence create it under the name <filename>foo+3.conf</filename>. On first boot, the boot loader will
+ rename it to <filename>foo+2-1.conf</filename>. If that boot does not complete successfully, the boot loader will
+ rename it to <filename>foo+1-2.conf</filename> on the following boot. If that fails too, it will finally be renamed
+ <filename>foo+0-3.conf</filename> by the boot loader on next boot, after which it will be considered 'bad'. If the
+ boot succeeds however the entry file will be renamed to <filename>foo.conf</filename> by the OS, so that it is
+ considered 'good' from then on.</para>
+
+ <para>The boot menu takes the 'tries left' counter into account when sorting the menu entries: entries in 'bad'
+ state are ordered at the beginning of the list, and entries in 'good' or 'indeterminate' at the end. The user can
+ freely choose to boot any entry of the menu, including those already marked 'bad'. If the menu entry to boot is
+ automatically determined, this means that 'good' or 'indeterminate' entries are generally preferred (as the bottom
+ item of the menu is the one booted by default), and 'bad' entries will only be considered if there are no 'good' or
+ 'indeterminate' entries left.</para>
+
+ <para>The <citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry> kernel
+ install framework optionally sets the initial 'tries left' counter to the value specified in
+ <filename>/etc/kernel/tries</filename> when a boot loader entry is first created.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>Using <command>systemd-boot</command> in virtual machines</title>
+
+ <para>When using qemu with OVMF (UEFI Firmware for virtual machines) the <option>-kernel</option> switch
+ works not only for linux kernels, but for any EFI binary, including sd-boot and unified linux
+ kernels. Example command line for loading <command>systemd-boot</command> on x64:</para>
+
+ <para>
+ <command>qemu-system-x86_64 <replaceable>[ ... ]</replaceable>
+ -kernel /usr/lib/systemd/boot/efi/systemd-bootx64.efi</command>
+ </para>
+
+ <para>systemd-boot will detect that it was started directly instead of being loaded from ESP and will
+ search for the ESP in that case, taking into account boot order information from the hypervisor (if
+ available).</para>
+ </refsect1>
+
+ <refsect1>
+ <title>See Also</title>
+ <para>
+ <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>loader.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-bless-boot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-boot-random-seed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ <citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+ <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink>,
+ <ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>,
+ <ulink url="https://systemd.io/TPM2_PCR_MEASUREMENTS">TPM2 PCR Measurements Made by systemd</ulink>
+ </para>
+ </refsect1>
+</refentry>