diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 20:49:52 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 20:49:52 +0000 |
commit | 55944e5e40b1be2afc4855d8d2baf4b73d1876b5 (patch) | |
tree | 33f869f55a1b149e9b7c2b7e201867ca5dd52992 /man/systemd-boot.xml | |
parent | Initial commit. (diff) | |
download | systemd-55944e5e40b1be2afc4855d8d2baf4b73d1876b5.tar.xz systemd-55944e5e40b1be2afc4855d8d2baf4b73d1876b5.zip |
Adding upstream version 255.4.upstream/255.4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'man/systemd-boot.xml')
-rw-r--r-- | man/systemd-boot.xml | 650 |
1 files changed, 650 insertions, 0 deletions
diff --git a/man/systemd-boot.xml b/man/systemd-boot.xml new file mode 100644 index 0000000..2b0ea9b --- /dev/null +++ b/man/systemd-boot.xml @@ -0,0 +1,650 @@ +<?xml version='1.0'?> <!--*-nxml-*--> +<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" + "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"> +<!-- SPDX-License-Identifier: LGPL-2.1-or-later --> + +<refentry id="systemd-boot" conditional='ENABLE_BOOTLOADER' + xmlns:xi="http://www.w3.org/2001/XInclude"> + <refentryinfo> + <title>systemd-boot</title> + <productname>systemd</productname> + </refentryinfo> + + <refmeta> + <refentrytitle>systemd-boot</refentrytitle> + <manvolnum>7</manvolnum> + </refmeta> + + <refnamediv> + <refname>systemd-boot</refname> + <refname>sd-boot</refname> + <refpurpose>A simple UEFI boot manager</refpurpose> + </refnamediv> + + <refsect1> + <title>Description</title> + + <para><command>systemd-boot</command> (short: <command>sd-boot</command>) is a simple UEFI boot + manager. It provides a textual menu to select the entry to boot and an editor for the kernel command + line. <command>systemd-boot</command> supports systems with UEFI firmware only.</para> + + <para><command>systemd-boot</command> loads boot entry information from the EFI system partition (ESP), + usually mounted at <filename>/efi/</filename>, <filename>/boot/</filename>, or + <filename>/boot/efi/</filename> during OS runtime, as well as from the Extended Boot Loader partition + (XBOOTLDR) if it exists (usually mounted to <filename>/boot/</filename>). Configuration file fragments, + kernels, initrds and other EFI images to boot generally need to reside on the ESP or the Extended Boot + Loader partition. Linux kernels must be built with <option>CONFIG_EFI_STUB</option> to be able to be + directly executed as an EFI image. During boot <command>systemd-boot</command> automatically assembles a + list of boot entries from the following sources:</para> + + <itemizedlist> + <listitem><para>Boot entries defined with <ulink + url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> Type #1 + description files located in <filename>/loader/entries/</filename> on the ESP and the Extended Boot + Loader Partition. These usually describe Linux kernel images with associated initrd images, but + alternatively may also describe other arbitrary EFI executables.</para></listitem> + + <listitem><para>Unified kernel images, <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot + Loader Specification</ulink> Type #2, which are executable EFI binaries in + <filename>/EFI/Linux/</filename> on the ESP and the Extended Boot Loader Partition.</para></listitem> + + <listitem><para>The Microsoft Windows EFI boot manager, if installed.</para></listitem> + + <listitem><para>The Apple macOS boot manager, if installed.</para></listitem> + + <listitem><para>The EFI Shell binary, if installed.</para></listitem> + + <listitem><para>A <literal>Reboot Into Firmware Interface option</literal>, if supported by the UEFI + firmware.</para></listitem> + + <listitem><para>Secure Boot variables enrollment if the UEFI firmware is in setup-mode and files are provided + on the ESP.</para></listitem> + </itemizedlist> + + <para><command>systemd-boot</command> supports the following features:</para> + + <itemizedlist> + <listitem><para>Basic boot manager configuration changes (such as timeout + configuration, default boot entry selection, …) may be made directly from the boot loader UI at + boot-time, as well as during system runtime with EFI variables.</para></listitem> + + <listitem><para>The boot manager integrates with the <command>systemctl</command> command to implement + features such as <command>systemctl reboot --boot-loader-entry=…</command> (for rebooting into a + specific boot menu entry, i.e. "reboot into Windows") and <command>systemctl reboot + --boot-loader-menu=…</command> (for rebooting into the boot loader menu), by implementing the <ulink + url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>. See + <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> for + details.</para></listitem> + + <listitem><para>An EFI variable set by the boot loader informs the OS about the EFI System Partition used + during boot. This is then used to automatically mount the correct EFI System Partition to + <filename>/efi/</filename> or <filename>/boot/</filename> during OS runtime. See + <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> + for details.</para></listitem> + + <listitem><para>The boot manager provides information about the boot time spent in UEFI firmware using + the <ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>. This + information can be displayed using + <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>. + </para></listitem> + + <listitem><para>The boot manager implements boot counting and automatic fallback to older, working boot + entries on failure. See <ulink url="https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT">Automatic Boot + Assessment</ulink>.</para></listitem> + + <listitem><para>The boot manager optionally reads a random seed from the ESP partition, combines it + with a 'system token' stored in a persistent EFI variable and derives a random seed to use by the OS as + entropy pool initialization, providing a full entropy pool during early boot.</para></listitem> + + <listitem><para>The boot manager allows for Secure Boot variables to be enrolled if the UEFI firmware is + in setup-mode. Additionally, variables can be automatically enrolled if configured.</para></listitem> + </itemizedlist> + + <para><citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> + may be used from a running system to locate the ESP and the Extended Boot Loader Partition, list + available entries, and install <command>systemd-boot</command> itself.</para> + + <para><citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry> + may be used to copy kernel images onto the ESP or the Extended Boot Loader Partition and to generate + description files compliant with the Boot Loader + Specification.</para> + + <para><citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry> + may be used as UEFI boot stub for executed kernels, which is useful to show graphical boot splashes + before transitioning into the Linux world. It is also capable of automatically picking up auxiliary + credential files (for boot parameterization) and system extension images, as companion files to the + booted kernel images.</para> + </refsect1> + + <refsect1> + <title>Key bindings</title> + <para>The following keys may be used in the boot menu:</para> + + <!-- Developer commands Q/v/Ctrl+l deliberately not advertised. --> + + <variablelist> + <varlistentry> + <term><keycap>↑</keycap> (Up)</term> + <term><keycap>↓</keycap> (Down)</term> + <term><keycap>j</keycap></term> + <term><keycap>k</keycap></term> + <term><keycap>PageUp</keycap></term> + <term><keycap>PageDown</keycap></term> + <term><keycap>Home</keycap></term> + <term><keycap>End</keycap></term> + <listitem><para>Navigate up/down in the entry list</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycap>↵</keycap> (Enter)</term> + <term><keycap>→</keycap> (Right)</term> + <listitem><para>Boot selected entry</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycap>d</keycap></term> + <listitem><para>Make selected entry the default</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycap>e</keycap></term> + <listitem><para>Edit the kernel command line for selected entry</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycap>+</keycap></term> + <term><keycap>t</keycap></term> + <listitem><para>Increase the timeout before default entry is booted</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycap>-</keycap></term> + <term><keycap>T</keycap></term> + <listitem><para>Decrease the timeout</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycap>r</keycap></term> + <listitem><para>Change screen resolution, skipping any unsupported modes.</para> + + <xi:include href="version-info.xml" xpointer="v250"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycap>R</keycap></term> + <listitem><para>Reset screen resolution to firmware or configuration file default.</para> + + <xi:include href="version-info.xml" xpointer="v250"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycap>p</keycap></term> + <listitem><para>Print status</para> + + <xi:include href="version-info.xml" xpointer="v250"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycap>h</keycap></term> + <term><keycap>?</keycap></term> + <term><keycap>F1</keycap></term> + <listitem><para>Show a help screen</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycap>f</keycap></term> + <listitem><para>Reboot into firmware interface.</para> + + <para>For compatibility with the keybindings of several firmware implementations this operation + may also be reached with <keycap>F2</keycap>, <keycap>F10</keycap>, <keycap>Del</keycap> and + <keycap>Esc</keycap>.</para> + + <xi:include href="version-info.xml" xpointer="v250"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycombo><keycap>Shift</keycap><keycap>o</keycap></keycombo></term> + <listitem><para>Power off the system.</para> + + <xi:include href="version-info.xml" xpointer="v255"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycombo><keycap>Shift</keycap><keycap>b</keycap></keycombo></term> + <listitem><para>Reboot the system.</para> + + <xi:include href="version-info.xml" xpointer="v255"/></listitem> + </varlistentry> + </variablelist> + + <para>The following keys may be pressed during bootup or in the boot menu to directly boot a specific + entry:</para> + + <variablelist> + <varlistentry> + <term><keycap>l</keycap></term> + <listitem><para>Linux</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycap>w</keycap></term> + <listitem><para>Windows</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycap>a</keycap></term> + <listitem><para>macOS</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycap>s</keycap></term> + <listitem><para>EFI shell</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycap>1</keycap></term> + <term><keycap>2</keycap></term> + <term><keycap>3</keycap></term> + <term><keycap>4</keycap></term> + <term><keycap>5</keycap></term> + <term><keycap>6</keycap></term> + <term><keycap>7</keycap></term> + <term><keycap>8</keycap></term> + <term><keycap>9</keycap></term> + <listitem><para>Boot entry number 1 … 9</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> + </varlistentry> + </variablelist> + + <para>The boot menu is shown when a non-zero menu timeout has been configured. If the menu timeout has + been set to zero, it is sufficient to press any key — before the boot loader initializes — to bring up + the boot menu, except for the keys listed immediately above as they directly boot into the selected boot + menu item. Note that depending on the firmware implementation the time window where key presses are + accepted before the boot loader initializes might be short. If the window is missed, reboot and try + again, possibly pressing a suitable key (e.g. the space bar) continuously; on most systems it should be + possible to hit the time window after a few attempts. To avoid this problem, consider setting a non-zero + timeout, thus showing the boot menu unconditionally. Some desktop environments might offer an option to + directly boot into the boot menu, to avoid the problem altogether. Alternatively, use the command line + <command>systemctl reboot --boot-loader-menu=0</command> from the shell.</para> + + <para>In the editor, most keys simply insert themselves, but the following keys + may be used to perform additional actions:</para> + + <variablelist> + <varlistentry> + <term><keycap>←</keycap> (Left)</term> + <term><keycap>→</keycap> (Right)</term> + <term><keycap>Home</keycap></term> + <term><keycap>End</keycap></term> + <listitem><para>Navigate left/right</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycap>Esc</keycap></term> + <term><keycombo><keycap>Ctrl</keycap><keycap>c</keycap></keycombo></term> + <listitem><para>Abort the edit and quit the editor</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycombo><keycap>Ctrl</keycap><keycap>k</keycap></keycombo></term> + <listitem><para>Clear the command line forwards</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycombo><keycap>Ctrl</keycap><keycap>w</keycap></keycombo></term> + <term><keycombo><keycap>Alt</keycap><keycap>Backspace</keycap></keycombo></term> + <listitem><para>Delete word backwards</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycombo><keycap>Ctrl</keycap><keycap>Del</keycap></keycombo></term> + <term><keycombo><keycap>Alt</keycap><keycap>d</keycap></keycombo></term> + <listitem><para>Delete word forwards</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> + </varlistentry> + + <varlistentry> + <term><keycap>↵</keycap> (Enter)</term> + <listitem><para>Boot entry with the edited command line</para> + + <xi:include href="version-info.xml" xpointer="v239"/></listitem> + </varlistentry> + </variablelist> + + <para>Note that unless configured otherwise in the UEFI firmware, systemd-boot will + use the US keyboard layout, so key labels might not match for keys like +/-. + </para> + </refsect1> + + <refsect1> + <title>Files</title> + + <para>The files <command>systemd-boot</command> processes generally reside on the UEFI ESP which is + usually mounted to <filename>/efi/</filename>, <filename>/boot/</filename> or + <filename>/boot/efi/</filename> during OS runtime. It also processes files on the Extended Boot Loader + partition which is typically mounted to <filename>/boot/</filename>, if it + exists.</para> + + <para><command>systemd-boot</command> reads runtime configuration such as the boot timeout and default + entry from <filename>/loader/loader.conf</filename> on the ESP (in combination with data read from EFI + variables). See + <citerefentry><refentrytitle>loader.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> + + <para>Boot entry description files following the <ulink + url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> are read from + <filename>/loader/entries/</filename> on the ESP and the Extended Boot Loader partition.</para> + + <para>Unified kernel boot entries following the <ulink + url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> are read from + <filename>/EFI/Linux/</filename> on the ESP and the Extended Boot Loader partition.</para> + + <para>Optionally, a random seed for early boot entropy pool provisioning is stored in + <filename>/loader/random-seed</filename> in the ESP.</para> + + <para>During initialization, <command>sd-boot</command> automatically loads all driver files placed in + the <filename>/EFI/systemd/drivers/</filename> directory of the ESP. The files placed there must have an + extension of the EFI architecture ID followed by <filename>.efi</filename> (e.g. for x86-64 this means a + suffix of <filename>x64.efi</filename>). This may be used to automatically load file system drivers and + similar, to extend the native firmware support.</para> + + <para>Enrollment of Secure Boot variables can be performed manually or automatically if files are available + under <filename>/loader/keys/<replaceable>NAME</replaceable>/{db,KEK,PK}.auth</filename>, <replaceable>NAME</replaceable> + being the display name for the set of variables in the menu. If one of the sets is named <filename>auto</filename> + then it might be enrolled automatically depending on whether <literal>secure-boot-enroll</literal> is set + to force or not.</para> + </refsect1> + + <refsect1> + <title>EFI Variables</title> + + <para>The following EFI variables are defined, set and read by <command>systemd-boot</command>, under the + vendor UUID <literal>4a67b082-0a4c-41cf-b6c7-440b29bb8c4f</literal>, for communication between the boot + loader and the OS:</para> + + <variablelist class='efi-variables'> + <varlistentry> + <term><varname>LoaderBootCountPath</varname></term> + <listitem><para>If boot counting is enabled, contains the path to the file in whose name the boot counters are + encoded. Set by the boot + loader. <citerefentry><refentrytitle>systemd-bless-boot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> + uses this information to mark a boot as successful as determined by the successful activation of the + <filename>boot-complete.target</filename> target unit.</para> + + <xi:include href="version-info.xml" xpointer="v240"/></listitem> + </varlistentry> + + <varlistentry> + <term><varname>LoaderConfigTimeout</varname></term> + <term><varname>LoaderConfigTimeoutOneShot</varname></term> + <listitem><para>The menu timeout in seconds. Read by the boot loader. <varname>LoaderConfigTimeout</varname> + is maintained persistently, while <varname>LoaderConfigTimeoutOneShot</varname> is a one-time override which is + read once (in which case it takes precedence over <varname>LoaderConfigTimeout</varname>) and then + removed. <varname>LoaderConfigTimeout</varname> may be manipulated with the + <keycap>t</keycap>/<keycap>T</keycap> keys, see above.</para> + + <xi:include href="version-info.xml" xpointer="v240"/></listitem> + </varlistentry> + + <varlistentry> + <term><varname>LoaderConfigConsoleMode</varname></term> + <listitem><para>The numerical menu console mode. Read by the boot loader. <varname>LoaderConfigConsoleMode</varname> + is maintained persistently. <varname>LoaderConfigConsoleMode</varname> may be manipulated with the + <keycap>r</keycap>/<keycap>R</keycap> keys, see above.</para> + + <xi:include href="version-info.xml" xpointer="v250"/></listitem> + </varlistentry> + + <varlistentry> + <term><varname>LoaderDevicePartUUID</varname></term> + + <listitem><para>Contains the partition UUID of the EFI System Partition the boot loader was run from. Set by + the boot + loader. <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry> + uses this information to automatically find the disk booted from, in order to discover various other partitions + on the same disk automatically.</para> + + <xi:include href="version-info.xml" xpointer="v240"/></listitem> + </varlistentry> + + <varlistentry> + <term><varname>LoaderEntries</varname></term> + + <listitem><para>A list of the identifiers of all discovered boot loader entries. Set by the boot + loader.</para> + + <xi:include href="version-info.xml" xpointer="v240"/></listitem> + </varlistentry> + + <varlistentry> + <term><varname>LoaderEntryDefault</varname></term> + <term><varname>LoaderEntryOneShot</varname></term> + + <listitem><para>The identifier of the default boot loader entry. Set primarily by the OS and read by the boot + loader. <varname>LoaderEntryOneShot</varname> sets the default entry for the next boot only, while + <varname>LoaderEntryDefault</varname> sets it persistently for all future + boots. <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s + <option>set-default</option> and <option>set-oneshot</option> commands make use of these variables. The boot + loader modifies <varname>LoaderEntryDefault</varname> on request, when the <keycap>d</keycap> key is used, see + above.</para> + + <xi:include href="version-info.xml" xpointer="v240"/></listitem> + </varlistentry> + + <varlistentry> + <term><varname>LoaderEntryLastBooted</varname></term> + + <listitem><para>The identifier of the boot loader entry last attempted. Set and read by the boot loader, + only when <filename>/loader/loader.conf</filename> has default set to <literal>@saved</literal>. See + <citerefentry><refentrytitle>loader.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para> + + <para> The boot loader will ensure <varname>LoaderEntryLastBooted</varname> is up-to date for every boot, + updating it as needed and will omit changing it all together when <varname>LoaderEntryOneShot</varname> + is set.</para> + + <para>The boot loader reads the variable, which takes higher priority than + <varname>LoaderEntryDefault</varname>. The variable is ignored when <varname>LoaderEntryOneShot</varname> + is set.</para> + + <para><varname>LoaderEntryLastBooted</varname> cannot be used as indication that the last boot was + successful or not.</para> + + <xi:include href="version-info.xml" xpointer="v250"/></listitem> + </varlistentry> + + <varlistentry> + <term><varname>LoaderEntrySelected</varname></term> + + <listitem><para>The identifier of the boot loader entry currently being booted. Set by the boot + loader.</para> + + <xi:include href="version-info.xml" xpointer="v240"/></listitem> + </varlistentry> + + <varlistentry> + <term><varname>LoaderFeatures</varname></term> + + <listitem><para>A set of flags indicating the features the boot loader supports. Set by the boot loader. Use + <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this + data.</para> + + <xi:include href="version-info.xml" xpointer="v240"/></listitem> + </varlistentry> + + <varlistentry> + <term><varname>LoaderFirmwareInfo</varname></term> + <term><varname>LoaderFirmwareType</varname></term> + + <listitem><para>Brief firmware information. Set by the boot loader. Use + <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this + data.</para> + + <xi:include href="version-info.xml" xpointer="v240"/></listitem> + </varlistentry> + + <varlistentry> + <term><varname>LoaderImageIdentifier</varname></term> + + <listitem><para>The path of executable of the boot loader used for the current boot, relative to the EFI System + Partition's root directory. Set by the boot loader. Use + <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this + data.</para> + + <xi:include href="version-info.xml" xpointer="v240"/></listitem> + </varlistentry> + + <varlistentry> + <term><varname>LoaderInfo</varname></term> + + <listitem><para>Brief information about the boot loader. Set by the boot loader. Use + <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this + data.</para> + + <xi:include href="version-info.xml" xpointer="v240"/></listitem> + </varlistentry> + + <varlistentry> + <term><varname>LoaderTimeExecUSec</varname></term> + <term><varname>LoaderTimeInitUSec</varname></term> + <term><varname>LoaderTimeMenuUsec</varname></term> + + <listitem><para>Information about the time spent in various parts of the boot loader. Set by the boot + loader. Use <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry> + to view this data. </para> + + <xi:include href="version-info.xml" xpointer="v240"/></listitem> + </varlistentry> + + <varlistentry> + <term><varname>LoaderSystemToken</varname></term> + + <listitem><para>A binary random data field, that is used for generating the random seed to pass to + the OS (see above). Note that this random data is generally only generated once, during OS + installation, and is then never updated again.</para> + + <xi:include href="version-info.xml" xpointer="v243"/></listitem> + </varlistentry> + </variablelist> + + <para>Many of these variables are defined by the <ulink + url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>.</para> + </refsect1> + + <refsect1> + <title>Boot Counting</title> + + <para><command>systemd-boot</command> implements a simple boot counting mechanism on top of the <ulink + url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink>, for automatic and unattended + fallback to older kernel versions/boot loader entries when a specific entry continuously fails. Any boot loader + entry file and unified kernel image file that contains a <literal>+</literal> followed by one or two numbers (if + two they need to be separated by a <literal>-</literal>), before the <filename>.conf</filename> or + <filename>.efi</filename> suffix is subject to boot counting: the first of the two numbers ('tries left') is + decreased by one on every boot attempt, the second of the two numbers ('tries done') is increased by one (if 'tries + done' is absent it is considered equivalent to 0). Depending on the current value of these two counters the boot + entry is considered to be in one of three states:</para> + + <orderedlist> + <listitem><para>If the 'tries left' counter of an entry is greater than zero the entry is considered to be in + 'indeterminate' state. This means the entry has not completed booting successfully yet, but also hasn't been + determined not to work.</para></listitem> + + <listitem><para>If the 'tries left' counter of an entry is zero it is considered to be in 'bad' state. This means + no further attempts to boot this item will be made (that is, unless all other boot entries are also in 'bad' + state), as all attempts to boot this entry have not completed successfully.</para></listitem> + + <listitem><para>If the 'tries left' and 'tries done' counters of an entry are absent it is considered to be in + 'good' state. This means further boot counting for the entry is turned off, as it successfully booted at least + once. The + <citerefentry><refentrytitle>systemd-bless-boot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry> + service moves the currently booted entry from 'indeterminate' into 'good' state when a boot attempt completed + successfully.</para></listitem> + </orderedlist> + + <para>Generally, when new entries are added to the boot loader, they first start out in 'indeterminate' state, + i.e. with a 'tries left' counter greater than zero. The boot entry remains in this state until either it managed to + complete a full boot successfully at least once (in which case it will be in 'good' state) — or the 'tries left' + counter reaches zero (in which case it will be in 'bad' state).</para> + + <para>Example: let's say a boot loader entry file <filename>foo.conf</filename> is set up for 3 boot tries. The + installer will hence create it under the name <filename>foo+3.conf</filename>. On first boot, the boot loader will + rename it to <filename>foo+2-1.conf</filename>. If that boot does not complete successfully, the boot loader will + rename it to <filename>foo+1-2.conf</filename> on the following boot. If that fails too, it will finally be renamed + <filename>foo+0-3.conf</filename> by the boot loader on next boot, after which it will be considered 'bad'. If the + boot succeeds however the entry file will be renamed to <filename>foo.conf</filename> by the OS, so that it is + considered 'good' from then on.</para> + + <para>The boot menu takes the 'tries left' counter into account when sorting the menu entries: entries in 'bad' + state are ordered at the beginning of the list, and entries in 'good' or 'indeterminate' at the end. The user can + freely choose to boot any entry of the menu, including those already marked 'bad'. If the menu entry to boot is + automatically determined, this means that 'good' or 'indeterminate' entries are generally preferred (as the bottom + item of the menu is the one booted by default), and 'bad' entries will only be considered if there are no 'good' or + 'indeterminate' entries left.</para> + + <para>The <citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry> kernel + install framework optionally sets the initial 'tries left' counter to the value specified in + <filename>/etc/kernel/tries</filename> when a boot loader entry is first created.</para> + </refsect1> + + <refsect1> + <title>Using <command>systemd-boot</command> in virtual machines</title> + + <para>When using qemu with OVMF (UEFI Firmware for virtual machines) the <option>-kernel</option> switch + works not only for linux kernels, but for any EFI binary, including sd-boot and unified linux + kernels. Example command line for loading <command>systemd-boot</command> on x64:</para> + + <para> + <command>qemu-system-x86_64 <replaceable>[ ... ]</replaceable> + -kernel /usr/lib/systemd/boot/efi/systemd-bootx64.efi</command> + </para> + + <para>systemd-boot will detect that it was started directly instead of being loaded from ESP and will + search for the ESP in that case, taking into account boot order information from the hypervisor (if + available).</para> + </refsect1> + + <refsect1> + <title>See Also</title> + <para> + <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>, + <citerefentry><refentrytitle>loader.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd-bless-boot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd-boot-random-seed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry>, + <citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry>, + <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink>, + <ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>, + <ulink url="https://systemd.io/TPM2_PCR_MEASUREMENTS">TPM2 PCR Measurements Made by systemd</ulink> + </para> + </refsect1> +</refentry> |