summaryrefslogtreecommitdiffstats
path: root/man/bootctl.xml
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--man/bootctl.xml648
1 files changed, 648 insertions, 0 deletions
diff --git a/man/bootctl.xml b/man/bootctl.xml
new file mode 100644
index 0000000..68e4774
--- /dev/null
+++ b/man/bootctl.xml
@@ -0,0 +1,648 @@
+<?xml version='1.0'?> <!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+ "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
+
+<refentry id="bootctl" conditional='ENABLE_BOOTLOADER'
+ xmlns:xi="http://www.w3.org/2001/XInclude">
+ <refentryinfo>
+ <title>bootctl</title>
+ <productname>systemd</productname>
+ </refentryinfo>
+
+ <refmeta>
+ <refentrytitle>bootctl</refentrytitle>
+ <manvolnum>1</manvolnum>
+ </refmeta>
+
+ <refnamediv>
+ <refname>bootctl</refname>
+ <refpurpose>Control EFI firmware boot settings and manage boot loader</refpurpose>
+ </refnamediv>
+
+ <refsynopsisdiv>
+ <cmdsynopsis>
+ <command>bootctl</command>
+ <arg choice="opt" rep="repeat">OPTIONS</arg>
+ <arg choice="req">COMMAND</arg>
+ </cmdsynopsis>
+ </refsynopsisdiv>
+
+ <refsect1>
+ <title>Description</title>
+
+ <para><command>bootctl</command> can check the EFI firmware and boot loader status, list and manage
+ available boot loaders and boot loader entries, and install, update, or remove the
+ <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry> boot
+ loader on the current system.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>Generic EFI Firmware/Boot Loader Commands</title>
+
+ <para>These commands are available on any EFI system, regardless of the boot loader used.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>status</option></term>
+
+ <listitem><para>Shows brief information about the system firmware, the boot loader that was used to
+ boot the system, the boot loaders currently available in the ESP, the boot loaders listed in the
+ firmware's list of boot loaders and the current default boot loader entry. If no command is
+ specified, this is the implied default.</para>
+
+ <para>See the example below for details of the output.</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>reboot-to-firmware</option> <optional><replaceable>BOOL</replaceable></optional></term>
+
+ <listitem><para>Query or set the "Reboot-Into-Firmware-Setup" flag of the EFI firmware. Takes a
+ boolean argument which controls whether to show the firmware setup on next system reboot. If the
+ argument is omitted shows the current status of the flag, or whether the flag is supported. This
+ controls the same flag as <command>systemctl reboot --firmware-setup</command>, but is more low-level
+ and allows setting the flag independently from actually requesting a reboot.</para>
+
+ <para>Hint: use <command>systemctl reboot --firmware-setup</command> to reboot into firmware setup
+ once. See
+ <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ for details.</para>
+
+ <xi:include href="version-info.xml" xpointer="v251"/></listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>Boot Loader Specification Commands</title>
+
+ <para>These commands are available for all boot loaders that
+ implement the <ulink
+ url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot
+ Loader Specification</ulink>, such as
+ <command>systemd-boot</command>.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>list</option></term>
+
+ <listitem><para>Shows all available boot loader entries implementing the <ulink
+ url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink>, as well as any
+ other entries discovered or automatically generated by a boot loader implementing the <ulink
+ url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>.
+ JSON output may be requested with <option>--json=</option>.</para>
+
+ <para>See the example below for details of the output.</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/>
+ </listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>unlink</option> <replaceable>ID</replaceable></term>
+
+ <listitem><para>Removes a boot loader entry including the files it refers to. Takes a single boot
+ loader entry ID string or a glob pattern as argument. Referenced files such as kernel or initrd are
+ only removed if no other entry refers to them.</para>
+
+ <xi:include href="version-info.xml" xpointer="v253"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>cleanup</option></term>
+
+ <listitem><para>Removes files from the ESP and XBOOTLDR partitions that belong to the entry token but
+ are not referenced in any boot loader entries.</para>
+
+ <xi:include href="version-info.xml" xpointer="v253"/></listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>Boot Loader Interface Commands</title>
+
+ <para>These commands are available for all boot loaders that implement the <ulink
+ url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> and the <ulink
+ url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>, such as
+ <command>systemd-boot</command>.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>set-default</option> <replaceable>ID</replaceable></term>
+ <term><option>set-oneshot</option> <replaceable>ID</replaceable></term>
+
+ <listitem><para>Sets the default boot loader entry. Takes a single boot loader entry ID string or a glob
+ pattern as argument. The <option>set-oneshot</option> command will set the default entry only for the next boot,
+ the <option>set-default</option> will set it persistently for all future boots.</para>
+
+ <para><command>bootctl list</command> can be used to list available boot loader entries and their
+ IDs.</para>
+
+ <para>In addition, the boot loader entry ID may be specified as one of: <option>@default</option>,
+ <option>@oneshot</option> or <option>@current</option>, which correspond to the current default boot loader
+ entry for all future boots, the current default boot loader entry for the next boot, and the currently booted
+ boot loader entry. These special IDs are resolved to the current values of the EFI variables
+ <varname>LoaderEntryDefault</varname>, <varname>LoaderEntryOneShot</varname> and <varname>LoaderEntrySelected</varname>,
+ see <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> for details.
+ These special IDs are primarily useful as a quick way to persistently make the currently booted boot loader
+ entry the default choice, or to upgrade the default boot loader entry for the next boot to the default boot
+ loader entry for all future boots, but may be used for other operations too.</para>
+
+ <para>If set to <option>@saved</option> the chosen entry will be saved as an EFI variable
+ on every boot and automatically selected the next time the boot loader starts.</para>
+
+ <para>When an empty string ("") is specified as the ID, then the corresponding EFI variable will be
+ unset.</para>
+
+ <para>Hint: use <command>systemctl reboot --boot-loader-entry=<replaceable>ID</replaceable></command>
+ to reboot into a specific boot entry and
+ <command>systemctl reboot --boot-loader-menu=<replaceable>timeout</replaceable></command>
+ to reboot into the boot loader menu once. See
+ <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+ for details.</para>
+
+ <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>set-timeout</option> <replaceable>TIMEOUT</replaceable></term>
+ <term><option>set-timeout-oneshot</option> <replaceable>TIMEOUT</replaceable></term>
+
+ <listitem><para>Sets the boot loader menu timeout in seconds. The <option>set-timeout-oneshot</option>
+ command will set the timeout only for the next boot. See
+ <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+ for details about the syntax of time spans.</para>
+
+ <para>If this is set to <option>menu-disabled</option> or <option>menu-hidden</option> or
+ <option>0</option>, no menu is shown and the default entry will be booted immediately, while
+ setting this to <option>menu-force</option> disables the timeout while always showing the menu.
+ When an empty string ("") is specified the bootloader will revert to its default menu timeout.</para>
+
+ <xi:include href="version-info.xml" xpointer="v250"/></listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title><command>systemd-boot</command> Commands</title>
+
+ <para>These commands manage the <command>systemd-boot</command> EFI boot loader, and do not work in
+ conjunction with other boot loaders.</para>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>install</option></term>
+
+ <listitem><para>Installs <command>systemd-boot</command> into the EFI system partition. A copy of
+ <command>systemd-boot</command> will be stored as the EFI default/fallback loader at
+ <filename><replaceable>ESP</replaceable>/EFI/BOOT/BOOT*.EFI</filename>. The boot loader is then added
+ to the top of the firmware's boot loader list.</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>update</option></term>
+
+ <listitem><para>Updates all installed versions of
+ <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>, if the
+ available version is newer than the version installed in the EFI system partition. This also includes the EFI
+ default/fallback loader at <filename><replaceable>ESP</replaceable>/EFI/BOOT/BOOT*.EFI</filename>. The boot
+ loader is then added to end of the firmware's boot loader list if missing.</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>remove</option></term>
+
+ <listitem><para>Removes all installed versions of <command>systemd-boot</command> from the EFI system partition
+ and the firmware's boot loader list.</para>
+
+ <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>is-installed</option></term>
+
+ <listitem><para>Checks whether <command>systemd-boot</command> is installed in the ESP. Note that a
+ single ESP might host multiple boot loaders; this hence checks whether
+ <command>systemd-boot</command> is one (of possibly many) installed boot loaders — and neither
+ whether it is the default nor whether it is registered in any EFI variables.</para>
+
+ <xi:include href="version-info.xml" xpointer="v243"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>random-seed</option></term>
+
+ <listitem><para>Generates a random seed and stores it in the EFI System Partition (ESP), for use by
+ the <command>systemd-boot</command> boot loader. If a random seed already exists in the ESP it is
+ refreshed. Also generates a random 'system token' and stores it persistently as an EFI variable, if
+ one has not been set before. If the boot loader finds the random seed in the ESP and the system token
+ in the EFI variable it will derive a random seed to pass to the OS and a new seed to store in the ESP
+ from the combination of both. The random seed passed to the OS is credited to the kernel's entropy
+ pool by the system manager during early boot, and permits userspace to boot up with an entropy pool
+ fully initialized very early on. Also see
+ <citerefentry><refentrytitle>systemd-boot-random-seed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+
+ <para>See <ulink url="https://systemd.io/RANDOM_SEEDS">Random Seeds</ulink> for further
+ information.</para>
+
+ <xi:include href="version-info.xml" xpointer="v243"/></listitem>
+ </varlistentry>
+
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>Kernel Image Commands</title>
+
+ <variablelist>
+ <varlistentry>
+ <term><option>kernel-identify</option> <replaceable>kernel</replaceable></term>
+
+ <listitem><para>Takes a kernel image as argument. Checks what kind of kernel the image is. Returns
+ one of <literal>uki</literal>, <literal>pe</literal>, and <literal>unknown</literal>.
+ </para>
+
+ <xi:include href="version-info.xml" xpointer="v253"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>kernel-inspect</option> <replaceable>kernel</replaceable></term>
+
+ <listitem><para>Takes a kernel image as argument. Prints details about the image.</para>
+
+ <xi:include href="version-info.xml" xpointer="v253"/></listitem>
+ </varlistentry>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>Options</title>
+ <para>The following options are understood:</para>
+
+ <variablelist>
+ <xi:include href="standard-options.xml" xpointer="esp-path"/>
+ <xi:include href="standard-options.xml" xpointer="boot-path"/>
+
+ <varlistentry>
+ <term><option>--root=<replaceable>root</replaceable></option></term>
+ <listitem><para>Takes a directory path as an argument. All
+ paths will be prefixed with the given alternate
+ <replaceable>root</replaceable> path, including config search
+ paths. </para>
+
+ <xi:include href="version-info.xml" xpointer="v252"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--image=<replaceable>image</replaceable></option></term>
+
+ <listitem><para>Takes a path to a disk image file or block device node. If specified, all operations
+ are applied to file system in the indicated disk image. This option is similar to
+ <option>--root=</option>, but operates on file systems stored in disk images or block devices. The
+ disk image should either contain just a file system or a set of file systems within a GPT partition
+ table, following the <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
+ Specification</ulink>. For further information on supported disk images, see
+ <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
+ switch of the same name.</para>
+
+ <xi:include href="version-info.xml" xpointer="v252"/></listitem>
+ </varlistentry>
+
+ <xi:include href="standard-options.xml" xpointer="image-policy-open" />
+
+ <varlistentry>
+ <term><option>--install-source=</option></term>
+ <listitem><para>When installing binaries with <option>--root=</option> or
+ <option>--image=</option>, selects where to source them from. Takes one of <literal>auto</literal>
+ (the default), <literal>image</literal> or <literal>host</literal>. With <literal>auto</literal>
+ binaries will be picked from the specified directory or image, and if not found they will be picked
+ from the host. With <literal>image</literal> or <literal>host</literal> no fallback search will be
+ performed if the binaries are not found in the selected source.</para>
+
+ <xi:include href="version-info.xml" xpointer="v252"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-p</option></term>
+ <term><option>--print-esp-path</option></term>
+ <listitem><para>This option modifies the behaviour of <command>status</command>. Only prints the path
+ to the EFI System Partition (ESP) to standard output and exits.</para>
+
+ <xi:include href="version-info.xml" xpointer="v236"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-x</option></term>
+ <term><option>--print-boot-path</option></term>
+ <listitem><para>This option modifies the behaviour of <command>status</command>. Only prints the path
+ to the Extended Boot Loader partition if it exists, and the path to the ESP otherwise to standard
+ output and exit. This command is useful to determine where to place boot loader entries, as they are
+ preferably placed in the Extended Boot Loader partition if it exists and in the ESP otherwise.</para>
+
+ <para>Boot Loader Specification Type #1 entries should generally be placed in the directory
+ <literal>$(bootctl -x)/loader/entries/</literal>. Existence of that directory may also be used as
+ indication that boot loader entry support is available on the system. Similarly, Boot Loader
+ Specification Type #2 entries should be placed in the directory <literal>$(bootctl
+ -x)/EFI/Linux/</literal>.</para>
+
+ <para>Note that this option (similarly to the <option>--print-boot-path</option> option mentioned
+ above), is available independently from the boot loader used, i.e. also without
+ <command>systemd-boot</command> being installed.</para>
+
+ <xi:include href="version-info.xml" xpointer="v242"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-R</option></term>
+ <term><option>--print-root-device</option></term>
+
+ <listitem><para>Print the path to the block device node backing the root file system of the local
+ OS. This prints a path such as <filename>/dev/nvme0n1p5</filename>. If the root file system is backed
+ by dm-crypt/LUKS or dm-verity the underlying block device is returned. If the root file system is
+ backed by multiple block devices (as supported by btrfs) the operation will fail. If the switch is
+ specified twice (i.e. <option>-RR</option>) and the discovered block device is a partition device the
+ "whole" block device it belongs to is determined and printed
+ (e.g. <filename>/dev/nvme0n1</filename>). If the root file system is <literal>tmpfs</literal> (or a
+ similar in-memory file system), the block device backing <filename>/usr/</filename> is returned if
+ applicable. If the root file system is a network file system (e.g. NFS, CIFS) the operation will
+ fail.</para>
+
+ <xi:include href="version-info.xml" xpointer="v254"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--no-variables</option></term>
+ <listitem><para>Do not touch the firmware's boot loader list stored in EFI variables.</para>
+
+ <xi:include href="version-info.xml" xpointer="v220"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--graceful</option></term>
+ <listitem><para>Ignore failure when the EFI System Partition cannot be found, when EFI variables
+ cannot be written, or a different or newer boot loader is already installed. Currently only applies
+ to <command>is-installed</command>, <command>update</command>, and <command>random-seed</command>
+ verbs.</para>
+
+ <xi:include href="version-info.xml" xpointer="v244"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>-q</option></term>
+ <term><option>--quiet</option></term>
+
+ <listitem><para>Suppress printing of the results of various commands and also the hints about ESP
+ being unavailable.</para>
+
+ <xi:include href="version-info.xml" xpointer="v251"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--make-entry-directory=yes|no</option></term>
+ <listitem><para>Controls creation and deletion of the <ulink
+ url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> Type #1 entry
+ directory on the file system containing resources such as kernel and initrd images during
+ <option>install</option> and <option>remove</option>, respectively. The directory is named after the
+ entry token, as specified with <option>--entry-token=</option> parameter described below, and is
+ placed immediately below the <varname>$BOOT</varname> root directory (i.e. beneath the file system
+ returned by the <option>--print-boot-path</option> option, see above). Defaults to
+ <literal>no</literal>.</para>
+
+ <xi:include href="version-info.xml" xpointer="v251"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--entry-token=</option></term>
+
+ <listitem><para>Controls how to name and identify boot loader entries for this OS
+ installation. Accepted during <option>install</option>, and takes one of <literal>auto</literal>,
+ <literal>machine-id</literal>, <literal>os-id</literal>, <literal>os-image-id</literal> or an
+ arbitrary string prefixed by <literal>literal:</literal> as argument.</para>
+
+ <para>If set to <option>machine-id</option> the entries are named after the machine ID of the running
+ system (e.g. <literal>b0e793a9baf14b5fa13ecbe84ff637ac</literal>). See
+ <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
+ details about the machine ID concept and file.</para>
+
+ <para>If set to <option>os-id</option> the entries are named after the OS ID of the running system,
+ i.e. the <varname>ID=</varname> field of
+ <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> (e.g.
+ <literal>fedora</literal>). Similarly, if set to <option>os-image-id</option> the entries are named
+ after the OS image ID of the running system, i.e. the <varname>IMAGE_ID=</varname> field of
+ <filename>os-release</filename> (e.g. <literal>vendorx-cashier-system</literal>).</para>
+
+ <para>If set to <option>auto</option> (the default), the <filename>/etc/kernel/entry-token</filename>
+ file will be read if it exists, and the stored value used. Otherwise if the local machine ID is
+ initialized it is used. Otherwise <varname>IMAGE_ID=</varname> from <filename>os-release</filename>
+ will be used, if set. Otherwise, <varname>ID=</varname> from <filename>os-release</filename> will be
+ used, if set.</para>
+
+ <para>Unless set to <literal>machine-id</literal>, or when
+ <option>--make-entry-directory=yes</option> is used the selected token string is written to a file
+ <filename>/etc/kernel/entry-token</filename>, to ensure it will be used for future entries. This file
+ is also read by
+ <citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+ in order to identify under which name to generate boot loader entries for newly installed kernels, or
+ to determine the entry names for removing old ones.</para>
+
+ <para>Using the machine ID for naming the entries is generally preferable, however there are cases
+ where using the other identifiers is a good option. Specifically: if the identification data that the
+ machine ID entails shall not be stored on the (unencrypted) <varname>$BOOT</varname> partition, or if
+ the ID shall be generated on first boot and is not known when the entries are prepared. Note that
+ using the machine ID has the benefit that multiple parallel installations of the same OS can coexist
+ on the same medium, and they can update their boot loader entries independently. When using another
+ identifier (such as the OS ID or the OS image ID), parallel installations of the same OS would try to
+ use the same entry name. To support parallel installations, the installer must use a different entry
+ token when adding a second installation.</para>
+
+ <xi:include href="version-info.xml" xpointer="v251"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--all-architectures</option></term>
+ <listitem><para>Install binaries for all supported EFI architectures (this implies <option>--no-variables</option>).</para>
+
+ <xi:include href="version-info.xml" xpointer="v252"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--efi-boot-option-description=</option></term>
+ <listitem><para>Description of the entry added to the firmware's boot option list. Defaults to <literal>Linux
+ Boot Manager</literal>.</para>
+
+ <para>Using the default entry name <literal>Linux Boot Manager</literal> is generally preferable as only
+ one bootloader installed to a single ESP partition should be used to boot any number of OS installations
+ found on the various disks installed in the system. Specifically distributions should not use this flag
+ to install a branded entry in the boot option list. However in situations with multiple disks, each with
+ their own ESP partition, it can be beneficial to make it easier to identify the bootloader being used in
+ the firmware's boot option menu.</para>
+
+ <xi:include href="version-info.xml" xpointer="v252"/></listitem>
+ </varlistentry>
+
+ <varlistentry>
+ <term><option>--dry-run</option></term>
+ <listitem><para>Dry run for <option>unlink</option> and <option>cleanup</option>.</para>
+
+ <para>In dry run mode, the unlink and cleanup operations only print the files that would get deleted
+ without actually deleting them.</para>
+
+ <xi:include href="version-info.xml" xpointer="v253"/></listitem>
+ </varlistentry>
+
+ <xi:include href="standard-options.xml" xpointer="no-pager"/>
+ <xi:include href="standard-options.xml" xpointer="json" />
+ <xi:include href="standard-options.xml" xpointer="help"/>
+ <xi:include href="standard-options.xml" xpointer="version"/>
+ </variablelist>
+ </refsect1>
+
+ <refsect1>
+ <title>Signed .efi files</title>
+ <para><command>bootctl</command> <option>install</option> and <option>update</option> will look for a
+ <command>systemd-boot</command> file ending with the <literal>.efi.signed</literal> suffix first, and copy
+ that instead of the normal <literal>.efi</literal> file. This allows distributions or end-users to provide
+ signed images for UEFI SecureBoot.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>Exit status</title>
+ <para>On success, 0 is returned, a non-zero failure code otherwise. <command>bootctl
+ --print-root-device</command> returns exit status 80 in case the root file system is not backed by single
+ block device, and other non-zero exit statuses on other errors.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>Environment</title>
+ <para>If <varname>$SYSTEMD_RELAX_ESP_CHECKS=1</varname> is set the validation checks for the ESP are
+ relaxed, and the path specified with <option>--esp-path=</option> may refer to any kind of file system on
+ any kind of partition.</para>
+
+ <para>Similarly, <varname>$SYSTEMD_RELAX_XBOOTLDR_CHECKS=1</varname> turns off some validation checks for
+ the Extended Boot Loader partition.</para>
+ </refsect1>
+
+ <refsect1>
+ <title>Examples</title>
+
+ <example>
+ <title>Output from <command>status</command> and <command>list</command></title>
+
+ <programlisting>$ <command>bootctl status</command>
+System:
+ Firmware: UEFI 2.40 (<replaceable>firmware-version</replaceable>) ← firmware vendor and version
+ Secure Boot: disabled (setup) ← Secure Boot status
+ TPM2 Support: yes
+ Boot into FW: supported ← does the firmware support booting into itself
+
+Current Boot Loader: ← details about sd-boot or another boot loader
+ Product: systemd-boot <replaceable>version</replaceable> implementing the <ulink
+ url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>
+ Features: ✓ Boot counting
+ ✓ Menu timeout control
+ ✓ One-shot menu timeout control
+ ✓ Default entry control
+ ✓ One-shot entry control
+ ✓ Support for XBOOTLDR partition
+ ✓ Support for passing random seed to OS
+ ✓ Load drop-in drivers
+ ✓ Boot loader sets ESP information
+ ✓ Menu can be disabled
+ ESP: /dev/disk/by-partuuid/01234567-89ab-cdef-dead-beef00000000
+ File: └─/EFI/systemd/systemd-bootx64.efi
+
+Random Seed: ← random seed used for entropy in early boot
+ Passed to OS: yes
+ System Token: set
+ Exists: yes
+
+Available Boot Loaders on ESP:
+ ESP: /boot/efi (/dev/disk/by-partuuid/01234567-89ab-cdef-dead-beef00000000)
+ File: └─/EFI/systemd/systemd-bootx64.efi (systemd-boot 251
+ File: └─/EFI/BOOT/BOOTX64.EFI (systemd-boot 251
+
+Boot Loaders Listed in EFI Variables:
+ Title: Linux Boot Manager
+ ID: 0x0001
+ Status: active, boot-order
+ Partition: /dev/disk/by-partuuid/…
+ File: └─/EFI/systemd/systemd-bootx64.efi
+
+ Title: Fedora
+ ID: 0x0000
+ Status: active, boot-order
+ Partition: /dev/disk/by-partuuid/…
+ File: └─/EFI/fedora/shimx64.efi
+
+ Title: Linux-Firmware-Updater
+ ID: 0x0002
+ Status: active, boot-order
+ Partition: /dev/disk/by-partuuid/…
+ File: └─/EFI/fedora/fwupdx64.efi
+
+Boot Loader Entries:
+ $BOOT: /boot/efi (/dev/disk/by-partuuid/01234567-89ab-cdef-dead-beef00000000)
+
+Default Boot Loader Entry:
+ type: Boot Loader Specification Type #1 (.conf)
+ title: Fedora Linux 36 (Workstation Edition)
+ id: …
+ source: /boot/efi/loader/entries/<replaceable>entry-token</replaceable>-<replaceable>kernel-version</replaceable>.conf
+ version: <replaceable>kernel-version</replaceable>
+ machine-id: …
+ linux: /<replaceable>entry-token</replaceable>/<replaceable>kernel-version</replaceable>/linux
+ initrd: /<replaceable>entry-token</replaceable>/<replaceable>kernel-version</replaceable>/initrd
+ options: root=…
+</programlisting>
+
+ <programlisting>$ <command>bootctl list</command>
+Boot Loader Entries:
+ type: Boot Loader Specification Type #1 (.conf)
+ title: Fedora Linux 36 (Workstation Edition) (default) (selected)
+ id: …
+ source: /boot/efi/loader/entries/<replaceable>entry-token</replaceable>-<replaceable>kernel-version</replaceable>.conf
+ version: <replaceable>kernel-version</replaceable>
+ machine-id: …
+ linux: /<replaceable>entry-token</replaceable>/<replaceable>kernel-version</replaceable>/linux
+ initrd: /<replaceable>entry-token</replaceable>/<replaceable>kernel-version</replaceable>/initrd
+ options: root=…
+
+ type: Boot Loader Specification Type #2 (.efi)
+ title: Fedora Linux 35 (Workstation Edition)
+ id: …
+ source: /boot/efi/EFI/Linux/fedora-<replaceable>kernel-version</replaceable>.efi
+ version: <replaceable>kernel-version</replaceable>
+ machine-id: …
+ linux: /EFI/Linux/fedora-<replaceable>kernel-version</replaceable>.efi
+ options: root=…
+
+ type: Automatic
+ title: Reboot Into Firmware Interface
+ id: auto-reboot-to-firmware-setup
+ source: /sys/firmware/efi/efivars/LoaderEntries-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
+</programlisting>
+
+ <para>In the listing, <literal>(default)</literal> specifies the entry that will be
+ used by default, and <literal>(selected)</literal> specifies the entry that was
+ selected the last time (i.e. is currently running).</para>
+ </example>
+ </refsect1>
+
+ <refsect1>
+ <title>See Also</title>
+ <para>
+ <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+ <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink>,
+ <ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>,
+ <citerefentry><refentrytitle>systemd-boot-random-seed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+ </para>
+ </refsect1>
+</refentry>