From 55944e5e40b1be2afc4855d8d2baf4b73d1876b5 Mon Sep 17 00:00:00 2001
From: Daniel Baumann <daniel.baumann@progress-linux.org>
Date: Wed, 10 Apr 2024 22:49:52 +0200
Subject: Adding upstream version 255.4.

Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
---
 man/systemd-boot.xml | 650 +++++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 650 insertions(+)
 create mode 100644 man/systemd-boot.xml

(limited to 'man/systemd-boot.xml')

diff --git a/man/systemd-boot.xml b/man/systemd-boot.xml
new file mode 100644
index 0000000..2b0ea9b
--- /dev/null
+++ b/man/systemd-boot.xml
@@ -0,0 +1,650 @@
+<?xml version='1.0'?> <!--*-nxml-*-->
+<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
+  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
+<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
+
+<refentry id="systemd-boot" conditional='ENABLE_BOOTLOADER'
+    xmlns:xi="http://www.w3.org/2001/XInclude">
+  <refentryinfo>
+    <title>systemd-boot</title>
+    <productname>systemd</productname>
+  </refentryinfo>
+
+  <refmeta>
+    <refentrytitle>systemd-boot</refentrytitle>
+    <manvolnum>7</manvolnum>
+  </refmeta>
+
+  <refnamediv>
+    <refname>systemd-boot</refname>
+    <refname>sd-boot</refname>
+    <refpurpose>A simple UEFI boot manager</refpurpose>
+  </refnamediv>
+
+  <refsect1>
+    <title>Description</title>
+
+    <para><command>systemd-boot</command> (short: <command>sd-boot</command>) is a simple UEFI boot
+    manager. It provides a textual menu to select the entry to boot and an editor for the kernel command
+    line. <command>systemd-boot</command> supports systems with UEFI firmware only.</para>
+
+    <para><command>systemd-boot</command> loads boot entry information from the EFI system partition (ESP),
+    usually mounted at <filename>/efi/</filename>, <filename>/boot/</filename>, or
+    <filename>/boot/efi/</filename> during OS runtime, as well as from the Extended Boot Loader partition
+    (XBOOTLDR) if it exists (usually mounted to <filename>/boot/</filename>). Configuration file fragments,
+    kernels, initrds and other EFI images to boot generally need to reside on the ESP or the Extended Boot
+    Loader partition. Linux kernels must be built with <option>CONFIG_EFI_STUB</option> to be able to be
+    directly executed as an EFI image. During boot <command>systemd-boot</command> automatically assembles a
+    list of boot entries from the following sources:</para>
+
+    <itemizedlist>
+      <listitem><para>Boot entries defined with <ulink
+      url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> Type #1
+      description files located in <filename>/loader/entries/</filename> on the ESP and the Extended Boot
+      Loader Partition. These usually describe Linux kernel images with associated initrd images, but
+      alternatively may also describe other arbitrary EFI executables.</para></listitem>
+
+      <listitem><para>Unified kernel images, <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot
+      Loader Specification</ulink> Type #2, which are executable EFI binaries in
+      <filename>/EFI/Linux/</filename> on the ESP and the Extended Boot Loader Partition.</para></listitem>
+
+      <listitem><para>The Microsoft Windows EFI boot manager, if installed.</para></listitem>
+
+      <listitem><para>The Apple macOS boot manager, if installed.</para></listitem>
+
+      <listitem><para>The EFI Shell binary, if installed.</para></listitem>
+
+      <listitem><para>A <literal>Reboot Into Firmware Interface option</literal>, if supported by the UEFI
+      firmware.</para></listitem>
+
+      <listitem><para>Secure Boot variables enrollment if the UEFI firmware is in setup-mode and files are provided
+      on the ESP.</para></listitem>
+    </itemizedlist>
+
+    <para><command>systemd-boot</command> supports the following features:</para>
+
+    <itemizedlist>
+      <listitem><para>Basic boot manager configuration changes (such as timeout
+      configuration, default boot entry selection, …) may be made directly from the boot loader UI at
+      boot-time, as well as during system runtime with EFI variables.</para></listitem>
+
+      <listitem><para>The boot manager integrates with the <command>systemctl</command> command to implement
+      features such as <command>systemctl reboot --boot-loader-entry=…</command> (for rebooting into a
+      specific boot menu entry, i.e. "reboot into Windows") and <command>systemctl reboot
+      --boot-loader-menu=…</command> (for rebooting into the boot loader menu), by implementing the <ulink
+      url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>. See
+      <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
+      details.</para></listitem>
+
+      <listitem><para>An EFI variable set by the boot loader informs the OS about the EFI System Partition used
+      during boot. This is then used to automatically mount the correct EFI System Partition to
+      <filename>/efi/</filename> or <filename>/boot/</filename> during OS runtime. See
+      <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+      for details.</para></listitem>
+
+      <listitem><para>The boot manager provides information about the boot time spent in UEFI firmware using
+      the <ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>. This
+      information can be displayed using
+      <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
+      </para></listitem>
+
+      <listitem><para>The boot manager implements boot counting and automatic fallback to older, working boot
+      entries on failure. See <ulink url="https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT">Automatic Boot
+      Assessment</ulink>.</para></listitem>
+
+      <listitem><para>The boot manager optionally reads a random seed from the ESP partition, combines it
+      with a 'system token' stored in a persistent EFI variable and derives a random seed to use by the OS as
+      entropy pool initialization, providing a full entropy pool during early boot.</para></listitem>
+
+      <listitem><para>The boot manager allows for Secure Boot variables to be enrolled if the UEFI firmware is
+      in setup-mode. Additionally, variables can be automatically enrolled if configured.</para></listitem>
+    </itemizedlist>
+
+    <para><citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+    may be used from a running system to locate the ESP and the Extended Boot Loader Partition, list
+    available entries, and install <command>systemd-boot</command> itself.</para>
+
+    <para><citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+    may be used to copy kernel images onto the ESP or the Extended Boot Loader Partition and to generate
+    description files compliant with the Boot Loader
+    Specification.</para>
+
+    <para><citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry>
+    may be used as UEFI boot stub for executed kernels, which is useful to show graphical boot splashes
+    before transitioning into the Linux world. It is also capable of automatically picking up auxiliary
+    credential files (for boot parameterization) and system extension images, as companion files to the
+    booted kernel images.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>Key bindings</title>
+    <para>The following keys may be used in the boot menu:</para>
+
+    <!-- Developer commands Q/v/Ctrl+l deliberately not advertised. -->
+
+    <variablelist>
+      <varlistentry>
+        <term><keycap>↑</keycap> (Up)</term>
+        <term><keycap>↓</keycap> (Down)</term>
+        <term><keycap>j</keycap></term>
+        <term><keycap>k</keycap></term>
+        <term><keycap>PageUp</keycap></term>
+        <term><keycap>PageDown</keycap></term>
+        <term><keycap>Home</keycap></term>
+        <term><keycap>End</keycap></term>
+        <listitem><para>Navigate up/down in the entry list</para>
+
+        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycap>↵</keycap> (Enter)</term>
+        <term><keycap>→</keycap> (Right)</term>
+        <listitem><para>Boot selected entry</para>
+
+        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycap>d</keycap></term>
+        <listitem><para>Make selected entry the default</para>
+
+        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycap>e</keycap></term>
+        <listitem><para>Edit the kernel command line for selected entry</para>
+
+        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycap>+</keycap></term>
+        <term><keycap>t</keycap></term>
+        <listitem><para>Increase the timeout before default entry is booted</para>
+
+        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycap>-</keycap></term>
+        <term><keycap>T</keycap></term>
+        <listitem><para>Decrease the timeout</para>
+
+        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycap>r</keycap></term>
+        <listitem><para>Change screen resolution, skipping any unsupported modes.</para>
+
+        <xi:include href="version-info.xml" xpointer="v250"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycap>R</keycap></term>
+        <listitem><para>Reset screen resolution to firmware or configuration file default.</para>
+
+        <xi:include href="version-info.xml" xpointer="v250"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycap>p</keycap></term>
+        <listitem><para>Print status</para>
+
+        <xi:include href="version-info.xml" xpointer="v250"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycap>h</keycap></term>
+        <term><keycap>?</keycap></term>
+        <term><keycap>F1</keycap></term>
+        <listitem><para>Show a help screen</para>
+
+        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycap>f</keycap></term>
+        <listitem><para>Reboot into firmware interface.</para>
+
+        <para>For compatibility with the keybindings of several firmware implementations this operation
+        may also be reached with <keycap>F2</keycap>, <keycap>F10</keycap>, <keycap>Del</keycap> and
+        <keycap>Esc</keycap>.</para>
+
+        <xi:include href="version-info.xml" xpointer="v250"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycombo><keycap>Shift</keycap><keycap>o</keycap></keycombo></term>
+        <listitem><para>Power off the system.</para>
+
+        <xi:include href="version-info.xml" xpointer="v255"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycombo><keycap>Shift</keycap><keycap>b</keycap></keycombo></term>
+        <listitem><para>Reboot the system.</para>
+
+        <xi:include href="version-info.xml" xpointer="v255"/></listitem>
+      </varlistentry>
+    </variablelist>
+
+    <para>The following keys may be pressed during bootup or in the boot menu to directly boot a specific
+    entry:</para>
+
+    <variablelist>
+      <varlistentry>
+        <term><keycap>l</keycap></term>
+        <listitem><para>Linux</para>
+
+        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycap>w</keycap></term>
+        <listitem><para>Windows</para>
+
+        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycap>a</keycap></term>
+        <listitem><para>macOS</para>
+
+        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycap>s</keycap></term>
+        <listitem><para>EFI shell</para>
+
+        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycap>1</keycap></term>
+        <term><keycap>2</keycap></term>
+        <term><keycap>3</keycap></term>
+        <term><keycap>4</keycap></term>
+        <term><keycap>5</keycap></term>
+        <term><keycap>6</keycap></term>
+        <term><keycap>7</keycap></term>
+        <term><keycap>8</keycap></term>
+        <term><keycap>9</keycap></term>
+        <listitem><para>Boot entry number 1 … 9</para>
+
+        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+      </varlistentry>
+    </variablelist>
+
+    <para>The boot menu is shown when a non-zero menu timeout has been configured. If the menu timeout has
+    been set to zero, it is sufficient to press any key — before the boot loader initializes — to bring up
+    the boot menu, except for the keys listed immediately above as they directly boot into the selected boot
+    menu item. Note that depending on the firmware implementation the time window where key presses are
+    accepted before the boot loader initializes might be short. If the window is missed, reboot and try
+    again, possibly pressing a suitable key (e.g. the space bar) continuously; on most systems it should be
+    possible to hit the time window after a few attempts. To avoid this problem, consider setting a non-zero
+    timeout, thus showing the boot menu unconditionally. Some desktop environments might offer an option to
+    directly boot into the boot menu, to avoid the problem altogether. Alternatively, use the command line
+    <command>systemctl reboot --boot-loader-menu=0</command> from the shell.</para>
+
+    <para>In the editor, most keys simply insert themselves, but the following keys
+    may be used to perform additional actions:</para>
+
+    <variablelist>
+      <varlistentry>
+        <term><keycap>←</keycap> (Left)</term>
+        <term><keycap>→</keycap> (Right)</term>
+        <term><keycap>Home</keycap></term>
+        <term><keycap>End</keycap></term>
+        <listitem><para>Navigate left/right</para>
+
+        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycap>Esc</keycap></term>
+        <term><keycombo><keycap>Ctrl</keycap><keycap>c</keycap></keycombo></term>
+        <listitem><para>Abort the edit and quit the editor</para>
+
+        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycombo><keycap>Ctrl</keycap><keycap>k</keycap></keycombo></term>
+        <listitem><para>Clear the command line forwards</para>
+
+        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycombo><keycap>Ctrl</keycap><keycap>w</keycap></keycombo></term>
+        <term><keycombo><keycap>Alt</keycap><keycap>Backspace</keycap></keycombo></term>
+        <listitem><para>Delete word backwards</para>
+
+        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycombo><keycap>Ctrl</keycap><keycap>Del</keycap></keycombo></term>
+        <term><keycombo><keycap>Alt</keycap><keycap>d</keycap></keycombo></term>
+        <listitem><para>Delete word forwards</para>
+
+        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><keycap>↵</keycap> (Enter)</term>
+        <listitem><para>Boot entry with the edited command line</para>
+
+        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
+      </varlistentry>
+    </variablelist>
+
+    <para>Note that unless configured otherwise in the UEFI firmware, systemd-boot will
+    use the US keyboard layout, so key labels might not match for keys like +/-.
+    </para>
+  </refsect1>
+
+  <refsect1>
+    <title>Files</title>
+
+    <para>The files <command>systemd-boot</command> processes generally reside on the UEFI ESP which is
+    usually mounted to <filename>/efi/</filename>, <filename>/boot/</filename> or
+    <filename>/boot/efi/</filename> during OS runtime. It also processes files on the Extended Boot Loader
+    partition which is typically mounted to <filename>/boot/</filename>, if it
+    exists.</para>
+
+    <para><command>systemd-boot</command> reads runtime configuration such as the boot timeout and default
+    entry from <filename>/loader/loader.conf</filename> on the ESP (in combination with data read from EFI
+    variables). See
+    <citerefentry><refentrytitle>loader.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+
+    <para>Boot entry description files following the <ulink
+    url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> are read from
+    <filename>/loader/entries/</filename> on the ESP and the Extended Boot Loader partition.</para>
+
+    <para>Unified kernel boot entries following the <ulink
+    url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> are read from
+    <filename>/EFI/Linux/</filename> on the ESP and the Extended Boot Loader partition.</para>
+
+    <para>Optionally, a random seed for early boot entropy pool provisioning is stored in
+    <filename>/loader/random-seed</filename> in the ESP.</para>
+
+    <para>During initialization, <command>sd-boot</command> automatically loads all driver files placed in
+    the <filename>/EFI/systemd/drivers/</filename> directory of the ESP. The files placed there must have an
+    extension of the EFI architecture ID followed by <filename>.efi</filename> (e.g. for x86-64 this means a
+    suffix of <filename>x64.efi</filename>). This may be used to automatically load file system drivers and
+    similar, to extend the native firmware support.</para>
+
+    <para>Enrollment of Secure Boot variables can be performed manually or automatically if files are available
+    under <filename>/loader/keys/<replaceable>NAME</replaceable>/{db,KEK,PK}.auth</filename>, <replaceable>NAME</replaceable>
+    being the display name for the set of variables in the menu. If one of the sets is named <filename>auto</filename>
+    then it might be enrolled automatically depending on whether <literal>secure-boot-enroll</literal> is set
+    to force or not.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>EFI Variables</title>
+
+    <para>The following EFI variables are defined, set and read by <command>systemd-boot</command>, under the
+    vendor UUID <literal>4a67b082-0a4c-41cf-b6c7-440b29bb8c4f</literal>, for communication between the boot
+    loader and the OS:</para>
+
+    <variablelist class='efi-variables'>
+      <varlistentry>
+        <term><varname>LoaderBootCountPath</varname></term>
+        <listitem><para>If boot counting is enabled, contains the path to the file in whose name the boot counters are
+        encoded. Set by the boot
+        loader. <citerefentry><refentrytitle>systemd-bless-boot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+        uses this information to mark a boot as successful as determined by the successful activation of the
+        <filename>boot-complete.target</filename> target unit.</para>
+
+        <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>LoaderConfigTimeout</varname></term>
+        <term><varname>LoaderConfigTimeoutOneShot</varname></term>
+        <listitem><para>The menu timeout in seconds. Read by the boot loader. <varname>LoaderConfigTimeout</varname>
+        is maintained persistently, while <varname>LoaderConfigTimeoutOneShot</varname> is a one-time override which is
+        read once (in which case it takes precedence over <varname>LoaderConfigTimeout</varname>) and then
+        removed. <varname>LoaderConfigTimeout</varname> may be manipulated with the
+        <keycap>t</keycap>/<keycap>T</keycap> keys, see above.</para>
+
+        <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>LoaderConfigConsoleMode</varname></term>
+        <listitem><para>The numerical menu console mode. Read by the boot loader. <varname>LoaderConfigConsoleMode</varname>
+        is maintained persistently. <varname>LoaderConfigConsoleMode</varname> may be manipulated with the
+        <keycap>r</keycap>/<keycap>R</keycap> keys, see above.</para>
+
+        <xi:include href="version-info.xml" xpointer="v250"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>LoaderDevicePartUUID</varname></term>
+
+        <listitem><para>Contains the partition UUID of the EFI System Partition the boot loader was run from. Set by
+        the boot
+        loader. <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+        uses this information to automatically find the disk booted from, in order to discover various other partitions
+        on the same disk automatically.</para>
+
+        <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>LoaderEntries</varname></term>
+
+        <listitem><para>A list of the identifiers of all discovered boot loader entries. Set by the boot
+        loader.</para>
+
+        <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>LoaderEntryDefault</varname></term>
+        <term><varname>LoaderEntryOneShot</varname></term>
+
+        <listitem><para>The identifier of the default boot loader entry. Set primarily by the OS and read by the boot
+        loader. <varname>LoaderEntryOneShot</varname> sets the default entry for the next boot only, while
+        <varname>LoaderEntryDefault</varname> sets it persistently for all future
+        boots. <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
+        <option>set-default</option> and <option>set-oneshot</option> commands make use of these variables. The boot
+        loader modifies <varname>LoaderEntryDefault</varname> on request, when the <keycap>d</keycap> key is used, see
+        above.</para>
+
+        <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>LoaderEntryLastBooted</varname></term>
+
+        <listitem><para>The identifier of the boot loader entry last attempted. Set and read by the boot loader,
+        only when <filename>/loader/loader.conf</filename> has default set to <literal>@saved</literal>. See
+        <citerefentry><refentrytitle>loader.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
+
+        <para> The boot loader will ensure <varname>LoaderEntryLastBooted</varname> is up-to date for every boot,
+        updating it as needed and will omit changing it all together when <varname>LoaderEntryOneShot</varname>
+        is set.</para>
+
+        <para>The boot loader reads the variable, which takes higher priority than
+        <varname>LoaderEntryDefault</varname>. The variable is ignored when <varname>LoaderEntryOneShot</varname>
+        is set.</para>
+
+        <para><varname>LoaderEntryLastBooted</varname> cannot be used as indication that the last boot was
+        successful or not.</para>
+
+        <xi:include href="version-info.xml" xpointer="v250"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>LoaderEntrySelected</varname></term>
+
+        <listitem><para>The identifier of the boot loader entry currently being booted. Set by the boot
+        loader.</para>
+
+        <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>LoaderFeatures</varname></term>
+
+        <listitem><para>A set of flags indicating the features the boot loader supports. Set by the boot loader. Use
+        <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this
+        data.</para>
+
+        <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>LoaderFirmwareInfo</varname></term>
+        <term><varname>LoaderFirmwareType</varname></term>
+
+        <listitem><para>Brief firmware information. Set by the boot loader. Use
+        <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this
+        data.</para>
+
+        <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>LoaderImageIdentifier</varname></term>
+
+        <listitem><para>The path of executable of the boot loader used for the current boot, relative to the EFI System
+        Partition's root directory. Set by the boot loader. Use
+        <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this
+        data.</para>
+
+        <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>LoaderInfo</varname></term>
+
+        <listitem><para>Brief information about the boot loader. Set by the boot loader. Use
+        <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this
+        data.</para>
+
+        <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>LoaderTimeExecUSec</varname></term>
+        <term><varname>LoaderTimeInitUSec</varname></term>
+        <term><varname>LoaderTimeMenuUsec</varname></term>
+
+        <listitem><para>Information about the time spent in various parts of the boot loader. Set by the boot
+        loader. Use <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>
+        to view this data. </para>
+
+        <xi:include href="version-info.xml" xpointer="v240"/></listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term><varname>LoaderSystemToken</varname></term>
+
+        <listitem><para>A binary random data field, that is used for generating the random seed to pass to
+        the OS (see above). Note that this random data is generally only generated once, during OS
+        installation, and is then never updated again.</para>
+
+        <xi:include href="version-info.xml" xpointer="v243"/></listitem>
+      </varlistentry>
+    </variablelist>
+
+    <para>Many of these variables are defined by the <ulink
+    url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>Boot Counting</title>
+
+    <para><command>systemd-boot</command> implements a simple boot counting mechanism on top of the <ulink
+    url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink>, for automatic and unattended
+    fallback to older kernel versions/boot loader entries when a specific entry continuously fails. Any boot loader
+    entry file and unified kernel image file that contains a <literal>+</literal> followed by one or two numbers (if
+    two they need to be separated by a <literal>-</literal>), before the <filename>.conf</filename> or
+    <filename>.efi</filename> suffix is subject to boot counting: the first of the two numbers ('tries left') is
+    decreased by one on every boot attempt, the second of the two numbers ('tries done') is increased by one (if 'tries
+    done' is absent it is considered equivalent to 0). Depending on the current value of these two counters the boot
+    entry is considered to be in one of three states:</para>
+
+    <orderedlist>
+      <listitem><para>If the 'tries left' counter of an entry is greater than zero the entry is considered to be in
+      'indeterminate' state. This means the entry has not completed booting successfully yet, but also hasn't been
+      determined not to work.</para></listitem>
+
+      <listitem><para>If the 'tries left' counter of an entry is zero it is considered to be in 'bad' state. This means
+      no further attempts to boot this item will be made (that is, unless all other boot entries are also in 'bad'
+      state), as all attempts to boot this entry have not completed successfully.</para></listitem>
+
+      <listitem><para>If the 'tries left' and 'tries done' counters of an entry are absent it is considered to be in
+      'good' state. This means further boot counting for the entry is turned off, as it successfully booted at least
+      once. The
+      <citerefentry><refentrytitle>systemd-bless-boot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+      service moves the currently booted entry from 'indeterminate' into 'good' state when a boot attempt completed
+      successfully.</para></listitem>
+    </orderedlist>
+
+    <para>Generally, when new entries are added to the boot loader, they first start out in 'indeterminate' state,
+    i.e. with a 'tries left' counter greater than zero. The boot entry remains in this state until either it managed to
+    complete a full boot successfully at least once (in which case it will be in 'good' state) — or the 'tries left'
+    counter reaches zero (in which case it will be in 'bad' state).</para>
+
+    <para>Example: let's say a boot loader entry file <filename>foo.conf</filename> is set up for 3 boot tries. The
+    installer will hence create it under the name <filename>foo+3.conf</filename>. On first boot, the boot loader will
+    rename it to <filename>foo+2-1.conf</filename>. If that boot does not complete successfully, the boot loader will
+    rename it to <filename>foo+1-2.conf</filename> on the following boot. If that fails too, it will finally be renamed
+    <filename>foo+0-3.conf</filename> by the boot loader on next boot, after which it will be considered 'bad'. If the
+    boot succeeds however the entry file will be renamed to <filename>foo.conf</filename> by the OS, so that it is
+    considered 'good' from then on.</para>
+
+    <para>The boot menu takes the 'tries left' counter into account when sorting the menu entries: entries in 'bad'
+    state are ordered at the beginning of the list, and entries in 'good' or 'indeterminate' at the end. The user can
+    freely choose to boot any entry of the menu, including those already marked 'bad'. If the menu entry to boot is
+    automatically determined, this means that 'good' or 'indeterminate' entries are generally preferred (as the bottom
+    item of the menu is the one booted by default), and 'bad' entries will only be considered if there are no 'good' or
+    'indeterminate' entries left.</para>
+
+    <para>The <citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry> kernel
+    install framework optionally sets the initial 'tries left' counter to the value specified in
+    <filename>/etc/kernel/tries</filename> when a boot loader entry is first created.</para>
+  </refsect1>
+
+  <refsect1>
+    <title>Using <command>systemd-boot</command> in virtual machines</title>
+
+    <para>When using qemu with OVMF (UEFI Firmware for virtual machines) the <option>-kernel</option> switch
+    works not only for linux kernels, but for any EFI binary, including sd-boot and unified linux
+    kernels. Example command line for loading <command>systemd-boot</command> on x64:</para>
+
+    <para>
+      <command>qemu-system-x86_64 <replaceable>[ ... ]</replaceable>
+      -kernel /usr/lib/systemd/boot/efi/systemd-bootx64.efi</command>
+    </para>
+
+    <para>systemd-boot will detect that it was started directly instead of being loaded from ESP and will
+    search for the ESP in that case, taking into account boot order information from the hypervisor (if
+    available).</para>
+  </refsect1>
+
+  <refsect1>
+    <title>See Also</title>
+    <para>
+      <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>loader.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemd-bless-boot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemd-boot-random-seed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
+      <citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
+      <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink>,
+      <ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>,
+      <ulink url="https://systemd.io/TPM2_PCR_MEASUREMENTS">TPM2 PCR Measurements Made by systemd</ulink>
+    </para>
+  </refsect1>
+</refentry>
-- 
cgit v1.2.3