systemd-boot(7),曾用名 gummiboot (德语里“橡皮筏”的意思),是一款易于配置的 UEFI 引导加载程序。它提供了一个用于选择启动项的文本菜单,以及一个用于配置内核命令行的编辑器。
注意,systemd-boot 只能启动 EFI 可执行程序(例如 Linux 内核 EFISTUB,UEFI shell,GRUB 或者 Windows Boot Manager)。
支持的文件系统
systemd-boot 从固件继承了文件系统兼容性(例如至少支持 FAT12,FAT16 和 FAT32),还可以加载 esp/EFI/systemd/drivers/
目录下的 UEFI 驱动。
安装
systemd-boot 随 systemd包 包一同安装,其为 base包 元软件包的依赖,因此无需手动安装额外软件包。
安装 UEFI 启动管理器
要安装 systemd-boot,首先确保启动方式是 UEFI 模式,可以访问 UEFI 变量。用 efivar --list
命令进行检查,如果没有安装 efivar包 ,使用 ls /sys/firmware/efi/efivars
(如果目录存在,则表明系统是以 UEFI 模式启动的)。
下面的例子中会用 esp
表示 ESP 挂载点的路径,例如 /efi
或 /boot
。这将假设你已经 chroot 到了系统的挂载点下。
使用 bootctl(1) 将 systemd-boot 安装到 ESP:
# bootctl install
这将把 systemd-boot UEFI 启动管理器复制到 ESP,同时为其创建一项 UEFI 启动入口,并将其设置为 UEFI 启动顺序的第一项。
- 在 x64 UEFI 环境中,
/usr/lib/systemd/boot/efi/systemd-bootx64.efi
将被复制到esp/EFI/systemd/systemd-bootx64.efi
和esp/EFI/BOOT/BOOTX64.EFI
。 - 在 IA32 UEFI 环境中,
/usr/lib/systemd/boot/efi/systemd-bootia32.efi
将被复制到esp/EFI/systemd/systemd-bootia32.efi
和esp/EFI/BOOT/BOOTIA32.EFI
。
UEFI 启动选项将被命名为“Linux Boot Manager”,根据 UEFI 位数不同,启动选项将指向到 ESP 的 \EFI\systemd\systemd-bootx64.efi
或 \EFI\systemd\systemd-bootia32.efi
位置下。
- 在运行
bootctl install
时,systemd-boot 会尝试在/efi
,/boot
和/boot/efi
目录下寻找 ESP。可以通过--esp-path=esp
参数指定esp
目录(详细信息请参考 bootctl(1) § OPTIONS)。 - 安装 systemd-boot 将覆盖现有的
esp/EFI/BOOT/BOOTX64.EFI
(或是 IA32 UEFI 下的esp/EFI/BOOT/BOOTIA32.EFI
),例如 Microsoft 版本的文件。
要完成安装,请 配置 systemd-boot。
通过 XBOOTLDR 安装
A separate /boot partition of type "Linux extended boot" (XBOOTLDR) can be created to keep the kernel and initramfs separate from the ESP. This is particularly helpful to dual boot with Windows with an existing ESP that is too small.
Prepare an ESP as usual and create another partition for XBOOTLDR on the same physical drive. The XBOOTLDR partition must have a partition type GUID of bc13c2ff-59e6-4262-a352-b275fd6f7172
[1] (ea00
type for gdisk). The size of the XBOOTLDR partition should be large enough to accommodate all of the kernels you are going to install.
- systemd-boot does not do a file system check like it does for the ESP. Hence, it is possible to use any file system that your UEFI implementation can read.
- UEFI may skip loading partitions other than the ESP when a "fast boot" mode is enabled. This can lead to systemd-boot failing to find entries on the XBOOTLDR partition; in that case, disable the "fast boot" mode.
- The XBOOTLDR partition must be on the same physical disk as the ESP for systemd-boot to recognize it.
During install, mount the ESP to /mnt/efi
and the XBOOTLDR partition to /mnt/boot
.
Once in chroot, use the command:
# bootctl --esp-path=/efi --boot-path=/boot install
To conclude the installation, configure systemd-boot.
更新 EFI 启动管理器
每当 systemd-boot 有新版本时,用户可以选择重新安装启动管理器。该操作可以手动或自动进行,具体方式将在下文中描述。
手动更新
使用bootctl 更新 systemd-boot:
# bootctl update
bootctl install
类似,systemd-boot 会尝试在 /efi
,/boot
和 /boot/efi
三个位置下寻找 ESP。可以用 --esp-path=esp
参数指定 esp
位置。自动更新
如果你需要自动更新 systemd-boot,你可以尝试使用 systemd 服务 或 Pacman 钩子,下方介绍了这两种方法。
systemd 服务
在版本 250 后, systemd包 添加了 systemd-boot-update.service
。 启用 这个服务后将会在下次启动系统时更新 bootloader。
/usr/lib/systemd/boot/efi/systemd-bootarch.efi.signed
exists, it will be used in place of /usr/lib/systemd/boot/efi/systemd-bootarch.efi
when installing or updating the boot manager. See bootctl(1) § SIGNED .EFI FILES for details.pacman 钩子
软件包 systemd-boot-pacman-hookAUR 提供了一个 Pacman 钩子,将在每次更新 systemd包 后自动执行。
或者,不安装 systemd-boot-pacman-hook 实现相同功能,在 /etc/pacman.d/hooks/
目录下手动添加以下文件:
/etc/pacman.d/hooks/95-systemd-boot.hook
[Trigger] Type = Package Operation = Upgrade Target = systemd [Action] Description = Gracefully upgrading systemd-boot... When = PostTransaction Exec = /usr/bin/systemctl restart systemd-boot-update.service
为安全启动进行签名
如果你启用了 安全启动,你需要添加一个 Pacman 钩子以在更新后自动为其重新签名:
/etc/pacman.d/hooks/80-secureboot.hook
[Trigger] Operation = Install Operation = Upgrade Type = Path Target = usr/lib/systemd/boot/efi/systemd-boot*.efi [Action] Description = Signing systemd-boot EFI binary for Secure Boot When = PostTransaction Exec = /bin/sh -c 'while read -r i; do sbsign --key /path/to/keyfile.key --cert /path/to/certificate.crt "$i"; done;' Depends = sh Depends = sbsigntools NeedsTargets
将 /path/to/keyfile.key
和 /path/to/certificate.crt
替换为你的签名密钥和证书,具体信息可参考 sbsign(1) 。
/usr/share/libalpm/hooks/zz-sbctl.hook
的钩子会自动对注册到其数据库的文件进行签名。别忘了先将必要的文件注册到你的启动链中。配置
启动选单配置
配置文件保存于 esp/loader/loader.conf
,具体信息可参考 loader.conf(5) § OPTIONS 。
以下是一个简单的示例:
esp/loader/loader.conf
default arch.conf timeout 4 console-mode max editor no
- systemd-boot does not accept tabs for indentation, use spaces instead.
-
default
和timeout
可在启动选单中修改,变更将覆盖保存到LoaderEntryDefault
和LoaderConfigTimeout
这两个 UEFI 变量中。 -
bootctl set-default ""
和bootctl set-timeout ""
可分别用于清除覆盖了default
andtimeout
选项的 UEFI 变量。 - If you have set
timeout 0
, the boot menu can be accessed by pressingSpace
. - 基本配置文件示例位于
/usr/share/systemd/bootctl/loader.conf
。 - If the bootloader (during the entry selection) appears distorted/uses the wrong resolution you can try to set the
console-mode
toauto
(uses heuristics to select the best resolution),keep
(keeps the firmware provided resolution) or2
(tries to select the first non-UEFI-standard resolution).
记住上一次的启动项
As of systemd version 251 or later default can be changed to @saved
in order to remember the last picked entry on startup. This is useful for when dual booting Windows and the surprise windows auto update pushes you into Linux.
esp/loader/loader.conf
default @saved ...
Consult loader.conf(5) for more details.
增加启动选项
systemd-boot 会在 esp/loader/entries/*.conf
中查找启动选项,如果使用了 XBOOTLDR,那同时也会查找 boot/loader/entries/*.conf
。注意,esp
下的启动项只能调用 esp
下的文件(例如内核,initramfs,映像等),boot
下的启动项也一样只能调用 boot
下的文件。
.cmdline
的统一内核映像将忽略所有传入的命令行选项(无论是使用 options
传入启动选项还是交互式传入的)。当未启用安全启动时,通过命令行传入的选项会覆盖掉 .cmdline
内置的选项。以下为从卷启动 Arch 的启动选项文件示例,其中卷的 UUID 为 xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
:
esp/loader/entries/arch.conf
title Arch Linux linux /vmlinuz-linux initrd /initramfs-linux.img options root=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx rw
esp/loader/entries/arch-fallback.conf
title Arch Linux (fallback initramfs) linux /vmlinuz-linux initrd /initramfs-linux-fallback.img options root=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx rw
所有配置选项可参考 引导加载器规范。
systemd-boot 会在启动时自动搜索 /EFI/Microsoft/Boot/Bootmgfw.efi
(Windows Boot Manager),/shellx64.efi
(UEFI shell)和 /EFI/BOOT/bootx64.efi
(EFI Default Loader),同时也会在 /EFI/Linux/
内查找内核文件。在检测到后,会自动生成名称分别为 auto-windows
,auto-efi-shell
和 auto-efi-default
的启动选项,因此这些选项不需要手动配置引导器。但和 rEFInd 不同,不会为其它 EFI 应用程序创建启动选项,所以这些还需要进行进一步设置。
/boot/amd-ucode.img
or /boot/intel-ucode.img
must be specified in a separate initrd
and always be placed first, before the main initramfs image.UEFI Shells 或其他 EFI 应用程序
In case you installed a UEFI shell with the package edk2-shell包, systemd-boot will auto-detect and create a new entry if the EFI file is placed in esp/shellx64.efi
.
To perform this and example command after installing the package would be:
# cp /usr/share/edk2-shell/x64/Shell.efi /boot/shellx64.efi
另外如果你安装了其他 EFI 应用程序到 ESP,也可以像这样进行加载:
efi
line is relative to the root of your EFI system partition. If your EFI system partition is mounted at /boot
and your EFI binaries reside at /boot/EFI/xx.efi
and /boot/yy.efi
, then you would specify the parameters as efi /EFI/xx.efi
and efi /yy.efi
respectively.esp/loader/entries/fwupd.conf
title Firmware updater efi /EFI/tools/fwupdx64.efi
esp/loader/entries/gdisk.conf
title GPT fdisk (gdisk) efi /EFI/tools/gdisk_x64.efi
Memtest86+
You need to install memtest86+-efi包 for this to work. Also sign the EFI binary when using Secure Boot.
esp/loader/entries/memtest.conf
title Memtest86+ efi /memtest86+/memtest.efi
Netboot
systemd-boot can chainload Netboot. Download the ipxe-arch.efi
EFI binary and signature, verify it and place it as proposed in esp/EFI/arch_netboot/arch_netboot.efi
.
esp/loader/entries/arch_netboot.conf
title Arch Linux Netboot efi /EFI/arch_netboot/arch_netboot.efi
GRUB
systemd-boot can chainload GRUB. The location of the grubx64.efi
binary matches the used --bootloader-id=
when GRUB was installed to the ESP.
esp/loader/entries/grub.conf
title GRUB efi /EFI/GRUB/grubx64.efi
从其它硬盘启动
systemd-boot cannot launch EFI binaries from partitions other than the ESP it is launched from or the XBOOTLDR partition on the same disk, but it can direct the UEFI shell to do so.
First, install edk2-shell包 as described above. Next, obtain the PARTUUID of the partition where the destination EFI file is located by using the blkid
command on Linux. In the UEFI shell, use the map command to take notes of the FS alias (ex: HD0a66666a2, HD0b, FS1, or BLK7) of the partition with the corresponding PARTUUID.
Then, use the exit
command to boot back into Linux, where you can create a new loader entry to run the target EFI program through the UEFI shell:
esp/loader/entries/windows.conf
title Windows efi /shellx64.efi options -nointerrupt -nomap -noversion HD0b:EFI\Microsoft\Boot\Bootmgfw.efi
Ensure that the efi
path matches the location where the shellx64.efi
has been copied in the esp partition. Also, note that the shellx64.efi
EFI file can be moved elsewhere to avoid the automatic entry creation by systemd-boot.
Replace HD0b
with the previously noted FS alias.
- The
-nointerrupt
option prevents interrupting the target EFI program with CTRL+C. - The
-nomap -noversion
options hide the default UEFI shell greeting. - To have the UEFI shell automatically return to the bootloader if the target EFI program exits (e.g., due to an error), add the
-exit
option. - You can also add the
-noconsoleout
option if there is still unnecessary output in the UEFI shell.
Booting into UEFI firmware setup
systemd-boot will automatically add an entry to boot into UEFI firmware setup if your device's firmware supports rebooting into setup from the OS.
对休眠的支持
参阅 挂起与休眠。
为内核参数编辑器加上密码保护
Alternatively you can install systemd-boot-passwordAUR which supports password
basic configuration option. Use sbpctl generate
to generate a value for this option.
Install systemd-boot-password with the following command:
# sbpctl install esp
With enabled editor you will be prompted for your password before you can edit kernel parameters.
小提示
启动选单中的按键操作
在启动选单中,你可以使用 t
和 T
调整超时时间,使用 e
编辑当前启动项的内核参数。按下 h
可以看到一个简略的快捷键列表,完整的启动选单内可用快捷键列表可参考 systemd-boot(7) § KEY BINDINGS 。
选择下一次启动选项
The boot manager is integrated with the systemctl command, allowing you to choose what option you want to boot after a reboot. For example, suppose you have built a custom kernel and created an entry file esp/loader/entries/arch-custom.conf
to boot into it, you can just launch
$ systemctl reboot --boot-loader-entry=arch-custom.conf
and your system will reboot into that entry maintaining the default option intact for subsequent boots. To see a list of possible entries pass the --boot-loader-entry=help
option.
If you want to boot into the firmware of your motherboard directly, then you can use this command:
$ systemctl reboot --firmware-setup
统一内核映像
Unified kernel images in esp/EFI/Linux/
are automatically sourced by systemd-boot, and do not need an entry in esp/loader/entries
. (Note that unified kernel images must have a .efi
extension to be identified by systemd-boot.)
esp/loader/entries/
will be booted first if no default
is set in esp/loader/loader.conf
. Remove those entries, or set the default with the full file name, i.e. default arch-linux.efi
Grml on ESP
PKGBUILD
is available: grml-systemd-bootAUR.Grml is a small live system with a collection of software for system administration and rescue.
In order to install Grml on the ESP, we only need to copy the kernel vmlinuz
, the initramfs initrd.img
, and the squashed image grml64-small.squashfs
from the iso file to the ESP. To do so, first download grml64-small.iso and mount the file (the mountpoint is henceforth denoted mnt); the kernel and initramfs are located in mnt/boot/grml64small/
, and the squashed image resides in mnt/live/grml64-small/
.
Next, create a directory for Grml in your ESP,
# mkdir -p esp/grml
and copy the above-mentioned files in there:
# cp mnt/boot/grml64small/vmlinuz esp/grml # cp mnt/boot/grml64small/initrd.img esp/grml # cp mnt/live/grml64-small/grml64-small.squashfs esp/grml
In the last step, create an entry for the systemd-boot loader: In esp/loader/entries
create a grml.conf
file with the following content:
esp/loader/entries/grml.conf
title Grml Live Linux linux /grml/vmlinuz initrd /grml/initrd.img options apm=power-off boot=live live-media-path=/grml/ nomce net.ifnames=0
For an overview of the available boot options, consult the cheatcode for Grml.
在 BIOS 系统上使用 systemd-boot
If you need a bootloader for BIOS systems that follows The Boot Loader Specification, then systemd-boot can be pressed into service on BIOS systems. The Clover boot loader supports booting from BIOS systems and provides a emulated UEFI environment.
排除问题
在传统启动(BIOS 模式)下安装
如果你以 BIOS 模式启动电脑,你还是可以正常安装 systemd-boot,但需要在安装后手动向你的固件提供如何启动 systemd-boot EFI 文件的相关信息,为此你需要下列工具之一:
- 一个 UEFI Shell
- 你的 UEFI 固件设置中提供了更改启动选项的选项.
- 如果 UEFI 没有其它启动项,某些固件会直接使用
esp/EFI/BOOT/BOOTX64.EFI
。
满足条件后,进入你的 UEFI Shell 或是 UEFI 固件设置,修改你的默认 EFI 启动加载器为 esp/EFI/systemd/systemd-bootx64.efi
。
通过 efibootmgr 手动添加启动选项
如果运行bootctl install
命令失败,你可以通过 efibootmgr包手动增加选项:
# efibootmgr --create --disk /dev/sdX --part Y --loader '\EFI\systemd\systemd-bootx64.efi' --label "Linux Boot Manager" --unicode
用 EFI 系统分区的设备名称替换 /dev/sdXY
。
在 Windows 上通过 bcdedit 添加启动选项
If for any reason you need to create an UEFI boot entry from Windows, you can use the following commands from an Administrator prompt:
> bcdedit /copy {bootmgr} /d "Linux Boot Manager" > bcdedit /set {guid} path \EFI\systemd\systemd-bootx64.efi
Replace guid
with the id returned by the first command. You can also set it as the default entry using
> bcdedit /default {guid}
在 Windows 升级后看不到启动菜单
添加 Windows BitLocker TPM 解锁支持
To stop BitLocker from requesting the recovery key, add the following to loader.conf:
esp/loader/loader.conf
reboot-for-bitlocker yes
This will set the BootNext UEFI variable, whereby Windows Boot Manager is loaded without BitLocker requiring the recovery key. This is a one-time change, and systemd-boot remains the default bootloader. There is no need to specify Windows as an entry if it was autodetected.
This is an experimental feature, so make sure to consult loader.conf(5).