来自 Arch Linux 中文维基

systemd-boot(7),曾用名 gummiboot (德语里“橡皮筏”的意思),是一款易于配置的 UEFI 引导加载程序。它提供了一个用于选择启动项的文本菜单,以及一个用于配置内核命令行的编辑器。

注意,systemd-boot 只能启动 EFI 可执行程序(例如 Linux 内核 EFISTUBUEFI shellGRUB 或者 Windows Boot Manager)。

支持的文件系统

systemd-boot 从固件继承了文件系统兼容性(例如至少支持 FAT12,FAT16 和 FAT32),还可以加载 esp/EFI/systemd/drivers/ 目录下的 UEFI 驱动

安装

systemd-bootsystemd 包一同安装,其为 base 元软件包的依赖,因此无需手动安装额外软件包。

安装 UEFI 启动管理器

要安装 systemd-boot,首先确保启动方式是 UEFI 模式,可以访问 UEFI 变量。用 efivar --list 命令进行检查,如果没有安装 efivar ,使用 ls /sys/firmware/efi/efivars (如果目录存在,则表明系统是以 UEFI 模式启动的)。

下面的例子中会用 esp 表示 ESP 挂载点的路径,例如 /efi/boot。这将假设你已经 chroot 到了系统的挂载点下。

使用 bootctl(1)systemd-boot 安装到 ESP:

# bootctl install

这将把 systemd-boot UEFI 启动管理器复制到 ESP,同时为其创建一项 UEFI 启动入口,并将其设置为 UEFI 启动顺序的第一项。

  • 在 x64 UEFI 环境中,/usr/lib/systemd/boot/efi/systemd-bootx64.efi 将被复制到 esp/EFI/systemd/systemd-bootx64.efiesp/EFI/BOOT/BOOTX64.EFI
  • 在 IA32 UEFI 环境中,/usr/lib/systemd/boot/efi/systemd-bootia32.efi 将被复制到 esp/EFI/systemd/systemd-bootia32.efiesp/EFI/BOOT/BOOTIA32.EFI

UEFI 启动选项将被命名为“Linux Boot Manager”,根据 UEFI 位数不同,启动选项将指向到 ESP 的 \EFI\systemd\systemd-bootx64.efi\EFI\systemd\systemd-bootia32.efi 位置下。

注意:
  • 在运行 bootctl install 时,systemd-boot 会尝试在 /efi/boot/boot/efi 目录下寻找 ESP。可以通过 --esp-path=esp 参数指定 esp 目录(详细信息请参考 bootctl(1) § OPTIONS)。
  • 安装 systemd-boot 将覆盖现有的 esp/EFI/BOOT/BOOTX64.EFI(或是 IA32 UEFI 下的 esp/EFI/BOOT/BOOTIA32.EFI),例如 Microsoft 版本的文件。

要完成安装,请 配置 systemd-boot

通过 XBOOTLDR 安装

A separate /boot partition of type "Linux extended boot" (XBOOTLDR) can be created to keep the kernel and initramfs separate from the ESP. This is particularly helpful to dual boot with Windows with an existing ESP that is too small.

Prepare an ESP as usual and create another partition for XBOOTLDR on the same physical drive. The XBOOTLDR partition must have a partition type GUID of bc13c2ff-59e6-4262-a352-b275fd6f7172 [1] (ea00 type for gdisk). The size of the XBOOTLDR partition should be large enough to accommodate all of the kernels you are going to install.

注意:
  • systemd-boot does not do a file system check like it does for the ESP. Hence, it is possible to use any file system that your UEFI implementation can read.
  • UEFI may skip loading partitions other than the ESP when a "fast boot" mode is enabled. This can lead to systemd-boot failing to find entries on the XBOOTLDR partition; in that case, disable the "fast boot" mode.
  • The XBOOTLDR partition must be on the same physical disk as the ESP for systemd-boot to recognize it.

During install, mount the ESP to /mnt/efi and the XBOOTLDR partition to /mnt/boot.

Once in chroot, use the command:

# bootctl --esp-path=/efi --boot-path=/boot install

To conclude the installation, configure systemd-boot.

更新 EFI 启动管理器

每当 systemd-boot 有新版本时,用户可以选择重新安装启动管理器。该操作可以手动或自动进行,具体方式将在下文中描述。

注意: The UEFI boot manager is a standalone EFI executable and any version can be used to boot the system (partial updates do not apply, since pacman only installs the systemd-boot installer, not systemd-boot itself.) However, new versions may add new features or fix bugs, so it is probably a good idea to update systemd-boot.

手动更新

使用bootctl 更新 systemd-boot

# bootctl update
注意:bootctl install 类似,systemd-boot 会尝试在 /efi/boot/boot/efi 三个位置下寻找 ESP。可以用 --esp-path=esp 参数指定 esp 位置。

自动更新

如果你需要自动更新 systemd-boot,你可以尝试使用 systemd 服务Pacman 钩子,下方介绍了这两种方法。

systemd 服务

在版本 250 后, systemd 添加了 systemd-boot-update.service启用 这个服务后将会在下次启动系统时更新 bootloader

警告: 如果你启用了 安全启动,你需要在更新引导加载程序后为其签名。请查看下方#为安全启动进行签名一节的相关说明。
提示:If /usr/lib/systemd/boot/efi/systemd-bootarch.efi.signed exists, it will be used in place of /usr/lib/systemd/boot/efi/systemd-bootarch.efi when installing or updating the boot manager. See bootctl(1) § SIGNED .EFI FILES for details.
pacman 钩子

软件包 systemd-boot-pacman-hookAUR 提供了一个 Pacman 钩子,将在每次更新 systemd 后自动执行。

或者,不安装 systemd-boot-pacman-hook 实现相同功能,在 /etc/pacman.d/hooks/ 目录下手动添加以下文件:

/etc/pacman.d/hooks/95-systemd-boot.hook
[Trigger]
Type = Package
Operation = Upgrade
Target = systemd

[Action]
Description = Gracefully upgrading systemd-boot...
When = PostTransaction
Exec = /usr/bin/systemctl restart systemd-boot-update.service
为安全启动进行签名

如果你启用了 安全启动,你需要添加一个 Pacman 钩子以在更新后自动为其重新签名:

/etc/pacman.d/hooks/80-secureboot.hook
[Trigger]
Operation = Install
Operation = Upgrade
Type = Path
Target = usr/lib/systemd/boot/efi/systemd-boot*.efi

[Action]
Description = Signing systemd-boot EFI binary for Secure Boot
When = PostTransaction
Exec = /bin/sh -c 'while read -r i; do sbsign --key /path/to/keyfile.key --cert /path/to/certificate.crt "$i"; done;'
Depends = sh
Depends = sbsigntools
NeedsTargets

/path/to/keyfile.key/path/to/certificate.crt 替换为你的签名密钥和证书,具体信息可参考 sbsign(1)

提示:如果你在使用 sbctl,那位于 /usr/share/libalpm/hooks/zz-sbctl.hook 的钩子会自动对注册到其数据库的文件进行签名。别忘了先将必要的文件注册到你的启动链中。

配置

启动选单配置

配置文件保存于 esp/loader/loader.conf,具体信息可参考 loader.conf(5) § OPTIONS

以下是一个简单的示例:

esp/loader/loader.conf
default  arch.conf
timeout  4
console-mode max
editor   no
提示:
  • systemd-boot does not accept tabs for indentation, use spaces instead.
  • defaulttimeout 可在启动选单中修改,变更将覆盖保存到 LoaderEntryDefaultLoaderConfigTimeout 这两个 UEFI 变量中。
  • bootctl set-default ""bootctl set-timeout "" 可分别用于清除覆盖了 default and timeout 选项的 UEFI 变量。
  • If you have set timeout 0, the boot menu can be accessed by pressing Space.
  • 基本配置文件示例位于 /usr/share/systemd/bootctl/loader.conf
  • If the bootloader (during the entry selection) appears distorted/uses the wrong resolution you can try to set the console-mode to auto (uses heuristics to select the best resolution), keep (keeps the firmware provided resolution) or 2 (tries to select the first non-UEFI-standard resolution).

记住上一次的启动项

As of systemd version 251 or later default can be changed to @saved in order to remember the last picked entry on startup. This is useful for when dual booting Windows and the surprise windows auto update pushes you into Linux.

esp/loader/loader.conf
default @saved
...

Consult loader.conf(5) for more details.

增加启动选项

systemd-boot 会在 esp/loader/entries/*.conf 中查找启动选项,如果使用了 XBOOTLDR,那同时也会查找 boot/loader/entries/*.conf 。注意,esp 下的启动项只能调用 esp 下的文件(例如内核,initramfs,映像等),boot 下的启动项也一样只能调用 boot 下的文件。

注意: 启用安全启动后,内嵌 .cmdline统一内核映像将忽略所有传入的命令行选项(无论是使用 options 传入启动选项还是交互式传入的)。当未启用安全启动时,通过命令行传入的选项会覆盖掉 .cmdline 内置的选项。

以下为从卷启动 Arch 的启动选项文件示例,其中卷的 UUIDxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

esp/loader/entries/arch.conf
title   Arch Linux
linux   /vmlinuz-linux
initrd  /initramfs-linux.img
options root=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx rw
esp/loader/entries/arch-fallback.conf
title   Arch Linux (fallback initramfs)
linux   /vmlinuz-linux
initrd  /initramfs-linux-fallback.img
options root=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx rw

所有配置选项可参考 引导加载器规范

systemd-boot 会在启动时自动搜索 /EFI/Microsoft/Boot/Bootmgfw.efiWindows Boot Manager),/shellx64.efiUEFI shell)和 /EFI/BOOT/bootx64.efiEFI Default Loader),同时也会在 /EFI/Linux/ 内查找内核文件。在检测到后,会自动生成名称分别为 auto-windowsauto-efi-shellauto-efi-default 的启动选项,因此这些选项不需要手动配置引导器。但和 rEFInd 不同,不会为其它 EFI 应用程序创建启动选项,所以这些还需要进行进一步设置。

提示:
  • 可以用 bootctl list 列出所有可用启动选项。
  • 启动选项配置示例位于 /usr/share/systemd/bootctl/arch.conf
  • 适用于如 LVMLUKSdm-cryptBtrfs内核参数可在对应的页面中获取。
注意: If external microcode initramfs images are used (e.g. when using Booster as the initramfs generator), /boot/amd-ucode.img or /boot/intel-ucode.img must be specified in a separate initrd and always be placed first, before the main initramfs image.

UEFI Shells 或其他 EFI 应用程序

In case you installed a UEFI shell with the package edk2-shell, systemd-boot will auto-detect and create a new entry if the EFI file is placed in esp/shellx64.efi. To perform this and example command after installing the package would be:

# cp /usr/share/edk2-shell/x64/Shell.efi /boot/shellx64.efi

另外如果你安装了其他 EFI 应用程序到 ESP,也可以像这样进行加载:

注意: The file path parameter for the efi line is relative to the root of your EFI system partition. If your EFI system partition is mounted at /boot and your EFI binaries reside at /boot/EFI/xx.efi and /boot/yy.efi, then you would specify the parameters as efi /EFI/xx.efi and efi /yy.efi respectively.
esp/loader/entries/fwupd.conf
title  Firmware updater
efi     /EFI/tools/fwupdx64.efi
esp/loader/entries/gdisk.conf
title  GPT fdisk (gdisk)
efi     /EFI/tools/gdisk_x64.efi
Memtest86+

You need to install memtest86+-efi for this to work. Also sign the EFI binary when using Secure Boot.

esp/loader/entries/memtest.conf
title Memtest86+
efi /memtest86+/memtest.efi
Netboot

systemd-boot can chainload Netboot. Download the ipxe-arch.efi EFI binary and signature, verify it and place it as proposed in esp/EFI/arch_netboot/arch_netboot.efi.

esp/loader/entries/arch_netboot.conf
title Arch Linux Netboot
efi /EFI/arch_netboot/arch_netboot.efi
GRUB

systemd-boot can chainload GRUB. The location of the grubx64.efi binary matches the used --bootloader-id= when GRUB was installed to the ESP.

esp/loader/entries/grub.conf
title GRUB
efi /EFI/GRUB/grubx64.efi

从其它硬盘启动

systemd-boot cannot launch EFI binaries from partitions other than the ESP it is launched from or the XBOOTLDR partition on the same disk, but it can direct the UEFI shell to do so.

First, install edk2-shell as described above. Next, obtain the PARTUUID of the partition where the destination EFI file is located by using the blkid command on Linux. In the UEFI shell, use the map command to take notes of the FS alias (ex: HD0a66666a2, HD0b, FS1, or BLK7) of the partition with the corresponding PARTUUID.

Then, use the exit command to boot back into Linux, where you can create a new loader entry to run the target EFI program through the UEFI shell:

esp/loader/entries/windows.conf
title   Windows
efi     /shellx64.efi
options -nointerrupt -nomap -noversion HD0b:EFI\Microsoft\Boot\Bootmgfw.efi

Ensure that the efi path matches the location where the shellx64.efi has been copied in the esp partition. Also, note that the shellx64.efi EFI file can be moved elsewhere to avoid the automatic entry creation by systemd-boot.

Replace HD0b with the previously noted FS alias.

  • The -nointerrupt option prevents interrupting the target EFI program with CTRL+C.
  • The -nomap -noversion options hide the default UEFI shell greeting.
  • To have the UEFI shell automatically return to the bootloader if the target EFI program exits (e.g., due to an error), add the -exit option.
  • You can also add the -noconsoleout option if there is still unnecessary output in the UEFI shell.

Booting into UEFI firmware setup

systemd-boot will automatically add an entry to boot into UEFI firmware setup if your device's firmware supports rebooting into setup from the OS.

对休眠的支持

参阅 挂起与休眠

为内核参数编辑器加上密码保护

Alternatively you can install systemd-boot-passwordAUR which supports password basic configuration option. Use sbpctl generate to generate a value for this option.

Install systemd-boot-password with the following command:

# sbpctl install esp

With enabled editor you will be prompted for your password before you can edit kernel parameters.

小提示

启动选单中的按键操作

在启动选单中,你可以使用 tT 调整超时时间,使用 e 编辑当前启动项的内核参数。按下 h 可以看到一个简略的快捷键列表,完整的启动选单内可用快捷键列表可参考 systemd-boot(7) § KEY BINDINGS

选择下一次启动选项

The boot manager is integrated with the systemctl command, allowing you to choose what option you want to boot after a reboot. For example, suppose you have built a custom kernel and created an entry file esp/loader/entries/arch-custom.conf to boot into it, you can just launch

$ systemctl reboot --boot-loader-entry=arch-custom.conf

and your system will reboot into that entry maintaining the default option intact for subsequent boots. To see a list of possible entries pass the --boot-loader-entry=help option.

If you want to boot into the firmware of your motherboard directly, then you can use this command:

$ systemctl reboot --firmware-setup

统一内核映像

Unified kernel images in esp/EFI/Linux/ are automatically sourced by systemd-boot, and do not need an entry in esp/loader/entries. (Note that unified kernel images must have a .efi extension to be identified by systemd-boot.)

提示:Files in esp/loader/entries/ will be booted first if no default is set in esp/loader/loader.conf. Remove those entries, or set the default with the full file name, i.e. default arch-linux.efi

Grml on ESP

注意: The following instructions are not exclusive to Grml. With slight adjustments, installing other software (e.g., SystemRescueCD) is possible.
提示:A PKGBUILD is available: grml-systemd-bootAUR.

Grml is a small live system with a collection of software for system administration and rescue.

In order to install Grml on the ESP, we only need to copy the kernel vmlinuz, the initramfs initrd.img, and the squashed image grml64-small.squashfs from the iso file to the ESP. To do so, first download grml64-small.iso and mount the file (the mountpoint is henceforth denoted mnt); the kernel and initramfs are located in mnt/boot/grml64small/, and the squashed image resides in mnt/live/grml64-small/.

Next, create a directory for Grml in your ESP,

# mkdir -p esp/grml

and copy the above-mentioned files in there:

# cp mnt/boot/grml64small/vmlinuz esp/grml
# cp mnt/boot/grml64small/initrd.img esp/grml
# cp mnt/live/grml64-small/grml64-small.squashfs esp/grml

In the last step, create an entry for the systemd-boot loader: In esp/loader/entries create a grml.conf file with the following content:

esp/loader/entries/grml.conf
title   Grml Live Linux
linux   /grml/vmlinuz
initrd  /grml/initrd.img
options apm=power-off boot=live live-media-path=/grml/ nomce net.ifnames=0

For an overview of the available boot options, consult the cheatcode for Grml.

在 BIOS 系统上使用 systemd-boot

If you need a bootloader for BIOS systems that follows The Boot Loader Specification, then systemd-boot can be pressed into service on BIOS systems. The Clover boot loader supports booting from BIOS systems and provides a emulated UEFI environment.

排除问题

在传统启动(BIOS 模式)下安装

注意: 不建议进行该操作!

如果你以 BIOS 模式启动电脑,你还是可以正常安装 systemd-boot,但需要在安装后手动向你的固件提供如何启动 systemd-boot EFI 文件的相关信息,为此你需要下列工具之一:

  • 一个 UEFI Shell
  • 你的 UEFI 固件设置中提供了更改启动选项的选项.
  • 如果 UEFI 没有其它启动项,某些固件会直接使用 esp/EFI/BOOT/BOOTX64.EFI

满足条件后,进入你的 UEFI Shell 或是 UEFI 固件设置,修改你的默认 EFI 启动加载器为 esp/EFI/systemd/systemd-bootx64.efi

注意: 在某些 Dell Latitude 计算机上,UEFI 固件设置界面提供了设置 UEFI 启动所需的工具,而 EFI Shell 无法修改那些设置.

通过 efibootmgr 手动添加启动选项

如果运行bootctl install 命令失败,你可以通过 efibootmgr手动增加选项:

# efibootmgr --create --disk /dev/sdX --part Y --loader '\EFI\systemd\systemd-bootx64.efi' --label "Linux Boot Manager" --unicode

EFI 系统分区的设备名称替换 /dev/sdXY

在 Windows 上通过 bcdedit 添加启动选项

If for any reason you need to create an UEFI boot entry from Windows, you can use the following commands from an Administrator prompt:

> bcdedit /copy {bootmgr} /d "Linux Boot Manager"
> bcdedit /set {guid} path \EFI\systemd\systemd-bootx64.efi

Replace guid with the id returned by the first command. You can also set it as the default entry using

> bcdedit /default {guid}

在 Windows 升级后看不到启动菜单

参阅 UEFI#Windows 改变了启动次序

添加 Windows BitLocker TPM 解锁支持

To stop BitLocker from requesting the recovery key, add the following to loader.conf:

esp/loader/loader.conf
reboot-for-bitlocker yes

This will set the BootNext UEFI variable, whereby Windows Boot Manager is loaded without BitLocker requiring the recovery key. This is a one-time change, and systemd-boot remains the default bootloader. There is no need to specify Windows as an entry if it was autodetected.

This is an experimental feature, so make sure to consult loader.conf(5).

参阅