出自 Arch Linux 中文维基

systemd-boot(7),曾用名 gummiboot (德語裡「橡皮筏」的意思),是一款易於配置的 UEFI 引導加載程序。它提供了一個用於選擇啟動項的文本菜單,以及一個用於配置內核命令行的編輯器。

注意,systemd-boot 只能啟動 EFI 可執行程序(例如 Linux 內核 EFISTUBUEFI shellGRUB 或者 Windows Boot Manager)。

支持的文件系統

systemd-boot 從固件繼承了文件系統兼容性(例如至少支持 FAT12,FAT16 和 FAT32),還可以加載 esp/EFI/systemd/drivers/ 目錄下的 UEFI 驅動

安裝

systemd-bootsystemd 包一同安裝,其為 base 元軟體包的依賴,因此無需手動安裝額外軟體包。

安裝 UEFI 啟動管理器

要安裝 systemd-boot,首先確保啟動方式是 UEFI 模式,可以訪問 UEFI 變量。用 efivar --list 命令進行檢查,如果沒有安裝 efivar ,使用 ls /sys/firmware/efi/efivars (如果目錄存在,則表明系統是以 UEFI 模式啟動的)。

下面的例子中會用 esp 表示 ESP 掛載點的路徑,例如 /efi/boot。這將假設你已經 chroot 到了系統的掛載點下。

使用 bootctl(1)systemd-boot 安裝到 ESP:

# bootctl install

這將把 systemd-boot UEFI 啟動管理器複製到 ESP,同時為其創建一項 UEFI 啟動入口,並將其設置為 UEFI 啟動順序的第一項。

  • 在 x64 UEFI 環境中,/usr/lib/systemd/boot/efi/systemd-bootx64.efi 將被複製到 esp/EFI/systemd/systemd-bootx64.efiesp/EFI/BOOT/BOOTX64.EFI
  • 在 IA32 UEFI 環境中,/usr/lib/systemd/boot/efi/systemd-bootia32.efi 將被複製到 esp/EFI/systemd/systemd-bootia32.efiesp/EFI/BOOT/BOOTIA32.EFI

UEFI 啟動選項將被命名為「Linux Boot Manager」,根據 UEFI 位數不同,啟動選項將指向到 ESP 的 \EFI\systemd\systemd-bootx64.efi\EFI\systemd\systemd-bootia32.efi 位置下。

注意:
  • 在運行 bootctl install 時,systemd-boot 會嘗試在 /efi/boot/boot/efi 目錄下尋找 ESP。可以通過 --esp-path=esp 參數指定 esp 目錄(詳細信息請參考 bootctl(1) § OPTIONS)。
  • 安裝 systemd-boot 將覆蓋現有的 esp/EFI/BOOT/BOOTX64.EFI(或是 IA32 UEFI 下的 esp/EFI/BOOT/BOOTIA32.EFI),例如 Microsoft 版本的文件。

要完成安裝,請 配置 systemd-boot

通過 XBOOTLDR 安裝

A separate /boot partition of type "Linux extended boot" (XBOOTLDR) can be created to keep the kernel and initramfs separate from the ESP. This is particularly helpful to dual boot with Windows with an existing ESP that is too small.

Prepare an ESP as usual and create another partition for XBOOTLDR on the same physical drive. The XBOOTLDR partition must have a partition type GUID of bc13c2ff-59e6-4262-a352-b275fd6f7172 [1] (ea00 type for gdisk). The size of the XBOOTLDR partition should be large enough to accommodate all of the kernels you are going to install.

注意:
  • systemd-boot does not do a file system check like it does for the ESP. Hence, it is possible to use any file system that your UEFI implementation can read.
  • UEFI may skip loading partitions other than the ESP when a "fast boot" mode is enabled. This can lead to systemd-boot failing to find entries on the XBOOTLDR partition; in that case, disable the "fast boot" mode.
  • The XBOOTLDR partition must be on the same physical disk as the ESP for systemd-boot to recognize it.

During install, mount the ESP to /mnt/efi and the XBOOTLDR partition to /mnt/boot.

Once in chroot, use the command:

# bootctl --esp-path=/efi --boot-path=/boot install

To conclude the installation, configure systemd-boot.

更新 EFI 啟動管理器

每當 systemd-boot 有新版本時,用戶可以選擇重新安裝啟動管理器。該操作可以手動或自動進行,具體方式將在下文中描述。

注意: The UEFI boot manager is a standalone EFI executable and any version can be used to boot the system (partial updates do not apply, since pacman only installs the systemd-boot installer, not systemd-boot itself.) However, new versions may add new features or fix bugs, so it is probably a good idea to update systemd-boot.

手動更新

使用bootctl 更新 systemd-boot

# bootctl update
注意:bootctl install 類似,systemd-boot 會嘗試在 /efi/boot/boot/efi 三個位置下尋找 ESP。可以用 --esp-path=esp 參數指定 esp 位置。

自動更新

如果你需要自動更新 systemd-boot,你可以嘗試使用 systemd 服務Pacman 鉤子,下方介紹了這兩種方法。

systemd 服務

在版本 250 後, systemd 添加了 systemd-boot-update.service啟用 這個服務後將會在下次啟動系統時更新 bootloader

警告: 如果你啟用了 安全啟動,你需要在更新引導加載程序後為其簽名。請查看下方#為安全啟動進行簽名一節的相關說明。
提示:If /usr/lib/systemd/boot/efi/systemd-bootarch.efi.signed exists, it will be used in place of /usr/lib/systemd/boot/efi/systemd-bootarch.efi when installing or updating the boot manager. See bootctl(1) § SIGNED .EFI FILES for details.
pacman 鉤子

軟體包 systemd-boot-pacman-hookAUR 提供了一個 Pacman 鉤子,將在每次更新 systemd 後自動執行。

或者,不安裝 systemd-boot-pacman-hook 實現相同功能,在 /etc/pacman.d/hooks/ 目錄下手動添加以下文件:

/etc/pacman.d/hooks/95-systemd-boot.hook
[Trigger]
Type = Package
Operation = Upgrade
Target = systemd

[Action]
Description = Gracefully upgrading systemd-boot...
When = PostTransaction
Exec = /usr/bin/systemctl restart systemd-boot-update.service
為安全啟動進行簽名

如果你啟用了 安全啟動,你需要添加一個 Pacman 鉤子以在更新後自動為其重新簽名:

/etc/pacman.d/hooks/80-secureboot.hook
[Trigger]
Operation = Install
Operation = Upgrade
Type = Path
Target = usr/lib/systemd/boot/efi/systemd-boot*.efi

[Action]
Description = Signing systemd-boot EFI binary for Secure Boot
When = PostTransaction
Exec = /bin/sh -c 'while read -r i; do sbsign --key /path/to/keyfile.key --cert /path/to/certificate.crt "$i"; done;'
Depends = sh
Depends = sbsigntools
NeedsTargets

/path/to/keyfile.key/path/to/certificate.crt 替換為你的簽名密鑰和證書,具體信息可參考 sbsign(1)

提示:如果你在使用 sbctl,那位於 /usr/share/libalpm/hooks/zz-sbctl.hook 的鉤子會自動對註冊到其資料庫的文件進行簽名。別忘了先將必要的文件註冊到你的啟動鏈中。

配置

啟動選單配置

配置文件保存於 esp/loader/loader.conf,具體信息可參考 loader.conf(5) § OPTIONS

以下是一個簡單的示例:

esp/loader/loader.conf
default  arch.conf
timeout  4
console-mode max
editor   no
提示:
  • systemd-boot does not accept tabs for indentation, use spaces instead.
  • defaulttimeout 可在啟動選單中修改,變更將覆蓋保存到 LoaderEntryDefaultLoaderConfigTimeout 這兩個 UEFI 變量中。
  • bootctl set-default ""bootctl set-timeout "" 可分別用於清除覆蓋了 default and timeout 選項的 UEFI 變量。
  • If you have set timeout 0, the boot menu can be accessed by pressing Space.
  • 基本配置文件示例位於 /usr/share/systemd/bootctl/loader.conf
  • If the bootloader (during the entry selection) appears distorted/uses the wrong resolution you can try to set the console-mode to auto (uses heuristics to select the best resolution), keep (keeps the firmware provided resolution) or 2 (tries to select the first non-UEFI-standard resolution).

記住上一次的啟動項

As of systemd version 251 or later default can be changed to @saved in order to remember the last picked entry on startup. This is useful for when dual booting Windows and the surprise windows auto update pushes you into Linux.

esp/loader/loader.conf
default @saved
...

Consult loader.conf(5) for more details.

增加啟動選項

systemd-boot 會在 esp/loader/entries/*.conf 中查找啟動選項,如果使用了 XBOOTLDR,那同時也會查找 boot/loader/entries/*.conf 。注意,esp 下的啟動項只能調用 esp 下的文件(例如內核,initramfs,映像等),boot 下的啟動項也一樣只能調用 boot 下的文件。

注意: 啟用安全啟動後,內嵌 .cmdline統一內核映像將忽略所有傳入的命令行選項(無論是使用 options 傳入啟動選項還是交互式傳入的)。當未啟用安全啟動時,通過命令行傳入的選項會覆蓋掉 .cmdline 內置的選項。

以下為從卷啟動 Arch 的啟動選項文件示例,其中卷的 UUIDxxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx

esp/loader/entries/arch.conf
title   Arch Linux
linux   /vmlinuz-linux
initrd  /initramfs-linux.img
options root=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx rw
esp/loader/entries/arch-fallback.conf
title   Arch Linux (fallback initramfs)
linux   /vmlinuz-linux
initrd  /initramfs-linux-fallback.img
options root=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx rw

所有配置選項可參考 引導加載器規範

systemd-boot 會在啟動時自動搜索 /EFI/Microsoft/Boot/Bootmgfw.efiWindows Boot Manager),/shellx64.efiUEFI shell)和 /EFI/BOOT/bootx64.efiEFI Default Loader),同時也會在 /EFI/Linux/ 內查找內核文件。在檢測到後,會自動生成名稱分別為 auto-windowsauto-efi-shellauto-efi-default 的啟動選項,因此這些選項不需要手動配置引導器。但和 rEFInd 不同,不會為其它 EFI 應用程式創建啟動選項,所以這些還需要進行進一步設置。

提示:
  • 可以用 bootctl list 列出所有可用啟動選項。
  • 啟動選項配置示例位於 /usr/share/systemd/bootctl/arch.conf
  • 適用於如 LVMLUKSdm-cryptBtrfs內核參數可在對應的頁面中獲取。
注意: If external microcode initramfs images are used (e.g. when using Booster as the initramfs generator), /boot/amd-ucode.img or /boot/intel-ucode.img must be specified in a separate initrd and always be placed first, before the main initramfs image.

UEFI Shells 或其他 EFI 應用程式

In case you installed a UEFI shell with the package edk2-shell, systemd-boot will auto-detect and create a new entry if the EFI file is placed in esp/shellx64.efi. To perform this and example command after installing the package would be:

# cp /usr/share/edk2-shell/x64/Shell.efi /boot/shellx64.efi

另外如果你安裝了其他 EFI 應用程式到 ESP,也可以像這樣進行加載:

注意: The file path parameter for the efi line is relative to the root of your EFI system partition. If your EFI system partition is mounted at /boot and your EFI binaries reside at /boot/EFI/xx.efi and /boot/yy.efi, then you would specify the parameters as efi /EFI/xx.efi and efi /yy.efi respectively.
esp/loader/entries/fwupd.conf
title  Firmware updater
efi     /EFI/tools/fwupdx64.efi
esp/loader/entries/gdisk.conf
title  GPT fdisk (gdisk)
efi     /EFI/tools/gdisk_x64.efi
Memtest86+

You need to install memtest86+-efi for this to work. Also sign the EFI binary when using Secure Boot.

esp/loader/entries/memtest.conf
title Memtest86+
efi /memtest86+/memtest.efi
Netboot

systemd-boot can chainload Netboot. Download the ipxe-arch.efi EFI binary and signature, verify it and place it as proposed in esp/EFI/arch_netboot/arch_netboot.efi.

esp/loader/entries/arch_netboot.conf
title Arch Linux Netboot
efi /EFI/arch_netboot/arch_netboot.efi
GRUB

systemd-boot can chainload GRUB. The location of the grubx64.efi binary matches the used --bootloader-id= when GRUB was installed to the ESP.

esp/loader/entries/grub.conf
title GRUB
efi /EFI/GRUB/grubx64.efi

從其它硬碟啟動

systemd-boot cannot launch EFI binaries from partitions other than the ESP it is launched from or the XBOOTLDR partition on the same disk, but it can direct the UEFI shell to do so.

First, install edk2-shell as described above. Next, obtain the PARTUUID of the partition where the destination EFI file is located by using the blkid command on Linux. In the UEFI shell, use the map command to take notes of the FS alias (ex: HD0a66666a2, HD0b, FS1, or BLK7) of the partition with the corresponding PARTUUID.

Then, use the exit command to boot back into Linux, where you can create a new loader entry to run the target EFI program through the UEFI shell:

esp/loader/entries/windows.conf
title   Windows
efi     /shellx64.efi
options -nointerrupt -nomap -noversion HD0b:EFI\Microsoft\Boot\Bootmgfw.efi

Ensure that the efi path matches the location where the shellx64.efi has been copied in the esp partition. Also, note that the shellx64.efi EFI file can be moved elsewhere to avoid the automatic entry creation by systemd-boot.

Replace HD0b with the previously noted FS alias.

  • The -nointerrupt option prevents interrupting the target EFI program with CTRL+C.
  • The -nomap -noversion options hide the default UEFI shell greeting.
  • To have the UEFI shell automatically return to the bootloader if the target EFI program exits (e.g., due to an error), add the -exit option.
  • You can also add the -noconsoleout option if there is still unnecessary output in the UEFI shell.

Booting into UEFI firmware setup

systemd-boot will automatically add an entry to boot into UEFI firmware setup if your device's firmware supports rebooting into setup from the OS.

對休眠的支持

參閱 掛起與休眠

為內核參數編輯器加上密碼保護

Alternatively you can install systemd-boot-passwordAUR which supports password basic configuration option. Use sbpctl generate to generate a value for this option.

Install systemd-boot-password with the following command:

# sbpctl install esp

With enabled editor you will be prompted for your password before you can edit kernel parameters.

小提示

啟動選單中的按鍵操作

在啟動選單中,你可以使用 tT 調整超時時間,使用 e 編輯當前啟動項的內核參數。按下 h 可以看到一個簡略的快捷鍵列表,完整的啟動選單內可用快捷鍵列表可參考 systemd-boot(7) § KEY BINDINGS

選擇下一次啟動選項

The boot manager is integrated with the systemctl command, allowing you to choose what option you want to boot after a reboot. For example, suppose you have built a custom kernel and created an entry file esp/loader/entries/arch-custom.conf to boot into it, you can just launch

$ systemctl reboot --boot-loader-entry=arch-custom.conf

and your system will reboot into that entry maintaining the default option intact for subsequent boots. To see a list of possible entries pass the --boot-loader-entry=help option.

If you want to boot into the firmware of your motherboard directly, then you can use this command:

$ systemctl reboot --firmware-setup

統一內核映像

Unified kernel images in esp/EFI/Linux/ are automatically sourced by systemd-boot, and do not need an entry in esp/loader/entries. (Note that unified kernel images must have a .efi extension to be identified by systemd-boot.)

提示:Files in esp/loader/entries/ will be booted first if no default is set in esp/loader/loader.conf. Remove those entries, or set the default with the full file name, i.e. default arch-linux.efi

Grml on ESP

注意: The following instructions are not exclusive to Grml. With slight adjustments, installing other software (e.g., SystemRescueCD) is possible.
提示:A PKGBUILD is available: grml-systemd-bootAUR.

Grml is a small live system with a collection of software for system administration and rescue.

In order to install Grml on the ESP, we only need to copy the kernel vmlinuz, the initramfs initrd.img, and the squashed image grml64-small.squashfs from the iso file to the ESP. To do so, first download grml64-small.iso and mount the file (the mountpoint is henceforth denoted mnt); the kernel and initramfs are located in mnt/boot/grml64small/, and the squashed image resides in mnt/live/grml64-small/.

Next, create a directory for Grml in your ESP,

# mkdir -p esp/grml

and copy the above-mentioned files in there:

# cp mnt/boot/grml64small/vmlinuz esp/grml
# cp mnt/boot/grml64small/initrd.img esp/grml
# cp mnt/live/grml64-small/grml64-small.squashfs esp/grml

In the last step, create an entry for the systemd-boot loader: In esp/loader/entries create a grml.conf file with the following content:

esp/loader/entries/grml.conf
title   Grml Live Linux
linux   /grml/vmlinuz
initrd  /grml/initrd.img
options apm=power-off boot=live live-media-path=/grml/ nomce net.ifnames=0

For an overview of the available boot options, consult the cheatcode for Grml.

在 BIOS 系統上使用 systemd-boot

If you need a bootloader for BIOS systems that follows The Boot Loader Specification, then systemd-boot can be pressed into service on BIOS systems. The Clover boot loader supports booting from BIOS systems and provides a emulated UEFI environment.

排除問題

在傳統啟動(BIOS 模式)下安裝

注意: 不建議進行該操作!

如果你以 BIOS 模式啟動電腦,你還是可以正常安裝 systemd-boot,但需要在安裝後手動向你的固件提供如何啟動 systemd-boot EFI 文件的相關信息,為此你需要下列工具之一:

  • 一個 UEFI Shell
  • 你的 UEFI 固件設置中提供了更改啟動選項的選項.
  • 如果 UEFI 沒有其它啟動項,某些固件會直接使用 esp/EFI/BOOT/BOOTX64.EFI

滿足條件後,進入你的 UEFI Shell 或是 UEFI 固件設置,修改你的默認 EFI 啟動加載器為 esp/EFI/systemd/systemd-bootx64.efi

注意: 在某些 Dell Latitude 計算機上,UEFI 固件設置界面提供了設置 UEFI 啟動所需的工具,而 EFI Shell 無法修改那些設置.

通過 efibootmgr 手動添加啟動選項

如果運行bootctl install 命令失敗,你可以通過 efibootmgr手動增加選項:

# efibootmgr --create --disk /dev/sdX --part Y --loader '\EFI\systemd\systemd-bootx64.efi' --label "Linux Boot Manager" --unicode

EFI 系統分區的設備名稱替換 /dev/sdXY

在 Windows 上通過 bcdedit 添加啟動選項

If for any reason you need to create an UEFI boot entry from Windows, you can use the following commands from an Administrator prompt:

> bcdedit /copy {bootmgr} /d "Linux Boot Manager"
> bcdedit /set {guid} path \EFI\systemd\systemd-bootx64.efi

Replace guid with the id returned by the first command. You can also set it as the default entry using

> bcdedit /default {guid}

在 Windows 升級後看不到啟動菜單

參閱 UEFI#Windows 改變了啟動次序

添加 Windows BitLocker TPM 解鎖支持

To stop BitLocker from requesting the recovery key, add the following to loader.conf:

esp/loader/loader.conf
reboot-for-bitlocker yes

This will set the BootNext UEFI variable, whereby Windows Boot Manager is loaded without BitLocker requiring the recovery key. This is a one-time change, and systemd-boot remains the default bootloader. There is no need to specify Windows as an entry if it was autodetected.

This is an experimental feature, so make sure to consult loader.conf(5).

參閱