systemd-boot(7),曾用名 gummiboot (德語裡「橡皮筏」的意思),是一款易於配置的 UEFI 引導加載程序。它提供了一個用於選擇啟動項的文本菜單,以及一個用於配置內核命令行的編輯器。
注意,systemd-boot 只能啟動 EFI 可執行程序(例如 Linux 內核 EFISTUB,UEFI shell,GRUB 或者 Windows Boot Manager)。
支持的文件系統
systemd-boot 從固件繼承了文件系統兼容性(例如至少支持 FAT12,FAT16 和 FAT32),還可以加載 esp/EFI/systemd/drivers/
目錄下的 UEFI 驅動。
安裝
systemd-boot 隨 systemd包 包一同安裝,其為 base包 元軟體包的依賴,因此無需手動安裝額外軟體包。
安裝 UEFI 啟動管理器
要安裝 systemd-boot,首先確保啟動方式是 UEFI 模式,可以訪問 UEFI 變量。用 efivar --list
命令進行檢查,如果沒有安裝 efivar包 ,使用 ls /sys/firmware/efi/efivars
(如果目錄存在,則表明系統是以 UEFI 模式啟動的)。
下面的例子中會用 esp
表示 ESP 掛載點的路徑,例如 /efi
或 /boot
。這將假設你已經 chroot 到了系統的掛載點下。
使用 bootctl(1) 將 systemd-boot 安裝到 ESP:
# bootctl install
這將把 systemd-boot UEFI 啟動管理器複製到 ESP,同時為其創建一項 UEFI 啟動入口,並將其設置為 UEFI 啟動順序的第一項。
- 在 x64 UEFI 環境中,
/usr/lib/systemd/boot/efi/systemd-bootx64.efi
將被複製到esp/EFI/systemd/systemd-bootx64.efi
和esp/EFI/BOOT/BOOTX64.EFI
。 - 在 IA32 UEFI 環境中,
/usr/lib/systemd/boot/efi/systemd-bootia32.efi
將被複製到esp/EFI/systemd/systemd-bootia32.efi
和esp/EFI/BOOT/BOOTIA32.EFI
。
UEFI 啟動選項將被命名為「Linux Boot Manager」,根據 UEFI 位數不同,啟動選項將指向到 ESP 的 \EFI\systemd\systemd-bootx64.efi
或 \EFI\systemd\systemd-bootia32.efi
位置下。
- 在運行
bootctl install
時,systemd-boot 會嘗試在/efi
,/boot
和/boot/efi
目錄下尋找 ESP。可以通過--esp-path=esp
參數指定esp
目錄(詳細信息請參考 bootctl(1) § OPTIONS)。 - 安裝 systemd-boot 將覆蓋現有的
esp/EFI/BOOT/BOOTX64.EFI
(或是 IA32 UEFI 下的esp/EFI/BOOT/BOOTIA32.EFI
),例如 Microsoft 版本的文件。
要完成安裝,請 配置 systemd-boot。
通過 XBOOTLDR 安裝
A separate /boot partition of type "Linux extended boot" (XBOOTLDR) can be created to keep the kernel and initramfs separate from the ESP. This is particularly helpful to dual boot with Windows with an existing ESP that is too small.
Prepare an ESP as usual and create another partition for XBOOTLDR on the same physical drive. The XBOOTLDR partition must have a partition type GUID of bc13c2ff-59e6-4262-a352-b275fd6f7172
[1] (ea00
type for gdisk). The size of the XBOOTLDR partition should be large enough to accommodate all of the kernels you are going to install.
- systemd-boot does not do a file system check like it does for the ESP. Hence, it is possible to use any file system that your UEFI implementation can read.
- UEFI may skip loading partitions other than the ESP when a "fast boot" mode is enabled. This can lead to systemd-boot failing to find entries on the XBOOTLDR partition; in that case, disable the "fast boot" mode.
- The XBOOTLDR partition must be on the same physical disk as the ESP for systemd-boot to recognize it.
During install, mount the ESP to /mnt/efi
and the XBOOTLDR partition to /mnt/boot
.
Once in chroot, use the command:
# bootctl --esp-path=/efi --boot-path=/boot install
To conclude the installation, configure systemd-boot.
更新 EFI 啟動管理器
每當 systemd-boot 有新版本時,用戶可以選擇重新安裝啟動管理器。該操作可以手動或自動進行,具體方式將在下文中描述。
手動更新
使用bootctl 更新 systemd-boot:
# bootctl update
bootctl install
類似,systemd-boot 會嘗試在 /efi
,/boot
和 /boot/efi
三個位置下尋找 ESP。可以用 --esp-path=esp
參數指定 esp
位置。自動更新
如果你需要自動更新 systemd-boot,你可以嘗試使用 systemd 服務 或 Pacman 鉤子,下方介紹了這兩種方法。
systemd 服務
在版本 250 後, systemd包 添加了 systemd-boot-update.service
。 啟用 這個服務後將會在下次啟動系統時更新 bootloader。
/usr/lib/systemd/boot/efi/systemd-bootarch.efi.signed
exists, it will be used in place of /usr/lib/systemd/boot/efi/systemd-bootarch.efi
when installing or updating the boot manager. See bootctl(1) § SIGNED .EFI FILES for details.pacman 鉤子
軟體包 systemd-boot-pacman-hookAUR 提供了一個 Pacman 鉤子,將在每次更新 systemd包 後自動執行。
或者,不安裝 systemd-boot-pacman-hook 實現相同功能,在 /etc/pacman.d/hooks/
目錄下手動添加以下文件:
/etc/pacman.d/hooks/95-systemd-boot.hook
[Trigger] Type = Package Operation = Upgrade Target = systemd [Action] Description = Gracefully upgrading systemd-boot... When = PostTransaction Exec = /usr/bin/systemctl restart systemd-boot-update.service
為安全啟動進行簽名
如果你啟用了 安全啟動,你需要添加一個 Pacman 鉤子以在更新後自動為其重新簽名:
/etc/pacman.d/hooks/80-secureboot.hook
[Trigger] Operation = Install Operation = Upgrade Type = Path Target = usr/lib/systemd/boot/efi/systemd-boot*.efi [Action] Description = Signing systemd-boot EFI binary for Secure Boot When = PostTransaction Exec = /bin/sh -c 'while read -r i; do sbsign --key /path/to/keyfile.key --cert /path/to/certificate.crt "$i"; done;' Depends = sh Depends = sbsigntools NeedsTargets
將 /path/to/keyfile.key
和 /path/to/certificate.crt
替換為你的簽名密鑰和證書,具體信息可參考 sbsign(1) 。
/usr/share/libalpm/hooks/zz-sbctl.hook
的鉤子會自動對註冊到其資料庫的文件進行簽名。別忘了先將必要的文件註冊到你的啟動鏈中。配置
啟動選單配置
配置文件保存於 esp/loader/loader.conf
,具體信息可參考 loader.conf(5) § OPTIONS 。
以下是一個簡單的示例:
esp/loader/loader.conf
default arch.conf timeout 4 console-mode max editor no
- systemd-boot does not accept tabs for indentation, use spaces instead.
-
default
和timeout
可在啟動選單中修改,變更將覆蓋保存到LoaderEntryDefault
和LoaderConfigTimeout
這兩個 UEFI 變量中。 -
bootctl set-default ""
和bootctl set-timeout ""
可分別用於清除覆蓋了default
andtimeout
選項的 UEFI 變量。 - If you have set
timeout 0
, the boot menu can be accessed by pressingSpace
. - 基本配置文件示例位於
/usr/share/systemd/bootctl/loader.conf
。 - If the bootloader (during the entry selection) appears distorted/uses the wrong resolution you can try to set the
console-mode
toauto
(uses heuristics to select the best resolution),keep
(keeps the firmware provided resolution) or2
(tries to select the first non-UEFI-standard resolution).
記住上一次的啟動項
As of systemd version 251 or later default can be changed to @saved
in order to remember the last picked entry on startup. This is useful for when dual booting Windows and the surprise windows auto update pushes you into Linux.
esp/loader/loader.conf
default @saved ...
Consult loader.conf(5) for more details.
增加啟動選項
systemd-boot 會在 esp/loader/entries/*.conf
中查找啟動選項,如果使用了 XBOOTLDR,那同時也會查找 boot/loader/entries/*.conf
。注意,esp
下的啟動項只能調用 esp
下的文件(例如內核,initramfs,映像等),boot
下的啟動項也一樣只能調用 boot
下的文件。
.cmdline
的統一內核映像將忽略所有傳入的命令行選項(無論是使用 options
傳入啟動選項還是交互式傳入的)。當未啟用安全啟動時,通過命令行傳入的選項會覆蓋掉 .cmdline
內置的選項。以下為從卷啟動 Arch 的啟動選項文件示例,其中卷的 UUID 為 xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx
:
esp/loader/entries/arch.conf
title Arch Linux linux /vmlinuz-linux initrd /initramfs-linux.img options root=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx rw
esp/loader/entries/arch-fallback.conf
title Arch Linux (fallback initramfs) linux /vmlinuz-linux initrd /initramfs-linux-fallback.img options root=UUID=xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx rw
所有配置選項可參考 引導加載器規範。
systemd-boot 會在啟動時自動搜索 /EFI/Microsoft/Boot/Bootmgfw.efi
(Windows Boot Manager),/shellx64.efi
(UEFI shell)和 /EFI/BOOT/bootx64.efi
(EFI Default Loader),同時也會在 /EFI/Linux/
內查找內核文件。在檢測到後,會自動生成名稱分別為 auto-windows
,auto-efi-shell
和 auto-efi-default
的啟動選項,因此這些選項不需要手動配置引導器。但和 rEFInd 不同,不會為其它 EFI 應用程式創建啟動選項,所以這些還需要進行進一步設置。
/boot/amd-ucode.img
or /boot/intel-ucode.img
must be specified in a separate initrd
and always be placed first, before the main initramfs image.UEFI Shells 或其他 EFI 應用程式
In case you installed a UEFI shell with the package edk2-shell包, systemd-boot will auto-detect and create a new entry if the EFI file is placed in esp/shellx64.efi
.
To perform this and example command after installing the package would be:
# cp /usr/share/edk2-shell/x64/Shell.efi /boot/shellx64.efi
另外如果你安裝了其他 EFI 應用程式到 ESP,也可以像這樣進行加載:
efi
line is relative to the root of your EFI system partition. If your EFI system partition is mounted at /boot
and your EFI binaries reside at /boot/EFI/xx.efi
and /boot/yy.efi
, then you would specify the parameters as efi /EFI/xx.efi
and efi /yy.efi
respectively.esp/loader/entries/fwupd.conf
title Firmware updater efi /EFI/tools/fwupdx64.efi
esp/loader/entries/gdisk.conf
title GPT fdisk (gdisk) efi /EFI/tools/gdisk_x64.efi
Memtest86+
You need to install memtest86+-efi包 for this to work. Also sign the EFI binary when using Secure Boot.
esp/loader/entries/memtest.conf
title Memtest86+ efi /memtest86+/memtest.efi
Netboot
systemd-boot can chainload Netboot. Download the ipxe-arch.efi
EFI binary and signature, verify it and place it as proposed in esp/EFI/arch_netboot/arch_netboot.efi
.
esp/loader/entries/arch_netboot.conf
title Arch Linux Netboot efi /EFI/arch_netboot/arch_netboot.efi
GRUB
systemd-boot can chainload GRUB. The location of the grubx64.efi
binary matches the used --bootloader-id=
when GRUB was installed to the ESP.
esp/loader/entries/grub.conf
title GRUB efi /EFI/GRUB/grubx64.efi
從其它硬碟啟動
systemd-boot cannot launch EFI binaries from partitions other than the ESP it is launched from or the XBOOTLDR partition on the same disk, but it can direct the UEFI shell to do so.
First, install edk2-shell包 as described above. Next, obtain the PARTUUID of the partition where the destination EFI file is located by using the blkid
command on Linux. In the UEFI shell, use the map command to take notes of the FS alias (ex: HD0a66666a2, HD0b, FS1, or BLK7) of the partition with the corresponding PARTUUID.
Then, use the exit
command to boot back into Linux, where you can create a new loader entry to run the target EFI program through the UEFI shell:
esp/loader/entries/windows.conf
title Windows efi /shellx64.efi options -nointerrupt -nomap -noversion HD0b:EFI\Microsoft\Boot\Bootmgfw.efi
Ensure that the efi
path matches the location where the shellx64.efi
has been copied in the esp partition. Also, note that the shellx64.efi
EFI file can be moved elsewhere to avoid the automatic entry creation by systemd-boot.
Replace HD0b
with the previously noted FS alias.
- The
-nointerrupt
option prevents interrupting the target EFI program with CTRL+C. - The
-nomap -noversion
options hide the default UEFI shell greeting. - To have the UEFI shell automatically return to the bootloader if the target EFI program exits (e.g., due to an error), add the
-exit
option. - You can also add the
-noconsoleout
option if there is still unnecessary output in the UEFI shell.
Booting into UEFI firmware setup
systemd-boot will automatically add an entry to boot into UEFI firmware setup if your device's firmware supports rebooting into setup from the OS.
對休眠的支持
參閱 掛起與休眠。
為內核參數編輯器加上密碼保護
Alternatively you can install systemd-boot-passwordAUR which supports password
basic configuration option. Use sbpctl generate
to generate a value for this option.
Install systemd-boot-password with the following command:
# sbpctl install esp
With enabled editor you will be prompted for your password before you can edit kernel parameters.
小提示
啟動選單中的按鍵操作
在啟動選單中,你可以使用 t
和 T
調整超時時間,使用 e
編輯當前啟動項的內核參數。按下 h
可以看到一個簡略的快捷鍵列表,完整的啟動選單內可用快捷鍵列表可參考 systemd-boot(7) § KEY BINDINGS 。
選擇下一次啟動選項
The boot manager is integrated with the systemctl command, allowing you to choose what option you want to boot after a reboot. For example, suppose you have built a custom kernel and created an entry file esp/loader/entries/arch-custom.conf
to boot into it, you can just launch
$ systemctl reboot --boot-loader-entry=arch-custom.conf
and your system will reboot into that entry maintaining the default option intact for subsequent boots. To see a list of possible entries pass the --boot-loader-entry=help
option.
If you want to boot into the firmware of your motherboard directly, then you can use this command:
$ systemctl reboot --firmware-setup
統一內核映像
Unified kernel images in esp/EFI/Linux/
are automatically sourced by systemd-boot, and do not need an entry in esp/loader/entries
. (Note that unified kernel images must have a .efi
extension to be identified by systemd-boot.)
esp/loader/entries/
will be booted first if no default
is set in esp/loader/loader.conf
. Remove those entries, or set the default with the full file name, i.e. default arch-linux.efi
Grml on ESP
PKGBUILD
is available: grml-systemd-bootAUR.Grml is a small live system with a collection of software for system administration and rescue.
In order to install Grml on the ESP, we only need to copy the kernel vmlinuz
, the initramfs initrd.img
, and the squashed image grml64-small.squashfs
from the iso file to the ESP. To do so, first download grml64-small.iso and mount the file (the mountpoint is henceforth denoted mnt); the kernel and initramfs are located in mnt/boot/grml64small/
, and the squashed image resides in mnt/live/grml64-small/
.
Next, create a directory for Grml in your ESP,
# mkdir -p esp/grml
and copy the above-mentioned files in there:
# cp mnt/boot/grml64small/vmlinuz esp/grml # cp mnt/boot/grml64small/initrd.img esp/grml # cp mnt/live/grml64-small/grml64-small.squashfs esp/grml
In the last step, create an entry for the systemd-boot loader: In esp/loader/entries
create a grml.conf
file with the following content:
esp/loader/entries/grml.conf
title Grml Live Linux linux /grml/vmlinuz initrd /grml/initrd.img options apm=power-off boot=live live-media-path=/grml/ nomce net.ifnames=0
For an overview of the available boot options, consult the cheatcode for Grml.
在 BIOS 系統上使用 systemd-boot
If you need a bootloader for BIOS systems that follows The Boot Loader Specification, then systemd-boot can be pressed into service on BIOS systems. The Clover boot loader supports booting from BIOS systems and provides a emulated UEFI environment.
排除問題
在傳統啟動(BIOS 模式)下安裝
如果你以 BIOS 模式啟動電腦,你還是可以正常安裝 systemd-boot,但需要在安裝後手動向你的固件提供如何啟動 systemd-boot EFI 文件的相關信息,為此你需要下列工具之一:
- 一個 UEFI Shell
- 你的 UEFI 固件設置中提供了更改啟動選項的選項.
- 如果 UEFI 沒有其它啟動項,某些固件會直接使用
esp/EFI/BOOT/BOOTX64.EFI
。
滿足條件後,進入你的 UEFI Shell 或是 UEFI 固件設置,修改你的默認 EFI 啟動加載器為 esp/EFI/systemd/systemd-bootx64.efi
。
通過 efibootmgr 手動添加啟動選項
如果運行bootctl install
命令失敗,你可以通過 efibootmgr包手動增加選項:
# efibootmgr --create --disk /dev/sdX --part Y --loader '\EFI\systemd\systemd-bootx64.efi' --label "Linux Boot Manager" --unicode
用 EFI 系統分區的設備名稱替換 /dev/sdXY
。
在 Windows 上通過 bcdedit 添加啟動選項
If for any reason you need to create an UEFI boot entry from Windows, you can use the following commands from an Administrator prompt:
> bcdedit /copy {bootmgr} /d "Linux Boot Manager" > bcdedit /set {guid} path \EFI\systemd\systemd-bootx64.efi
Replace guid
with the id returned by the first command. You can also set it as the default entry using
> bcdedit /default {guid}
在 Windows 升級後看不到啟動菜單
添加 Windows BitLocker TPM 解鎖支持
To stop BitLocker from requesting the recovery key, add the following to loader.conf:
esp/loader/loader.conf
reboot-for-bitlocker yes
This will set the BootNext UEFI variable, whereby Windows Boot Manager is loaded without BitLocker requiring the recovery key. This is a one-time change, and systemd-boot remains the default bootloader. There is no need to specify Windows as an entry if it was autodetected.
This is an experimental feature, so make sure to consult loader.conf(5).