Archboot

From ArchWiki

Related articles

Archboot is a most advanced, modular Arch Linux boot/install image creation utility to generate reproducible bootable media for CD/USB/PXE, designed for installation or rescue operation. It is fully based on mkinitcpio, only runs in RAM and without any special filesystems like squashfs/erofs.
The project is developed by tpowa.

Archboot Image Releases

Download image files

x86_64 architecture

Release information ISO images SHA256SUM Forum thread
Latest Download Check Forum link

aarch64 architecture

Release information ISO images SHA256SUM Forum thread
Latest Download Check Forum link

Features of the images

Type RAM to boot Secure Boot
support		 WiFi
support		 LAN
support		 Rescue
operation		 Package cache
for installation		 Server or
Workstation		 Size
X86_64		 Size
AARCH64
date-latest 3250 MB Yes No DHCP server needed Yes Yes Yes 144 MB 207 MB
date 1300 MB Yes Yes Yes Yes No Yes 466 MB 432 MB
date-local 3250 MB Yes Yes Yes Yes Yes Yes 1037 MB 889 MB
  • With a fast internet connection and a running DHCP server, go for the "latest" image.
  • Without an internet connection for installation, you should use the "local" image. It includes a local package repository for installation.

PXE booting / Rescue system

Download X86_64 AARCH64
Kernel vmlinuz_archboot_x86_64 vmlinuz_archboot_aarch64
Initrd initramfs_x86_64.img
initramfs_x86_64-latest.img
initramfs_x86_64-local-0.img
initramfs_x86_64-local-1.img 		initramfs_aarch64.img
initramfs_aarch64-latest.img
initramfs_aarch64-local-0.img
initramfs_aarch64-local-1.img
Microcode intel-ucode.img
amd-ucode.img 		amd-ucode.img

Supported boot modes

Boot Mode X86_64 AARCH64
MBR BIOS with GRUB Yes No
UEFI/UEFI_CD booting with GRUB Yes Yes
UEFI_MIX_MODE booting with GRUB Yes No
Secure Boot with the
included fedora signed shim 		Yes Yes

It supports GRUB's iso loopback support. Variables used (below for example): 

iso_loop_dev=PARTUUID=12345678-1234-1234-1234-123456789ABC
iso_loop_path=/dirname/basename_of_archboot.iso

With GPT, the PARTUUID can be obtained from the Partition unique GUID line of the sgdisk --info=y /dev/sdx command output. 

menuentry "Archboot" --class iso {
loopback loop (hdX,Y)/archboot.iso
linux (loop)/boot/vmlinuz_x86_64 iso_loop_dev=/dev/sdXY iso_loop_path=/archboot.iso
initrd (loop)/boot/initramfs_x86_64.img
}

Burning release or writing to disk

Hybrid image file is a standard CD/DVD-burnable image and also a raw disk image.

  • Can be burned to CD/DVD(RW) media using most CD Burning utilities.
  • Can be raw-written to a drive using 'dd' or similar utilities. This method is intended for use with USB thumb drives.
# dd if=imagefile of=/dev/yourdevice bs=1M

Installation with a Xorg environment or VNC instead of plain console

  • During boot all network interfaces will try to obtain an IP address through dhcpcd.
  • If your network does not obtain an address, please setup the network manually or with the setup routine.

Preconfigured environments with VNC support

Desktop
Environment		 Online
Mode		 Local
Mode		 Command Switch
Gnome Yes No # update-installer.sh -launch-gnome
KDE/Plasma Yes No # update-installer.sh -launch-kde
Xfce Yes Yes # update-installer.sh -launch-xfce
  • VNC is automatically launched with starting Xorg.
  • Connect with your vnc client and use password:archboot
  • Edit /etc/archboot/defaults to change default vnc password.

Custom environment (without VNC)

  • Edit /etc/archboot/defaults and change _CUSTOM_XORG array to your needs.
  • Run: update-installer.sh -custom-xorg from a console login

Remote installation with OpenSSH

  • During boot all network interfaces will try to obtain an IP address through dhcpcd.
  • root password is not set by default! If you need privacy during installation set a password.
$ ssh root@yourip

Secure Boot support with shim package signed from fedora

  • Caveat:
    • This method is intended to use for dual booting with Windows, without losing the Secure Boot benefits for Windows.
    • This method will not make your system more secure.
    • It installs a bootloader which is not controlled by Arch Linux and breaks the concept of Secure Boot as is.
  • Please read Roderick Smith's guide first for initial shim setup.
  • In order to boot in Secure Boot mode on first boot:
    • you need to add the hash of /EFI/BOOT/grubx64.efi to the MOK
    • you need to add the hash of /EFI/BOOT/vmlinuz_x86_64 to the MOK
  • Tools included for key management: KeyTool, HashTool, mokutil, sbsigntools, sbctl and mkkeys.sh
  • setup script supports the following Secure Boot layout:
    • shim from fedora is copied
    • creating new keys is supported
    • using existing keys from /etc/secureboot/keys in layout secureboot-keys.sh produces
    • MOK setup is done with keys
    • adding pacman hook for automatic signing
    • On first reboot you need to enroll the used keys to the MOK then your installed system is dual boot ready.
  • It has a support script for creating your own keys and backup the existing keys, which already include the 2 needed Microsoft certificates:
# secureboot-keys.sh -name=yournametoembed directory

Interactive setup

You can run each point for doing the mentioned task. If you do a fresh install, it is recommended to run each point in the order as presented.

Changing keymap and console fonts

Setup network

Select Source

  • Local mode:
    • Local package database is autodetected
  • Online mode:
    • Latest pacman mirrors will be synced and you have to select your favourite mirror.
    • You will be asked if you want to activate the testing repository.
    • You can decide to load the latest archboot environment and cache packages for installation.

Changing timezone and date

Prepare Storage drive

Install Packages

  • You can modify the packages to install in /etc/archboot/defaults.
  • Pacman will install the packages for the first boot to your storage drive.

Configure System

Install Bootloader

For experts: quickinst installation

  • This script is for experts, who assemble the filesystems first and mount them in a directory.
  • quickinst will autodetect the packages to install for a minimal system.
# quickinst directory

Keep your image up to date

  • You can always bump your image to latest available possibilities (see -h flag for all the options).
# update-installer.sh option

Tools for backup and copying of an existing system

Archboot provides 2 additional scripts for doing those tasks.

  • internal backup / copying you can use:
# copy-mountpoint.sh
  • internal or external backup / copying with rsync you can use:
# rsync-backup.sh

Restoring an USB device to FAT32 state

  • When you have used the .iso image to create an USB installer, your USB stick is no longer useful for anything else.
  • Any remaining space on the stick (supposing you used a larger-than the .img file) is inaccessible.
  • Fortunately, it is easy to re-create a FAT32 partition on the stick so that the USB stick again becomes available for carrying around your data.
  • Check carefully which device actually is your USB stick. The next command will render all data on a device inaccessible:
# restore-usbstick.sh device

FAQ, Known Issues and limitations

  • Please check the forum threads for posted fixes and workarounds.
  • Please run this script to get latest fixes from git:
# update-installer.sh -u
  • Package XYZ is missing in archboot environment.
Install the missing package as needed.
For example, archinstall is not included by default since it needs python3 which is a large dependency.
  • The screen stays blank or other weird screen issues happen?
Some hardware does not like the KMS activation, use radeon.modeset=0, i915.modeset=0, amdgpu.modeset=0 or nouveau.modeset=0 on boot prompt.
  • Your system hangs during the boot process?
Any combinations of the kernel parameters: noapic, nolapic, acpi=off, pci=routeirq, pci=nosmp or pci=nomsi may be useful.
  • dmraid/fakeraid might be broken on some boards, support is not perfect here.
The reason is there are so many different hardware components out there. At the moment 1.0.0rc16 is included, with latest fedora patchset, development has been stopped.
mdadm supports some isw and ddf fakeraid chipsets, but assembling during boot is deactivated in /etc/mdadm.conf!
  • GRUB cannot detect correct bios boot order:
It may happen that hd(x,x) entries are not correct, thus first reboot may not work.
Reason: grub cannot detect bios boot order.
Fix: Either change bios boot order or change menu.lst to correct entries after successful boot. This cannot be fixed it is a restriction in grub2!
It may happen that UEFI boot entries are not correct, thus first reboot may not work e.g. Ovmf UEFI is affected by this.
Reason: The UEFI implementation does not support how setup created the efibootmgr entries.
Fix: Add manual entries and delete wrong entries from your UEFI implementation.
  • Redisplay the Welcome to Arch Linux message:
Reason: The Welcome to Arch Linux (archboot environment) message is displayed once, before the user takes any action.
Fix: Switch to a virtual console (with Alt+F1...F6) you have not used so far or run cat /etc/motd from within a shell prompt.
  • How much RAM is needed to boot?
It's an initramdisk which includes everything. The calculated size to boot the image follows the formula:
initramdisk + kernelimage + unpackedinitramdisk = minimum RAM to boot
  • What is the difference to the archiso install image?
Feature archboot archiso
Developers tpowa arch-releng team
UEFI mixed mode
(32bit UEFI / 64bit system)		 Yes Planned
archinstall No Yes
setup/quickinst script Yes No
Arch Install Scripts Yes Yes
Secure Boot
with fedora signed shim		 Yes No
Initramfs only Yes No
Man/Info pages No Yes
Localization English only Yes
accessibility support No Yes
netctl support Yes No
Mobile broadband modem
management service (modemmanager)		 No Yes
Text browser elinks lynx
IRC client weechat irssi
IRC and text browser preconfigured Yes No
Chromium browser Yes No
Gnome desktop Yes No
KDE desktop Yes No
Xfce desktop Yes No
Internal update feature Yes No
Offline installation support Yes No
VNC installation support Yes No
Image size <140-1030MB >864MB
RAM to boot >1.3GB <1.3GB
Bootup speed 3s slower 3s faster
Build speed faster slower
Image assembling grub-mkrescue xorriso
Image bootloader grub systemd-boot and syslinux
Reproducibility Yes No
Easy custom live CD creation No Yes

Screenshot gallery

Take a look at the archboot screenshot gallery.

Development: GIT repository

GIT repository can be found at Arch Linux Gitlab or Github .

Bugs

Arch Linux Bugtracker

Create rescue system of running system

  • Create the initrd with your chosen profile:
# mkinitcpio -c /etc/archboot/yourwantedsystem.conf -g initrd.img
  • Add your used kernel and initrd to your bootloader.

Create image files

Installation

  • Install the archboot package on x86_64 hardware.
  • Install the archboot-arm package on aarch64 hardware.
  • If you want to build aarch64 images replace x86_64 with aarch64 in the commands and files below.
  • You can build aarch64 images on x86_64 hardware. The qemu helper needs to be installed archboot-qemu-aarch64 package.

Requirements

Around 3GB free space on disk

Create image files without modifications

Building a new release

This script creates every installation media with latest available core/extra packages and boot/ directory with kernel and initrds. 

# archboot-x86_64-release.sh directory

You get the images and boot/ files in directory.

Rebuilding a release (reproducibility) 

# archboot-x86_64-release.sh directory https://pkgbuild.com/~tpowa/archboot-sources/x86_64/latest/

You get the rebuild image and boot/ files in directory.

Create image files with modifications:

Explanation of the archboot image tools.

archboot-x86_64-create-container.sh

This script will create an archboot container for image creation. 

# archboot-x86_64-create-container.sh directory

You get an archboot container in directory.

To enter the container run: 

# systemd-nspawn -D directory

Modify your container to your needs. Then run archboot-x86_64-iso.sh for image creation in container.

archboot-x86_64-iso.sh

  • Script for image creation from running system or for use in archboot container.
  • For normal image creation run:
# archboot-x86_64-iso.sh -g
  • Latest image: add -p=x86_64-latest to command above.
  • Local image: add -p=x86_64-local to command above.

Configuration files for image creation:

There are the following configuration files for ISO creation:

  • /etc/archboot/defaults : defaults for packages, bootloader config and server setup.
  • /etc/archboot/presets/name : presets for the images, defines which kernel and mkinitcpio.conf is used.
  • /etc/archboot/name.conf : contains the HOOKS, which are used for the initramdisks.

Setting up an archboot image server

Configuration file

You need to configure all your settings in the configuration file: /etc/archboot/defaults.

Requirements

  • You have a normal user, which has access to a working gpg setup with own signature.
  • You have a normal user with ssh access to the server, on which the images should upload.
  • Add the directories on the remote server, you want to upload to.

Running commands

x86_64 architecture

Simple run: 

# archboot-x86_64-server-release.sh

aarch64 architecture

  • You have to skip the tarball creation step, on aarch64 hardware.
  • Install the archboot-qemu-aarch64 package, for building on x86_64 hardware.
  • On first time setup you need to create the pacman-aarch64-chroot tarball on x86_64 hardware.
# archboot-pacman-aarch64-chroot.sh build-directory
  • Afterwards you only have to run for each release:
# archboot-aarch64-server-release.sh

Server cleanup

The /etc/archboot/defaults file defines old images purging after 3 months.

Testing image and files with QEMU

You can run QEMU tests at different stages of ISO creation:

kernel and initramdisk testing

$ qemu-system-x86_64 -kernel yourkernel -initrd yourinitramdisk -append "rootfstype=ramfs" --enable-kvm -usb -usbdevice tablet

BIOS MBR mode

$ qemu-system-x86_64 -drive file=yourisofile,if=virtio,format=raw -usb -usbdevice tablet --enable-kvm -boot d

UEFI GPT mode

64bit UEFI / 64bit running system 

$ qemu-system-x86_64 -drive file=yourisofile,if=virtio,format=raw -usb -usbdevice tablet --enable-kvm -boot d --bios /usr/share/edk2-ovmf/x64/OVMF.fd

32bit UEFI / 64bit running system 

$ qemu-system-x86_64 -drive file=yourisofile,if=virtio,format=raw -usb -usbdevice tablet --enable-kvm -boot d --bios /usr/share/edk2-ovmf/ia32/OVMF.fd

UEFI GPT Secure Boot

  • Copy OVMF_VARS.secboot.fd to a place the user has access to it.
  • The file already includes a basic set of keys from fedora ovmf package.
# cp /usr/share/archboot/ovmf/OVMF_VARS.secboot.fd directory
  • Replace the bios option, with the following additional commands:

64bit UEFI / 64bit running system 

-drive if=pflash,format=raw,readonly=on,file=/usr/share/ovmf/x64/OVMF_CODE.secboot.fd -drive if=pflash,format=raw,file=./OVMF_VARS.secboot.fd -global driver=cfi.pflash01,property=secure,value=on -machine q35,smm=on,accel=kvm -global ICH9-LPC.disable_s3=1

32bit UEFI / 64bit running system 

-drive if=pflash,format=raw,readonly=on,file=/usr/share/ovmf/ia32/OVMF_CODE.secboot.fd -drive if=pflash,format=raw,file=./OVMF_VARS.secboot.fd -global driver=cfi.pflash01,property=secure,value=on -machine q35,smm=on,accel=kvm -global ICH9-LPC.disable_s3=1

64bit UEFI / 64bit running system AARCH64 

-bios /usr/share/edk2-armvirt/aarch64/QEMU_EFI.fd -machine virt -cpu cortex-a57 -nographic
  • virtio vga device with keyboard and mouse
-bios /usr/share/edk2-armvirt/aarch64/QEMU_EFI.fd -machine virt -cpu cortex-a57 -device virtio-gpu-pci -device nec-usb-xhci -device usb-tablet -device usb-kbd
  • ramfb vga device with keyboard and mouse
-bios /usr/share/edk2-armvirt/aarch64/QEMU_EFI.fd -machine virt -cpu cortex-a57 -device ramfb -device nec-usb-xhci -device usb-tablet -device usb-kbd

Additional qemu parameters

  • You can test how much RAM is needed to bootup, eg. -m 1024 for 1GB RAM usage.
-m memory
  • KVM virtio network for tap0:
-net nic,model=virtio -net tap,ifname=tap0,script=no,downscript=no
  • KVM virtio harddisk:
-drive file=yourimagefile,if=virtio,format=raw
  • normal harddisk:
-hda yourimagefile
  • virtio graphic card
-vga virtio
  • serial console only
-vga none

See also