systemd-boot

systemd-boot, previously called gummiboot (German for: "rubber dinghy"), is a simple UEFI boot manager which executes configured EFI images. The default entry is selected by a configured pattern (glob) or an on-screen menu to be navigated via arrow keys. It is included with systemd, which is installed on an Arch system by default.

It is simple to configure but can only start EFI executables such as the Linux kernel EFISTUB, UEFI shell, GRUB, or the Windows Boot Manager.

Installation

Installing the EFI boot manager

To install the systemd-boot EFI boot manager, first make sure that the system has booted into UEFI mode and UEFI variables are accessible. This can be checked by running the command efivar --list or, if efivar is not installed, by running ls /sys/firmware/efi/efivars (if the directory exists, the system is booted into UEFI mode.)

Throughout, esp will be used to denote the ESP mountpoint, e.g. /efi or /boot. This assumes that you have chrooted to your system's mount point.

With the EFI system partition (ESP) mounted to esp, use bootctl(1) to install systemd-boot to the ESP:

# bootctl install

This will copy the systemd-boot boot loader to the ESP: on a x64 architecture system /usr/lib/systemd/boot/efi/systemd-bootx64.efi will be copied to esp/EFI/systemd/systemd-bootx64.efi and esp/EFI/BOOT/BOOTX64.EFI, and systemd-boot will be set as the default EFI application.

Note:

When running bootctl install, systemd-boot will try to locate the ESP at /efi, /boot, and /boot/efi. Setting esp to a different location requires passing the --esp-path=esp option. (See bootctl(1) § OPTIONS for details.)
Installing systemd-boot will overwrite any existing esp/EFI/BOOT/BOOTX64.EFI, for example Microsoft's version of this file.

To conclude the installation, configure systemd-boot.

Installation using XBOOTLDR

A separate /boot partition of type "Linux extended boot" (XBOOTLDR) can be created to keep the kernel and initramfs separate from the ESP. This is particularly helpful to dual boot with Windows with an existing ESP that is too small.

Prepare an ESP as usual and create another partition for XBOOTLDR on the same physical drive. The XBOOTLDR partition must have a partition type GUID of bc13c2ff-59e6-4262-a352-b275fd6f7172 [1]. The size of the XBOOTLDR partition should be large enough to accommodate all of the kernels you are going to install.

Note:

systemd-boot does not do a file system check like it does for the ESP. Hence, it is possible to use any file system that your UEFI implementation can read.
UEFI may skip loading partitions other than the ESP when a "fast boot" mode is enabled. This can lead to systemd-boot failing to find entries on the XBOOTLDR partition; in that case, disable the "fast boot" mode.
The XBOOTLDR partition must be on the same physical disk as the ESP for systemd-boot to recognize it.

During install, mount the ESP to /mnt/efi and the XBOOTLDR partition to /mnt/boot.

Once in chroot, use the command:

# bootctl --esp-path=/efi --boot-path=/boot install

To conclude the installation, configure systemd-boot.

Updating the EFI boot manager

Whenever there is a new version of systemd-boot, the EFI boot manager can be optionally reinstalled by the user. This can be done manually or automatically; the two approaches are described thereafter.

Note: The EFI boot manager is a standalone EFI executable and any version can be used to boot the system (partial updates do not apply, since pacman only installs the systemd-boot installer, not systemd-boot itself.) However, new versions may add new features or fix bugs, so it is probably a good idea to update systemd-boot.

Manual update

Use bootctl to update systemd-boot:

# bootctl update

Note: As with bootctl install, systemd-boot will try to locate the ESP at /efi, /boot, and /boot/efi. Setting esp to a different location requires passing the --esp-path=esp option.

Automatic update

To update systemd-boot automatically, either use a systemd service or a pacman hook. The two methods are described below.

systemd service

As of version 250, systemd ships with systemd-boot-update.service. Enabling this service will update the bootloader upon the next boot.

Warning: If you have Secure Boot enabled, you need to sign your bootloader after updating. See #pacman hook below for an example of how to do so.

pacman hook

The package systemd-boot-pacman-hook^AUR adds a pacman hook which is executed every time the systemd package is upgraded.

Instead of installing systemd-boot-pacman-hook, you may also directly place the following in the /etc/pacman.d/hooks/ directory:

/etc/pacman.d/hooks/100-systemd-boot.hook

[Trigger]
Type = Package
Operation = Upgrade
Target = systemd

[Action]
Description = Gracefully upgrading systemd-boot...
When = PostTransaction
Exec = /usr/bin/systemctl restart systemd-boot-update.service

If you have Secure Boot enabled, you may want to add a pacman hook to automatically re-sign the kernel and bootloader whenever the former is updated:

/etc/pacman.d/hooks/99-secureboot.hook

[Trigger]
Operation = Install
Operation = Upgrade
Type = Package
Target = linux
Target = systemd

[Action]
Description = Signing Kernel for SecureBoot
When = PostTransaction
Exec = /usr/bin/find /boot -type f ( -name vmlinuz-* -o -name systemd* ) -exec /usr/bin/sh -c 'if ! /usr/bin/sbverify --list {} 2>/dev/null | /usr/bin/grep -q "signature certificates"; then /usr/bin/sbsign --key db.key --cert db.crt --output "$1" "$1"; fi' _ {} ;
Depends = sbsigntools
Depends = findutils
Depends = grep

A Target entry must be added for every package upgrade trigger.

For better understanding of this hook, please consult pacman#Hooks, alpm-hooks(5), and Unified Extensible Firmware Interface/Secure Boot.

Configuration

Loader configuration

The loader configuration is stored in the file esp/loader/loader.conf. See loader.conf(5) § OPTIONS for details.

A loader configuration example is provided below:

esp/loader/loader.conf

default  arch.conf
timeout  4
console-mode max
editor   no

Tip:

systemd-boot does not accept tabs for indentation, use spaces instead.
default and timeout can be changed in the boot menu itself and changes will be stored as EFI variables LoaderEntryDefault and LoaderConfigTimeout, overriding these options.
bootctl set-default "" and bootctl set-timeout "" can be used to clear the EFI variables overriding the default and timeout options, respectively.
A basic loader configuration file is located at /usr/share/systemd/bootctl/loader.conf.

Adding loaders

systemd-boot will search for boot menu items in esp/loader/entries/*.conf and additionally in boot/loader/entries/*.conf if using XBOOTLDR. Note that entries in esp can only use files (e.g. kernels, initramfs, images, etc.) in esp. Similarly, entries in boot can only use files in boot.

This section is being considered for removal.

Reason: Duplicates https://systemd.io/BOOT_LOADER_SPECIFICATION/#type-1-boot-loader-specification-entries. (Discuss in Talk:Systemd-boot#Potential removal of "Loader configuration" section)

The possible options are:

title – operating system name. Required.
version – kernel version, shown only when multiple entries with same title exist. Optional.
machine-id – machine identifier from /etc/machine-id, shown only when multiple entries with same title and version exist. Optional.
efi – EFI program to start, relative to your ESP (esp); e.g. /vmlinuz-linux. Either this parameter or linux (see below) is required.
options – space-separated command line options to pass to the EFI program or kernel parameters. Optional, but you will need at least root=dev if booting Linux. This parameter can be omitted if the root partition is assigned the correct Root Partition Type GUID as defined in Discoverable Partitions Specification and if the systemd mkinitcpio hook is present.

For Linux boot, you can also use linux instead of efi. Or initrd in addition to options. The syntax is:

linux or initrd followed by the relative path of the corresponding files in the ESP; e.g. /vmlinuz-linux; this will be automatically translated into efi path and options initrd=path – this syntax is only supported for convenience and has no differences in function.

Note: If options is present in a boot entry and Secure Boot is disabled, the value of options will override any .cmdline string embedded in the EFI image that is specified by efi or linux (see Unified kernel image#Preparing a unified kernel image). With Secure Boot, however, options (and any edits made to the kernel command line in the bootloader UI) will be ignored, and only the embedded .cmdline will be used.

An example of loader files launching Arch from a volume labeled arch_os and loading Intel CPU microcode is:

esp/loader/entries/arch.conf

title   Arch Linux
linux   /vmlinuz-linux
initrd  /intel-ucode.img
initrd  /initramfs-linux.img
options root="LABEL=arch_os" rw

esp/loader/entries/arch-fallback.conf

title   Arch Linux (fallback initramfs)
linux   /vmlinuz-linux
initrd  /intel-ucode.img
initrd  /initramfs-linux-fallback.img
options root="LABEL=arch_os" rw

systemd-boot will automatically check at boot time for Windows Boot Manager at the location /EFI/Microsoft/Boot/Bootmgfw.efi, UEFI shell /shellx64.efi and EFI Default Loader /EFI/BOOT/bootx64.efi, as well as specially prepared kernel files found in /EFI/Linux/. When detected, corresponding entries with titles auto-windows, auto-efi-shell and auto-efi-default, respectively, will be generated. These entries do not require manual loader configuration. However, it does not auto-detect other EFI applications (unlike rEFInd), so for booting the Linux kernel, manual configuration entries must be created.

Tip:

The available boot entries which have been configured can be listed with the command bootctl list.
An example entry file is located at /usr/share/systemd/bootctl/arch.conf.
The kernel parameters for scenarios such as LVM, LUKS or dm-crypt can be found on the relevant pages.

EFI Shells or other EFI applications

In case you installed an EFI shell or an other EFI application into the ESP, you can use the following snippets.

Note: The file path parameter for the efi line is relative to your esp mount point. If you are mounted on /boot and your EFI binaries reside at /boot/EFI/xx.efi and /boot/yy.efi, then you would specify the parameters as efi /EFI/xx.efi and efi /yy.efi respectively.

esp/loader/entries/fwupd.conf

title  Firmware updator
efi     /EFI/fwupx64.efi

esp/loader/entries/gdisk.conf

title  GPT fdisk (gdisk)
efi     /EFI/tools/gdisk_x64.efi

Booting into EFI Firmware Setup

Most system firmware configured for EFI booting will add its own efibootmgr entries to boot into UEFI Firmware Setup.

Support hibernation

See Suspend and hibernate.

Kernel parameters editor with password protection

Alternatively you can install systemd-boot-password^AUR which supports password basic configuration option. Use sbpctl generate to generate a value for this option.

Install systemd-boot-password with the following command:

# sbpctl install esp

With enabled editor you will be prompted for your password before you can edit kernel parameters.

Tips and tricks

Keys inside the boot menu

See systemd-boot(7) § KEY BINDINGS for the available key bindings inside the boot menu.

Choosing next boot

The boot manager is integrated with the systemctl command, allowing you to choose what option you want to boot after a reboot. For example, suppose you have built a custom kernel and created an entry file esp/loader/entries/arch-custom.conf to boot into it, you can just launch

$ systemctl reboot --boot-loader-entry=arch-custom.conf

and your system will reboot into that entry maintaining the default option intact for subsequent boots. To see a list of possible entries pass the --boot-loader-entry=help option.

If you want to boot into the firmware of your motherboard directly, then you can use this command:

$ systemctl reboot --firmware-setup

Unified kernel images

Unified kernel images in esp/EFI/Linux/ are automatically sourced by systemd-boot, and do not need an entry in /boot/loader/entries. (Note that unified kernel images must have a .efi extension to be identified by systemd-boot.)

Tip: Files in /boot/loader/entries will be booted first if no default is set in /boot/loader/loader.conf. Remove those entries, or set the default with the full file name, ie default=archlinux-linux.efi

Grml on ESP

Note: The following instructions are not exclusive to Grml. With slight adjustments, installing other software (e.g., SystemRescueCD) is possible.

Tip: A PKGBUILD is available: grml-systemd-boot^AUR.

Grml is a small live system with a collection of software for system administration and rescue.

In order to install Grml on the ESP, we only need to copy the kernel vmlinuz, the initramfs initrd.img, and the squashed image grml64-small.squashfs from the iso file to the ESP. To do so, first download grml64-small.iso and mount the file (the mountpoint is henceforth denoted mnt); the kernel and initramfs are located in mnt/boot/grml64small/, and the squashed image resides in mnt/live/grml64-small/.

Next, create a directory for Grml in your ESP,

# mkdir -p esp/grml

and copy the above-mentioned files in there:

# cp mnt/boot/grml64small/vmlinuz esp/grml
# cp mnt/boot/grml64small/initrd.img esp/grml
# cp mnt/live/grml64-small/grml64-small.squashfs esp/grml

In the last step, create an entry for the systemd-boot loader: In esp/loader/entries create a grml.conf file with the following content:

esp/loader/entries/grml.conf

title   Grml Live Linux
linux   /grml/vmlinuz
initrd  /grml/initrd.img
options apm=power-off boot=live live-media-path=/grml/ nomce net.ifnames=0

For an overview of the available boot options, consult the cheatcode for Grml.

systemd-boot on BIOS systems

If you need a bootloader for BIOS systems that follows The Boot Loader Specification, then systemd-boot can be pressed into service on BIOS systems. The Clover boot loader supports booting from BIOS systems and provides a simulated EFI environment.

Troubleshooting

Installing after booting in BIOS mode

Note: This is not recommended.

If booted in BIOS mode, you can still install systemd-boot, however this process requires you to tell firmware to launch systemd-boot's EFI file at boot, usually via two ways:

you have a working EFI Shell somewhere else.
your firmware interface provides a way of properly setting the EFI file that needs to be loaded at boot time.

If you can do it, the installation is easier: go into your EFI Shell or your firmware configuration interface and change your machine's default EFI file to esp/EFI/systemd/systemd-bootx64.efi.

Note: The firmware interface of Dell Latitude series provides everything you need to setup EFI boot but the EFI Shell will not be able to write to the computer's ROM.

Manual entry using efibootmgr

If the bootctl install command failed, you can create a EFI boot entry manually using efibootmgr:

# efibootmgr --create --disk /dev/sdX --part Y --loader "\EFI\systemd\systemd-bootx64.efi" --label "Linux Boot Manager" --verbose

where /dev/sdXY is the EFI system partition.

Note: The path to the EFI image must use the backslash (\) as the separator

Manual entry using bcdedit from Windows

If for any reason you need to create an EFI boot entry from Windows, you can use the following commands from an Administrator prompt:

> bcdedit /copy {bootmgr} /d "Linux Boot Manager"
> bcdedit /set {guid} path \EFI\systemd\systemd-bootx64.efi

Replace guid with the id returned by the first command. You can also set it as the default entry using

> bcdedit /default {guid}

Menu does not appear after Windows upgrade

See UEFI#Windows changes boot order.