Rivoreo Source Code Repositories
src.rivoreo.one / systemd-stable / main / . / man / bootctl.xml
blob: 8d5b1d3d2c3ae393e2cdd5313947e045bc77a996 [file] [log] [blame] [raw]
<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
"http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
<refentry id="bootctl" conditional='HAVE_GNU_EFI'
xmlns:xi="http://www.w3.org/2001/XInclude">
<refentryinfo>
<title>bootctl</title>
<productname>systemd</productname>
</refentryinfo>
<refmeta>
<refentrytitle>bootctl</refentrytitle>
<manvolnum>1</manvolnum>
</refmeta>
<refnamediv>
<refname>bootctl</refname>
<refpurpose>Control EFI firmware boot settings and manage boot loader</refpurpose>
</refnamediv>
<refsynopsisdiv>
<cmdsynopsis>
<command>bootctl</command>
<arg choice="opt" rep="repeat">OPTIONS</arg>
<arg choice="req">COMMAND</arg>
</cmdsynopsis>
</refsynopsisdiv>
<refsect1>
<title>Description</title>
<para><command>bootctl</command> can check the EFI firmware and boot loader status, list and manage
available boot loaders and boot loader entries, and install, update, or remove the
<citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry> boot
loader on the current system.</para>
</refsect1>
<refsect1>
<title>Generic EFI Firmware/Boot Loader Commands</title>
<para>These commands are available on any EFI system, regardless of the boot loader used.</para>
<variablelist>
<varlistentry>
<term><option>status</option></term>
<listitem><para>Shows brief information about the system firmware, the boot loader that was used to boot the
system, the boot loaders currently available in the ESP, the boot loaders listed in the firmware's list of boot
loaders and the current default boot loader entry. If no command is specified, this is the implied
default.</para></listitem>
</varlistentry>
</variablelist>
<varlistentry>
<term><option>reboot-to-firmware</option> <optional><replaceable>BOOL</replaceable></optional></term>
<listitem><para>Query or set the "Reboot-Into-Firmware-Setup" flag of the EFI firmware. Takes a
boolean argument which controls whether to show the firmware setup on next system reboot. If the
argument is omitted shows the current status of the flag, or whether the flag is supported. This
controls the same flag as <command>systemctl reboot --firmware-setup</command>, but is more
low-level and allows setting the flag independently from actually requesting a
reboot.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>systemd-efi-options</option> <optional><replaceable>STRING</replaceable></optional></term>
<listitem><para>When called without the optional argument, prints the current value of the
<literal>SystemdOptions</literal> EFI variable. When called with an argument, sets the
variable to that value. See
<citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry>
for the meaning of that variable.</para></listitem>
</varlistentry>
</refsect1>
<refsect1>
<title>Boot Loader Specification Commands</title>
<para>These commands are available for all boot loaders that implement the <ulink
url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink> and/or the <ulink
url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>, such as
<command>systemd-boot</command>.</para>
<variablelist>
<varlistentry>
<term><option>list</option></term>
<listitem><para>Shows all available boot loader entries implementing the <ulink
url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink>, as well as any
other entries discovered or automatically generated by a boot loader implementing the <ulink
url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader
Interface</ulink>.</para>
<para>JSON output may be requested with <option>--json=</option>.</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>set-default</option> <replaceable>ID</replaceable></term>
<term><option>set-oneshot</option> <replaceable>ID</replaceable></term>
<listitem><para>Sets the default boot loader entry. Takes a single boot loader entry ID string or a glob
pattern as argument. The <option>set-oneshot</option> command will set the default entry only for the next boot,
the <option>set-default</option> will set it persistently for all future boots.</para></listitem>
<listitem><para>Optionally, the boot loader entry ID may be specified as one of: <option>@default</option>,
<option>@oneshot</option> or <option>@current</option>, which correspond to the current default boot loader
entry for all future boots, the current default boot loader entry for the next boot, and the currently booted
boot loader entry. These special IDs are resolved to the current values of the EFI variables
<varname>LoaderEntryDefault</varname>, <varname>LoaderEntryOneShot</varname> and <varname>LoaderEntrySelected</varname>,
see <ulink url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink> for details.
These special IDs are primarily useful as a quick way to persistently make the currently booted boot loader
entry the default choice, or to upgrade the default boot loader entry for the next boot to the default boot
loader entry for all future boots, but may be used for other operations too.</para>
<para>If set to <option>@saved</option> the chosen entry will be saved as an EFI variable
on every boot and automatically selected the next time the boot loader starts.</para>
<para>When an empty string ("") is specified as an ID, then the corresponding EFI variable will be unset.
</para></listitem>
</varlistentry>
<varlistentry>
<term><option>set-timeout</option> <replaceable>TIMEOUT</replaceable></term>
<term><option>set-timeout-oneshot</option> <replaceable>TIMEOUT</replaceable></term>
<listitem><para>Sets the boot loader menu timeout in seconds. The <option>set-timeout-oneshot</option>
command will set the timeout only for the next boot. See
<citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>
for details about the syntax of time spans.</para>
<para>If this is set to <option>menu-hidden</option> or <option>0</option> no menu is shown and
the default entry will be booted immediately, while setting this to <option>menu-force</option>
disables the timeout while always showing the menu. When an empty string ("") is specified the
bootloader will revert to its default menu timeout.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title><command>systemd-boot</command> Commands</title>
<para>These commands manage the <command>systemd-boot</command> EFI boot loader, and do not work in
conjunction with other boot loaders.</para>
<variablelist>
<varlistentry>
<term><option>install</option></term>
<listitem><para>Installs <command>systemd-boot</command> into the EFI system partition. A copy of
<command>systemd-boot</command> will be stored as the EFI default/fallback loader at
<filename><replaceable>ESP</replaceable>/EFI/BOOT/BOOT*.EFI</filename>. The boot loader is then added
to the top of the firmware's boot loader list.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>update</option></term>
<listitem><para>Updates all installed versions of
<citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>, if the
available version is newer than the version installed in the EFI system partition. This also includes the EFI
default/fallback loader at <filename><replaceable>ESP</replaceable>/EFI/BOOT/BOOT*.EFI</filename>. The boot
loader is then added to end of the firmware's boot loader list if missing.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>remove</option></term>
<listitem><para>Removes all installed versions of <command>systemd-boot</command> from the EFI system partition
and the firmware's boot loader list.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>is-installed</option></term>
<listitem><para>Checks whether <command>systemd-boot</command> is installed in the ESP. Note that a
single ESP might host multiple boot loaders; this hence checks whether
<command>systemd-boot</command> is one (of possibly many) installed boot loaders — and neither
whether it is the default nor whether it is registered in any EFI variables.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>random-seed</option></term>
<listitem><para>Generates a random seed and stores it in the EFI System Partition, for use by the
<command>systemd-boot</command> boot loader. Also, generates a random 'system token' and stores it
persistently as an EFI variable, if one has not been set before. If the boot loader finds the random
seed in the ESP and the system token in the EFI variable it will derive a random seed to pass to the
OS and a new seed to store in the ESP from the combination of both. The random seed passed to the OS
is credited to the kernel's entropy pool by the system manager during early boot, and permits
userspace to boot up with an entropy pool fully initialized very early on. Also see
<citerefentry><refentrytitle>systemd-boot-system-token.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
<para>See <ulink url="https://systemd.io/RANDOM_SEEDS">Random Seeds</ulink> for further
information.</para></listitem>
</varlistentry>
</variablelist>
</refsect1>
<refsect1>
<title>Options</title>
<para>The following options are understood:</para>
<variablelist>
<varlistentry>
<term><option>--esp-path=</option></term>
<listitem><para>Path to the EFI System Partition (ESP). If not specified, <filename>/efi/</filename>,
<filename>/boot/</filename>, and <filename>/boot/efi/</filename> are checked in turn. It is
recommended to mount the ESP to <filename>/efi/</filename>, if possible.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--boot-path=</option></term>
<listitem><para>Path to the Extended Boot Loader partition, as defined in the <ulink
url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink>. If not
specified, <filename>/boot/</filename> is checked. It is recommended to mount the Extended Boot
Loader partition to <filename>/boot/</filename>, if possible.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>-p</option></term>
<term><option>--print-esp-path</option></term>
<listitem><para>This option modifies the behaviour of <command>status</command>. Only prints the path
to the EFI System Partition (ESP) to standard output and exits.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>-x</option></term>
<term><option>--print-boot-path</option></term>
<listitem><para>This option modifies the behaviour of <command>status</command>. Only prints the path
to the Extended Boot Loader partition if it exists, and the path to the ESP otherwise to standard
output and exit. This command is useful to determine where to place boot loader entries, as they are
preferably placed in the Extended Boot Loader partition if it exists and in the ESP otherwise.</para>
<para>Boot Loader Specification Type #1 entries should generally be placed in the directory
<literal>$(bootctl -x)/loader/entries/</literal>. Existence of that directory may also be used as
indication that boot loader entry support is available on the system. Similarly, Boot Loader
Specification Type #2 entries should be placed in the directory <literal>$(bootctl
-x)/EFI/Linux/</literal>.</para>
<para>Note that this option (similar to the <option>--print-booth-path</option> option mentioned
above), is available independently from the boot loader used, i.e. also without
<command>systemd-boot</command> being installed.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--no-variables</option></term>
<listitem><para>Do not touch the firmware's boot loader list stored in EFI variables.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--graceful</option></term>
<listitem><para>Ignore failure when the EFI System Partition cannot be found, when EFI variables
cannot be written, or a different or newer boot loader is already installed. Currently only applies
to random seed and update operations.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--make-entry-directory=yes|no</option></term>
<listitem><para>Controls creation and deletion of the <ulink
url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink> Type #1 entry
directory on the file system containing resources such as kernel images and initial RAM disk images
during <option>install</option> and <option>remove</option>, respectively. The directory is named
after the entry token, as specified with <option>--entry-token=</option> parameter described below,
and is placed immediately below the <varname>$BOOT</varname> root directory (i.e. beneath the file
system returned by the <option>--print-boot-path</option> option, see above). Defaults to
<literal>no</literal>.</para></listitem>
</varlistentry>
<varlistentry>
<term><option>--entry-token=</option></term>
<listitem><para>Controls how to name and identify boot loader entries for this OS
installation. Accepted during <option>install</option>, and takes one of <literal>auto</literal>,
<literal>machine-id</literal>, <literal>os-id</literal>, <literal>os-image-id</literal> or an
arbitrary string prefixed by <literal>literal:</literal> as argument.</para>
<para>If set to <option>machine-id</option> the entries are named after the machine ID of the running
system (e.g. <literal>b0e793a9baf14b5fa13ecbe84ff637ac</literal>). See
<citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
details about the machine ID concept and file.</para>
<para>If set to <option>os-id</option> the entries are named after the OS ID of the running system,
i.e. the <varname>ID=</varname> field of
<citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry>
(e.g. <literal>fedora</literal>). Similar, if set to <option>os-image-id</option> the entries are
named after the OS image ID of the running system, i.e. the <varname>IMAGE_ID=</varname> field of
<filename>os-release</filename> (e.g. <literal>vendorx-cashier-system</literal>).</para>
<para>If set to <option>auto</option> (the default), the <filename>/etc/kernel/entry-token</filename>
file will be read if it exists, and the stored value used. Otherwise if the local machine ID is
initialized it is used. Otherwise <varname>IMAGE_ID=</varname> from <filename>os-release</filename>
will be used, if set. Otherwise, <varname>ID=</varname> from <filename>os-release</filename> will be
used, if set.</para>
<para>Unless set to <literal>machine-id</literal>, or when
<option>--make-entry-directory=yes</option> is used the selected token string is written to a file
<filename>/etc/kernel/entry-token</filename>, to ensure it will be used for future entries. This file
is also read by
<citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
in order to identify under which name to generate boot loader entries for newly installed kernels, or
to determine the entry names for removing old ones.</para>
<para>Using the machine ID for naming the entries is generally preferable, however there are cases
where using the other identifiers is a good option. Specifically: if the identification data that the
machine ID entails shall not be stored on the (unencrypted) <varname>$BOOT</varname> partition, or if
the ID shall be generated on first boot and is not known when the entries are prepared. Note that
using the machine ID has the benefit that multiple parallel installations of the same OS can coexist
on the same medium, and they can update their boot loader entries independently. When using another
identifier (such as the OS ID or the OS image ID), parallel installations of the same OS would try to
use the same entry name. To support parallel installations, the installer must use a different entry
token when adding a second installation.</para></listitem>
</varlistentry>
<xi:include href="standard-options.xml" xpointer="no-pager"/>
<xi:include href="standard-options.xml" xpointer="json" />
<xi:include href="standard-options.xml" xpointer="help"/>
<xi:include href="standard-options.xml" xpointer="version"/>
</variablelist>
</refsect1>
<refsect1>
<title>Signed .efi files</title>
<para><command>bootctl</command> <option>install</option> and <option>update</option> will look for a
<command>systemd-boot</command> file ending with the <literal>.efi.signed</literal> suffix first, and copy
that instead of the normal <literal>.efi</literal> file. This allows distributions or end-users to provide
signed images for UEFI SecureBoot.</para>
</refsect1>
<refsect1>
<title>Exit status</title>
<para>On success, 0 is returned, a non-zero failure code otherwise.</para>
</refsect1>
<refsect1>
<title>Environment</title>
<para>If <varname>$SYSTEMD_RELAX_ESP_CHECKS=1</varname> is set the validation checks for the ESP are
relaxed, and the path specified with <option>--esp-path=</option> may refer to any kind of file system on
any kind of partition.</para>
<para>Similarly, <varname>$SYSTEMD_RELAX_XBOOTLDR_CHECKS=1</varname> turns off some validation checks for
the Extended Boot Loader partition.</para>
</refsect1>
<refsect1>
<title>See Also</title>
<para>
<citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
<ulink url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink>,
<ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>,
<citerefentry><refentrytitle>systemd-boot-system-token.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
</para>
</refsect1>
</refentry>