]>
Commit | Line | Data |
---|---|---|
c3e270f4 FB |
1 | --- |
2 | title: The Boot Loader Interface | |
4cdca0af | 3 | category: Booting |
c3e270f4 FB |
4 | --- |
5 | ||
2fe82132 LP |
6 | # The Boot Loader Interface |
7 | ||
8 | systemd can interface with the boot loader to receive performance data and | |
9 | other information, and pass control information. This is only supported on EFI | |
10 | systems. Data is transferred between the boot loader and systemd in EFI | |
11 | variables. All EFI variables use the vendor UUID | |
12 | `4a67b082-0a4c-41cf-b6c7-440b29bb8c4f`. | |
13 | ||
14 | * The EFI Variable `LoaderTimeInitUSec` contains the timestamp in microseconds | |
15 | when the loader was initialized. This value is the time spent in the firmware | |
16 | for initialization, it is formatted as numeric, NUL-terminated, decimal | |
17 | string, in UTF-16. | |
18 | ||
19 | * The EFI Variable `LoaderTimeExecUSec` contains the timestamp in microseconds | |
20 | when the loader finished its work and is about to execute the kernel. The | |
21 | time spent in the loader is the difference between `LoaderTimeExecUSec` and | |
22 | `LoaderTimeInitUSec`. This value is formatted the same way as | |
23 | `LoaderTimeInitUSec`. | |
24 | ||
25 | * The EFI variable `LoaderDevicePartUUID` contains the partition GUID of the | |
26 | ESP the boot loader was run from formatted as NUL-terminated UTF16 string, in | |
27 | normal GUID syntax. | |
28 | ||
3f9a0a52 | 29 | * The EFI variable `LoaderConfigTimeout` contains the boot menu timeout |
2fe82132 LP |
30 | currently in use. It may be modified both by the boot loader and by the |
31 | host. The value should be formatted as numeric, NUL-terminated, decimal | |
32 | string, in UTF-16. The time is specified in µs. | |
33 | ||
34 | * Similarly, the EFI variable `LoaderConfigTimeoutOneShot` contains a boot menu | |
3f9a0a52 | 35 | timeout for a single following boot. It is set by the OS in order to request |
2fe82132 LP |
36 | display of the boot menu on the following boot. When set overrides |
37 | `LoaderConfigTimeout`. It is removed automatically after being read by the | |
38 | boot loader, to ensure it only takes effect a single time. This value is | |
39 | formatted the same way as `LoaderConfigTimeout`. If set to `0` the boot menu | |
3f9a0a52 | 40 | timeout is turned off, and the menu is shown indefinitely. |
2fe82132 LP |
41 | |
42 | * The EFI variable `LoaderEntries` may contain a series of boot loader entry | |
43 | identifiers, one after the other, each individually NUL terminated. This may | |
44 | be used to let the OS know which boot menu entries were discovered by the | |
45 | boot loader. A boot loader entry identifier should be a short, non-empty | |
46 | alphanumeric string (possibly containing `-`, too). The list should be in the | |
47 | order the entries are shown on screen during boot. See below regarding a | |
48 | recommended vocabulary for boot loader entry identifiers. | |
49 | ||
50 | * The EFI variable `LoaderEntryDefault` contains the default boot loader entry | |
51 | to use. It contains a NUL-terminated boot loader entry identifier. | |
52 | ||
53 | * Similarly, the EFI variable `LoaderEntryOneShot` contains the default boot | |
54 | loader entry to use for a single following boot. It is set by the OS in order | |
55 | to request booting into a specific menu entry on the following boot. When set | |
56 | overrides `LoaderEntryDefault`. It is removed automatically after being read | |
57 | by the boot loader, to ensure it only takes effect a single time. This value | |
58 | is formatted the same way as `LoaderEntryDefault`. | |
59 | ||
60 | * The EFI variable `LoaderEntrySelected` contains the boot loader entry | |
61 | identifier that was booted. It is set by the boot loader and read by | |
62 | the OS in order to identify which entry has been used for the current boot. | |
63 | ||
64 | * The EFI variable `LoaderFeatures` contains a 64bit unsigned integer with a | |
65 | number of flags bits that are set by the boot loader and passed to the OS and | |
66 | indicate the features the boot loader supports. Specifically, the following | |
67 | bits are defined: | |
68 | ||
69 | * `1 << 0` → The boot loader honours `LoaderConfigTimeout` when set. | |
70 | * `1 << 1` → The boot loader honours `LoaderConfigTimeoutOneShot` when set. | |
71 | * `1 << 2` → The boot loader honours `LoaderEntryDefault` when set. | |
72 | * `1 << 3` → The boot loader honours `LoaderEntryOneShot` when set. | |
73 | * `1 << 4` → The boot loader supports boot counting as described in [Automatic Boot Assessment](https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT). | |
c7bb4dfc | 74 | * `1 << 5` → The boot loader supports looking for boot menu entries in the Extended Boot Loader Partition. |
22aba2b9 | 75 | * `1 << 6` → The boot loader supports passing a random seed to the OS. |
c7bb4dfc LP |
76 | |
77 | * The EFI variable `LoaderRandomSeed` contains a binary random seed if set. It | |
78 | is set by the boot loader to pass an entropy seed read from the ESP partition | |
79 | to the OS. The system manager then credits this seed to the kernel's entropy | |
80 | pool. It is the responsibility of the boot loader to ensure the quality and | |
81 | integrity of the random seed. | |
82 | ||
83 | * The EFI variable `LoaderSystemToken` contains binary random data, | |
84 | persistently set by the OS installer. Boot loaders that support passing | |
85 | random seeds to the OS should use this data and combine it with the random | |
86 | seed file read from the ESP. By combining this random data with the random | |
87 | seed read off the disk before generating a seed to pass to the OS and a new | |
88 | seed to store in the ESP the boot loader can protect itself from situations | |
89 | where "golden" OS images that include a random seed are replicated and used | |
90 | on multiple systems. Since the EFI variable storage is usually independent | |
91 | (i.e. in physical NVRAM) of the ESP file system storage, and only the latter | |
92 | is part of "golden" OS images, this ensures that different systems still come | |
93 | up with different random seeds. Note that the `LoaderSystemToken` is | |
94 | generally only written once, by the OS installer, and is usually not touched | |
95 | after that. | |
2fe82132 LP |
96 | |
97 | If `LoaderTimeInitUSec` and `LoaderTimeExecUSec` are set, `systemd-analyze` | |
98 | will include them in its boot-time analysis. If `LoaderDevicePartUUID` is set, | |
99 | systemd will mount the ESP that was used for the boot to `/boot`, but only if | |
100 | that directory is empty, and only if no other file systems are mounted | |
101 | there. The `systemctl reboot --boot-loader-entry=…` and `systemctl reboot | |
102 | --boot-loader-menu=…` commands rely on the `LoaderFeatures` , | |
c7bb4dfc LP |
103 | `LoaderConfigTimeoutOneShot`, `LoaderEntries`, `LoaderEntryOneShot` |
104 | variables. `LoaderRandomSeed` is read by PID during early boot and credited to | |
105 | the kernel's random pool. | |
f7f00fb1 LP |
106 | |
107 | ## Boot Loader Entry Identifiers | |
108 | ||
109 | While boot loader entries may be named relatively freely, it's highly | |
110 | recommended to follow the following rules when picking identifiers for the | |
111 | entries, so that programs (and users) can derive basic context and meaning from | |
112 | the identifiers as passed in `LoaderEntries`, `LoaderEntryDefault`, | |
113 | `LoaderEntryOneShot`, `LoaderEntrySelected`, and possibly show nicely localized | |
114 | names for them in UIs. | |
115 | ||
116 | 1. When boot loader entries are defined through [Boot Loader | |
117 | Specification](https://systemd.io/BOOT_LOADER_SPECIFICATION) drop-in files | |
118 | the identifier should be derived directly from the drop-in snippet name, but | |
119 | with the `.conf` (or `.efi` in case of Type #2 entries) suffix removed. | |
120 | ||
121 | 2. Entries automatically discovered by the boot loader (as opposed to being | |
122 | configured in configuration files) should generally have an identifier | |
123 | prefixed with `auto-`. | |
124 | ||
125 | 3. Boot menu entries referring to Microsoft Windows installations should either | |
126 | use the identifier `windows` or use the `windows-` prefix for the | |
127 | identifier. If a menu entry is automatically discovered, it should be | |
128 | prefixed with `auto-`, see above (Example: this means an automatically | |
129 | discovered Windows installation might have the identifier `auto-windows` or | |
130 | `auto-windows-10` or so.). | |
131 | ||
132 | 4. Similar, boot menu entries referring to Apple MacOS X installations should | |
133 | use the identifier `osx` or one that is prefixed with `osx-`. If such an | |
134 | entry is automatically discovered by the boot loader use `auto-osx` as | |
135 | identifier, or `auto-osx-` as prefix for the identifier, see above. | |
136 | ||
137 | 5. If a boot menu entry encapsulates the EFI shell program, it should use the | |
138 | identifier `efi-shell` (or when automatically discovered: `auto-efi-shell`, | |
139 | see above). | |
140 | ||
141 | 6. If a boot menu entry encapsulates a reboot into EFI firmware setup feature, | |
142 | it should use the identifier `reboot-to-firmware-setup` (or | |
143 | `auto-reboot-to-firmware-setup` in case it is automatically discovered). |