Merge pull request #23653 from aafeijoo-suse/ask-for-recovery-key

[thirdparty/systemd.git] / man / bootctl.xml

<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->

<refentry id="bootctl" conditional='HAVE_GNU_EFI'
    xmlns:xi="http://www.w3.org/2001/XInclude">
  <refentryinfo>
    <title>bootctl</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>bootctl</refentrytitle>
    <manvolnum>1</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>bootctl</refname>
    <refpurpose>Control EFI firmware boot settings and manage boot loader</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis>
      <command>bootctl</command>
      <arg choice="opt" rep="repeat">OPTIONS</arg>
      <arg choice="req">COMMAND</arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><command>bootctl</command> can check the EFI firmware and boot loader status, list and manage
    available boot loaders and boot loader entries, and install, update, or remove the
    <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry> boot
    loader on the current system.</para>
  </refsect1>

  <refsect1>
    <title>Generic EFI Firmware/Boot Loader Commands</title>

    <para>These commands are available on any EFI system, regardless of the boot loader used.</para>

    <variablelist>
      <varlistentry>
        <term><option>status</option></term>

        <listitem><para>Shows brief information about the system firmware, the boot loader that was used to
        boot the system, the boot loaders currently available in the ESP, the boot loaders listed in the
        firmware's list of boot loaders and the current default boot loader entry. If no command is
        specified, this is the implied default.</para>

        <para>See the example below for details of the output.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>reboot-to-firmware</option> <optional><replaceable>BOOL</replaceable></optional></term>

        <listitem><para>Query or set the "Reboot-Into-Firmware-Setup" flag of the EFI firmware. Takes a
        boolean argument which controls whether to show the firmware setup on next system reboot. If the
        argument is omitted shows the current status of the flag, or whether the flag is supported. This
        controls the same flag as <command>systemctl reboot --firmware-setup</command>, but is more low-level
        and allows setting the flag independently from actually requesting a reboot.</para>

        <para>Hint: use <command>systemctl reboot --firmware-setup</command> to reboot into firmware setup
        once. See
        <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
        for details.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>systemd-efi-options</option> <optional><replaceable>STRING</replaceable></optional></term>

        <listitem><para>When called without the optional argument, prints the current value of the
        <literal>SystemdOptions</literal> EFI variable. When called with an argument, sets the variable to
        that value. See
        <citerefentry><refentrytitle>systemd</refentrytitle><manvolnum>1</manvolnum></citerefentry> for the
        meaning of that variable.</para></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Boot Loader Specification Commands</title>

    <para>These commands are available for all boot loaders that implement the <ulink
    url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink> and/or the <ulink
    url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>, such as
    <command>systemd-boot</command>.</para>

    <variablelist>
      <varlistentry>
        <term><option>list</option></term>

        <listitem><para>Shows all available boot loader entries implementing the <ulink
        url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink>, as well as any
        other entries discovered or automatically generated by a boot loader implementing the <ulink
        url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>.
        JSON output may be requested with <option>--json=</option>.</para>

        <para>See the example below for details of the output.</para>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>set-default</option> <replaceable>ID</replaceable></term>
        <term><option>set-oneshot</option> <replaceable>ID</replaceable></term>

        <listitem><para>Sets the default boot loader entry. Takes a single boot loader entry ID string or a glob
        pattern as argument. The <option>set-oneshot</option> command will set the default entry only for the next boot,
        the <option>set-default</option> will set it persistently for all future boots.</para>

        <para><command>bootctl list</command> can be used to list available boot loader entries and their
        IDs.</para>

        <para>In addition, the boot loader entry ID may be specified as one of: <option>@default</option>,
        <option>@oneshot</option> or <option>@current</option>, which correspond to the current default boot loader
        entry for all future boots, the current default boot loader entry for the next boot, and the currently booted
        boot loader entry. These special IDs are resolved to the current values of the EFI variables
        <varname>LoaderEntryDefault</varname>, <varname>LoaderEntryOneShot</varname> and <varname>LoaderEntrySelected</varname>,
        see <ulink url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink> for details.
        These special IDs are primarily useful as a quick way to persistently make the currently booted boot loader
        entry the default choice, or to upgrade the default boot loader entry for the next boot to the default boot
        loader entry for all future boots, but may be used for other operations too.</para>

        <para>If set to <option>@saved</option> the chosen entry will be saved as an EFI variable
        on every boot and automatically selected the next time the boot loader starts.</para>

        <para>When an empty string ("") is specified as the ID, then the corresponding EFI variable will be
        unset.</para>

        <para>Hint: use <command>systemctl reboot --boot-loader-entry=<replaceable>ID</replaceable></command>
        to reboot into a specific boot entry and
        <command>systemctl reboot --boot-loader-menu=<replaceable>timeout</replaceable></command>
        to reboot into the boot loader menu once. See
        <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
        for details.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>set-timeout</option> <replaceable>TIMEOUT</replaceable></term>
        <term><option>set-timeout-oneshot</option> <replaceable>TIMEOUT</replaceable></term>

        <listitem><para>Sets the boot loader menu timeout in seconds. The <option>set-timeout-oneshot</option>
        command will set the timeout only for the next boot. See
        <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>
        for details about the syntax of time spans.</para>

        <para>If this is set to <option>menu-hidden</option> or <option>0</option> no menu is shown and
        the default entry will be booted immediately, while setting this to <option>menu-force</option>
        disables the timeout while always showing the menu. When an empty string ("") is specified the
        bootloader will revert to its default menu timeout.</para></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title><command>systemd-boot</command> Commands</title>

    <para>These commands manage the <command>systemd-boot</command> EFI boot loader, and do not work in
    conjunction with other boot loaders.</para>

    <variablelist>
      <varlistentry>
        <term><option>install</option></term>

        <listitem><para>Installs <command>systemd-boot</command> into the EFI system partition. A copy of
        <command>systemd-boot</command> will be stored as the EFI default/fallback loader at
        <filename><replaceable>ESP</replaceable>/EFI/BOOT/BOOT*.EFI</filename>. The boot loader is then added
        to the top of the firmware's boot loader list.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>update</option></term>

        <listitem><para>Updates all installed versions of
        <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>, if the
        available version is newer than the version installed in the EFI system partition. This also includes the EFI
        default/fallback loader at <filename><replaceable>ESP</replaceable>/EFI/BOOT/BOOT*.EFI</filename>. The boot
        loader is then added to end of the firmware's boot loader list if missing.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>remove</option></term>

        <listitem><para>Removes all installed versions of <command>systemd-boot</command> from the EFI system partition
        and the firmware's boot loader list.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>is-installed</option></term>

        <listitem><para>Checks whether <command>systemd-boot</command> is installed in the ESP. Note that a
        single ESP might host multiple boot loaders; this hence checks whether
        <command>systemd-boot</command> is one (of possibly many) installed boot loaders — and neither
        whether it is the default nor whether it is registered in any EFI variables.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>random-seed</option></term>

        <listitem><para>Generates a random seed and stores it in the EFI System Partition, for use by the
        <command>systemd-boot</command> boot loader. Also, generates a random 'system token' and stores it
        persistently as an EFI variable, if one has not been set before. If the boot loader finds the random
        seed in the ESP and the system token in the EFI variable it will derive a random seed to pass to the
        OS and a new seed to store in the ESP from the combination of both. The random seed passed to the OS
        is credited to the kernel's entropy pool by the system manager during early boot, and permits
        userspace to boot up with an entropy pool fully initialized very early on. Also see
        <citerefentry><refentrytitle>systemd-boot-system-token.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>

        <para>See <ulink url="https://systemd.io/RANDOM_SEEDS">Random Seeds</ulink> for further
        information.</para></listitem>
      </varlistentry>

    </variablelist>
  </refsect1>

  <refsect1>
    <title>Options</title>
    <para>The following options are understood:</para>

    <variablelist>
      <varlistentry>
        <term><option>--esp-path=</option></term>
        <listitem><para>Path to the EFI System Partition (ESP). If not specified, <filename>/efi/</filename>,
        <filename>/boot/</filename>, and <filename>/boot/efi/</filename> are checked in turn.  It is
        recommended to mount the ESP to <filename>/efi/</filename>, if possible.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--boot-path=</option></term>
        <listitem><para>Path to the Extended Boot Loader partition, as defined in the <ulink
        url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink>. If not
        specified, <filename>/boot/</filename> is checked.  It is recommended to mount the Extended Boot
        Loader partition to <filename>/boot/</filename>, if possible.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--root=<replaceable>root</replaceable></option></term>
        <listitem><para>Takes a directory path as an argument. All
        paths will be prefixed with the given alternate
        <replaceable>root</replaceable> path, including config search
        paths. </para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--image=<replaceable>image</replaceable></option></term>

        <listitem><para>Takes a path to a disk image file or block device node. If specified all operations
        are applied to file system in the indicated disk image. This is similar to <option>--root=</option>
        but operates on file systems stored in disk images or block devices. The disk image should either
        contain just a file system or a set of file systems within a GPT partition table, following the
        <ulink url="https://systemd.io/DISCOVERABLE_PARTITIONS">Discoverable Partitions
        Specification</ulink>. For further information on supported disk images, see
        <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
        switch of the same name.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--install-source=</option></term>
        <listitem><para>When installing binaries with <option>--root=</option> or
        <option>--image=</option>, selects where to source them from. Takes one of <literal>auto</literal>
        (the default), <literal>image</literal> or <literal>host</literal>. With <literal>auto</literal>
        binaries will be picked from the specified directory or image, and if not found they will be picked
        from the host. With <literal>image</literal> or <literal>host</literal> no fallback search will be
        performed if the binaries are not found in the selected source.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-p</option></term>
        <term><option>--print-esp-path</option></term>
        <listitem><para>This option modifies the behaviour of <command>status</command>. Only prints the path
        to the EFI System Partition (ESP) to standard output and exits.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-x</option></term>
        <term><option>--print-boot-path</option></term>
        <listitem><para>This option modifies the behaviour of <command>status</command>. Only prints the path
        to the Extended Boot Loader partition if it exists, and the path to the ESP otherwise to standard
        output and exit. This command is useful to determine where to place boot loader entries, as they are
        preferably placed in the Extended Boot Loader partition if it exists and in the ESP otherwise.</para>

        <para>Boot Loader Specification Type #1 entries should generally be placed in the directory
        <literal>$(bootctl -x)/loader/entries/</literal>. Existence of that directory may also be used as
        indication that boot loader entry support is available on the system. Similarly, Boot Loader
        Specification Type #2 entries should be placed in the directory <literal>$(bootctl
        -x)/EFI/Linux/</literal>.</para>

        <para>Note that this option (similar to the <option>--print-booth-path</option> option mentioned
        above), is available independently from the boot loader used, i.e. also without
        <command>systemd-boot</command> being installed.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--no-variables</option></term>
        <listitem><para>Do not touch the firmware's boot loader list stored in EFI variables.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--graceful</option></term>
        <listitem><para>Ignore failure when the EFI System Partition cannot be found, when EFI variables
        cannot be written, or a different or newer boot loader is already installed. Currently only applies
        to <command>is-installed</command>, <command>update</command>, and <command>random-seed</command>
        verbs.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-q</option></term>
        <term><option>--quiet</option></term>

        <listitem><para>Suppress printing of the results of various commands and also the hints about ESP
        being unavailable.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--make-entry-directory=yes|no</option></term>
        <listitem><para>Controls creation and deletion of the <ulink
        url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink> Type #1 entry
        directory on the file system containing resources such as kernel images and initial RAM disk images
        during <option>install</option> and <option>remove</option>, respectively. The directory is named
        after the entry token, as specified with <option>--entry-token=</option> parameter described below,
        and is placed immediately below the <varname>$BOOT</varname> root directory (i.e. beneath the file
        system returned by the <option>--print-boot-path</option> option, see above). Defaults to
        <literal>no</literal>.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--entry-token=</option></term>

        <listitem><para>Controls how to name and identify boot loader entries for this OS
        installation. Accepted during <option>install</option>, and takes one of <literal>auto</literal>,
        <literal>machine-id</literal>, <literal>os-id</literal>, <literal>os-image-id</literal> or an
        arbitrary string prefixed by <literal>literal:</literal> as argument.</para>

        <para>If set to <option>machine-id</option> the entries are named after the machine ID of the running
        system (e.g. <literal>b0e793a9baf14b5fa13ecbe84ff637ac</literal>). See
        <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
        details about the machine ID concept and file.</para>

        <para>If set to <option>os-id</option> the entries are named after the OS ID of the running system,
        i.e. the <varname>ID=</varname> field of
        <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry>
        (e.g. <literal>fedora</literal>). Similar, if set to <option>os-image-id</option> the entries are
        named after the OS image ID of the running system, i.e. the <varname>IMAGE_ID=</varname> field of
        <filename>os-release</filename> (e.g. <literal>vendorx-cashier-system</literal>).</para>

        <para>If set to <option>auto</option> (the default), the <filename>/etc/kernel/entry-token</filename>
        file will be read if it exists, and the stored value used.  Otherwise if the local machine ID is
        initialized it is used. Otherwise <varname>IMAGE_ID=</varname> from <filename>os-release</filename>
        will be used, if set.  Otherwise, <varname>ID=</varname> from <filename>os-release</filename> will be
        used, if set.</para>

        <para>Unless set to <literal>machine-id</literal>, or when
        <option>--make-entry-directory=yes</option> is used the selected token string is written to a file
        <filename>/etc/kernel/entry-token</filename>, to ensure it will be used for future entries. This file
        is also read by
        <citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
        in order to identify under which name to generate boot loader entries for newly installed kernels, or
        to determine the entry names for removing old ones.</para>

        <para>Using the machine ID for naming the entries is generally preferable, however there are cases
        where using the other identifiers is a good option. Specifically: if the identification data that the
        machine ID entails shall not be stored on the (unencrypted) <varname>$BOOT</varname> partition, or if
        the ID shall be generated on first boot and is not known when the entries are prepared. Note that
        using the machine ID has the benefit that multiple parallel installations of the same OS can coexist
        on the same medium, and they can update their boot loader entries independently. When using another
        identifier (such as the OS ID or the OS image ID), parallel installations of the same OS would try to
        use the same entry name. To support parallel installations, the installer must use a different entry
        token when adding a second installation.</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--all-architectures</option></term>
        <listitem><para>Install binaries for all supported EFI architectures (this implies <option>--no-variables</option>).</para></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--efi-boot-option-description=</option></term>
        <listitem><para>Description of the entry added to the firmware's boot option list. Defaults to <literal>Linux
        Boot Manager</literal>.</para>

        <para>Using the default entry name <literal>Linux Boot Manager</literal> is generally preferable as only
        one bootloader installed to a single ESP partition should be used to boot any number of OS installations
        found on the various disks installed in the system. Specifically distributions should not use this flag
        to install a branded entry in the boot option list. However in situations with multiple disks, each with
        their own ESP partition, it can be beneficial to make it easier to identify the bootloader being used in
        the firmware's boot option menu.</para></listitem>
      </varlistentry>

      <xi:include href="standard-options.xml" xpointer="no-pager"/>
      <xi:include href="standard-options.xml" xpointer="json" />
      <xi:include href="standard-options.xml" xpointer="help"/>
      <xi:include href="standard-options.xml" xpointer="version"/>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Signed .efi files</title>
    <para><command>bootctl</command> <option>install</option> and <option>update</option> will look for a
    <command>systemd-boot</command> file ending with the <literal>.efi.signed</literal> suffix first, and copy
    that instead of the normal <literal>.efi</literal> file. This allows distributions or end-users to provide
    signed images for UEFI SecureBoot.</para>
  </refsect1>

  <refsect1>
    <title>Exit status</title>
    <para>On success, 0 is returned, a non-zero failure code otherwise.</para>
  </refsect1>

  <refsect1>
    <title>Environment</title>
    <para>If <varname>$SYSTEMD_RELAX_ESP_CHECKS=1</varname> is set the validation checks for the ESP are
    relaxed, and the path specified with <option>--esp-path=</option> may refer to any kind of file system on
    any kind of partition.</para>

    <para>Similarly, <varname>$SYSTEMD_RELAX_XBOOTLDR_CHECKS=1</varname> turns off some validation checks for
    the Extended Boot Loader partition.</para>
  </refsect1>

  <refsect1>
    <title>Examples</title>

    <example>
      <title>Output from <command>status</command> and <command>list</command></title>

      <programlisting>$ <command>bootctl status</command>
System:
     Firmware: UEFI 2.40 (<replaceable>firmware-version</replaceable>)  ← firmware vendor and version
  Secure Boot: disabled (setup)              ← secure boot status
 TPM2 Support: yes
 Boot into FW: supported                     ← does the firmware support booting into itself

Current Boot Loader:                         ← details about sd-boot or another boot loader
      Product: systemd-boot <replaceable>version</replaceable>            implementing the <ulink
    url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>
     Features: ✓ Boot counting
               ✓ Menu timeout control
               ✓ One-shot menu timeout control
               ✓ Default entry control
               ✓ One-shot entry control
               ✓ Support for XBOOTLDR partition
               ✓ Support for passing random seed to OS
               ✓ Load drop-in drivers
               ✓ Boot loader sets ESP information
          ESP: /dev/disk/by-partuuid/01234567-89ab-cdef-dead-beef00000000
         File: └─/EFI/systemd/systemd-bootx64.efi

Random Seed:                                 ← random seed used for entropy in early boot
 Passed to OS: yes
 System Token: set
       Exists: yes

Available Boot Loaders on ESP:
          ESP: /boot/efi (/dev/disk/by-partuuid/01234567-89ab-cdef-dead-beef00000000)
         File: └─/EFI/systemd/systemd-bootx64.efi (systemd-boot 251
         File: └─/EFI/BOOT/BOOTX64.EFI (systemd-boot 251

Boot Loaders Listed in EFI Variables:
        Title: Linux Boot Manager
           ID: 0x0001
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/…
         File: └─/EFI/systemd/systemd-bootx64.efi

        Title: Fedora
           ID: 0x0000
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/…
         File: └─/EFI/fedora/shimx64.efi

        Title: Linux-Firmware-Updater
           ID: 0x0002
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/…
         File: └─/EFI/fedora/fwupdx64.efi

Boot Loader Entries:
        $BOOT: /boot/efi (/dev/disk/by-partuuid/01234567-89ab-cdef-dead-beef00000000)

Default Boot Loader Entry:
         type: Boot Loader Specification Type #1 (.conf)
        title: Fedora Linux 36 (Workstation Edition)
           id: …
       source: /boot/efi/loader/entries/<replaceable>entry-token</replaceable>-<replaceable>kernel-version</replaceable>.conf
      version: <replaceable>kernel-version</replaceable>
   machine-id: …
        linux: /<replaceable>entry-token</replaceable>/<replaceable>kernel-version</replaceable>/linux
       initrd: /<replaceable>entry-token</replaceable>/<replaceable>kernel-version</replaceable>/initrd
      options: root=…
</programlisting>

      <programlisting>$ <command>bootctl list</command>
Boot Loader Entries:
         type: Boot Loader Specification Type #1 (.conf)
        title: Fedora Linux 36 (Workstation Edition) (default) (selected)
           id: …
       source: /boot/efi/loader/entries/<replaceable>entry-token</replaceable>-<replaceable>kernel-version</replaceable>.conf
      version: <replaceable>kernel-version</replaceable>
   machine-id: …
        linux: /<replaceable>entry-token</replaceable>/<replaceable>kernel-version</replaceable>/linux
       initrd: /<replaceable>entry-token</replaceable>/<replaceable>kernel-version</replaceable>/initrd
      options: root=…

         type: Boot Loader Specification Type #2 (.efi)
        title: Fedora Linux 35 (Workstation Edition)
           id: …
       source: /boot/efi/EFI/Linux/fedora-<replaceable>kernel-version</replaceable>.efi
      version: <replaceable>kernel-version</replaceable>
   machine-id: …
        linux: /EFI/Linux/fedora-<replaceable>kernel-version</replaceable>.efi
      options: root=…

         type: Automatic
        title: Reboot Into Firmware Interface
           id: auto-reboot-to-firmware-setup
       source: /sys/firmware/efi/efivars/LoaderEntries-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
</programlisting>

       <para>In the listing, <literal>(default)</literal> specifies the entry that will be
       used by default, and <literal>(selected)</literal> specifies the entry that was
       selected the last time (i.e. is currently running).</para>
    </example>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para>
      <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
      <ulink url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink>,
      <ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>,
      <citerefentry><refentrytitle>systemd-boot-system-token.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
    </para>
  </refsect1>
</refentry>