man: use same version in public and system ident.

[thirdparty/systemd.git] / man / bootctl.xml

<?xml version='1.0'?> <!--*-nxml-*-->
<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
  "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd">
<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->

<refentry id="bootctl" conditional='ENABLE_BOOTLOADER'
    xmlns:xi="http://www.w3.org/2001/XInclude">
  <refentryinfo>
    <title>bootctl</title>
    <productname>systemd</productname>
  </refentryinfo>

  <refmeta>
    <refentrytitle>bootctl</refentrytitle>
    <manvolnum>1</manvolnum>
  </refmeta>

  <refnamediv>
    <refname>bootctl</refname>
    <refpurpose>Control EFI firmware boot settings and manage boot loader</refpurpose>
  </refnamediv>

  <refsynopsisdiv>
    <cmdsynopsis>
      <command>bootctl</command>
      <arg choice="opt" rep="repeat">OPTIONS</arg>
      <arg choice="req">COMMAND</arg>
    </cmdsynopsis>
  </refsynopsisdiv>

  <refsect1>
    <title>Description</title>

    <para><command>bootctl</command> can check the EFI firmware and boot loader status, list and manage
    available boot loaders and boot loader entries, and install, update, or remove the
    <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry> boot
    loader on the current system.</para>
  </refsect1>

  <refsect1>
    <title>Generic EFI Firmware/Boot Loader Commands</title>

    <para>These commands are available on any EFI system, regardless of the boot loader used.</para>

    <variablelist>
      <varlistentry>
        <term><option>status</option></term>

        <listitem><para>Shows brief information about the system firmware, the boot loader that was used to
        boot the system, the boot loaders currently available in the ESP, the boot loaders listed in the
        firmware's list of boot loaders and the current default boot loader entry. If no command is
        specified, this is the implied default.</para>

        <para>See the example below for details of the output.</para>

        <xi:include href="version-info.xml" xpointer="v239"/>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>reboot-to-firmware</option> <optional><replaceable>BOOL</replaceable></optional></term>

        <listitem><para>Query or set the "Reboot-Into-Firmware-Setup" flag of the EFI firmware. Takes a
        boolean argument which controls whether to show the firmware setup on next system reboot. If the
        argument is omitted shows the current status of the flag, or whether the flag is supported. This
        controls the same flag as <command>systemctl reboot --firmware-setup</command>, but is more low-level
        and allows setting the flag independently from actually requesting a reboot.</para>

        <para>Hint: use <command>systemctl reboot --firmware-setup</command> to reboot into firmware setup
        once. See
        <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
        for details.</para>

        <xi:include href="version-info.xml" xpointer="v251"/></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Boot Loader Specification Commands</title>

    <para>These commands are available for all boot loaders that
    implement the <ulink
    url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot
    Loader Specification</ulink>, such as
    <command>systemd-boot</command>.</para>

    <variablelist>
      <varlistentry>
        <term><option>list</option></term>

        <listitem><para>Shows all available boot loader entries implementing the <ulink
        url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink>, as well as any
        other entries discovered or automatically generated by a boot loader implementing the <ulink
        url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>.
        JSON output may be requested with <option>--json=</option>.</para>

        <para>See the example below for details of the output.</para>

        <xi:include href="version-info.xml" xpointer="v239"/>
        </listitem>
      </varlistentry>

      <varlistentry>
        <term><option>unlink</option> <replaceable>ID</replaceable></term>

        <listitem><para>Removes a boot loader entry including the files it refers to. Takes a single boot
        loader entry ID string or a glob pattern as argument. Referenced files such as kernel or initrd are
        only removed if no other entry refers to them.</para>

        <xi:include href="version-info.xml" xpointer="v253"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>cleanup</option></term>

        <listitem><para>Removes files from the ESP and XBOOTLDR partitions that belong to the entry token but
        are not referenced in any boot loader entries.</para>

        <xi:include href="version-info.xml" xpointer="v253"/></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Boot Loader Interface Commands</title>

    <para>These commands are available for all boot loaders that implement the <ulink
    url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> and the <ulink
    url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>, such as
    <command>systemd-boot</command>.</para>

    <variablelist>
      <varlistentry>
        <term><option>set-default</option> <replaceable>ID</replaceable></term>
        <term><option>set-oneshot</option> <replaceable>ID</replaceable></term>

        <listitem><para>Sets the default boot loader entry. Takes a single boot loader entry ID string or a glob
        pattern as argument. The <option>set-oneshot</option> command will set the default entry only for the next boot,
        the <option>set-default</option> will set it persistently for all future boots.</para>

        <para><command>bootctl list</command> can be used to list available boot loader entries and their
        IDs.</para>

        <para>In addition, the boot loader entry ID may be specified as one of: <option>@default</option>,
        <option>@oneshot</option> or <option>@current</option>, which correspond to the current default boot loader
        entry for all future boots, the current default boot loader entry for the next boot, and the currently booted
        boot loader entry. These special IDs are resolved to the current values of the EFI variables
        <varname>LoaderEntryDefault</varname>, <varname>LoaderEntryOneShot</varname> and <varname>LoaderEntrySelected</varname>,
        see <ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> for details.
        These special IDs are primarily useful as a quick way to persistently make the currently booted boot loader
        entry the default choice, or to upgrade the default boot loader entry for the next boot to the default boot
        loader entry for all future boots, but may be used for other operations too.</para>

        <para>If set to <option>@saved</option> the chosen entry will be saved as an EFI variable
        on every boot and automatically selected the next time the boot loader starts.</para>

        <para>When an empty string ("") is specified as the ID, then the corresponding EFI variable will be
        unset.</para>

        <para>Hint: use <command>systemctl reboot --boot-loader-entry=<replaceable>ID</replaceable></command>
        to reboot into a specific boot entry and
        <command>systemctl reboot --boot-loader-menu=<replaceable>timeout</replaceable></command>
        to reboot into the boot loader menu once. See
        <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
        for details.</para>

        <xi:include href="version-info.xml" xpointer="v240"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>set-timeout</option> <replaceable>TIMEOUT</replaceable></term>
        <term><option>set-timeout-oneshot</option> <replaceable>TIMEOUT</replaceable></term>

        <listitem><para>Sets the boot loader menu timeout in seconds. The <option>set-timeout-oneshot</option>
        command will set the timeout only for the next boot. See
        <citerefentry><refentrytitle>systemd.time</refentrytitle><manvolnum>7</manvolnum></citerefentry>
        for details about the syntax of time spans.</para>

        <para>If this is set to <option>menu-disabled</option> or <option>menu-hidden</option> or
        <option>0</option>, no menu is shown and the default entry will be booted immediately, while
        setting this to <option>menu-force</option> disables the timeout while always showing the menu.
        When an empty string ("") is specified the bootloader will revert to its default menu timeout.</para>

        <xi:include href="version-info.xml" xpointer="v250"/></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title><command>systemd-boot</command> Commands</title>

    <para>These commands manage the <command>systemd-boot</command> EFI boot loader, and do not work in
    conjunction with other boot loaders.</para>

    <variablelist>
      <varlistentry>
        <term><option>install</option></term>

        <listitem><para>Installs <command>systemd-boot</command> into the EFI system partition. A copy of
        <command>systemd-boot</command> will be stored as the EFI default/fallback loader at
        <filename><replaceable>ESP</replaceable>/EFI/BOOT/BOOT*.EFI</filename>. The boot loader is then added
        to the top of the firmware's boot loader list.</para>

        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>update</option></term>

        <listitem><para>Updates all installed versions of
        <citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry>, if the
        available version is newer than the version installed in the EFI system partition. This also includes the EFI
        default/fallback loader at <filename><replaceable>ESP</replaceable>/EFI/BOOT/BOOT*.EFI</filename>. The boot
        loader is then added to end of the firmware's boot loader list if missing.</para>

        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>remove</option></term>

        <listitem><para>Removes all installed versions of <command>systemd-boot</command> from the EFI system partition
        and the firmware's boot loader list.</para>

        <xi:include href="version-info.xml" xpointer="v239"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>is-installed</option></term>

        <listitem><para>Checks whether <command>systemd-boot</command> is installed in the ESP. Note that a
        single ESP might host multiple boot loaders; this hence checks whether
        <command>systemd-boot</command> is one (of possibly many) installed boot loaders — and neither
        whether it is the default nor whether it is registered in any EFI variables.</para>

        <xi:include href="version-info.xml" xpointer="v243"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>random-seed</option></term>

        <listitem><para>Generates a random seed and stores it in the EFI System Partition (ESP), for use by
        the <command>systemd-boot</command> boot loader. If a random seed already exists in the ESP it is
        refreshed. Also generates a random 'system token' and stores it persistently as an EFI variable, if
        one has not been set before. If the boot loader finds the random seed in the ESP and the system token
        in the EFI variable it will derive a random seed to pass to the OS and a new seed to store in the ESP
        from the combination of both. The random seed passed to the OS is credited to the kernel's entropy
        pool by the system manager during early boot, and permits userspace to boot up with an entropy pool
        fully initialized very early on. Also see
        <citerefentry><refentrytitle>systemd-boot-random-seed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>

        <para>See <ulink url="https://systemd.io/RANDOM_SEEDS">Random Seeds</ulink> for further
        information.</para>

        <xi:include href="version-info.xml" xpointer="v243"/></listitem>
      </varlistentry>

    </variablelist>
  </refsect1>

  <refsect1>
    <title>Kernel Image Commands</title>

    <variablelist>
      <varlistentry>
        <term><option>kernel-identify</option> <replaceable>kernel</replaceable></term>

        <listitem><para>Takes a kernel image as argument. Checks what kind of kernel the image is. Returns
        one of <literal>uki</literal>, <literal>pe</literal>, and <literal>unknown</literal>.
        </para>

        <xi:include href="version-info.xml" xpointer="v253"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>kernel-inspect</option> <replaceable>kernel</replaceable></term>

        <listitem><para>Takes a kernel image as argument. Prints details about the image.</para>

        <xi:include href="version-info.xml" xpointer="v253"/></listitem>
      </varlistentry>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Options</title>
    <para>The following options are understood:</para>

    <variablelist>
      <xi:include href="standard-options.xml" xpointer="esp-path"/>
      <xi:include href="standard-options.xml" xpointer="boot-path"/>

      <varlistentry>
        <term><option>--root=<replaceable>root</replaceable></option></term>
        <listitem><para>Takes a directory path as an argument. All
        paths will be prefixed with the given alternate
        <replaceable>root</replaceable> path, including config search
        paths. </para>

        <xi:include href="version-info.xml" xpointer="v252"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--image=<replaceable>image</replaceable></option></term>

        <listitem><para>Takes a path to a disk image file or block device node. If specified, all operations
        are applied to file system in the indicated disk image. This option is similar to
        <option>--root=</option>, but operates on file systems stored in disk images or block devices. The
        disk image should either contain just a file system or a set of file systems within a GPT partition
        table, following the <ulink url="https://uapi-group.org/specifications/specs/discoverable_partitions_specification">Discoverable Partitions
        Specification</ulink>. For further information on supported disk images, see
        <citerefentry><refentrytitle>systemd-nspawn</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
        switch of the same name.</para>

        <xi:include href="version-info.xml" xpointer="v252"/></listitem>
      </varlistentry>

      <xi:include href="standard-options.xml" xpointer="image-policy-open" />

      <varlistentry>
        <term><option>--install-source=</option></term>
        <listitem><para>When installing binaries with <option>--root=</option> or
        <option>--image=</option>, selects where to source them from. Takes one of <literal>auto</literal>
        (the default), <literal>image</literal> or <literal>host</literal>. With <literal>auto</literal>
        binaries will be picked from the specified directory or image, and if not found they will be picked
        from the host. With <literal>image</literal> or <literal>host</literal> no fallback search will be
        performed if the binaries are not found in the selected source.</para>

        <xi:include href="version-info.xml" xpointer="v252"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-p</option></term>
        <term><option>--print-esp-path</option></term>
        <listitem><para>This option modifies the behaviour of <command>status</command>. Only prints the path
        to the EFI System Partition (ESP) to standard output and exits.</para>

        <xi:include href="version-info.xml" xpointer="v236"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-x</option></term>
        <term><option>--print-boot-path</option></term>
        <listitem><para>This option modifies the behaviour of <command>status</command>. Only prints the path
        to the Extended Boot Loader partition if it exists, and the path to the ESP otherwise to standard
        output and exit. This command is useful to determine where to place boot loader entries, as they are
        preferably placed in the Extended Boot Loader partition if it exists and in the ESP otherwise.</para>

        <para>Boot Loader Specification Type #1 entries should generally be placed in the directory
        <literal>$(bootctl -x)/loader/entries/</literal>. Existence of that directory may also be used as
        indication that boot loader entry support is available on the system. Similarly, Boot Loader
        Specification Type #2 entries should be placed in the directory <literal>$(bootctl
        -x)/EFI/Linux/</literal>.</para>

        <para>Note that this option (similarly to the <option>--print-boot-path</option> option mentioned
        above), is available independently from the boot loader used, i.e. also without
        <command>systemd-boot</command> being installed.</para>

        <xi:include href="version-info.xml" xpointer="v242"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-R</option></term>
        <term><option>--print-root-device</option></term>

        <listitem><para>Print the path to the block device node backing the root file system of the local
        OS. This prints a path such as <filename>/dev/nvme0n1p5</filename>. If the root file system is backed
        by dm-crypt/LUKS or dm-verity the underlying block device is returned. If the root file system is
        backed by multiple block devices (as supported by btrfs) the operation will fail. If the switch is
        specified twice (i.e. <option>-RR</option>) and the discovered block device is a partition device the
        "whole" block device it belongs to is determined and printed
        (e.g. <filename>/dev/nvme0n1</filename>). If the root file system is <literal>tmpfs</literal> (or a
        similar in-memory file system), the block device backing <filename>/usr/</filename> is returned if
        applicable. If the root file system is a network file system (e.g. NFS, CIFS) the operation will
        fail.</para>

        <xi:include href="version-info.xml" xpointer="v254"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--no-variables</option></term>
        <listitem><para>Do not touch the firmware's boot loader list stored in EFI variables.</para>

        <xi:include href="version-info.xml" xpointer="v220"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--graceful</option></term>
        <listitem><para>Ignore failure when the EFI System Partition cannot be found, when EFI variables
        cannot be written, or a different or newer boot loader is already installed. Currently only applies
        to <command>is-installed</command>, <command>update</command>, and <command>random-seed</command>
        verbs.</para>

        <xi:include href="version-info.xml" xpointer="v244"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>-q</option></term>
        <term><option>--quiet</option></term>

        <listitem><para>Suppress printing of the results of various commands and also the hints about ESP
        being unavailable.</para>

        <xi:include href="version-info.xml" xpointer="v251"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--make-entry-directory=yes|no</option></term>
        <listitem><para>Controls creation and deletion of the <ulink
        url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink> Type #1 entry
        directory on the file system containing resources such as kernel and initrd images during
        <option>install</option> and <option>remove</option>, respectively. The directory is named after the
        entry token, as specified with <option>--entry-token=</option> parameter described below, and is
        placed immediately below the <varname>$BOOT</varname> root directory (i.e. beneath the file system
        returned by the <option>--print-boot-path</option> option, see above). Defaults to
        <literal>no</literal>.</para>

        <xi:include href="version-info.xml" xpointer="v251"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--entry-token=</option></term>

        <listitem><para>Controls how to name and identify boot loader entries for this OS
        installation. Accepted during <option>install</option>, and takes one of <literal>auto</literal>,
        <literal>machine-id</literal>, <literal>os-id</literal>, <literal>os-image-id</literal> or an
        arbitrary string prefixed by <literal>literal:</literal> as argument.</para>

        <para>If set to <option>machine-id</option> the entries are named after the machine ID of the running
        system (e.g. <literal>b0e793a9baf14b5fa13ecbe84ff637ac</literal>). See
        <citerefentry><refentrytitle>machine-id</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
        details about the machine ID concept and file.</para>

        <para>If set to <option>os-id</option> the entries are named after the OS ID of the running system,
        i.e. the <varname>ID=</varname> field of
        <citerefentry><refentrytitle>os-release</refentrytitle><manvolnum>5</manvolnum></citerefentry> (e.g.
        <literal>fedora</literal>). Similarly, if set to <option>os-image-id</option> the entries are named
        after the OS image ID of the running system, i.e. the <varname>IMAGE_ID=</varname> field of
        <filename>os-release</filename> (e.g. <literal>vendorx-cashier-system</literal>).</para>

        <para>If set to <option>auto</option> (the default), the <filename>/etc/kernel/entry-token</filename>
        file will be read if it exists, and the stored value used.  Otherwise if the local machine ID is
        initialized it is used. Otherwise <varname>IMAGE_ID=</varname> from <filename>os-release</filename>
        will be used, if set.  Otherwise, <varname>ID=</varname> from <filename>os-release</filename> will be
        used, if set.</para>

        <para>Unless set to <literal>machine-id</literal>, or when
        <option>--make-entry-directory=yes</option> is used the selected token string is written to a file
        <filename>/etc/kernel/entry-token</filename>, to ensure it will be used for future entries. This file
        is also read by
        <citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
        in order to identify under which name to generate boot loader entries for newly installed kernels, or
        to determine the entry names for removing old ones.</para>

        <para>Using the machine ID for naming the entries is generally preferable, however there are cases
        where using the other identifiers is a good option. Specifically: if the identification data that the
        machine ID entails shall not be stored on the (unencrypted) <varname>$BOOT</varname> partition, or if
        the ID shall be generated on first boot and is not known when the entries are prepared. Note that
        using the machine ID has the benefit that multiple parallel installations of the same OS can coexist
        on the same medium, and they can update their boot loader entries independently. When using another
        identifier (such as the OS ID or the OS image ID), parallel installations of the same OS would try to
        use the same entry name. To support parallel installations, the installer must use a different entry
        token when adding a second installation.</para>

        <xi:include href="version-info.xml" xpointer="v251"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--all-architectures</option></term>
        <listitem><para>Install binaries for all supported EFI architectures (this implies <option>--no-variables</option>).</para>

        <xi:include href="version-info.xml" xpointer="v252"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--efi-boot-option-description=</option></term>
        <listitem><para>Description of the entry added to the firmware's boot option list. Defaults to <literal>Linux
        Boot Manager</literal>.</para>

        <para>Using the default entry name <literal>Linux Boot Manager</literal> is generally preferable as only
        one bootloader installed to a single ESP partition should be used to boot any number of OS installations
        found on the various disks installed in the system. Specifically distributions should not use this flag
        to install a branded entry in the boot option list. However in situations with multiple disks, each with
        their own ESP partition, it can be beneficial to make it easier to identify the bootloader being used in
        the firmware's boot option menu.</para>

        <xi:include href="version-info.xml" xpointer="v252"/></listitem>
      </varlistentry>

      <varlistentry>
        <term><option>--dry-run</option></term>
        <listitem><para>Dry run for <option>unlink</option> and <option>cleanup</option>.</para>

        <para>In dry run mode, the unlink and cleanup operations only print the files that would get deleted
        without actually deleting them.</para>

        <xi:include href="version-info.xml" xpointer="v253"/></listitem>
      </varlistentry>

      <xi:include href="standard-options.xml" xpointer="no-pager"/>
      <xi:include href="standard-options.xml" xpointer="json" />
      <xi:include href="standard-options.xml" xpointer="help"/>
      <xi:include href="standard-options.xml" xpointer="version"/>
    </variablelist>
  </refsect1>

  <refsect1>
    <title>Signed .efi files</title>
    <para><command>bootctl</command> <option>install</option> and <option>update</option> will look for a
    <command>systemd-boot</command> file ending with the <literal>.efi.signed</literal> suffix first, and copy
    that instead of the normal <literal>.efi</literal> file. This allows distributions or end-users to provide
    signed images for UEFI SecureBoot.</para>
  </refsect1>

  <refsect1>
    <title>Exit status</title>
    <para>On success, 0 is returned, a non-zero failure code otherwise. <command>bootctl
    --print-root-device</command> returns exit status 80 in case the root file system is not backed by single
    block device, and other non-zero exit statuses on other errors.</para>
  </refsect1>

  <refsect1>
    <title>Environment</title>
    <para>If <varname>$SYSTEMD_RELAX_ESP_CHECKS=1</varname> is set the validation checks for the ESP are
    relaxed, and the path specified with <option>--esp-path=</option> may refer to any kind of file system on
    any kind of partition.</para>

    <para>Similarly, <varname>$SYSTEMD_RELAX_XBOOTLDR_CHECKS=1</varname> turns off some validation checks for
    the Extended Boot Loader partition.</para>
  </refsect1>

  <refsect1>
    <title>Examples</title>

    <example>
      <title>Output from <command>status</command> and <command>list</command></title>

      <programlisting>$ <command>bootctl status</command>
System:
     Firmware: UEFI 2.40 (<replaceable>firmware-version</replaceable>)  ← firmware vendor and version
  Secure Boot: disabled (setup)              ← Secure Boot status
 TPM2 Support: yes
 Boot into FW: supported                     ← does the firmware support booting into itself

Current Boot Loader:                         ← details about sd-boot or another boot loader
      Product: systemd-boot <replaceable>version</replaceable>            implementing the <ulink
    url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>
     Features: ✓ Boot counting
               ✓ Menu timeout control
               ✓ One-shot menu timeout control
               ✓ Default entry control
               ✓ One-shot entry control
               ✓ Support for XBOOTLDR partition
               ✓ Support for passing random seed to OS
               ✓ Load drop-in drivers
               ✓ Boot loader sets ESP information
               ✓ Menu can be disabled
          ESP: /dev/disk/by-partuuid/01234567-89ab-cdef-dead-beef00000000
         File: └─/EFI/systemd/systemd-bootx64.efi

Random Seed:                                 ← random seed used for entropy in early boot
 Passed to OS: yes
 System Token: set
       Exists: yes

Available Boot Loaders on ESP:
          ESP: /boot/efi (/dev/disk/by-partuuid/01234567-89ab-cdef-dead-beef00000000)
         File: └─/EFI/systemd/systemd-bootx64.efi (systemd-boot 251
         File: └─/EFI/BOOT/BOOTX64.EFI (systemd-boot 251

Boot Loaders Listed in EFI Variables:
        Title: Linux Boot Manager
           ID: 0x0001
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/…
         File: └─/EFI/systemd/systemd-bootx64.efi

        Title: Fedora
           ID: 0x0000
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/…
         File: └─/EFI/fedora/shimx64.efi

        Title: Linux-Firmware-Updater
           ID: 0x0002
       Status: active, boot-order
    Partition: /dev/disk/by-partuuid/…
         File: └─/EFI/fedora/fwupdx64.efi

Boot Loader Entries:
        $BOOT: /boot/efi (/dev/disk/by-partuuid/01234567-89ab-cdef-dead-beef00000000)

Default Boot Loader Entry:
         type: Boot Loader Specification Type #1 (.conf)
        title: Fedora Linux 36 (Workstation Edition)
           id: …
       source: /boot/efi/loader/entries/<replaceable>entry-token</replaceable>-<replaceable>kernel-version</replaceable>.conf
      version: <replaceable>kernel-version</replaceable>
   machine-id: …
        linux: /<replaceable>entry-token</replaceable>/<replaceable>kernel-version</replaceable>/linux
       initrd: /<replaceable>entry-token</replaceable>/<replaceable>kernel-version</replaceable>/initrd
      options: root=…
</programlisting>

      <programlisting>$ <command>bootctl list</command>
Boot Loader Entries:
         type: Boot Loader Specification Type #1 (.conf)
        title: Fedora Linux 36 (Workstation Edition) (default) (selected)
           id: …
       source: /boot/efi/loader/entries/<replaceable>entry-token</replaceable>-<replaceable>kernel-version</replaceable>.conf
      version: <replaceable>kernel-version</replaceable>
   machine-id: …
        linux: /<replaceable>entry-token</replaceable>/<replaceable>kernel-version</replaceable>/linux
       initrd: /<replaceable>entry-token</replaceable>/<replaceable>kernel-version</replaceable>/initrd
      options: root=…

         type: Boot Loader Specification Type #2 (.efi)
        title: Fedora Linux 35 (Workstation Edition)
           id: …
       source: /boot/efi/EFI/Linux/fedora-<replaceable>kernel-version</replaceable>.efi
      version: <replaceable>kernel-version</replaceable>
   machine-id: …
        linux: /EFI/Linux/fedora-<replaceable>kernel-version</replaceable>.efi
      options: root=…

         type: Automatic
        title: Reboot Into Firmware Interface
           id: auto-reboot-to-firmware-setup
       source: /sys/firmware/efi/efivars/LoaderEntries-4a67b082-0a4c-41cf-b6c7-440b29bb8c4f
</programlisting>

       <para>In the listing, <literal>(default)</literal> specifies the entry that will be
       used by default, and <literal>(selected)</literal> specifies the entry that was
       selected the last time (i.e. is currently running).</para>
    </example>
  </refsect1>

  <refsect1>
    <title>See Also</title>
    <para><simplelist type="inline">
      <member><citerefentry><refentrytitle>systemd-boot</refentrytitle><manvolnum>7</manvolnum></citerefentry></member>
      <member><ulink url="https://uapi-group.org/specifications/specs/boot_loader_specification">Boot Loader Specification</ulink></member>
      <member><ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink></member>
      <member><citerefentry><refentrytitle>systemd-boot-random-seed.service</refentrytitle><manvolnum>8</manvolnum></citerefentry></member>
    </simplelist></para>
  </refsect1>
</refentry>