From: Luca Boccassi Date: Wed, 29 Apr 2026 14:36:32 +0000 (+0100) Subject: man: add section about systemd-boot Type#1 sidecars X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;ds=sidebyside;p=thirdparty%2Fsystemd.git man: add section about systemd-boot Type#1 sidecars Follow-up for 6b1324fb867d89147585ee20160dbe8f37beefc8 Co-developed-by: Claude Opus 4.7 --- diff --git a/man/systemd-boot.xml b/man/systemd-boot.xml index dab10ed8ef1..1acf5d083e5 100644 --- a/man/systemd-boot.xml +++ b/man/systemd-boot.xml @@ -406,6 +406,66 @@ loader.conf5. + + Companion Files + + For Type #1 boot loader entries (as defined in the UAPI.1 Boot Loader + Specification) systemd-boot will collect additional companion resources + declared via the extra key in the entry, dynamically generate + cpio initrd archives from them, and register those archives via the Linux initrd EFI + protocol so that they are passed to the kernel together with the entry's own initrd. This is supported + for entries referencing a Unified Kernel Image (UKI) via the uki or + uki-url keys. Each extra key references a single regular file + (relative to the root of the file system containing the entry snippet) and the key may be specified + multiple times. Companion resources are recognized by file name suffix: + + + Files with the .cred suffix are packed into a + cpio archive placed in the /.extra/credentials/ directory of + the initrd file hierarchy. This is intended to convey auxiliary, encrypted, authenticated credentials + for use with LoadCredentialEncrypted=. See + systemd.exec5 and + systemd-creds1 for + details on encrypted credentials. The generated cpio archive is measured into TPM + PCR 12 (if a TPM is present). + + Files with the .sysext.raw suffix are packed into a + cpio archive placed in the /.extra/sysext/ directory of the + initrd file hierarchy. This is intended to pass additional entry-specific system extension images to + the initrd. See + systemd-sysext8 for + details on system extension images. The generated cpio archive is measured into TPM + PCR 13 (if a TPM is present). + + Files with the .confext.raw suffix are packed into a + cpio archive placed in the /.extra/confext/ directory of the + initrd file hierarchy. This is intended to pass additional entry-specific configuration extension + images to the initrd. See + systemd-confext8 + for details on configuration extension images. The generated cpio archive is + measured into TPM PCR 12 (if a TPM is present). + + + When the booted kernel is a UKI, the systemd-stub UEFI stub embedded in it will + combine the companion resources injected here with any companion files it itself collects from the UKI's + .extra.d/ drop-in directory and from /loader/credentials/ and + /loader/extensions/, so that all sources are merged uniformly into + /.extra/ in the initrd. See + systemd-stub7 for + details. + + Example Type #1 entry making use of the extra key: + + title My OS +version 1.2.3 +machine-id 6a9857a393724b7a981ebb5b8495b9ea +uki /6a9857a393724b7a981ebb5b8495b9ea/1.2.3/img.efi +extra /6a9857a393724b7a981ebb5b8495b9ea/1.2.3/foo.cred +extra /6a9857a393724b7a981ebb5b8495b9ea/1.2.3/bar.sysext.raw +extra /6a9857a393724b7a981ebb5b8495b9ea/1.2.3/baz.confext.raw + + EFI Variables