Several people have asked me for a tutorial on how to convert an existing EndeavourOS install to systemd-boot, an alternative to grub.
The first question is who should install systemd-boot. From my perspective, here are the reasons to install systemd-boot
- systemd-boot is less complicated than grub. It uses simple text based config files which only contain a few lines
- It is less prone to breakage, easy to troubleshoot and doesn’t require any process to rebuild config files
On the other hand, simplicity comes with limitations
- It only supports UEFI
- It doesn’t have all the advanced features of grub
- Your kernels must be kept inside your efi partition so it needs to be large enough to hold them all
To be clear, systemd-boot won’t add any new functionality to your system. It is really for those who prefer simplicity or just like trying new things.
Systemd-boot is quite simple to install. However, because I am going to be presenting two options for managing it, this tutorial will be quite a bit longer than the actual process. It generally should only take 5-10 minutes to convert your setup.
IMPORTANT NOTES:
- It is of critical importance that you not stop halfway or reboot during the process. Once you start converting your system you need to finish it. If you don’t, your system won’t boot.
- If you get an error, don’t ignore it and keep going. Stop and fix the error or ask for help.
- I strongly recommend updating your system and rebooting before you start this process.
- Whenever you mess with your bootloader, it is a good idea to have a copy of the ISO ready to boot off of in the event something goes wrong.
- If you use LUKS on any partitions please see the section at the bottom on special handling for LUKS
With that, lets get started.
Install systemd-boot
The first thing is to ensure that your efi partition is large enough. Run the command du -sh /boot
and compare that to the size of your EFI partition. Your EFI partition needs to be larger than the output of the command. If it is, you can continue. If not, you need to enlarge the partition before going any further.
Next we need to remove grub:
sudo pacman -Rc grub
Now we need to move the kernels and images from /boot
into the EFI partition and move it. The partion can be mounted at /boot
or /efi
. For the remainder of this tutorial we will be using /efi
sudo mkdir /efi
efidevice=$(findmnt /boot/efi -no SOURCE) # save the efi partition location
sudo umount /boot/efi
sudo mount ${efidevice} /efi
# To make the mount change permanent, edit `/etc/fstab` and change where it reads `/boot/efi` to `/efi`
Next we can install systemd-boot
sudo bootctl install
# Edit the file `/efi/loader/loader.conf` and uncomment the "timeout" line.
Technically speaking, you have now successfully installed systemd-boot. Congrats!
Of course, since we haven’t added any boot entries or other config, if you reboot now you will be sitting at a screen where the only option is to enter your firmware interface.
From here, we need to discuss our options. In systemd-boot, the boot menu options are called loader entries. An entry needs to be created for each kernel/initramfs combo. There are two ways to do this. There is the legacy way where we manually create kernel entries or we can used the more modern approach of using systemd-boot’s built-in kernel-install
command. Here are the pros/cons of each approach.
Legacy/Manual:
- Requires less changes to the system, file locations for kernels and initrds will be at the locations you are accustomed to
- You will need to manually create entry files for each kernel you install
- If you multi-boot, kernel collision can occur unless you work around this manually
kernel-install:
- A more modern approach
- Completely automates the process of entry creation and removal
- Safe for multi-booting since it moves your kernels and images to a installation specific subdirectory
- It may take some adapting to the fact that
/boot
will now be empty
Once you choose which option you prefer, you can follow the instructions below.
ANOTHER IMPORTANT NOTE: Don’t try to follow both sets of instructions. You must choose either legacy/manual or kernel-install
Legacy/Manual:
Move your kernels and images to /efi and use a symbolic link to connect your efi partition to /boot
. Alternatively, you could just mount your efi partition on /boot
instead of /efi
. If you do that, you will need to alter the below instructions a bit.
sudo mv /boot/*.img /boot/vmlinuz* /efi/.
sudo rm -r /boot # cleanup /boot
sudo ln -s /efi /boot
Either create a hook to automatically keep systemd-boot up-to-date following the instructions here or install the AUR package systemd-boot-pacman-hook
which does the exact same thing. For this example, we will use the AUR package:
yay -S systemd-boot-pacman-hook
Now you must create an entry conf file for each kernel as described here. If you want fallback entries you must add these as well. Don’t forget to add initrd
lines for your microcode. If you want to know what you current kernel options are you can see them with cat /proc/cmdline
. The initrds get their own line and the rest goes into the “option” line of the loader entry.
As an example, here are what the entries look like on my test VM:
/efi/loader/entries/eos-linux.conf
title EndeavourOS
linux /vmlinuz-linux
initrd /initramfs-linux.img
options root=UUID=5aa3e4e1-7e37-4bd6-95ce-7324a040785b rw loglevel=3 nowatchdog
/efi/loader/entries/eos-linux-fallback.conf
title EndeavourOS (fallback)
linux /vmlinuz-linux
initrd /initramfs-linux-fallback.img
options root=UUID=5aa3e4e1-7e37-4bd6-95ce-7324a040785b rw loglevel=3 nowatchdog
That is it, now you can reboot. If you install/remove any kernels, you need to add/remove the loader entries for them. As an alternative, you can look into automating this using systemd-boot-manager
. More info on that can be found here. However, if you want automation, I would consider using the kernel-install method instead.
kernel-install
Getting kernel-install fully functional on Arch/EOS turned out to be a bit of work. The good news is, that work has all been done and a package which handles all the automation is here.
The first thing to do is to install that package. Like this:
mkdir eos-systemd-boot
cd eos-systemd-boot
wget https://gitlab.com/dalto.8/eos-systemd-boot/-/raw/master/PKGBUILD
makepkg -i
Now we need to get your machine ready for kernel-install and run kernel-install on all your installed kernels. You can either save the below as a script and run it or run the commands one at a time. If you run it manually, the mkdir and kernel-install will need to be run as with sudo. Otherwise, just run the whole script with sudo.
#!/usr/bin/env bash
# Find the configured esp
esp=$(bootctl -p)
# Prepare the efi partition for kernel-install
machineid=$(cat /etc/machine-id)
if [[ ${machineid} ]]; then
mkdir ${esp}/${machineid}
else
echo "Failed to get the machine ID"
fi
# Run kernel install for all the installed kernels
while read -r kernel; do
kernelversion=$(basename "${kernel%/vmlinuz}")
echo "Installing kernel ${kernelversion}"
kernel-install add ${kernelversion} ${kernel}
done < <(find /usr/lib/modules -maxdepth 2 -type f -name vmlinuz)
Lastly, we can cleanup /boot
sudo rm -r /boot/efi /boot/grub /boot/initramfs* /boot/vmlinuz*
Now you can reboot into your new system. As you install/remove kernels, the whole process should be automated.
Special handling for LUKS
By default there is a keyfile in the initramfs. With systemd-boot, the initramfs is now in the ESP. This means that your keyfile is now in an unencrypted location. That is bad.
The good news is that shouldn’t need a keyfile in your initramfs with systemd-boot so we can simply remove it. Here is how:
Carefully follow the following steps:
- Edit
/etc/mkinitcpio.conf
and remove/crypto_keyfile.bin
from the files section. - Rebuild your initramfs with
sudo mkinitcpio -P
- Reboot and make sure everything is still working. You should get asked for your password.
If you no longer need the keyfile at all, you can remove it completely. Be aware, if you have more than one luks partition, removing this keyfile may cause you to be asked for your password more than once.
- Use
cryptsetup
to delete the key from the luks partition
Replacesudo cryptsetup luksRemoveKey /dev/sdxy /crypto_keyfile.bin
/dev/sdxy
with the partition you have luks installed on. - Delete the keyfile from the disk -
sudo rm /crypto_keyfile.bin
While I have done this a couple of times without issue, keep in mind that whenever you mess around with your luks partition you run the risk of locking yourself out so it is wise to have a backup.
How to modify kernel options
A couple of people have asked my how to modify kernel options as you would in grub by editing GRUB_CMDLINE_LINUX
and then running grub-mkconfig
.
In systemd-boot, it is actually quite simple. You edit the appropriate entry file which can be found on your EFI partition in the loader/entries
directory. Each entry is a boot option on the menu and each has a line called options
. Simply edit that line to suit your liking. If you are using the manual method described above, there is nothing else to do.
It is slightly more complicated if you are using the kernel-install method. The reason is that the kernel-install
is generating the entries for you. So you can edit them, and that will work but the next time you install/update a kernel they will be reset. Although it isn’t fully needed to understand the details of how that works, I think it is worth explaining for those interested. If you just want instructions, then skip the next part.
How kernel-install determines what kernel options to set
Generally speaking, kernel-install
takes the running kernel options from /proc/cmdline
unless you have specific settings in /etc/kernel/cmdline
. The latter will always take precedence. So that means, by default, if you make a change to the running options or change the entry file and reboot, those changes will automatically get picked up.
This sounds great and it works great too. Well…it works great until you need to rescue your system in a chroot. Now the running kernel has the completely wrong options. If you understand(and remember) all this then when you are in the chroot you can simply copy the options line from one of your entries into /etc/kernel/cmdline
and all will be good. However, if you don’t know, don’t remember or don’t have access to the existing entries, your entries will get populated with bad kernel options and your rescue attempts will have become more complicated.
When I built the automation around kernel-install, I wanted it to be as simple and automated as possible. I also didn’t want the end-user to have to understand how it worked to be able to use it. So what the hooks/scripts do is whenever a kernel is installed/updated, if /etc/kernel/cmdline
doesn’t exist then the running kernel options are saved into it. That means that if you are ever in chroot you should have a good copy of the proper kernel options you need and everything should “just work” without you having to worry about it.
Enough about the details, how do I change the options?
There are actually a few different ways you can do this. Here are a couple of good ways. Keep in mind, you only need to use one of these methods, not both of them.
- You can modify the entry file you are using manually and reboot. Once you have it working to your satisfaction, delete
/etc/kernel/cmdline
. The next time you install/update a kernel it will get created again with your new options. - You can modify
/etc/kernel/cmdline
and then either reinstall your kernel or callkernel-install
directly to regenerate your entry. Reinstalling a kernel is probably easier to remember but if you would prefer to call it manually, an example of how you would do that is below.kernel-install add 5.10.43-1-lts /usr/lib/modules/5.10.43-1-lts/vmlinuz