Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

My humble boot installer, no explicit bootloader, straight to the kernel:

    #!/bin/bash
    set -ueo pipefail

    # Remount EFI partition read/write and restore to readonly when done

    trap 'mount /sys/firmware/efi/efivars/ -o ro,remount &>/dev/null || true' EXIT
    mount /sys/firmware/efi/efivars/ -o rw,remount &>/dev/null || true

    # Remove all existing Arch Linux entries

    efibootmgr | grep 'Arch Linux' | grep -Po 'Boot\K\d+' | while read -r bn; do
      efibootmgr --delete-bootnum -b "$bn" &> /dev/null
    done || true

    # Install boot entry

    efibootmgr --verbose \
      --create --disk /dev/disk/by-id/nvme-abcdef --part 1 --label "Arch Linux" \
      --loader /vmlinuz-${_linux} \
      --unicode "initrd=\\intel-ucode.img initrd=\\initramfs-linux.img OTHER-KERNEL-BOOT-PARAMS"
EDIT: added initrd boot params


If you want to add an initrd, create an EFI payload: https://wiki.archlinux.org/title/Unified_kernel_image#Manual...

$ stub_line=$(objdump -h "/usr/lib/systemd/boot/efi/linuxx64.efi.stub" | tail -2 | head -1)

$ stub_size=0x$(echo "$stub_line" | awk '{print $3}')

$ stub_offs=0x$(echo "$stub_line" | awk '{print $4}')

$ osrel_offs=$((stub_size + stub_offs))

$ cmdline_offs=$((osrel_offs + $(stat -c%s "/usr/lib/os-release")))

$ splash_offs=$((cmdline_offs + $(stat -c%s "/etc/kernel/cmdline")))

$ linux_offs=$((splash_offs + $(stat -c%s "/usr/share/systemd/bootctl/splash-arch.bmp")))

$ initrd_offs=$((linux_offs + $(stat -c%s "vmlinuz-file")))

$ objcopy \

    --add-section .osrel="/usr/lib/os-release" --change-section-vma .osrel=$(printf 0x%x $osrel_offs) \

    --add-section .cmdline="/etc/kernel/cmdline" \

    --change-section-vma .cmdline=$(printf 0x%x $cmdline_offs) \

    --add-section .splash="/usr/share/systemd/bootctl/splash-arch.bmp" \

    --change-section-vma .splash=$(printf 0x%x $splash_offs) \

    --add-section .linux="vmlinuz-file" \

    --change-section-vma .linux=$(printf 0x%x $linux_offs) \

    --add-section .initrd="initrd-file" \

    --change-section-vma .initrd=$(printf 0x%x $initrd_offs) \

    "/usr/lib/systemd/boot/efi/linuxx64.efi.stub" "linux.efi"
The resulting linux.efi" can be added directly with efibootmgr, and contains the kernel boot parameters (cmdline)


uh - you just specify the location of your initramfs in the kernel boot params and that's it, no need for all the above


You hadn't specified it at first, so I thought it might be helpful to provide a more complete example with different parts (like the initrd) and offsets, with a gummiboot stub


Having kernel and initrd separate makes things more complicated and brittle.

Also a secure boot setup is much more difficult this way.

I for my part love the UKI. Never had a simpler boot setup!


> a secure boot setup is much more difficult this way.

Is it? Don't you just sign the bootable kernel image that already has the initrd and command-line built in?

Oh, I guess if you're using Microsoft as a CA I can see why that would be tricky.


I think this is a misunderstanding. I've said secure boot is much more difficult in case kernel and initrd are separate.

In case of a UKI it's very simple of course. Just sign the boot image.

That's why I love the UKI. :-)




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: