1LOADER.CONF(5) loader.conf LOADER.CONF(5)
2
6 loader.conf - Configuration file for systemd-boot
7
9 ESP/loader/loader.conf, ESP/loader/entries/*.conf
10 XBOOTLDR/loader/entries/*.conf
11
13 systemd-boot(7) will read ESP/loader/loader.conf, and any files with
14 the ".conf" extension under ESP/loader/entries/ on the EFI system
15 partition (ESP), and XBOOTLDR/loader/entries/ on the extended boot
16 loader partition (XBOOTLDR) as defined by Boot Loader Specification[1].
17 Each of these configuration files must consist of series of newline
19 (i.e. ASCII code 10) separated lines, each consisting of an option
20 name, followed by whitespace, and the option value. "#" may be used to
21 start a comment line. Empty and comment lines are ignored. The files
22 use UTF-8 encoding.
23 Boolean arguments may be written as "yes"/"y"/"true"/"t"/"on"/"1" or
25 "no"/"n"/"false"/"f"/"off"/"0".
26
28 The configuration options supported by ESP/loader/entries/*.conf and
29 XBOOTLDR/loader/entries/*.conf files are defined as part of the Boot
30 Loader Specification[1].
31 The following configuration are supported by the loader.conf
33 configuration file:
34 default
36 A glob pattern to select the default entry. The default entry may
37 be changed in the boot menu itself, in which case the name of the
38 selected entry will be stored as an EFI variable, overriding this
39 option.
40 If set to "@saved" the chosen entry will be saved as an EFI
42 variable on every boot and automatically selected the next time the
43 boot loader starts.
44 Table 1. Automatically detected entries will use the following
46 names:
47 ┌──────────────────────────────┬──────────────────────┐
48 │Name │ Description │
49 ├──────────────────────────────┼──────────────────────┤
50 │auto-efi-default │ EFI Default Loader │
51 ├──────────────────────────────┼──────────────────────┤
52 │auto-efi-shell │ EFI Shell │
53 ├──────────────────────────────┼──────────────────────┤
54 │auto-osx │ macOS │
55 ├──────────────────────────────┼──────────────────────┤
56 │auto-reboot-to-firmware-setup │ Reboot Into Firmware │
57 │ │ Interface │
58 ├──────────────────────────────┼──────────────────────┤
59 │auto-windows │ Windows Boot Manager │
60 └──────────────────────────────┴──────────────────────┘
61 timeout
63 How long the boot menu should be shown before the default entry is
64 booted, in seconds. This may be changed in the boot menu itself and
65 will be stored as an EFI variable in that case, overriding this
66 option.
67 If set to "menu-hidden" or "0" (the default) no menu is shown and
69 the default entry will be booted immediately. The menu can be shown
70 by pressing and holding a key before systemd-boot is launched.
71 Setting this to "menu-force" disables the timeout while always
72 showing the menu.
73 console-mode
75 This option configures the resolution of the console. Takes a
76 number or one of the special values listed below. The following
77 values may be used:
78 0
80 Standard UEFI 80x25 mode
81 1
83 80x50 mode, not supported by all devices
84 2
86 the first non-standard mode provided by the device firmware, if
87 any
88 auto
90 Pick a suitable mode automatically using heuristics
91 max
93 Pick the highest-numbered available mode
94 keep
96 Keep the mode selected by firmware (the default)
97 editor
99 Takes a boolean argument. Enable (the default) or disable the
100 editor. The editor should be disabled if the machine can be
101 accessed by unauthorized persons.
102 auto-entries
104 Takes a boolean argument. Enable (the default) or disable entries
105 for other boot entries found on the boot partition. In particular,
106 this may be useful when loader entries are created to show
107 replacement descriptions for those entries.
108 auto-firmware
110 A boolean controlling the presence of the "Reboot into firmware"
111 entry (enabled by default). If this is disabled, the firmware
112 interface may still be reached by using the f key.
113 beep
115 Takes a boolean argument. If timeout enabled beep every second,
116 otherwise beep n times when n-th entry in boot menu is selected
117 (default disabled). Currently, only x86 is supported, where it uses
118 the PC speaker.
119 reboot-for-bitlocker
121 Caveat: This feature is experimental, and is likely to be changed
122 (or removed in its current form) in a future version of systemd.
123 Work around BitLocker requiring a recovery key when the boot loader
125 was updated (disabled by default).
126 Try to detect BitLocker encrypted drives along with an active TPM.
128 If both are found and Windows Boot Manager is selected in the boot
129 menu, set the "BootNext" EFI variable and restart the system. The
130 firmware will then start Windows Boot Manager directly, leaving the
131 TPM PCRs in expected states so that Windows can unseal the
132 encryption key. This allows systemd-boot to be updated without
133 having to provide the recovery key for BitLocker drive unlocking.
134 Note that the PCRs that Windows uses can be configured with the
136 "Configure TPM platform validation profile for native UEFI firmware
137 configurations" group policy under "Computer
138 Configuration\Administrative Templates\Windows Components\BitLocker
139 Drive Encryption". When secure boot is enabled, changing this to
140 PCRs "0,2,7,11" should be safe. The TPM key protector needs to be
141 removed and then added back for the PCRs on an already encrypted
142 drive to change. If PCR 4 is not measured, this setting can be
143 disabled to speed up booting into Windows.
144 random-seed-mode
146 Takes one of "off", "with-system-token" and "always". If "off" no
147 random seed data is read off the ESP, nor passed to the OS. If
148 "with-system-token" (the default) systemd-boot will read a random
149 seed from the ESP (from the file /loader/random-seed) only if the
150 LoaderSystemToken EFI variable is set, and then derive the random
151 seed to pass to the OS from the combination. If "always" the boot
152 loader will do so even if LoaderSystemToken is not set. This mode
153 is useful in environments where protection against OS image reuse
154 is not a concern, and the random seed shall be used even with no
155 further setup in place. Use bootctl random-seed to initialize both
156 the random seed file in the ESP and the system token EFI variable.
157 See Random Seeds[2] for further information.
159
161 # /boot/efi/loader/loader.conf
162 timeout 0
163 default 01234567890abcdef1234567890abdf0-*
164 editor no
165 The menu will not be shown by default (the menu can still be shown by
168 pressing and holding a key during boot). One of the entries with files
169 with a name starting with "01234567890abcdef1234567890abdf0-" will be
170 selected by default. If more than one entry matches, the one with the
171 highest priority will be selected (generally the one with the highest
172 version number). The editor will be disabled, so it is not possible to
173 alter the kernel command line.
174
176 systemd-boot(7), bootctl(1)
177
179 1. Boot Loader Specification
180 https://systemd.io/BOOT_LOADER_SPECIFICATION
181 2. Random Seeds
183 https://systemd.io/RANDOM_SEEDS
184systemd 251 LOADER.CONF(5)