User:Vaukai/EFI stub

The (U)EFI firmware present in many computers functions as a boot manager, allowing systems to boot by the use of a compatible EFI bootloader. By making the Linux kernel itself such a bootloader, called EFI stub, such a configuration will boot without the need of a secondary bootloader. This article provides instructions on configuring and installing unsigned kernels in the EFI System Partition (ESP) of a computer running in EFI mode. This requires secure boot to be disabled.

Kernel configuration

In order to boot directly from UEFI, the kernel needs to know where to find the root (/) partition of the system to be booted. Enable

• EFI runtime service support (CONFIG_EFI),
• EFI stub support (CONFIG_EFI_STUB)
• Built-in kernel command line (CONFIG_CMDLINE_BOOL)
• and add the root partition path (example: /dev/sda2) or its PARTUUID to (CONFIG_CMDLINE).

Processor type and features  --->
    [*] EFI runtime service support 
    [*]   EFI stub support
    [ ]     EFI mixed-mode support
    ...
    ...
    [*] Built-in kernel command line
    (root=/dev/sda2)

Using root=PARTUUID= might be preferable. To find out use blkid:

/dev/sda2: UUID="d1e0c1e0-3a40-42c5-8931-cfa2c7deae32" TYPE="ext4" PARTUUID="adf55784-15d9-4ca3-bb3f-56de0b35d88d"

Processor type and features  --->
    [*] Built-in kernel command line
    (root=PARTUUID=adf55784-15d9-4ca3-bb3f-56de0b35d88d)

Installation

If an EFI System Partition (ESP) does not exist, one needs to be created. Still in the kernel directory, build the kernel and install the modules:

Have the ESP (in this example /dev/sda1) mounted at /boot:

Copy or move the kernel image to the right place adding version number and the .efi suffix:

In the ESP it should then be listed like:

 /boot
 └── EFI
     └── Gentoo
         └── bzImage-4.9.76-r1.efi

Alternatively the fallback directory /boot/EFI/Boot could be used additionally to or instead of /boot/EFI/Gentoo. Alternatively vmlinuz can be copied (or moved) instead of the bzImage.

Next, update the NVRAM creating a new boot entry using e.g. efibootmgr.

Microcode loading (Intel)

An efistub compatible method to load microcode without using an initramfs can be found in the Intel microcode article.

Microcode loading (AMD)

An efistub compatible method to load microcode without using an initramfs can be found in the AMD microcode article.

Optional: initramfs

See the Generating the Initramfs and Using a Stub Kernel sections of the Early Userspace Mounting article.

Optional: Secure boot

There is a forums post and another wiki article explaining in detail how to sign the kernel and enable secure boot.

Troubleshooting

• Forums topic - BIOS losing the names of the EFI ESPs
• Older kernels compiled with gcc:10 crashed at boot (bug #721734#c4).
• Users of sys-kernel/gentoo-kernel-bin can specify the root partition path with the root= parameter using efibootmgr:

root #efibootmgr -c -L "Gentoo Linux" -l '\EFI\Gentoo\bootx64.efi' -u 'root=PARTUUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'

To create a boot entry with efibootmgr and hibernation on swap partition:

root #efibootmgr -c -L "Gentoo Linux" -l '\EFI\Gentoo\bootx64.efi' -u 'root=PARTUUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX resume=PARTUUID=XXXXXXXX-XXXX-XXXX-XXXX-XXXXXXXXXXXX'

See also

• UEFI — a firmware standard for boot ROM designed to provide a stable API for interacting with system hardware. On x86 it replaced the legacy BIOS.
• Efibootmgr — a tool for managing UEFI boot entries.
• Architecture specific kernel configuration (AMD64 Handbook)
• REFInd — a boot manager for UEFI platforms.

External resources

• Linux Kernel Documentation on EFI Stub
• EFI Stub - booting without a bootloader Blog posting which this article is partially based on.
• EFI bootloaders listing alternative ways to boot an (U)EFI system.
• EFISTUB on wiki.archlinux.org
• Gentoo Forums: Suspend and Hibernate with UEFI
• http://www.kroah.com/log/blog/2013/09/02/booting-a-self-signed-linux-kernel/

References