Unified kernel image

A unified kernel image is a single executable which can be booted directly from UEFI firmware, or automatically sourced by boot-loaders with little or no configuration.

Although Arch supported kernels themselves can be loaded by UEFI firmware, a unified image allows to incorporate:

The resulting executable, and therefore all these elements can then be easily signed for use with Secure Boot.

Note: In the entire article esp denotes the mountpoint of the EFI system partition.

Preparing a unified kernel image

mkinitpcio

One can test the feature by running as an example

# mkinitcpio -p linux -- --uefi esp/EFI/Linux/test-systemd.efi

This would produce a kernel image for the linux preset.

.preset file

First, modify /etc/mkinitcpio.d/linux.preset, or the preset that you are using, as follows, with the appropriate mount point of the EFI system partition :

  • If your system requires Microcode, add ALL_microcode=(/boot/*-ucode.img) to tell mkinitcpio where to find it.
  • Add a PRESET_efi_image= parameter for each item in PRESETS=, i.e. default_efi_image="esp/EFI/Linux/archlinux-linux.efi" and fallback_efi_image="esp/EFI/Linux/archlinux-linux-fallback.efi". This sets the executable filename.
  • Optionally, append --splash /usr/share/systemd/bootctl/splash-arch.bmp to each PRESET_options= line to add a splash image, i.e. and .

Here is a working example for the kernel and the Arch splash screen.

This second example builds a default image for and a fallback image for linux-lts :

Tip: If you are using multiple kernels, make sure your ESP has enough space, as mkinitcpio currently builds both the initramfs-*.img and the *.efi executable, thereby doubling the space used. See

Kernel command line

Next, create with your kernel parameters. 

# cp /proc/cmdline /etc/kernel/cmdline

For example:

Tip: The bgrt_disable parameter tells Linux to not display the OEM logo after loading the ACPI tables.

Finally, regenerate the initramfs.

dracut

Place your command line parameters in ie.

Generate the image with:

# dracut -f -q --uefi --uefi-splash-image /usr/share/systemd/bootctl/splash-arch.bmp

Also see dracut#Generate a new initramfs on kernel upgrade.

Manually

Put the kernel command line you want to use in a file, and create the bundle file using .

For microcode, first concatenate the microcode file and your initrd, as follows:

$ cat /boot/cpu_manufacturer-ucode.img /boot/initramfs-linux.img > /tmp/combined_initrd.img

When building the unified kernel image, passing as the initrd. This file can be afterwards.

See for an explanation on why these exact numbers were chosen.

After creating the image, copy it to the EFI system partition:

# cp linux.efi esp/EFI/Linux/

Booting

systemd-boot

systemd-boot searches in for unified kernel images, and there is no further configuration needed. See

Directly from UEFI

efibootmgr can be used to create a UEFI boot entry for the .efi file:

# efibootmgr --create --disk /dev/sdX --part partition_number --label "label" --loader 'EFI\Linux\file.efi' --verbose

See for an explanation of the options.

See also
This article is issued from Archlinux. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.