====
dracut-efi-simple
is a pacman hook intended to create a simple unified kernel image and backup the current one. Some of the work done here is based on dracut-uefi-hook AUR package.
What this hook does:
- backs up
/efi/BOOT/Arch/linux-signed.efi
(if it exists) to/efi/BOOT/Arch/linux-signed-bkp.efi
. - generates a new image on
/efi/BOOT/Arch/linux-signed.efi
. - prints the current EFI bootlist.
- triggers image creation if any kernel/microcode/systemd related packages/paths are updated.
What this hook doesn't do:
The hook itself is not intended to do secureboot kernel image signing like sbupdate neither I have the intention to make those distro-agnostic, configuration-oriented, etc. Some paths like /efi/BOOT/Arch/
are fixed cause that's the standard i've adopted on my setups for the directories inside the ESP
. Also, other distributions rely heavily on dracut to create inital ramdisks and most of those distro-specific scripts will make the dracut configuration example(below) error prone.
This is the usecase for dracut-efi-simple
since i'm trying to replace sbupdate
+mkinitcpio
with pure dracut
.
This hook will not handle efibootmgr
automatic EFI entry creation tasks as well(see below).
See my example here
Make sure your user is able to sudo
.
git clone https://github.com/nwildner/dracut-uefi-simple.git
cd dracut-uefi-simple
makepkg -si
Answer y
and you are good to go. Whenever some key kernel related packages are updated, this hook will automatically run
Double-check if you are able to create efi entries with bootctl | grep -i 'boot loader sets'
then create EFI entries:
efibootmgr -c -d /dev/sda -p 1 --label "Arch Backup" -l "BOOT\Arch\linux-signed-bkp.efi" --verbose
efibootmgr -c -d /dev/sda -p 1 --label "Arch" -l "BOOT\Arch\linux-signed.efi" --verbose
Replace sda
with your disk name, and change --label
to any name you want. The last entry created gets the boot priority and that's why backup image is added first.