1<?xml version='1.0'?> <!--*-nxml-*-->
2<!DOCTYPE refentry PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN"
3  "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd">
4<!-- SPDX-License-Identifier: LGPL-2.1-or-later -->
5
6<refentry id="systemd-boot" conditional='HAVE_GNU_EFI'
7    xmlns:xi="http://www.w3.org/2001/XInclude">
8  <refentryinfo>
9    <title>systemd-boot</title>
10    <productname>systemd</productname>
11  </refentryinfo>
12
13  <refmeta>
14    <refentrytitle>systemd-boot</refentrytitle>
15    <manvolnum>7</manvolnum>
16  </refmeta>
17
18  <refnamediv>
19    <refname>systemd-boot</refname>
20    <refname>sd-boot</refname>
21    <refpurpose>A simple UEFI boot manager</refpurpose>
22  </refnamediv>
23
24  <refsect1>
25    <title>Description</title>
26
27    <para><command>systemd-boot</command> (short: <command>sd-boot</command>) is a simple UEFI boot
28    manager. It provides a textual menu to select the entry to boot and an editor for the kernel command
29    line. <command>systemd-boot</command> supports systems with UEFI firmware only.</para>
30
31    <para><command>systemd-boot</command> loads boot entry information from the EFI system partition (ESP),
32    usually mounted at <filename>/efi/</filename>, <filename>/boot/</filename>, or
33    <filename>/boot/efi/</filename> during OS runtime, as well as from the Extended Boot Loader partition
34    (XBOOTLDR) if it exists (usually mounted to <filename>/boot/</filename>). Configuration file fragments,
35    kernels, initrds and other EFI images to boot generally need to reside on the ESP or the Extended Boot
36    Loader partition. Linux kernels must be built with <option>CONFIG_EFI_STUB</option> to be able to be
37    directly executed as an EFI image. During boot <command>systemd-boot</command> automatically assembles a
38    list of boot entries from the following sources:</para>
39
40    <itemizedlist>
41      <listitem><para>Boot entries defined with <ulink
42      url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink> Type #1
43      description files located in <filename>/loader/entries/</filename> on the ESP and the Extended Boot
44      Loader Partition. These usually describe Linux kernel images with associated initrd images, but
45      alternatively may also describe other arbitrary EFI executables.</para></listitem>
46
47      <listitem><para>Unified kernel images, <ulink url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot
48      Loader Specification</ulink> Type #2, which are executable EFI binaries in
49      <filename>/EFI/Linux/</filename> on the ESP and the Extended Boot Loader Partition.</para></listitem>
50
51      <listitem><para>The Microsoft Windows EFI boot manager, if installed.</para></listitem>
52
53      <listitem><para>The Apple macOS boot manager, if installed.</para></listitem>
54
55      <listitem><para>The EFI Shell binary, if installed.</para></listitem>
56
57      <listitem><para>A reboot into the UEFI firmware setup option, if supported by the firmware.</para></listitem>
58    </itemizedlist>
59
60    <para><command>systemd-boot</command> supports the following features:</para>
61
62    <itemizedlist>
63      <listitem><para>Basic boot manager configuration changes (such as timeout
64      configuration, default boot entry selection, …) may be made directly from the boot loader UI at
65      boot-time, as well as during system runtime with EFI variables.</para></listitem>
66
67      <listitem><para>The boot manager integrates with the <command>systemctl</command> command to implement
68      features such as <command>systemctl reboot --boot-loader-entry=…</command> (for rebooting into a
69      specific boot menu entry, i.e. "reboot into Windows") and <command>systemctl reboot
70      --boot-loader-menu=…</command> (for rebooting into the boot loader menu), by implementing the <ulink
71      url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>. See
72      <citerefentry><refentrytitle>systemctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> for
73      details.</para></listitem>
74
75      <listitem><para>An EFI variable set by the boot loader informs the OS about the EFI System Partition used
76      during boot. This is then used to automatically mount the correct EFI System Partition to
77      <filename>/efi/</filename> or <filename>/boot/</filename> during OS runtime. See
78      <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
79      for details.</para></listitem>
80
81      <listitem><para>The boot manager provides information about the boot time spent in UEFI firmware using
82      the <ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>. This
83      information can be displayed using
84      <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>.
85      </para></listitem>
86
87      <listitem><para>The boot manager implements boot counting and automatic fallback to older, working boot
88      entries on failure. See <ulink url="https://systemd.io/AUTOMATIC_BOOT_ASSESSMENT">Automatic Boot
89      Assessment</ulink>.</para></listitem>
90
91      <listitem><para>The boot manager optionally reads a random seed from the ESP partition, combines it
92      with a 'system token' stored in a persistent EFI variable and derives a random seed to use by the OS as
93      entropy pool initialization, providing a full entropy pool during early boot.</para></listitem>
94    </itemizedlist>
95
96    <para><citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>
97    may be used from a running system to locate the ESP and the Extended Boot Loader Partition, list
98    available entries, and install <command>systemd-boot</command> itself.</para>
99
100    <para><citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry>
101    may be used to copy kernel images onto the ESP or the Extended Boot Loader Partition and to generate
102    description files compliant with the Boot Loader
103    Specification.</para>
104
105    <para><citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry>
106    may be used as UEFI boot stub for executed kernels, which is useful to show graphical boot splashes
107    before transitioning into the Linux world. It is also capable of automatically picking up auxiliary
108    credential files (for boot parameterization) and system extension images, as companion files to the
109    booted kernel images.</para>
110  </refsect1>
111
112  <refsect1>
113    <title>Key bindings</title>
114    <para>The following keys may be used in the boot menu:</para>
115
116    <!-- Developer commands Q/v/Ctrl+l deliberately not advertised. -->
117
118    <variablelist>
119      <varlistentry>
120        <term><keycap>↑</keycap> (Up)</term>
121        <term><keycap>↓</keycap> (Down)</term>
122        <term><keycap>j</keycap></term>
123        <term><keycap>k</keycap></term>
124        <term><keycap>PageUp</keycap></term>
125        <term><keycap>PageDown</keycap></term>
126        <term><keycap>Home</keycap></term>
127        <term><keycap>End</keycap></term>
128        <listitem><para>Navigate up/down in the entry list</para></listitem>
129      </varlistentry>
130
131      <varlistentry>
132        <term><keycap>↵</keycap> (Enter)</term>
133        <term><keycap>→</keycap> (Right)</term>
134        <listitem><para>Boot selected entry</para></listitem>
135      </varlistentry>
136
137      <varlistentry>
138        <term><keycap>d</keycap></term>
139        <listitem><para>Make selected entry the default</para></listitem>
140      </varlistentry>
141
142      <varlistentry>
143        <term><keycap>e</keycap></term>
144        <listitem><para>Edit the kernel command line for selected entry</para></listitem>
145      </varlistentry>
146
147      <varlistentry>
148        <term><keycap>+</keycap></term>
149        <term><keycap>t</keycap></term>
150        <listitem><para>Increase the timeout before default entry is booted</para></listitem>
151      </varlistentry>
152
153      <varlistentry>
154        <term><keycap>-</keycap></term>
155        <term><keycap>T</keycap></term>
156        <listitem><para>Decrease the timeout</para></listitem>
157      </varlistentry>
158
159      <varlistentry>
160        <term><keycap>r</keycap></term>
161        <listitem><para>Change screen resolution, skipping any unsupported modes.</para></listitem>
162      </varlistentry>
163
164      <varlistentry>
165        <term><keycap>R</keycap></term>
166        <listitem><para>Reset screen resolution to firmware or configuration file default.</para></listitem>
167      </varlistentry>
168
169      <varlistentry>
170        <term><keycap>p</keycap></term>
171        <listitem><para>Print status</para></listitem>
172      </varlistentry>
173
174      <varlistentry>
175        <term><keycap>h</keycap></term>
176        <term><keycap>?</keycap></term>
177        <term><keycap>F1</keycap></term>
178        <listitem><para>Show a help screen</para></listitem>
179      </varlistentry>
180
181      <varlistentry>
182        <term><keycap>f</keycap></term>
183        <listitem><para>Reboot into firmware interface.</para>
184
185        <para>For compatibility with the keybindings of several firmware implementations this operation
186        may also be reached with <keycap>F2</keycap>, <keycap>F10</keycap>, <keycap>Del</keycap> and
187        <keycap>Esc</keycap>.</para></listitem>
188      </varlistentry>
189    </variablelist>
190
191    <para>The following keys may be pressed during bootup or in the boot menu to directly boot a specific
192    entry:</para>
193
194    <variablelist>
195      <varlistentry>
196        <term><keycap>l</keycap></term>
197        <listitem><para>Linux</para></listitem>
198      </varlistentry>
199
200      <varlistentry>
201        <term><keycap>w</keycap></term>
202        <listitem><para>Windows</para></listitem>
203      </varlistentry>
204
205      <varlistentry>
206        <term><keycap>a</keycap></term>
207        <listitem><para>macOS</para></listitem>
208      </varlistentry>
209
210      <varlistentry>
211        <term><keycap>s</keycap></term>
212        <listitem><para>EFI shell</para></listitem>
213      </varlistentry>
214
215      <varlistentry>
216        <term><keycap>1</keycap></term>
217        <term><keycap>2</keycap></term>
218        <term><keycap>3</keycap></term>
219        <term><keycap>4</keycap></term>
220        <term><keycap>5</keycap></term>
221        <term><keycap>6</keycap></term>
222        <term><keycap>7</keycap></term>
223        <term><keycap>8</keycap></term>
224        <term><keycap>9</keycap></term>
225        <listitem><para>Boot entry number 1 … 9</para></listitem>
226      </varlistentry>
227    </variablelist>
228
229    <para>The boot menu is shown when a non-zero menu timeout has been configured. If the menu timeout has
230    been set to zero, it is sufficient to press any key — before the boot loader initializes — to bring up
231    the boot menu, except for the keys listed immediately above as they directly boot into the selected boot
232    menu item. Note that depending on the firmware implementation the time window where key presses are
233    accepted before the boot loader initializes might be short. If the window is missed, reboot and try
234    again, possibly pressing a suitable key (e.g. the space bar) continuously; on most systems it should be
235    possible to hit the time window after a few attempts. To avoid this problem, consider setting a non-zero
236    timeout, thus showing the boot menu unconditionally. Some desktop environments might offer an option to
237    directly boot into the boot menu, to avoid the problem altogether. Alternatively, use the command line
238    <command>systemctl reboot --boot-loader-menu=0</command> from the shell.</para>
239
240    <para>In the editor, most keys simply insert themselves, but the following keys
241    may be used to perform additional actions:</para>
242
243    <variablelist>
244      <varlistentry>
245        <term><keycap>←</keycap> (Left)</term>
246        <term><keycap>→</keycap> (Right)</term>
247        <term><keycap>Home</keycap></term>
248        <term><keycap>End</keycap></term>
249        <listitem><para>Navigate left/right</para></listitem>
250      </varlistentry>
251
252      <varlistentry>
253        <term><keycap>Esc</keycap></term>
254        <listitem><para>Abort the edit and quit the editor</para></listitem>
255      </varlistentry>
256
257      <varlistentry>
258        <term><keycombo><keycap>Ctrl</keycap><keycap>k</keycap></keycombo></term>
259        <listitem><para>Clear the command line</para></listitem>
260      </varlistentry>
261
262      <varlistentry>
263        <term><keycombo><keycap>Ctrl</keycap><keycap>w</keycap></keycombo></term>
264        <term><keycombo><keycap>Alt</keycap><keycap>Backspace</keycap></keycombo></term>
265        <listitem><para>Delete word backwards</para></listitem>
266      </varlistentry>
267
268      <varlistentry>
269        <term><keycombo><keycap>Alt</keycap><keycap>d</keycap></keycombo></term>
270        <listitem><para>Delete word forwards</para></listitem>
271      </varlistentry>
272
273      <varlistentry>
274        <term><keycap>↵</keycap> (Enter)</term>
275        <listitem><para>Boot entry with the edited command line</para></listitem>
276      </varlistentry>
277    </variablelist>
278
279    <para>Note that unless configured otherwise in the UEFI firmware, systemd-boot will
280    use the US keyboard layout, so key labels might not match for keys like +/-.
281    </para>
282  </refsect1>
283
284  <refsect1>
285    <title>Files</title>
286
287    <para>The files <command>systemd-boot</command> processes generally reside on the UEFI ESP which is
288    usually mounted to <filename>/efi/</filename>, <filename>/boot/</filename> or
289    <filename>/boot/efi/</filename> during OS runtime. It also processes files on the Extended Boot Loader
290    partition which is typically mounted to <filename>/boot/</filename>, if it
291    exists.</para>
292
293    <para><command>systemd-boot</command> reads runtime configuration such as the boot timeout and default
294    entry from <filename>/loader/loader.conf</filename> on the ESP (in combination with data read from EFI
295    variables). See
296    <citerefentry><refentrytitle>loader.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>.</para>
297
298    <para>Boot entry description files following the <ulink
299    url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink> are read from
300    <filename>/loader/entries/</filename> on the ESP and the Extended Boot Loader partition.</para>
301
302    <para>Unified kernel boot entries following the <ulink
303    url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink> are read from
304    <filename>/EFI/Linux/</filename> on the ESP and the Extended Boot Loader partition.</para>
305
306    <para>Optionally, a random seed for early boot entropy pool provisioning is stored in
307    <filename>/loader/random-seed</filename> in the ESP.</para>
308
309    <para>During initialization, <command>sd-boot</command> automatically loads all driver files placed in
310    the <filename>/EFI/systemd/drivers/</filename> directory of the ESP. The files placed there must have an
311    extension of the EFI architecture ID followed by <filename>.efi</filename> (e.g. for x86-64 this means a
312    suffix of <filename>x64.efi</filename>). This may be used to automatically load file system drivers and
313    similar, to extend the native firmware support.</para>
314  </refsect1>
315
316  <refsect1>
317    <title>EFI Variables</title>
318
319    <para>The following EFI variables are defined, set and read by <command>systemd-boot</command>, under the
320    vendor UUID <literal>4a67b082-0a4c-41cf-b6c7-440b29bb8c4f</literal>, for communication between the boot
321    loader and the OS:</para>
322
323    <variablelist class='efi-variables'>
324      <varlistentry>
325        <term><varname>LoaderBootCountPath</varname></term>
326        <listitem><para>If boot counting is enabled, contains the path to the file in whose name the boot counters are
327        encoded. Set by the boot
328        loader. <citerefentry><refentrytitle>systemd-bless-boot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
329        uses this information to mark a boot as successful as determined by the successful activation of the
330        <filename>boot-complete.target</filename> target unit.</para></listitem>
331      </varlistentry>
332
333      <varlistentry>
334        <term><varname>LoaderConfigTimeout</varname></term>
335        <term><varname>LoaderConfigTimeoutOneShot</varname></term>
336        <listitem><para>The menu timeout in seconds. Read by the boot loader. <varname>LoaderConfigTimeout</varname>
337        is maintained persistently, while <varname>LoaderConfigTimeoutOneShot</varname> is a one-time override which is
338        read once (in which case it takes precedence over <varname>LoaderConfigTimeout</varname>) and then
339        removed. <varname>LoaderConfigTimeout</varname> may be manipulated with the
340        <keycap>t</keycap>/<keycap>T</keycap> keys, see above.</para></listitem>
341      </varlistentry>
342
343      <varlistentry>
344        <term><varname>LoaderDevicePartUUID</varname></term>
345
346        <listitem><para>Contains the partition UUID of the EFI System Partition the boot loader was run from. Set by
347        the boot
348        loader. <citerefentry><refentrytitle>systemd-gpt-auto-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>
349        uses this information to automatically find the disk booted from, in order to discover various other partitions
350        on the same disk automatically.</para></listitem>
351      </varlistentry>
352
353      <varlistentry>
354        <term><varname>LoaderEntries</varname></term>
355
356        <listitem><para>A list of the identifiers of all discovered boot loader entries. Set by the boot
357        loader.</para></listitem>
358      </varlistentry>
359
360      <varlistentry>
361        <term><varname>LoaderEntryDefault</varname></term>
362        <term><varname>LoaderEntryOneShot</varname></term>
363
364        <listitem><para>The identifier of the default boot loader entry. Set primarily by the OS and read by the boot
365        loader. <varname>LoaderEntryOneShot</varname> sets the default entry for the next boot only, while
366        <varname>LoaderEntryDefault</varname> sets it persistently for all future
367        boots. <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
368        <option>set-default</option> and <option>set-oneshot</option> commands make use of these variables. The boot
369        loader modifies <varname>LoaderEntryDefault</varname> on request, when the <keycap>d</keycap> key is used, see
370        above.</para></listitem>
371      </varlistentry>
372
373      <varlistentry>
374        <term><varname>LoaderEntrySelected</varname></term>
375
376        <listitem><para>The identifier of the boot loader entry currently being booted. Set by the boot
377        loader.</para></listitem>
378      </varlistentry>
379
380      <varlistentry>
381        <term><varname>LoaderFeatures</varname></term>
382
383        <listitem><para>A set of flags indicating the features the boot loader supports. Set by the boot loader. Use
384        <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this
385        data.</para></listitem>
386      </varlistentry>
387
388      <varlistentry>
389        <term><varname>LoaderFirmwareInfo</varname></term>
390        <term><varname>LoaderFirmwareType</varname></term>
391
392        <listitem><para>Brief firmware information. Set by the boot loader. Use
393        <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this
394        data.</para></listitem>
395      </varlistentry>
396
397      <varlistentry>
398        <term><varname>LoaderImageIdentifier</varname></term>
399
400        <listitem><para>The path of executable of the boot loader used for the current boot, relative to the EFI System
401        Partition's root directory. Set by the boot loader. Use
402        <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this
403        data.</para></listitem>
404      </varlistentry>
405
406      <varlistentry>
407        <term><varname>LoaderInfo</varname></term>
408
409        <listitem><para>Brief information about the boot loader. Set by the boot loader. Use
410        <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry> to view this
411        data.</para></listitem>
412      </varlistentry>
413
414      <varlistentry>
415        <term><varname>LoaderTimeExecUSec</varname></term>
416        <term><varname>LoaderTimeInitUSec</varname></term>
417        <term><varname>LoaderTimeMenuUsec</varname></term>
418
419        <listitem><para>Information about the time spent in various parts of the boot loader. Set by the boot
420        loader. Use <citerefentry><refentrytitle>systemd-analyze</refentrytitle><manvolnum>1</manvolnum></citerefentry>
421        to view this data. </para></listitem>
422      </varlistentry>
423
424      <varlistentry>
425        <term><varname>LoaderRandomSeed</varname></term>
426
427        <listitem><para>A binary random seed <command>systemd-boot</command> may optionally pass to the
428        OS. This is a volatile EFI variable that is hashed at boot from the combination of a random seed
429        stored in the ESP (in <filename>/loader/random-seed</filename>) and a "system token" persistently
430        stored in the EFI variable <varname>LoaderSystemToken</varname> (see below). During early OS boot the
431        system manager reads this variable and passes it to the OS kernel's random pool, crediting the full
432        entropy it contains. This is an efficient way to ensure the system starts up with a fully initialized
433        kernel random pool — as early as the initial RAM disk phase. <command>systemd-boot</command> reads
434        the random seed from the ESP, combines it with the "system token", and both derives a new random seed
435        to update in-place the seed stored in the ESP, and the random seed to pass to the OS from it via
436        SHA256 hashing in counter mode. This ensures that different physical systems that boot the same
437        "golden" OS image — i.e. containing the same random seed file in the ESP — will still pass a
438        different random seed to the OS. It is made sure the random seed stored in the ESP is fully
439        overwritten before the OS is booted, to ensure different random seed data is used between subsequent
440        boots.</para>
441
442        <para>See <ulink url="https://systemd.io/RANDOM_SEEDS">Random Seeds</ulink> for
443        further information.</para></listitem>
444      </varlistentry>
445
446      <varlistentry>
447        <term><varname>LoaderSystemToken</varname></term>
448
449        <listitem><para>A binary random data field, that is used for generating the random seed to pass to
450        the OS (see above). Note that this random data is generally only generated once, during OS
451        installation, and is then never updated again.</para></listitem>
452      </varlistentry>
453    </variablelist>
454
455    <para>Many of these variables are defined by the <ulink
456    url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>.</para>
457  </refsect1>
458
459  <refsect1>
460    <title>Boot Counting</title>
461
462    <para><command>systemd-boot</command> implements a simple boot counting mechanism on top of the <ulink
463    url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink>, for automatic and unattended
464    fallback to older kernel versions/boot loader entries when a specific entry continuously fails. Any boot loader
465    entry file and unified kernel image file that contains a <literal>+</literal> followed by one or two numbers (if
466    two they need to be separated by a <literal>-</literal>), before the <filename>.conf</filename> or
467    <filename>.efi</filename> suffix is subject to boot counting: the first of the two numbers ('tries left') is
468    decreased by one on every boot attempt, the second of the two numbers ('tries done') is increased by one (if 'tries
469    done' is absent it is considered equivalent to 0). Depending on the current value of these two counters the boot
470    entry is considered to be in one of three states:</para>
471
472    <orderedlist>
473      <listitem><para>If the 'tries left' counter of an entry is greater than zero the entry is considered to be in
474      'indeterminate' state. This means the entry has not completed booting successfully yet, but also hasn't been
475      determined not to work.</para></listitem>
476
477      <listitem><para>If the 'tries left' counter of an entry is zero it is considered to be in 'bad' state. This means
478      no further attempts to boot this item will be made (that is, unless all other boot entries are also in 'bad'
479      state), as all attempts to boot this entry have not completed successfully.</para></listitem>
480
481      <listitem><para>If the 'tries left' and 'tries done' counters of an entry are absent it is considered to be in
482      'good' state. This means further boot counting for the entry is turned off, as it successfully booted at least
483      once. The
484      <citerefentry><refentrytitle>systemd-bless-boot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
485      service moves the currently booted entry from 'indeterminate' into 'good' state when a boot attempt completed
486      successfully.</para></listitem>
487    </orderedlist>
488
489    <para>Generally, when new entries are added to the boot loader, they first start out in 'indeterminate' state,
490    i.e. with a 'tries left' counter greater than zero. The boot entry remains in this state until either it managed to
491    complete a full boot successfully at least once (in which case it will be in 'good' state) — or the 'tries left'
492    counter reaches zero (in which case it will be in 'bad' state).</para>
493
494    <para>Example: let's say a boot loader entry file <filename>foo.conf</filename> is set up for 3 boot tries. The
495    installer will hence create it under the name <filename>foo+3.conf</filename>. On first boot, the boot loader will
496    rename it to <filename>foo+2-1.conf</filename>. If that boot does not complete successfully, the boot loader will
497    rename it to <filename>foo+1-2.conf</filename> on the following boot. If that fails too, it will finally be renamed
498    <filename>foo+0-3.conf</filename> by the boot loader on next boot, after which it will be considered 'bad'. If the
499    boot succeeds however the entry file will be renamed to <filename>foo.conf</filename> by the OS, so that it is
500    considered 'good' from then on.</para>
501
502    <para>The boot menu takes the 'tries left' counter into account when sorting the menu entries: entries in 'bad'
503    state are ordered at the beginning of the list, and entries in 'good' or 'indeterminate' at the end. The user can
504    freely choose to boot any entry of the menu, including those already marked 'bad'. If the menu entry to boot is
505    automatically determined, this means that 'good' or 'indeterminate' entries are generally preferred (as the bottom
506    item of the menu is the one booted by default), and 'bad' entries will only be considered if there are no 'good' or
507    'indeterminate' entries left.</para>
508
509    <para>The <citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry> kernel
510    install framework optionally sets the initial 'tries left' counter to the value specified in
511    <filename>/etc/kernel/tries</filename> when a boot loader entry is first created.</para>
512  </refsect1>
513
514  <refsect1>
515    <title>See Also</title>
516    <para>
517      <citerefentry><refentrytitle>bootctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>,
518      <citerefentry><refentrytitle>loader.conf</refentrytitle><manvolnum>5</manvolnum></citerefentry>,
519      <citerefentry><refentrytitle>systemd-bless-boot.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
520      <citerefentry><refentrytitle>systemd-boot-system-token.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
521      <citerefentry><refentrytitle>kernel-install</refentrytitle><manvolnum>8</manvolnum></citerefentry>,
522      <citerefentry><refentrytitle>systemd-stub</refentrytitle><manvolnum>7</manvolnum></citerefentry>,
523      <ulink url="https://systemd.io/BOOT_LOADER_SPECIFICATION">Boot Loader Specification</ulink>,
524      <ulink url="https://systemd.io/BOOT_LOADER_INTERFACE">Boot Loader Interface</ulink>
525    </para>
526  </refsect1>
527</refentry>
528