Switch to systemd-boot for raw-efi builds

Signed-off-by: Chris Irrgang <chris.irrgang@gmx.de>
2026-04-02 20:22:20 +00:00 · 2025-10-31 12:29:26 +01:00
parent 238449c2d6
commit 804d52374e
4 changed files with 65 additions and 23 deletions
--- a/tools/mkimage-raw-efi/Dockerfile
+++ b/tools/mkimage-raw-efi/Dockerfile
@@ -1,4 +1,4 @@
-FROM linuxkit/grub:4582464453cd3136c7e64d6ec747c4869d771af0 AS grub
+FROM linuxkit/systemd-boot:1e21eeea040fa7c55553e54d7d9f14d8ff75a24a AS systemd-boot

 FROM linuxkit/alpine:7f3944798557de5518a56e3437d7ed982701f224 AS mirror
 RUN mkdir -p /out/etc/apk && cp -r /etc/apk/* /out/etc/apk/
@@ -12,12 +12,13 @@ RUN apk add --no-cache --initdb -p /out \
  sfdisk \
  sgdisk \
  xfsprogs \
+  py3-pefile \
  && true
 RUN mv /out/etc/apk/repositories.upstream /out/etc/apk/repositories

 FROM scratch
 WORKDIR /
 COPY --from=mirror /out/ /
-COPY --from=grub /BOOT*.EFI /usr/local/share/
+COPY --from=systemd-boot . .
 COPY . .
 ENTRYPOINT [ "/make-efi" ]
--- a/tools/mkimage-raw-efi/make-efi
+++ b/tools/mkimage-raw-efi/make-efi
@@ -14,14 +14,20 @@ ESP_FILE=$PWD/boot.img



-# get the GRUB2 boot file name
+# get the systemd boot file name
 ARCH=${TARGETARCH:-`uname -m`}
 case $ARCH in
 x86_64)
-  BOOTFILE=BOOTX64.EFI
+  BOOTFILE_SRC=/usr/lib/systemd/boot/efi/systemd-bootx64.efi
+  BOOTFILE_DST=BOOTX64.EFI
  ;;
 aarch64)
-  BOOTFILE=BOOTAA64.EFI
+  BOOTFILE_SRC=/usr/lib/systemd/boot/efi/systemd-bootaa64.efi
+  BOOTFILE_DST=BOOTAA64.EFI
+  ;;
+riscv64)
+  BOOTFILE_SRC=/usr/lib/systemd/boot/efi/systemd-bootriscv64.efi
+  BOOTFILE_DST=BOOTRISCV64.EFI
  ;;
 esac

@@ -39,22 +45,26 @@ INITRD="$(find . -name '*.img')"
 KERNEL="./kernel"
 CMDLINE_FILE="$(find . -name cmdline)"
 CMDLINE="$(cat $CMDLINE_FILE )"
+UKI_FILE="linuxkit.efi"
+
+# this is displayed as boot loader entry name
+OS_RELEASE="NAME=\"LinuxKit\""

 # PARTUUID for root
 PARTUUID=$(cat /proc/sys/kernel/random/uuid)

-cp /usr/local/share/$BOOTFILE .
+cp $BOOTFILE_SRC $BOOTFILE_DST

-mkdir -p EFI/BOOT
-cat >> EFI/BOOT/grub.cfg <<EOF
-set timeout=0
-set gfxpayload=text
-menuentry 'LinuxKit ISO Image' {
-	linux /kernel ${CMDLINE} text
-  initrd /initrd.img
-}
+cat >> loader/loader.conf <<EOF
+timeout 0
 EOF

+ukify build --linux=$KERNEL \
+            --initrd=$INITRD \
+            --cmdline="$CMDLINE text" \
+            --os-release=$OS_RELEASE \
+            --output=$UKI_FILE
+
 # FAT filesystem config
 FAT_SIZE=32
 SECTOR_SIZE=512
@@ -63,13 +73,12 @@ SECTORS_PER_CLUSTER=8
 RESERVED_SECTORS=32

 # calculate sizes
-KERNEL_FILE_SIZE=$(stat -c %s "$KERNEL")
-INITRD_FILE_SIZE=$(stat -c %s "$INITRD")
-EFI_FILE_SIZE=$(stat -c %s "$BOOTFILE")
-GRUB_FILE_SIZE=$(stat -c %s EFI/BOOT/grub.cfg)
+UKI_FILE_SIZE=$(stat -c %s "$UKI_FILE")
+EFI_FILE_SIZE=$(stat -c %s "$BOOTFILE_DST")
+SYSTEMD_BOOT_FILE_SIZE=$(stat -c %s loader/loader.conf)

 # this is the minimum size of our EFI System Partition
-ESP_DATA_SIZE=$(( $KERNEL_FILE_SIZE + $INITRD_FILE_SIZE + $EFI_FILE_SIZE + $GRUB_FILE_SIZE ))
+ESP_DATA_SIZE=$(( $UKI_FILE_SIZE + $EFI_FILE_SIZE + $SYSTEMD_BOOT_FILE_SIZE ))
 ESP_DATA_SECTORS=$(( $ESP_DATA_SIZE / $SECTOR_SIZE ))

 # File Allocation Table Sectors = (clusters + 2) * bytes per cluster / sector size
@@ -94,10 +103,11 @@ mkfs.vfat -v -F $FAT_SIZE -S $SECTOR_SIZE -s $SECTORS_PER_CLUSTER -R $RESERVED_S
 echo "mtools_skip_check=1" >> /etc/mtools.conf && \
 mmd -i $ESP_FILE ::/EFI
 mmd -i $ESP_FILE ::/EFI/BOOT
-mcopy -i $ESP_FILE $BOOTFILE ::/EFI/BOOT/
-mcopy -i $ESP_FILE EFI/BOOT/grub.cfg ::/EFI/BOOT/
-mcopy -i $ESP_FILE $KERNEL ::/
-mcopy -i $ESP_FILE $INITRD ::/
+mmd -i $ESP_FILE ::/EFI/Linux
+mmd -i $ESP_FILE ::/loader
+mcopy -i $ESP_FILE $BOOTFILE_DST ::/EFI/BOOT/
+mcopy -i $ESP_FILE $UKI_FILE ::/EFI/Linux/
+mcopy -i $ESP_FILE loader/loader.conf ::/loader


 # now make our actual filesystem image
--- a/tools/systemd-boot/Dockerfile
+++ b/tools/systemd-boot/Dockerfile
@@ -0,0 +1,26 @@
+FROM --platform=linux/amd64 linuxkit/alpine:7f3944798557de5518a56e3437d7ed982701f224 AS alpine-amd64
+RUN apk add --no-cache systemd-boot systemd-efistub
+
+FROM --platform=linux/arm64 linuxkit/alpine:7f3944798557de5518a56e3437d7ed982701f224 AS alpine-arm64
+RUN apk add --no-cache systemd-boot systemd-efistub
+
+FROM --platform=linux/riscv64 linuxkit/alpine:7f3944798557de5518a56e3437d7ed982701f224 AS alpine-riscv64
+WORKDIR /work
+ADD https://github.com/systemd/systemd.git#v258.1 .
+RUN apk add --no-cache bash meson build-base coreutils gperf libcap-dev py3-jinja2 py3-elftools
+# patch for musl libc
+RUN find src/boot -type f -exec sed -i s/wchar_t/uint16_t/g {} \;
+RUN meson setup --reconfigure -Defi=true -Dbootloader=enabled builddir && meson compile -C builddir systemd-boot
+
+FROM scratch
+ENTRYPOINT []
+WORKDIR /
+COPY --from=alpine-amd64 /usr/lib/systemd/boot/efi/* /usr/lib/systemd/boot/efi/
+COPY --from=alpine-arm64 /usr/lib/systemd/boot/efi/* /usr/lib/systemd/boot/efi/
+
+COPY --from=alpine-riscv64 /work/builddir/src/boot/*.efi.stub /usr/lib/systemd/boot/efi/
+COPY --from=alpine-riscv64 /work/builddir/src/boot/*.elf.stub /usr/lib/systemd/boot/efi/
+COPY --from=alpine-riscv64 /work/builddir/src/boot/*.efi /usr/lib/systemd/boot/efi/
+
+# this is just a non-platform specific python file so we only need it once for all architectures
+COPY --from=alpine-riscv64 --chmod=755 /work/src/ukify/ukify.py /usr/sbin/ukify
--- a/tools/systemd-boot/build.yml
+++ b/tools/systemd-boot/build.yml
@@ -0,0 +1,5 @@
+image: systemd-boot
+arches:
+  - arm64
+  - amd64
+  - riscv64