efibootmgr
manipulate the UEFI boot manager
Table of Contents
1. efibootmgr - manipulate the UEFI Boot Manager
The "Unified Extensible Firmware Interface" is a specification for software interfaces between the firmware and the operation system. It has replaced the legacy-bios and is capable of secureboot features. So far so good… But the time may come when you wish to change your UEFI-boot-order or get rid of some old entiries. There's a handy tool for exactly this purpose, called efibootmgr.
From reading through the manpages, efibootmgr is a userspace application used to modify the UEFI Boot Manager.
Which means, it gives us the opportunity to manipulate the efi bootorder or create and delete UEFI-boot entries. This is great :)
1.1. Installation
On my t460s I am running gentoo, so I just executed emerge -va sys-boot/efibootmgr, to install this package1:
* sys-boot/efibootmgr
Latest version available: 16
Latest version installed: 16
Size of files: 36 KiB
Homepage: https://github.com/rhinstaller/efibootmgr
Description: User-space application to modify the EFI boot manager
License: GPL-2
On debian-based systems you should be able to run something like sudo apt install efibootmgr to install it – if it isn't installed by default.
(on CentOS systems you probaply type yum install efibootmgr, I suppose)
1.2. Usage
1.2.1. See entries / get informations
If you run efibootmgr without any options2, you might get a output similar to this one:
$ efibootmgr BootCurrent: 0002 Timeout: 2 seconds BootOrder: 0002,0017,0018,0019,001A,001B,001C,0021,0003 Boot0002* gentoo Boot0003* Linux-Firmware-Updater Boot0010 Setup Boot0011 Boot Menu Boot0012 Diagnostic Splash Screen Boot0013 Lenovo Diagnostics Boot0014 Startup Interrupt Menu Boot0015 Rescue and Recovery Boot0016 MEBx Hot Key Boot0017* USB CD Boot0018* USB FDD Boot0019* NVMe0 Boot001A* ATA HDD0 Boot001B* USB HDD Boot001C* PCI LAN Boot001D* IDER BOOT CDROM Boot001E* IDER BOOT Floppy Boot001F* ATA HDD Boot0020* ATAPI CD Boot0021* PCI LAN
When using the -v (--verbose) option, we get a more detialed overview:
$ efibootmgr --verbose BootCurrent: 0002 Timeout: 2 seconds BootOrder: 0002,0017,0018,0019,001A,001B,001C,0021,0003 Boot0002* gentoo HD(2,GPT,ef123e3c-e202-993b-9357-67b491def4cc,0x1800,0x40000)/File(\EFI\gentoo\grubx64.efi) Boot0003* Linux-Firmware-Updater HD(2,GPT,ef123e3c-e202-993b-9357-67b491def4cc,0x1800,0x40000)/File(\EFI\gentoo\fwupdx64.efi) Boot0010 Setup FvFile(ef123e3c-e202-993b-9357-67b491def4cc) Boot0011 Boot Menu FvFile(ef123e3c-e202-993b-9357-67b491def4cc) Boot0012 Diagnostic Splash Screen FvFile(ef123e3c-e202-993b-9357-67b491def4cc) Boot0013 Lenovo Diagnostics FvFile(ef123e3c-e202-993b-9357-67b491def4cc) Boot0014 Startup Interrupt Menu FvFile(ef123e3c-e202-993b-9357-67b491def4cc) Boot0015 Rescue and Recovery FvFile(ef123e3c-e202-993b-9357-67b491def4cc) Boot0016 MEBx Hot Key FvFile(ef123e3c-e202-993b-9357-67b491def4cc) Boot0017* USB CD VenMsg(ef123e3c-e202-993b-9357-67b491def4cc,12345678901234567890123456789012) Boot0018* USB FDD VenMsg(ef123e3c-e202-993b-9357-67b491def4cc,12345678901234567890123456789012) Boot0019* NVMe0 VenMsg(ef123e3c-e202-993b-9357-67b491def4cc,12345678901234567890123456789012) Boot001A* ATA HDD0 VenMsg(ef123e3c-e202-993b-9357-67b491def4cc,12345678901234567890123456789012) Boot001B* USB HDD VenMsg(ef123e3c-e202-993b-9357-67b491def4cc,12345678901234567890123456789012) Boot001C* PCI LAN VenMsg(ef123e3c-e202-993b-9357-67b491def4cc,12345678901234567890123456789012) Boot001D* IDER BOOT CDROM PciRoot(0x0)/Pci(0x16,0x2)/Ata(0,1,0) Boot001E* IDER BOOT Floppy PciRoot(0x0)/Pci(0x16,0x2)/Ata(0,0,0) Boot001F* ATA HDD VenMsg(ef123e3c-e202-993b-9357-67b491def4cc,12345678901234567890123456789012) Boot0020* ATAPI CD VenMsg(ef123e3c-e202-993b-9357-67b491def4cc,12345678901234567890123456789012) Boot0021* PCI LAN VenMsg(ef123e3c-e202-993b-9357-67b491def4cc,12345678901234567890123456789012)
1.2.2. Delete entries
As you can see in the examples above, I deleted the two first entries Boot0001 and Boot0000.
I did this by running efbootmgr -B -b 0000 and efibootmgr -B -b 0001 :)
According to efibootmgr --help the two options I'm using are:
-B | --delete-bootnum delete bootnum
to say that I want to delete a boot entry. And:
-b | --bootnum XXXX modify BootXXXX (hex)
to say which one I want to erase.
This felt pretty straight forward to me…
1.2.3. Create new entries
To create an entry you would use options similar to these:
efibootmgr --create --part 2 --disk /dev/nvme0n1p2 --loader "\EFI\gentoo\grub64.efi" --label "test-entry"
The commandline options used are:
-c | --create create new variable bootnum and add to bootorder
to say that we want to create a new entry,
-p | --part part (defaults to 1) containing loader
to define number of the partition the .efi file is located,
-d | --disk disk (defaults to /dev/sda) containing loader
to tell the device containing the .efi file,
-l | --loader name (defaults to "\EFI\Gentoo\grub.efi")
to set the path where the .efi file is located, and finaly
-L | --label label Boot manager display label (defaults to "Linux")
to set a label for the entry.
1.2.4. Miscellaneous
There are a lot of neat other options like setting the timeout:
-t | --timeout seconds set boot manager timeout waiting for user input.
or even deleting it:
-T | --delete-timeout delete Timeout.
You can clean up your BootOrder by deleting duplicates:
-D | --remove-dups remove duplicate values from BootOrder
or set a new BootOrder:
-o | --bootorder XXXX,YYYY,ZZZZ,... explicitly set BootOrder (hex)
you are able to set the BootNext parameter to try a certain bootentry once and lots of other cool stuff :)
1.3. Conclusion
I think efibootmgr is a great and handy tool which is worth sharing with you. :)
Of course given that you are able to use it – have the kernel options compiled or the module loaded.
Firmware Drivers --->
EFI (Extensible Firmware Interface) Support --->
<*> EFI Variable Support via sysfs
Footnotes:
I am using the -v (--verbose) and the -a (--ask) options here. The first one to see which Flags will be used. Most of the times I want to change them so I answer No when emerge asks me.
So this is why I'm using -a. You could even use -p (--pretend) to see the flags, change them and run emerge without these options.
Note: you need to have aproriate rights to run efibootmgr. You may have to use su -c 'efbootmgr' or sudo efibootmgr to gain these rights.