5861b00 Manpage update by job 1024897
~nabijaczleweli pushed to ~nabijaczleweli/klapki git
EFI boot manager; or, well, an EFI bootorder compiler.
You need to boot Linux somehow, but you don't really need any EFI-side code to do it if you configure your kernel right and have something tell the firmware about it. This is that something.
klapki stores neither code nor data (well, except the kernel and initrds) on the ESP, making it SecureBoot-compatible out-of-box, and instead generates entries for the host's kernels and manages them during their lifetime from the host itself.
Because of this, entries for each host can be trivially placed anywhere in the boot order (in the screenshot they're at {bootpos 1}
, preceded by the "zoot" entry).
As seen in the screenshot, additional boot variants (just "graphical" in that case) are also supported, generating another entry for each kernel;
OVMF doesn't show it, but the difference can be seen from this listing of /etc/klapki/cmdline
used to generate those entries
(the description is a tad verbose to match convention):
#!/bin/sh
echo root=ZFS=zoot/root
[ "$2" = "graphical" ] || echo console=ttyS0
The second screenshot goes for the radical
#!/bin/sh
echo root=zfs:AUTO intel_iommu=on zfs.zfs_arc_max=85899345920 "$2"
You'll need libssl-dev
, libefi{var,boot}-dev
, catch2
, libfmt-dev
and make
should hopefully Just Work™ if you have a C++17-capable compiler.
catch2
and libfmt-dev
are searched via pkg-config
as catch2
/fmt
if available, or in $ADDITIONAL_INCLUDE_DIR
/$ADDITIONAL_LINK_DIR
.
mandoc
is required for HTML manpages. Set MANDOC=true
when building to remove this dependency.
Note that klapki
uses Linux-specific sendfile()
, and as such building it will fail on other systems.
Upstream libefivar only supports Linux anyway
(and FreeBSD carries a port, though the usefulness of this within any classic UNIX distribution is doubtful).
Copy out/klapki
to /sbin
and write a /etc/klapki/{description,cmdline}
, as seen in the manual.
The following line in /etc/apt/sources.list
or equivalent:
deb [signed-by=/etc/apt/keyrings/nabijaczleweli.asc] https://debian.nabijaczleweli.xyz sid main
With my PGP key (the two URLs are interchangeable):
sudo wget -O/etc/apt/keyrings/nabijaczleweli.asc https://debian.nabijaczleweli.xyz/nabijaczleweli.gpg.key
sudo wget -O/etc/apt/keyrings/nabijaczleweli.asc https://nabijaczleweli.xyz/pgp.txt
(you may need to create /etc/apt/keyrings on apt <2.4.0 (<=bullseye) manually).
Then the usual
sudo apt update
sudo apt install klapki
will work on amd64, x32, and i386.
See the repository README for more information.
Remove the variable corresponding to the host under the klapki GUID (a8a9ad3a-f831-11ea-946d-674ccd7415cc
).
For example, on Linux, with host "zoot":
chattr -i /sys/firmware/efi/efivars/zoot-a8a9ad3a-f831-11ea-946d-674ccd7415cc
rm /sys/firmware/efi/efivars/zoot-a8a9ad3a-f831-11ea-946d-674ccd7415cc
This will abandon any previously-managed entries by removing all state, so either run {delkernel ver}
for all versions you had registered beforehand,
or remove the entries and files later with efibootmgr(8)
/EFI shell/the firmware UI.
There's the tracker, but also see the list below.
Send a patch inline, as an attachment, or a git link and a ref to pull from to the list (~nabijaczleweli/klapki@lists.sr.ht) or me directly. I'm not picky, just please include the repo name in the subject prefix.
Please use the tracker, the list, or mastussy (formerly Twitter).
To all who support further development on Patreon, in particular: