#klapki

EFI boot manager; or, well, an EFI bootorder compiler.

#Manpage (PDF)

#What?

You need to boot Linux somehow, but you don't really need any EFI-side code to do it if you configure your kernel right and have something tell the firmware about it. This is that something.

klapki stores neither code nor data (well, except the kernel and initrds) on the ESP, making it SecureBoot-compatible out-of-box, and instead generates entries for the host's kernels and manages them during their lifetime from the host itself.

Because of this, entries for each host can be trivially placed anywhere in the boot order (in the screenshot they're at {bootpos 1}, preceded by the "zoot" entry).

As seen in the screenshot, additional boot variants (just "graphical" in that case) are also supported, generating another entry for each kernel; OVMF doesn't show it, but the difference can be seen from this listing of /etc/klapki/cmdline used to generate those entries (the description is a tad verbose to match convention):

#!/bin/sh
echo root=ZFS=zoot/root
[ "$2" = "graphical" ] || echo console=ttyS0

The second screenshot goes for the radical

#!/bin/sh
echo root=zfs:AUTO intel_iommu=on zfs.zfs_arc_max=85899345920 "$2"

#Building

You'll need libssl-dev, libefi{var,boot}-dev, catch2, libfmt-dev and make should hopefully Just Work™ if you have a C++17-capable compiler.

catch2 and libfmt-dev are searched via pkg-config as catch2/fmt if available, or in $ADDITIONAL_INCLUDE_DIR/$ADDITIONAL_LINK_DIR.

mandoc is required for HTML manpages. Set MANDOC=true when building to remove this dependency.

Note that klapki uses Linux-specific sendfile(), and as such building it will fail on other systems. Upstream libefivar only supports Linux anyway (and FreeBSD carries a port, though the usefulness of this within any classic UNIX distribution is doubtful).

#Installation

Copy out/klapki to /sbin and write a /etc/klapki/{description,cmdline}, as seen in the manual.

#From Debian repository

The following line in /etc/apt/sources.list or equivalent:

deb [signed-by=/etc/apt/keyrings/nabijaczleweli.asc] https://debian.nabijaczleweli.xyz sid main

With my PGP key (the two URLs are interchangeable):

sudo wget -O/etc/apt/keyrings/nabijaczleweli.asc https://debian.nabijaczleweli.xyz/nabijaczleweli.gpg.key
sudo wget -O/etc/apt/keyrings/nabijaczleweli.asc https://nabijaczleweli.xyz/pgp.txt

(you may need to create /etc/apt/keyrings on apt <2.4.0 (<=bullseye) manually).

Then the usual

sudo apt update
sudo apt install klapki

will work on amd64, x32, and i386.

See the repository README for more information.

#Uninstallation

Remove the variable corresponding to the host under the klapki GUID (a8a9ad3a-f831-11ea-946d-674ccd7415cc).

For example, on Linux, with host "zoot":

chattr -i /sys/firmware/efi/efivars/zoot-a8a9ad3a-f831-11ea-946d-674ccd7415cc
rm        /sys/firmware/efi/efivars/zoot-a8a9ad3a-f831-11ea-946d-674ccd7415cc

This will abandon any previously-managed entries by removing all state, so either run {delkernel ver} for all versions you had registered beforehand, or remove the entries and files later with efibootmgr(8)/EFI shell/the firmware UI.

#Reporting bugs

There's the tracker, but also see the list below.

#Contributing

Send a patch inline, as an attachment, or a git link and a ref to pull from to the list (~nabijaczleweli/klapki@lists.sr.ht) or me directly. I'm not picky, just please include the repo name in the subject prefix.

#Discussion

Please use the tracker, the list, or mastussy (formerly Twitter).

#Special thanks

To all who support further development on Patreon, in particular:

• ThePhD
• Embark Studios
• Jasper Bekkers