Logo

Archboot Home | Gallery | Donate

2024 Fundraise: 0% 0% 100%

© 2006 - 2024 | Tobias Powalowski | Arch Linux Developer tpowa
Last update: 15.11.2024 07:48

1. Introduction

Archboot is a most advanced, modular Arch Linux boot/install image creation utility to generate
reproducible bootable media for UKI/CD/USB/PXE, designed for installation or rescue operation.
The additional ISOs and UKIs focus on being small, fast and (power)user friendly.

2. Releases

Arch Linux Distribution Release B2SUM Archive Forum
ARM - aarch641 Packages Check Browse Check
RISC-V - riscv642 Packages Check Browse
X64 - x86_643 Packages Check Browse Check

1 Supports aarch64, Apple Mac M1 and higher for virtual machines eg. Parallels Desktop, UTM and VMware
2 Supports riscv64 and needs U-Boot to launch. Recommended only for testing in a virtual machine.
3 Supports x86_64. Use it for real machines and/or virtual machines.

Location Main Mirrors Download
United States - MA archboot.com aarch64 | riscv64 | x86_64
Europe - France archboot.eu aarch64 | riscv64 | x86_64
Asia - Indonesia archboot.net aarch64 | riscv64 | x86_64
Location User Hosted Mirrors Download
Germany pagenotfound.de aarch64 | riscv64 | x86_64

2.1 ISO / Initrd / UKI Types

Type RAM
to boot
WiFi
support
LAN
support
Package cache
for installation
date 830M
date-latest 2300M local DHCP
server needed
>= 4G RAM
needed
date-local 3000M

2.2 ISO Boot Modes

Boot Mode AARCH64 RISCV64 X86_64
UEFI/UEFI_CD
booting with GRUB
UEFI_MIX*
booting with GRUB
Secure Boot
with the included
fedora signed shim
MBR BIOS
with GRUB
MBR
with U-Boot

* Firmware 32bit / OS 64bit

2.3 ISO Writing To USB / CD

A hybrid image file is a standard CD/DVD-burnable image and also a raw disk image.

Use this command with USB thumb drive:
# dd if=<image> of=/dev/<device> bs=1M

3. Features In A Nutshell

3.1 Secure Boot - MOK / Machine Owner Key

Caveat:
  • This method is intended to use for dual booting with Windows, without losing the Secure Boot benefits for Windows.
  • This method will not make your system more secure.
  • It installs the fedora's signed shim, which is not controlled by Arch Linux and breaks the concept of Secure Boot as is.

Please read Roderick Smith’s guide for initial shim setup first.

The included tools for key management: mokutil, sbsigntools, sbctl and mkkeys.sh

3.1.1 Secure Boot - ISO Booting

On initial Secure Boot setup MOK manager is launched:

Add the hash of grub and kernel from ISO in MOK manager:
/EFI/BOOT/GRUB<ARCH>.EFI and /boot/vmlinuz-<ARCH>

3.1.2 Secure Boot - Automatic Setup Routine

The setup script supports the following Secure Boot layout:

3.1.3 Secure Boot - Manual Create MOK

Create and backup your own keys with Microsoft certificates:
# secureboot-keys.sh -name=<yournametoembed> <directory>

3.1.4 Secure Boot - Reset MOK

In order to reset the MOK setup:

Reset MOK:
# mokutil --reset

3.2 Terminal Access

3.2.1 Virtual Consoles - VCs

VC 1-4 VC 5 VC 6 VC 11 VC 12
Usage Login Consoles Network Status System Status Log Messages Systemd Journal
Terminal Keys ALT+F1-F4 ALT+F5 ALT+F6 ALT+F11 ALT+F12
Graphical Keys CTRL+ALT+F1-F6 CTRL+ALT+F5 CTRL+ALT+F6 CTRL+ALT+F11 CTRL+ALT+F12

Use left/right SUPER | Windows | Command | Search | Apple key or ALT+ or ALT+ to toggle consoles.

3.2.2 Serial Console

Serial console is enabled on ttyS0, ttyAMA0 and ttyUSB0.

3.3 Remote Terminal Access

3.3.1 OpenSSH Terminal

Access the terminal with OpenSSH.

Parameter Value
Default Key embedded in Release.txt or
$ /etc/archboot/ssh/archboot-key
Default Passphrase Archboot
Port 11838
Connect with ssh as root user (don't touch users known_hosts file):
$ ssh -i <yourkeyfile> -p 11838 -o StrictHostKeychecking=no \ -o UserKnownHostsFile=/dev/null root@archboot.local

GNU screen is launched on login and last session will be reattached.

3.3.2 HTTP Browser Terminal - TTYD

Parameter Value
Favourite Browser http://archboot.local:7681
Default Passphrase Archboot

GNU screen is launched on login and last session will be reattached.

3.4 Interactive Basic Setup

The interactive scripts are launched on first login.

3.4.1 Localization

Your locale, console font and keymap will be configured by the localize script.

3.4.2 Network Configuration (Online Mode)

3.4.3 Clock Configuration

3.4.4 Pacman Setup (Online Mode)

Pacman will be configured by the pacsetup script.

3.5 Interactive Launcher

3.5.1 Launch Desktop Environment / Remote VNC Access

Gnome, Plasma, Sway and Xfce are supported.

VNC Client
Connect archboot.local
Xorg Password archboot
Wayland Password <none>

3.5.2 Manage Archboot Environment

3.5.2.1 Full Arch Linux System
3.5.2.2 Update Archboot Environment
3.5.2.3 Create New Images

3.6 Interactive Setup

3.6.1 Prepare Storage Drive

3.6.2 Install Packages

3.6.3 Configure System

3.6.4 Install Bootloader

3.7 For Experts: Quickinst Installation

Quickinst experts installation:
# quickinst <directory>

3.8 For Experts: CLI Manage Environment

You can always bump your image to latest available possibilities.

For all options use:
# update -help

3.9 For Experts: Custom Autorun Script

A custom autorun script at the end of bootup can be executed with the following options:

3.10 Tools For Backup And Copying Of An Existing System

Archboot provides 2 additional scripts for doing those tasks.

internal backup / copying using tar:
# copy-mountpoint.sh -h
internal or external backup / copying using rsync:
# rsync-backup.sh -h

3.11 Restoring An USB Device To FAT32 State

Attention: This will render all data on your device inaccessible!
# restore-usbstick.sh <device>

3.12 Clean Blockdevice

You can use clean-blockdevice.sh for cleaning partition table and filesystem signatures of any blockdevice.

Attention: This will render all data on your device inaccessible!
# clean-blockdevice.sh <device(s)>

3.13 System Configuration On Installed System

You can also run archboot-setup.sh for system configuration on an installed system.

Install your corresponding Archboot package for getting the archboot-setup.sh script.

4. FAQ / Known Issues / Limitations

Please check the forum threads or project page for posted fixes and workarounds.

Get latest fixes from GIT:
# update -update

5. Comparison To Archiso Image

Archboot Archiso
Developer(s) tpowa arch-releng team
Arch Install Scripts
Interactive Basic Setup / Installation
Archinstall
Unified Kernel Image
UKI system provided
Secure Boot MOK support
with Microsoft certificates
supported by fedora's signed shim
OpenSSH public key support
HTTP Browser Terminal - TTYD
Systemd on early userspace
Offline installation support1
Internal update feature
Accessibility support
Mobile broadband modem
management service (modemmanager)
EXT2/3, F2FS, JFS, NILFS support
BCACHEFS support
Swap File Support
Default Shell Switch
Bash or Zsh
Man/Info Pages
Real Machine boot to prompt2 37 seconds 79 seconds
Virtual Machine boot to prompt3 17 seconds 21 seconds
Virtual Machine systemd-analyze3 16 seconds 56 seconds
Minimum RAM to boot in MiB3 800 560
Free RAM on system in MiB3 3000 2700
Imagesize in MiB 277 - 1034 1210
ROOTFS size in MiB 820 1900
ROOTFS packages 227 403
ROOTFS Type Btrfs on ZRAM Squashfs
Default Shell Bash Zsh
Nano editor with syntax highlighting
Neovim editor with lastplace plugin
Detect high resolution screen size
Show journal on Virtual Console 12
Enable windowkeys on Virtual Consoles
Text browser Elinks Lynx
Text browser preconfigured
Chromium browser
Firefox browser
GParted partitioner
Gnome desktop
KDE/Plasma desktop
Sway Wayland compositor
Xfce desktop
VNC installation support
Rust CLI Tools:
3cpio, bandwhich, bat, bottom,
choose, dog, dust, dysk, eza, fd,
fzf, miniserve, netscanner, ouch,
procs, ripgrep, rustscan, sd,
trippy, zoxide
Default Font Terminus
Release build speed 4 min 58 sec
3 ISOs & 3 UKIs
5 min 56 sec
1 ISO
Image assembling grub-mkrescue xorriso
UEFI bootloader Grub Systemd-boot
BIOS bootloader Grub Syslinux
Reproducibility
Easy custom live CD creation

★ Optional | 1 Only local image | 2 Acer R11 Chromebook 4GB RAM

3 QEMU (4GB RAM, kvm and virtio backend), normal image

6. Development: GIT And Bugtracker

7. Package - Repository / Installation / Usage

Add archboot repository to /etc/pacman.conf:
[archboot]
# United States
Server = https://pkg.archboot.com
# Europe
Server = https://pkg.archboot.eu
# Asia
Server = https://pkg.archboot.net

If you want to build aarch64 or riscv64 images replace x86_64 with the architecture of your choice in the commands and files below.

7.1 Create Rescue System Out Of The Running System

Create the initrd with your chosen profile:
# archboot-cpio.sh -c /etc/archboot/<profile>.conf -g initrd.img

Add your used kernel and initrd to your bootloader.

7.2 Create Image Files

7.2.1 Requirement

In order to build images you will need around 3G free space on disk.

7.2.2 Create Image Files Without Modifications

This script creates every installation media with latest available core/extra packages and boot/ directory with kernel and initrds.

Custom OpenSSH Key: Place your public key to /etc/archboot/ssh/archboot-key.pub
Building a new release:
# archboot-x86_64-release.sh <directory>
Rebuilding a release (reproducibility):
# sed -n '12,19p' Release.txt >archboot.key
# chmod 600 archboot.key
# ssh-keygen -f archboot.key -y archboot-pub.key
# Enter passphrase: Archboot
# mv archboot{,-pub}.key /etc/archboot/ssh/
# archboot-x86_64-release.sh <directory> \
https://source.archboot.com/release/x86_64/latest/

7.2.3 Create Image Files With Modifications:

Explanation of the image tools / toolchain.

7.2.3.1 archboot-x86_64-create-container.sh

Create an Archboot container for image creation:
# archboot-x86_64-create-container.sh <directory>
To enter the container run:
# systemd-nspawn -D <directory>

Modify your container to your needs. Then run archboot-x86_64-iso.sh for image creation in container.

7.2.3.2 Configuration Files For Image Creation:

There are the following configuration files for ISO creation:

7.2.3.3 archboot-cpio.sh

The Archboot initramfs toolchain uses its own cpio generator. Some differences to other initcpio creators: Concatenated Cpio Initramfs Layout:

3cpio can be used to examine/extract/list the initramfs files.

Part Function
1 All directories
2 All already compressed files
3 ZSTD compressed rootfs
Options supported in /etc/archboot/<profile>.conf files:
Option Explanation
_KERNEL="" defines used kernel
_HOOKS=() Array that defines the used hooks
Functions supported in /usr/lib/archboot/cpio/hooks/<hook> files:
Function Explanation
_map <function> <args> redo <function> on <args>
_dir <directory> Only creates <directory> on <rootfs>
_full_dir <directory> Copies the <full directory> as is to <rootfs>
_binary <binary> Adds <binary> to rootfs, PATH is added,
libraries are detected, symlinks are resolved
_file <file> Adds <file> as is to rootfs, symlinks are resolved
_file_rename <file> <file_rootfs> Adds <file> as is to rootfs <file_rootfs>
_symlink <linkname> <linkedfile> Adds symlink <linkname> to <linkedfile> on <rootfs>
_mod <module> Adds kernel <module> to <rootfs>
_all_mods -f <exclude_pattern> <pattern> Adds all kernel modules <pattern> to <rootfs>,
use -f flag to exclude modules

7.2.3.4 archboot-x86_64-iso.sh

Script for ISO creation from running system or for use in Archboot container.

ISO Type Run command:
Normal # archboot-x86_64-iso.sh -g
Latest # archboot-x86_64-iso.sh -p=x86_64-latest -g
Local # archboot-x86_64-iso.sh -p=x86_64-local -g

7.2.3.5 archboot-x86_64-uki.sh

Script for UKI creation from running system or for use in Archboot container.

UKI Type Run command:
Normal # archboot-x86_64-uki.sh -g
Latest # archboot-x86_64-uki.sh -p=x86_64-latest -g
Local # archboot-x86_64-uki.sh -p=x86_64-local -g

7.3. Setting Up An Image Server

7.3.1 Requirements

7.3.2 Configuration File

You need to configure all your settings in the configuration file: /etc/archboot/defaults

7.3.3 Running Commands

7.3.3.1 X86_64 Architecture

Create server release:
# archboot-x86_64-server-release.sh

7.3.3.2 Aarch64/Riscv64 Architecture

Create pacman container tarball:
# archboot-pacman-aarch64-container.sh <build-directory>
# archboot-pacman-riscv64-container.sh <build-directory>

Afterwards you only have to run for each release:

Create server release:
# archboot-aarch64-server-release.sh
# archboot-riscv64-server-release.sh

7.3.3.3 Automatic Server Update

The /etc/archboot/server-update.conf file defines architectures and update trigger packages.

Enable systemd timer at 02:00:00 AM:
# systemctl enable archboot-server-update.timer
# systemctl start archboot-server-update.timer

You can skip the automatic generation, by adding a MASK file to the directory, which includes the containers.

8. Testing Image And Files With QEMU

You can run QEMU tests at different stages of ISO creation.

8.1 Running AARCH64:

Install the edk2-aarch64 package.

UEFI GPT mode:
$ qemu-system-aarch64 -drive file=<isofile>,if=virtio,format=raw \
-usb -boot d -bios /usr/share/edk2/aarch64/QEMU_EFI.fd \
-machine virt -cpu cortex-a57 -device virtio-gpu-pci \
-device nec-usb-xhci -device usb-tablet \
-device usb-kbd -m <memory>

8.2 Running RISCV64:

MBR mode:
$ qemu-system-riscv64 -M virt \
-kernel /usr/share/archboot/u-boot/qemu-riscv64_smode/uboot.elf \
-device virtio-gpu-pci -device virtio-net-device,netdev=eth0 \
-netdev user,id=eth0,hostfwd=tcp::2222-:22 \
-device nec-usb-xhci -device usb-tablet -device usb-kbd \
-object rng-random,filename=/dev/urandom,id=rng \
-device virtio-rng-device,rng=rng \
-drive file=<yourimage>,if=virtio,format=raw -m <memory>

Use ssh root@localhost -p 2222 to connect to machine from your running host.

8.3 Running X86_64:

8.3.1 Running Kernel, BIOS MBR, UEFI GPT Without Secure Boot:

kernel and initrd testing:
$ qemu-system-x86_64 -kernel <kernel> -initrd <initrd> \
-append "rootfstype=ramfs" \
--enable-kvm -usb -usbdevice tablet -m <memory>
BIOS MBR mode:
$ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \
-usb -usbdevice tablet --enable-kvm -boot d -m <memory>
64bit UEFI / 64bit running system:
$ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \
-usb -usbdevice tablet --enable-kvm -boot d \
drive if=pflash,format=raw,readonly=on,file=/usr/share/edk2/x64/OVMF_CODE.4m.fd -m <memory>
32bit UEFI / 64bit running system:
$ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \
-usb -usbdevice tablet --enable-kvm -boot d \
drive if=pflash,format=raw,readonly=on,file=/usr/share/edk2/ia32/OVMF_CODE.4m.fd -m <memory>

8.3.2 UEFI GPT Secure Boot

Copy OVMF_VARS.secboot_<arch>.fd to a place the user has access to it:
# cp /usr/share/archboot/ovmf/OVMF_VARS_x64.secboot.fd <directory> # cp /usr/share/archboot/ovmf/OVMF_VARS_ia32.secboot.fd <directory>

The file already includes a basic set of keys from fedora ovmf package.

64bit UEFI / 64bit running system:
$ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \
-usb -usbdevice tablet --enable-kvm -boot d \
-drive if=pflash,format=raw,readonly=on,\
file=/usr/share/archboot/ovmf/OVMF_CODE.secboot_x64.fd \
-drive if=pflash,format=raw,file=OVMF_VARS_x64.secboot.fd \
-global driver=cfi.pflash01,property=secure,value=on \
-machine q35,smm=on,accel=kvm \
-global ICH9-LPC.disable_s3=1 -m <memory>
32bit UEFI / 64bit running system:
$ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \
-usb -usbdevice tablet --enable-kvm -boot d \
-drive if=pflash,format=raw,readonly=on,\
file=/usr/share/archboot/ovmf/OVMF_CODE.secboot_ia32.fd \
-drive if=pflash,format=raw,file=OVMF_VARS_ia32.secboot.fd \
-global driver=cfi.pflash01,property=secure,value=on \
-machine q35,smm=on,accel=kvm \
-global ICH9-LPC.disable_s3=1 -m <memory>

8.4 Additional Qemu Parameters

KVM virtio network for tap0:
-device virtio-net-device,netdev=eth0 \
-netdev tap,id=eth0,ifname=tap0,script=no,downscript=no
KVM virtio harddisk:
-drive file=yourimagefile,if=virtio,format=raw
QXL Video device with 800x600 resolution:
-device qxl-vga,xres=800,yres=600

8.5 Setting Up A Hwsim SSID

Start a hwsid SSID for wireless testing purposes:
# archboot-hwsim.sh <SSID>

9. Arch Linux Wiki

11. Videos

12. History

13. References