Archboot Home | Gallery |

2024 Fundraise: 0% 0% 100%

© 2006 - 2024 | Tobias Powalowski | Arch Linux Developer tpowa
Last update: 15.11.2024 07:48

1. Introduction

Archboot is a most advanced, modular Arch Linux boot/install image creation utility to generate
reproducible bootable media for UKI/CD/USB/PXE, designed for installation or rescue operation.
The additional ISOs and UKIs focus on being small, fast and (power)user friendly.

2. Releases

Latest News, Changelog, Build Sources
Automatic Release System: Packages for triggering a new release are listed here.
Hybrid images, Unified Kernel Images, Kernels, Initrd, and Microcodes are provided.
PGP KEY: 5B7E 3FB7 1B7F 1032 9A1C 03AB 771D F662 7EDF 681F for file verification is provided.
Supported Glibc Locales: be, bg, cs, da, de, en, el, es, fi, fr, hu, it, lt, lv, mk, nl, nn, pl, pt, ro, ru, sk, sr, sv, tr, uk

Arch Linux Distribution	Release	B2SUM	Archive	Forum
ARM - aarch64¹	Packages	Check	Browse	Check
RISC-V - riscv64²	Packages	Check	Browse
X64 - x86_64³	Packages	Check	Browse	Check

¹ Supports aarch64, Apple Mac M1 and higher for virtual machines eg. Parallels Desktop, UTM and VMware
² Supports riscv64 and needs U-Boot to launch. Recommended only for testing in a virtual machine.
³ Supports x86_64. Use it for real machines and/or virtual machines.

Location	Main Mirrors	Download
United States - MA	archboot.com	aarch64 \| riscv64 \| x86_64
Europe - France	archboot.eu	aarch64 \| riscv64 \| x86_64
Asia - Indonesia	archboot.net	aarch64 \| riscv64 \| x86_64

Location	User Hosted Mirrors	Download
Germany	pagenotfound.de	aarch64 \| riscv64 \| x86_64

The Unified Kernel Image / UKI can be booted from your UEFI firmware or bootloader like any other <EFI> file.
For rescue booting, add an entry pointing to the Kernel, Initrd, Microcode to your bootloader.
For PXE booting, add the Kernel, Initrd and Microcode to your TFTP setup.

2.1 ISO / Initrd / UKI Types

Type	RAM to boot	WiFi support	LAN support	Package cache for installation
*date*	830M	✔	✔	✖
date-latest	2300M	✖	local DHCP server needed	>= 4G RAM needed
date-local	3000M	✔	✔	✔

During boot, all ethernet network interfaces will try to obtain an IP address through DHCP, except -local image files.
With a fast ethernet internet connection and a running DHCP server, go for the latest image.
If your system holds at least 4G RAM the package cache will be preserved.
Without an internet connection you should use the local image. It includes a local package repository for installation.
It will not use any network interfaces/services, until you explicitly switch to Online mode.

2.2 ISO Boot Modes

Boot Mode	AARCH64	RISCV64	X86_64
UEFI/UEFI_CD booting with GRUB	✔	✖	✔
UEFI_MIX* booting with GRUB	✖	✖	✔
Secure Boot with the included fedora signed shim	✔	✖	✔
MBR BIOS with GRUB	✖	✖	✔
MBR with U-Boot	✖	✔	✖

* Firmware 32bit / OS 64bit

2.3 ISO Writing To USB / CD

A hybrid image file is a standard CD/DVD-burnable image and also a raw disk image.

Can be burned to CD/DVD(RW) media using most CD Burning utilities.
Can be raw-written to a drive using dd or similar utilities.

Use this command with USB thumb drive:
`# dd if=<image> of=/dev/<device> bs=1M`

In Rufus for Windows use dd-Mode to write the image.
Power users might consider using a Ventoy boot stick. One stick to boot everything, without reformat the stick all the time.

3. Features In A Nutshell

3.1 Secure Boot - MOK / Machine Owner Key

Caveat:
This method is intended to use for dual booting with Windows, without losing the Secure Boot benefits for Windows. This method will not make your system more secure. It installs the fedora's signed shim, which is not controlled by Arch Linux and breaks the concept of Secure Boot as is.

Please read Roderick Smith’s guide for initial shim setup first.

The included tools for key management: mokutil, sbsigntools, sbctl and mkkeys.sh

3.1.1 Secure Boot - ISO Booting

On initial Secure Boot setup MOK manager is launched:

Add the hash of grub and kernel from ISO in MOK manager:
/EFI/BOOT/GRUB<ARCH>.EFI and /boot/vmlinuz-<ARCH>

3.1.2 Secure Boot - Automatic Setup Routine

The setup script supports the following Secure Boot layout:

The fedora's signed shim is copied to the installed system
Creating of new keys is supported
Using existing keys from /etc/secureboot/keys in layout secureboot-keys.sh produces
MOK setup is done with personal MOK keys
Adding a pacman hook for automatic signing with personal keys
On first boot you need to enroll the used personal key as MOK.
Then your installed system is dual boot ready.

3.1.3 Secure Boot - Manual Create MOK

Create and backup your own keys with Microsoft certificates:
`# secureboot-keys.sh -name=<yournametoembed> <directory>`

3.1.4 Secure Boot - Reset MOK

In order to reset the MOK setup:

Turn off Secure Boot in firmware
Boot the system and use mokutil to reset the setup.

Reset MOK:
`# mokutil --reset`

Reboot and turn on Secure Boot again in firmware.
Start again at point 3.1.1.

3.2 Terminal Access

3.2.1 Virtual Consoles - VCs

	VC 1-4	VC 5	VC 6	VC 11	VC 12
Usage	Login Consoles	Network Status	System Status	Log Messages	Systemd Journal
Terminal Keys	ALT+F1-F4	ALT+F5	ALT+F6	ALT+F11	ALT+F12
Graphical Keys	CTRL+ALT+F1-F6	CTRL+ALT+F5	CTRL+ALT+F6	CTRL+ALT+F11	CTRL+ALT+F12

Use left/right SUPER | Windows | Command | Search | Apple key or ALT+⇽ or ALT+⇾ to toggle consoles.

3.2.2 Serial Console

Serial console is enabled on ttyS0, ttyAMA0 and ttyUSB0.

3.3 Remote Terminal Access

3.3.1 OpenSSH Terminal

Access the terminal with OpenSSH.

Parameter	Value
Default Key	embedded in Release.txt or `$ /etc/archboot/ssh/archboot-key`
Default Passphrase	Archboot
Port	11838

Connect with ssh as root user (don't touch users known_hosts file):
`$ ssh -i <yourkeyfile> -p 11838 -o StrictHostKeychecking=no \ -o UserKnownHostsFile=/dev/null root@archboot.local`

GNU screen is launched on login and last session will be reattached.

3.3.2 HTTP Browser Terminal - TTYD

Access the ttyd terminal in your browser.
Attention: The connection is not encrypted!

Parameter	Value
Favourite Browser	http://archboot.local:7681
Default Passphrase	Archboot

GNU screen is launched on login and last session will be reattached.

3.4 Interactive Basic Setup

The interactive scripts are launched on first login.

3.4.1 Localization

Your locale, console font and keymap will be configured by the localize script.

3.4.2 Network Configuration (Online Mode)

Your network will be configured by the network script.
Your network will be configured by systemd-networkd.
Your wifi network will be authentificated by iwd.

3.4.3 Clock Configuration

Your timezone and date will be configured by the clock script.
In Online Mode the timezone will be configured by your GeoIP and timesyncd will be activated.

3.4.4 Pacman Setup (Online Mode)

Pacman will be configured by the pacsetup script.

You will be asked if you want to activate the testing repositories <default=no>.
Latest pacman mirrors will be GeoIP synced and you have to select your favourite mirror.
If a new kernel is online available, you can decide to load the latest Archboot Environment <default=no>.

3.5 Interactive Launcher

The interactive launcher script for quick navigation is launched on first login.
You can go straight to setup, launch desktop environment, do environment management or leave to shell.

3.5.1 Launch Desktop Environment / Remote VNC Access

Gnome, Plasma, Sway and Xfce are supported.

On Xorg environments VNC is automatically launched.
- Edit /etc/archboot/defaults to change default vnc password.
On Wayland environments VNC is only available in Sway.
- On MacOS/Windows you can use RealVNC for passwordless login.

	VNC Client
Connect	`archboot.local`
Xorg Password	`archboot`
Wayland Password	`<none>`

3.5.2 Manage Archboot Environment

3.5.2.1 Full Arch Linux System

The Archboot system is stripped down to minimal space usage.
Though perl, python, man/info pages, includes, additional kernel modules (eg. sound)
and other things are not provided by default.
This will also stop cleaning the system, while running other update tasks.

3.5.2.2 Update Archboot Environment

The Archboot Environment will be updated to latest packages.
Depending on the available RAM, you will get the new system with or without package cache.
The new system will be booted through kexec.

3.5.2.3 Create New Images

You will get new images with latest packages.

3.6 Interactive Setup

The interactive setup script is used for installation.
You can run each menu point for doing the mentioned task.
You can cancel each running point by hitting CTRL-C.
If you do a fresh install, it is recommended to run each point in the order as presented.

3.6.1 Prepare Storage Drive

You prepare your storage drive, filesystems and define your mountpoints.
Quick Setup, manual partitioning, GUID (GPT) support, MBR (BIOS) support,
Advanced Format 4k sector drive support etc.
Persistent block device naming support: PARTUUID, PARTLABEL, SD_GPT_AUTO_GENERATOR, UUID, LABEL and KERNEL
Creation of software RAID, RAID_partitions, LVM devices and LUKS encrypted devices
Supports standard linux, RAID, RAID_partitions, dmraid/fakeraid, LVM and LUKS encrypted devices
Filesystem support: BCACHEFS, BTRFS, Ext4, XFS, VFAT

3.6.2 Install Packages

You can modify the packages to install in /etc/archboot/defaults.
Pacman will install the packages for the first boot to your storage drive.
Autoconfiguration of basic system will be done:
Locale, Linux console, Bash, Keymap, Timezone, Fstab, SSD performance, Swap performance, Systemd,
Pacman, Network, Crypttab and Mdadm

3.6.3 Configure System

You set the root password.
Choose your early userspace setup: busybox or systemd
Preconfiguration of mkinitcpio.conf and KMS mode is done by the hwdetect script
Choose your text editor: Nano or Neovim
Configuration of basic system:
User Management, Linux console, locale.conf, Locale, fstab, mkinitcpio.conf, modprobe.conf,
hostname, resolv.conf, hosts, mirrors, pacman.conf

3.6.4 Install Bootloader

You configure your preferred bootloader.
Microcode and other needed programs will be installed automatically.
GPT UEFI supported bootloaders: GRUB, Limine, rEFInd, Systemd-boot, Unified Kernel Image
MBR BIOS supported bootloaders: GRUB, Limine
Secure Boot supports only shim signed by fedora with GRUB
The selected bootloader will be installed to your system and you can modify the configuration file(s) afterwards.
Pacman hooks for automatic bootloader upgrade will be enabled by default.

3.7 For Experts: Quickinst Installation

This script is for experts, who assemble the filesystems first and mount them in a directory.
quickinst will autodetect the packages to install for a minimal system.

Quickinst experts installation:
`# quickinst <directory>`

3.8 For Experts: CLI Manage Environment

You can always bump your image to latest available possibilities.

For all options use:
`# update -help`

3.9 For Experts: Custom Autorun Script

A custom autorun script at the end of bootup can be executed with the following options:

Customization at runtime:
Remote scripts can be inserted with autorun=<remotepath> on bootloader commandline.
Any remote path curl can handle is supported. Local image does not support that feature.
Customization at build time:
/etc/archboot/run/autorun.sh will be inserted into the images.

3.10 Tools For Backup And Copying Of An Existing System

Archboot provides 2 additional scripts for doing those tasks.

internal backup / copying using tar:
`# copy-mountpoint.sh -h`

internal or external backup / copying using rsync:
`# rsync-backup.sh -h`

3.11 Restoring An USB Device To FAT32 State

When you have used the .iso image to create an USB installer, your USB stick is no longer useful for anything else.
Any remaining space on the stick (supposing you used a larger-than the .img file) is inaccessible.
Check carefully which device actually is your USB stick.

Attention: This will render all data on your device inaccessible!
`# restore-usbstick.sh <device>`

3.12 Clean Blockdevice

You can use clean-blockdevice.sh for cleaning partition table and filesystem signatures of any blockdevice.

Attention: This will render all data on your device inaccessible!
`# clean-blockdevice.sh <device(s)>`

3.13 System Configuration On Installed System

You can also run archboot-setup.sh for system configuration on an installed system.

Install your corresponding Archboot package for getting the archboot-setup.sh script.

4. FAQ / Known Issues / Limitations

Please check the forum threads or project page for posted fixes and workarounds.

Get latest fixes from GIT:
`# update -update`

The screen stays blank or other weird screen issues happen?
Some hardware does not like the KMS activation. Use one of the following kernel parameters:
radeon.modeset=0, i915.modeset=0, amdgpu.modeset=0 or nouveau.modeset=0

Your system hangs during the boot process?
Any combinations of the following kernel parameters may be useful:
noapic, nolapic, acpi=off, pci=routeirq, pci=nosmp or pci=nomsi

Package XYZ is missing in Archboot Environment.
Install the missing package as needed. For example, archinstall is not included by default.
It needs python3, which is a large dependency.

Ventoy boot does not load kernel modules / errors out.
Workaround: Do not store more than one Archboot ISO with the same kernel on disk.

Parallels Desktop might have keyboard issues.
Workaround: Use COMMAND+TAB to switch out of the VM and reactivate the parallels window.

UTM does not work with Apple virtualization.
The AARCH64 kernel does not seem to support this feature. This cannot be fixed on Archboot side.

dmraid/fakeraid/biosraid might not work on some boards.
mdadm only supports some isw and ddf fakeraid chipsets.

How much RAM is needed to boot <EFI> or <INITRD>?
The calculated size to boot the image follows the formula:
Initrd + Kernel + Unpackedkernel + Unpackedinitrd = minimum RAM to boot

5. Comparison To Archiso Image

	Archboot	Archiso
Developer(s)	tpowa	arch-releng team
Arch Install Scripts	✔	✔
Interactive Basic Setup / Installation	✔	✖
Archinstall	✖	✔
Unified Kernel Image UKI system provided	✔	✖
Secure Boot MOK support with Microsoft certificates supported by fedora's signed shim	✔	✖
OpenSSH public key support	✔	✖
HTTP Browser Terminal - TTYD	✔	✖
Systemd on early userspace	✔	✖
Offline installation support¹	✔	✖
Internal update feature	✔	✖
Accessibility support	✖	✔
Mobile broadband modem management service (modemmanager)	✖	✔
EXT2/3, F2FS, JFS, NILFS support	✖	✔
BCACHEFS support	✔	✖
Swap File Support	✔	✖
Default Shell Switch Bash or Zsh	✔	✖
Man/Info Pages	★	✔
Real Machine boot to prompt²	37 seconds	79 seconds
Virtual Machine boot to prompt³	17 seconds	21 seconds
Virtual Machine systemd-analyze³	16 seconds	56 seconds
Minimum RAM to boot in MiB³	800	560
Free RAM on system in MiB³	3000	2700
Imagesize in MiB	277 - 1034	1210
ROOTFS size in MiB	820	1900
ROOTFS packages	227	403
ROOTFS Type	Btrfs on ZRAM	Squashfs
Default Shell	Bash	Zsh
Nano editor with syntax highlighting	✔	✖
Neovim editor with lastplace plugin	✔	✖
Detect high resolution screen size	✔	✖
Show journal on Virtual Console 12	✔	✖
Enable windowkeys on Virtual Consoles	✔	✖
Text browser	Elinks	Lynx
Text browser preconfigured	✔	✖
Chromium browser	✔	✖
Firefox browser	✔	✖
GParted partitioner	✔	✖
Gnome desktop	✔	✖
KDE/Plasma desktop	✔	✖
Sway Wayland compositor	✔	✖
Xfce desktop	✔	✖
VNC installation support	✔	✖
Rust CLI Tools: 3cpio, bandwhich, bat, bottom, choose, dog, dust, dysk, eza, fd, fzf, miniserve, netscanner, ouch, procs, ripgrep, rustscan, sd, trippy, zoxide	✔	✖
Default Font Terminus	✔	✖
Release build speed	4 min 58 sec 3 ISOs & 3 UKIs	5 min 56 sec 1 ISO
Image assembling	grub-mkrescue	xorriso
UEFI bootloader	Grub	Systemd-boot
BIOS bootloader	Grub	Syslinux
Reproducibility	✔	✖
Easy custom live CD creation	✖	✔

★ Optional | ¹ Only local image | ² Acer R11 Chromebook 4GB RAM

³ QEMU (4GB RAM, kvm and virtio backend), normal image

6. Development: GIT And Bugtracker

GIT repository can be found at Arch Linux Gitlab or Github .
Use the Arch Linux Gitlab Bugtracker for filling bugs.

7. Package - Repository / Installation / Usage

Add archboot repository to /etc/pacman.conf:
`[archboot]` `# United States` `Server = https://pkg.archboot.com` `# Europe` `Server = https://pkg.archboot.eu` `# Asia` `Server = https://pkg.archboot.net`

Install the archboot package on x86_64 hardware.
Install the archboot-arm package on aarch64 hardware.
Install the archboot-riscv package on riscv64 hardware.
Install the qemu-user-static package for building aarch64 or riscv64 images on x86_64 hardware.

If you want to build aarch64 or riscv64 images replace x86_64 with the architecture of your choice in the commands and files below.

7.1 Create Rescue System Out Of The Running System

Create the initrd with your chosen profile:
`# archboot-cpio.sh -c /etc/archboot/<profile>.conf -g initrd.img`

Add your used kernel and initrd to your bootloader.

7.2 Create Image Files

7.2.1 Requirement

In order to build images you will need around 3G free space on disk.

7.2.2 Create Image Files Without Modifications

This script creates every installation media with latest available core/extra packages and boot/ directory with kernel and initrds.

Custom OpenSSH Key: Place your public key to /etc/archboot/ssh/archboot-key.pub

Building a new release:
`# archboot-x86_64-release.sh <directory>`

Rebuilding a release (reproducibility):
`# sed -n '12,19p' Release.txt >archboot.key # chmod 600 archboot.key # ssh-keygen -f archboot.key -y archboot-pub.key # Enter passphrase: Archboot # mv archboot{,-pub}.key /etc/archboot/ssh/ # archboot-x86_64-release.sh <directory> \ https://source.archboot.com/release/x86_64/latest/`

7.2.3 Create Image Files With Modifications:

Explanation of the image tools / toolchain.

7.2.3.1 archboot-x86_64-create-container.sh

Create an Archboot container for image creation:
`# archboot-x86_64-create-container.sh <directory>`

To enter the container run:
`# systemd-nspawn -D <directory>`

Modify your container to your needs. Then run archboot-x86_64-iso.sh for image creation in container.

7.2.3.2 Configuration Files For Image Creation:

There are the following configuration files for ISO creation:

/etc/archboot/defaults: defaults for packages, bootloader config and server setup.
/etc/archboot/<profile>.conf: contains the _KERNEL and the _HOOKS, which are used for the initrd.

7.2.3.3 archboot-cpio.sh

The Archboot initramfs toolchain uses its own cpio generator. Some differences to other initcpio creators:

objdump is used for library detection. It's faster than ldd!
libraries for binaries outside of bin/ are not detected!
libraries outside of lib/ are not checked!
tar is used for copying/renaming files and directories. It's faster than install and cp!
mkdir is used for creating directories. It's faster than install!

Concatenated Cpio Initramfs Layout:

3cpio can be used to examine/extract/list the initramfs files.

Part	Function
1	All directories
2	All already compressed files
3	ZSTD compressed rootfs

Options supported in /etc/archboot/<profile>.conf files:

Option	Explanation
_KERNEL=""	defines used kernel
_HOOKS=()	Array that defines the used hooks

Functions supported in /usr/lib/archboot/cpio/hooks/<hook> files:

Function	Explanation
_map <function> <args>	redo <function> on <args>
_dir <directory>	Only creates <directory> on <rootfs>
_full_dir <directory>	Copies the <full directory> as is to <rootfs>
_binary <binary>	Adds <binary> to rootfs, PATH is added, libraries are detected, symlinks are resolved
_file <file>	Adds <file> as is to rootfs, symlinks are resolved
_file_rename <file> <file_rootfs>	Adds <file> as is to rootfs <file_rootfs>
_symlink <linkname> <linkedfile>	Adds symlink <linkname> to <linkedfile> on <rootfs>
_mod <module>	Adds kernel <module> to <rootfs>
_all_mods -f <exclude_pattern> <pattern>	Adds all kernel modules <pattern> to <rootfs>, use -f flag to exclude modules

7.2.3.4 archboot-x86_64-iso.sh

Script for ISO creation from running system or for use in Archboot container.

ISO Type	Run command:
Normal	`# archboot-x86_64-iso.sh -g`
Latest	`# archboot-x86_64-iso.sh -p=x86_64-latest -g`
Local	`# archboot-x86_64-iso.sh -p=x86_64-local -g`

7.2.3.5 archboot-x86_64-uki.sh

Script for UKI creation from running system or for use in Archboot container.

UKI Type	Run command:
Normal	`# archboot-x86_64-uki.sh -g`
Latest	`# archboot-x86_64-uki.sh -p=x86_64-latest -g`
Local	`# archboot-x86_64-uki.sh -p=x86_64-local -g`

7.3. Setting Up An Image Server

7.3.1 Requirements

You have a normal user, which has access to a working gpg setup with own signature.
You have a normal user with ssh access to the server, on which the images should upload.
Add the directories on the remote server, you want to upload to.

7.3.2 Configuration File

You need to configure all your settings in the configuration file: /etc/archboot/defaults

7.3.3 Running Commands

7.3.3.1 X86_64 Architecture

Create server release:
`# archboot-x86_64-server-release.sh`

7.3.3.2 Aarch64/Riscv64 Architecture

You have to skip the tarball creation step, on aarch64 or riscv64 hardware.
Install the qemu-user-static package, for building on x86_64 hardware.
On first time setup you need to create the pacman-aarch64-container tarball on x86_64 hardware.

Create pacman container tarball:
`# archboot-pacman-aarch64-container.sh <build-directory>`
`# archboot-pacman-riscv64-container.sh <build-directory>`

Afterwards you only have to run for each release:

Create server release:
`# archboot-aarch64-server-release.sh`
`# archboot-riscv64-server-release.sh`

7.3.3.3 Automatic Server Update

The /etc/archboot/server-update.conf file defines architectures and update trigger packages.

Enable systemd timer at 02:00:00 AM:
`# systemctl enable archboot-server-update.timer`
`# systemctl start archboot-server-update.timer`

You can skip the automatic generation, by adding a MASK file to the directory, which includes the containers.

8. Testing Image And Files With QEMU

You can run QEMU tests at different stages of ISO creation.

8.1 Running AARCH64:

Install the edk2-aarch64 package.

UEFI GPT mode:
`$ qemu-system-aarch64 -drive file=<isofile>,if=virtio,format=raw \ -usb -boot d -bios /usr/share/edk2/aarch64/QEMU_EFI.fd \ -machine virt -cpu cortex-a57 -device virtio-gpu-pci \ -device nec-usb-xhci -device usb-tablet \ -device usb-kbd -m <memory>`

8.2 Running RISCV64:

MBR mode:

MBR mode:
`$ qemu-system-riscv64 -M virt \ -kernel /usr/share/archboot/u-boot/qemu-riscv64_smode/uboot.elf \ -device virtio-gpu-pci -device virtio-net-device,netdev=eth0 \ -netdev user,id=eth0,hostfwd=tcp::2222-:22 \ -device nec-usb-xhci -device usb-tablet -device usb-kbd \ -object rng-random,filename=/dev/urandom,id=rng \ -device virtio-rng-device,rng=rng \ -drive file=<yourimage>,if=virtio,format=raw -m <memory>`

$ qemu-system-riscv64 -M virt \
-kernel /usr/share/archboot/u-boot/qemu-riscv64_smode/uboot.elf \
-device virtio-gpu-pci -device virtio-net-device,netdev=eth0 \
-netdev user,id=eth0,hostfwd=tcp::2222-:22 \
-device nec-usb-xhci -device usb-tablet -device usb-kbd \
-object rng-random,filename=/dev/urandom,id=rng \
-device virtio-rng-device,rng=rng \
-drive file=<yourimage>,if=virtio,format=raw -m <memory>

Use ssh root@localhost -p 2222 to connect to machine from your running host.

8.3 Running X86_64:

8.3.1 Running Kernel, BIOS MBR, UEFI GPT Without Secure Boot:

kernel and initrd testing:
`$ qemu-system-x86_64 -kernel <kernel> -initrd <initrd> \ -append "rootfstype=ramfs" \ --enable-kvm -usb -usbdevice tablet -m <memory>`

BIOS MBR mode:
`$ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \ -usb -usbdevice tablet --enable-kvm -boot d -m <memory>`

64bit UEFI / 64bit running system:
`$ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \ -usb -usbdevice tablet --enable-kvm -boot d \ drive if=pflash,format=raw,readonly=on,file=/usr/share/edk2/x64/OVMF_CODE.4m.fd -m <memory>`

32bit UEFI / 64bit running system:
`$ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \ -usb -usbdevice tablet --enable-kvm -boot d \ drive if=pflash,format=raw,readonly=on,file=/usr/share/edk2/ia32/OVMF_CODE.4m.fd -m <memory>`

8.3.2 UEFI GPT Secure Boot

Copy OVMF_VARS.secboot_<arch>.fd to a place the user has access to it:
`# cp /usr/share/archboot/ovmf/OVMF_VARS_x64.secboot.fd <directory> # cp /usr/share/archboot/ovmf/OVMF_VARS_ia32.secboot.fd <directory>`

The file already includes a basic set of keys from fedora ovmf package.

64bit UEFI / 64bit running system:

64bit UEFI / 64bit running system:
`$ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \ -usb -usbdevice tablet --enable-kvm -boot d \ -drive if=pflash,format=raw,readonly=on,\ file=/usr/share/archboot/ovmf/OVMF_CODE.secboot_x64.fd \ -drive if=pflash,format=raw,file=OVMF_VARS_x64.secboot.fd \ -global driver=cfi.pflash01,property=secure,value=on \ -machine q35,smm=on,accel=kvm \ -global ICH9-LPC.disable_s3=1 -m <memory>`

$ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \
-usb -usbdevice tablet --enable-kvm -boot d \
-drive if=pflash,format=raw,readonly=on,\
file=/usr/share/archboot/ovmf/OVMF_CODE.secboot_x64.fd \
-drive if=pflash,format=raw,file=OVMF_VARS_x64.secboot.fd \
-global driver=cfi.pflash01,property=secure,value=on \
-machine q35,smm=on,accel=kvm \
-global ICH9-LPC.disable_s3=1 -m <memory>

32bit UEFI / 64bit running system:

32bit UEFI / 64bit running system:
`$ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \ -usb -usbdevice tablet --enable-kvm -boot d \ -drive if=pflash,format=raw,readonly=on,\ file=/usr/share/archboot/ovmf/OVMF_CODE.secboot_ia32.fd \ -drive if=pflash,format=raw,file=OVMF_VARS_ia32.secboot.fd \ -global driver=cfi.pflash01,property=secure,value=on \ -machine q35,smm=on,accel=kvm \ -global ICH9-LPC.disable_s3=1 -m <memory>`

$ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \
-usb -usbdevice tablet --enable-kvm -boot d \
-drive if=pflash,format=raw,readonly=on,\
file=/usr/share/archboot/ovmf/OVMF_CODE.secboot_ia32.fd \
-drive if=pflash,format=raw,file=OVMF_VARS_ia32.secboot.fd \
-global driver=cfi.pflash01,property=secure,value=on \
-machine q35,smm=on,accel=kvm \
-global ICH9-LPC.disable_s3=1 -m <memory>

8.4 Additional Qemu Parameters

KVM virtio network for tap0:
`-device virtio-net-device,netdev=eth0 \ -netdev tap,id=eth0,ifname=tap0,script=no,downscript=no`

KVM virtio harddisk:
`-drive file=yourimagefile,if=virtio,format=raw`

QXL Video device with 800x600 resolution:
`-device qxl-vga,xres=800,yres=600`

8.5 Setting Up A Hwsim SSID

Start a hwsid SSID for wireless testing purposes:
`# archboot-hwsim.sh <SSID>`

9. Arch Linux Wiki

10. Project Links

11. Videos

12. History

Official Arch Linux install medium from Release 0.7 till 2008.03.
Provided i686 and x86_64 on one ISO until 2018.
Since 10-2021 Secure Boot support.
Since 01-2022 aarch64 support.
Since 10-2022 riscv64 support.