Archboot Home | Gallery | Donate

2024 Fundraise: 0% 0% 100%

© 2006 - 2024 | Tobias Powalowski | Arch Linux Developer tpowa
Last update: 21.07.2024 16:00

1. Introduction

Archboot is a most advanced, modular Arch Linux boot/install image creation utility to generate
reproducible bootable media for UKI/CD/USB/PXE, designed for installation or rescue operation.
The additional ISOs and UKIs focus on being small, fast and (power)user friendly.

2. Releases

Arch Linux Distribution Download Release B2SUM Archive Forum
ARM - aarch641 U.S. | EU | Asia Packages Check Browse Check
RISC-V - riscv642 U.S. | EU | Asia Packages Check Browse
X64 - x86_643 U.S. | EU | Asia Packages Check Browse Check

1 Supports aarch64, Apple Mac M1 and higher for virtual machines eg. Parallels Desktop, UTM and VMware
2 Supports riscv64 and needs U-Boot to launch. Recommended only for testing in a virtual machine.
3 Supports x86_64. Use it for real machines and/or virtual machines.

Further Mirror
Germany | DE

2.1 ISO / Initrd / UKI Types

Type RAM
to boot
Package cache
for installation
date 830M
date-latest 2300M local DHCP
server needed
>= 4G RAM
date-local 3000M

2.2 ISO Boot Modes

Boot Mode AARCH64 RISCV64 X86_64
booting with GRUB
booting with GRUB
Secure Boot
with the included
fedora signed shim
with GRUB
with U-Boot

* Firmware 32bit / OS 64bit

2.3 ISO Writing To USB / CD

A hybrid image file is a standard CD/DVD-burnable image and also a raw disk image.

Use this command with USB thumb drive:
# dd if=<image> of=/dev/<device> bs=1M

3. Features In A Nutshell

3.1 Secure Boot - MOK / Machine Owner Key

  • This method is intended to use for dual booting with Windows, without losing the Secure Boot benefits for Windows.
  • This method will not make your system more secure.
  • It installs the fedora's signed shim, which is not controlled by Arch Linux and breaks the concept of Secure Boot as is.

Please read Roderick Smith’s guide for initial shim setup first.

The included tools for key management: mokutil, sbsigntools, sbctl and mkkeys.sh

3.1.1 Secure Boot - ISO Booting

On initial Secure Boot setup MOK manager is launched:

Add the hash of grub and kernel from ISO in MOK manager:
/EFI/BOOT/GRUB<ARCH>.EFI and /boot/vmlinuz-<ARCH>

3.1.2 Secure Boot - Automatic Setup Routine

The setup script supports the following Secure Boot layout:

3.1.3 Secure Boot - Manual Create MOK

Create and backup your own keys with Microsoft certificates:
# secureboot-keys.sh -name=<yournametoembed> <directory>

3.1.4 Secure Boot - Reset MOK

In order to reset the MOK setup:

Reset MOK:
# mokutil --reset

3.2 Terminal Access

3.2.1 Virtual Consoles - VCs

VC 1-4 VC 5 VC 6 VC 11 VC 12
Usage Login Consoles Network Status System Status Log Messages Systemd Journal
Terminal Keys ALT+F1-F4 ALT+F5 ALT+F6 ALT+F11 ALT+F12

Use left/right SUPER | Windows | Command | Search | Apple key or ALT+ or ALT+ to toggle consoles.

3.2.2 Serial Console

Serial console is enabled on ttyS0, ttyAMA0 and ttyUSB0.

3.3 Remote Terminal Access

3.3.1 OpenSSH Terminal

Access the terminal with OpenSSH.

Parameter Value
Default Key embedded in Release.txt or
$ /etc/archboot/ssh/archboot-key
Default Passphrase Archboot
Port 11838
Connect with ssh as root user (don't touch users known_hosts file):
$ ssh -i <yourkeyfile> -p 11838 -o StrictHostKeychecking=no \ -o UserKnownHostsFile=/dev/null root@archboot.local

GNU screen is launched on login and last session will be reattached.

3.3.2 HTTP Browser Terminal - TTYD

Parameter Value
Favourite Browser http://archboot.local:7681
Default Passphrase Archboot

GNU screen is launched on login and last session will be reattached.

3.4 Interactive Basic Setup

The interactive scripts are launched on first login.

3.4.1 Localization

Your locale, console font and keymap will be configured by the localize script.

3.4.2 Network Configuration (Online Mode)

3.4.3 Clock Configuration

3.4.4 Pacman Setup (Online Mode)

Pacman will be configured by the pacsetup script.

3.5 Interactive Launcher

3.5.1 Launch Desktop Environment / Remote VNC Access

Gnome, Plasma, Sway and Xfce are supported.

VNC Client
Connect archboot.local
Xorg Password archboot
Wayland Password <none>

3.5.2 Manage Archboot Environment Full Arch Linux System Update Archboot Environment Create New Images

3.6 Interactive Setup

3.6.1 Prepare Storage Drive

3.6.2 Install Packages

3.6.3 Configure System

3.6.4 Install Bootloader

3.7 For Experts: Quickinst Installation

Quickinst experts installation:
# quickinst <directory>

3.8 For Experts: CLI Manage Environment

You can always bump your image to latest available possibilities.

For all options use:
# update -help

3.9 Tools For Backup And Copying Of An Existing System

Archboot provides 2 additional scripts for doing those tasks.

internal backup / copying using tar:
# copy-mountpoint.sh -h
internal or external backup / copying using rsync:
# rsync-backup.sh -h

3.10 Restoring An USB Device To FAT32 State

Attention: This will render all data on your device inaccessible!
# restore-usbstick.sh <device>

3.11 System Configuration On Installed System

You can also run archboot-setup.sh for system configuration on an installed system.

Install your corresponding archboot package for getting the archboot-setup.sh script.

4. FAQ / Known Issues / Limitations

Please check the forum threads or project page for posted fixes and workarounds.

Get latest fixes from GIT:
# update -update

5. Comparison To Archiso Image

Archboot Archiso
Developer(s) tpowa arch-releng team
Arch Install Scripts
Interactive Basic Setup / Installation
Unified Kernel Image
UKI system provided
Secure Boot MOK support
with Microsoft certificates
supported by fedora's signed shim
OpenSSH public key support
HTTP Browser Terminal - TTYD
Systemd on early userspace
Offline installation support1
Internal update feature
Accessibility support
Mobile broadband modem
management service (modemmanager)
EXT2/3, F2FS, JFS, NILFS support
BCACHEFS support
Swap File Support
Default Shell Switch
Bash or Zsh
Man/Info Pages
Real Machine boot to prompt2 36 seconds 79 seconds
Virtual Machine boot to prompt3 17 seconds 25 seconds
Virtual Machine systemd-analyze3 16 seconds 60 seconds
Minimum RAM to boot in MiB3 800 560
Free RAM on system in MiB3 3084 2730
Imagesize in MiB 263 - 978 1173
ROOTFS size in MiB 740 1900
ROOTFS packages 218 418
ROOTFS Type Btrfs on ZRAM Squashfs
Default Shell Bash Zsh
Nano editor with syntax highlighting
Neovim editor with lastplace plugin
Detect high resolution screen size
Show journal on Virtual Console 12
Enable windowkeys on Virtual Consoles
Text browser Elinks Lynx
Text browser preconfigured
Chromium browser
Firefox browser
GParted partitioner
Gnome desktop
KDE/Plasma desktop
Sway Wayland compositor
Xfce desktop
VNC installation support
Rust CLI Tools:
3cpio, bandwhich, bat, bottom, dust,
eza, fd, fzf, procs, ripgrep, rustscan,
sd, zoxide
Default Font Terminus
Release build speed 4 min 58 sec
3 ISOs & 3 UKIs
5 min 56 sec
Image assembling grub-mkrescue xorriso
UEFI bootloader Grub Systemd-boot
BIOS bootloader Grub Syslinux
Easy custom live CD creation

★ Optional | 1 Only local image | 2 Acer R11 Chromebook 4GB RAM

3 QEMU (4GB RAM, kvm and virtio backend), normal image

6. Development: GIT And Bugtracker

7. Package - Repository / Installation / Usage

Add archboot repository to /etc/pacman.conf:
# United States
Server = https://pkg.archboot.com
# Europe
Server = https://pkg.archboot.de
# Asia
Server = https://pkg.archboot.net

If you want to build aarch64 or riscv64 images replace x86_64 with the architecture of your choice in the commands and files below.

7.1 Create Rescue System Out Of The Running System

Create the initrd with your chosen profile:
# archboot-cpio.sh -c /etc/archboot/<profile>.conf -g initrd.img

Add your used kernel and initrd to your bootloader.

7.2 Create Image Files

7.2.1 Requirement

In order to build images you will need around 3G free space on disk.

7.2.2 Create Image Files Without Modifications

This script creates every installation media with latest available core/extra packages and boot/ directory with kernel and initrds.

  • Custom OpenSSH Key: Place your public key to /etc/archboot/ssh/archboot-key.pub
  • Building a new release:
    # archboot-x86_64-release.sh <directory>
    Rebuilding a release (reproducibility):
    # sed -n '12,19p' Release.txt >archboot.key
    # chmod 600 archboot.key
    # ssh-keygen -f archboot.key -y archboot-pub.key
    # Enter passphrase: Archboot
    # mv archboot{,-pub}.key /etc/archboot/ssh/
    # archboot-x86_64-release.sh <directory> \

    7.2.3 Create Image Files With Modifications:

    Explanation of the image tools / toolchain. archboot-x86_64-create-container.sh

    Create an archboot container for image creation:
    # archboot-x86_64-create-container.sh <directory>
    To enter the container run:
    # systemd-nspawn -D <directory>

    Modify your container to your needs. Then run archboot-x86_64-iso.sh for image creation in container. Configuration Files For Image Creation:

    There are the following configuration files for ISO creation: archboot-cpio.sh

    The archboot initrd toolchain uses its own cpio generator. Some differences to other initcpio creators: Concatenated Cpio Initramfs Layout:

    3cpio can be used to examine/extract/list the initramfs files.

    Part Function
    1 All directories
    2 All already compressed files
    3 ZSTD compressed rootfs
    Options supported in /etc/archboot/<profile>.conf files:
    Option Explanation
    _KERNEL="" defines used kernel
    _HOOKS=() Array that defines the used hooks
    Functions supported in /usr/lib/archboot/cpio/hooks/<hook> files:
    Function Explanation
    _map <function> <args> redo <function> on <args>
    _dir <directory> Only creates <directory> on <rootfs>
    _full_dir <directory> Copies the <full directory> as is to <rootfs>
    _binary <binary> Adds <binary> to rootfs, PATH is added,
    libraries are detected, symlinks are resolved
    _file <file> Adds <file> as is to rootfs, symlinks are resolved
    _file_rename <file> <file_rootfs> Adds <file> as is to rootfs <file_rootfs>
    _symlink <linkname> <linkedfile> Adds symlink <linkname> to <linkedfile> on <rootfs>
    _mod <module> Adds kernel <module> to <rootfs>
    _all_mods -f <exclude_pattern> <pattern> Adds all kernel modules <pattern> to <rootfs>,
    use -f flag to exclude modules archboot-x86_64-iso.sh

    Script for image creation from running system or for use in archboot container.

    ISO Type Run command:
    Normal # archboot-x86_64-iso.sh -g
    Latest # archboot-x86_64-iso.sh -p=x86_64-latest -g
    Local # archboot-x86_64-iso.sh -p=x86_64-local -g

    7.3. Setting Up An Image Server

    7.3.1 Requirements

    7.3.2 Configuration File

    You need to configure all your settings in the configuration file: /etc/archboot/defaults

    7.3.3 Running Commands X86_64 Architecture

    Create server release:
    # archboot-x86_64-server-release.sh Aarch64/Riscv64 Architecture

    Create pacman chroot tarball:
    # archboot-pacman-aarch64-chroot.sh <build-directory>
    # archboot-pacman-riscv64-chroot.sh <build-directory>

    Afterwards you only have to run for each release:

    Create server release:
    # archboot-aarch64-server-release.sh
    # archboot-riscv64-server-release.sh Server Cleanup

    The /etc/archboot/defaults file defines old images purging after 1 month.

    8. Testing Image And Files With QEMU

    You can run QEMU tests at different stages of ISO creation.

    8.1 Running AARCH64:

    Install the edk2-armvirt package.

    UEFI GPT mode:
    $ qemu-system-aarch64 -drive file=<isofile>,if=virtio,format=raw \
    -usb -boot d -bios /usr/share/edk2-armvirt/aarch64/QEMU_EFI.fd \
    -machine virt -cpu cortex-a57 -device virtio-gpu-pci \
    -device nec-usb-xhci -device usb-tablet \
    -device usb-kbd -m <memory>

    8.2 Running RISCV64:

    MBR mode:
    $ qemu-system-riscv64 -M virt \
    -kernel /usr/share/archboot/u-boot/qemu-riscv64_smode/uboot.elf \
    -device virtio-gpu-pci -device virtio-net-device,netdev=eth0 \
    -netdev user,id=eth0,hostfwd=tcp::2222-:22 \
    -device nec-usb-xhci -device usb-tablet -device usb-kbd \
    -object rng-random,filename=/dev/urandom,id=rng \
    -device virtio-rng-device,rng=rng \
    -drive file=<yourimage>,if=virtio,format=raw -m <memory>

    Use ssh root@localhost -p 2222 to connect to machine from your running host.

    8.3 Running X86_64:

    8.3.1 Running Kernel, BIOS MBR, UEFI GPT Without Secure Boot:

    kernel and initrd testing:
    $ qemu-system-x86_64 -kernel <kernel> -initrd <initrd> \
    -append "rootfstype=ramfs" \
    --enable-kvm -usb -usbdevice tablet -m <memory>
    BIOS MBR mode:
    $ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \
    -usb -usbdevice tablet --enable-kvm -boot d -m <memory>
    64bit UEFI / 64bit running system:
    $ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \
    -usb -usbdevice tablet --enable-kvm -boot d \
    --bios /usr/share/edk2-ovmf/x64/OVMF.fd -m <memory>
    32bit UEFI / 64bit running system:
    $ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \
    -usb -usbdevice tablet --enable-kvm -boot d \
    --bios /usr/share/edk2-ovmf/ia32/OVMF.fd -m <memory>

    8.3.2 UEFI GPT Secure Boot

    Copy OVMF_VARS.secboot_<arch>.fd to a place the user has access to it:
    # cp /usr/share/archboot/ovmf/OVMF_VARS_x64.secboot.fd <directory> # cp /usr/share/archboot/ovmf/OVMF_VARS_ia32.secboot.fd <directory>

    The file already includes a basic set of keys from fedora ovmf package.

    64bit UEFI / 64bit running system:
    $ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \
    -usb -usbdevice tablet --enable-kvm -boot d \
    -drive if=pflash,format=raw,readonly=on,\
    file=/usr/share/archboot/ovmf/OVMF_CODE.secboot_x64.fd \
    -drive if=pflash,format=raw,file=OVMF_VARS_x64.secboot.fd \
    -global driver=cfi.pflash01,property=secure,value=on \
    -machine q35,smm=on,accel=kvm \
    -global ICH9-LPC.disable_s3=1 -m <memory>
    32bit UEFI / 64bit running system:
    $ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \
    -usb -usbdevice tablet --enable-kvm -boot d \
    -drive if=pflash,format=raw,readonly=on,\
    file=/usr/share/archboot/ovmf/OVMF_CODE.secboot_ia32.fd \
    -drive if=pflash,format=raw,file=OVMF_VARS_ia32.secboot.fd \
    -global driver=cfi.pflash01,property=secure,value=on \
    -machine q35,smm=on,accel=kvm \
    -global ICH9-LPC.disable_s3=1 -m <memory>

    8.4 Additional Qemu Parameters

    KVM virtio network for tap0:
    -device virtio-net-device,netdev=eth0 \
    -netdev tap,id=eth0,ifname=tap0,script=no,downscript=no
    KVM virtio harddisk:
    -drive file=yourimagefile,if=virtio,format=raw
    QXL Video device with 800x600 resolution:
    -device qxl-vga,xres=800,yres=600

    8.5 Setting Up A Hwsim SSID

    Start a hwsid SSID for wireless testing purposes:
    # archboot-hwsim.sh <SSID>

    9. Arch Linux Wiki

    11. Videos

    12. History

    13. References