Archboot Home | Gallery | Donate

© 2006 - 2024 | Tobias Powalowski | Arch Linux Developer tpowa
Last update: 27.02.2024 10:39

1. Introduction

Archboot is a most advanced, modular Arch Linux boot/install image creation utility to generate
reproducible bootable media for UKI/CD/USB/PXE, designed for installation or rescue operation.
The additional ISOs and UKIs focus on being small, fast and (power)user friendly.

2. Releases

2.1 ISOs - USB / CD / Virtual Machine

Arch Linux Distribution Download Release B2SUM Archive Forum
ARM - aarch641 Browse Packages Check Browse Check
RISC-V - riscv642 Browse Packages Check Browse
X64 - x86_643 Browse Packages Check Browse Check

1 The ISO supports aarch64, Apple Mac M1 and higher for virtual machines eg. Parallels Desktop, UTM and VMware
2 The ISO supports riscv64 and needs U-Boot to launch. Recommended only for testing in a virtual machine.
3 The ISO supports x86_64. Use it for real machines and/or virtual machines.

2.2 UKIs - Unified Kernel Images

AARCH64 X86_64
archboot-aarch64.efi | .sig archboot-x86_64.efi | .sig
archboot-latest-aarch64.efi | .sig archboot-latest-x86_64.efi | .sig
archboot-local-aarch64.efi | .sig archboot-local-x86_64.efi | .sig

The Unified Kernel Image can be booted from your UEFI firmware or bootloader like any other <EFI> file.

2.3 Kernel / Initrd / Microcode / Rescue System / PXE

AARCH64 RISCV64 X86_64
Kernel Image-aarch64 | .sig
Image-aarch64.gz | .sig
vmlinuz-riscv64 | .sig vmlinuz-x86_64 | .sig
Initrd initrd-aarch64.img | .sig
initrd-latest-aarch64.img | .sig
initrd-local-aarch64.img | .sig
initrd-riscv64.img | .sig initrd-x86_64.img | .sig
initrd-latest-x86_64.img | .sig
initrd-local-x86_64.img | .sig
Microcode amd-ucode.img | .sig amd-ucode.img | .sig
intel-ucode.img | .sig

2.4 ISO / Initrd / UKI Types

Type RAM
to boot
Package cache
for installation
date 700M 368M 458M 493M
date-latest 2000M local DHCP
server needed
>= 4G RAM
172M 224M
date-local 2700M 662M 897M

2.5 ISO Boot Modes

Boot Mode AARCH64 RISCV64 X86_64
booting with GRUB
booting with GRUB
Secure Boot
with the included
fedora signed shim
with GRUB
with U-Boot

* Firmware 32bit / OS 64bit

2.6 ISO Writing To USB / CD

A hybrid image file is a standard CD/DVD-burnable image and also a raw disk image.

Use this command with USB thumb drive:
# dd if=<image> of=/dev/<device> bs=1M

3. Features In A Nutshell

3.1 Secure Boot - MOK / Machine Owner Key

  • This method is intended to use for dual booting with Windows, without losing the Secure Boot benefits for Windows.
  • This method will not make your system more secure.
  • It installs the fedora's signed shim, which is not controlled by Arch Linux and breaks the concept of Secure Boot as is.

Please read Roderick Smith’s guide for initial shim setup first.

The included tools for key management: mokutil, sbsigntools, sbctl and mkkeys.sh

3.1.1 Secure Boot - ISO Booting

On initial Secure Boot setup MOK manager is launched:

Add the hash of grub and kernel from ISO in MOK manager:
/EFI/BOOT/GRUB<ARCH>.EFI and /boot/vmlinuz-<ARCH>

3.1.2 Secure Boot - Automatic Setup Routine

The setup script supports the following Secure Boot layout:

3.1.3 Secure Boot - Manual Create MOK

Create and backup your own keys with Microsoft certificates:
# secureboot-keys.sh -name=<yournametoembed> <directory>

3.1.4 Secure Boot - Reset MOK

In order to reset the MOK setup:

Reset MOK:
# mokutil --reset

3.2 Terminal Access

3.2.1 Virtual Consoles - VCs

VC 1-6 VC 11 VC 12
Usage Login console Log messages Systemd Journal
Terminal Keys ALT+F1-F6 ALT+F11 ALT+F12
Graphical Keys CTRL+ALT+F1-F6 CTRL+ALT+F11 CTRL+ALT+F12

Use left/right SUPER | Windows | Command | Search | Apple key or ALT+ or ALT+ to toggle consoles.

3.2.2 Serial Console

Serial console is enabled on ttyS0, ttyAMA0 and ttyUSB0.

3.3 Remote Terminal Access

3.3.1 OpenSSH Terminal

Connect with ssh as root user:
$ ssh root@archboot.local

GNU screen is launched on login and last session will be reattached.

3.3.2 HTTP Browser Terminal - TTYD

Connect with your favourite browser:

GNU screen is launched on login and last session will be reattached.

3.4 Interactive Basic Setup

The interactive scripts are launched on first login.

3.4.1 Localization

Your locale, console font and keymap will be configured by the localize script.

3.4.2 Network Configuration (Online Mode)

3.4.3 Clock Configuration

3.4.4 Pacman Setup (Online Mode)

Pacman will be configured by the pacsetup script.

3.5 Interactive Launcher

3.5.1 Launch Desktop Environment / Remote VNC Access

Gnome, Plasma, Sway and Xfce are supported.

VNC Client
Connect archboot.local
Xorg Password archboot
Wayland Password <none>

3.5.2 Manage Archboot Environment Full Arch Linux System Update Archboot Environment Create New Images

3.6 Interactive Setup

3.6.1 Prepare Storage Drive

3.6.2 Install Packages

3.6.3 Configure System

3.6.4 Install Bootloader

3.7 For Experts: Quickinst Installation

Quickinst experts installation:
# quickinst <directory>

3.8 For Experts: CLI Manage Environment

You can always bump your image to latest available possibilities.

For all options use:
# update -help

3.9 Tools For Backup And Copying Of An Existing System

Archboot provides 2 additional scripts for doing those tasks.

internal backup / copying using tar:
# copy-mountpoint.sh -h
internal or external backup / copying using rsync:
# rsync-backup.sh -h

3.10 Restoring An USB Device To FAT32 State

Attention: This will render all data on your device inaccessible!
# restore-usbstick.sh <device>

3.11 System Configuration On Installed System

You can also run archboot-setup.sh for system configuration on an installed system.

Install your corresponding archboot package for getting the archboot-setup.sh script.

4. FAQ / Known Issues / Limitations

Please check the forum threads or project page for posted fixes and workarounds.

Get latest fixes from GIT:
# update -update

5. Comparison To Archiso Image

Archboot Archiso
Developer(s) tpowa arch-releng team
Arch Install Scripts
Interactive Basic Setup / Installation
Unified Kernel Image
UKI provided and bootloader support
Secure Boot MOK support
with Microsoft certificates
supported by fedora's signed shim
HTTP Browser Terminal - TTYD
Systemd on early userspace
Offline installation support1
Internal update feature
Accessibility support
Mobile broadband modem
management service (modemmanager)
EXT3, F2FS, JFS, NILFS support
Man/Info Pages
Real Machine boot to prompt2 52 seconds 100 seconds
Virtual Machine boot to prompt3 19 seconds 24 seconds
Virtual Machine systemd-analyze3 18 seconds 73 seconds
Minimum RAM to boot in MiB3 780 930
Free RAM on system in MiB3 2912 2588
Imagesize in MiB 224 - 897 978
ROOTFS size in MiB 727 1900
ROOTFS packages 199 426
ROOTFS Type btrfs on ZRAM squashfs
Default Shell Bash Zsh
Nano editor with syntax highlighting
Neovim editor with lastplace plugin
Detect high resolution screen size
Show journal on Virtual Console 12
Enable windowkeys on Virtual Consoles
Text browser Elinks Lynx
IRC client Weechat Irssi
IRC and text browser preconfigured
Chromium browser
Firefox browser
GParted partitioner
Gnome desktop
Gnome Wayland desktop
KDE/Plasma desktop
KDE/Plasma Wayland desktop
Sway Wayland compositor
Xfce desktop
VNC installation support
Default Font Terminus
Release build speed 6 min 11 sec
3 ISOs & 3 UKIs
6 min 26 sec
Image assembling grub-mkrescue xorriso
UEFI bootloader Grub Grub
BIOS bootloader Grub Syslinux
Easy custom live CD creation

★ Optional | 1 Only local image | 2 Acer R11 Chromebook 4GB RAM

3 QEMU (4GB RAM, kvm and virtio backend), normal image

6. Development: GIT And Bugtracker

7. Package - Repository / Installation / Usage

Add archboot repository to /etc/pacman.conf:
# GeoIP
Server = https://archboot.com/pkg

If you want to build aarch64 or riscv64 images replace x86_64 with the architecture of your choice in the commands and files below.

7.1 Create Rescue System Out Of The Running System

Create the initrd with your chosen profile:
# archboot-cpio.sh -c /etc/archboot/<profile>.conf -g initrd.img

Add your used kernel and initrd to your bootloader.

7.2 Create Image Files

7.2.1 Requirement

In order to build images you will need around 3G free space on disk.

7.2.2 Create Image Files Without Modifications

This script creates every installation media with latest available core/extra packages and boot/ directory with kernel and initrds.

Building a new release:
# archboot-x86_64-release.sh <directory>
Rebuilding a release (reproducibility):
# archboot-x86_64-release.sh <directory> \

7.2.3 Create Image Files With Modifications:

Explanation of the image tools / toolchain. archboot-x86_64-create-container.sh

Create an archboot container for image creation:
# archboot-x86_64-create-container.sh <directory>
To enter the container run:
# systemd-nspawn -D <directory>

Modify your container to your needs. Then run archboot-x86_64-iso.sh for image creation in container. Configuration Files For Image Creation:

There are the following configuration files for ISO creation: archboot-cpio.sh

The archboot initrd toolchain uses its own cpio generator. Some differences to other initcpio creators: Options supported in /etc/archboot/<profile>.conf files:
Option Explanation
_KERNEL="" defines used kernel
_HOOKS=() Array that defines the used hooks
Functions supported in /usr/lib/archboot/cpio/hooks/<hook> files:
Function Explanation
_map <function> <args> redo <function> on <args>
_dir <directory> Only creates <directory> on <rootfs>
_full_dir <directory> Copies the <full directory> as is to <rootfs>
_binary <binary> Adds <binary> to rootfs, PATH is added,
libraries are detected, symlinks are resolved
_file <file> Adds <file> as is to rootfs, symlinks are resolved
_file_rename <file> <file_rootfs> Adds <file> as is to rootfs <file_rootfs>
_symlink <linkname> <linkedfile> Adds symlink <linkname> to <linkedfile> on <rootfs>
_mod <module> Adds kernel <module> to <rootfs>
_all_mods -f <exclude_pattern> <pattern> Adds all kernel modules <pattern> to <rootfs>,
use -f flag to exclude modules archboot-x86_64-iso.sh

Script for image creation from running system or for use in archboot container.

ISO Type Run command:
Normal # archboot-x86_64-iso.sh -g
Latest # archboot-x86_64-iso.sh -p=x86_64-latest -g
Local # archboot-x86_64-iso.sh -p=x86_64-local -g

7.3. Setting Up An Image Server

7.3.1 Requirements

7.3.2 Configuration File

You need to configure all your settings in the configuration file: /etc/archboot/defaults

7.3.3 Running Commands X86_64 Architecture

Create server release:
# archboot-x86_64-server-release.sh Aarch64/Riscv64 Architecture

Create pacman chroot tarball:
# archboot-pacman-aarch64-chroot.sh <build-directory>
# archboot-pacman-riscv64-chroot.sh <build-directory>

Afterwards you only have to run for each release:

Create server release:
# archboot-aarch64-server-release.sh
# archboot-riscv64-server-release.sh Server Cleanup

The /etc/archboot/defaults file defines old images purging after 1 month.

8. Testing Image And Files With QEMU

You can run QEMU tests at different stages of ISO creation.

8.1 Running AARCH64:

Install the edk2-armvirt package.

UEFI GPT mode:
$ qemu-system-aarch64 -drive file=<isofile>,if=virtio,format=raw \
-usb -boot d -bios /usr/share/edk2-armvirt/aarch64/QEMU_EFI.fd \
-machine virt -cpu cortex-a57 -device virtio-gpu-pci \
-device nec-usb-xhci -device usb-tablet \
-device usb-kbd -m <memory>

8.2 Running RISCV64:

MBR mode:
$ qemu-system-riscv64 -M virt \
-kernel /usr/share/archboot/u-boot/qemu-riscv64_smode/uboot.elf \
-device virtio-gpu-pci -device virtio-net-device,netdev=eth0 \
-netdev user,id=eth0,hostfwd=tcp::2222-:22 \
-device nec-usb-xhci -device usb-tablet -device usb-kbd \
-object rng-random,filename=/dev/urandom,id=rng \
-device virtio-rng-device,rng=rng \
-drive file=<yourimage>,if=virtio,format=raw -m <memory>

Use ssh root@localhost -p 2222 to connect to machine from your running host.

8.3 Running X86_64:

8.3.1 Running Kernel, BIOS MBR, UEFI GPT Without Secure Boot:

kernel and initrd testing:
$ qemu-system-x86_64 -kernel <kernel> -initrd <initrd> \
-append "rootfstype=ramfs" \
--enable-kvm -usb -usbdevice tablet -m <memory>
BIOS MBR mode:
$ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \
-usb -usbdevice tablet --enable-kvm -boot d -m <memory>
64bit UEFI / 64bit running system:
$ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \
-usb -usbdevice tablet --enable-kvm -boot d \
--bios /usr/share/edk2-ovmf/x64/OVMF.fd -m <memory>
32bit UEFI / 64bit running system:
$ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \
-usb -usbdevice tablet --enable-kvm -boot d \
--bios /usr/share/edk2-ovmf/ia32/OVMF.fd -m <memory>

8.3.2 UEFI GPT Secure Boot

Copy OVMF_VARS.secboot.fd to a place the user has access to it:
# cp /usr/share/archboot/ovmf/OVMF_VARS.secboot.fd <directory>

The file already includes a basic set of keys from fedora ovmf package.

64bit UEFI / 64bit running system:
$ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \
-usb -usbdevice tablet --enable-kvm -boot d \
-drive if=pflash,format=raw,readonly=on,\
file=/usr/share/ovmf/x64/OVMF_CODE.secboot.fd \
-drive if=pflash,format=raw,file=OVMF_VARS.secboot.fd \
-global driver=cfi.pflash01,property=secure,value=on \
-machine q35,smm=on,accel=kvm \
-global ICH9-LPC.disable_s3=1 -m <memory>
32bit UEFI / 64bit running system:
$ qemu-system-x86_64 -drive file=<isofile>,if=virtio,format=raw \
-usb -usbdevice tablet --enable-kvm -boot d \
-drive if=pflash,format=raw,readonly=on,\
file=/usr/share/ovmf/ia32/OVMF_CODE.secboot.fd \
-drive if=pflash,format=raw,file=OVMF_VARS.secboot.fd \
-global driver=cfi.pflash01,property=secure,value=on \
-machine q35,smm=on,accel=kvm \
-global ICH9-LPC.disable_s3=1 -m <memory>

8.4 Additional Qemu Parameters

KVM virtio network for tap0:
-device virtio-net-device,netdev=eth0 \
-netdev tap,id=eth0,ifname=tap0,script=no,downscript=no
KVM virtio harddisk:
-drive file=yourimagefile,if=virtio,format=raw

8.5 Setting Up A Hwsim SSID

Start a hwsid SSID for wireless testing purposes:
# archboot-hwsim.sh <SSID>

9. Arch Linux Wiki

11. Videos

12. History

13. References