Skip to content

Unbootable UKI with systemd 255 (stuck on firmware vendor logo)

Description:

Systemd 255 generates unified kernel images (UKIs) which are unbootable on my system.

Details

My system:

$ hostnamectl
 Static hostname: my-laptop
       Icon name: computer-laptop
         Chassis: laptop 💻
      Machine ID: 02a1dade3f384cadb7d6643ade995e17
         Boot ID: 1952ba26b32542ef922844e651edc6eb
Operating System: Arch Linux
          Kernel: Linux 6.6.4-arch1-1
    Architecture: x86-64
 Hardware Vendor: Dell Inc.
  Hardware Model: XPS 9315
Firmware Version: 1.15.0
   Firmware Date: Tue 2023-10-24
    Firmware Age: 1month 2w

I use kernel-install with this configuration to install kernels as UKIs (for simpler secure boot setup):

$ cat /etc/kernel/install.conf
# Generate a UKI with mkinitcpio
layout=uki
initrd_generator=mkinitcpio

My mkinitcpio configuration and my kernel command line are pretty ordinary:

$ cat /etc/mkinitcpio.conf.d/*
# Basic systemd-based initrd
# No extra modules or files
MODULES=()
FILES=()
# All basic hooks
HOOKS=(base systemd btrfs autodetect modconf keyboard sd-vconsole sd-encrypt block filesystems fsck)
# vim:set ft=sh
# Add coretemp for thermald
MODULES+=(coretemp)
# vim:set ft=sh
# Add standard hook for early KMS
HOOKS+=(kms)
$ cat /etc/cmdline.d/*
systemd.log_level=debug
zswap.enabled=0
rootflags=compress=zstd:1
lockdown=integrity

I have no extra or non-default kernel-install hooks; I'm just using the defaults from mkinitcpio and systemd.

I install kernels with kernel-install add 6.6.4-arch1-1 /usr/lib/modules/6.6.4-arch1-1/vmlinuz.

My bootloader is systemd-book, with no extra configuration.

With systemd 254.6-2 this works flawlessly, but with systemd 255-1 the UKI won't boot; I get stuck at the firmware vendor logo (if I boot w/ systemd-boot's menu hidden) or a blank screen (if I use the systemd-boot menu to select a kernel). The system doesn't react to anything other than a hard reset (sysrq REISUB doesn't do anything).

Hence I don't have any actual debug information; there are no log messages on screen, and there's no journal either, because it doesn't even unlock the encrypted root partition.

I search for an upstream issue in systemd but didn't find any that apply. I hesitate to open an upstream issue, because I don't have any actual debug information.

Additional info:

  • package version(s): systemd 255-1
  • config and/or log files: none
  • link to upstream bug report, if any: n/a

Steps to reproduce:

See above for detailed setup.

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information