Provided by: systemd_256.5-2ubuntu3.1_amd64 
NAME
kernel-install - Add and remove kernel and initrd images to and from the boot partition
SYNOPSIS
kernel-install [OPTIONS...] add KERNEL-VERSION KERNEL-IMAGE [INITRD-FILE...]
kernel-install [OPTIONS...] add-all
kernel-install [OPTIONS...] remove KERNEL-VERSION
kernel-install [OPTIONS...] inspect [KERNEL-VERSION] [KERNEL-IMAGE] [INITRD-FILE...]
kernel-install [OPTIONS...] list
DESCRIPTION
kernel-install is used to install and remove kernel and initrd images [1] to and from the boot partition,
referred to as $BOOT here. It will usually be one of /boot/, /efi/, or /boot/efi/, see below.
kernel-install will run the executable files ("plugins") located in the directory
/usr/lib/kernel/install.d/ and the local administration directory /etc/kernel/install.d/. All files are
collectively sorted and executed in lexical order, regardless of the directory in which they live.
However, files with identical filenames replace each other. Files in /etc/kernel/install.d/ take
precedence over files with the same name in /usr/lib/kernel/install.d/. This can be used to override a
system-supplied executables with a local file if needed; a symbolic link in /etc/kernel/install.d/ with
the same name as an executable in /usr/lib/kernel/install.d/, pointing to /dev/null, disables the
executable entirely. Executables must have the extension ".install"; other extensions are ignored.
An executable placed in these directories should return 0 on success. It may also return 77 to cause the
whole operation to terminate (executables later in lexical order will be skipped).
COMMANDS
The following commands are understood:
add [[[KERNEL-VERSION] KERNEL-IMAGE] [INITRD-FILE ...]]
This command takes a kernel version string and a path to a kernel image file as arguments. If the
former is omitted, specified as an empty string or as "-" it defaults to the current kernel version,
i.e. the same string uname -r returns. If the latter is omitted, specified as an empty string or as
"-" defaults to /usr/lib/modules/KERNEL_VERSION/vmlinuz. Optionally, one or more initrd images may be
specified as well (note that plugins might generate additional ones).
The executable files from /usr/lib/kernel/install.d/*.install and /etc/kernel/install.d/*.install
(i.e. the plugins) are called with the following arguments:
add KERNEL-VERSION $BOOT/ENTRY-TOKEN/KERNEL-VERSION/ KERNEL-IMAGE \
[INITRD-FILE ...]
The third argument directly refers to the path where to place kernel images, initrd images and other
resources for Boot Loader Specification[2] Type #1 entries (the "entry directory"). If other boot
loader schemes are used the parameter may be ignored.
The ENTRY-TOKEN string is typically the machine ID and is supposed to identify the local installation
on the system. For details see below.
Two default plugins execute the following operations in this case:
• kernel-install creates $BOOT/ENTRY-TOKEN/KERNEL-VERSION, if enabled (see $KERNEL_INSTALL_LAYOUT).
• 50-depmod.install runs depmod(8) for the KERNEL-VERSION.
• 90-loaderentry.install copies KERNEL-IMAGE to $BOOT/ENTRY-TOKEN/KERNEL-VERSION/linux. If
INITRD-FILEs are provided, it also copies them to $BOOT/ENTRY-TOKEN/KERNEL_VERSION/INITRD-FILE.
This can also be used to prepend microcode before the actual initrd. It also creates a boot
loader entry according to the Boot Loader Specification[2] (Type #1) in
$BOOT/loader/entries/ENTRY-TOKEN-KERNEL-VERSION.conf. The title of the entry is the PRETTY_NAME
parameter specified in /etc/os-release or /usr/lib/os-release (if the former is missing), or
"Linux KERNEL-VERSION", if unset.
If $KERNEL_INSTALL_LAYOUT is not "bls", this plugin does nothing.
• 90-uki-copy.install copies a file uki.efi from $KERNEL_INSTALL_STAGING_AREA or if it does not
exist the KERNEL-IMAGE argument, only if it has a ".efi" extension, to
$BOOT/EFI/Linux/ENTRY-TOKEN-KERNEL-VERSION.efi.
If $KERNEL_INSTALL_LAYOUT is not "uki", this plugin does nothing.
Added in version 198.
add-all
This is the same as add (see above), but invokes the operation iteratively for every installed kernel
in /usr/lib/modules/. This operation is only supported on systems where the kernel image is installed
in /usr/lib/modules/KERNEL-VERSION/vmlinuz.
Added in version 255.
remove KERNEL-VERSION
This command expects a kernel version string as single argument.
The executable files from /usr/lib/kernel/install.d/*.install and /etc/kernel/install.d/*.install
(i.e. the plugins) are called with the following arguments:
remove KERNEL-VERSION $BOOT/ENTRY-TOKEN/KERNEL-VERSION/
Afterwards, kernel-install removes the entry directory $BOOT/ENTRY-TOKEN/KERNEL-VERSION/ and its
contents, if it exists.
Two default plugins execute the following operations in this case:
• 50-depmod.install removes the files generated by depmod for this kernel again.
• 90-loaderentry.install removes the file $BOOT/loader/entries/ENTRY-TOKEN-KERNEL-VERSION.conf.
• 90-uki-copy.install removes the file $BOOT/EFI/Linux/ENTRY-TOKEN-KERNEL-VERSION.efi.
Added in version 198.
inspect [[[KERNEL-VERSION] KERNEL-IMAGE] [INITRD-FILE ...]]
Takes the same parameters as add.
Shows the various paths and parameters configured or auto-detected. In particular shows the values of
the various $KERNEL_INSTALL_* environment variables listed below, as they would be passed to plugins.
The --json option can be used to get the output of this verb as a JSON object.
Added in version 251.
list
Shows the various installed kernels. This enumerates the subdirectories of /usr/lib/modules/, and
shows whether a kernel image is installed there.
Added in version 255.
COMPATIBILITY WITH THE KERNEL BUILD SYSTEM
installkernel [OPTIONS...] VERSION VMLINUZ [MAP] [INSTALLATION-DIR]
When invoked as installkernel, this program accepts arguments as specified by the kernel build system's
make install command. The VERSION and VMLINUZ parameters specify the kernel version and the kernel
binary. The other two parameters (MAP and INSTALLATION-DIR) are currently ignored.
THE $BOOT PARTITION
The partition where the kernels and Boot Loader Specification[2] snippets are located is called $BOOT.
kernel-install determines the location of this partition by checking /efi/, /boot/, and /boot/efi/ in
turn. The first location where $BOOT/loader/entries/ or $BOOT/ENTRY-TOKEN/ exists is used.
OPTIONS
The following options are understood:
--esp-path=
Path to the EFI System Partition (ESP). If not specified, /efi/, /boot/, and /boot/efi/ are checked
in turn. It is recommended to mount the ESP to /efi/, if possible.
--boot-path=
Path to the Extended Boot Loader partition, as defined in the Boot Loader Specification[2]. If not
specified, /boot/ is checked. It is recommended to mount the Extended Boot Loader partition to
/boot/, if possible.
--make-entry-directory=yes|no|auto
Controls creation and deletion of the Boot Loader Specification[2] Type #1 entry directory on the
file system containing resources such as kernel and initrd images during add and remove,
respectively. The directory is named after the entry token, and is placed immediately below the boot
root directory. When "auto", the directory is created or removed only when the install layout is
"bls". Defaults to "auto".
Added in version 254.
--entry-token=
Controls how to name and identify boot loader entries for this kernel installation or deletion. Takes
one of "auto", "machine-id", "os-id", "os-image-id", or an arbitrary string prefixed by "literal:" as
argument.
If set to machine-id the entries are named after the machine ID of the running system (e.g.
"b0e793a9baf14b5fa13ecbe84ff637ac"). See machine-id(5) for details about the machine ID concept and
file.
If set to os-id the entries are named after the OS ID of the running system, i.e. the ID= field of
os-release(5) (e.g. "fedora"). Similarly, if set to os-image-id the entries are named after the OS
image ID of the running system, i.e. the IMAGE_ID= field of os-release (e.g.
"vendorx-cashier-system").
If set to auto (the default), the /etc/kernel/entry-token (or $KERNEL_INSTALL_CONF_ROOT/entry-token)
file will be read if it exists, and the stored value used. Otherwise if the local machine ID is
initialized it is used. Otherwise IMAGE_ID= from os-release will be used, if set. Otherwise, ID= from
os-release will be used, if set. Otherwise a randomly generated machine ID is used.
Using the machine ID for naming the entries is generally preferable, however there are cases where
using the other identifiers is a good option. Specifically: if the identification data that the
machine ID entails shall not be stored on the (unencrypted) $BOOT_ROOT partition, or if the ID shall
be generated on first boot and is not known when the entries are prepared. Note that using the
machine ID has the benefit that multiple parallel installations of the same OS can coexist on the
same medium, and they can update their boot loader entries independently. When using another
identifier (such as the OS ID or the OS image ID), parallel installations of the same OS would try to
use the same entry name. To support parallel installations, the installer must use a different entry
token when adding a second installation.
Added in version 254.
-v, --verbose
Output additional information about operations being performed.
Added in version 242.
--root=root
Takes a directory path as an argument. All paths will be prefixed with the given alternate root path,
including config search paths. This is useful to operate on a system image mounted to the specified
directory instead of the host system itself.
Added in version 255.
--image=image
Takes a path to a disk image file or block device node. If specified, all operations are applied to
the file system in the indicated disk image. This option is similar to --root=, but operates on file
systems stored in disk images or block devices. The disk image should either contain just a file
system or a set of file systems within a GPT partition table, following the Discoverable Partitions
Specification[3]. For further information on supported disk images, see systemd-nspawn(1)'s switch of
the same name.
Added in version 255.
-h, --help
Print a short help text and exit.
--version
Print a short version string and exit.
--no-pager
Do not pipe output into a pager.
--json=MODE
Shows output formatted as JSON. Expects one of "short" (for the shortest possible output without any
redundant whitespace or line breaks), "pretty" (for a pretty version of the same, with indentation
and line breaks) or "off" (to turn off JSON output, the default).
--image-policy=policy
Takes an image policy string as argument, as per systemd.image-policy(7). The policy is enforced when
operating on the disk image specified via --image=, see above. If not specified defaults to the "*"
policy, i.e. all recognized file systems in the image are used.
--no-legend
Do not print the legend, i.e. column headers and the footer with hints.
ENVIRONMENT VARIABLES
Environment variables exported for plugins
If --verbose is used, $KERNEL_INSTALL_VERBOSE=1 will be exported for plugins. They may output additional
logs in this case.
$KERNEL_INSTALL_IMAGE_TYPE=uki|pe|unknown is set for the plugins to specify the type of the kernel image.
uki
Unified kernel image.
Added in version 254.
pe
PE binary.
Added in version 254.
unknown
Unknown type.
Added in version 254.
$KERNEL_INSTALL_MACHINE_ID is set for the plugins to the desired machine-id to use. It's always a 128-bit
ID. Normally it's read from /etc/machine-id, but it can also be overridden via $MACHINE_ID (see below).
If not specified via these methods, a fallback value will generated by kernel-install and used only for a
single invocation.
$KERNEL_INSTALL_ENTRY_TOKEN is set for the plugins to the desired entry "token" to use. It's an
identifier that shall be used to identify the local installation, and is often the machine ID, i.e. same
as $KERNEL_INSTALL_MACHINE_ID, but might also be a different type of identifier, for example a fixed
string or the ID=, IMAGE_ID= values from /etc/os-release. The string passed here will be used to name
Boot Loader Specification entries, or the directories the kernel image and initial RAM disk images are
placed into.
Note that while $KERNEL_INSTALL_ENTRY_TOKEN and $KERNEL_INSTALL_MACHINE_ID are often set to the same
value, the latter is guaranteed to be a valid 32 character ID in lowercase hexadecimals while the former
can be any short string. The entry token to use is read from /etc/kernel/entry-token, if it exists.
Otherwise a few possible candidates below $BOOT are checked for Boot Loader Specification Type 1 entry
directories, and if found the entry token is derived from that. If that is not successful,
$KERNEL_INSTALL_MACHINE_ID is used as fallback.
$KERNEL_INSTALL_BOOT_ROOT is set for the plugins to the absolute path of the root directory (mount point,
usually) of the hierarchy where boot loader entries, kernel images, and associated resources should be
placed. This usually is the path where the XBOOTLDR partition or the ESP (EFI System Partition) are
mounted, and also conceptually referred to as $BOOT. Can be overridden by setting $BOOT_ROOT (see below).
$KERNEL_INSTALL_LAYOUT=auto|bls|uki|other|... is set for the plugins to specify the installation layout.
Additional layout names may be defined by convention. If a plugin uses a special layout, it's encouraged
to declare its own layout name and configure layout= in install.conf upon initial installation. The
following values are currently understood:
bls
Standard Boot Loader Specification[2] Type #1 layout, compatible with systemd-boot(7): entries in
$BOOT/loader/entries/ENTRY-TOKEN-KERNEL-VERSION[+TRIES].conf, kernel and initrds under
$BOOT/ENTRY-TOKEN/KERNEL-VERSION/
Implemented by 90-loaderentry.install.
Added in version 250.
uki
Standard Boot Loader Specification[2] Type #2 layout, compatible with systemd-boot(7): unified kernel
images under $BOOT/EFI/Linux as $BOOT/EFI/Linux/ENTRY-TOKEN-KERNEL-VERSION[+TRIES].efi.
Implemented by 90-uki-copy.install.
Added in version 253.
other
Some other layout not understood natively by kernel-install.
Added in version 250.
auto
Pick the layout automatically. If the kernel is a UKI set layout to uki. If not default to bls if
$BOOT/loader/entries.srel with content "type1" or $BOOT/ENTRY-TOKEN exists, or other otherwise.
Leaving layout blank has the same effect. This is the default.
Added in version 254.
$KERNEL_INSTALL_INITRD_GENERATOR and $KERNEL_INSTALL_UKI_GENERATOR are set for plugins to select the
initrd and/or UKI generator. This may be configured as initrd_generator= and uki_generator= in
install.conf, see below.
$KERNEL_INSTALL_STAGING_AREA is set for plugins to a path to a directory. Plugins may drop files in that
directory, and they will be installed as part of the loader entry, based on the file name and extension:
Files named initrd* will be installed as INITRD-FILEs, and files named microcode* will be prepended
before INITRD-FILEs.
Environment variables understood by kernel-install
$KERNEL_INSTALL_CONF_ROOT can be set to override the location of the configuration files read by
kernel-install. When set, install.conf, entry-token, and other files will be read from this directory
only. Note that this path is relative to the host, and in particular symlinks in this directory are
resolved relative to the host, even if --root=root is used. This means that it is generally not correct
to use this variable to specify a directory underneath root if symlinks are used there.
$KERNEL_INSTALL_PLUGINS can be set to override the list of plugins executed by kernel-install. The
argument is a whitespace-separated list of paths. "KERNEL_INSTALL_PLUGINS=:" may be used to prevent any
plugins from running.
$MACHINE_ID can be set for kernel-install to override $KERNEL_INSTALL_MACHINE_ID, the machine ID.
$BOOT_ROOT can be set for kernel-install to override $KERNEL_INSTALL_BOOT_ROOT, the installation location
for boot entries.
The last two variables may also be set in install.conf. Variables set in the environment take precedence
over the values specified in the config file.
EXIT STATUS
If every executable returns 0 or 77, 0 is returned, and a non-zero failure code otherwise.
FILES
/etc/kernel/install.d/*.install, /usr/lib/kernel/install.d/*.install
Drop-in files which are executed by kernel-install.
Added in version 198.
/etc/kernel/cmdline, /usr/lib/kernel/cmdline, /proc/cmdline
Specifies the kernel command line to use. The first of the files that is found will be used.
$KERNEL_INSTALL_CONF_ROOT may be used to override the search path; see below for details.
Added in version 198.
/etc/kernel/devicetree, /usr/lib/kernel/devicetree
Specifies the partial path to the file containing the device tree blob to install with the kernel and
use at boot. The first of the files that is found will be used. $KERNEL_INSTALL_CONF_ROOT may be
used to override the search path; see below for details.
The devicetree file contains a path, and this path specifies a location relative to the kernel
install tree. A set of locations is checked, including in particular
/usr/lib/modules/KERNEL_VERSION/dtb/, which is the recommended location to place the dtb files under.
For example, with "broadcom/bcm2711-rpi-4-b.dtb" in the devicetree file, the device tree blob for the
Raspberry Pi 4 Model B would be installed, and the actual file would be
/usr/lib/modules/KERNEL_VERSION/dtb/broadcom/bcm2711-rpi-4-b.dtb.
Added in version 255.
/etc/kernel/tries
Read by 90-loaderentry.install and 90-uki-copy.install. If this file exists, a numeric value is read
from it and the naming of the generated entry file or UKI is altered to include it as
$BOOT/loader/entries/ENTRY-TOKEN-KERNEL-VERSION+TRIES.conf or
$BOOT/EFI/Linux/ENTRY-TOKEN-KERNEL-VERSION+TRIES.efi, respectively. This is useful for boot loaders
such as systemd-boot(7) which implement boot attempt counting with a counter embedded in the entry
file name. $KERNEL_INSTALL_CONF_ROOT may be used to override the search path; see below for details.
Added in version 240.
/etc/kernel/entry-token
If this file exists it is read and used as "entry token" for this system, i.e. is used for naming
Boot Loader Specification entries. See $KERNEL_INSTALL_ENTRY_TOKEN above for details.
$KERNEL_INSTALL_CONF_ROOT may be used to override the search path; see below for details.
Added in version 251.
/etc/machine-id
The content of this file specifies the machine identification MACHINE-ID.
Added in version 198.
/etc/os-release, /usr/lib/os-release
Read by 90-loaderentry.install. If available, PRETTY_NAME= is read from these files and used as the
title of the boot menu entry. Otherwise, "Linux KERNEL-VERSION" will be used.
Added in version 198.
/etc/kernel/install.conf, /run/kernel/install.conf, /usr/local/lib/kernel/install.conf,
/usr/lib/kernel/install.conf, /etc/kernel/install.conf.d/*.conf, /run/kernel/install.conf.d/*.conf,
/usr/local/lib/kernel/install.conf.d/*.conf, /usr/lib/kernel/install.conf.d/*.conf
Configuration file with options for kernel-install, as a series of KEY=VALUE assignments, compatible
with shell syntax, following the same rules as described in os-release(5). The first of the files
that is found will be used. $KERNEL_INSTALL_CONF_ROOT may be used to override the search path; see
below for details. Drop-in files may also be used to extend the configuration with overrides, see
systemd.unit(5).
Currently, the following keys are supported: MACHINE_ID=, BOOT_ROOT=, layout=, initrd_generator=,
uki_generator=. See the Environment variables section above for details.
Added in version 250.
/etc/kernel/uki.conf
Ini-style configuration file for ukify(1) which is only effective when $KERNEL_INSTALL_LAYOUT or
layout= in install.conf is set to uki and $KERNEL_INSTALL_UKI_GENERATOR or uki_generator= in
install.conf is set to ukify, or is unset. $KERNEL_INSTALL_CONF_ROOT may be used to override the
search path; see below for details.
Added in version 255.
/usr/lib/modules/KERNEL-VERSION/
Location for installed kernel modules and other kernel related resources. For each locally installed
kernel a directory named after the kernel version (uname -r) is kept.
Added in version 255.
/usr/lib/modules/KERNEL-VERSION/vmlinuz
Location for installed kernel images. This is the recommended location for OS package managers to
install kernel images into (as applicable), from which kernel-install add then copies it into the
final boot partition.
Added in version 255.
For various cases listed above, if the $KERNEL_INSTALL_CONF_ROOT environment variable is set, it will
override the search path. The files will be loaded only from the directory specified by the environment
variable. When the variable is not set, the listed paths are tried in turn, and the first file that
exists is used.
SEE ALSO
machine-id(5), os-release(5), depmod(8), systemd-boot(7), ukify(1), Boot Loader Specification[2]
NOTES
1. Nowadays actually CPIO archives used as an "initramfs", rather than "initrd". See bootup(7) for an
explanation.
2. Boot Loader Specification
https://uapi-group.org/specifications/specs/boot_loader_specification
3. Discoverable Partitions Specification
https://uapi-group.org/specifications/specs/discoverable_partitions_specification