Bug#1106024: systemd-boot: creates a useless CSV file

Raphaël Halimi raphael.halimi at gmail.com
Sun May 18 21:18:32 BST 2025 

Package: systemd-boot
Version: 257.2-3

Hi,

systemd-boot's postinst script creates the CSV file for shim's fallback 
helper with the following line:

echo "shim${efi_arch}.efi,${vendor},,This is the boot entry for 
${vendor}" > "${esp_path}/EFI/${vendor}/BOOT${efi_arch_upper}.CSV"

This won't work for several reasons:

1/ This creates a file with ASCII text, whereas fb${efi_arch}.efi 
expects UCS-2 text

2/ There is no parameter for shim${efi_arch}.efi to know what to 
chainload, so it will try to load grub${efi_arch}.efi, which won't exist 
anymore (since the whole stanza will only run if GRUB is removed)

3/ The copy of shim${efi_arch}.efi in \EFI\BOOT is useless by itself, 
since without any parameter or fb{efi_arch}.efi, it will also try to 
chainload a missing grub${efi_arch}.efi (note that this theoretically 
also applies to GRUB, see below)

All necessary information about shim's fallback helper can be found here:

https://github.com/rhboot/shim/blob/main/README.fallback

So systemd-boot's postinst script can be fixed by:

- Also copy fb{efi_arch}.efi to \EFI\BOOT (in addition of shim)

- Create the CSV file with something like:

echo 
"shim${efi_arch}.efi,${vendor_upper},\\EFI\systemd\systemd-boot${efi_arch}.efi 
\\0,This is the boot entry for ${vendor_upper}" | iconv -t UCS-2 > 
"${esp_path}/EFI/${vendor}/BOOT${efi_arch_upper}.CSV"

With these modifications, shim's fallback helper would re-create an UEFI 
boot entry almost identical to the one that the current postinst creates 
with `efibootmgr` (it will prepend shim's path with a backslash, maybe 
it should also be done in the `efibootmgr` command to more closely 
follow shim's behavior, although it currently works as-is) which 
actually works as intended.

To test it, after applying those two modifications, delete the UEFI boot 
entry that was created with `efibootmgr`, use the firmware's boot menu 
to boot from the hard disk, wait for the countdown, and the fallback 
helper will re-create an UEFI boot entry identical to the one created by 
the postinst's `efibootmgr` command.

Regards,

-- 
Raphaël Halimi

More information about the Pkg-systemd-maintainers mailing list