Since many years, GRUB has been the default manager of every Linux distribution. This until systemd-boot has born, allowing easier configuration and promising enhanced security for our devices.
Let's see how to install it on Fedora 32 or Fedora 40
If you're planning to install Fedora 39 or more recent, you can directly configure anaconda to use systemd-boot as bootloader, adding the following argument in the boot command line:
inst.sdboot
you can check the details on the Fedora 39 documentation and the Change on the Fedora Wiki.
This still not covers booting with secure boot enabled, you will need to enroll your own keys. You can use a tool like sbctl to do that.
Take you responsabilities first
I am not responsible for bricked computers, system instabilities, dead cats, thermonuclear war or you getting fired because you lost important work.
Please make a backup of your device or of the data, and make a boot drive in case of necessity. Do some research if you have any concerns about steps documented in this guide.
YOU are choosing to make these modifications, and if you point the finger at me for messing up your device, I will laugh at you.
Check if you are running EFI
Before doing anything, you should check that you are running using EFI, and if you have Secure Boot enabled, you may want to turn it off now.
To do that, you can use the following one-liner:
test -d /sys/firmware/efi && echo EFI || echo Legacy
If the result of the command will be "EFI", you're good to go with this guide.
Move ESP mount to /efi
First of all, we need to move the ESP partition from /boot/efi to /efi
Let's start by creating the folder for EFI mount point
sudo mkdir /efi
You can use Vim (or any other text editor you like) to edit the fstab file using this command:
sudo cp /etc/fstab /etc/fstab.bak # (Make a backup first if you are unsure)
sudo vi /etc/fstab
Edit the line by entering in "insert mode" by pressing the "i" button
UUID=xxxx-xxxx /boot/efi vfat umask=0077,shortname=winnt 0 2
to:
UUID=xxxx-xxxx /efi vfat umask=0077,shortname=winnt 0 2
Press the esc button to return to normal mode, followed by ":wq" to save the modified file and quit.
If you edited correctly you should be able to run successfully the following commands to unmount the efi partition and mount it to the new path:
sudo systemctl daemon-reload
sudo umount /boot/efi
sudo umount /boot
sudo mount /efi
After this you will be able to cleanup the boot partition as well.
Install systemd-boot
The firts step is to create a folder in the ESP directory with the machine-id in the name
sudo mkdir /efi/$(cat /etc/machine-id)
If you have Fedora 34+, you need to remove GRUB from DNF's protected packages
sudo rm /etc/dnf/protected.d/{grub,shim}*
install systemd-boot and then uninstall GRUB related packages.
sudo dnf remove -y grubby grub2\* memtest86\* && sudo rm -rf /boot/*
sudo dnf install -y systemd-boot-unsigned sdubby
Do not reboot after this, or you will not be able to boot!
Edit the file /etc/kernel/install.conf to have tge following content:
BOOT_ROOT=/efi
layout=bls
We can delete the boot partition using parted and resize the esp partition. Pay attention to this step, as deleted partitions are (usually) unrecoverable. By default Fedora should create the first partition arount 500-600MB in VFAT for EFI/ESP and the second partition around 1-1.5GB for boot. With this layout you can safely delete the second one and grow the first. Your partition table may differ, you can check this with parted /dev/YOUR_DISK print.
In my case the system disk is /dev/vda:
sudo parted /dev/vda rm 2
sudo umount /dev/vda1
sudo growpart /dev/vda 1
sudo mount /efi
If you have used a custom partition layout, you will know how to proceed, good luck!
Now we can install the bootloader and the kernel entries:
cat /proc/cmdline | cut -d ' ' -f 2- | sudo tee /etc/kernel/cmdline
sudo bootctl install
sudo kernel-install add $(uname -r) /lib/modules/$(uname -r)/vmlinuz
sudo dnf reinstall kernel-core
If everyting installs correcry, now you can reboot, and you should boot normally using systemd-boot
You can verify everything working correctly with
sudo bootctl
You can use sbctl to setup Secure Boot signature with sistemd boot and enroll your keys.
Enjoy systemd-boot!
Sources
Thanks to all these people for their guides and tips: