UKI boot entry not shown when using uki key in Type1 config file #39886
Description
systemd version the issue has been seen with
257.9-2.fc42
Used distribution
Fedora 42
Linux kernel version used
6.16.9-200.fc42.x86_64
CPU architectures issue was seen on
x86_64
Component
systemd-boot
Expected behaviour you didn't see
Listing the UKI boot entry in the boot menu
Unexpected behaviour you saw
Only "Reboot into firmware interface" shown in the boot menu
Steps to reproduce the problem
Build a UKI as follows
ROOT_RW="rw"
SELINUX="selinux=1 enforcing=0 audit=0"
CMDLINE="console=ttyS0,115200 ${SELINUX} systemd.debug_shell=1 ${ROOT_RW}"
echo $CMDLINE > /etc/kernel/cmdline
kver=$(cd /usr/lib/modules && echo *)
ukify build \
--linux "/usr/lib/modules/$kver/vmlinuz" \
--initrd "/usr/lib/modules/$kver/initramfs.img" \
--uname="${kver}" \
--cmdline "@/etc/kernel/cmdline" \
--measure \
--json pretty \
--output "/boot/$kver.efi"
Then I used bootc to provision a system with the following in the ESP
.
├── EFI
│ ├── BOOT
│ │ └── BOOTX64.EFI
│ ├── Linux
│ │ └── bootc
│ │ └── uki.efi
│ └── systemd
│ └── systemd-bootx64.efi
└── loader
├── entries
│ └── entry.conf
├── keys
└── loader.conf
Contents of loader/entries/entry.conf
title Fedora Linux 42 (Adams)
version 42
sort-key 0
uki /EFI/Linux/bootc/uki.efi
Boot entry is not shown with the above config
What's curious is, if I replace uki key with efi the system boots, which leads me to believe that the UKI PE itself is fine
This is inside a raw .img file. Here's the output of fdisk on it
Disk /dev/loop0: 15 GiB, 16106127360 bytes, 31457280 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: gpt
Disk identifier: 75E05FC5-7AEE-49EF-A48A-07CBA37B6FC6
Device Start End Sectors Size Type
/dev/loop0p1 2048 4095 2048 1M BIOS boot
/dev/loop0p2 4096 2101247 2097152 1G EFI System
/dev/loop0p3 2101248 31455231 29353984 14G Linux root (x86-64)
Additional program output to the terminal or log subsystem illustrating the issue
No logs as I cannot see the boot entry itself
This is what my UKI looks like
.sbat:
size: 315 bytes
sha256: a696e878a5617e060d71ac5c156b5d195c61cac489eba1f644686c8aa3ea48a1
text:
sbat,1,SBAT Version,sbat,1,https://github.com/rhboot/shim/blob/main/SBAT.md
systemd-stub,1,The systemd Developers,systemd,257,https://systemd.io/
systemd-stub.fedora,1,Fedora Linux,systemd,257.10-1.fc42,https://bugzilla.redhat.com/
uki,1,UKI,uki,1,https://uapi-group.org/specifications/specs/unified_kernel_image/
.osrel:
size: 646 bytes
sha256: 491e3b740237ebf8af8e01a45f2f086aed265b72914e07775df54ad0834844b8
text:
NAME="Fedora Linux"
VERSION="42 (Adams)"
RELEASE_TYPE=stable
ID=fedora
VERSION_ID=42
VERSION_CODENAME=""
PLATFORM_ID="platform:f42"
PRETTY_NAME="Fedora Linux 42 (Adams)"
ANSI_COLOR="0;38;2;60;110;180"
LOGO=fedora-logo-icon
CPE_NAME="cpe:/o:fedoraproject:fedora:42"
DEFAULT_HOSTNAME="fedora"
HOME_URL="https://fedoraproject.org/"
DOCUMENTATION_URL="https://docs.fedoraproject.org/en-US/fedora/f42/"
SUPPORT_URL="https://ask.fedoraproject.org/"
BUG_REPORT_URL="https://bugzilla.redhat.com/"
REDHAT_BUGZILLA_PRODUCT="Fedora"
REDHAT_BUGZILLA_PRODUCT_VERSION=42
REDHAT_SUPPORT_PRODUCT="Fedora"
REDHAT_SUPPORT_PRODUCT_VERSION=42
SUPPORT_END=2026-05-13
.cmdline:
size: 215 bytes
sha256: 92cca66c4e43cabf70d90c2fe7530a887c9e631ebae3e76c7e970b4e417f7640
text:
console=ttyS0,115200 composefs=9431cb9b470a3a7be7e68d979b3e5fe043d2ddb0afb51a755579844542be6b38e8cc8d887cc37a7c1754cffa12410eee165ad6783985d0927562f537d0fec8de selinux=1 enforcing=0 audit
=0 systemd.debug_shell=1 rw
.uname:
size: 22 bytes
sha256: 79047f644aa8ad90d2ef75e3d7555ad63ee207488ebda8d7a011ebaeb9ef4bfc
text:
6.16.7-200.fc42.x86_64
.linux:
size: 17656168 bytes
sha256: 255cdc70532d6e23827f86b74242833136472022bde9adef8d773c1f32dba09e
.initrd:
size: 111369968 bytes
sha256: 2baefa9e80d0c67b9f7121b491ba0c8ae90777b94095007cc9a7b6cde9ef83e3