install: Add a Bootloader::None option

martinezjavier · ckyrouac · commit 5d11404e0e40 · 2026-02-20T19:19:44.000-05:00
Currently, the bootc install workflow assumes that the bootloader must be
managed by bootupd. This works well for server and edge environments, but
it is too inflexible for embedded or custom platforms where the bootloader
is managed externally (e.g., aboot for automotive use cases).

In these scenarios, users want to install the filesystem content (OSTree
commit, kernel, initramfs, etc), without bootc assuming that a boot or ESP
partition exists that have to be setup or udpated by bootupd.

By adding a --bootloader=none option users can have explicit control over
how the boot loading is handled, without bootc or bootupd intervention.

Note that so far only support for the ostree backend has been added and
the bootloader=none option is not supported by the composefs backend.

Signed-off-by: Javier Martinez Canillas &lt;javierm@redhat.com&gt;
diff --git a/crates/lib/src/bootc_composefs/boot.rs b/crates/lib/src/bootc_composefs/boot.rs
@@ -622,6 +622,8 @@ pub(crate) fn setup_composefs_bls_boot(
                 Some(efi_mount),
             )
         }
+
+        Bootloader::None => unreachable!("Checked at install time"),
     };
 
     let (bls_config, boot_digest, os_id) = match &entry {
@@ -851,6 +853,7 @@ fn write_pe_to_esp(
     let efi_linux_path = mounted_efi.as_ref().join(match bootloader {
         Bootloader::Grub => EFI_LINUX,
         Bootloader::Systemd => SYSTEMD_UKI_DIR,
+        Bootloader::None => unreachable!("Checked at install time"),
     });
 
     create_dir_all(&efi_linux_path).context("Creating EFI/Linux")?;
@@ -1163,6 +1166,8 @@ pub(crate) fn setup_composefs_uki_boot(
         }
 
         Bootloader::Systemd => write_systemd_uki_config(&esp_mount.fd, &setup_type, uki_info, id)?,
+
+        Bootloader::None => unreachable!("Checked at install time"),
     };
 
     Ok(boot_digest)
diff --git a/crates/lib/src/bootc_composefs/delete.rs b/crates/lib/src/bootc_composefs/delete.rs
@@ -241,6 +241,8 @@ fn delete_depl_boot_entries(
             // For Systemd UKI as well, we use .conf files
             delete_type1_entry(deployment, boot_dir, deleting_staged)
         }
+
+        Bootloader::None => unreachable!("Checked at install time"),
     }
 }
 
diff --git a/crates/lib/src/bootc_composefs/finalize.rs b/crates/lib/src/bootc_composefs/finalize.rs
@@ -120,6 +120,8 @@ pub(crate) async fn composefs_backend_finalize(
             let entries_dir = boot_dir.open_dir("loader")?;
             rename_exchange_bls_entries(&entries_dir)?;
         }
+
+        Bootloader::None => unreachable!("Checked at install time"),
     };
 
     Ok(())
diff --git a/crates/lib/src/bootc_composefs/gc.rs b/crates/lib/src/bootc_composefs/gc.rs
@@ -80,6 +80,8 @@ fn list_bootloader_entries(storage: &Storage) -> Result<Vec<String>> {
                 .map(|entry| entry.get_verity())
                 .collect::<Result<Vec<_>, _>>()?
         }
+
+        Bootloader::None => unreachable!("Checked at install time"),
     };
 
     Ok(entries)
diff --git a/crates/lib/src/bootc_composefs/rollback.rs b/crates/lib/src/bootc_composefs/rollback.rs
@@ -233,6 +233,8 @@ pub(crate) async fn composefs_rollback(
             // We use BLS entries for systemd UKI as well
             rollback_composefs_entries(boot_dir, rollback_entry.bootloader.clone())?;
         }
+
+        Bootloader::None => unreachable!("Checked at install time"),
     }
 
     if reverting {
diff --git a/crates/lib/src/bootc_composefs/status.rs b/crates/lib/src/bootc_composefs/status.rs
@@ -751,6 +751,8 @@ pub(crate) async fn composefs_deployment_status_from(
 
             (is_rollback_queued, Some(bls_configs), None)
         }
+
+        Bootloader::None => unreachable!("Checked at install time"),
     };
 
     // Determine rollback deployment by matching extra deployment boot entries against entires read from /boot
diff --git a/crates/lib/src/bootc_composefs/update.rs b/crates/lib/src/bootc_composefs/update.rs
@@ -189,6 +189,8 @@ pub(crate) fn validate_update(
         },
 
         Bootloader::Systemd => rm_staged_type1_ent(boot_dir)?,
+
+        Bootloader::None => unreachable!("Checked at install time"),
     }
 
     // Remove state directory
diff --git a/crates/lib/src/install.rs b/crates/lib/src/install.rs
@@ -1590,6 +1590,12 @@ async fn prepare_install(
         composefs_options.composefs_backend = true;
     }
 
+    if composefs_options.composefs_backend
+        && matches!(config_opts.bootloader, Some(Bootloader::None))
+    {
+        anyhow::bail!("Bootloader set to none is not supported with the composefs backend");
+    }
+
     // We need to access devices that are set up by the host udev
     bootc_mount::ensure_mirrored_host_mount("/dev")?;
     // We need to read our own container image (and any logically bound images)
@@ -1646,6 +1652,12 @@ async fn prepare_install(
         tracing::debug!("No install configuration found");
     }
 
+    if let Some(crate::spec::Bootloader::None) = config_opts.bootloader {
+        if cfg!(target_arch = "s390x") {
+            anyhow::bail!("Bootloader set to none is not supported for the s390x architecture");
+        }
+    }
+
     // Convert the keyfile to a hashmap because GKeyFile isnt Send for probably bad reasons.
     let prepareroot_config = {
         let kf = ostree_prepareroot::require_config_from_root(&rootfs)?;
@@ -1761,6 +1773,9 @@ async fn install_with_sysroot(
             Bootloader::Systemd => {
                 anyhow::bail!("bootupd is required for ostree-based installs");
             }
+            Bootloader::None => {
+                tracing::debug!("Skip bootloader installation due set to None");
+            }
         }
     }
     tracing::debug!("Installed bootloader");
diff --git a/crates/lib/src/spec.rs b/crates/lib/src/spec.rs
@@ -191,13 +191,16 @@ pub enum Bootloader {
     Grub,
     /// Use SystemdBoot as the bootloader
     Systemd,
+    /// Don't use a bootloader managed by bootc
+    None,
 }
 
 impl Display for Bootloader {
     fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
         let string = match self {
             Bootloader::Grub => "grub",
             Bootloader::Systemd => "systemd",
+            Bootloader::None => "none",
         };
 
         write!(f, "{}", string)
@@ -211,6 +214,7 @@ impl FromStr for Bootloader {
         match value {
             "grub" => Ok(Self::Grub),
             "systemd" => Ok(Self::Systemd),
+            "none" => Ok(Self::None),
             unrecognized => Err(anyhow::anyhow!("Unrecognized bootloader: '{unrecognized}'")),
         }
     }
diff --git a/crates/lib/src/store/mod.rs b/crates/lib/src/store/mod.rs
@@ -205,6 +205,7 @@ impl BootedStorage {
                     Bootloader::Grub => physical_root.open_dir("boot").context("Opening boot")?,
                     // NOTE: Handle XBOOTLDR partitions here if and when we use it
                     Bootloader::Systemd => esp_mount.fd.try_clone().context("Cloning fd")?,
+                    Bootloader::None => unreachable!("Checked at install time"),
                 };
 
                 let storage = Storage {
diff --git a/docs/src/bootloaders.md b/docs/src/bootloaders.md
@@ -21,3 +21,11 @@ by default (except on s390x).
 ## s390x
 
 bootc uses `zipl`.
+
+## none
+
+It is possible to skip bootloader installation entirely by using `--bootloader=none` (or `bootloader = "none"` in the [install] section of the config file).
+
+With this option, users can have explicit control over how the boot loading is handled, without bootc or bootupd intervention.
+
+NOTE: none is only supported for the Ostree backend and not for Composefs. It is also not supported for the s390x architecture. If used with `--generic-image`, it will lead to a generic image that does not have support for any bootloader.
diff --git a/docs/src/man/bootc-install-to-filesystem.8.md b/docs/src/man/bootc-install-to-filesystem.8.md
@@ -125,6 +125,7 @@ is currently expected to be empty by default.
     Possible values:
     - grub
     - systemd
+    - none
 
 **--uki-addon**=*UKI_ADDON*
 

Original file line number	Diff line number	Diff line change
`@@ -241,6 +241,8 @@ fn delete_depl_boot_entries(`
`241`	`241`	`// For Systemd UKI as well, we use .conf files`
`242`	`242`	`delete_type1_entry(deployment, boot_dir, deleting_staged)`
`243`	`243`	`}`
	`244`	`+`
	`245`	`+ Bootloader::None => unreachable!("Checked at install time"),`
`244`	`246`	`}`
`245`	`247`	`}`
`246`	`248`
Original file line number	Diff line number	Diff line change
`@@ -120,6 +120,8 @@ pub(crate) async fn composefs_backend_finalize(`
`120`	`120`	`let entries_dir = boot_dir.open_dir("loader")?;`
`121`	`121`	`rename_exchange_bls_entries(&entries_dir)?;`
`122`	`122`	`}`
	`123`	`+`
	`124`	`+ Bootloader::None => unreachable!("Checked at install time"),`
`123`	`125`	`};`
`124`	`126`
`125`	`127`	`Ok(())`
Original file line number	Diff line number	Diff line change
`@@ -80,6 +80,8 @@ fn list_bootloader_entries(storage: &Storage) -> Result<Vec<String>> {`
`80`	`80`	`.map(\|entry\| entry.get_verity())`
`81`	`81`	`.collect::<Result<Vec<_>, _>>()?`
`82`	`82`	`}`
	`83`	`+`
	`84`	`+ Bootloader::None => unreachable!("Checked at install time"),`
`83`	`85`	`};`
`84`	`86`
`85`	`87`	`Ok(entries)`
Original file line number	Diff line number	Diff line change
`@@ -233,6 +233,8 @@ pub(crate) async fn composefs_rollback(`
`233`	`233`	`// We use BLS entries for systemd UKI as well`
`234`	`234`	`rollback_composefs_entries(boot_dir, rollback_entry.bootloader.clone())?;`
`235`	`235`	`}`
	`236`	`+`
	`237`	`+ Bootloader::None => unreachable!("Checked at install time"),`
`236`	`238`	`}`
`237`	`239`
`238`	`240`	`if reverting {`
Original file line number	Diff line number	Diff line change
`@@ -751,6 +751,8 @@ pub(crate) async fn composefs_deployment_status_from(`
`751`	`751`
`752`	`752`	`(is_rollback_queued, Some(bls_configs), None)`
`753`	`753`	`}`
	`754`	`+`
	`755`	`+ Bootloader::None => unreachable!("Checked at install time"),`
`754`	`756`	`};`
`755`	`757`
`756`	`758`	`// Determine rollback deployment by matching extra deployment boot entries against entires read from /boot`
Original file line number	Diff line number	Diff line change
`@@ -189,6 +189,8 @@ pub(crate) fn validate_update(`
`189`	`189`	`},`
`190`	`190`
`191`	`191`	`Bootloader::Systemd => rm_staged_type1_ent(boot_dir)?,`
	`192`	`+`
	`193`	`+ Bootloader::None => unreachable!("Checked at install time"),`
`192`	`194`	`}`
`193`	`195`
`194`	`196`	`// Remove state directory`