This is the quick reference. The full support and troubleshooting material lives in the documentation portal.
LamBoot does not appear after a reboot.
The system boots straight into GRUB, systemd-boot, or the OS. Check the boot order with sudo efibootmgr and look for a LamBoot entry. If another loader is first, run sudo lamboot-install --set-default to move LamBoot to the front, or reorder with efibootmgr -o. If there is no LamBoot entry at all, confirm the binary is present with ls -la /boot/efi/EFI/LamBoot/lambootx64.efi and re-run sudo lamboot-install.
The menu appears, but there are no boot entries.
LamBoot reads BLS entries from \loader\entries\*.conf on the ESP. Check ls /boot/efi/loader/entries/. If it is empty, run lamboot-install to generate entries, or make sure your distribution writes them to the ESP. If /boot is on ext4 or btrfs and separate from the ESP, install the filesystem drivers with lamboot-install --with-drivers. Also check that an allowlist or denylist in policy.toml is not hiding entries.
A boot entry shows a ! or X indicator.
These are advisory only. They never block booting, and you can still select and boot the entry. A ! is a warning (for example a missing initrd, no root= parameter, or an architecture mismatch). An X means a file was not found (the kernel or EFI binary is missing from the ESP). Select the entry to see the specific message in the footer, then confirm the kernel and initrd paths in the BLS entry point to files that exist.
A crash loop was detected.
LamBoot increments a crash counter on each boot attempt, and lamboot-mark-success.service clears it once the OS boots fully. If the OS never reaches that point, the counter climbs and LamBoot selects a fallback entry. Boot a known-good kernel from the menu, then let lamboot-mark-success.service reset the counter (check it with sudo systemctl status lamboot-mark-success.service). You can raise the threshold in policy.toml under [security] with crash_threshold. After a VM snapshot restore the counter should auto-reset through vmgenid detection; if it does not, the vmgenid device may not be configured on the VM.
The screen goes black after I select an entry.
This is usually the kernel booting normally. Many Linux kernels clear the screen during early init. Wait ten to twenty seconds and try SSH. If text output stays invisible, the system is most likely still booting correctly; reach it over SSH or a serial console.
Which Secure Boot setup should I use?
Four documented configurations: Secure Boot off (homelab and development), firmware DB (you own the hardware), shim plus MOK (stock distributions), and Proxmox zero-touch (pre-enrolled OVMF_VARS for VM fleets). See the Security page for the details of each.
How do I read what LamBoot did on the last boot?
Read the trust-evidence log from Linux: cat /boot/efi/loader/boot-trust.log | jq .. Each line records an image, how it was verified, and its SHA-256. The Security page documents the field and value vocabulary.
How do I remove LamBoot?
sudo lamboot-install --remove restores the previous default boot entry and cleans LamBoot's BLS entries. Add --keep-entries or --keep-logs to preserve those.
Recovery keys.
From the LamBoot menu, F2 reboots into firmware setup (to change boot order, disable Secure Boot, or reach the UEFI shell), and F12 triggers an immediate cold reboot.
Can I use LamBoot on non-UEFI (legacy BIOS) systems?
No. LamBoot runs on UEFI firmware, on x86_64 and aarch64.
What is the license?
MIT OR Apache-2.0, the same dual license as most Rust ecosystem projects. The legacy UEFI filesystem drivers shipped under \EFI\LamBoot\drivers\ are GPL-2.0 from the rEFInd project and distributed as separate binaries.
Can I contribute?
Yes. See CONTRIBUTING.md and the developer guide in the repository. The documentation portal covers the architecture and the boot flow in depth.
For the full troubleshooting reference, including recovery procedures and the boot-report format, see the Troubleshooting guide in the documentation portal.