Systemd Boot

Convert Grub to Systemd-boot

https://saligrama.io/blog/post/upgrading-personal-security-evil-maid/

Now chroot on your new system.

cryptsetup open /dev/nvme0n1p2 root
mount /dev/mapper/root /mnt

cd /mnt
mount /dev/nvme0n1p1 efi
mount -t proc /proc proc/
mount --rbind /sys sys/
mount --rbind /dev dev/
chroot .

And execute pacman -Rc grub to remove grub.

Make place for $esp

mkdir /efi

Create a variable (efidevice) for the terminal session holding the identity of your $esp partition

efidevice=$(findmnt /boot/efi -no SOURCE)

Unmount $esp from the current mountpoint

umount /boot/efi

Mount the $esp on the new location

mount ${efidevice} /efi

Next we can install systemd-boot

bootctl install

Edit the file /efi/loader/loader.conf and uncomment the timeout line like so. Save the file

# cat /efi/loader/loader.conf 
timeout 3
#console-mode keep

Install kernel-install with

pacman -S systemd-kernel-maintenance

Now run the following script

#!/usr/bin/env bash

# Find the configured esp
esp=$(bootctl -p)

# Prepare the efi partition for kernel-install
machineid=$(cat /etc/machine-id)
if [[ ${machineid} ]]; then
    mkdir ${esp}/${machineid}
else
    echo "Failed to get the machine ID"
fi

# Run kernel install for all the installed kernels
while read -r kernel; do
    kernelversion=$(basename "${kernel%/vmlinuz}")
    echo "Installing kernel ${kernelversion}"
    kernel-install add ${kernelversion} ${kernel}
done < <(find /usr/lib/modules -maxdepth 2 -type f -name vmlinuz)

Lastly, we can cleanup /boot

rm -r /boot/efi /boot/grub /boot/initramfs* /boot/vmlinuz*