(add disclaimer to 'default' section) |
(Added section that describes how to password protect interactive edit mode) |
||
Line 139: | Line 139: | ||
grub2-install <target device> --no-floppy | grub2-install <target device> --no-floppy | ||
</pre> | </pre> | ||
== Setting a password for interactive edit mode == | |||
If you would like to password protect interactive edit mode but allow password-less booting here is a way to do it (borrowed from the method provided by the anaconda installer): | |||
Create and edit /etc/grub.d/01_users and place the following inside it: | |||
<pre> | |||
set superusers="root" | |||
password_pbkdf2 root GRUBPASSWORDHASH | |||
export superusers | |||
</pre> | |||
Please note the existance of the grub2-mkpasswd-pbkdf2 command that is part of the grub2-tools package. You run grub2-mkpasswd-pbkdf2 from the command line and it asks for a password twice and then outputs a password hash. You take that output and substitute it for the word GRUBPASSWORDHASH in the above sample /etc/grub.d/01_users file. | |||
"superusers" is magic, and from that point on everything should be password protected except booting the default entries. | |||
= Further Reading = | = Further Reading = |
Revision as of 20:33, 1 August 2012
Introduction
GRUB 2 is the latest version of GNU GRUB, the GRand Unified Bootloader. A bootloader is the first software program that runs when a computer starts. It is responsible for loading and transferring control to the operating system kernel, (Linux, in the case of Fedora). The kernel, in turn, initializes the rest of the operating system.
GRUB 2 has replaced what was formerly known as GRUB (i.e. version 0.9x), which has, in turn, become GRUB Legacy.
Starting with Fedora 16, GRUB 2 is the default bootloader on x86 BIOS systems. For upgrades of BIOS systems the default is also to install GRUB 2, but you can opt to skip bootloader configuration entirely.
Tasks / Common issues
Updating GRUB 2 configuration
The grub2 packages contain commands for installing a bootloader and for creating a bootloader configuration file.
grub2-install will install the bootloader - usually in the MBR, in free unpartioned space, and as files in /boot. The bootloader is installed with something like:
grub2-install /dev/sda
grub2-mkconfig will create a new configuration based on the currently running system, what is found in /boot, what is set in /etc/default/grub, and the customizable scripts in /etc/grub.d/ . A new configuration file is created with:
grub2-mkconfig -o /boot/grub2/grub.cfg
The configuration format has evolved over time, and a new configuration file might be slightly incompatible with the old bootloader. It is thus often/always a good idea to run grub2-install before grub2-mkconfig for some reason is run.
The Fedora installer, anaconda, will run these grub2 commands and there is usually no reason to run them manually.
It is generally safe to directly edit /boot/grub2/grub.cfg in Fedora. Grubby in Fedora patches the configuration when a kernel update is performed and will try to not make any other changes than what is necessary. (Other distributions, in particular Debian and Debian-derived distributions provide a software patch that adds an update-grub
command which is neither included nor needed in Fedora.) Manual changes might however be overwritten with grub2-mkconfig next time the system is upgraded with anaconda. Some customizations can be placed in /etc/grubd/40_custom or /boot/grub2/custom.cfg and will survive running grub2-mkconfig.
grub2-mkconfig will add entries for other operating systems it can find. That will be done based on the output of the os-prober tool.
That might however not work so well, especially not for booting other Linux operating systems. See http://www.gnu.org/software/grub/manual/grub.html#Multi_002dboot-manual-config .
Setting default entry
Due to grub2-mkconfig
(and os-prober) we cannot predict the order of the entries in /boot/grub2/grub.cfg
, so we set the default by name/title instead.
Open /etc/default/grub
and ensure this line exists:
GRUB_DEFAULT=saved
Apply the change to grub.cfg
by running:
grub2-mkconfig -o /boot/grub2/grub.cfg
Now list all possible menu entries
grep ^menuentry /boot/grub2/grub.cfg | cut -d "'" -f2
Now set the desired default menu entry
grub2-set-default <menu entry title>
Verify the default menu entry
grub2-editenv list
If you understand the risks involved and still want to directly modify /boot/grub2/grub.cfg, here's how you can do it:
Edit /boot/grub2/grub.cfg, and change the line
set default="0"
to
set default="5"
Encountering the dreaded GRUB 2 boot prompt
If improperly configured, GRUB 2 may fail to load and subsequently drop to a boot prompt. To address this issue, proceed as follows:
1. List the drives which GRUB 2 sees:
grub2> ls
2. The output for a dos partition table /dev/sda with three partitons will look something like this:
(hd0) (hd0,msdos3) (hd0,msdos2) (hd0,msdos1)
3. While the output for a gpt partition table /dev/sda with four partitions will look something like this:
(hd0) (hd0,gpt4) (hd0,gpt3) (hd0,gpt2) (hd0,gpt1)
4. With this information you can now probe each partition of the drive and locate your vmlinuz and initramfs files:
ls (hd0,1)/
Will list the files on /dev/sda1. If this partition contains /boot, the output will show the full name of vmlinuz and initramfs.
5. Armed with the location and full name of vmlinuz and initramfs you can now boot your system.
5a. Declare your root partition:
grub> set root=(hd0,3)
5b. Declare the kernel you wish to use:
grub> linux (hd0,1)/vmlinuz-3.0.0-1.fc16.i686 root=/dev/sda3 rhgb quiet selinux=0 # NOTE : add other kernel args if you have need of them # NOTE : change the numbers to match your system
5c. Declare the initrd to use:
grub> initrd (hd0,1)/initramfs-3.0.0-1.fc16.i686.img # NOTE : change the numbers to match your system
5d. Instruct GRUB 2 to boot the chosen files:
grub> boot
6. After boot, open a terminal.
7. Issue the grub2-mkconfig command to re-create the grub.cfg file grub2 needed to boot your system:
grub2-mkconfig -o /boot/grub2/grub.cfg
8. Issue the grub2-install command to install grub2 to your hard drive and make use of your config:
grub2-install --boot-directory=/boot /dev/sda # Note: your drive may have another device name. Check for it with mount command output.
Other GRUB 2 issues
Absent Floppy Disk : It has been reported by some users that GRUB 2 may fail to install on a partition's boot sector if the computer floppy controller is activated in BIOS without an actual floppy disk drive being present. A possible workaround is to run (post OS install) from rescue mode:
grub2-install <target device> --no-floppy
Setting a password for interactive edit mode
If you would like to password protect interactive edit mode but allow password-less booting here is a way to do it (borrowed from the method provided by the anaconda installer):
Create and edit /etc/grub.d/01_users and place the following inside it:
set superusers="root" password_pbkdf2 root GRUBPASSWORDHASH export superusers
Please note the existance of the grub2-mkpasswd-pbkdf2 command that is part of the grub2-tools package. You run grub2-mkpasswd-pbkdf2 from the command line and it asks for a password twice and then outputs a password hash. You take that output and substitute it for the word GRUBPASSWORDHASH in the above sample /etc/grub.d/01_users file.
"superusers" is magic, and from that point on everything should be password protected except booting the default entries.
Further Reading
http://www.gnu.org/software/grub/manual/grub.html
http://fedoraproject.org/wiki/Features/Grub2
http://fedoraproject.org/wiki/Anaconda/Features/Grub2Migration