From Fedora Project Wiki

(Added section that describes how to password protect interactive edit mode)
(→‎Updating the GRUB configuration file: Legacy Grub update command add.)
 
(130 intermediate revisions by 30 users not shown)
Line 1: Line 1:
{{autolang|base=yes}}
{{autolang|base=yes}}
= Introduction =
= What is GRUB 2 =


GRUB 2 is the latest version of GNU GRUB, the GRand Unified Bootloader. A bootloader is the first software program that runs when a computer starts. It is responsible for loading and transferring control to the operating system kernel, (Linux, in the case of Fedora). The kernel, in turn, initializes the rest of the operating system.
GRUB 2 is the latest version of GNU GRUB, the GRand Unified Bootloader. A bootloader is the first software program that runs when a computer starts. It is responsible for loading and transferring control to the operating system kernel - Linux in the case of Fedora. The kernel, in turn, initializes the rest of the operating system.


GRUB 2 has replaced what was formerly known as GRUB (i.e. version 0.9x), which has, in turn, become GRUB Legacy.
GRUB 2 has replaced GRUB version 0.9x, which has become GRUB Legacy. Upstream refers to GRUB 2 as just GRUB.


Starting with Fedora 16, GRUB 2 is the default bootloader on x86 BIOS systems. For upgrades of BIOS systems the default is also to install GRUB 2, but you can opt to skip bootloader configuration entirely.
GRUB 2 is the bootloader used on x86_64 systems, and on aarch64 if UEFI firmware is also used.


= Tasks / Common issues =
= Changing kernel command-line parameters with <code>grubby</code> =


== Updating GRUB 2 configuration ==
The <code>grubby</code> utility updates the bootloader-specific configuration files. The utility is a recommended way for making routine changes to the kernel boot parameters and setting a default kernel.


The grub2 packages contain commands for installing a bootloader and for creating a bootloader configuration file.
Following are some of the selected illustrations of <code>grubby</code> usage:


grub2-install will install the bootloader - usually in the MBR, in free unpartioned space, and as files in /boot. The bootloader is installed with something like:
* To add one kernel parameter to a single boot entry:
<pre># grubby --args=<NEW_PARAMETER> --update-kernel=/boot/vmlinuz-5.11.14-300.fc34.x86_64</pre>


<pre>grub2-install /dev/sda</pre>
* To add multiple kernel parameters to a single boot entry:
<pre># grubby --args="<NEW_PARAMETER1> <NEW_PARAMETER2 <NEW_PARAMETER_n>" --update-kernel=/boot/vmlinuz-5.11.14-300.fc34.x86_64</pre>


grub2-mkconfig will create a new configuration based on the currently running system, what is found in /boot, what is set in /etc/default/grub, and the customizable scripts in /etc/grub.d/ . A new configuration file is created with:
* To add one kernel parameter to all currently existing and future boot entries:
<pre># grubby --args=<NEW_PARAMETER> --update-kernel=ALL</pre>


<pre>grub2-mkconfig -o /boot/grub2/grub.cfg</pre>
* To remove one kernel parameter from all currently existing and future boot entries:
<pre># grubby --remove-args=<PARAMETER_TO_REMOVE> --update-kernel=ALL</pre>


The configuration format has evolved over time, and a new configuration file might be slightly incompatible with the old bootloader. It is thus often/always a good idea to run grub2-install before grub2-mkconfig for some reason is run.
* To set the default kernel:
<pre># grubby --set-default=/boot/vmlinuz-5.11.12-300.fc34.x86_64</pre>


The Fedora installer, anaconda, will run these grub2 commands and there is usually no reason to run them manually.
= Updating the GRUB configuration file =


It is generally safe to directly edit /boot/grub2/grub.cfg in Fedora. Grubby in Fedora patches the configuration when a kernel update is performed and will try to not make any other changes than what is necessary. (Other distributions, in particular Debian and Debian-derived distributions provide a software patch that adds an {{command|update-grub}} command which is neither included nor needed in Fedora.) Manual changes might however be overwritten with grub2-mkconfig next time the system is upgraded with anaconda. Some customizations can be placed in /etc/grubd/40_custom or /boot/grub2/custom.cfg and will survive running grub2-mkconfig.
The GRUB configuration file is located at <code>/boot/grub2/grub.cfg</code> and is intended to be a static file that does not need updating. In case of disk replacement, or installation of another Linux distribution, <code>/boot/grub2/grub.cfg</code> should be updated. Use the following commands:


== Adding Other operating systems to the GRUB 2 menu ==
<code>sudo grub2-mkconfig -o /etc/grub2.cfg</code>


grub2-mkconfig will add entries for other operating systems it can find. That will be done based on the output of the os-prober tool.
<code>sudo grub2-mkconfig -o /etc/grub2-efi.cfg</code>


That might however not work so well, especially not for booting other Linux operating systems. See http://www.gnu.org/software/grub/manual/grub.html#Multi_002dboot-manual-config .
<code>sudo grub2-mkconfig -o /boot/grub2/grub.cfg</code> - Legacy boot method for grub update.


== Setting default entry ==
These commands use information provided by the <code>os-prober</code> utility to add entries for other Linux distributions and Windows.


{{admon/warning|Some parts of this section is wrong or outdated for f17. | Be also aware of [[https://bugzilla.redhat.com/show_bug.cgi?id=768106 Bug 768106 - grubby does not support grub2 set default="${saved_entry}" and replaces with "0"]]. | }}
{{admon/note|Refrain from using `grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg` going forward. This is a valid location on Fedora 33 and earlier. However on Fedora 34 and later, it is a small stub file that merely forwards to `/boot/grub2/grub.cfg`. See the [https://fedoraproject.org/wiki/GRUB_2#Reinstalling_GRUB Reinstalling GRUB] section if you have accidentally overwritten this file.|}}


Due to <code>grub2-mkconfig</code> (and os-prober) we cannot predict the order of the entries in <code>/boot/grub2/grub.cfg</code>, so we set the default by name/title instead.
= I have a `grub>` prompt! Now what?  =


Open <code>/etc/default/grub</code> and ensure this line exists:
If you are stuck at a `grub>` prompt, use a rescue mode to repair the already installed operating system. You can reach the rescue mode on any Fedora edition, spin of Network Installer, or DVD Installer.


<pre>GRUB_DEFAULT=saved</pre>
For more details see [https://docs.fedoraproject.org/en-US/fedora/rawhide/install-guide/advanced/Boot_Options/#sect-boot-options-rescue Booting Your Computer in Rescue Mode].


Apply the change to <code>grub.cfg</code> by running: <pre>grub2-mkconfig -o /boot/grub2/grub.cfg</pre>
After completing steps specified in the previous link, run the following command to mount the root partition:


Now list all possible menu entries
<pre># chroot /mnt/sysimage</pre>
<pre>grep ^menuentry /boot/grub2/grub.cfg | cut -d "'" -f2</pre>  


Now set the desired default menu entry <pre>grub2-set-default <menu entry title></pre>
Next, update the GRUB configuration file as described in the [https://fedoraproject.org/wiki/GRUB_2#Updating_the_GRUB_configuration_file Updating the GRUB configuration file] section. Afterwards, continue with the section below for firmware specific instructions on [https://fedoraproject.org/wiki/GRUB_2#Reinstalling_GRUB Reinstalling GRUB].


Verify the default menu entry <pre>grub2-editenv list</pre>
= Reinstalling GRUB =


{{admon/note|Note|There are other, simpler, ways of setting the default entry, but they are prone to error if/when grub2-mkconfig is re-run. These include directly setting the default in /boot/grub2/grub.cfg or setting GRUB_DEFAULT to either a number or an entry title in /etc/default/grub. Neither of these methods is recommended.}}
GRUB comes in two flavors, BIOS GRUB and UEFI GRUB. The instructions on reinstalling GRUB depend on the firmware type. Systems with UEFI firmware have their GRUB RPM packages updated, which in turn updates the bootloader installed on the EFI System volume.


If you understand the risks involved and still want to directly modify /boot/grub2/grub.cfg, here's how you can do it:
== Discovering the firmware type ==


Edit /boot/grub2/grub.cfg, and change the line
To discover what firmware your machine uses, run the following command:


{{admon/caution|This is not the recommended method|This will not survive grub2-mkconfig. It might not even survive a kernel update.}}
<pre># [ -d /sys/firmware/efi ] && echo UEFI || echo BIOS</pre>


<pre>
The output returns only UEFI or BIOS, depending on the firmware your machine runs.
set default="0"
</pre>


to
== Instructions for UEFI-based systems ==
<pre>
set default="5"
</pre>


== Encountering the dreaded GRUB 2 boot prompt ==
* Learn what firmware your machine is running. See [https://fedoraproject.org/wiki/GRUB_2#Discovering_the_firmware_type Discovering the firmware type] section.
If improperly configured, GRUB 2 may fail to load and subsequently drop to a boot prompt. To address this issue, proceed as follows:


1. List the drives which GRUB 2 sees:
* Systems with UEFI firmware have the shim and GRUB RPM packages updated, which in turn updates the bootloader files found on the EFI System volume. Reasons for reinstallation include troubleshooting early boot problems, and following inadvertent use of the `grub2-install` command, which results in an unsupported configuration on UEFI systems.
<pre>
grub2> ls
</pre>


2. The output for a dos partition table /dev/sda with three partitons will look something like this:
* Remove the following files:
<pre>
<pre>
(hd0) (hd0,msdos3) (hd0,msdos2) (hd0,msdos1)
# rm /boot/efi/EFI/fedora/grub.cfg
# rm /boot/grub2/grub.cfg
</pre>
</pre>


3.  While the output for a gpt partition table /dev/sda with four partitions will look something like this:
* Reinstall the following packages:
<pre>
<pre># dnf reinstall shim-* grub2-efi-* grub2-common</pre>
(hd0) (hd0,gpt4) (hd0,gpt3)  (hd0,gpt2) (hd0,gpt1)
</pre>


4. With this information you can now probe each partition of the drive and locate your vmlinuz and initramfs files:
{{admon/warning| Do not use the <code>grub2-install</code> command on UEFI systems. On those systems, bootloaders are in the <code>shim</code> and <code>grub-efi</code> RPM packages. By reinstalling those packages, the bootloaders are reinstalled to their proper location in <code>/boot/efi/</code> on the EFI System volume. }}
<pre>
ls (hd0,1)/
</pre>
Will list the files on /dev/sda1. If this partition contains /boot, the output will show the full name of vmlinuz and initramfs.


5. Armed with the location and full name of vmlinuz and initramfs you can now boot your system.
{{admon/note|The removal of the two `grub.cfg` files will trigger a script in `grub2-common` to recreate these files.|}}


5a. Declare your root partition:
== Instructions for BIOS-based systems ==
<pre>
grub> set root=(hd0,3)
</pre>


5b. Declare the kernel you wish to use:
* Learn what firmware your machine is running. See [https://fedoraproject.org/wiki/GRUB_2#Discovering_the_firmware_type Discovering the firmware type] section.
<pre>
grub> linux (hd0,1)/vmlinuz-3.0.0-1.fc16.i686 root=/dev/sda3 rhgb quiet selinux=0
# NOTE : add other kernel args if you have need of them
# NOTE : change the numbers to match your system
</pre>


5c. Declare the initrd to use:
* Systems with the BIOS firmware have the GRUB RPM packages updated. However, the installed or embedded bootloader is never updated automatically. It is a good idea to update it between Fedora release versions.
<pre> 
grub> initrd (hd0,1)/initramfs-3.0.0-1.fc16.i686.img
# NOTE : change the numbers to match your system
</pre>


5d. Instruct GRUB 2 to boot the chosen files:
* Find the device node the <code>/boot/</code> directory is located on:
<pre>
<pre>
grub> boot
# mount | grep "/boot "
/dev/sda4 on /boot type ext4 (rw,relatime,seclabel)
</pre>
</pre>


6. After boot, open a terminal.
The device node is <code>/dev/sda4</code>.
 
7. Issue the grub2-mkconfig command to re-create the grub.cfg file grub2 needed to boot your system:
<pre>
grub2-mkconfig -o /boot/grub2/grub.cfg
</pre>


8. Issue the grub2-install command to install grub2 to your hard drive and make use of your config:
* Reinstall the bootloader while specifying the device node without the number:
<pre>
<pre>
grub2-install --boot-directory=/boot /dev/sda
# grub2-install /dev/sda
# Note: your drive may have another device name. Check for it with mount command output.
Installing for i386-pc platform.
Installation finished. No error reported.
</pre>
</pre>


== Other GRUB 2 issues ==
= Enabling serial console in GRUB 2 =


''' Absent Floppy Disk ''': It has been reported by some users that GRUB 2 may fail to install on a partition's boot sector if the computer floppy controller is activated in BIOS without an actual floppy disk drive being present. A possible workaround is to run (post OS install) from rescue mode:
On Fedora 34 and later, you can enable serial console for usage on virtual environments. The following procedure explains how to achieve this goal.


<pre>
<pre>
grub2-install <target device> --no-floppy
# grubby --args="systemd.journald.forward_to_console=1 console=ttyS0,38400 console=tty1" --update-kernel=/boot/vmlinuz-5.11.16-300.fc34.x86_64
</pre>
</pre>


== Setting a password for interactive edit mode ==
The first command specifies the baud rate, console forwarding for <code>systemd</code>, what console to use (<code>tty1</code>) and on what kernel such changes should be applied.
 
If you would like to password protect interactive edit mode but allow password-less booting here is a way to do it (borrowed from the method provided by the anaconda installer):


Create and edit /etc/grub.d/01_users and place the following inside it:
<pre>
<pre>
set superusers="root"
# grubby --set-default=/boot/vmlinuz-5.11.16-300.fc34.x86_64
password_pbkdf2 root GRUBPASSWORDHASH
</pre>
export superusers
</pre>
 
Please note the existance of the grub2-mkpasswd-pbkdf2 command that is part of the grub2-tools package. You run grub2-mkpasswd-pbkdf2 from the command line and it asks for a password twice and then outputs a password hash. You take that output and substitute it for the word GRUBPASSWORDHASH in the above sample /etc/grub.d/01_users file.
 
"superusers" is magic, and from that point on everything should be password protected except booting the default entries.
 
= Further Reading =
 
http://www.gnu.org/software/grub/manual/grub.html


http://fedoraproject.org/wiki/Features/Grub2
The second command ensures the specified kernel is going to be loaded by default on next reboot.


http://fedoraproject.org/wiki/Anaconda/Features/Grub2Migration
For instructions on how to enable serial consol in GRUB 2 for baremetal machines, see [https://www.gnu.org/software/grub/manual/grub/html_node/Serial-terminal.html Using GRUB via a serial line].

Latest revision as of 11:38, 7 May 2022

What is GRUB 2

GRUB 2 is the latest version of GNU GRUB, the GRand Unified Bootloader. A bootloader is the first software program that runs when a computer starts. It is responsible for loading and transferring control to the operating system kernel - Linux in the case of Fedora. The kernel, in turn, initializes the rest of the operating system.

GRUB 2 has replaced GRUB version 0.9x, which has become GRUB Legacy. Upstream refers to GRUB 2 as just GRUB.

GRUB 2 is the bootloader used on x86_64 systems, and on aarch64 if UEFI firmware is also used.

Changing kernel command-line parameters with grubby

The grubby utility updates the bootloader-specific configuration files. The utility is a recommended way for making routine changes to the kernel boot parameters and setting a default kernel.

Following are some of the selected illustrations of grubby usage:

  • To add one kernel parameter to a single boot entry:
# grubby --args=<NEW_PARAMETER> --update-kernel=/boot/vmlinuz-5.11.14-300.fc34.x86_64
  • To add multiple kernel parameters to a single boot entry:
# grubby --args="<NEW_PARAMETER1> <NEW_PARAMETER2 <NEW_PARAMETER_n>" --update-kernel=/boot/vmlinuz-5.11.14-300.fc34.x86_64
  • To add one kernel parameter to all currently existing and future boot entries:
# grubby --args=<NEW_PARAMETER> --update-kernel=ALL
  • To remove one kernel parameter from all currently existing and future boot entries:
# grubby --remove-args=<PARAMETER_TO_REMOVE> --update-kernel=ALL
  • To set the default kernel:
# grubby --set-default=/boot/vmlinuz-5.11.12-300.fc34.x86_64

Updating the GRUB configuration file

The GRUB configuration file is located at /boot/grub2/grub.cfg and is intended to be a static file that does not need updating. In case of disk replacement, or installation of another Linux distribution, /boot/grub2/grub.cfg should be updated. Use the following commands:

sudo grub2-mkconfig -o /etc/grub2.cfg

sudo grub2-mkconfig -o /etc/grub2-efi.cfg

sudo grub2-mkconfig -o /boot/grub2/grub.cfg - Legacy boot method for grub update.

These commands use information provided by the os-prober utility to add entries for other Linux distributions and Windows.

Refrain from using grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg going forward. This is a valid location on Fedora 33 and earlier. However on Fedora 34 and later, it is a small stub file that merely forwards to /boot/grub2/grub.cfg. See the Reinstalling GRUB section if you have accidentally overwritten this file.

I have a grub> prompt! Now what?

If you are stuck at a grub> prompt, use a rescue mode to repair the already installed operating system. You can reach the rescue mode on any Fedora edition, spin of Network Installer, or DVD Installer.

For more details see Booting Your Computer in Rescue Mode.

After completing steps specified in the previous link, run the following command to mount the root partition:

# chroot /mnt/sysimage

Next, update the GRUB configuration file as described in the Updating the GRUB configuration file section. Afterwards, continue with the section below for firmware specific instructions on Reinstalling GRUB.

Reinstalling GRUB

GRUB comes in two flavors, BIOS GRUB and UEFI GRUB. The instructions on reinstalling GRUB depend on the firmware type. Systems with UEFI firmware have their GRUB RPM packages updated, which in turn updates the bootloader installed on the EFI System volume.

Discovering the firmware type

To discover what firmware your machine uses, run the following command:

# [ -d /sys/firmware/efi ] && echo UEFI || echo BIOS

The output returns only UEFI or BIOS, depending on the firmware your machine runs.

Instructions for UEFI-based systems

  • Systems with UEFI firmware have the shim and GRUB RPM packages updated, which in turn updates the bootloader files found on the EFI System volume. Reasons for reinstallation include troubleshooting early boot problems, and following inadvertent use of the grub2-install command, which results in an unsupported configuration on UEFI systems.
  • Remove the following files:
# rm /boot/efi/EFI/fedora/grub.cfg
# rm /boot/grub2/grub.cfg
  • Reinstall the following packages:
# dnf reinstall shim-* grub2-efi-* grub2-common
Do not use the grub2-install command on UEFI systems. On those systems, bootloaders are in the shim and grub-efi RPM packages. By reinstalling those packages, the bootloaders are reinstalled to their proper location in /boot/efi/ on the EFI System volume.
The removal of the two grub.cfg files will trigger a script in grub2-common to recreate these files.

Instructions for BIOS-based systems

  • Systems with the BIOS firmware have the GRUB RPM packages updated. However, the installed or embedded bootloader is never updated automatically. It is a good idea to update it between Fedora release versions.
  • Find the device node the /boot/ directory is located on:
# mount | grep "/boot "
/dev/sda4 on /boot type ext4 (rw,relatime,seclabel)

The device node is /dev/sda4.

  • Reinstall the bootloader while specifying the device node without the number:
# grub2-install /dev/sda
Installing for i386-pc platform.
Installation finished. No error reported.

Enabling serial console in GRUB 2

On Fedora 34 and later, you can enable serial console for usage on virtual environments. The following procedure explains how to achieve this goal.

# grubby --args="systemd.journald.forward_to_console=1 console=ttyS0,38400 console=tty1" --update-kernel=/boot/vmlinuz-5.11.16-300.fc34.x86_64

The first command specifies the baud rate, console forwarding for systemd, what console to use (tty1) and on what kernel such changes should be applied.

# grubby --set-default=/boot/vmlinuz-5.11.16-300.fc34.x86_64

The second command ensures the specified kernel is going to be loaded by default on next reboot.

For instructions on how to enable serial consol in GRUB 2 for baremetal machines, see Using GRUB via a serial line.