From Fedora Project Wiki

(add disclaimer to 'default' section)
(Added section that describes how to password protect interactive edit mode)
Line 139: Line 139:
grub2-install <target device> --no-floppy
grub2-install <target device> --no-floppy
</pre>
</pre>
== Setting a password for interactive edit mode ==
If you would like to password protect interactive edit mode but allow password-less booting here is a way to do it (borrowed from the method provided by the anaconda installer):
Create and edit /etc/grub.d/01_users and place the following inside it:
<pre>
set superusers="root"
password_pbkdf2 root GRUBPASSWORDHASH
export superusers
</pre>
Please note the existance of the grub2-mkpasswd-pbkdf2 command that is part of the grub2-tools package.  You run grub2-mkpasswd-pbkdf2 from the command line and it asks for a password twice and then outputs a password hash.  You take that output and substitute it for the word GRUBPASSWORDHASH in the above sample /etc/grub.d/01_users file.
"superusers" is magic, and from that point on everything should be password protected except booting the default entries.


= Further Reading =
= Further Reading =

Revision as of 20:33, 1 August 2012

Introduction

GRUB 2 is the latest version of GNU GRUB, the GRand Unified Bootloader. A bootloader is the first software program that runs when a computer starts. It is responsible for loading and transferring control to the operating system kernel, (Linux, in the case of Fedora). The kernel, in turn, initializes the rest of the operating system.

GRUB 2 has replaced what was formerly known as GRUB (i.e. version 0.9x), which has, in turn, become GRUB Legacy.

Starting with Fedora 16, GRUB 2 is the default bootloader on x86 BIOS systems. For upgrades of BIOS systems the default is also to install GRUB 2, but you can opt to skip bootloader configuration entirely.

Tasks / Common issues

Updating GRUB 2 configuration

The grub2 packages contain commands for installing a bootloader and for creating a bootloader configuration file.

grub2-install will install the bootloader - usually in the MBR, in free unpartioned space, and as files in /boot. The bootloader is installed with something like:

grub2-install /dev/sda

grub2-mkconfig will create a new configuration based on the currently running system, what is found in /boot, what is set in /etc/default/grub, and the customizable scripts in /etc/grub.d/ . A new configuration file is created with:

grub2-mkconfig -o /boot/grub2/grub.cfg

The configuration format has evolved over time, and a new configuration file might be slightly incompatible with the old bootloader. It is thus often/always a good idea to run grub2-install before grub2-mkconfig for some reason is run.

The Fedora installer, anaconda, will run these grub2 commands and there is usually no reason to run them manually.

It is generally safe to directly edit /boot/grub2/grub.cfg in Fedora. Grubby in Fedora patches the configuration when a kernel update is performed and will try to not make any other changes than what is necessary. (Other distributions, in particular Debian and Debian-derived distributions provide a software patch that adds an update-grub command which is neither included nor needed in Fedora.) Manual changes might however be overwritten with grub2-mkconfig next time the system is upgraded with anaconda. Some customizations can be placed in /etc/grubd/40_custom or /boot/grub2/custom.cfg and will survive running grub2-mkconfig.

Adding Other operating systems to the GRUB 2 menu

grub2-mkconfig will add entries for other operating systems it can find. That will be done based on the output of the os-prober tool.

That might however not work so well, especially not for booting other Linux operating systems. See http://www.gnu.org/software/grub/manual/grub.html#Multi_002dboot-manual-config .

Setting default entry

Some parts of this section is wrong or outdated for f17.
Be also aware of [Bug 768106 - grubby does not support grub2 set default="${saved_entry}" and replaces with "0"].

Due to grub2-mkconfig (and os-prober) we cannot predict the order of the entries in /boot/grub2/grub.cfg, so we set the default by name/title instead.

Open /etc/default/grub and ensure this line exists:

GRUB_DEFAULT=saved

Apply the change to grub.cfg by running:

grub2-mkconfig -o /boot/grub2/grub.cfg

Now list all possible menu entries

grep ^menuentry /boot/grub2/grub.cfg | cut -d "'" -f2

Now set the desired default menu entry

grub2-set-default <menu entry title>

Verify the default menu entry

grub2-editenv list
Note
There are other, simpler, ways of setting the default entry, but they are prone to error if/when grub2-mkconfig is re-run. These include directly setting the default in /boot/grub2/grub.cfg or setting GRUB_DEFAULT to either a number or an entry title in /etc/default/grub. Neither of these methods is recommended.

If you understand the risks involved and still want to directly modify /boot/grub2/grub.cfg, here's how you can do it:

Edit /boot/grub2/grub.cfg, and change the line

This is not the recommended method
This will not survive grub2-mkconfig. It might not even survive a kernel update.
set default="0" 

to

set default="5"

Encountering the dreaded GRUB 2 boot prompt

If improperly configured, GRUB 2 may fail to load and subsequently drop to a boot prompt. To address this issue, proceed as follows:

1. List the drives which GRUB 2 sees:

grub2> ls

2. The output for a dos partition table /dev/sda with three partitons will look something like this:

(hd0) (hd0,msdos3) (hd0,msdos2) (hd0,msdos1)

3. While the output for a gpt partition table /dev/sda with four partitions will look something like this:

(hd0) (hd0,gpt4) (hd0,gpt3)  (hd0,gpt2) (hd0,gpt1)

4. With this information you can now probe each partition of the drive and locate your vmlinuz and initramfs files:

ls (hd0,1)/ 

Will list the files on /dev/sda1. If this partition contains /boot, the output will show the full name of vmlinuz and initramfs.

5. Armed with the location and full name of vmlinuz and initramfs you can now boot your system.

5a. Declare your root partition:

grub> set root=(hd0,3)

5b. Declare the kernel you wish to use:

grub> linux (hd0,1)/vmlinuz-3.0.0-1.fc16.i686 root=/dev/sda3 rhgb quiet selinux=0 
# NOTE : add other kernel args if you have need of them
# NOTE : change the numbers to match your system

5c. Declare the initrd to use:

  
grub> initrd (hd0,1)/initramfs-3.0.0-1.fc16.i686.img
# NOTE : change the numbers to match your system

5d. Instruct GRUB 2 to boot the chosen files:

grub> boot

6. After boot, open a terminal.

7. Issue the grub2-mkconfig command to re-create the grub.cfg file grub2 needed to boot your system:

grub2-mkconfig -o /boot/grub2/grub.cfg

8. Issue the grub2-install command to install grub2 to your hard drive and make use of your config:

grub2-install --boot-directory=/boot /dev/sda
# Note: your drive may have another device name. Check for it with mount command output.

Other GRUB 2 issues

Absent Floppy Disk : It has been reported by some users that GRUB 2 may fail to install on a partition's boot sector if the computer floppy controller is activated in BIOS without an actual floppy disk drive being present. A possible workaround is to run (post OS install) from rescue mode:

grub2-install <target device> --no-floppy

Setting a password for interactive edit mode

If you would like to password protect interactive edit mode but allow password-less booting here is a way to do it (borrowed from the method provided by the anaconda installer):

Create and edit /etc/grub.d/01_users and place the following inside it:

set superusers="root"
password_pbkdf2 root GRUBPASSWORDHASH
export superusers

Please note the existance of the grub2-mkpasswd-pbkdf2 command that is part of the grub2-tools package. You run grub2-mkpasswd-pbkdf2 from the command line and it asks for a password twice and then outputs a password hash. You take that output and substitute it for the word GRUBPASSWORDHASH in the above sample /etc/grub.d/01_users file.

"superusers" is magic, and from that point on everything should be password protected except booting the default entries.

Further Reading

http://www.gnu.org/software/grub/manual/grub.html

http://fedoraproject.org/wiki/Features/Grub2

http://fedoraproject.org/wiki/Anaconda/Features/Grub2Migration