170
174
sources available via anonymous CVS. @xref{Obtaining and Building
171
175
GRUB}, for more information.
177
Over the next few years, GRUB was extended to meet many needs, but it
178
quickly became clear that its design was not keeping up with the extensions
179
being made to it, and we reached the point where it was very difficult to
180
make any further changes without breaking existing features. Around 2002,
181
Yoshinori K. Okuji started work on PUPA (Preliminary Universal Programming
182
Architecture for GNU GRUB), aiming to rewrite the core of GRUB to make it
183
cleaner, safer, more robust, and more powerful. PUPA was eventually renamed
184
to GRUB 2, and the original version of GRUB was renamed to GRUB Legacy.
185
Small amounts of maintenance continued to be done on GRUB Legacy, but the
186
last release (0.97) was made in 2005 and at the time of writing it seems
187
unlikely that there will be another.
189
By around 2007, GNU/Linux distributions started to use GRUB 2 to limited
190
extents, and by the end of 2009 multiple major distributions were installing
175
195
@section GRUB features
966
986
@section Writing full configuration files directly
990
@chapter Booting GRUB from the network
992
The following instructions only work on PC BIOS systems where the Preboot
993
eXecution Environment (PXE) is available.
995
To generate a PXE boot image, run:
999
grub-mkimage --format=i386-pc --output=core.img --prefix='(pxe)/boot/grub' pxe pxecmd
1000
cat /boot/grub/pxeboot.img core.img >grub.pxe
1004
Copy @file{grub.pxe}, @file{/boot/grub/*.mod}, and @file{/boot/grub/*.lst}
1005
to the PXE (TFTP) server, ensuring that @file{*.mod} and @file{*.lst} are
1006
accessible via the @file{/boot/grub/} path from the TFTP server root. Set
1007
the DHCP server configuration to offer @file{grub.pxe} as the boot file (the
1008
@samp{filename} option in ISC dhcpd).
1010
After GRUB has started, files on the TFTP server will be accessible via the
1011
@samp{(pxe)} device.
1013
The server and gateway IP address can be controlled by changing the
1014
@samp{(pxe)} device name to @samp{(pxe:@var{server-ip})} or
1015
@samp{(pxe:@var{server-ip}:@var{gateway-ip})}. Note that this should be
1016
changed both in the prefix and in any references to the device name in the
1019
GRUB provides several environment variables which may be used to inspect or
1020
change the behaviour of the PXE device:
1024
The IP address of this machine. Read-only.
1027
The network interface's MAC address. Read-only.
1029
@item net_pxe_hostname
1030
The client host name provided by DHCP. Read-only.
1032
@item net_pxe_domain
1033
The client domain name provided by DHCP. Read-only.
1035
@item net_pxe_rootpath
1036
The path to the client's root disk provided by DHCP. Read-only.
1038
@item net_pxe_extensionspath
1039
The path to additional DHCP vendor extensions provided by DHCP. Read-only.
1041
@item net_pxe_boot_file
1042
The boot file name provided by DHCP. Read-only.
1044
@item net_pxe_dhcp_server_name
1045
The name of the DHCP server responsible for these boot parameters.
1048
@item net_pxe_blksize
1049
The PXE transfer block size. Read-write, defaults to 512.
1051
@item pxe_default_server
1052
The default PXE server. Read-write, although setting this is only useful
1053
before opening a PXE device.
1055
@item pxe_default_gateway
1056
The default gateway to use when contacting the PXE server. Read-write,
1057
although setting this is only useful before opening a PXE device.
969
1061
@node Serial terminal
970
1062
@chapter Using GRUB via a serial line
1364
1465
@samp{even} and defaults to @samp{no}.
1366
1467
The serial port is not used as a communication channel unless the
1367
@command{terminal} command is used (@pxref{terminal}).
1468
@command{terminal_input} or @command{terminal_output} command is used
1469
(@pxref{terminal_input}, @pxref{terminal_output}).
1369
1471
This command is only available if GRUB is compiled with serial
1370
1472
support. See also @ref{Serial terminal}.
1476
@node terminal_input
1477
@subsection terminal_input
1479
@deffn Command terminal_input [@option{--append}|@option{--remove}] @
1480
[terminal1] [terminal2] @dots{}
1481
List or select an input terminal.
1483
With no arguments, list the active and available input terminals.
1485
With @option{--append}, add the named terminals to the list of active input
1486
terminals; any of these may be used to provide input to GRUB.
1488
With @option{--remove}, remove the named terminals from the active list.
1490
With no options but a list of terminal names, make only the listed terminal
1495
@node terminal_output
1496
@subsection terminal_output
1498
@deffn Command terminal_output [@option{--append}|@option{--remove}] @
1499
[terminal1] [terminal2] @dots{}
1500
List or select an output terminal.
1502
With no arguments, list the active and available output terminals.
1504
With @option{--append}, add the named terminals to the list of active output
1505
terminals; all of these will receive output from GRUB.
1507
With @option{--remove}, remove the named terminals from the active list.
1509
With no options but a list of terminal names, make only the listed terminal
1375
1515
@subsection terminfo
2005
@subsection uppermem
2007
This command is not yet implemented for GRUB 2, although it is planned.
2011
@chapter Authentication and authorisation
2013
By default, the boot loader interface is accessible to anyone with physical
2014
access to the console: anyone can select and edit any menu entry, and anyone
2015
can get direct access to a GRUB shell prompt. For most systems, this is
2016
reasonable since anyone with direct physical access has a variety of other
2017
ways to gain full access, and requiring authentication at the boot loader
2018
level would only serve to make it difficult to recover broken systems.
2020
However, in some environments, such as kiosks, it may be appropriate to lock
2021
down the boot loader to require authentication before performing certain
2024
The @samp{password} (@pxref{password}) and @samp{password_pbkdf2}
2025
(@pxref{password_pbkdf2}) commands can be used to define users, each of
2026
which has an associated password. @samp{password} sets the password in
2027
plain text, requiring @file{grub.cfg} to be secure; @samp{password_pbkdf2}
2028
sets the password hashed using the Password-Based Key Derivation Function
2029
(RFC 2898), requiring the use of @command{grub-mkpasswd-pbkdf2}
2030
(@pxref{Invoking grub-mkpasswd-pbkdf2}) to generate password hashes.
2032
In order to enable authentication support, the @samp{superusers} environment
2033
variable must be set to a list of usernames, separated by any of spaces,
2034
commas, semicolons, pipes, or ampersands. Superusers are permitted to use
2035
the GRUB command line, edit menu entries, and execute any menu entry. If
2036
@samp{superusers} is set, then use of the command line is automatically
2037
restricted to superusers.
2039
Other users may be given access to specific menu entries by giving a list of
2040
usernames (as above) using the @option{--users} option to the
2041
@samp{menuentry} command (@pxref{menuentry}). If the @option{--users}
2042
option is not used for a menu entry, then that entry is unrestricted.
2044
Putting this together, a typical @file{grub.cfg} fragment might look like
2049
set superusers="root"
2050
password_pbkdf2 root grub.pbkdf2.sha512.10000.biglongstring
2051
password user1 insecure
2053
menuentry "May be run by any user" @{
2058
menuentry "Superusers only" --users "" @{
2060
linux /vmlinuz single
2063
menuentry "May be run by user1 or a superuser" --users user1 @{
2070
The @command{grub-mkconfig} program does not yet have built-in support for
2071
generating configuration files with authentication. You can use
2072
@file{/etc/grub.d/40_custom} to add simple superuser authentication, by
2073
adding @kbd{set superusers=} and @kbd{password} or @kbd{password_pbkdf2}
2077
@node Troubleshooting
2078
@chapter Error messages produced by GRUB
2081
* GRUB only offers a rescue shell::
2085
@node GRUB only offers a rescue shell
2086
@section GRUB only offers a rescue shell
2088
GRUB's normal start-up procedure involves setting the @samp{prefix}
2089
environment variable to a value set in the core image by
2090
@command{grub-install}, setting the @samp{root} variable to match, loading
2091
the @samp{normal} module from the prefix, and running the @samp{normal}
2092
command. This command is responsible for reading
2093
@file{/boot/grub/grub.cfg}, running the menu, and doing all the useful
2094
things GRUB is supposed to do.
2096
If, instead, you only get a rescue shell, this usually means that GRUB
2097
failed to load the @samp{normal} module for some reason. It may be possible
2098
to work around this temporarily: for instance, if the reason for the failure
2099
is that @samp{prefix} is wrong (perhaps it refers to the wrong device, or
2100
perhaps the path to @file{/boot/grub} was not correctly made relative to the
2101
device), then you can correct this and enter normal mode manually:
2105
# Inspect the current prefix (and other preset variables):
2107
# Set to the correct value, which might be something like this:
2108
set prefix=(hd0,1)/grub
2115
However, any problem that leaves you in the rescue shell probably means that
2116
GRUB was not correctly installed. It may be more useful to try to reinstall
2117
it properly using @kbd{grub-install @var{device}} (@pxref{Invoking
2118
grub-install}). When doing this, there are a few things to remember:
2122
Drive ordering in your operating system may not be the same as the boot
2123
drive ordering used by your firmware. Do not assume that your first hard
2124
drive (e.g. @samp{/dev/sda}) is the one that your firmware will boot from.
2127
At least on BIOS systems, if you tell @command{grub-install} to install GRUB
2128
to a partition but GRUB has already been installed in the master boot
2129
record, then the GRUB installation in the partition will be ignored.
2132
If possible, it is generally best to avoid installing GRUB to a partition
2133
(unless it is a special partition for the use of GRUB alone, such as the
2134
BIOS Boot Partition used on GPT). Doing this means that GRUB may stop being
2135
able to read its core image due to a file system moving blocks around, such
2136
as while defragmenting, running checks, or even during normal operation.
2137
Installing to the whole disk device is normally more robust.
2140
Check that GRUB actually knows how to read from the device and file system
2141
containing @file{/boot/grub}. It will not be able to read from encrypted
2142
devices, nor from file systems for which support has not yet been added to
1794
2147
@node Invoking grub-install
1795
2148
@chapter Invoking grub-install
2362
@appendix Hacking GRUB
2365
* Getting the source code::
2366
* Finding your way around::
2370
@node Getting the source code
2371
@section Getting the source code
2373
GRUB is maintained using the @uref{http://bazaar-vcs.org/, Bazaar revision
2374
control system}. To fetch the primary development branch:
2377
bzr get http://bzr.savannah.gnu.org/r/grub/trunk/grub
2380
The GRUB developers maintain several other branches with work in progress.
2381
Of these, the most interesting is the experimental branch, which is a
2382
staging area for new code which we expect to eventually merge into trunk but
2383
which is not yet ready:
2386
bzr get http://bzr.savannah.gnu.org/r/grub/branches/experimental
2389
Once you have used @kbd{bzr get} to fetch an initial copy of a branch, you
2390
can use @kbd{bzr pull} to keep it up to date. If you have modified your
2391
local version, you may need to resolve conflicts when pulling.
2394
@node Finding your way around
2395
@section Finding your way around
2397
Here is a brief map of the GRUB code base.
2399
GRUB uses Autoconf, but not (yet) Automake. The top-level build rules are
2400
in @file{configure.ac}, @file{Makefile.in}, and @file{conf/*.rmk}. Each
2401
@file{conf/*.rmk} file represents a particular target configuration, and is
2402
processed into GNU Make rules by @file{genmk.rb} (which you only need to
2403
look at if you are extending the build system). If you are adding a new
2404
module which follows an existing pattern, such as a new command or a new
2405
filesystem implementation, it is usually easiest to grep @file{conf/*.rmk}
2406
for an existing example of that pattern to find out where it should be
2409
Low-level boot code, such as the MBR implementation on PC BIOS systems, is
2410
in the @file{boot/} directory.
2412
The GRUB kernel is in @file{kern/}. This contains core facilities such as
2413
the device, disk, and file frameworks, environment variable handling, list
2414
processing, and so on. The kernel should contain enough to get up to a
2415
rescue prompt. Header files for kernel facilities, among others, are in
2418
Terminal implementations are in @file{term/}.
2420
Disk access code is spread across @file{disk/} (for accessing the disk
2421
devices themselves), @file{partmap/} (for interpreting partition table
2422
data), and @file{fs/} (for accessing filesystems). Note that, with the odd
2423
specialised exception, GRUB only contains code to @emph{read} from
2424
filesystems and tries to avoid containing any code to @emph{write} to
2425
filesystems; this lets us confidently assure users that GRUB cannot be
2426
responsible for filesystem corruption.
2428
PCI and USB bus handling is in @file{bus/}.
2430
Video handling code is in @file{video/}. The graphical menu system uses
2431
this heavily, but is in a separate directory, @file{gfxmenu/}.
2433
Most commands are implemented by files in @file{commands/}, with the
2434
following exceptions:
2438
A few core commands live in @file{kern/corecmd.c}.
2441
Commands related to normal mode live under @file{normal/}.
2444
Commands that load and boot kernels live under @file{loader/}.
2447
The @samp{loopback} command is really a disk device, and so lives in
2448
@file{disk/loopback.c}.
2451
The @samp{gettext} command lives under @file{gettext/}.
2454
The @samp{loadfont} and @samp{lsfonts} commands live under @file{font/}.
2457
The @samp{serial}, @samp{terminfo}, and @samp{background_image} commands
2458
live under @file{term/}.
2461
The @samp{efiemu_*} commands live under @file{efiemu/}.
2464
There are a few other special-purpose exceptions; grep for them if they
1980
2469
@node Copying This Manual
1981
2470
@appendix Copying This Manual