^{Taken from} https://www.gnu.org/software/grub/manual/grub/html_node/index.html#SEC_Contents

1. Introduction to GRUB

1.1. Overview

Briefly, a boot loader is the first software program that runs when a computer starts. It is responsible for loading and transferring control to an operating system kernel software (such as Linux or GNU Mach). The kernel, in turn, initializes the rest of the operating system (e.g. a GNU system).

GNU GRUB is a very powerful boot loader, which can load a wide variety of free operating systems, as well as proprietary operating systems with chain-loading¹. GRUB is designed to address the complexity of booting a personal computer; both the program and this manual are tightly bound to that computer platform, although porting to other platforms may be addressed in the future.

One of the important features in GRUB is flexibility; GRUB understands filesystems and kernel executable formats, so you can load an arbitrary operating system the way you like, without recording the physical position of your kernel on the disk. Thus you can load the kernel just by specifying its file name and the drive and partition where the kernel resides.

When booting with GRUB, you can use either a command-line interface (see Command-line interface), or a menu interface (see Menu interface). Using the command-line interface, you type the drive specification and file name of the kernel manually. In the menu interface, you just select an OS using the arrow keys. The menu is based on a configuration file which you prepare beforehand (see Configuration). While in the menu, you can switch to the command-line mode, and vice-versa. You can even edit menu entries before using them.

In the following chapters, you will learn how to specify a drive, a partition, and a file name (see Naming convention) to GRUB, how to install GRUB on your drive (see Installation), and how to boot your OSes (see Booting), step by step.

1.2. History of GRUB

GRUB originated in 1995 when Erich Boleyn was trying to boot the GNU Hurd with the University of Utah’s Mach 4 microkernel (now known as GNU Mach). Erich and Brian Ford designed the Multiboot Specification (see Motivation in The Multiboot Specification), because they were determined not to add to the large number of mutually-incompatible PC boot methods.

Erich then began modifying the FreeBSD boot loader so that it would understand Multiboot. He soon realized that it would be a lot easier to write his own boot loader from scratch than to keep working on the FreeBSD boot loader, and so GRUB was born.

Erich added many features to GRUB, but other priorities prevented him from keeping up with the demands of its quickly-expanding user base. In 1999, Gordon Matzigkeit and Yoshinori K. Okuji adopted GRUB as an official GNU package, and opened its development by making the latest sources available via anonymous CVS. See Obtaining and Building GRUB, for more information.

Over the next few years, GRUB was extended to meet many needs, but it quickly became clear that its design was not keeping up with the extensions being made to it, and we reached the point where it was very difficult to make any further changes without breaking existing features. Around 2002, Yoshinori K. Okuji started work on PUPA (Preliminary Universal Programming Architecture for GNU GRUB), aiming to rewrite the core of GRUB to make it cleaner, safer, more robust, and more powerful. PUPA was eventually renamed to GRUB 2, and the original version of GRUB was renamed to GRUB Legacy. Small amounts of maintenance continued to be done on GRUB Legacy, but the last release (0.97) was made in 2005 and at the time of writing it seems unlikely that there will be another.

By around 2007, GNU/Linux distributions started to use GRUB 2 to limited extents, and by the end of 2009 multiple major distributions were installing it by default.

1.3. Differences from previous versions

GRUB 2 is a rewrite of GRUB (see History), although it shares many characteristics with the previous version, now known as GRUB Legacy. Users of GRUB Legacy may need some guidance to find their way around this new version.

• The configuration file has a new name (grub.cfg rather than menu.lst or grub.conf), new syntax (see Configuration) and many new commands (see Commands). Configuration cannot be copied over directly, although most GRUB Legacy users should not find the syntax too surprising.

• grub.cfg is typically automatically generated by grub-mkconfig (see Simple configuration). This makes it easier to handle versioned kernel upgrades.

• Partition numbers in GRUB device names now start at 1, not 0 (see Naming convention).

• The configuration file is now written in something closer to a full scripting language: variables, conditionals, and loops are available.

• A small amount of persistent storage is available across reboots, using the save_env and load_env commands in GRUB and the grub-editenv utility. This is not available in all configurations (see Environment block).

• GRUB 2 has more reliable ways to find its own files and those of target kernels on multiple-disk systems, and has commands (see search) to find devices using file system labels or Universally Unique Identifiers (UUIDs).

• GRUB 2 is available for several other types of system in addition to the PC BIOS systems supported by GRUB Legacy: PC EFI, PC coreboot, PowerPC, SPARC, and MIPS Lemote Yeeloong are all supported.

• Many more file systems are supported, including but not limited to ext4, HFS+, and NTFS.

• GRUB 2 can read files directly from LVM and RAID devices.

• A graphical terminal and a graphical menu system are available.

• GRUB 2’s interface can be translated, including menu entry names.

• The image files (see Images) that make up GRUB have been reorganised; Stage 1, Stage 1.5, and Stage 2 are no more.

• GRUB 2 puts many facilities in dynamically loaded modules, allowing the core image to be smaller, and allowing the core image to be built in more flexible ways.

1.4. GRUB features

The primary requirement for GRUB is that it be compliant with the Multiboot Specification, which is described in Motivation in The Multiboot Specification.

The other goals, listed in approximate order of importance, are:

• Basic functions must be straightforward for end-users.

• Rich functionality to support kernel experts and designers.

• Backward compatibility for booting FreeBSD, NetBSD, OpenBSD, and Linux. Proprietary kernels (such as DOS, Windows NT, and OS/2) are supported via a chain-loading function.

Except for specific compatibility modes (chain-loading and the Linux piggyback format), all kernels will be started in much the same state as in the Multiboot Specification. Only kernels loaded at 1 megabyte or above are presently supported. Any attempt to load below that boundary will simply result in immediate failure and an error message reporting the problem.

In addition to the requirements above, GRUB has the following features (note that the Multiboot Specification doesn’t require all the features that GRUB supports):

Recognize multiple executable formats

Support many of the a.out variants plus ELF. Symbol tables are also loaded.

Support non-Multiboot kernels

Support many of the various free 32-bit kernels that lack Multiboot compliance (primarily FreeBSD, NetBSD², OpenBSD, and Linux). Chain-loading of other boot loaders is also supported.

Load multiples modules

Fully support the Multiboot feature of loading multiple modules.

Load a configuration file

Support a human-readable text configuration file with preset boot commands. You can also load another configuration file dynamically and embed a preset configuration file in a GRUB image file. The list of commands (see Commands) are a superset of those supported on the command-line. An example configuration file is provided in Configuration.

Provide a menu interface

A menu interface listing preset boot commands, with a programmable timeout, is available. There is no fixed limit on the number of boot entries, and the current implementation has space for several hundred.

Have a flexible command-line interface

A fairly flexible command-line interface, accessible from the menu, is available to edit any preset commands, or write a new boot command set from scratch. If no configuration file is present, GRUB drops to the command-line.

The list of commands (see Commands) are a subset of those supported for configuration files. Editing commands closely resembles the Bash command-line (see Command Line Editing in Bash Features), with TAB-completion of commands, devices, partitions, and files in a directory depending on context.

Support multiple filesystem types

Support multiple filesystem types transparently, plus a useful explicit blocklist notation. The currently supported filesystem types are Amiga Fast FileSystem (AFFS), AtheOS fs, BeFS, BtrFS (including raid0, raid1, raid10, gzip and lzo), cpio (little- and big-endian bin, odc and newc variants), Linux ext2/ext3/ext4, DOS FAT12/FAT16/FAT32, exFAT, F2FS, HFS, HFS+, ISO9660 (including Joliet, Rock-ridge and multi-chunk files), JFS, Minix fs (versions 1, 2 and 3), nilfs2, NTFS (including compression), ReiserFS, ROMFS, Amiga Smart FileSystem (SFS), Squash4, tar, UDF, BSD UFS/UFS2, XFS, and ZFS (including lzjb, gzip, zle, mirror, stripe, raidz1/2/3 and encryption in AES-CCM and AES-GCM). See Filesystem, for more information.

Support automatic decompression

Can decompress files which were compressed by gzip or xz³. This function is both automatic and transparent to the user (i.e. all functions operate upon the uncompressed contents of the specified files). This greatly reduces a file size and loading time, a particularly great benefit for floppies.⁴

It is conceivable that some kernel modules should be loaded in a compressed state, so a different module-loading command can be specified to avoid uncompressing the modules.

Access data on any installed device

Support reading data from any or all floppies or hard disk(s) recognized by the BIOS, independent of the setting of the root device.

Be independent of drive geometry translations

Unlike many other boot loaders, GRUB makes the particular drive translation irrelevant. A drive installed and running with one translation may be converted to another translation without any adverse effects or changes in GRUB’s configuration.

Detect all installed RAM

GRUB can generally find all the installed RAM on a PC-compatible machine. It uses an advanced BIOS query technique for finding all memory regions. As described on the Multiboot Specification (see Motivation in The Multiboot Specification), not all kernels make use of this information, but GRUB provides it for those who do.

Support Logical Block Address mode

In traditional disk calls (called CHS mode), there is a geometry translation problem, that is, the BIOS cannot access over 1024 cylinders, so the accessible space is limited to at least 508 MB and to at most 8GB. GRUB can’t universally solve this problem, as there is no standard interface used in all machines. However, several newer machines have the new interface, Logical Block Address (LBA) mode. GRUB automatically detects if LBA mode is available and uses it if available. In LBA mode, GRUB can access the entire disk.

Support network booting

GRUB is basically a disk-based boot loader but also has network support. You can load OS images from a network by using the TFTP protocol.

Support remote terminals

To support computers with no console, GRUB provides remote terminal support, so that you can control GRUB from a remote host. Only serial terminal support is implemented at the moment.

1.5. The role of a boot loader

The following is a quotation from Gordon Matzigkeit, a GRUB fanatic:

Some people like to acknowledge both the operating system and kernel when they talk about their computers, so they might say they use “GNU/Linux” or “GNU/Hurd”. Other people seem to think that the kernel is the most important part of the system, so they like to call their GNU operating systems “Linux systems.”

I, personally, believe that this is a grave injustice, because the boot loader is the most important software of all. I used to refer to the above systems as either “LILO”⁵ or “GRUB” systems.

Unfortunately, nobody ever understood what I was talking about; now I just use the word “GNU” as a pseudonym for GRUB.

So, if you ever hear people talking about their alleged “GNU” systems, remember that they are actually paying homage to the best boot loader around… GRUB!

We, the GRUB maintainers, do not (usually) encourage Gordon’s level of fanaticism, but it helps to remember that boot loaders deserve recognition. We hope that you enjoy using GNU GRUB as much as we did writing it.

2. Naming convention

The device syntax used in GRUB is a wee bit different from what you may have seen before in your operating system(s), and you need to know it so that you can specify a drive/partition.

Look at the following examples and explanations:

First of all, GRUB requires that the device name be enclosed with ‘(’ and ‘)’. The ‘fd’ part means that it is a floppy disk. The number ‘0’ is the drive number, which is counted from zero. This expression means that GRUB will use the whole floppy disk.

Here, ‘hd’ means it is a hard disk drive. The first integer ‘0’ indicates the drive number, that is, the first hard disk, the string ‘msdos’ indicates the partition scheme, while the second integer, ‘2’, indicates the partition number (or the PC slice number in the BSD terminology). The partition numbers are counted from one, not from zero (as was the case in previous versions of GRUB). This expression means the second partition of the first hard disk drive. In this case, GRUB uses one partition of the disk, instead of the whole disk.

This specifies the first extended partition of the first hard disk drive. Note that the partition numbers for extended partitions are counted from ‘5’, regardless of the actual number of primary partitions on your hard disk.

This means the BSD ‘a’ partition on first PC slice number of the second hard disk.

Of course, to actually access the disks or partitions with GRUB, you need to use the device specification in a command, like ‘set root=(fd0)’ or ‘parttool (hd0,msdos3) hidden-’. To help you find out which number specifies a partition you want, the GRUB command-line (see Command-line interface) options have argument completion. This means that, for example, you only need to type

followed by a TAB, and GRUB will display the list of drives, partitions, or file names. So it should be quite easy to determine the name of your target partition, even with minimal knowledge of the syntax.

Note that GRUB does not distinguish IDE from SCSI - it simply counts the drive numbers from zero, regardless of their type. Normally, any IDE drive number is less than any SCSI drive number, although that is not true if you change the boot sequence by swapping IDE and SCSI drives in your BIOS.

Now the question is, how to specify a file? Again, consider an example:

This specifies the file named ‘vmlinuz’, found on the first partition of the first hard disk drive. Note that the argument completion works with file names, too.

That was easy, admit it. Now read the next chapter, to find out how to actually install GRUB on your drive.

3. OS-specific notes about grub tools

On OS which have device nodes similar to Unix-like OS GRUB tools use the OS name. E.g. for GNU/Linux:

On AROS we use another syntax. For volumes:

E.g.

For disks we use syntax:

E.g.

On Windows we use UNC path. For volumes it’s typically

E.g.

For disks it’s

E.g.

Beware that you may need to further escape the backslashes depending on your shell.

When compiled with cygwin support then cygwin drive names are automatically when needed. E.g.

4. Installation

In order to install GRUB as your boot loader, you need to first install the GRUB system and utilities under your UNIX-like operating system (see Obtaining and Building GRUB). You can do this either from the source tarball, or as a package for your OS.

After you have done that, you need to install the boot loader on a drive (floppy or hard disk) by using the utility grub-install (see Invoking grub-install) on a UNIX-like OS.

GRUB comes with boot images, which are normally put in the directory /usr/lib/grub/<cpu>-<platform> (for BIOS-based machines /usr/lib/grub/i386-pc). Hereafter, the directory where GRUB images are initially placed (normally /usr/lib/grub/<cpu>-<platform>) will be called the image directory, and the directory where the boot loader needs to find them (usually /boot) will be called the boot directory.

4.1. Installing GRUB using grub-install

For information on where GRUB should be installed on PC BIOS platforms, see BIOS installation.

In order to install GRUB under a UNIX-like OS (such as GNU), invoke the program grub-install (see Invoking grub-install) as the superuser (root).

The usage is basically very simple. You only need to specify one argument to the program, namely, where to install the boot loader. The argument has to be either a device file (like ‘/dev/hda’). For example, under Linux the following will install GRUB into the MBR of the first IDE disk:

Likewise, under GNU/Hurd, this has the same effect:

But all the above examples assume that GRUB should put images under the /boot directory. If you want GRUB to put images under a directory other than /boot, you need to specify the option --boot-directory. The typical usage is that you create a GRUB boot floppy with a filesystem. Here is an example:

Some BIOSes have a bug of exposing the first partition of a USB drive as a floppy instead of exposing the USB drive as a hard disk (they call it “USB-FDD” boot). In such cases, you need to install like this:

This install doesn’t conflict with standard install as long as they are in separate directories.

On EFI systems for fixed disk install you have to mount EFI System Partition. If you mount it at /boot/efi then you don’t need any special arguments:

Otherwise you need to specify where your EFI System partition is mounted:

For removable installs you have to use --removable and specify both --boot-directory and --efi-directory:

4.2. Making a GRUB bootable CD-ROM

GRUB supports the no emulation mode in the El Torito specification⁶. This means that you can use the whole CD-ROM from GRUB and you don’t have to make a floppy or hard disk image file, which can cause compatibility problems.

For booting from a CD-ROM, GRUB uses a special image called cdboot.img, which is concatenated with core.img. The core.img used for this should be built with at least the ‘iso9660’ and ‘biosdisk’ modules. Your bootable CD-ROM will usually also need to include a configuration file grub.cfg and some other GRUB modules.

To make a simple generic GRUB rescue CD, you can use the grub-mkrescue program (see Invoking grub-mkrescue):

You will often need to include other files in your image. To do this, first make a top directory for the bootable image, say, ‘iso’:

Make a directory for GRUB:

If desired, make the config file grub.cfg under iso/boot/grub (see Configuration), and copy any files and directories for the disc to the directory iso/.

Finally, make the image:

This produces a file named grub.iso, which then can be burned into a CD (or a DVD), or written to a USB mass storage device.

The root device will be set up appropriately on entering your grub.cfg configuration file, so you can refer to file names on the CD without needing to use an explicit device name. This makes it easier to produce rescue images that will work on both optical drives and USB mass storage devices.

4.3. The map between BIOS drives and OS devices

If the device map file exists, the GRUB utilities (grub-probe, etc.) read it to map BIOS drives to OS devices. This file consists of lines like this:

device is a drive specified in the GRUB syntax (see Device syntax), and file is an OS file, which is normally a device file.

Historically, the device map file was used because GRUB device names had to be used in the configuration file, and they were derived from BIOS drive numbers. The map between BIOS drives and OS devices cannot always be guessed correctly: for example, GRUB will get the order wrong if you exchange the boot sequence between IDE and SCSI in your BIOS.

Unfortunately, even OS device names are not always stable. Modern versions of the Linux kernel may probe drives in a different order from boot to boot, and the prefix (/dev/hd* versus /dev/sd*) may change depending on the driver subsystem in use. As a result, the device map file required frequent editing on some systems.

GRUB avoids this problem nowadays by using UUIDs or file system labels when generating grub.cfg, and we advise that you do the same for any custom menu entries you write. If the device map file does not exist, then the GRUB utilities will assume a temporary device map on the fly. This is often good enough, particularly in the common case of single-disk systems.

However, the device map file is not entirely obsolete yet, and it is used for overriding when current environment is different from the one on boot. Most common case is if you use a partition or logical volume as a disk for virtual machine. You can put any comments in the file if needed, as the GRUB utilities assume that a line is just a comment if the first character is ‘#’.

4.4. BIOS installation

MBR

The partition table format traditionally used on PC BIOS platforms is called the Master Boot Record (MBR) format; this is the format that allows up to four primary partitions and additional logical partitions. With this partition table format, there are two ways to install GRUB: it can be embedded in the area between the MBR and the first partition (called by various names, such as the "boot track", "MBR gap", or "embedding area", and which is usually at least 1000 KiB), or the core image can be installed in a file system and a list of the blocks that make it up can be stored in the first sector of that partition.

Modern tools usually leave MBR gap of at least 1023 KiB. This amount is sufficient to cover most configurations. Hence this value is recommended by the GRUB team.

Historically many tools left only 31 KiB of space. This is not enough to parse reliably difficult structures like Btrfs, ZFS, RAID or LVM, or to use difficult disk access methods like ahci. Hence GRUB will warn if attempted to install into small MBR gap except in a small number of configurations that were grandfathered. The grandfathered config must:

• use biosdisk as disk access module for /boot * not use any additional partition maps to access /boot * /boot must be on one of following filesystems: * AFFS, AFS, BFS, cpio, newc, odc, ext2/3/4, FAT, exFAT, F2FS, HFS, uncompressed HFS+, ISO9660, JFS, Minix, Minix2, Minix3, NILFS2, NTFS, ReiserFS, ROMFS, SFS, tar, UDF, UFS1, UFS2, XFS

MBR gap has few technical problems. There is no way to reserve space in the embedding area with complete safety, and some proprietary software is known to use it to make it difficult for users to work around licensing restrictions. GRUB works it around by detecting sectors by other software and avoiding them and protecting its own sectors using Reed-Solomon encoding.

GRUB team recommends having MBR gap of at least 1000 KiB

Should it be not possible GRUB has support for a fallback solution which is heavily recommended against. Installing to a filesystem means that GRUB is vulnerable to its blocks being moved around by filesystem features such as tail packing, or even by aggressive fsck implementations, so this approach is quite fragile; and this approach can only be used if the /boot filesystem is on the same disk that the BIOS boots from, so that GRUB does not have to rely on guessing BIOS drive numbers.

The GRUB development team generally recommends embedding GRUB before the first partition, unless you have special requirements. You must ensure that the first partition starts at least 1000 KiB (2000 sectors) from the start of the disk; on modern disks, it is often a performance advantage to align partitions on larger boundaries anyway, so the first partition might start 1 MiB from the start of the disk.

GPT

Some newer systems use the GUID Partition Table (GPT) format. This was specified as part of the Extensible Firmware Interface (EFI), but it can also be used on BIOS platforms if system software supports it; for example, GRUB and GNU/Linux can be used in this configuration. With this format, it is possible to reserve a whole partition for GRUB, called the BIOS Boot Partition. GRUB can then be embedded into that partition without the risk of being overwritten by other software and without being contained in a filesystem which might move its blocks around.

When creating a BIOS Boot Partition on a GPT system, you should make sure that it is at least 31 KiB in size. (GPT-formatted disks are not usually particularly small, so we recommend that you make it larger than the bare minimum, such as 1 MiB, to allow plenty of room for growth.) You must also make sure that it has the proper partition type. Using GNU Parted, you can set this using a command such as the following:

If you are using gdisk, set the partition type to ‘0xEF02’. With partitioning programs that require setting the GUID directly, it should be ‘21686148-6449-6e6f-744e656564454649’.

Caution: Be very careful which partition you select! When GRUB finds a BIOS Boot Partition during installation, it will automatically overwrite part of it. Make sure that the partition does not contain any other data.

5. Booting

GRUB can load Multiboot-compliant kernels in a consistent way, but for some free operating systems you need to use some OS-specific magic.

5.1. How to boot operating systems

GRUB has two distinct boot methods. One of the two is to load an operating system directly, and the other is to chain-load another boot loader which then will load an operating system actually. Generally speaking, the former is more desirable, because you don’t need to install or maintain other boot loaders and GRUB is flexible enough to load an operating system from an arbitrary disk/partition. However, the latter is sometimes required, since GRUB doesn’t support all the existing operating systems natively.

5.1.1. How to boot an OS directly with GRUB

Multiboot (see Motivation in The Multiboot Specification) is the native format supported by GRUB. For the sake of convenience, there is also support for Linux, FreeBSD, NetBSD and OpenBSD. If you want to boot other operating systems, you will have to chain-load them (see Chain-loading).

FIXME: this section is incomplete.

1. Run the command boot (see boot).

However, DOS and Windows have some deficiencies, so you might have to use more complicated instructions. See DOS/Windows, for more information.

5.1.2. Chain-loading an OS

Operating systems that do not support Multiboot and do not have specific support in GRUB (specific support is available for Linux, FreeBSD, NetBSD and OpenBSD) must be chain-loaded, which involves loading another boot loader and jumping to it in real mode.

The chainloader command (see chainloader) is used to set this up. It is normally also necessary to load some GRUB modules and set the appropriate root device. Putting this together, we get something like this, for a Windows system on the first partition of the first hard disk:

On systems with multiple hard disks, an additional workaround may be required. See DOS/Windows.

Chain-loading is only supported on PC BIOS and EFI platforms.

5.2. Loopback booting

GRUB is able to read from an image (be it one of CD or HDD) stored on any of its accessible storages (refer to see loopback command). However the OS itself should be able to find its root. This usually involves running a userspace program running before the real root is discovered. This is achieved by GRUB loading a specially made small image and passing it as ramdisk to the kernel. This is achieved by commands kfreebsd_module, knetbsd_module_elf, kopenbsd_ramdisk, initrd (see initrd), initrd16 (see initrd), multiboot_module, multiboot2_module or xnu_ramdisk depending on the loader. Note that for knetbsd the image must be put inside miniroot.kmod and the whole miniroot.kmod has to be loaded. In kopenbsd payload this is disabled by default. Aditionally behaviour of initial ramdisk depends on command line options. Several distributors provide the image for this purpose or it’s integrated in their standard ramdisk and activated by special option. Consult your kernel and distribution manual for more details. Other loaders like appleloader, chainloader (BIOS, EFI, coreboot), freedos, ntldr and plan9 provide no possibility of loading initial ramdisk and as far as author is aware the payloads in question don’t support either initial ramdisk or discovering loopback boot in other way and as such not bootable this way. Please consider alternative boot methods like copying all files from the image to actual partition. Consult your OS documentation for more details

5.3. Booting from LVM cache logical volume

The LVM cache logical volume is the logical volume consisting of the original and the cache pool logical volume. The original is usually on a larger and slower storage device while the cache pool is on a smaller and faster one. The performance of the original volume can be improved by storing the frequently used data on the cache pool to utilize the greater performance of faster device.

GRUB boots from LVM cache logical volume merely by reading it’s original logical volume so that dirty data in cache pool volume is disregarded. This is not a problem for "writethrough" cache mode as it ensures that any data written will be stored both on the cache and the origin LV. For the other cache mode "writeback", which delays writing from the cache pool back to the origin LV to boost performance, GRUB may fail to boot in the wake of accidental power outage due to it’s inability to assemble the cache device for reading the required dirty data left behind. The situation will be improved after adding full support to the LVM cache logical volume in the future.

5.4. Some caveats on OS-specific issues

Here, we describe some caveats on several operating systems.

1. Writing your own configuration file

5.4.1. GNU/Hurd

Since GNU/Hurd is Multiboot-compliant, it is easy to boot it; there is nothing special about it. But do not forget that you have to specify a root partition to the kernel.

1. Set GRUB’s root device to the same drive as GNU/Hurd’s. The command search --set=root --file /boot/gnumach.gz or similar may help you (see search).

2. Load the kernel and the modules, like this:

3. Finally, run the command boot (see boot).

5.4.2. GNU/Linux

It is relatively easy to boot GNU/Linux from GRUB, because it somewhat resembles to boot a Multiboot-compliant OS.

1. Set GRUB’s root device to the same drive as GNU/Linux’s. The command search --set=root --file /vmlinuz or similar may help you (see search).

2. Load the kernel using the command linux (see linux):

   If you need to specify some kernel parameters, just append them to the command. For example, to set acpi to ‘off’, do this:

   See the documentation in the Linux source tree for complete information on the available options.

   With linux GRUB uses 32-bit protocol. Some BIOS services like APM or EDD aren’t available with this protocol. In this case you need to use linux16

3. If you use an initrd, execute the command initrd (see initrd) after linux:

   If you used linux16 you need to use initrd16:

4. Finally, run the command boot (see boot).

5.4.3. NetBSD

Booting a NetBSD kernel from GRUB is also relatively easy: first set GRUB’s root device, then load the kernel and the modules, and finally run boot.

1. Set GRUB’s root device to the partition holding the NetBSD root file system. For a disk with a NetBSD disk label, this is usually the first partition (a:). In that case, and assuming that the partition is on the first hard disk, set GRUB’s root device as follows:

   For a disk with a GUID Partition Table (GPT), and assuming that the NetBSD root partition is the third GPT partition, do this:

2. Load the kernel using the command knetbsd:

   Various options may be given to knetbsd. These options are, for the most part, the same as in the NetBSD boot loader. For instance, to boot the system in single-user mode and with verbose messages, do this:

3. If needed, load kernel modules with the command knetbsd_module_elf. A typical example is the module for the root file system:

4. Finally, run the command boot (see boot).

5.4.4. DOS/Windows

GRUB cannot boot DOS or Windows directly, so you must chain-load them (see Chain-loading). However, their boot loaders have some critical deficiencies, so it may not work to just chain-load them. To overcome the problems, GRUB provides you with two helper functions.

If you have installed DOS (or Windows) on a non-first hard disk, you have to use the disk swapping technique, because that OS cannot boot from any disks but the first one. The workaround used in GRUB is the command drivemap (see drivemap), like this:

This performs a virtual swap between your first and second hard drive.

Caution: This is effective only if DOS (or Windows) uses BIOS to access the swapped disks. If that OS uses a special driver for the disks, this probably won’t work.

Another problem arises if you installed more than one set of DOS/Windows onto one disk, because they could be confused if there are more than one primary partitions for DOS/Windows. Certainly you should avoid doing this, but there is a solution if you do want to do so. Use the partition hiding/unhiding technique.

If GRUB hides a DOS (or Windows) partition (see parttool), DOS (or Windows) will ignore the partition. If GRUB unhides a DOS (or Windows) partition, DOS (or Windows) will detect the partition. Thus, if you have installed DOS (or Windows) on the first and the second partition of the first hard disk, and you want to boot the copy on the first partition, do the following:

6. Writing your own configuration file

GRUB is configured using grub.cfg, usually located under /boot/grub. This file is quite flexible, but most users will not need to write the whole thing by hand.

6.1. Simple configuration handling

The program grub-mkconfig (see Invoking grub-mkconfig) generates grub.cfg files suitable for most cases. It is suitable for use when upgrading a distribution, and will discover available kernels and attempt to generate menu entries for them.

grub-mkconfig does have some limitations. While adding extra custom menu entries to the end of the list can be done by editing /etc/grub.d/40_custom or creating /boot/grub/custom.cfg, changing the order of menu entries or changing their titles may require making complex changes to shell scripts stored in /etc/grub.d/. This may be improved in the future. In the meantime, those who feel that it would be easier to write grub.cfg directly are encouraged to do so (see Booting, and Shell-like scripting), and to disable any system provided by their distribution to automatically run grub-mkconfig.

The file /etc/default/grub controls the operation of grub-mkconfig. It is sourced by a shell script, and so must be valid POSIX shell input; normally, it will just be a sequence of ‘KEY=value’ lines, but if the value contains spaces or other special characters then it must be quoted. For example:

Valid keys in /etc/default/grub are as follows:

‘GRUB_DEFAULT’

The default menu entry. This may be a number, in which case it identifies the Nth entry in the generated menu counted from zero, or the title of a menu entry, or the special string ‘saved’. Using the id may be useful if you want to set a menu entry as the default even though there may be a variable number of entries before it.

For example, if you have:

then you can make this the default using:

Previously it was documented the way to use entry title. While this still works it’s not recommended since titles often contain unstable device names and may be translated

If you set this to ‘saved’, then the default menu entry will be that saved by ‘GRUB_SAVEDEFAULT’ or grub-set-default. This relies on the environment block, which may not be available in all situations (see Environment block).

The default is ‘0’.

‘GRUB_SAVEDEFAULT’

If this option is set to ‘true’, then, when an entry is selected, save it as a new default entry for use by future runs of GRUB. This is only useful if ‘GRUB_DEFAULT=saved’; it is a separate option because ‘GRUB_DEFAULT=saved’ is useful without this option, in conjunction with grub-set-default. Unset by default. This option relies on the environment block, which may not be available in all situations (see Environment block).

‘GRUB_TIMEOUT’

Boot the default entry this many seconds after the menu is displayed, unless a key is pressed. The default is ‘5’. Set to ‘0’ to boot immediately without displaying the menu, or to ‘-1’ to wait indefinitely.

If ‘GRUB_TIMEOUT_STYLE’ is set to ‘countdown’ or ‘hidden’, the timeout is instead counted before the menu is displayed.

‘GRUB_TIMEOUT_STYLE’

If this option is unset or set to ‘menu’, then GRUB will display the menu and then wait for the timeout set by ‘GRUB_TIMEOUT’ to expire before booting the default entry. Pressing a key interrupts the timeout.

If this option is set to ‘countdown’ or ‘hidden’, then, before displaying the menu, GRUB will wait for the timeout set by ‘GRUB_TIMEOUT’ to expire. If ESC or F4 are pressed, or SHIFT is held down during that time, it will display the menu and wait for input. If a hotkey associated with a menu entry is pressed, it will boot the associated menu entry immediately. If the timeout expires before either of these happens, it will boot the default entry. In the ‘countdown’ case, it will show a one-line indication of the remaining time.

‘GRUB_DEFAULT_BUTTON’

‘GRUB_TIMEOUT_BUTTON’

‘GRUB_TIMEOUT_STYLE_BUTTON’

‘GRUB_BUTTON_CMOS_ADDRESS’

Variants of the corresponding variables without the ‘_BUTTON’ suffix, used to support vendor-specific power buttons. See Vendor power-on keys.

‘GRUB_DISTRIBUTOR’

Set by distributors of GRUB to their identifying name. This is used to generate more informative menu entry titles.

‘GRUB_TERMINAL_INPUT’

Select the terminal input device. You may select multiple devices here, separated by spaces.

Valid terminal input names depend on the platform, but may include ‘console’ (native platform console), ‘serial’ (serial terminal), ‘serial_<port>’ (serial terminal with explicit port selection), ‘at_keyboard’ (PC AT keyboard), or ‘usb_keyboard’ (USB keyboard using the HID Boot Protocol, for cases where the firmware does not handle this).

The default is to use the platform’s native terminal input.

‘GRUB_TERMINAL_OUTPUT’

Select the terminal output device. You may select multiple devices here, separated by spaces.

Valid terminal output names depend on the platform, but may include ‘console’ (native platform console), ‘serial’ (serial terminal), ‘serial_<port>’ (serial terminal with explicit port selection), ‘gfxterm’ (graphics-mode output), ‘vga_text’ (VGA text output), ‘mda_text’ (MDA text output), ‘morse’ (Morse-coding using system beeper) or ‘spkmodem’ (simple data protocol using system speaker).

‘spkmodem’ is useful when no serial port is available. Connect the output of sending system (where GRUB is running) to line-in of receiving system (usually developer machine). On receiving system compile ‘spkmodem-recv’ from ‘util/spkmodem-recv.c’ and run:

The default is to use the platform’s native terminal output.

‘GRUB_TERMINAL’

If this option is set, it overrides both ‘GRUB_TERMINAL_INPUT’ and ‘GRUB_TERMINAL_OUTPUT’ to the same value.

‘GRUB_SERIAL_COMMAND’

A command to configure the serial port when using the serial console. See serial. Defaults to ‘serial’.

‘GRUB_CMDLINE_LINUX’

Command-line arguments to add to menu entries for the Linux kernel.

‘GRUB_CMDLINE_LINUX_DEFAULT’

Unless ‘GRUB_DISABLE_RECOVERY’ is set to ‘true’, two menu entries will be generated for each Linux kernel: one default entry and one entry for recovery mode. This option lists command-line arguments to add only to the default menu entry, after those listed in ‘GRUB_CMDLINE_LINUX’.

‘GRUB_CMDLINE_NETBSD’

‘GRUB_CMDLINE_NETBSD_DEFAULT’

As ‘GRUB_CMDLINE_LINUX’ and ‘GRUB_CMDLINE_LINUX_DEFAULT’, but for NetBSD.

‘GRUB_CMDLINE_GNUMACH’

As ‘GRUB_CMDLINE_LINUX’, but for GNU Mach.

‘GRUB_CMDLINE_XEN’

‘GRUB_CMDLINE_XEN_DEFAULT’

The values of these options are passed to Xen hypervisor Xen menu entries, for all respectively normal entries.

‘GRUB_CMDLINE_LINUX_XEN_REPLACE’

‘GRUB_CMDLINE_LINUX_XEN_REPLACE_DEFAULT’

The values of these options replace the values of ‘GRUB_CMDLINE_LINUX’ and ‘GRUB_CMDLINE_LINUX_DEFAULT’ for Linux and Xen menu entries.

‘GRUB_EARLY_INITRD_LINUX_CUSTOM’

‘GRUB_EARLY_INITRD_LINUX_STOCK’

List of space-separated early initrd images to be loaded from ‘/boot’. This is for loading things like CPU microcode, firmware, ACPI tables, crypto keys, and so on. These early images will be loaded in the order declared, and all will be loaded before the actual functional initrd image.

‘GRUB_EARLY_INITRD_LINUX_STOCK’ is for your distribution to declare images that are provided by the distribution. It should not be modified without understanding the consequences. They will be loaded first.

‘GRUB_EARLY_INITRD_LINUX_CUSTOM’ is for your custom created images.

The default stock images are as follows, though they may be overridden by your distribution:

‘GRUB_DISABLE_LINUX_UUID’

Normally, grub-mkconfig will generate menu entries that use universally-unique identifiers (UUIDs) to identify the root filesystem to the Linux kernel, using a ‘root=UUID=...’ kernel parameter. This is usually more reliable, but in some cases it may not be appropriate. To disable the use of UUIDs, set this option to ‘true’.

‘GRUB_DISABLE_LINUX_PARTUUID’

If grub-mkconfig cannot identify the root filesystem via its universally-unique indentifier (UUID), grub-mkconfig can use the UUID of the partition containing the filesystem to identify the root filesystem to the Linux kernel via a ‘root=PARTUUID=...’ kernel parameter. This is not as reliable as using the filesystem UUID, but is more reliable than using the Linux device names. When ‘GRUB_DISABLE_LINUX_PARTUUID’ is set to ‘false’, the Linux kernel version must be 2.6.37 (3.10 for systems using the MSDOS partition scheme) or newer. This option defaults to ‘true’. To enable the use of partition UUIDs, set this option to ‘false’.

‘GRUB_DISABLE_RECOVERY’

If this option is set to ‘true’, disable the generation of recovery mode menu entries.

‘GRUB_DISABLE_UUID’

Normally, grub-mkconfig will generate menu entries that use universally-unique identifiers (UUIDs) to identify various filesystems to search for files. This is usually more reliable, but in some cases it may not be appropriate. To disable this use of UUIDs, set this option to ‘true’. Setting this option to ‘true’, will also set the options ‘GRUB_DISABLE_LINUX_UUID’ and ‘GRUB_DISABLE_LINUX_PARTUUID’ to ‘true’, unless they have been explicilty set to ‘false’.

‘GRUB_VIDEO_BACKEND’

If graphical video support is required, either because the ‘gfxterm’ graphical terminal is in use or because ‘GRUB_GFXPAYLOAD_LINUX’ is set, then grub-mkconfig will normally load all available GRUB video drivers and use the one most appropriate for your hardware. If you need to override this for some reason, then you can set this option.

After grub-install has been run, the available video drivers are listed in /boot/grub/video.lst.

‘GRUB_GFXMODE’

Set the resolution used on the ‘gfxterm’ graphical terminal. Note that you can only use modes which your graphics card supports via VESA BIOS Extensions (VBE), so for example native LCD panel resolutions may not be available. The default is ‘auto’, which tries to select a preferred resolution. See gfxmode.

‘GRUB_BACKGROUND’

Set a background image for use with the ‘gfxterm’ graphical terminal. The value of this option must be a file readable by GRUB at boot time, and it must end with .png, .tga, .jpg, or .jpeg. The image will be scaled if necessary to fit the screen.

‘GRUB_THEME’

Set a theme for use with the ‘gfxterm’ graphical terminal.

‘GRUB_GFXPAYLOAD_LINUX’

Set to ‘text’ to force the Linux kernel to boot in normal text mode, ‘keep’ to preserve the graphics mode set using ‘GRUB_GFXMODE’, ‘widthxheight’[‘xdepth’] to set a particular graphics mode, or a sequence of these separated by commas or semicolons to try several modes in sequence. See gfxpayload.

Depending on your kernel, your distribution, your graphics card, and the phase of the moon, note that using this option may cause GNU/Linux to suffer from various display problems, particularly during the early part of the boot sequence. If you have problems, set this option to ‘text’ and GRUB will tell Linux to boot in normal text mode.

‘GRUB_DISABLE_OS_PROBER’

The grub-mkconfig has a feature to use the external os-prober program to discover other operating systems installed on the same machine and generate appropriate menu entries for them. It is disabled by default since automatic and silent execution of os-prober, and creating boot entries based on that data, is a potential attack vector. Set this option to ‘false’ to enable this feature in the grub-mkconfig command.

‘GRUB_OS_PROBER_SKIP_LIST’

List of space-separated FS UUIDs of filesystems to be ignored from os-prober output. For efi chainloaders it’s <UUID>@<EFI FILE>

‘GRUB_DISABLE_SUBMENU’

Normally, grub-mkconfig will generate top level menu entry for the kernel with highest version number and put all other found kernels or alternative menu entries for recovery mode in submenu. For entries returned by os-prober first entry will be put on top level and all others in submenu. If this option is set to ‘true’, flat menu with all entries on top level will be generated instead. Changing this option will require changing existing values of ‘GRUB_DEFAULT’, ‘fallback’ (see fallback) and ‘default’ (see default) environment variables as well as saved default entry using grub-set-default and value used with grub-reboot.

‘GRUB_ENABLE_CRYPTODISK’

If set to ‘y’, grub-mkconfig and grub-install will check for encrypted disks and generate additional commands needed to access them during boot. Note that in this case unattended boot is not possible because GRUB will wait for passphrase to unlock encrypted container.

‘GRUB_INIT_TUNE’

Play a tune on the speaker when GRUB starts. This is particularly useful for users unable to see the screen. The value of this option is passed directly to play.

‘GRUB_BADRAM’

If this option is set, GRUB will issue a badram command to filter out specified regions of RAM.

‘GRUB_PRELOAD_MODULES’

This option may be set to a list of GRUB module names separated by spaces. Each module will be loaded as early as possible, at the start of grub.cfg.

The following options are still accepted for compatibility with existing configurations, but have better replacements:

‘GRUB_HIDDEN_TIMEOUT’

Wait this many seconds before displaying the menu. If ESC or F4 are pressed, or SHIFT is held down during that time, display the menu and wait for input according to ‘GRUB_TIMEOUT’. If a hotkey associated with a menu entry is pressed, boot the associated menu entry immediately. If the timeout expires before either of these happens, display the menu for the number of seconds specified in ‘GRUB_TIMEOUT’ before booting the default entry.

If you set ‘GRUB_HIDDEN_TIMEOUT’, you should also set ‘GRUB_TIMEOUT=0’ so that the menu is not displayed at all unless ESC or F4 are pressed, or SHIFT is held down.

This option is unset by default, and is deprecated in favour of the less confusing ‘GRUB_TIMEOUT_STYLE=countdown’ or ‘GRUB_TIMEOUT_STYLE=hidden’.

‘GRUB_HIDDEN_TIMEOUT_QUIET’

In conjunction with ‘GRUB_HIDDEN_TIMEOUT’, set this to ‘true’ to suppress the verbose countdown while waiting for a key to be pressed before displaying the menu.

This option is unset by default, and is deprecated in favour of the less confusing ‘GRUB_TIMEOUT_STYLE=countdown’.

‘GRUB_HIDDEN_TIMEOUT_BUTTON’

Variant of ‘GRUB_HIDDEN_TIMEOUT’, used to support vendor-specific power buttons. See Vendor power-on keys.

This option is unset by default, and is deprecated in favour of the less confusing ‘GRUB_TIMEOUT_STYLE=countdown’ or ‘GRUB_TIMEOUT_STYLE=hidden’.

For more detailed customisation of grub-mkconfig’s output, you may edit the scripts in /etc/grub.d directly. /etc/grub.d/40_custom is particularly useful for adding entire custom menu entries; simply type the menu entries you want to add at the end of that file, making sure to leave at least the first two lines intact.

6.2. Root Identifcation Heuristics

If the target operating system uses the Linux kernel, grub-mkconfig attempts to identify the root file system via a heuristic algoirthm. This algorithm selects the identification method of the root file system by considering three factors. The first is if an initrd for the target operating system is also present. The second is ‘GRUB_DISABLE_LINUX_UUID’ and if set to ‘true’, prevents grub-mkconfig from identifying the root file system by its UUID. The third is ‘GRUB_DISABLE_LINUX_PARTUUID’ and if set to ‘true’, prevents grub-mkconfig from identifying the root file system via the UUID of its enclosing partition. If the variables are assigned any other value, that value is considered equivalent to ‘false’. The variables are also considered to be set to ‘false’ if they are not set.

When booting, the Linux kernel will delegate the task of mounting the root filesystem to the initrd. Most initrd images determine the root file system by checking the Linux kernel’s command-line for the ‘root’ key and use its value as the identification method of the root file system. To improve the reliability of booting, most initrd images also allow the root file system to be identified by its UUID. Because of this behavior, the grub-mkconfig command will set ‘root’ to ‘root=UUID=...’ to provide the initrd with the filesystem UUID of the root file system.

If no initrd is detected or ‘GRUB_DISABLE_LINUX_UUID’ is set to ‘true’ then grub-command will identify the root filesystem by setting the kernel command-line variable ‘root’ to ‘root=PARTUUID=...’ unless ‘GRUB_DISABLE_LINUX_PARTUUID’ is also set to ‘true’. If ‘GRUB_DISABLE_LINUX_PARTUUID’ is also set to ‘true’, grub-command will identify by its Linux device name.

The following table summarizes the behavior of the grub-mkconfig command.

Remember, ‘GRUB_DISABLE_LINUX_PARTUUID’ and ‘GRUB_DISABLE_LINUX_UUID’ are also considered to be set to ‘false’ when they are unset.

6.3. Writing full configuration files directly

grub.cfg is written in GRUB’s built-in scripting language, which has a syntax quite similar to that of GNU Bash and other Bourne shell derivatives.

Words

A word is a sequence of characters considered as a single unit by GRUB. Words are separated by metacharacters, which are the following plus space, tab, and newline:

Quoting may be 6.4. Multi-boot manual configused to include metacharacters in words; see below.

Reserved words

Reserved words have a special meaning to GRUB. The following words are recognised as reserved when unquoted and either the first word of a simple command or the third word of a for command:

Not all of these reserved words have a useful purpose yet; some are reserved for future expansion.

Quoting

Quoting is used to remove the special meaning of certain characters or words. It can be used to treat metacharacters as part of a word, to prevent reserved words from being recognised as such, and to prevent variable expansion.

There are three quoting mechanisms: the escape character, single quotes, and double quotes.

A non-quoted backslash (\) is the escape character. It preserves the literal value of the next character that follows, with the exception of newline.

Enclosing characters in single quotes preserves the literal value of each character within the quotes. A single quote may not occur between single quotes, even when preceded by a backslash.

Enclosing characters in double quotes preserves the literal value of all characters within the quotes, with the exception of ‘$’ and ‘\’. The ‘$’ character retains its special meaning within double quotes. The backslash retains its special meaning only when followed by one of the following characters: ‘$’, ‘"’, ‘\’, or newline. A backslash-newline pair is treated as a line continuation (that is, it is removed from the input stream and effectively ignored⁷). A double quote may be quoted within double quotes by preceding it with a backslash.

Variable expansion

The ‘$’ character introduces variable expansion. The variable name to be expanded may be enclosed in braces, which are 6.4. Multi-boot manual configoptional but serve to protect the variable to be expanded from characters immediately following it which could be interpreted as part of the name.

Normal variable names begin with an alphabetic character, followed by zero or more alphanumeric characters. These names refer to entries in the GRUB environment (see Environment).

Positional variable names consist of one or more digits. They represent parameters passed to function calls, with ‘$1’ representing the first parameter, and so on.

The special variable name ‘?’ expands to the exit status of the most recently executed command. When positional variable names are active, other special variable names ‘@’, ‘*’ and ‘#’ are defined and they expand to all positional parameters with necessary quoting, positional parameters without any quoting, and positional parameter count respectively.

Comments

A word beginning with ‘#’ causes that word and all remaining characters on that line to be ignored.

Simple commands

A simple command is a sequence of words separated by spaces or tabs and terminated by a semicolon or a newline. The first word specifies the command to be executed. The remaining words are passed as arguments to the invoked command.

The return value of a simple command is its exit status. If the reserved word ! precedes the command, then the return value is instead the logical negation of the command’s exit status.

Compound commands

A compound command is one of the following:

for name in word …; do list; done

The list of words following in is expanded, generating a list of items. The variable name is set to each element of this list in turn, and list is executed each time. The return value is the exit status of the last command that executes. If the expansion of the items following in results in an empty list, no commands are executed, and the return status is 0.

if list; then list; [elif list; then list;] … [else list;] fi

The if list is executed. If its exit status is zero, the then list is executed. Otherwise, each elif list is executed in turn, and if its exit status is zero, the corresponding then list is executed and the command completes. Otherwise, the else list is executed, if present. The exit status is the exit status of the last command executed, or zero if no condition tested true.

while cond; do list; doneuntil cond; do list; done

The while command continuously executes the do list as long as the last command in cond returns an exit status of zero. The until command is identical to the while command, except that the test is negated; the do list is executed as long as the last command in cond returns a non-zero exit status. The exit status of the while and until commands is the exit status of the last do list command executed, or zero if none was executed.

function name { command; … }

This defines a function named name. The body of the function is the list of commands within braces, each of which must be terminated with a semicolon or a newline. This list of commands will be executed whenever name is specified as the name of a simple command. Function definitions do not affect the exit status in $?. When executed, the exit status of a function is the exit status of the last command executed in the body.

menuentry title [--class=class …] [--users=users] [--unrestricted] [--hotkey=key] [--id=id] { command; … }

See menuentry.

Built-in Commands

Some built-in commands are also provided by GRUB script to help script writers perform actions that are otherwise not possible. For example, these include commands to jump out of a loop without fully completing it, etc.

break [n]

Exit from within a for, while, or until loop. If n is specified, break n levels. n must be greater than or equal to 1. If n is greater than the number of enclosing loops, all enclosing loops are exited. The return value is 0 unless n is not greater than or equal to 1.

continue [n]

Resume the next iteration of the enclosing for, while or until loop. If n is specified, resume at the nth enclosing loop. n must be greater than or equal to 1. If n is greater than the number of enclosing loops, the last enclosing loop (the top-level loop) is resumed. The return value is 0 unless n is not greater than or equal to 1.

return [n]

Causes a function to exit with the return value specified by n. If n is omitted, the return status is that of the last command executed in the function body. If used outside a function the return status is false.

setparams [arg] …

Replace positional parameters starting with $1 with arguments to setparams.

shift [n]

The positional parameters from n+1 … are renamed to $1…. Parameters represented by the numbers $# down to $#-n+1 are unset. n must be a non-negative number less than or equal to $#. If n is 0, no parameters are changed. If n is not given, it is assumed to be 1. If n is greater than $#, the positional parameters are not changed. The return status is greater than zero if n is greater than $# or less than zero; otherwise 0.

6.4. Multi-boot manual config

Currently autogenerating config files for multi-boot environments depends on os-prober and has several shortcomings. Due to that it is disabled by default. It is advised to use the power of GRUB syntax and do it yourself. A possible configuration is detailed here, feel free to adjust to your needs.

First create a separate GRUB partition, big enough to hold GRUB. Some of the following entries show how to load OS installer images from this same partition, for that you obviously need to make the partition large enough to hold those images as well. Mount this partition on/mnt/boot and disable GRUB in all OSes and manually install self-compiled latest GRUB with:

grub-install --boot-directory=/mnt/boot /dev/sda

In all the OSes install GRUB tools but disable installing GRUB in bootsector, so you’ll have menu.lst and grub.cfg available for use. Also disable os-prober use by setting:

GRUB_DISABLE_OS_PROBER=true

in /etc/default/grub

Then write a grub.cfg (/mnt/boot/grub/grub.cfg):

Notes:

• Argument to search after –label is FS LABEL. You can also use UUIDs with –fs-uuid UUID instead of –label LABEL. You could also use direct root=hd0,msdosX but this is not recommended due to device name instability.

6.5. Embedding a configuration file into GRUB

GRUB supports embedding a configuration file directly into the core image, so that it is loaded before entering normal mode. This is useful, for example, when it is not straightforward to find the real configuration file, or when you need to debug problems with loading that file. grub-install uses this feature when it is not using BIOS disk functions or when installing to a different disk from the one containing /boot/grub, in which case it needs to use the search command (see search) to find /boot/grub.

To embed a configuration file, use the -c option to grub-mkimage. The file is copied into the core image, so it may reside anywhere on the file system, and may be removed after running grub-mkimage.

After the embedded configuration file (if any) is executed, GRUB will load the ‘normal’ module (see normal), which will then read the real configuration file from $prefix/grub.cfg. By this point, the root variable will also have been set to the root device name. For example, prefix might be set to ‘(hd0,1)/boot/grub’, and root might be set to ‘hd0,1’. Thus, in most cases, the embedded configuration file only needs to set the prefix and root variables, and then drop through to GRUB’s normal processing. A typical example of this might look like this:

(The ‘search_fs_uuid’ module must be included in the core image for this example to work.)

In more complex cases, it may be useful to read other configuration files directly from the embedded configuration file. This allows such things as reading files not called grub.cfg, or reading files from a directory other than that where GRUB’s loadable modules are installed. To do this, include the ‘configfile’ and ‘normal’ modules in the core image, and embed a configuration file that uses the configfile command to load another file. The following example of this also requires the echo, search_label, and test modules to be included in the core image:

The embedded configuration file may not contain menu entries directly, but may only read them from elsewhere using configfile.

7. Theme file format

7.1. Introduction

The GRUB graphical menu supports themes that can customize the layout and appearance of the GRUB boot menu. The theme is configured through a plain text file that specifies the layout of the various GUI components (including the boot menu, timeout progress bar, and text messages) as well as the appearance using colors, fonts, and images. Example is available in docs/example_theme.txt

7.2. Theme Elements

7.2.1. Colors

Colors can be specified in several ways:

• HTML-style “#RRGGBB” or “#RGB” format, where *R*, *G*, and *B* are hexadecimal digits (e.g., “#8899FF”)

• as comma-separated decimal RGB values (e.g., “128, 128, 255”)

• with “SVG 1.0 color names” (e.g., “cornflowerblue”) which must be specified in lowercase.

7.2.2. Fonts

The fonts GRUB uses “PFF2 font format” bitmap fonts. Fonts are specified with full font names. Currently there is no provision for a preference list of fonts, or deriving one font from another. Fonts are loaded with the “loadfont” command in GRUB (loadfont). To see the list of loaded fonts, execute the “lsfonts” command (lsfonts). If there are too many fonts to fit on screen, do “set pager=1” before executing “lsfonts”.

7.2.3. Progress Bar

Progress bars are used to display the remaining time before GRUB boots the default menu entry. To create a progress bar that will display the remaining time before automatic boot, simply create a “progress_bar” component with the id “__timeout__”. This indicates to GRUB that the progress bar should be updated as time passes, and it should be made invisible if the countdown to automatic boot is interrupted by the user.

Progress bars may optionally have text displayed on them. This text is controlled by variable “text” which contains a printf template with the only argument %d is the number of seconds remaining. Additionally special values “@TIMEOUT_NOTIFICATION_SHORT@”, “@TIMEOUT_NOTIFICATION_MIDDLE@”, “@TIMEOUT_NOTIFICATION_LONG@” are replaced with standard and translated templates.

7.2.4. Circular Progress Indicator

The circular progress indicator functions similarly to the progress bar. When given an id of “__timeout__”, GRUB updates the circular progress indicator’s value to indicate the time remaining. For the circular progress indicator, there are two images used to render it: the *center* image, and the *tick* image. The center image is rendered in the center of the component, while the tick image is used to render each mark along the circumference of the indicator.

7.2.5. Labels

Text labels can be placed on the boot screen. The font, color, and horizontal alignment can be specified for labels. If a label is given the id “__timeout__”, then the “text” property for that label is also updated with a message informing the user of the number of seconds remaining until automatic boot. This is useful in case you want the text displayed somewhere else instead of directly on the progress bar.

7.2.6. Boot Menu

The boot menu where GRUB displays the menu entries from the “grub.cfg” file. It is a list of items, where each item has a title and an optional icon. The icon is selected based on the *classes* specified for the menu entry. If there is a PNG file named “myclass.png” in the “grub/themes/icons” directory, it will be displayed for items which have the class *myclass*. The boot menu can be customized in several ways, such as the font and color used for the menu entry title, and by specifying styled boxes for the menu itself and for the selected item highlight.

7.2.7. Styled Boxes

One of the most important features for customizing the layout is the use of *styled boxes*. A styled box is composed of 9 rectangular (and potentially empty) regions, which are used to seamlessly draw the styled box on screen:

To support any size of box on screen, the center slice and the slices for the top, bottom, and sides are all scaled to the correct size for the component on screen, using the following rules:

1. The edge slices (north, south, east, and west) are scaled in the direction of the edge they are adjacent to. For instance, the west slice is scaled vertically.

2. The corner slices (northwest, northeast, southeast, and southwest) are not scaled.

3. The center slice is scaled to fill the remaining space in the middle.

As an example of how an image might be sliced up, consider the styled box used for a terminal view.

7.2.8. Creating Styled Box Images

The Inkscape_ scalable vector graphics editor is a very useful tool for creating styled box images. One process that works well for slicing a drawing into the necessary image slices is:

1. Create or open the drawing you’d like use.

2. Create a new layer on the top of the layer stack. Make it visible. Select this layer as the current layer.

3. Draw 9 rectangles on your drawing where you’d like the slices to be. Clear the fill option, and set the stroke to 1 pixel wide solid stroke. The corners of the slices must meet precisely; if it is off by a single pixel, it will probably be evident when the styled box is rendered in the GRUB menu. You should probably go to File | Document Properties | Grids and enable a grid or create a guide (click on one of the rulers next to the drawing and drag over the drawing; release the mouse button to place the guide) to help place the rectangles precisely.

4. Right click on the center slice rectangle and choose Object Properties. Change the "Id" to “slice_c“ and click Set. Repeat this for the remaining 8 rectangles, giving them Id values of “slice_n“, “slice_ne“, “slice_e“, and so on according to the location.

5. Save the drawing.

6. Select all the slice rectangles. With the slice layer selected, you can simply press Ctrl+A to select all rectangles. The status bar should indicate that 9 rectangles are selected.

7. Click the layer hide icon for the slice layer in the layer palette. The rectangles will remain selected, even though they are hidden.

8. Choose File | Export Bitmap and check the *Batch export 9 selected objects* box. Make sure that *Hide all except selected* is unchecked. click *Export*. This will create PNG files in the same directory as the drawing, named after the slices. These can now be used for a styled box in a GRUB theme.

7.3. Theme File Manual

The theme file is a plain text file. Lines that begin with “#“ are ignored and considered comments. (Note: This may not be the case if the previous line ended where a value was expected.)

The theme file contains two types of statements:

1. Global properties.

2. Component construction.

7.3.1. Global Properties

7.3.2. Format

Global properties are specified with the simple format:

• name1: value1

• name2: "value which may contain spaces"

• name3: #88F

In this example, name3 is assigned a color value.

7.3.3. Global Property List

7.3.4. Component Construction

Greater customizability comes is provided by components. A tree of components forms the user interface. *Containers* are components that can contain other components, and there is always a single root component which is an instance of a *canvas* container.

Components are created in the theme file by prefixing the type of component with a ’+’ sign:

+ label { text="GRUB" font="aqui 11" color="#8FF" }

properties of a component are specified as "name = value" (whitespace surrounding tokens is optional and is ignored) where *value* may be:

• a single word (e.g., “align = center“, “color = #FF8080“),

• a quoted string (e.g., “text = "Hello, World!"“), or

• a tuple (e.g., “preferred_size = (120, 80)“).

7.3.5. Component List

The following is a list of the components and the properties they support.

• label A label displays a line of text.

  Properties:

id Set to “__timeout__“ to display the time elapsed to an automatical boot of the default entry.

text The text to display. If “id“ is set to “__timeout__“ and no “text“ property is set then the amount of seconds will be shown. If set to “@KEYMAP_SHORT@“, “@KEYMAP_MIDDLE@“ or “@KEYMAP_LONG@“ then predefined hotkey information will be shown.

font The font to use for text display.

color The color of the text.

align The horizontal alignment of the text within the component. Options are “left“, “center“ and “right“.

visible Set to “false“ to hide the label.

• image A component that displays an image. The image is scaled to fit the component.

  Properties:

  file The full path to the image file to load.

• progress_bar Displays a horizontally oriented progress bar. It can be rendered using simple solid filled rectangles, or using a pair of pixmap styled boxes.

  Properties:

id Set to “__timeout__“ to display the time elapsed to an automatical boot of the default entry.

fg_color The foreground color for plain solid color rendering.

bg_color The background color for plain solid color rendering.

border_color The border color for plain solid color rendering.

text_color The text color.

bar_style The styled box specification for the frame of the progress bar. Example: “progress_frame_*.png“ If the value is equal to “highlight_style“ then no styled boxes will be shown.

highlight_style The styled box specification for the highlighted region of the progress bar. This box will be used to paint just the highlighted region of the bar, and will be increased in size as the bar nears completion. Example: “progress_hl_*.png“. If the value is equal to “bar_style“ then no styled boxes will be shown.

highlight_overlay If this option is set to “true“ then the highlight box side slices (every slice except the center slice) will overlay the frame box side slices. And the center slice of the highlight box can move all the way (from top to bottom), being drawn on the center slice of the frame box. That way we can make a progress bar with round-shaped edges so there won’t be a free space from the highlight to the frame in top and bottom scrollbar positions. Default is “false“.

font The font to use for progress bar.

text The text to display on the progress bar. If the progress bar’s ID is set to “__timeout__“ and the value of this property is set to “@TIMEOUT_NOTIFICATION_SHORT@“, “@TIMEOUT_NOTIFICATION_MIDDLE@“ or “@TIMEOUT_NOTIFICATION_LONG@“, then GRUB will update this property with an informative message as the timeout approaches.

• circular_progress Displays a circular progress indicator. The appearance of this component is determined by two images: the *center* image and the *tick* image. The center image is generally larger and will be drawn in the center of the component. Around the circumference of a circle within the component, the tick image will be drawn a certain number of times, depending on the properties of the component.

  Properties:

id Set to “__timeout__“ to display the time elapsed to an automatical boot of the default entry.

center_bitmap The file name of the image to draw in the center of the component.

tick_bitmap The file name of the image to draw for the tick marks.

num_ticks The number of ticks that make up a full circle.

ticks_disappear Boolean value indicating whether tick marks should progressively appear, or progressively disappear as *value* approaches *end*. Specify “true“ or “false“. Default is “false“.

start_angle The position of the first tick mark to appear or disappear. Measured in "parrots", 1 "parrot" = 1 / 256 of the full circle. Use values “xxx deg“ or “xxx \xc2\xb0“ to set the angle in degrees.

• boot_menu Displays the GRUB boot menu. It allows selecting items and executing them.

  Properties:

item_font The font to use for the menu item titles.

selected_item_font The font to use for the selected menu item, or “inherit“ (the default) to use “item_font“ for the selected menu item as well.

item_color The color to use for the menu item titles.

selected_item_color The color to use for the selected menu item, or “inherit“ (the default) to use “item_color“ for the selected menu item as well.

icon_width The width of menu item icons. Icons are scaled to the specified size.

icon_height The height of menu item icons.

item_height The height of each menu item in pixels.

item_padding The amount of space in pixels to leave on each side of the menu item contents.

item_icon_space The space between an item’s icon and the title text, in pixels.

item_spacing The amount of space to leave between menu items, in pixels.

menu_pixmap_style The image file pattern for the menu frame styled box. Example: “menu_*.png“ (this will use images such as “menu_c.png“, “menu_w.png“, ‘menu_nw.png“, etc.)

item_pixmap_style The image file pattern for the item styled box.

selected_item_pixmap_style The image file pattern for the selected item highlight styled box.

scrollbar Boolean value indicating whether the scroll bar should be drawn if the frame and thumb styled boxes are configured.

scrollbar_frame The image file pattern for the entire scroll bar. Example: “scrollbar_*.png“

scrollbar_thumb The image file pattern for the scroll bar thumb (the part of the scroll bar that moves as scrolling occurs). Example: “scrollbar_thumb_*.png“

scrollbar_thumb_overlay If this option is set to “true“ then the scrollbar thumb side slices (every slice except the center slice) will overlay the scrollbar frame side slices. And the center slice of the scrollbar_thumb can move all the way (from top to bottom), being drawn on the center slice of the scrollbar frame. That way we can make a scrollbar with round-shaped edges so there won’t be a free space from the thumb to the frame in top and bottom scrollbar positions. Default is “false“.

scrollbar_slice The menu frame styled box’s slice in which the scrollbar will be drawn. Possible values are “west“, “center“, “east“ (default). “west“ - the scrollbar will be drawn in the west slice (right-aligned). “east“ - the scrollbar will be drawn in the east slice (left-aligned). “center“ - the scrollbar will be drawn in the center slice. Note: in case of “center“ slice: a) If the scrollbar should be drawn then boot menu entry’s width is decreased by the scrollbar’s width and the scrollbar is drawn at the right side of the center slice. b) If the scrollbar won’t be drawn then the boot menu entry’s width is the width of the center slice. c) We don’t necessary need the menu pixmap box to display the scrollbar.

scrollbar_left_pad The left scrollbar padding in pixels. Unused if “scrollbar_slice“ is “west“.

scrollbar_right_pad The right scrollbar padding in pixels. Unused if “scrollbar_slice“ is “east“.

scrollbar_top_pad The top scrollbar padding in pixels.

scrollbar_bottom_pad The bottom scrollbar padding in pixels.

visible Set to “false“ to hide the boot menu.

• canvas Canvas is a container that allows manual placement of components within it. It does not alter the positions of its child components. It assigns all child components their preferred sizes.

• hbox The *hbox* container lays out its children from left to right, giving each one its preferred width. The height of each child is set to the maximum of the preferred heights of all children.

• vbox The *vbox* container lays out its children from top to bottom, giving each one its preferred height. The width of each child is set to the maximum of the preferred widths of all children.

7.3.6. Common properties

The following properties are supported by all components:

‘left’

The distance from the left border of container to left border of the object in either of three formats:

‘top’

The distance from the left border of container to left border of the object in same format.

‘width’

The width of object in same format.

‘height’

The height of object in same format.

‘id’

The identifier for the component. This can be any arbitrary string. The ID can be used by scripts to refer to various components in the GUI component tree. Currently, there is one special ID value that GRUB recognizes:

8. Booting GRUB from the network

The following instructions don’t work for *-emu, i386-qemu, i386-coreboot, i386-multiboot, mips_loongson, mips-arc and mips_qemu_mips

To generate a netbootable directory, run:

E.g. for i386-pc:

Then follow instructions printed out by grub-mknetdir on configuring your DHCP server.

The grub.cfg file is placed in the same directory as the path output by grub-mknetdir hereafter referred to as FWPATH. GRUB will search for its configuration files in order using the following rules where the appended value corresponds to a value on the client machine.

The UUID is the Client Machine Identifier Option Definition as specified in RFC 4578. The client will only attempt to loouk up a UUID config file if it was provided by the DHCP server.

The client will only attempt to look up an IPv6 address config once, however, it will try the IPv4 multiple times. The concrete example below shows what would happen under the IPv4 case.

This feature is enabled by default but it can be disabled by setting the ‘feature_net_search_cfg’ to ‘n’. Since this happens before the configuration file is read by GRUB, this option has to be disabled in an embedded configuration file (see Embedded configuration).

After GRUB has started, files on the TFTP server will be accessible via the ‘(tftp)’ device.

The server IP address can be controlled by changing the ‘(tftp)’ device name to ‘(tftp,server-ip)’. Note that this should be changed both in the prefix and in any references to the device name in the configuration file.

GRUB provides several environment variables which may be used to inspect or change the behaviour of the PXE device. In the following description <interface> is placeholder for the name of network interface (platform dependent):

‘net_<interface>_ip’

The network interface’s IP address. Read-only.

‘net_<interface>_mac’

The network interface’s MAC address. Read-only.

‘net_<interface>_hostname’

The client host name provided by DHCP. Read-only.

‘net_<interface>_domain’

The client domain name provided by DHCP. Read-only.

‘net_<interface>_rootpath’

The path to the client’s root disk provided by DHCP. Read-only.

‘net_<interface>_extensionspath’

The path to additional DHCP vendor extensions provided by DHCP. Read-only.

‘net_<interface>_boot_file’

The boot file name provided by DHCP. Read-only.

‘net_<interface>_dhcp_server_name’

The name of the DHCP server responsible for these boot parameters. Read-only.

‘net_<interface>_next_server’

The IP address of the next (usually, TFTP) server provided by DHCP. Read-only.

‘net_default_interface’

Initially set to name of network interface that was used to load grub. Read-write, although setting it affects only interpretation of ‘net_default_ip’ and ‘net_default_mac’

‘net_default_ip’

The IP address of default interface. Read-only. This is alias for the ‘net_${net_default_interface}_ip’.

‘net_default_mac’

The default interface’s MAC address. Read-only. This is alias for the ‘net_${net_default_interface}_mac’.

‘net_default_server’

The default server used by network drives (see Device syntax). Read-write, although setting this is only useful before opening a network device.

9. Using GRUB via a serial line

This chapter describes how to use the serial terminal support in GRUB.

If you have many computers or computers with no display/keyboard, it could be very useful to control the computers through serial communications. To connect one computer with another via a serial line, you need to prepare a null-modem (cross) serial cable, and you may need to have multiport serial boards, if your computer doesn’t have extra serial ports. In addition, a terminal emulator is also required, such as minicom. Refer to a manual of your operating system, for more information.

As for GRUB, the instruction to set up a serial terminal is quite simple. Here is an example:

The command serial initializes the serial unit 0 with the speed 9600bps. The serial unit 0 is usually called ‘COM1’, so, if you want to use COM2, you must specify ‘--unit=1’ instead. This command accepts many other options, so please refer to serial, for more details.

The commands terminal_input (see terminal_input) and terminal_output (see terminal_output) choose which type of terminal you want to use. In the case above, the terminal will be a serial terminal, but you can also pass console to the command, as ‘terminal_input serial console’. In this case, a terminal in which you press any key will be selected as a GRUB terminal. In the example above, note that you need to put both commands on the same command line, as you will lose the ability to type commands on the console after the first command.

However, note that GRUB assumes that your terminal emulator is compatible with VT100 by default. This is true for most terminal emulators nowadays, but you should pass the option --dumb to the command if your terminal emulator is not VT100-compatible or implements few VT100 escape sequences. If you specify this option then GRUB provides you with an alternative menu interface, because the normal menu requires several fancy features of your terminal.

10. Using GRUB with vendor power-on keys

Some laptop vendors provide an additional power-on button which boots another OS. GRUB supports such buttons with the ‘GRUB_TIMEOUT_BUTTON’, ‘GRUB_TIMEOUT_STYLE_BUTTON’, ‘GRUB_DEFAULT_BUTTON’, and ‘GRUB_BUTTON_CMOS_ADDRESS’ variables in default/grub (see Simple configuration). ‘GRUB_TIMEOUT_BUTTON’, ‘GRUB_TIMEOUT_STYLE_BUTTON’, and ‘GRUB_DEFAULT_BUTTON’ are used instead of the corresponding variables without the ‘_BUTTON’ suffix when powered on using the special button. ‘GRUB_BUTTON_CMOS_ADDRESS’ is vendor-specific and partially model-specific. Values known to the GRUB team are:

Dell XPS M1330M

121:3

Dell XPS M1530

85:3

Dell Latitude E4300

85:3

Asus EeePC 1005PE

84:1 (unconfirmed)

LENOVO ThinkPad T410s (2912W1C)

101:3

To take full advantage of this function, install GRUB into the MBR (see Installing GRUB using grub-install).

If you have a laptop which has a similar feature and not in the above list could you figure your address and contribute? To discover the address do the following:

• boot normally

• boot using vendor button

Then compare these text files and find where a bit was toggled. E.g. in case of Dell XPS it was:

It’s a bit number 3 as seen from following table:

0x47 is decimal 71. Linux nvram implementation cuts first 14 bytes of CMOS. So the real byte address in CMOS is 71+14=85 So complete address is 85:3

11. GRUB image files

GRUB consists of several images: a variety of bootstrap images for starting GRUB in various ways, a kernel image, and a set of modules which are combined with the kernel image to form a core image. Here is a short overview of them.

boot.img

On PC BIOS systems, this image is the first part of GRUB to start. It is written to a master boot record (MBR) or to the boot sector of a partition. Because a PC boot sector is 512 bytes, the size of this image is exactly 512 bytes.

The sole function of boot.img is to read the first sector of the core image from a local disk and jump to it. Because of the size restriction, boot.img cannot understand any file system structure, so grub-install hardcodes the location of the first sector of the core image into boot.img when installing GRUB.

diskboot.img

This image is used as the first sector of the core image when booting from a hard disk. It reads the rest of the core image into memory and starts the kernel. Since file system handling is not yet available, it encodes the location of the core image using a block list format.

cdboot.img

This image is used as the first sector of the core image when booting from a CD-ROM drive. It performs a similar function to diskboot.img.

pxeboot.img

This image is used as the start of the core image when booting from the network using PXE. See Network.

lnxboot.img

This image may be placed at the start of the core image in order to make GRUB look enough like a Linux kernel that it can be booted by LILO using an ‘image=’ section.

kernel.img

This image contains GRUB’s basic run-time facilities: frameworks for device and file handling, environment variables, the rescue mode command-line parser, and so on. It is rarely used directly, but is built into all core images.

core.img

This is the core image of GRUB. It is built dynamically from the kernel image and an arbitrary list of modules by the grub-mkimage program. Usually, it contains enough modules to access /boot/grub, and loads everything else (including menu handling, the ability to load target operating systems, and so on) from the file system at run-time. The modular design allows the core image to be kept small, since the areas of disk where it must be installed are often as small as 32KB.

See BIOS installation, for details on where the core image can be installed on PC systems.

*.mod

Everything else in GRUB resides in dynamically loadable modules. These are often loaded automatically, or built into the core image if they are essential, but may also be loaded manually using the insmod command (see insmod).

For GRUB Legacy users

GRUB 2 has a different design from GRUB Legacy, and so correspondences with the images it used cannot be exact. Nevertheless, GRUB Legacy users often ask questions in the terms they are familiar with, and so here is a brief guide to how GRUB 2’s images relate to that.

stage1

Stage 1 from GRUB Legacy was very similar to boot.img in GRUB 2, and they serve the same function.

*_stage1_5

In GRUB Legacy, Stage 1.5’s function was to include enough filesystem code to allow the much larger Stage 2 to be read from an ordinary filesystem. In this respect, its function was similar to core.img in GRUB 2. However, core.img is much more capable than Stage 1.5 was; since it offers a rescue shell, it is sometimes possible to recover manually in the event that it is unable to load any other modules, for example if partition numbers have changed. core.img is built in a more flexible way, allowing GRUB 2 to support reading modules from advanced disk types such as LVM and RAID.

GRUB Legacy could run with only Stage 1 and Stage 2 in some limited configurations, while GRUB 2 requires core.img and cannot work without it.

stage2

GRUB 2 has no single Stage 2 image. Instead, it loads modules from /boot/grub at run-time.

stage2_eltorito

In GRUB 2, images for booting from CD-ROM drives are now constructed using cdboot.img and core.img, making sure that the core image contains the ‘iso9660’ module. It is usually best to use the grub-mkrescue program for this.

nbgrub

There is as yet no equivalent for nbgrub in GRUB 2; it was used by Etherboot and some other network boot loaders.

pxegrub

In GRUB 2, images for PXE network booting are now constructed using pxeboot.img and core.img, making sure that the core image contains the ‘pxe’ and ‘pxecmd’ modules. See Network.

12. Core image size limitation

Heavily limited platforms:

• i386-pc (normal and PXE): the core image size (compressed) is limited by 458240 bytes. kernel.img (.text + .data + .bss, uncompressed) is limited by 392704 bytes. module size (uncompressed) + kernel.img (.text + .data, uncompressed) is limited by the size of contiguous chunk at 1M address.

• sparc64-ieee1275: kernel.img (.text + .data + .bss) + modules + 256K (stack) + 2M (heap) is limited by space available at 0x4400. On most platforms it’s just 3 or 4M since ieee1275 maps only so much.

• i386-ieee1275: kernel.img (.text + .data + .bss) + modules is limited by memory available at 0x10000, at most 596K

Lightly limited platforms:

• *-xen: limited only by adress space and RAM size.

• i386-qemu: kernel.img (.text + .data + .bss) is limited by 392704 bytes. (core.img would be limited by ROM size but it’s unlimited on qemu

• All EFI platforms: limited by contiguous RAM size and possibly firmware bugs

• Coreboot and multiboot. kernel.img (.text + .data + .bss) is limited by 392704 bytes. module size is limited by the size of contiguous chunk at 1M address.

• mipsel-loongson (ELF), mips(el)-qemu_mips (ELF): if uncompressed: kernel.img (.text + .data) + modules is limited by the space from 80200000 forward if compressed: kernel.img (.text + .data, uncompressed) + modules (uncompressed) + (modules + kernel.img (.text + .data)) (compressed) + decompressor is limited by the space from 80200000 forward

• mipsel-loongson (Flash), mips(el)-qemu_mips (Flash): kernel.img (.text + .data) + modules is limited by the space from 80200000 forward core.img (final) is limited by flash size (512K on yeeloong and fulooong)

• mips-arc: if uncompressed: kernel.img (.text + .data) is limited by the space from 8bd00000 forward modules + dummy decompressor is limited by the space from 8bd00000 backward if compressed: kernel.img (.text + .data, uncompressed) is limited by the space from 8bd00000 forward modules (uncompressed) + (modules + kernel.img (.text + .data)) (compressed, aligned to 1M) + 1M (decompressor + scratch space) is limited by the space from 8bd00000 backward

• powerpc-ieee1275: kernel.img (.text + .data + .bss) + modules is limited by space available at 0x200000

13. Filesystem syntax and semantics

GRUB uses a special syntax for specifying disk drives which can be accessed by BIOS. Because of BIOS limitations, GRUB cannot distinguish between IDE, ESDI, SCSI, or others. You must know yourself which BIOS device is equivalent to which OS device. Normally, that will be clear if you see the files in a device or use the command search (see search).

13.1. How to specify devices

The device syntax is like this:

‘[]’ means the parameter is optional. device depends on the disk driver in use. BIOS and EFI disks use either ‘fd’ or ‘hd’ followed by a digit, like ‘fd0’, or ‘cd’. AHCI, PATA (ata), crypto, USB use the name of driver followed by a number. Memdisk and host are limited to one disk and so it’s refered just by driver name. RAID (md), ofdisk (ieee1275 and nand), LVM (lvm), LDM, virtio (vdsk) and arcdisk (arc) use intrinsic name of disk prefixed by driver name. Additionally just “nand” refers to the disk aliased as “nand”. Conflicts are solved by suffixing a number if necessarry. Commas need to be escaped. Loopback uses whatever name specified to loopback command. Hostdisk uses names specified in device.map as long as it’s of the form [fhc]d[0-9]* or hostdisk/<OS DEVICE>. For crypto and RAID (md) additionally you can use the syntax <driver name>uuid/<uuid>. For LVM additionally you can use the syntax lvmid/<volume-group-uuid>/<volume-uuid>.

part-num represents the partition number of device, starting from one. partname is optional but is recommended since disk may have several top-level partmaps. Specifying third and later component you can access to subpartitions.

The syntax ‘(hd0)’ represents using the entire disk (or the MBR when installing GRUB), while the syntax ‘(hd0,1)’ represents using the first partition of the disk (or the boot sector of the partition when installing GRUB).

If you enabled the network support, the special drives (protocol[,server]) are also available. Supported protocols are ‘http’ and ‘tftp’. If server is omitted, value of environment variable ‘net_default_server’ is used. Before using the network drive, you must initialize the network. See Network, for more information.

If you boot GRUB from a CD-ROM, ‘(cd)’ is available. See Making a GRUB bootable CD-ROM, for details.

13.2. How to specify files

There are two ways to specify files, by absolute file name and by block list.

An absolute file name resembles a Unix absolute file name, using ‘/’ for the directory separator (not ‘\’ as in DOS). One example is ‘(hd0,1)/boot/grub/grub.cfg’. This means the file /boot/grub/grub.cfg in the first partition of the first hard disk. If you omit the device name in an absolute file name, GRUB uses GRUB’s root device implicitly. So if you set the root device to, say, ‘(hd1,1)’ by the command ‘set root=(hd1,1)’ (see set), then /boot/kernel is the same as (hd1,1)/boot/kernel.

On ZFS filesystem the first path component must be volume‘@’[snapshot]. So ‘/rootvol@snap-129/boot/grub/grub.cfg’ refers to file ‘/boot/grub/grub.cfg’ in snapshot of volume ‘rootvol’ with name ‘snap-129’. Trailing ‘@’ after volume name is mandatory even if snapshot name is omitted.

13.3. How to specify block lists

A block list is used for specifying a file that doesn’t appear in the filesystem, like a chainloader. The syntax is [offset]+length[,[offset]+length]…. Here is an example:

This represents that GRUB should read blocks 0 through 99, block 200, and blocks 300 through 599. If you omit an offset, then GRUB assumes the offset is zero.

Like the file name syntax (see File name syntax), if a blocklist does not contain a device name, then GRUB uses GRUB’s root device. So (hd0,2)+1 is the same as +1 when the root device is ‘(hd0,2)’.

14. GRUB’s user interface

GRUB has both a simple menu interface for choosing preset entries from a configuration file, and a highly flexible command-line for performing any desired combination of boot commands.

GRUB looks for its configuration file as soon as it is loaded. If one is found, then the full menu interface is activated using whatever entries were found in the file. If you choose the command-line menu option, or if the configuration file was not found, then GRUB drops to the command-line interface.

14.1. The flexible command-line interface

The command-line interface provides a prompt and after it an editable text area much like a command-line in Unix or DOS. Each command is immediately executed after it is entered⁸. The commands (see Command-line and menu entry commands) are a subset of those available in the configuration file, used with exactly the same syntax.

Cursor movement and editing of the text on the line can be done via a subset of the functions available in the Bash shell:

C-fPC right key

Move forward one character.

C-bPC left key

Move back one character.

C-aHOME

Move to the start of the line.

C-eEND

Move the the end of the line.

C-dDEL

Delete the character underneath the cursor.

C-hBS

Delete the character to the left of the cursor.

C-k

Kill the text from the current cursor position to the end of the line.

C-u

Kill backward from the cursor to the beginning of the line.

C-y

Yank the killed text back into the buffer at the cursor.

C-pPC up key

Move up through the history list.

C-nPC down key

Move down through the history list.

When typing commands interactively, if the cursor is within or before the first word in the command-line, pressing the TAB key (or C-i) will display a listing of the available commands, and if the cursor is after the first word, the TAB will provide a completion listing of disks, partitions, and file names depending on the context. Note that to obtain a list of drives, one must open a parenthesis, as root (.

Note that you cannot use the completion functionality in the TFTP filesystem. This is because TFTP doesn’t support file name listing for the security.

14.2. The simple menu interface

The menu interface is quite easy to use. Its commands are both reasonably intuitive and described on screen.

Basically, the menu interface provides a list of boot entries to the user to choose from. Use the arrow keys to select the entry of choice, then press RET to run it. An optional timeout is available to boot the default entry (the first one if not set), which is aborted by pressing any key.

Commands are available to enter a bare command-line by pressing c (which operates exactly like the non-config-file version of GRUB, but allows one to return to the menu if desired by pressing ESC) or to edit any of the boot entries by pressing e.

If you protect the menu interface with a password (see Security), all you can do is choose an entry by pressing RET, or press p to enter the password.

14.3. Editing a menu entry

The menu entry editor looks much like the main menu interface, but the lines in the menu are individual commands in the selected entry instead of entry names.

If an ESC is pressed in the editor, it aborts all the changes made to the configuration entry and returns to the main menu interface.

Each line in the menu entry can be edited freely, and you can add new lines by pressing RET at the end of a line. To boot the edited entry, press Ctrl-x.

Although GRUB unfortunately does not support undo, you can do almost the same thing by just returning to the main menu using ESC.

15. GRUB environment variables

GRUB supports environment variables which are rather like those offered by all Unix-like systems. Environment variables have a name, which is unique and is usually a short identifier, and a value, which is an arbitrary string of characters. They may be set (see set), unset (see unset), or looked up (see Shell-like scripting) by name.

A number of environment variables have special meanings to various parts of GRUB. Others may be used freely in GRUB configuration files.

15.1. Special environment variables

Special environment variables

15.2. The GRUB environment block

It is often useful to be able to remember a small amount of information from one boot to the next. For example, you might want to set the default menu entry based on what was selected the last time. GRUB deliberately does not implement support for writing files in order to minimise the possibility of the boot loader being responsible for file system corruption, so a GRUB configuration file cannot just create a file in the ordinary way. However, GRUB provides an “environment block” which can be used to save a small amount of state.

The environment block is a preallocated 1024-byte file, which normally lives in /boot/grub/grubenv (although you should not assume this). At boot time, the load_env command (see load_env) loads environment variables from it, and the save_env (see save_env) command saves environment variables to it. From a running system, the grub-editenv utility can be used to edit the environment block.

For safety reasons, this storage is only available when installed on a plain disk (no LVM or RAID), using a non-checksumming filesystem (no ZFS), and using BIOS or EFI functions (no ATA, USB or IEEE1275).

grub-mkconfig uses this facility to implement ‘GRUB_SAVEDEFAULT’ (see Simple configuration).

16. The list of available commands

In this chapter, we list all commands that are available in GRUB.

Commands belong to different groups. A few can only be used in the global section of the configuration file (or “menu”); most of them can be entered on the command-line and can be used either anywhere in the menu or specifically in the menu entries.

In rescue mode, only the insmod (see insmod), ls (see ls), set (see set), and unset (see unset) commands are normally available. If you end up in rescue mode and do not know what to do, then see GRUB only offers a rescue shell.

Menu-specific commands

General commands

Command-line and menu entry commands

Networking commands

17. Internationalisation

17.1. Charset

GRUB uses UTF-8 internally other than in rendering where some GRUB-specific appropriate representation is used. All text files (including config) are assumed to be encoded in UTF-8.

17.2. Filesystems

NTFS, JFS, UDF, HFS+, exFAT, long filenames in FAT, Joliet part of ISO9660 are treated as UTF-16 as per specification. AFS and BFS are read as UTF-8, again according to specification. BtrFS, cpio, tar, squash4, minix, minix2, minix3, ROMFS, ReiserFS, XFS, ext2, ext3, ext4, FAT (short names), F2FS, RockRidge part of ISO9660, nilfs2, UFS1, UFS2 and ZFS are assumed to be UTF-8. This might be false on systems configured with legacy charset but as long as the charset used is superset of ASCII you should be able to access ASCII-named files. And it’s recommended to configure your system to use UTF-8 to access the filesystem, convmv may help with migration. ISO9660 (plain) filenames are specified as being ASCII or being described with unspecified escape sequences. GRUB assumes that the ISO9660 names are UTF-8 (since any ASCII is valid UTF-8). There are some old CD-ROMs which use CP437 in non-compliant way. You’re still able to access files with names containing only ASCII characters on such filesystems though. You’re also able to access any file if the filesystem contains valid Joliet (UTF-16) or RockRidge (UTF-8). AFFS, SFS and HFS never use unicode and GRUB assumes them to be in Latin1, Latin1 and MacRoman respectively. GRUB handles filesystem case-insensitivity however no attempt is performed at case conversion of international characters so e.g. a file named lowercase greek alpha is treated as different from the one named as uppercase alpha. The filesystems in questions are NTFS (except POSIX namespace), HFS+ (configurable at mkfs time, default insensitive), SFS (configurable at mkfs time, default insensitive), JFS (configurable at mkfs time, default sensitive), HFS, AFFS, FAT, exFAT and ZFS (configurable on per-subvolume basis by property “casesensitivity”, default sensitive). On ZFS subvolumes marked as case insensitive files containing lowercase international characters are inaccessible. Also like all supported filesystems except HFS+ and ZFS (configurable on per-subvolume basis by property “normalization”, default none) GRUB makes no attempt at check of canonical equivalence so a file name u-diaresis is treated as distinct from u+combining diaresis. This however means that in order to access file on HFS+ its name must be specified in normalisation form D. On normalized ZFS subvolumes filenames out of normalisation are inaccessible.

17.3. Output terminal

Firmware output console “console” on ARC and IEEE1275 are limited to ASCII.

BIOS firmware console and VGA text are limited to ASCII and some pseudographics.

None of above mentioned is appropriate for displaying international and any unsupported character is replaced with question mark except pseudographics which we attempt to approximate with ASCII.

EFI console on the other hand nominally supports UTF-16 but actual language coverage depends on firmware and may be very limited.

The encoding used on serial can be chosen with terminfo as either ASCII, UTF-8 or “visual UTF-8”. Last one is against the specification but results in correct rendering of right-to-left on some readers which don’t have own bidi implementation.

On emu GRUB checks if charset is UTF-8 and uses it if so and uses ASCII otherwise.

When using gfxterm or gfxmenu GRUB itself is responsible for rendering the text. In this case GRUB is limited by loaded fonts. If fonts contain all required characters then bidirectional text, cursive variants and combining marks other than enclosing, half (e.g. left half tilde or combining overline) and double ones. Ligatures aren’t supported though. This should cover European, Middle Eastern (if you don’t mind lack of lam-alif ligature in Arabic) and East Asian scripts. Notable unsupported scripts are Brahmic family and derived as well as Mongolian, Tifinagh, Korean Jamo (precomposed characters have no problem) and tonal writing (2e5-2e9). GRUB also ignores deprecated (as specified in Unicode) characters (e.g. tags). GRUB also doesn’t handle so called “annotation characters” If you can complete either of two lists or, better, propose a patch to improve rendering, please contact developer team.

17.4. Input terminal

Firmware console on BIOS, IEEE1275 and ARC doesn’t allow you to enter non-ASCII characters. EFI specification allows for such but author is unaware of any actual implementations. Serial input is currently limited for latin1 (unlikely to change). Own keyboard implementations (at_keyboard and usb_keyboard) supports any key but work on one-char-per-keystroke. So no dead keys or advanced input method. Also there is no keymap change hotkey. In practice it makes difficult to enter any text using non-Latin alphabet. Moreover all current input consumers are limited to ASCII.

17.5. Gettext

GRUB supports being translated. For this you need to have language *.mo files in $prefix/locale, load gettext module and set “lang” variable.

17.6. Regexp

Regexps work on unicode characters, however no attempt at checking cannonical equivalence has been made. Moreover the classes like [:alpha:] match only ASCII subset.

17.7. Other

Currently GRUB always uses YEAR-MONTH-DAY HOUR:MINUTE:SECOND [WEEKDAY] 24-hour datetime format but weekdays are translated. GRUB always uses the decimal number format with [0-9] as digits and . as descimal separator and no group separator. IEEE1275 aliases are matched case-insensitively except non-ASCII which is matched as binary. Similar behaviour is for matching OSBundleRequired. Since IEEE1275 aliases and OSBundleRequired don’t contain any non-ASCII it should never be a problem in practice. Case-sensitive identifiers are matched as raw strings, no canonical equivalence check is performed. Case-insenstive identifiers are matched as RAW but additionally [a-z] is equivalent to [A-Z]. GRUB-defined identifiers use only ASCII and so should user-defined ones. Identifiers containing non-ASCII may work but aren’t supported. Only the ASCII space characters (space U+0020, tab U+000b, CR U+000d and LF U+000a) are recognised. Other unicode space characters aren’t a valid field separator. test (see test) tests <, >, <=, >=, -pgt and -plt compare the strings in the lexicographical order of unicode codepoints, replicating the behaviour of test from coreutils. environment variables and commands are listed in the same order.

18. Security

18.1. Authentication and authorization in GRUB

By default, the boot loader interface is accessible to anyone with physical access to the console: anyone can select and edit any menu entry, and anyone can get direct access to a GRUB shell prompt. For most systems, this is reasonable since anyone with direct physical access has a variety of other ways to gain full access, and requiring authentication at the boot loader level would only serve to make it difficult to recover broken systems.

However, in some environments, such as kiosks, it may be appropriate to lock down the boot loader to require authentication before performing certain operations.

The ‘password’ (see password) and ‘password_pbkdf2’ (see password_pbkdf2) commands can be used to define users, each of which has an associated password. ‘password’ sets the password in plain text, requiring grub.cfg to be secure; ‘password_pbkdf2’ sets the password hashed using the Password-Based Key Derivation Function (RFC 2898), requiring the use of grub-mkpasswd-pbkdf2 (see Invoking grub-mkpasswd-pbkdf2) to generate password hashes.

In order to enable authentication support, the ‘superusers’ environment variable must be set to a list of usernames, separated by any of spaces, commas, semicolons, pipes, or ampersands. Superusers are permitted to use the GRUB command line, edit menu entries, and execute any menu entry. If ‘superusers’ is set, then use of the command line and editing of menu entries are automatically restricted to superusers. Setting ‘superusers’ to empty string effectively disables both access to CLI and editing of menu entries. Note: The environment variable needs to be exported to also affect the section defined by the ‘submenu’ command (see submenu).

Other users may be allowed to execute specific menu entries by giving a list of usernames (as above) using the --users option to the ‘menuentry’ command (see menuentry). If the --unrestricted option is used for a menu entry, then that entry is unrestricted. If the --users option is not used for a menu entry, then that only superusers are able to use it.

Putting this together, a typical grub.cfg fragment might look like this:

The grub-mkconfig program does not yet have built-in support for generating configuration files with authentication. You can use /etc/grub.d/40_custom to add simple superuser authentication, by adding set superusers= and password or password_pbkdf2 commands.

18.2. Using digital signatures in GRUB

GRUB’s core.img can optionally provide enforcement that all files subsequently read from disk are covered by a valid digital signature. This document does not cover how to ensure that your platform’s firmware (e.g., Coreboot) validates core.img.

If environment variable check_signatures (see check_signatures) is set to enforce, then every attempt by the GRUB core.img to load another file foo implicitly invokes verify_detached foo foo.sig (see verify_detached). foo.sig must contain a valid digital signature over the contents of foo, which can be verified with a public key currently trusted by GRUB (see list_trusted, see trust, and see distrust). If validation fails, then file foo cannot be opened. This failure may halt or otherwise impact the boot process.

An initial trusted public key can be embedded within the GRUB core.img using the --pubkey option to grub-install (see Invoking grub-install).

GRUB uses GPG-style detached signatures (meaning that a file foo.sig will be produced when file foo is signed), and currently supports the DSA and RSA signing algorithms. A signing key can be generated as follows:

An individual file can be signed as follows:

For successful validation of all of GRUB’s subcomponents and the loaded OS kernel, they must all be signed. One way to accomplish this is the following (after having already produced the desired grub.cfg file, e.g., by running grub-mkconfig (see Invoking grub-mkconfig):

See also: check_signatures, verify_detached, trust, list_trusted, distrust, load_env, save_env.

Note that internally signature enforcement is controlled by setting the environment variable check_signatures equal to enforce. Passing one or more --pubkey options to grub-mkimage implicitly defines check_signatures equal to enforce in core.img prior to processing any configuration files.

Note that signature checking does not prevent an attacker with (serial, physical, ...) console access from dropping manually to the GRUB console and executing:

To prevent this, password-protection (see Authentication and authorisation) is essential. Note that even with GRUB password protection, GRUB itself cannot prevent someone with physical access to the machine from altering that machine’s firmware (e.g., Coreboot or BIOS) configuration to cause the machine to boot from a different (attacker-controlled) device. GRUB is at best only one link in a secure boot chain.

18.3. UEFI secure boot and shim support

The GRUB, except the chainloader command, works with the UEFI secure boot and the shim. This functionality is provided by the shim_lock verifier. It is built into the core.img and is registered if the UEFI secure boot is enabled. The ‘shim_lock’ variable is set to ‘y’ when shim_lock verifier is registered. If it is desired to use UEFI secure boot without shim, one can disable shim_lock by disabling shim verification with MokSbState UEFI variable or by building grub image with ‘--disable-shim-lock’ option.

All GRUB modules not stored in the core.img, OS kernels, ACPI tables, Device Trees, etc. have to be signed, e.g, using PGP. Additionally, the commands that can be used to subvert the UEFI secure boot mechanism, such as iorw and memrw will not be available when the UEFI secure boot is enabled. This is done for security reasons and are enforced by the GRUB Lockdown mechanism (see Lockdown).

18.4. Embedded information for generation number based revocation

The Secure Boot Advanced Targeting (SBAT) is a mechanism to allow the revocation of components in the boot path by using generation numbers embedded into the EFI binaries. The SBAT metadata is located in an .sbat data section that has set of UTF-8 strings as comma-separated values (CSV). See https://github.com/rhboot/shim/blob/main/SBAT.md for more details.

To add a data section containing the SBAT information into the binary, the --sbat option of grub-mkimage command should be used. The content of a CSV file, encoded with UTF-8, is copied as is to the .sbat data section into the generated EFI binary. The CSV file can be stored anywhere on the file system.

18.5. Measuring boot components

If the tpm module is loaded and the platform has a Trusted Platform Module installed, GRUB will log each command executed and each file loaded into the TPM event log and extend the PCR values in the TPM correspondingly. All events will be logged into the PCR described below with a type of EV_IPL and an event description as described below.

GRUB will not measure its own core.img - it is expected that firmware will carry this out. GRUB will also not perform any measurements until the tpm module is loaded. As such it is recommended that the tpm module be built into core.img in order to avoid a potential gap in measurement between core.img being loaded and the tpm module being loaded.

Measured boot is currently only supported on EFI platforms.

18.6. Lockdown when booting on a secure setup

The GRUB can be locked down when booted on a secure boot environment, for example if the UEFI secure boot is enabled. On a locked down configuration, the GRUB will be restricted and some operations/commands cannot be executed.

The ‘lockdown’ variable is set to ‘y’ when the GRUB is locked down. Otherwise it does not exit.

19. Platform limitations

GRUB2 is designed to be portable and is actually ported across platforms. We try to keep all platforms at the level. Unfortunately some platforms are better supported than others. This is detailed in current and 2 following sections.

All platforms have an artificially GRUB imposed disk size restriction of 1 EiB. In some cases, larger disk sizes can be used, but access will not be allowed beyond 1 EiB.

LUKS2 devices with size larger than 16 EiB are currently not supported. They can not be created as crypto devices by cryptomount, so can not even be partially read from. LUKS have no limitations other than those imposed by the format.

ARC platform is unable to change datetime (firmware doesn’t seem to provide a function for it). EMU has similar limitation.

On EMU platform no serial port is available.

Console charset refers only to firmware-assisted console. gfxterm is always Unicode (see Internationalisation section for its limitations). Serial is configurable to UTF-8 or ASCII (see Internationalisation). In case of qemu and coreboot ports the refered console is vga_text. Loongson always uses gfxterm.

Most limited one is ASCII. CP437 provides additionally pseudographics. GRUB2 doesn’t use any language characters from CP437 as often CP437 is replaced by national encoding compatible only in pseudographics. Unicode is the most versatile charset which supports many languages. However the actual console may be much more limited depending on firmware

On BIOS, network is supported only if the image is loaded through network. On sparc64, GRUB is unable to determine which server it was booted from.

Direct ATA/AHCI support allows to circumvent various firmware limitations but isn’t needed for normal operation except on baremetal ports.

AT keyboard support allows keyboard layout remapping and support for keys not available through firmware. It isn’t needed for normal operation except baremetal ports.

Speaker allows morse and spkmodem communication.

USB support provides benefits similar to ATA (for USB disks) or AT (for USB keyboards). In addition it allows USBserial.

Chainloading refers to the ability to load another bootloader through the same protocol

Hints allow faster disk discovery by already knowing in advance which is the disk in question. On some platforms hints are correct unless you move the disk between boots. On other platforms it’s just an educated guess. Note that hint failure results in just reduced performance, not a failure

BadRAM is the ability to mark some of the RAM as “bad”. Note: due to protocol limitations mips-loongson (with Linux protocol) and mips-qemu_mips can use only memory up to first hole.

Bootlocation is ability of GRUB to automatically detect where it boots from. “disk” means the detection is limited to detecting the disk with partition being discovered on install time. “partition” means that disk and partiton can be automatically discovered. “file” means that boot image file name as well as disk and partition can be discovered. For consistency, default install ignores partition and relies solely on disk detection. If no bootlocation discovery is available or boot and grub-root disks are different, UUID is used instead. On ARC if no device to install to is specified, UUID is used instead as well.

20. Outline

Some platforms have features which allows to implement some commands useless or not implementable on others.

Quick summary:

Information retrieval:

• mipsel-loongson: lsspd

• mips-arc: lsdev

• efi: lsefisystab, lssal, lsefimmap, lsefi

• i386-pc: lsapm

• i386-coreboot: lscoreboot, coreboot_boottime, cbmemc

• acpi-enabled (i386-pc, i386-coreboot, i386-multiboot, *-efi): lsacpi

Workarounds for platform-specific issues:

• i386-efi/x86_64-efi: loadbios, fakebios, fix_video

• acpi-enabled (i386-pc, i386-coreboot, i386-multiboot, *-efi): acpi (override ACPI tables)

• i386-pc: drivemap

• i386-pc: sendkey

Advanced operations for power users:

• x86: iorw (direct access to I/O ports)

Miscelaneous:

• cmos (x86-*, ieee1275, mips-qemu_mips, mips-loongson): cmostest (used on some laptops to check for special power-on key), cmosclean

• i386-pc: play

21. Supported boot targets

X86 support is summarised in the following table. “Yes” means that the kernel works on the given platform, “crashes” means an early kernel crash which we hope will be fixed by concerned kernel developers. “no” means GRUB doesn’t load the given kernel on a given platform. “headless” means that the kernel works but lacks console drivers (you can still use serial or network console). In case of “no” and “crashes” the reason is given in footnote.

1. Requires BIOS

2. EFI only

3. 32-bit and 64-bit EFI have different structures and work in different CPU modes so it’s not possible to chainload 32-bit bootloader on 64-bit platform and vice-versa

4. Some modules may need to be disabled

5. Requires ACPI

PowerPC, IA64 and Sparc64 ports support only Linux. MIPS port supports Linux and multiboot2.

21.1. Boot tests

As you have seen in previous chapter the support matrix is pretty big and some of the configurations are only rarely used. To ensure the quality bootchecks are available for all x86 targets except EFI chainloader, Appleloader and XNU. All x86 platforms have bootcheck facility except ieee1275. Multiboot, multiboot2, BIOS chainloader, ntldr and freebsd-bootloader boot targets are tested only with a fake kernel images. Only Linux is tested among the payloads using Linux protocols.

Following variables must be defined:

Required files are:

22. Error messages produced by GRUB

22.1. GRUB only offers a rescue shell

GRUB’s normal start-up procedure involves setting the ‘prefix’ environment variable to a value set in the core image by grub-install, setting the ‘root’ variable to match, loading the ‘normal’ module from the prefix, and running the ‘normal’ command (see normal). This command is responsible for reading /boot/grub/grub.cfg, running the menu, and doing all the useful things GRUB is supposed to do.

If, instead, you only get a rescue shell, this usually means that GRUB failed to load the ‘normal’ module for some reason. It may be possible to work around this temporarily: for instance, if the reason for the failure is that ‘prefix’ is wrong (perhaps it refers to the wrong device, or perhaps the path to /boot/grub was not correctly made relative to the device), then you can correct this and enter normal mode manually:

However, any problem that leaves you in the rescue shell probably means that GRUB was not correctly installed. It may be more useful to try to reinstall it properly using grub-install device (see Invoking grub-install). When doing this, there are a few things to remember:

• Drive ordering in your operating system may not be the same as the boot drive ordering used by your firmware. Do not assume that your first hard drive (e.g. ‘/dev/sda’) is the one that your firmware will boot from. device.map (see Device map) can be used to override this, but it is usually better to use UUIDs or file system labels and avoid depending on drive ordering entirely.

• At least on BIOS systems, if you tell grub-install to install GRUB to a partition but GRUB has already been installed in the master boot record, then the GRUB installation in the partition will be ignored.

• If possible, it is generally best to avoid installing GRUB to a partition (unless it is a special partition for the use of GRUB alone, such as the BIOS Boot Partition used on GPT). Doing this means that GRUB may stop being able to read its core image due to a file system moving blocks around, such as while defragmenting, running checks, or even during normal operation. Installing to the whole disk device is normally more robust.

• Check that GRUB actually knows how to read from the device and file system containing /boot/grub. It will not be able to read from encrypted devices with unsupported encryption scheme, nor from file systems for which support has not yet been added to GRUB.

22.2. Firmware stalls instead of booting GRUB

The EFI implementation of some older MacBook laptops stalls when it gets presented a grub-mkrescue ISO image for x86_64-efi target on an USB stick. Affected are models of year 2010 or earlier. Workaround is to zeroize the bytes 446 to 461 of the EFI partition, where mformat has put a partition table entry which claims partition start at block 0. This change will not hamper bootability on other machines.

23. Invoking utilities

• Invoking grub-install

• Invoking grub-mkconfig

• Invoking grub-mkpasswd-pbkdf2

• Invoking grub-mkrelpath

• Invoking grub-mkrescue

• Invoking grub-mount

• Invoking grub-probe

• Invoking grub-script-check