4.2 About the GRUB Boot Loader

4.2.1 About the GRUB Configuration File
4.2.2 Configuring a GRUB Password
4.2.3 Using GRUB

GRUB can load many operating systems in addition to Oracle Linux and it can chain-load proprietary operating systems. GRUB understands the formats of file systems and kernel executables, which allows it to load an arbitrary operating system without needing to know the exact location of the kernel on the boot device. GRUB requires only the file name and drive partitions to load a kernel. You can configure this information by editing the /boot/grub/grub.conf file, by using the GRUB menu, or by entering it on the command line. A portion of the GRUB bootloader code (stage 1 code) is written to the MBR, and the remainder is written to the /boot partition.

The GRUB bootloader is modular and operates in the following stages:

Stage 1

Stage 1 code is stored in the MBR. This code contains a block list that points to the next stage of GRUB, which is either stage1_5 or stage 2, depending on the file system type.

# dd if=/dev/sda count=1 of=/tmp/MBR
1+0 records in
1+0 records out
512 bytes (512 B) copied, 0.000283544 s, 1.8 MB/s
# file /tmp/MBR
/tmp/MBR: x86 boot sector; GRand Unified Bootloader, stage1 version 0x3,
boot drive 0x80, 1st sector stage2 0x8480e, GRUB version 0.94;
partition 1: ID=0x83, active, starthead 32, startsector 2048, 1024000 sectors;
partition 2: ID=0x8e, starthead 221, startsector 1026048, 82860032 sectors,
             code offset 0x48

An unamended copy of the stage 1 code can be found in the file /boot/grub/stage1.

# file /boot/grub/stage1
/boot/grub/stage1: x86 boot sector; GRand Unified Bootloader, stage1 version 0x3,
GRUB version 0.94, code offset 0x48
Stage 1_5

Stage1_5 code allows GRUB to interpret different types of file system. For some file system types such as ext4, GRUB does not need to load stage1_5. The code for each file system type is stored as files in /boot/grub:

# cd /boot/grub
# ls *stage1_5
e2fs_stage1_5  iso9660_stage1_5  reiserfs_stage1_5  xfs_stage1_5
fat_stage1_5   jfs_stage1_5      ufs2_stage1_5
ffs_stage1_5   minix_stage1_5    vstafs_stage1_5
Stage 2

Stage 2 code reads /boot/grub/grub.conf to determine how to load the kernel. The stage 2 code is stored in the file /boot/grub/stage2:

# ls -al /boot/grub/stage2
-rw-r--r--. 1 root root 125976 Jun 28  2012 /boot/grub/stage2

4.2.1 About the GRUB Configuration File

The GRUB configuration file, /boot/grub/grub.conf, starts with the default, timeout, splashimage, and hiddenmenu directives:

default

Specifies the kernel entry that GRUB should boot by default. GRUB counts the kernel entries in the configuration file starting at 0. The directive default=0 means that GRUB boots the first kernel entry by default, unless you override this action. If you have installed the Unbreakable Enterprise Kernel, it is configured as the first entry, and the Red Hat Compatible Kernel is configured as the second entry. Changing the value of default to 1 would cause GRUB to boot the Red Hat Compatible Kernel by default.

timeout

Specifies the number of seconds that GRUB should wait for keyboard input before booting the default kernel. Pressing any alphanumeric key within this period displays the GRUB menu. The default timeout is 5 seconds. A value of 0 causes GRUB to boot the default kernel immediately. A value of -1 or no value at all causes GRUB to wait indefinitely until you press a key.

splashimage

Specifies the splash screen that hides boot messages. Pressing Esc bypasses the splash screen. The default splash image is (hd0,0)/grub/splash.xpm.gz, which is a gzipped, xpm-format file.

hiddenmenu

If specified, instructs GRUB not to display the GRUB menu by default unless a key is pressed.

password

If specified with the arguments --md5 pwhash, specifies the MD5 hash of a GRUB password generated using the /sbin/grub-md5-crypt command. See Section 4.2.2, “Configuring a GRUB Password”.

Following these directives are title entries that represent each bootable Oracle Linux kernel or other operating system partition.

For Linux systems, the title contains a description of the kernel and the kernel version number in parentheses. Each title is followed by root, kernel, initrd, and optional lock directives, which should be indented:

lock

If specified, you must enter the correct GRUB password to boot the specified kernel or operating system. See Section 4.2.2, “Configuring a GRUB Password”.

root

Specifies the root partition, which can be on a local disk or on a SAN-attached disk. The first hard drive detected by the BIOS is named hd0, the second is named hd1, and so on. The partitions on a disk are numbered from 0. For example, root (hd0,1) specifies the first detected disk and the second partition on that disk. The mapping between BIOS-detected disks and device files is stored in /boot/grub/device.map, for example:

# cat /boot/grub/device.map 
# this device map was generated by anaconda
(hd0)     /dev/sda
kernel

Specifies the kernel version to be booted as a path relative to the root of the boot partition, together with any kernel boot parameters. See Section 4.2.1.1, “Kernel Boot Parameters”.

initrd

Specifies the initramfs file as a path relative to the root of the boot partition. The kernel uses this file to create the initial root file system that it mounts before the real root file system. The purpose of the initial root file system is to allow the kernel to preload driver modules for IDE, SCSI, RAID and other devices, so that it can access and mount the real root file system. After the newly-loaded kernel has complete access to the real root file system, it switches over to using it.

initramfs files accompany kernel distributions and usually have the same version number as the kernel that they support. You would not usually need to change or modify an initramfs file unless you build a kernel to support a new device driver module.

Note

The name initrd is a legacy of when the initial root file system was provided as a file system image. The initramfs file is actually a cpio archive.

The following sample entries are taken from a GRUB configuration file:

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/mapper/VolGroup-lv_root
#          initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Oracle Linux Server (3.6.39-400.17.1.el6uek.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.39-400.17.1.el6uek.x86_64 ro root=/dev/mapper/VolGroup-lv_root 
rd_NO_LUKS KEYBOARDTYPE=pc KEYTABLE=uk LANG=en_US.UTF-8 rd_NO_MD rd_LVM_LV=VolGroup/lv_swap 
SYSFONT=latarcyrheb-sun16  rd_LVM_LV=VolGroup/lv_root rd_NO_DM rhgb quiet
        initrd /initramfs-2.6.39-400.17.1.el6uek.x86_64.img
title Oracle Linux Server (2.6.32-358.0.1.el6.x86_64)
        root (hd0,0)
        kernel /vmlinuz-2.6.32-358.0.1.el6.x86_64 ro root=/dev/mapper/VolGroup-lv_root 
rd_NO_LUKS  KEYBOARDTYPE=pc KEYTABLE=uk LANG=en_US.UTF-8 rd_NO_MD rd_LVM_LV=VolGroup/lv_swap 
SYSFONT=latarcyrheb-sun16  rd_LVM_LV=VolGroup/lv_root rd_NO_DM rhgb quiet crashkernel=auto
        initrd /initramfs-2.6.32-358.0.1.el6.x86_64.img

In this example, the default kernel is the Unbreakable Enterprise Kernel (3.6.39-400.17.1.el6uek.x86_64) and the other bootable kernel is the Red Hat Compatible Kernel (2.6.32-358.0.1.el6.x86_64). As this system has a separate boot partition, the paths of the kernel and initrd files are given relative to the root of that partition.

4.2.1.1 Kernel Boot Parameters

The following table lists commonly-used kernel boot parameters.

Option

Description

1|2|3|4|5

Specifies the run level, overriding the value set in /etc/inittab.

KEYBOARDTYPE=kbtype

Specifies the keyboard type, which is written to /etc/sysconfig/keyboard in the initramfs.

KEYTABLE=kbtype

Specifies the keyboard layout, which is written to /etc/sysconfig/keyboard in the initramfs.

LANG=language_territory.codeset

Specifies the system language and code set, which is written to /etc/sysconfig/i18n in the initramfs.

max_loop=N

Specifies the number of loop devices (/dev/loop*) that are available for accessing files as block devices. The default and maximum values of N are 8 and 255.

nouptrack

Disables Ksplice Uptrack updates from being applied to the kernel.

quiet

Reduces debugging output.

rd_LUKS_UUID=UUID

Activates an encrypted Linux Unified Key Setup (LUKS) partition with the specified UUID.

rd_LVM_VG=vg/lv_vol

Specifies an LVM volume group and volume to be activated.

rd_NO_LUKS

Disables detection of an encrypted LUKS partition.

rhgb

Specifies that the Red Hat graphical boot display should be used to indicate the progress of booting.

rn_NO_DM

Disables Device-Mapper (DM) RAID detection.

rn_NO_MD

Disables Multiple Device (MD) RAID detection.

ro root=/dev/mapper/vg-lv_root

Specifies that the root file system is to be mounted read only, and specifies the root file system by the device path of its LVM volume (where vg is the name of the volume group).

rw root=UUID=UUID

Specifies that the root (/) file system is to be mounted read-writable at boot time, and specifies the root partition by its UUID.

selinux=0

Disables SELinux.

singleBoots the computer in single-user mode, without prompting for the root password.
SYSFONT=fontSpecifies the console font, which is written to /etc/sysconfig/i18n in the initramfs.

The kernel boot parameters that were last used to boot a system are recorded in /proc/cmdline, for example:

# cat /proc/cmdline
ro root=/dev/mapper/VolGroup-lv_root rd_NO_LUKS KEYBOARDTYPE=pc KEYTABLE=us
LANG=en_US.UTF-8 rd_NO_MD rd_LVM_LV=VolGroup/lv_swap SYSFONT=latarcyrheb-sun16
rd_LVM_LV=VolGroup/lv_root rd_NO_DM rhgb quiet selinux=0

4.2.2 Configuring a GRUB Password

If a system is not kept in a locked data center, and as an alternative to using any password protection mechanism built into the BIOS, you can add a degree of protection to the system by requiring a valid password be provided to the GRUB boot loader.

Note

Password protecting GRUB access prevents unauthorized users from entering single user mode and changing settings at boot time. It does not prevent someone from accessing data on the hard drive by booting into an operating system from a memory stick, or physically removing the drive to read its contents on another system.

To configure a GRUB password:

  1. Use the following command to generate the MD5 hash of your password:

    # /sbin/grub-md5-crypt
    Password: clydenw
    Retype password: clydenw
    $1$qhqh.1$7MQxS6GHg4IlOFMdnDx9S.
  2. Edit /boot/grub/grub.conf, and add a password entry below the timeout entry near the top of the file, for example:

    timeout=5
    password --md5 pwhash

    where pwhash is the hash value that grub-md5-crypt returned.

  3. If GRUB has been configured to boot multiple operating systems on the same machine, add a lock entry to after the title entry for each operating system, for example:

    title Windows
    lock

When you reboot the machine, you must press P and enter the GRUB password before you can access the GRUB command interface.

4.2.3 Using GRUB

Note

All changes that you make at boot time are temporary. GRUB does not update the configuration file. To make your changes permanent, boot the system, and use a text editor to modify the entries in /boot/grub/grub.conf.

When booting a system, you can access the GRUB menu by pressing a key before the timeout expires. GRUB displays the title entries from the /boot/grub/grub.conf file, and highlights the default entry. You can use the up and down arrow keys to choose a different entry and press Enter to boot it.

If you have set a GRUB password, you must press P and enter the valid password to be able to edit the titles or change kernel boot parameters. To edit any of the root, kernel, or initrd directives, press E. To edit the kernel directive only, press A. To use the GRUB command line, press C.

If you press E, select the root, kernel, or initrd directive, and press E to edit it. Initially, the entry cursor is placed at the end of the directive. Use the Home, End, and left and right arrow keys to move through the line. Use the Backspace and Delete keys to erase characters, and type in your changes at the cursor position. Press Enter to save your changes or press Esc to discard them. Press B to start the boot sequence using the changes that you have made.

If you press A, you can edit the root directive. Initially, the entry cursor is placed at the end of the directive. Use the Home, End, and left and right arrow keys to move through the line. Use the Backspace and Delete keys to erase characters, and type in your changes at the cursor position. Press Enter to save your changes and boot the system or press Esc to discard the changes.

If you press C, you can enter GRUB commands. Enter help to see a list of commands. Enter help command to see more information about a specified command.

For more information, enter the info grub command to access the GRUB manual.