21.2 Booting with GRUB
GRUB (Grand Unified Bootloader) comprises two stages. stage1 consists of
512 bytes and its only task is to load the second stage of the boot
loader. Subsequently, stage2 is loaded. This stage contains the main part of
the boot loader.
In some configurations, an intermediate stage 1.5 can be used, which locates
and loads stage 2 from an appropriate file system. If possible, this method
is chosen by default on installation or when initially setting up GRUB
with YaST.
stage2 is able to access many file systems. Currently, Ext2, Ext3, ReiserFS,
Minix, and the DOS FAT file system used by Windows are supported. To a
certain extent, JFS, XFS, and UFS and FFS used by BSD systems are also
supported. Since version 0.95, GRUB is also able to boot from a CD or DVD
containing an ISO 9660 standard file system pursuant to the El
Torito
specification. Even before the system is booted, GRUB can
access file systems of supported BIOS disk devices (floppy disks or hard
disks, CD drives, and DVD drives detected by the BIOS). Therefore, changes
to the GRUB configuration file (menu.lst) do not
require a reinstallation of the boot manager. When the system is booted,
GRUB reloads the menu file with the valid paths and partition data of the
kernel or the initial RAM disk (initrd) and locates these
files.
The actual configuration of GRUB is based on three files that are
described below:
- /boot/grub/menu.lst
-
This file contains all information about partitions or operating systems
that can be booted with GRUB. Without this information, the GRUB
command line prompts the user for how to proceed (see
Editing Menu Entries during the Boot Procedure for details).
- /boot/grub/device.map
-
This file translates device names from the GRUB and BIOS notation to
Linux device names.
- /etc/grub.conf
-
This file contains the commands, parameters, and options the GRUB shell
needs for installing the boot loader correctly.
GRUB can be controlled in various ways. Boot entries from an existing
configuration can be selected from the graphical menu (splash screen). The
configuration is loaded from the file menu.lst.
In GRUB, all boot parameters can be changed prior to booting. For example,
errors made when editing the menu file can be corrected in this way. Boot
commands can also be entered interactively at a kind of input prompt (see
Editing Menu Entries during the Boot Procedure). GRUB offers the possibility of
determining the location of the kernel and the initrd
prior to booting. In this way, you can even boot an installed operating
system for which no entry exists in the boot loader configuration.
GRUB actually exists in two versions: as a boot loader and as a normal
Linux program in /usr/sbin/grub. This program is
referred to as the GRUB shell. It provides an
emulation of GRUB in the installed system and can be used to install
GRUB or test new settings before applying them. The functionality to
install GRUB as the boot loader on a hard disk or floppy disk is integrated in
GRUB in the form of the commands install and
setup. This is available in the GRUB shell when Linux
is loaded.
21.2.2 The File device.map
The file device.map maps GRUB and BIOS device names to
Linux device names. In a mixed system containing IDE and SCSI hard disks,
GRUB must try to determine the boot sequence by a special procedure,
because GRUB may not have access to the BIOS information on the boot
sequence. GRUB saves the result of this analysis in the file
/boot/grub/device.map. For a system on which the boot
sequence in the BIOS is set to IDE before SCSI, the file
device.map could appear as follows:
(fd0) /dev/fd0
(hd0) /dev/hda
(hd1) /dev/sda
Because the order of IDE, SCSI, and other hard disks depends on various
factors and Linux is not able to identify the mapping, the sequence in the
file device.map can be set manually. If you encounter
problems when booting, check if the sequence in this file corresponds to
the sequence in the BIOS and use the GRUB prompt to modify it temporarily
if necessary. After the Linux system has booted, the file
device.map can be edited permanently with the YaST
boot loader module or an editor of your choice.
IMPORTANT: SATA Disks
Depending on the controller, SATA disks are either recognized as IDE
(/dev/hdx) or SCSI
(/dev/sdx) devices.
After manually changing device.map, execute the
following command to reinstall GRUB. This command causes the file
device.map to be reloaded and the commands listed in
grub.conf to be executed:
grub --batch < /etc/grub.conf
21.2.3 The File /etc/grub.conf
The third most important GRUB configuration file after
menu.lst and device.map is
/etc/grub.conf. This file contains the commands,
parameters, and options the GRUB shell needs for installing the boot
loader correctly:
root (hd0,4)
install /grub/stage1 (hd0,3) /grub/stage2 0x8000 (hd0,4)/grub/menu.lst
quit
Meaning of the individual entries:
- root (hd0,4)
-
This command tells GRUB to apply the following commands to the first
logical partition of the first hard disk (the location of the boot
files).
- install parameter
-
The command grub should be run with the parameter
install. stage1 of the boot
loader should be installed in the the extended partition container
(/grub/stage1 (hd0,3)). This is a slightly esoteric
configuration, but it is known to work in many cases.
stage2 should be loaded to the memory address
0x8000 (/grub/stage2 0x8000). The last entry
((hd0,4)/grub/menu.lst) tells GRUB where to look
for the menu file.
21.2.4 Setting a Boot Password
Even before the operating system is booted, GRUB enables access to file
systems. Users without root permissions can access files in your Linux
system to which they have no access once the system is booted. To block
this kind of access or prevent users from booting certain operating
systems, set a boot password.
IMPORTANT: Boot Password and Splash Screen
If you use a boot password for GRUB, the usual splash screen is not
displayed.
As the user root, proceed as follows to set a boot
password:
-
At the root prompt, encrypt the password using grub-md5-crypt:
# grub-md5-crypt
Password: ****
Retype password: ****
Encrypted: $1$lS2dv/$JOYcdxIn7CJk9xShzzJVw/
-
Paste the encrypted string into the global section of the file
menu.lst:
gfxmenu (hd0,4)/message
color white/blue black/light-gray
default 0
timeout 8
password --md5 $1$lS2dv/$JOYcdxIn7CJk9xShzzJVw/
Now GRUB commands can only be executed at the boot prompt after
pressing P and entering the password. However, users can
still boot all operating systems from the boot menu.
-
To prevent one or several operating systems from being booted from the
boot menu, add the entry lock to every section in
menu.lst that should not be bootable without
entering a password. For example:
title linux
kernel (hd0,4)/vmlinuz root=/dev/hda7 vga=791
initrd (hd0,4)/initrd
lock
After rebooting the system and selecting the Linux entry from the boot
menu, the following error message is displayed:
Error 32: Must be authenticated
Press Enter to enter the menu. Then press
P to get a password prompt. After entering the password
and pressing Enter, the selected operating system (Linux
in this case) should boot.