GRUB (Grand Unified Bootloader) comprises two stages. stage1 consists of 512 bytes and its only task is to load the second stage of the boot loader. Subsequently, stage2 is loaded. This stage contains the main part of the boot loader.
In some configurations, an intermediate stage 1.5 can be used, which locates and loads stage 2 from an appropriate file system. If possible, this method is chosen by default on installation or when initially setting up GRUB with YaST.
stage2 is able to access many file systems. Currently, Ext2, Ext3, ReiserFS,
Minix, and the DOS FAT file system used by Windows are supported. To a
certain extent, XFS, and UFS and FFS used by BSD systems are also
supported. Since version 0.95, GRUB is also able to boot from a CD or DVD
containing an ISO 9660 standard file system pursuant to the El
Torito
specification. Even before the system is booted, GRUB can
access file systems of supported BIOS disk devices (floppy disks or hard
disks, CD drives, and DVD drives detected by the BIOS). Therefore, changes
to the GRUB configuration file (menu.lst) do not
require a reinstallation of the boot manager. When the system is booted,
GRUB reloads the menu file with the valid paths and partition data of the
kernel or the initial RAM disk (initrd) and locates these
files.
The actual configuration of GRUB is based on three files that are described below:
This file contains all information about partitions or operating systems that can be booted with GRUB. Without this information, the GRUB command line prompts the user for how to proceed (see Editing Menu Entries during the Boot Procedure for details).
This file translates device names from the GRUB and BIOS notation to Linux device names.
This file contains the commands, parameters, and options the GRUB shell needs for installing the boot loader correctly.
GRUB can be controlled in various ways. Boot entries from an existing configuration can be selected from the graphical menu (splash screen). The configuration is loaded from the file menu.lst.
In GRUB, all boot parameters can be changed prior to booting. For example, errors made when editing the menu file can be corrected in this way. Boot commands can also be entered interactively at a kind of input prompt (see Editing Menu Entries during the Boot Procedure). GRUB offers the possibility of determining the location of the kernel and the initrd prior to booting. In this way, you can even boot an installed operating system for which no entry exists in the boot loader configuration.
GRUB actually exists in two versions: as a boot loader and as a normal Linux program in /usr/sbin/grub. This program is referred to as the GRUB shell. It provides an emulation of GRUB in the installed system and can be used to install GRUB or test new settings before applying them. The functionality to install GRUB as the boot loader on a hard disk or floppy disk is integrated in GRUB in the form of the commands install and setup. This is available in the GRUB shell when Linux is loaded.
The file device.map maps GRUB and BIOS device names to Linux device names. In a mixed system containing IDE and SCSI hard disks, GRUB must try to determine the boot sequence by a special procedure, because GRUB may not have access to the BIOS information on the boot sequence. GRUB saves the result of this analysis in the file /boot/grub/device.map. For a system on which the boot sequence in the BIOS is set to IDE before SCSI, the file device.map could appear as follows:
(fd0) /dev/fd0 (hd0) /dev/sda (hd1) /dev/sdb
Because the order of IDE, SCSI, and other hard disks depends on various factors and Linux is not able to identify the mapping, the sequence in the file device.map can be set manually. If you encounter problems when booting, check if the sequence in this file corresponds to the sequence in the BIOS and use the GRUB prompt to modify it temporarily if necessary. After the Linux system has booted, the file device.map can be edited permanently with the YaST boot loader module or an editor of your choice.
After manually changing device.map, execute the following command to reinstall GRUB. This command causes the file device.map to be reloaded and the commands listed in grub.conf to be executed:
grub --batch < /etc/grub.conf
The third most important GRUB configuration file after menu.lst and device.map is /etc/grub.conf. This file contains the commands, parameters, and options the GRUB shell needs for installing the boot loader correctly:
root (hd0,4) install /grub/stage1 (hd0,3) /grub/stage2 0x8000 (hd0,4)/grub/menu.lst quit
Meaning of the individual entries:
This command tells GRUB to apply the following commands to the first logical partition of the first hard disk (the location of the boot files).
The command grub should be run with the parameter install. stage1 of the boot loader should be installed in the the extended partition container (/grub/stage1 (hd0,3)). This is a slightly esoteric configuration, but it is known to work in many cases. stage2 should be loaded to the memory address 0x8000 (/grub/stage2 0x8000). The last entry ((hd0,4)/grub/menu.lst) tells GRUB where to look for the menu file.
Even before the operating system is booted, GRUB enables access to file systems. Users without root permissions can access files in your Linux system to which they have no access once the system is booted. To block this kind of access or prevent users from booting certain operating systems, set a boot password.
IMPORTANT: Boot Password and Splash Screen
If you use a boot password for GRUB, the usual splash screen is not displayed.
As the user root, proceed as follows to set a boot password:
At the root prompt, encrypt the password using grub-md5-crypt:
# grub-md5-crypt Password: **** Retype password: **** Encrypted: $1$lS2dv/$JOYcdxIn7CJk9xShzzJVw/
Paste the encrypted string into the global section of the file menu.lst:
gfxmenu (hd0,4)/message color white/blue black/light-gray default 0 timeout 8 password --md5 $1$lS2dv/$JOYcdxIn7CJk9xShzzJVw/
Now GRUB commands can only be executed at the boot prompt after pressing P and entering the password. However, users can still boot all operating systems from the boot menu.
To prevent one or several operating systems from being booted from the boot menu, add the entry lock to every section in menu.lst that should not be bootable without entering a password. For example:
title linux kernel (hd0,4)/vmlinuz root=/dev/sda7 vga=791 initrd (hd0,4)/initrd lock
After rebooting the system and selecting the Linux entry from the boot menu, the following error message is displayed:
Error 32: Must be authenticated
Press Enter to enter the menu. Then press P to get a password prompt. After entering the password and pressing Enter, the selected operating system (Linux in this case) should boot.