GRUB How to

Anuj Singh

[email protected]

March 03, 2005

This document is designed to tell basic information about grub (grand unified boot loader).

• 1.Feedback
  

• 2.Disclaimer
  
  
• 3.Copyright
  
  
• 4.Understanding GRUB
  
  
• 5.Naming conventionTerminology
  
  
• 6.File Structure and GRUB Features
  
  
• 7.Playing with GRUB password.

My email address is [email protected]

2.Disclaimer

I AM NOT RESPONSIBLE FOR ANY DAMAGES INCURRED DUE TO ACTIONS TAKEN BASED ON THIS DOCUMENT. This document is meant as an introduction to GRUB( grand unified boot loader). I am not, nor do I pretend to be, an expert. ;-) I am just some guy who has read too much and likes computers more than most people. Please, I am writing this to help people get acquainted with this subject, and I am not ready to stake my life on the accuracy of what is in here.

3.Copyright

You are free to copy whole /part of this document with any medium, with your own name, suggestions are welcomed, I will try to add more with more inside details.

If you have any questions, please email me. (See Above)

4.Understanding Grub

Introduction:-
GRUB originated In 1995 Eric Bolyen and Brian Ford designed the Multiboot specification. Erich then began modifying Free BSD bootloader so that it can understand multiboot and he soon realized that it would be much better to build his own boot loader from the scratch, so the GRUB was born.
Erich added many features to GRUB, but other priorities prevented him from keeping up with the demands of its quickly-expanding user base. In 1999, Gordon Matzigkeit and Yoshinori K. Okuji adopted GRUB as an official GNU package, and opened its development by making the latest sources available via anonymous CVS. See Obtaining and Building GRUB, for more information.

How does a boot loader works?

The bios is the firmware in the ROM of a PC. When PC powered up the BIOS is the first program that runs. The BIOS contanis following parts:What bios does for us?
1. POST (Power on self test) running counter that checks the RAM in Kilobytes of main memory (it is the visible part of POST).
BIOS tests the system, looks for and checks peripherals, and then locates a valid device with which to boot the system. Usually, it checks any diskette drives and CD-ROM drives present for bootable media, then, failing that, looks to the system's hard drives. In most cases, the order of the drives searched while booting is controlled with a setting in BIOS, and it looks on the master IDE device on the primary IDE bus.

2.The setup menu, that lets you configure real time clock, setting boot order e.g. First floppy disk A, First hard disk C, CD-ROM and possibly other disks as well. The first device in the list will be tried first to boot from, if not successful then it will move to next preferred device to locate boot sector.

3.The boot sector loader. Loads the first 512- byte sector from the boot disk into RAM and jumps to it.
The MBR is only 512 bytes in size and contains machine code instructions for booting the machine, called a boot loader, along with the partition table. Once the BIOS finds and loads the boot loader program into memory, it yields control of the boot process to it.

4.The BIOS interrupts. These are the simple device drivers that the programs can use to access the screen and keyboard and disks. Boot loaders, most operating systems do not (Linux kernel does not uses BIOS interrupts once it has been started). MSDOS does use the BIOS interrupts.

Apart from main BIOS there are extension ROM's, started by main BIOS. Every VGA card has one. Also SCSI host adapters and Ethernet cards can have an extension ROM. It is even possible to put a EPROM on an Ethernet card and bot a machine over network without any disks.

As far as boot loading are concerned PC BIOS is very primitive compared to that of other computer systems. The only thing it knows about disk is how to load first 512 byte sector.

• The first sector of the disk can be loaded at 0000:7C00 location. The last two bytes of the sector are checked for 0x55 and 0xAA, this is a rough sanity check. If these things are ok, BIOS jumps to the loaction 0000:7C00.

• Booting from a hard disk is very similar to booting from a diskette. The first sector of a hard disk (MBR) is loaded at 0000:7C00 and next BIOS jumps to it. The MBR must move itself to an address different than 0000:7C00 as it supposed to load different boot section from a partition to 0000:7C00 and jump to that.

• Modern BIOS versions can treat a certain file on a CD-ROM as a diskette image. They pretend to bot from a diskette by loading the first 512 bytes of the file to 0000:7C00 and jumping to it. Every attempt to access the same diskette using the BIOS routines, will be redirected to the image file on CD-ROM. Some other way to boot a CD-ROM may also be supported (with an emulated hard disk or with no disk imulation at all).

When the boot sector is loaded, the CPU is in real mode.
On a single � OS computer, the boot process is fairly simple, the BIOS searches for codes on the hard disk's (or other bootable disk's) boot sector MBR (master boot record), which is the first sector on the disk (Often called primary boot loader). This code is often called primary boot loader, and in some cases it directs the boot process to just one OS or to any OS you select. In other cases, the primary bootloader relies on secondary boot loadre, which may reside in a partion of it's own or in the boot sector of a specific partion, in order to finish the job. On most Linux distributinos ships with three boot loaders.
i- GRUB (grand Unified Bootloader)
ii-LILO (Linux Loader)
iii-LOADLIN.

nuni is a boot loader that does not use BIOS, but is otherwise rather limited. It boots only from IDE disks.
Gujin is a boot loader that understands file systems, just like GRUB.
mbr03 and e2boot are an MBR boot selector and a matching Linux boot loader that fits into the first 1k boot block of an ext2 partition, so no file space is used by them.

Note: some boot loaders are rapidly evolving, so some features may have been added after this article was written.

GRUB Legacy

GRUB Legacy is not actively developed any longer. Only bugfixes will be made so that we can continue using GRUB Legacy until GRUB 2 becomes stable enough. If you want more features in GRUB, it is a waste of time to work on GRUB Legacy, because we never accept any new feature. Instead, it is better to take part in the development of GRUB 2.

GRUB Legacy follows these requirements below:

• Compliant with the Multiboot Specification

• Basic functions are easy for an end-user to use.

• Rich functionality for OS experts/designers.

• Compatibility for booting FreeBSD, NetBSD, OpenBSD, and GNU/Linux. Proprietary OS's such as Windows 9x/NT/2000/XP, and OS/2 are supported via a chain-loading function.

In addition to the requirements above, GNU GRUB Legacy has the following features:

• Support multiple executable formats.

• Support non-Multiboot OS's.

• Load multiple modules.

• Support a human-readable configuration file.

• Menu interface.

• Flexible command-line interface.

• Support multiple filesystem types.

• Support automatic decompression.

• Access data on any installed device.

• Geometry translation independent.

• Detect all installed RAM.

• Support Logical Block Address (LBA) mode.

• Download OS images from a network.

• Support diskless systems.

• Support remote terminals.

Briefly, a boot loader is the first software program that runs when a computer starts. It transfers control to an operating system �kernel� software (such as linux or GNU Mach). The kernel in turn intializes the rest of the opearting system (e.g. A GNU system).

GNU boot loader is a very powerful boot loader, which can load a wide variety of free opearting systems as well as as well as proprietary operating systems with chain-loading.

One of the important features in GRUB is flexibility; GRUB understands file systems as well as kernel executable formats, so you can load arbitrary operating system the way you like, without recoding the physical position of your kernel on the disk.

Thus you can load the kernel just specifying it's file name and the drive partition where kernel resides.

5.Naming convention Terminology

He first hard drive of a system will e called (hd0) by GRUB. The first partion on that drive is called (hd0,0) a
Device Names
(<type-of-device><bios-device-number>,<partition-number>)

The parantheses and comma are very important to the device naming conventions. The <type-of-device> refers to whether a hard disk (hd) or floppy disk (fd) is being specified.

The <bios-device-name> is the number of the device according to the system's BIOS, starting with 0. The primary hard drive is numbered 0, while the secondary IDE hard drive is numbered 1.
Note:-GRUB's numbering system for devices starts at 0, and not 1.

The <partition-number> relates to the number of a specific partition on a dik device. Like the <bios-device-number>, the partition numbering starts at 0. While most partitions are specified by numbers, if a system use BSD partition, they are signified y letters, such as a or c.

GRUB uses the following rules when naming devices and partitions:

• It does not matter if system hard drives are IDE or SCSI. All hard drives start with hd. Floppy disks start with fd.

• To specify an entire device without respect to its partitions, simply leave off the comma and the partition number. This is important when telling GRUB to configure the MBR for a particular disk. For example, (hd0) specifies the first device and (hd3) specifies the fourth device.

• If a system has multiple drive devices, it is very important to know the drive order according to the BIOS. This is rather simple to do if a system has only IDE or SCSI drives, but if there is a mix of devices, it can become confusing.

GRUB Features

GRUB contains a number of features that make it preferable to other available boot loaders. These are some of the most important:

• GRUB provides a true command-based, pre-OS environment on x86 machines to allow maximum flexibility in loading operating systems with certain options or gathering information about the system. Many non-x86 architectures have employed pre-OS environments for years that allows control over how the system boots from a command line. While some command features are available with LILO and other x86 boot loaders, GRUB contains a greater number of features.

• GRUB supports Logical Block Addressing (LBA) mode. LBA places the addressing conversion used to find files on the drive in the drive's firmware, and it is used on many IDE and all SCSI hard disks. Before LBA, hard drives could encounter a 1024-cylinder limit, where the BIOS could not find a file after that point, such as a boot loader or kernel files. LBA support allows GRUB to boot operating systems from partitions beyond the 1024-cylinder limit, so long as the system BIOS supports LBA mode (most do).

• GRUB's configuration file is read from the disk every time the system boots, preventing the user from having to write over the MBR every time a change the boot options is made. Most boot loaders are not sophisticated enough to read configuration files and use them to set up boot options. For example, to change a LILO boot configuration, such as changing the default operating system to boot, users must change a LILO configuration file and run a command that overwrites the system's MBR with the new configuration data. This is more risky than GRUB's method, because a misconfigured MBR would leave the system unbootable. With GRUB, if the configuration file is erroneously configured and rebooted, it will simply default to a command line and allow the user to manually type commands that will launch the operating system. The MBR is not touched except to update the Stage 1, Stage 2, or menu configuration file locations, and this is rarely necessary.

File Structure

The commands to set the global preferences for the GRUB menu interface are placed at the top of the file, followed by the different entries for each of the operating systems to boot.

A very basic GRUB menu configuration file designed to boot either Red Hat Linux or Microsoft Windows 2000 might look as follows:

default=0
timeout=10
splashimage=(hd0,3)/grub/splash.xpm.gz
title Red Hat Enterprise Linux WS (2.4.21-4.EL)
root (hd0,3)
kernel /vmlinuz-2.4.21-4.EL ro root=LABEL=/1 hdd=ide-scsi
initrd /initrd-2.4.21-4.EL.img

title Windows nt
rootnoverify (hd0,0)
chainloader +1

• Default = 0 , indicates that the first partition in this list (in this case Red Hat Enterprise Linux WS (2.4.21-4.EL) will be one that is booted by default.

• timeout � If used, sets the interval, in seconds, before GRUB loads the entry designated by the default command.

• splashimage � Specifies the location of the splash screen image to be used when GRUB boots.

• title � Sets a title to be used with a particular group of commands used to load an operating system.

• For the Red Hat Liux system, the root line indicates the location of the boot partition as the second partition on the first disk, so to find kernel
  vmlinuz-2.4.21-4.EL ro root=LABEL=/1 hdd=ide-scsi and the initrd initial RAM disk boot image that is loaded initrd-2.4.21-4.EL.img

The # character can be used to place comments in the menu configuration file.

7.Few things related to GRUB password:-

1:-Implementing password just before the booting of selected operting system.

2:-Restoring grub password

3:-root access with the help of GRUB.

Q1:- How to implement a password before the booting of selected operating system?
A:- suppose you don't want others to boot other insecure operating system(e.g. Windows) or you want to implement a password at the boot label.
The method is:-

From your root terminal of root type grub and enter.
[root@localhost root]#grub

this will open your grub shell (after probing for BIOS drives)
grub>

give command md5crypt
grub>md5crypt

this will prompt for a password to encrypt, same as
grub>md5crypt

password:

give it the password which you want to encryption to implement in GRUB boot level.

Password:*****

this will give you an encrypted password some thing like.....

Password: *****
Encrypted: $1$W53mn0$wKIp1aF3pqr0WE8mpOoOY0

Now carefully copy this whole encrypted line
(here in this case it is $1$W53mn0$wKIp1aF3pqr0WE8mpOoOY0 ). You have to paste it in EXACTLY same order in your /boot/grub/grub.conf
For this purpose open your grub configuration(grub.conf) file with a some text editor (e.g. gedit. Vi , emacs etc.) from this location /boot/grub/grub.conf and simply add one line just below the title of the operating system/s you want to restrict with a password. Here in this case I am restricting my Red Hat Enterprise Linux thus i added one line below title i.e.
password �-md5 $1$W53mn0$wKIp1aF3pqr0WE8mpOoOY0
remember to not to forget EXACT order (password �-md5 encrypted password)

default=0
timeout=10
splashimage=(hd0,3)/grub/splash.xpm.gz
title Red Hat Enterprise Linux WS (2.4.21-4.EL)
password �-md5 $1$W53mn0$wKIp1aF3pqr0WE8mpOoOY0
root (hd0,3)
kernel /vmlinuz-2.4.21-4.EL ro root=LABEL=/1 hdd=ide-scsi
initrd /initrd-2.4.21-4.EL.img

title Windows nt
rootnoverify (hd0,0)
chainloader +1

Now reboot your system and before booting Red Hat Enterprise Linux WS (2.4.21-4.EL)
you will need a password (password which you just entered by editing grub.conf file). Without that password system (Red Hat Linux)will not boot. So be careful with this thing. You can also do the same for (here windows nt) other o/s too.

Q2:- You forgot your grub password ( password which you need before editing grub at the boot up time).
A:- Don't worry, boot your system and login as root.
2:- open your /boot/grub/grub.conf (or simply /etc/grub.conf)file. For example I forgot my grub password and my grub.conf file looks like

default=0
timeout=10
splashimage=(hd0,3)/grub/splash.xpm.gz
password �-md5 $1$11smn0$k6KlVccwjMQJWkgY740NO
title Red Hat Enterprise Linux WS (2.4.21-4.EL)
root (hd0,3)
kernel /vmlinuz-2.4.21-4.EL ro root=LABEL=/1 hdd=ide-scsi
initrd /initrd-2.4.21-4.EL.img

title Windows nt
rootnoverify (hd0,0)
chainloader +1

simply delete the whole password line( the password line just after splashimage line) and you can get in to grub shell without entering any password. Here in this case after editing my grub.conf file it looks like.

default=0
timeout=10
splashimage=(hd0,3)/grub/splash.xpm.gz
title Red Hat Enterprise Linux WS (2.4.21-4.EL)
root (hd0,3)
kernel /vmlinuz-2.4.21-4.EL ro root=LABEL=/1 hdd=ide-scsi
initrd /initrd-2.4.21-4.EL.img

title Windows nt
rootnoverify (hd0,0)
chainloader +1

But you still need a grub password for security purpose , isn't it so instead of deleting whole password line follow these steps.
1. From your root terminal of root type grub and enter.
[root@localhost root]#grub

this will open your grub shell (after probing for BIOS drives)
grub>

give command md5crypt
grub>md5crypt

this will prompt for a password to encrypt, same as
grub>md5crypt

password:

give it the password which you want to encryption to implement in GRUB boot level.

Password:*****

this will give you an encrypted password some thing like.....

Password: *****
Encrypted: $1$f3vmn0$QCBCYSFpWfp6FTBaCBDKu/

2. Copy this encrypted password and paste it in your password entry just
#Old

default=0
timeout=10
splashimage=(hd0,3)/grub/splash.xpm.gz
password �-md5 $1$11smn0$k6KlVccwjMQJWkgY740NO
title Red Hat Enterprise Linux WS (2.4.21-4.EL)
.
.
.

#NEW

default=0
timeout=10
splashimage=(hd0,3)/grub/splash.xpm.gz
password �-md5 $1$f3vmn0$QCBCYSFpWfp6FTBaCBDKu/
title Red Hat Enterprise Linux WS (2.4.21-4.EL)

Reboot your system and your new password for grub editing before system boot is implemented.

3:-How to get access into root account with the help of GRUB?
A:-I must say that everyone must use GRUB password otherwise any one get access to the root account if with the help of following method.

Suppose if there is no password implemented for GRUB (For editing GRUB just before it loads an operating system) or you forgot root password but have GRUB password (in case you implemented it for GRUB at installation time or with one of method which is mentioned in my above question's answer).
All you have to do is to just boot your Linux box in single user mode and it will dierctly open terminal of root account from where you can do anything you want as root is the GOD of Linux box. You can setup a new password with passwd command.

Now how to boot system in single user mode? It is simple. At the time of operating system selection(for dual boot) or when GRUB shows a countdown (that 10 seconds default countdown) press e to edit grub and then again press e to edit following line.
This is unedited line and will Linux box in multiuser mode:-

kernel /vmlinuz-2.4.21-4.EL ro root=LABEL=/1 hdd=ide-scsi

For making this system to boot in single user mode simply edit entry after LABEL like this:

kernel /vmlinuz-2.4.21-4.EL ro root=LABEL=/ 1

and press enter key which will send you back into to previous selection window remember there is a single space between / and 1 (in the entry for LABEL=/ 1)
2.Press b (For boot) and you will be in superuser (root) mode, hence with the full control over your system.

TOP