GRUB/Tips and tricks
Contents
- 1 GUI configuration tools
- 2 Visual configuration
- 3 Booting ISO9660 image file directly via GRUB
- 4 Persistent block device naming
- 5 Using labels
- 6 Password protection of GRUB menu
- 7 Hide GRUB unless the Shift key is held down
- 8 Combining the use of UUIDs and basic scripting
- 9 Manually creating grub.cfg
- 10 Multiple entries
- 11 Play a tune
- 12 Manual configuration of core image for early boot
GUI configuration tools
Following package may be installed:
- grub-customizer — GTK+ customizer for GRUB or BURG
- grub2-editor — KDE4 control module for configuring the GRUB bootloader
- http://kde-apps.org/content/show.php?content=139643 || grub2-editorAUR[broken link: archived in aur-mirror]
- grub2-editor-frameworks — Unofficial KF5 port of grub2-editor
- startupmanager — GUI app for changing the settings of GRUB Legacy, GRUB, Usplash and Splashy (abandonned)
Visual configuration
In GRUB it is possible, by default, to change the look of the menu. Make sure to initialize, if not done already, GRUB graphical terminal, gfxterm, with proper video mode, gfxmode, in GRUB. This can be seen in the section GRUB#"No suitable mode found" error. This video mode is passed by GRUB to the linux kernel via 'gfxpayload' so any visual configurations need this mode in order to be in effect.
Setting the framebuffer resolution
GRUB can set the framebuffer for both GRUB itself and the kernel. The old vga=
way is deprecated. The preferred method is editing /etc/default/grub
as the following sample:
GRUB_GFXMODE=1024x768x32 GRUB_GFXPAYLOAD_LINUX=keep
Multiple resolutions can be specified, including the default auto
, so it is recommended that you edit the line to resemble GRUB_GFXMODE=<desired resolution>,<fallback such as 1024x768>,auto
. For more information, refer to the GRUB gfxmode documentation. The gfxpayload property will make sure the kernel keeps the resolution.
If this method does not work for you, the deprecated vga=
method will still work. Just add it next to the "GRUB_CMDLINE_LINUX_DEFAULT="
line in /etc/default/grub
for example: "GRUB_CMDLINE_LINUX_DEFAULT="quiet splash vga=792"
will give you a 1024x768
resolution.
915resolution hack
Some times for Intel graphic adapters neither # hwinfo --framebuffer
nor videoinfo
will show you the desired resolution. In this case you can use 915resolution
hack. This hack will temporarily modify video BIOS and add needed resolution. See 915resolution's home page. The package can be found here: 915resolutionAUR
First you need to find a video mode which will be modified later. For that we need the GRUB command shell:
sh:grub> 915resolution -l
Intel 800/900 Series VBIOS Hack : version 0.5.3 [...] Mode 30 : 640x480, 8 bits/pixel [...]
Next, we overwrite the Mode 30
with 1440x900
resolution:
/etc/grub.d/00_header
[...] 915resolution 30 1440 900 # Inserted line set gfxmode=${GRUB_GFXMODE} [...]
Lastly we need to set GRUB_GFXMODE
as described earlier, regenerate grub.cfg
and reboot to test changes.
Background image and bitmap fonts
GRUB comes with support for background images and bitmap fonts in pf2
format. The unifont font is included in the grub package under the filename unicode.pf2
, or, as only ASCII characters under the name ascii.pf2
.
Image formats supported include tga, png and jpeg, providing the correct modules are loaded. The maximum supported resolution depends on your hardware.
Make sure you have set up the proper framebuffer resolution.
Edit /etc/default/grub
like this:
GRUB_BACKGROUND="/boot/grub/myimage" #GRUB_THEME="/path/to/gfxtheme" GRUB_FONT="/path/to/font.pf2"
Re-generate grub.cfg
to apply the changes. If adding the splash image was successful, the user will see "Found background image..."
in the terminal as the command is executed. If this phrase is not seen, the image information was probably not incorporated into the grub.cfg
file.
If the image is not displayed, check:
- The path and the filename in
/etc/default/grub
are correct - The image is of the proper size and format (tga, png, 8-bit jpg)
- The image was saved in the RGB mode, and is not indexed
- The console mode is not enabled in
/etc/default/grub
- The command
grub-mkconfig
must be executed to place the background image information into the/boot/grub/grub.cfg
file - The
grub-mkconfig
scripts won't quote the file name ingrub.cfg
so make sure it does not contain spaces
Theme
Here is an example for configuring Starfield theme which was included in GRUB package.
Edit /etc/default/grub
GRUB_THEME="/usr/share/grub/themes/starfield/theme.txt"
Re-generate grub.cfg
to apply the changes. If configuring the theme was successful, you will see Found theme: /usr/share/grub/themes/starfield/theme.txt
in the terminal.
Your splash image will usually not be displayed when using a theme.
Menu colors
You can set the menu colors in GRUB. The available colors for GRUB can be found in the GRUB Manual. Here is an example:
Edit /etc/default/grub
:
GRUB_COLOR_NORMAL="light-blue/black" GRUB_COLOR_HIGHLIGHT="light-cyan/blue"
One of the unique features of GRUB is hiding/skipping the menu and showing it by holding Esc
when needed. You can also adjust whether you want to see the timeout counter.
Edit /etc/default/grub
as you wish. Here are the lines you need to add to enable this feature, the timeout has been set to five seconds and to be shown to the user:
GRUB_TIMEOUT=5 GRUB_TIMEOUT_STYLE='countdown'
GRUB_TIMEOUT is how many seconds before displaying menu.
Disable framebuffer
Users who use NVIDIA proprietary driver might wish to disable GRUB's framebuffer as it can cause problems with the binary driver.
To disable framebuffer, edit /etc/default/grub
and uncomment the following line:
GRUB_TERMINAL_OUTPUT=console
Another option if you want to keep the framebuffer in GRUB is to revert to text mode just before starting the kernel. To do that modify the variable in /etc/default/grub
:
GRUB_GFXPAYLOAD_LINUX=text
Booting ISO9660 image file directly via GRUB
GRUB supports booting from ISO images directly via loopback devices, see Multiboot USB drive#Using GRUB and loopback devices for examples.
Persistent block device naming
One naming scheme for Persistent block device naming is the use of globally unique UUIDs to detect partitions instead of the "old" /dev/sd*
. Advantages are covered up in the above linked article.
Persistent naming via file system UUIDs are used by default in GRUB.
Whether to use UUIDs is controlled by an option in /etc/default/grub
:
GRUB_DISABLE_LINUX_UUID=true
Using labels
It is possible to use labels, human-readable strings attached to file systems, by using the --label
option to search
. First of all, label your existing partition:
# tune2fs -L LABEL PARTITION
Then, add an entry using labels. An example of this:
menuentry "Arch Linux, session texte" { search --label --set=root archroot linux /boot/vmlinuz-linux root=/dev/disk/by-label/archroot ro initrd /boot/initramfs-linux.img }
If you want to secure GRUB so it is not possible for anyone to change boot parameters or use the command line, you can add a user/password combination to GRUB's configuration files. To do this, run the command grub-mkpasswd-pbkdf2
. Enter a password and confirm it:
grub-mkpasswd-pbkdf2
[...] Your PBKDF2 is grub.pbkdf2.sha512.10000.C8ABD3E93C4DFC83138B0C7A3D719BC650E6234310DA069E6FDB0DD4156313DA3D0D9BFFC2846C21D5A2DDA515114CF6378F8A064C94198D0618E70D23717E82.509BFA8A4217EAD0B33C87432524C0B6B64B34FBAD22D3E6E6874D9B101996C5F98AB1746FE7C7199147ECF4ABD8661C222EEEDB7D14A843261FFF2C07B1269A
Then, add the following to /etc/grub.d/40_custom
:
/etc/grub.d/40_custom
set superusers="username" password_pbkdf2 username <password>
where <password>
is the string generated by grub-mkpasswd_pbkdf2
.
Regenerate your configuration file. Your GRUB command line, boot parameters and all boot entries are now protected.
This can be relaxed and further customized with more users as described in the "Security" part of the GRUB manual.
Password protection of GRUB edit and console options only
Adding --unrestricted
to a menu entry will allow any user to boot the OS while preventing the user from editing the entry and preventing access to the grub command console.
Only a superuser or users specified with the --user
switch will be able to edit the menu entry.
/boot/grub/grub.cfg
menuentry 'Arch Linux' --unrestricted --class arch --class gnu-linux --class os ...
Hide GRUB unless the Shift key is held down
In order to achieve the fastest possible boot, instead of having GRUB wait for a timeout, it is possible for GRUB to hide the menu, unless the Shift
key is held down during GRUB's start-up.
In order to achieve this, you should add the following line to /etc/default/grub
:
GRUB_FORCE_HIDDEN_MENU="true"
Then create the file in [1], make it exectuable, and regenerate the grub configuration:
# chmod a+x /etc/grub.d/31_hold_shift # grub-mkconfig -o /boot/grub/grub.cfg
Combining the use of UUIDs and basic scripting
If you like the idea of using UUIDs to avoid unreliable BIOS mappings or are struggling with GRUB's syntax, here is an example boot menu item that uses UUIDs and a small script to direct GRUB to the proper disk partitions for your system. All you need to do is replace the UUIDs in the sample with the correct UUIDs for your system. The example applies to a system with a boot and root partition. You will obviously need to modify the GRUB configuration if you have additional partitions:
menuentry "Arch Linux 64" { # Set the UUIDs for your boot and root partition respectively set the_boot_uuid=ece0448f-bb08-486d-9864-ac3271bd8d07 set the_root_uuid=c55da16f-e2af-4603-9e0b-03f5f565ec4a # (Note: This may be the same as your boot partition) # Get the boot/root devices and set them in the root and grub_boot variables search --fs-uuid $the_root_uuid --set=root search --fs-uuid $the_boot_uuid --set=grub_boot # Check to see if boot and root are equal. # If they are, then append /boot to $grub_boot (Since $grub_boot is actually the root partition) if [ $the_boot_uuid == $the_root_uuid ] ; then set grub_boot=($grub_boot)/boot else set grub_boot=($grub_boot) fi # $grub_boot now points to the correct location, so the following will properly find the kernel and initrd linux $grub_boot/vmlinuz-linux root=/dev/disk/by-uuid/$the_root_uuid ro initrd $grub_boot/initramfs-linux.img }
Manually creating grub.cfg
A basic GRUB config file uses the following options:
-
(hdX,Y)
is the partition Y on disk X, partition numbers starting at 1, disk numbers starting at 0 -
set default=N
is the default boot entry that is chosen after timeout for user action -
set timeout=M
is the time M to wait in seconds for a user selection before default is booted -
menuentry "title" {entry options}
is a boot entry titledtitle
-
set root=(hdX,Y)
sets the boot partition, where the kernel and GRUB modules are stored (boot need not be a separate partition, and may simply be a directory under the "root" partition (/
)
Multiple entries
If you have multiple kernels installed, say linux and linux-lts, by default grub-mkconfig
groups them in a submenu. If you do not like this behaviour you can go back to one single menu by adding the following line to /etc/default/grub
:
GRUB_DISABLE_SUBMENU=y
Recall previous entry
GRUB can remember the last entry you booted from and use this as the default entry to boot from next time. This is useful if you have multiple kernels (i.e., the current Arch one and the LTS kernel as a fallback option) or operating systems. To do this, edit /etc/default/grub
and change the value of GRUB_DEFAULT
:
GRUB_DEFAULT=saved
This ensures that GRUB will default to the saved entry. To enable saving the selected entry, add the following line to /etc/default/grub
:
GRUB_SAVEDEFAULT=true
To change the default selected entry, edit /etc/default/grub
and change the value of GRUB_DEFAULT
:
Using numbers :
GRUB_DEFAULT=0
Grub identifies entries in generated menu counted from zero. That means 0 for the first entry which is the default value, 1 for the second and so on.
Or using menu titles :
GRUB_DEFAULT='Arch Linux, with Linux core repo kernel'
Boot non-default entry only once
The command grub-reboot
is very helpful to boot another entry than the default only once. GRUB loads the entry passed in the first command line argument, when the system is rebooted the next time. Most importantly GRUB returns to loading the default entry for all future booting. Changing the configuration file or selecting an entry in the GRUB menu is not necessary.
Play a tune
You can play a tune through the PC-speaker while booting by modifying the variable GRUB_INIT_TUNE
. For example, to play Berlioz's extract from Sabbath Night of Symphonie Fantastique you can add the following: (bassoon part):
GRUB_INIT_TUNE="312 262 3 247 3 262 3 220 3 247 3 196 3 220 3 220 3 262 3 262 3 294 3 262 3 247 3 220 3 196 3 247 3 262 3 247 5 220 1 220 5"
For information on this, you can look at info grub -n play
.
Manual configuration of core image for early boot
If you require a special keymap or other complex steps that GRUB is not able to configure automatically in order to make /boot
available to the GRUB environment, you can generate a core image yourself. On UEFI systems, the core image is the grubx64.efi
file that is loaded by the firmware on boot. Building your own core image will allow you to embed any modules required for very early boot, as well as a configuration script to bootstrap GRUB.
Firstly, taking as an example a requirement for the dvorak
keymap embedded in early-boot in order to enter a password for a crypted /boot
on a UEFI system:
Determine from the generated /boot/grub/grub.cfg
file what modules are required in order to mount the crypted /boot
. For instance, under your menuentry
you should see lines similar to:
insmod diskfilter cryptodisk luks gcry_rijndael gcry_rijndael gcry_sha256 insmod ext2 cryptomount -u 1234abcdef1234abcdef1234abcdef set root='cryptouuid/1234abcdef1234abcdef1234abcdef'
Take note of all of those modules: they'll need to be included in the core image. Now, create a tarball containing your keymap. This will be bundled in the core image as a memdisk:
# ckbcomp dvorak | grub-mklayout > dvorak.gkb # tar cf memdisk.tar dvorak.gkb
Now create a configuration file to be used in the GRUB core image. This is in the same format as your regular grub config, but need contain only a few lines to find and load the main config file on the /boot
partition:
early-grub.cfg
root=(memdisk) prefix=($root)/ terminal_input at_keyboard keymap /dvorak.gkb cryptomount -u 1234abcdef1234abcdef1234abcdef set root='cryptouuid/1234abcdef1234abcdef1234abcdef' set prefix=($root)/grub configfile grub.cfg
Finally, generate the core image, listing all of the modules determined to be required in the generated grub.cfg
, along with any modules used in the early-grub.cfg
script. The example above needs memdisk
, tar
, at_keyboard
, keylayouts
and configfile
.
# grub-mkimage -c early-grub.cfg -o grubx64.efi -O x86_64-efi -m memdisk.tar diskfilter cryptodisk luks gcry_rijndael gcry_sha256 ext2 memdisk tar at_keyboard keylayouts configfile
The generated EFI core image can now be used in the same way as the image that is generated automatically by grub-install
: place it in your EFI partition and enable it with efibootmgr
, or configure as appropriate for your system firmware.