This is the documentation of GNU GRUB, the GRand Unified Bootloader, a flexible and powerful boot loader program for PCs.
This edition documents version 0.92.
Briefly, a boot loader is the first software program that runs when a computer starts. It is responsible for loading and transferring control to an operating system kernel software (such as Linux or GNU Mach). The kernel, in turn, initializes the rest of the operating system (e.g. a GNU system).
GNU GRUB is a very powerful boot loader, which can load a wide variety of free operating systems, as well as proprietary operating systems with chain-loading1. GRUB is designed to address the complexity of booting a personal computer; both the program and this manual are tightly bound to that computer platform, although porting to other platforms may be addressed in the future.
One of the important features in GRUB is flexibility; GRUB understands filesystems and kernel executable formats, so you can load an arbitrary operating system the way you like, without recording the physical position of your kernel on the disk.
Thus you can load the kernel just by specifying its file name and the drive (and the partition) where the kernel resides. To let GRUB know the drive and the file name, you can either type in them manually via the command-line interface (see Command-line interface), or use the nice menu interface (see Menu interface) through which you can easily select which OS it boots. To allow you to customize the menu, GRUB will load a preexisting configuration file (see Configuration). Note that you can not only enter the command-line interface whenever you like, but also you can edit specific menu entries prior to using them.
In the following chapters, you will learn how to specify a drive or a partition, and a file name (see Naming convention) to GRUB, how to install GRUB on your drive (see Installation), and how to boot your OSes (see Booting), step by step.
GRUB originated in 1995 when Erich Boleyn was trying to boot the GNU Hurd with the University of Utah's Mach 4 microkernel (now known as GNU Mach). Erich and Brian Ford designed the Multiboot Specification (see Multiboot Specification), because they were determined not to add to the large number of mutually-incompatible PC boot methods.
Erich then began modifying the FreeBSD boot loader so that it would understand Multiboot. He soon realized that it would be a lot easier to write his own boot loader from scratch than to keep working on the FreeBSD boot loader, and so GRUB was born.
Erich added many features to GRUB, but other priorities prevented him from keeping up with the demands of its quickly-expanding user base. In 1999, Gordon Matzigkeit and Yoshinori K. Okuji adopted GRUB as an official GNU package, and opened its development by making the latest sources available via anonymous CVS. See Obtaining and Building GRUB, for more information.
The primary requirement for GRUB is that it be compliant with the Multiboot Specification, which is described in Multiboot Specification.
The other goals, listed in approximate order of importance, are:
Except for specific compatibility modes (chain-loading and the Linux piggyback format), all kernels will be started in much the same state as in the Multiboot Specification. Only kernels loaded at 1 megabyte or above are presently supported. Any attempt to load below that boundary will simply result in immediate failure and an error message reporting the problem.
In addition to the requirements above, GRUB has the following features (note that the Multiboot Specification doesn't require all the features that GRUB supports):
The list of commands (see Commands) are a subset of those supported
for configuration files. Editing commands closely resembles the Bash
command-line (see Bash), with <TAB>-completion of commands,
devices, partitions, and files in a directory depending on context.
gzip. This
function is both automatic and transparent to the user (i.e. all
functions operate upon the uncompressed contents of the specified
files). This greatly reduces a file size and the loading time, a
particularly major benefit for floppies.2
It is conceivable that some kernel modules should be loaded in a
compressed state, so a different module-loading command can be specified
to avoid uncompressing the modules.
The following is a quotation from Gordon Matzigkeit, a GRUB fanatic:
Some people like to acknowledge both the operating system and kernel when they talk about their computers, so they might say they use "GNU/Linux" or "GNU/Hurd". Other people seem to think that the kernel is the most important part of the system, so they like to call their GNU operating systems "Linux systems."I, personally, believe that this is a grave injustice, because the boot loader is the most important software of all. I used to refer to the above systems as either "LILO"3 or "GRUB" systems.
Unfortunately, nobody ever understood what I was talking about; now I just use the word "GNU" as a pseudonym for GRUB.
So, if you ever hear people talking about their alleged "GNU" systems, remember that they are actually paying homage to the best boot loader around... GRUB!
We, the GRUB maintainers, do not (usually) encourage Gordon's level of fanaticism, but it helps to remember that boot loaders deserve recognition. We hope that you enjoy using GNU GRUB as much as we did writing it.
The device syntax used in GRUB is a wee bit different from what you may have seen before in your operating system(s), and you need to know it so that you can specify a drive/partition.
Look at the following examples and explanations:
(fd0)
First of all, GRUB requires that the device name is enclosed with
( and ). The fd part means that it is a floppy
disk. The number 0 is the drive number, which is counted from
zero. This expression means that GRUB will use the whole floppy
disk.
(hd0,1)
Here, hd means it is a hard disk drive. The first integer
0 indicates the drive number, that is, the first hard disk, while
the second integer, 1, indicates the partition number (or the
PC slice number in the BSD terminology). Once again, please note
that the partition numbers are counted from zero, not from
one. This expression means the second partition of the first hard disk
drive. In this case, GRUB uses one partition of the disk, instead of the
whole disk.
(hd0,4)
This specifies the first extended partition of the first hard disk
drive. Note that the partition numbers for extended partitions are
counted from 4, regardless of the actual number of primary
partitions on your hard disk.
(hd1,a)
This means the BSD a partition of the second hard disk. If you
need to specify which PC slice number should be used, use something
like this: (hd1,0,a). If the PC slice number is omitted,
GRUB searches for the first PC slice which has a BSD a
partition.
Of course, to actually access the disks or partitions with GRUB, you
need to use the device specification in a command, like root
(fd0) or unhide (hd0,2). To help you find out which number is a
partition you want, the GRUB command-line (see Command-line interface) options have argument completion. That means that, for
example, you only need to type root (, followed by a <TAB>,
and GRUB will display the list of drives, partitions, or file names, so
it should be quite easy to determine the name of your target partition,
even with minimal knowledge of the syntax.
Note that GRUB does not distinguish IDE from SCSI - it simply counts the drive numbers from zero, regardless of their type. Normally, any IDE drive number is less than any SCSI drive number, although that is not true if you change the boot sequence by swapping IDE and SCSI drives in your BIOS.
Now the question is, how to specify a file? Again, see this example:
(hd0,0)/vmlinuz
This specifies the file named vmlinuz, found on the first
partition of the first hard disk drive. Note that the argument
completion works with file names, too.
That was easy, admit it. Do read the next chapter, to find out how to actually install GRUB on your drive.
First, you need to have GRUB itself properly installed on your system, (see Obtaining and Building GRUB) either from the source tarball, or as a package for your OS.
To use GRUB, you need to install it on your drive. There are two ways of
doing that - either using the utility grub-install
(see Invoking grub-install) on a UNIX-like OS, or by using the
native Stage 2. These are quite similar, however, the utility might
probe a wrong BIOS drive, so better be careful.
Also, if you install GRUB on a UNIX-like OS, please make sure that you have an emergency boot disk ready, so that you can rescue your computer if, by any chance, your hard drive becomes unusable (unbootable).
GRUB comes with boot images, which are normally installed in the
directory /usr/share/grub/i386-pc. You need to copy the files
stage1, stage2, and *stage1_5 to the directory
/boot/grub. Here the directory where GRUB images are installed
and the directory where GRUB will use to find them are called image
directory and boot directory, respectively.
To create a GRUB boot floppy, you need to take the files stage1
and stage2 from the image directory, and write them to the first
and the second block of the floppy disk, respectively.
Caution: This procedure will destroy any data currently stored on the floppy.
On a UNIX-like operating system, that is done with the following
commands:
# cd /usr/share/grub/i386-pc # dd if=stage1 of=/dev/fd0 bs=512 count=1 1+0 records in 1+0 records out # dd if=stage2 of=/dev/fd0 bs=512 seek=1 153+1 records in 153+1 records out #
The device file name may be different. Consult the manual for your OS.
Caution: Installing GRUB's stage1 in this manner will erase the normal boot-sector used by an OS.
GRUB can currently boot GNU Mach, Linux, FreeBSD, NetBSD, and OpenBSD
directly, so using it on a boot sector should be okay. But generally, it
would be a good idea to back up the first sector of the partition on
which you are installing GRUB's stage1. This isn't as important if you
are installing GRUB on the first sector of a hard disk, since it's easy
to reinitialize it (e.g. by running FDISK /MBR from DOS).
If you decide to install GRUB in the native environment, which is definitely desirable, you'll need to create the GRUB boot disk, and reboot your computer with it. Otherwise, see Installing GRUB using grub-install, for more details.
Once started, GRUB will show the command-line interface
(see Command-line interface). First, set the GRUB's root
device4 to the
boot directory, like this:
grub> root (hd0,0)
If you are not sure which partition actually holds these files, use the
command find (see find), like this:
grub> find /boot/grub/stage1
This will search for the file name /boot/grub/stage1 and show the
devices which contain the file.
Once you've set the root device correctly, run the command
setup (see setup):
grub> setup (hd0)
This command will install GRUB on the MBR in the first drive. If you
want to install GRUB into the boot sector of a partition instead
of the MBR, specify a partition into which you want to install GRUB:
grub> setup (hd0,0)
If you install GRUB into a partition or a drive other than the first one, you must chain-load GRUB from another boot loader. Refer to the manual for the boot loader to know how to chain-load GRUB.
Now you can boot GRUB without a GRUB floppy. See the chapter Booting to find out how to boot your operating systems from GRUB.
Caution: This procedure is definitely deprecated, because there are several posibilities that your computer can be unbootable. For example, most operating systems don't tell GRUB how to map BIOS drives to OS devices correctly, GRUB merely guesses the mapping. This will succeed in most cases, but not always. So GRUB provides you with a user-defined map file called device map, which you must fix, if it is wrong. See Device map, for more details.
Unfortunately, if you do want to install GRUB under a UNIX-like OS (such
as GNU), invoke the program grub-install (see Invoking grub-install) as the superuser (root).
The usage is basically very easy. You only need to specify one argument
to the program, namely, where to install GRUB. The argument can be
either of a device file or a GRUB's drive/partition. So, this will
install GRUB into the MBR of the first IDE disk under Linux:
# grub-install /dev/hda
Likewise, under GNU/Hurd, this has the same effect:
# grub-install /dev/hd0
If it is the first BIOS drive, this is the same as well:
# grub-install '(hd0)'
But all the above examples assume that you use GRUB images under
the root directory. If you want GRUB to use images under a directory
other than the root directory, you need to specify the option
--root-directory. The typical usage is that you create a GRUB
boot floppy with a filesystem. Here is an example:
# mke2fs /dev/fd0 # mount -t ext2 /dev/fd0 /mnt # grub-install --root-directory=/mnt '(fd0)' # umount /mnt
Another example is in case that you have a separate boot partition
which is mounted at /boot. Since GRUB is a boot loader, it
doesn't know anything about mountpoints at all. Thus, you need to run
grub-install like this:
# grub-install --root-directory=/boot /dev/hda
By the way, as noted above, it is quite difficult to guess BIOS drives
correctly under a UNIX-like OS. Thus, grub-install will prompt
you to check if it could really guess the correct mappings, after the
installation. The format is defined in Device map. Please be
careful enough. If the output is wrong, it is unlikely that your
computer can boot with no problem.
Note that grub-install is actually just a shell script and the
real task is done by the grub shell grub (see Invoking the grub shell). Therefore, you may run grub directly to install
GRUB, without using grub-install. Don't do that, however,
unless you are very familiar with the internals of GRUB. Installing a
boot loader on a running OS may be extremely dangerous.
For Multiboot-compliant kernels, GRUB can load them in a consistent way, but, for some free operating systems, you need to use some OS-specific magic.
GRUB has two distinct boot methods. One of the two is to load an operating system directly, and the other is to chain-load another boot loader which then will load an operating system actually. Generally speaking, the former is desirable, because you don't need to install or maintain other boot loaders and GRUB is flexible enough to load an operating system from an arbitrary disk/partition. However, the latter is sometimes required, since GRUB doesn't support all the existing operating systems natively.
Multiboot (see Multiboot Specification) is the native format supported by GRUB. For the sake of convenience, there are also support for Linux, FreeBSD, NetBSD and OpenBSD. If you want to boot other operating systems, you will have to chain-load them (see Chain-loading).
Generally, GRUB can boot any Multiboot-compliant OS in the following steps:
root (see root).
kernel (see kernel).
module
(see module) or modulenounzip (see modulenounzip).
boot (see boot).
Linux, FreeBSD, NetBSD and OpenBSD can be booted in a similar
manner. You can load a kernel image by the command kernel and
then run the command boot. If the kernel requires some
parameters, just append the parameters to kernel, after the
file name of the kernel. Also, please refer to OS-specific notes,
for the information on your OS-specific issues.
If you want to boot an unsupported operating system (e.g. Windows 95), chain-load a boot loader for the operating system. Normally, the boot loader is embedded in the boot sector of the partition on which the operating system is installed.
rootnoverify (see rootnoverify):
grub> rootnoverify (hd0,0)
makeactive5 (see makeactive):
grub> makeactive
chainloader
(see chainloader):
grub> chainloader +1
+1 indicates that GRUB should read one sector from the start of
the partition. The complete description about this syntax can be found
in Block list syntax.
boot (see boot).
However, DOS and Windows have some deficiencies, so you might have to use more complicated instructions. See DOS/Windows, for more information.
Here, we describe some caveats on several operating systems.
Since GNU/Hurd is Multiboot-compliant, it is easy to boot it; there is nothing special about it. But do not forget that you have to specify a root partition to the kernel.
find /boot/gnumach or similar can help you
(see find).
grub> kernel /boot/gnumach root=hd0s1 grub> module /boot/serverboot
boot (see boot).
It is relatively easy to boot GNU/Linux from GRUB, because it somewhat resembles to boot a Multiboot-compliant OS.
find /vmlinuz or similar can help you (see find).
grub> kernel /vmlinuz root=/dev/hda1
If you need to specify some kernel parameters, just append them to the
command. For example, to set vga to ext, do this:
grub> kernel /vmlinuz root=/dev/hda1 vga=ext
See the documentation in the Linux source tree for the complete information on the available options.
initrd
(see initrd) after kernel:
grub> initrd /initrd
boot (see boot).
Caution: If you use an initrd and specify the mem=
option to the kernel, to let it use less than actual memory size, you
will also have to specify the same memory size to GRUB. To let GRUB know
the size, run the command uppermem before loading the
kernel. See uppermem, for more information.
GRUB can load the kernel directly, either in ELF or a.out format. But this is not recommended, since FreeBSD's bootstrap interface sometimes changes heavily, so GRUB can't guarantee to pass kernel parameters correctly.
Thus, we'd recommend loading the very flexible loader
/boot/loader instead. See this example:
grub> root (hd0,a) grub> kernel /boot/loader grub> boot
GRUB can load NetBSD a.out and ELF directly, follow these steps:
root (see root).
kernel (see kernel). You should
append the ugly option --type=netbsd, if you want to load an
ELF kernel, like this:
grub> kernel --type=netbsd /netbsd-elf
boot (see boot).
For now, however, GRUB doesn't allow you to pass kernel parameters, so it may be better to chain-load it instead, for more information please see Chain-loading.
The booting instruction is exactly the same as for NetBSD (see NetBSD).
GRUB cannot boot DOS or Windows directly, so you must chain-load them (see Chain-loading). However, their boot loaders have some critical deficiencies, so it may not work to just chain-load them. To overcome the problems, GRUB provides you with two helper functions.
If you have installed DOS (or Windows) on a non-first hard disk, you
have to use the disk swapping technique, because that OS cannot boot
from any disks but the first one. The workaround used in GRUB is the
command map (see map), like this:
grub> map (hd0) (hd1) grub> map (hd1) (hd0)
This performs a virtual swap between your first and second hard drive.
Caution: This is effective only if DOS (or Windows) uses BIOS to access the swapped disks. If that OS uses a special driver for the disks, this probably won't work.
Another problem arises if you installed more than one set of DOS/Windows onto one disk, because they could be confused if there are more than one primary partitions for DOS/Windows. Certainly you should avoid doing this, but there is a solution if you do want to do so. Use the partition hiding/unhiding technique.
If GRUB hides a DOS (or Windows) partition (see hide), DOS (or
Windows) will ignore the partition. If GRUB unhides a DOS (or
Windows) partition (see unhide), DOS (or Windows) will detect the
partition. Thus, if you have installed DOS (or Windows) on the first
and the second partition of the first hard disk, and you want to boot
the copy on the first partition, do the following:
grub> unhide (hd0,0) grub> hide (hd0,1) grub> rootnoverify (hd0,0) grub> chainloader +1 grub> makeactive grub> boot
It is known that the signature in the boot loader for SCO UnixWare is
wrong, so you will have to specify the option --force to
chainloader (see chainloader), like this:
grub> rootnoverify (hd1,0) grub> chainloader --force +1 grub> makeactive grub> boot
You probably noticed that you need to type several commands to boot your OS. There's a solution to that - GRUB provides a menu interface (see Menu interface) from which you can select an item (using arrow keys) that will do everything to boot an OS.
To enable the menu, you need a configuration file,
menu.lst under the boot directory. We'll analyze an example
file.
The file first contains some general settings, the menu interface
related options. You can put these commands (see Menu-specific commands) before any of the items (starting with title
(see title)).
# # Sample boot menu configuration file #
As you may have guessed, these lines are comments. Lines starting with a
hash character (#), and blank lines, are ignored by GRUB.
# By default, boot the first entry. default 0
The first entry (here, counting starts with number zero, not one!) will
be the default choice.
# Boot automatically after 30 secs. timeout 30
As the comment says, GRUB will boot automatically in 30 seconds, unless
interrupted with a keypress.
# Fallback to the second entry. fallback 1
If, for any reason, the default entry doesn't work, fall back to the second one (this is rarely used, for obvious reasons).
Note that the complete descriptions of these commands, which are menu interface specific, can be found in Menu-specific commands. Other descriptions can be found in Commands.
Now, on to the actual OS definitions. You will see that each entry
begins with a special command, title (see title), and the
action is described after it. Note that there is no command
boot (see boot) at the end of each item. That is because
GRUB automatically executes boot if it loads other commands
successfully.
The argument for the command title is used to display a short
title/description of the entry in the menu. Since title
displays the argument as is, you can write basically anything in there.
# For booting GNU/Hurd title GNU/Hurd root (hd0,0) kernel /boot/gnumach.gz root=hd0s1 module /boot/serverboot.gz
This boots GNU/Hurd from the first hard disk.
# For booting GNU/Linux title GNU/Linux kernel (hd1,0)/vmlinuz root=/dev/hdb1
This boots GNU/Linux, but from the second hard disk.
# For booting Mach (getting kernel from floppy) title Utah Mach4 multiboot root (hd0,2) pause Insert the diskette now^G!! kernel (fd0)/boot/kernel root=hd0s3 module (fd0)/boot/bootstrap
This boots Mach with a kernel on a floppy, but the root filesystem at
hd0s3. It also contains a pause line (see pause), which
will cause GRUB to display a prompt and delay, before actually executing
the rest of the commands and booting.
# For booting FreeBSD title FreeBSD root (hd0,2,a) kernel /boot/loader
This item will boot FreeBSD kernel loaded from the a partition of
the third PC slice of the first hard disk.
# For booting OS/2 title OS/2 root (hd0,1) makeactive # chainload OS/2 bootloader from the first sector chainloader +1 # This is similar to "chainload", but loads a specific file #chainloader /boot/chain.os2
This will boot OS/2, using a chain-loader (see Chain-loading).
# For booting Windows NT or Windows95 title Windows NT / Windows 95 boot menu root (hd0,0) makeactive chainloader +1 # For loading DOS if Windows NT is installed # chainload /bootsect.dos
The same as the above, but for Windows.
# For installing GRUB into the hard disk title Install GRUB into the hard disk root (hd0,0) setup (hd0)
This will just (re)install GRUB onto the hard disk.
# Change the colors. title Change the colors color light-green/brown blink-red/blue
In the last entry, the command color is used (see color),
to change the menu colors (try it!). This command is somewhat special,
because it can be used both in the command-line and in the menu. GRUB
has several such commands, see General commands.
We hope that you now understand how to use the basic features of GRUB. To learn more about GRUB, see the following chapters.
Although GRUB is a disk-based boot loader, it does provide network
support. To use the network support, you need to enable at least one
network driver in the GRUB build process. For more information please
see netboot/README.netboot in the source distribution.
GRUB requires a file server and optionally a server that will assign an IP address to the machine on which GRUB is running. For the former, only TFTP is supported at the moment. The latter is either BOOTP, DHCP or a RARP server6. It is not necessary to run both the servers on one computer. How to configure these servers is beyond the scope of this document, so please refer to the manuals specific to those protocols/servers.
If you decided to use a server to assign an IP address, set up the
server and run bootp (see bootp), dhcp
(see dhcp) or rarp (see rarp) for BOOTP, DHCP or RARP,
respectively. Each command will show an assigned IP address, a netmask,
an IP address for your TFTP server and a gateway. If any of the
addresses is wrong or it causes an error, probably the configuration of
your servers isn't set up properly.
Otherwise, run ifconfig, like this:
grub> ifconfig --address=192.168.110.23 --server=192.168.110.14
You can also use ifconfig in conjugation with bootp,
dhcp or rarp (e.g. to reassign the server address
manually). See ifconfig, for more details.
Finally, download your OS images from your network. The network can be
accessed using the network drive (nd). Everything else is very
similar to the normal instructions (see Booting).
Here is an example:
grub> bootp Probing... [NE*000] NE2000 base ... Address: 192.168.110.23 Netmask: 255.255.255.0 Server: 192.168.110.14 Gateway: 192.168.110.1 grub> root (nd) grub> kernel /tftproot/gnumach.gz root=sd0s1 grub> module /tftproot/serverboot.gz grub> boot
It is sometimes very useful to boot from a network, especially, when you use a machine which has no local disk. In this case, you need to obtain a kind of Net Boot ROM, such as a PXE ROM or a free software package like Etherboot. Such a Boot ROM first boots the machine, sets up the network card installed into the machine, and downloads a second stage boot image from the network. Then, the second image will try to boot an operating system from the network actually.
GRUB provides two second stage images, nbgrub and
pxegrub (see Images). Those images are the same as the
normal Stage 2, except that they set up a network automatically, and try
to load a configuration file from the network, if specified. The usage
is very simple: If the machine has a PXE ROM, use
pxegrub. If the machine has a NBI loader such as Etherboot, use
nbgrub. There is no difference between them but their formats. As
how to load a second stage image you want to use should be described in
the manual on your Net Boot ROM, please refer to the manual, for
more information.
However, there is one thing specific to GRUB. Namely, how to specify a
configuration file in a BOOTP/DHCP server. For now, GRUB uses the tag
150, to get the name of a configuration file. This below is an
example about a BOOTP configuration:
.allhost:hd=/tmp:bf=null:\
:ds=145.71.35.1 145.71.32.1:\
:sm=255.255.254.0:\
:gw=145.71.35.1:\
:sa=145.71.35.5:
foo:ht=1:ha=63655d0334a7:ip=145.71.35.127:\
:bf=/nbgrub:\
:tc=.allhost:\
:T150="(nd)/tftpboot/menu.lst.foo":
Note that you should specify the drive name (nd) in the name of
the configuration file. That is because you can change the root drive
before downloading the configuration from the TFTP server, when the
preset menu feature is used (see Preset Menu).
See the manual about your BOOTP/DHCP server, for more information. The exact syntax should differ from the example, more or less.
This chapter describes how to use the serial terminal support in GRUB.
If you have many computers or computers with no display/keyboard, it would be very useful to control the computers with serial communications. To connect a computer with another via a serial line, you need to prepare a null-modem (cross) serial cable, and you may need to have multiport serial boards, if your computer doesn't have extra serial ports. In addition, a terminal emulator is also required, such as minicom. Refer to a manual of your operating system, for more information.
As for GRUB, the instruction to set up a serial terminal is quite
simple. First of all, make sure that you haven't specified the option
--disable-serial to the configure script when you built your
GRUB images. If you get them in binary form, probably they have serial
terminal support already.
Then, initialize your serial terminal after GRUB starts up. Here is an
example:
grub> serial --unit=0 --speed=9600 grub> terminal serial
The command serial initializes the serial unit 0 with the
speed 9600bps. The serial unit 0 is usually called COM1, so, if
you want to use COM2, you must specify --unit=1 instead. This
command accepts many other options, so please refer to serial,
for more details.
The command terminal (see terminal) chooses which type of
terminal you want to use. In that case above, the terminal will be a
serial terminal, but you can also pass console to the command,
like terminal serial console. In this case, a terminal in which
you press any key will be selected as a GRUB terminal.
However, note that GRUB assumes that your terminal emulator is
compatible with VT100 by default. This is true for most terminal
emulators nowadays, but you should pass the option --dumb to
the command, if your terminal emulator is not VT100-compatible or
implements few VT100 escape sequences. If you specify the option, then
GRUB provides you with an alternative menu interface, because the normal
menu requires several fancy features for your terminal.
GRUB supports preset menu which is always loaded before starting.
The preset menu feature is useful, for example, when your computer has
no console but a serial cable. In this case, it is critical to set up
the serial terminal as soon as possible, since you cannot see any
message until the serial terminal begins to work. So it is nice to run
the commands serial (see serial) and terminal
(see terminal) sooner than anything else at the start-up time.
It is slightly complicated how the preset menu works:
To enable the preset menu feature, you must specify a file to the
configure script with the option --enable-preset-menu. The file
has the same semantics as normal configuration files
(see Configuration).
Another point you should take care is that the diskless support
(see Diskless) diverts the preset menu. Diskless images embed a
preset menu to execute the command bootp (see bootp)
automatically, unless you specify your own preset menu to the configure
script. This means that you must put commands to initialize a network in
the preset menu yourself, because diskless images don't set it up
implicitly, when you use the preset menu explicitly.
Therefore, a typical preset menu used with diskless support would be
like this:
# Set up the serial terminal, first of all. serial --unit=0 --speed=19200 terminal --timeout=0 serial # Initialize the network. dhcp
You may be interested in how to prevent ordinary users from doing whatever they like, if you share your computer with other people. So this chapter describes how to improve the security of GRUB.
One thing which could be a security hole is that the user can do too
many things with GRUB, because GRUB allows to modify its configuration
and run arbitrary commands at run-time. For example, the user can read
even /etc/passwd in the command-line interface by the command
cat (see cat). So it is necessary to disable all the
interactive operations.
Thus, GRUB provides password feature, so that only administrators
can start the interactive operations (i.e. editing menu entries and
entering the command-line interface). To use this feature, you need to
run the command password in your configuration file
(see password), like this:
password --md5 PASSWORD
If this is specified, GRUB disallows any interactive control, until you
press the key <p> and enter a correct password. The option
--md5 tells GRUB that PASSWORD is in MD5 format. If it
is omitted, GRUB assumes the PASSWORD is in clear text.
You can encrypt your password with the command md5crypt
(see md5crypt). For example, run the grub shell (see Invoking the grub shell), and enter your password:
grub> md5crypt Password: ********** Encrypted: $1$U$JK7xFegdxWH6VuppCUSIb.
Then, cut and paste the encrypted password to your configuration file.
Also, you can specify an optional argument to password. See
this example:
password PASSWORD /boot/grub/menu-admin.lst
In this case, GRUB will load /boot/grub/menu-admin.lst as a
configuration file when you enter the valid password.
Another thing which may be dangerous is that any user can choose any menu entry. Usually, this wouldn't be problematic, but you might want to permit only administrators to run some of your menu entries, such as an entry for booting an insecure OS like DOS.
GRUB provides the command lock (see lock). This command
always fails until you enter a valid password, so you can use it, like
this:
title Boot DOS lock rootnoverify (hd0,1) makeactive chainload +1
You should insert lock right after title, because
any user can execute commands in an entry, until GRUB encounters
lock.
You can also use the command password instead of
lock. In this case the boot process will ask for the password
and stop if it was entered incorrectly. Since the password
takes its own PASSWORD argument this is useful if you want
different passwords for different entries.
GRUB consists of several images: two essential stages, optional stages called Stage 1.5, and two network boot images. Here is a short overview of them. See Internals, for more details.
stage1
All stage1 must do is to load Stage 2 or Stage 1.5 from a local
disk. Because of the size restriction, stage1 encodes the
location of Stage 2 (or Stage 1.5) in a block list format, so it never
understand any filesystem structure.
stage2
e2fs_stage1_5
fat_stage1_5
ffs_stage1_5
jfs_stage1_5
minix_stage1_5
reiserfs_stage1_5
vstafs_stage1_5
xfs_stage1_5
stage1 and stage2, that is to say, Stage 1.5 is
loaded by Stage 1 and Stage 1.5 loads Stage 2. The difference between
stage1 and *_stage1_5 is that the former doesn't
understand any filesystem but the latter does an filesystem
(e.g. e2fs_stage1_5 understands ext2fs). So you can move the
location of Stage 2 to another safely, even after GRUB has been
installed.
While Stage 2 cannot generally be embedded in a fixed area as the size
is so large, Stage 1.5 can be installed into the area right after a MBR,
or the boot loader area of a ReiserFS or a FFS.
nbgrub
pxegrub
nbgrub, except
for the format.
GRUB uses a special syntax for specifying disk drives which can be
accessed by BIOS. Because of BIOS limitations, GRUB cannot distinguish
between IDE, ESDI, SCSI, or others. You must know yourself which BIOS
device is equivalent to which OS device. Normally, that will be clear if
you see the files in a device or use the command find
(see find).
The device syntax is like this:
(device[,part-num][,bsd-subpart-letter])
[] means the parameter is optional. device should be
either fd or hd followed by a digit, like fd0.
But you can also set device to a hexadecimal or a decimal, which
is a BIOS drive number, so the following are equivalent:
(hd0) (0x80) (128)
part-num represents the partition number of device, starting
from zero for primary partitions and from four for extended partitions,
and bsd-subpart-letter represents the BSD disklabel subpartition,
such as a or e.
A shortcut for specifying BSD subpartitions is
(device,bsd-subpart-letter), in this case, GRUB
searches for the first PC partition containing a BSD disklabel, then
finds the subpartition bsd-subpart-letter. Here is an example:
(hd0,a)
The syntax like (hd0) represents using the entire disk (or the
MBR when installing GRUB), while the syntax like (hd0,0)
represents using the partition of the disk (or the boot sector of the
partition when installing GRUB).
If you enabled the network support, the special drive, (nd), is
also available. Before using the network drive, you must initialize the
network. See Network, for more information.
There are two ways to specify files, by absolute file name and by block list.
An absolute file name resembles a Unix absolute file name, using
/ for the directory separator (not \ as in DOS). One
example is (hd0,0)/boot/grub/menu.lst. This means the file
/boot/grub/menu.lst in the first partition of the first hard
disk. If you omit the device name in an absolute file name, GRUB uses
GRUB's root device implicitly. So if you set the root device to,
say, (hd1,0) by the command root (see root), then
/boot/kernel is the same as (hd1,0)/boot/kernel.
A block list is used for specifying a file that doesn't appear in the
filesystem, like a chainloader. The syntax is
[offset]+length[,[offset]+length]....
Here is an example:
0+100,200+1,300+300
This represents that GRUB should read blocks 0 through 99, block 200, and blocks 300 through 599. If you omit an offset, then GRUB assumes the offset is zero.
Like the file name syntax (see File name syntax), if a blocklist
does not contain a device name, then GRUB uses GRUB's root
device. So (hd0,1)+1 is the same as +1 when the root
device is (hd0,1).
GRUB has both a simple menu interface for choosing preset entries from a configuration file, and a highly flexible command-line for performing any desired combination of boot commands.
GRUB looks for its configuration file as soon as it is loaded. If one is found, then the full menu interface is activated using whatever entries were found in the file. If you choose the command-line menu option, or if the configuration file was not found, then GRUB drops to the command-line interface.
The command-line interface provides a prompt and after it an editable text area much like a command-line in Unix or DOS. Each command is immediately executed after it is entered7. The commands (see Command-line and menu entry commands) are a subset of those available in the configuration file, used with exactly the same syntax.
Cursor movement and editing of the text on the line can be done via a subset of the functions available in the Bash shell:
When typing commands interactively, if the cursor is within or before the first word in the command-line, pressing the <TAB> key (or <C-i>) will display a listing of the available commands, and if the cursor is after the first word, the <TAB> will provide a completion listing of disks, partitions, and file names depending on the context.
Note that you cannot use the completion functionality in the TFTP filesystem. This is because TFTP doesn't support file name listing for the security.
The menu interface is quite easy to use. Its commands are both reasonably intuitive and described on screen.
Basically, the menu interface provides a list of boot entries to the user to choose from. Use the arrow keys to select the entry of choice, then press <RET> to run it. An optional timeout is available to boot the default entry (the first one if not set), which is aborted by pressing any key.
Commands are available to enter a bare command-line by pressing <c> (which operates exactly like the non-config-file version of GRUB, but allows one to return to the menu if desired by pressing <ESC>) or to edit any of the boot entries by pressing <e>.
If you protect the menu interface with a password (see Security), all you can do is choose an entry by pressing <RET>, or press <p> to enter the password.
The menu entry editor looks much like the main menu interface, but the lines in the menu are individual commands in the selected entry instead of entry names.
If an <ESC> is pressed in the editor, it aborts all the changes made to the configuration entry and returns to the main menu interface.
When a particular line is selected, the editor places the user at a special version of the GRUB command-line to edit that line. When the user hits <RET>, GRUB replaces the line in question in the boot entry with the changes (unless it was aborted via <ESC>, in which case the changes are thrown away).
If you want to add a new line to the menu entry, press <o> if adding a line after the current line or press <O> if before the current line.
To delete a line, hit the key <d>. Although GRUB does not support undo unfortunately, you can do almost the same thing by just returning to the main menu.
When your terminal is dumb or you request GRUB of hiding the menu
interface explicitly with the command hiddenmenu
(see hiddenmenu), GRUB doesn't show the menu interface (see Menu interface) and automatically boots the default entry, unless
interrupted by pressing <ESC>.
When you interrupt the timeout and your terminal is dumb, GRUB falls back to the command-line interface (see Command-line interface).
In this chapter, we list all commands that are available in GRUB.
Commands belong to different groups. A few can only be used in the global section of the configuration file (or "menu"); most of them can be entered on the command-line and can be either used in the menu or in the menu entries.
The semantics used in parsing the configuration file are the following:
# at the beginning of a line in a configuration file means it is
only a comment.
0x, and is case-insensitive.
These commands can only be used in the menu:
| default num | Command |
|
Set the default entry to the entry number num. Numbering starts
from 0, and the entry number 0 is the default if the command is not
used.
You can specify |
| fallback num | Command |
Go into unattended boot mode: if the default boot entry has any errors,
instead of waiting for the user to do anything, immediately start
over using the num entry (same numbering as the default
command (see default)). This obviously won't help if the machine was
rebooted by a kernel that GRUB loaded.
|
| hiddenmenu | Command |
| Don't display the menu. If the command is used, no menu will be displayed on the control terminal, and the default entry will be booted after the timeout expired. The user can still request the menu to be displayed by pressing <ESC> before the timeout expires. See also Hidden menu interface. |
| timeout sec | Command |
| Set a timeout, in sec seconds, before automatically booting the default entry (normally the first entry defined). |
| title name ... | Command |
| Start a new boot entry, and set its name to the contents of the rest of the line, starting with the first non-space character. |
Commands usable both in the menu and in the command-line.
bootp [--with-configfile]
|
Command |
|
Initialize a network device via the BOOTP protocol. This command
is only available if GRUB is compiled with netboot support. See also
Network.
If you specify |
| color normal [highlight] | Command |
Change the menu colors. The color normal is used for most
lines in the menu (see Menu interface), and the color
highlight is used to highlight the line where the cursor
points. If you omit highlight, then the inverted color of
normal is used for the highlighted line. The format of a color is
foreground/background. foreground and
background are symbolic color names. A symbolic color name must be
one of these:
But only the first eight names can be used for background. You can
prefix This command can be used in the configuration file and on the command
line, so you may write something like this in your configuration file:
# Set default colors. color light-gray/blue black/light-gray # Change the colors. title OS-BS like color magenta/blue black/magenta |
| device drive file | Command |
In the grub shell, specify the file file as the actual drive for a
BIOS drive drive. You can use this command to create a disk
image, and/or to fix the drives guessed by GRUB when GRUB fails to
determine them correctly, like this:
grub> device (fd0) /floppy-image grub> device (hd0) /dev/sd0 This command can be used only in the grub shell (see Invoking the grub shell). |
| dhcp [--with-configfile] | Command |
Initialize a network device via the DHCP protocol. Currently,
this command is just an alias for bootp, since the two
protocols are very similar. This command is only available if GRUB is
compiled with netboot support. See also Network.
If you specify |
| hide partition | Command |
| Hide the partition partition by setting the hidden bit in its partition type code. This is useful only when booting DOS or Windows and multiple primary FAT partitions exist in one disk. See also DOS/Windows. |
ifconfig [--server=server] [--gateway=gateway] [--mask=mask] [--address=address]
|
Command |
Configure the IP address, the netmask, the gateway, and the server
address of a network device manually. The values must be in dotted
decimal format, like 192.168.11.178. The order of the options is
not important. This command shows current network configuration, if no
option is specified. See also Network.
|
| pager [flag] | Command |
Toggle or set the state of the internal pager. If flag is
on, the internal pager is enabled. If flag is off,
it is disabled. If no argument is given, the state is toggled.
|
| partnew part type from to | Command |
Create a new primary partition. part is a partition specification
in GRUB syntax (see Naming convention); type is the partition
type and must be a number in the range 0-0xff; from and
to are the starting and ending sectors, expressed as an absolute
sector number.
|
| parttype part type | Command |
| Change the type of an existing partition. part is a partition specification in GRUB syntax (see Naming convention); type is the new partition type and must be a number in the range 0-0xff. |
password [--md5] passwd [new-config-file]
|
Command |
If used in the first section of a menu file, disable all interactive
editing control (menu entry editor and command-line) and entries
protected by the command lock. If the password passwd is
entered, it loads the new-config-file as a new config file and
restarts the GRUB Stage 2, if new-config-file is
specified. Otherwise, GRUB will just unlock the privileged instructions.
You can also use this command in the script section, in which case it
will ask for the password, before continueing. The option
--md5 tells GRUB that passwd is encrypted with
md5crypt (see md5crypt).
|
| rarp | Command |
| Initialize a network device via the RARP protocol. This command is only available if GRUB is compiled with netboot support. See also Network. |
serial [--unit=unit] [--port=port] [--speed=speed] [--word=word] [--parity=parity] [--stop=stop] [--device=dev]
|
Command |
Initialize a serial device. unit is a number in the range 0-3
specifying which serial port to use; default is 0, that corresponds
the port often called COM1. port is the I/O port where the UART
is to be found; if specified it takes precedence over unit.
speed is the transmission speed; default is 9600. word and
stop are the number of data bits and stop bits. Data bits must
be in the range 5-8 and stop bits are 1 or 2. Default is 8 data bits
and one stop bit. parity is one of no, odd,
even and defaults to no. The option --device
can only be used in the grub shell and is used to specify the
tty device to be used in the host operating system (see Invoking the grub shell).
The serial port is not used as a communication channel unless the
This command is only available if GRUB is compiled with serial support. See also Serial terminal. |
| setkey [to_key from_key] | Command |
Change the keyboard map. The key from_key is mapped to the key
to_key. If no argument is specified, reset key mappings. Note that
this command does not exchange the keys. If you want to exchange
the keys, run this command again with the arguments exchanged, like this:
grub> setkey capslock control grub> setkey control capslock A key must be an alphabet, a digit, or one of these symbols:
|
terminal [--dumb] [--timeout=secs] [--lines=lines] [--silent] [console] [serial] [hercules]
|
Command |
Select a terminal for user interaction. The terminal is assumed to be
VT100-compatible unless --dumb is specified. If both
console and serial are specified, then GRUB will use
the one where a key is entered first or the first when the timeout
expires. If neither are specified, the current setting is
reported. This command is only available if GRUB is compiled with serial
support. See also Serial terminal.
This may not make sense for most users, but GRUB supports Hercules
console as well. Hercules console is usable like the ordinary console,
and the usage is quite similar to that for serial terminals: specify
The option The option |
| tftpserver ipaddr | Command |
Caution: This command exists only for backward
compatibility. Use ifconfig (see ifconfig) instead.
Override a TFTP server address returned by a BOOTP/DHCP/RARP server. The
argument ipaddr must be in dotted decimal format, like
|
| unhide partition | Command |
| Unhide the partition partition by clearing the hidden bit in its partition type code. This is useful only when booting DOS or Windows and multiple primary partitions exist in one disk. See also DOS/Windows. |
These commands are usable in the command-line and in menu entries. If
you forget a command, you can run the command help
(see help).
| blocklist file | Command |
| Print the block list notation of the file file. See Block list syntax. |
| boot | Command |
| Boot the OS/chain-loader which has been loaded. Only necessary if running the fully interactive command-line (it is implicit at the end of a menu entry). |
| cat file | Command |
Display the contents of the file file. This command may be useful
to remind you of your OS's root partition:
grub> cat /etc/fstab |
chainloader [--force] file
|
Command |
Load file as a chain-loader. Like any other file loaded by the
filesystem code, it can use the blocklist notation to grab the first
sector of the current partition with +1. If you specify the
option --force, then load file forcibly, whether it has a
correct signature or not. This is required when you want to load a
defective boot loader, such as SCO UnixWare 7.1 (see SCO UnixWare).
|
| cmp file1 file2 | Command |
Compare the file file1 with the file file2. If they differ
in size, print the sizes like this:
Differ in size: 0x1234 [foo], 0x4321 [bar] If the sizes are equal but the bytes at an offset differ, then print the
bytes like this:
Differ at the offset 777: 0xbe [foo], 0xef [bar] If they are completely identical, nothing will be printed. |
| configfile file | Command |
| Load file as a configuration file. |
| debug | Command |
| Toggle debug mode (by default it is off). When debug mode is on, some extra messages are printed to show disk activity. This global debug flag is mainly useful for GRUB developers when testing new code. |
| displayapm | Command |
| Display APM BIOS information. |
| displaymem | Command |
| Display what GRUB thinks the system address space map of the machine is, including all regions of physical RAM installed. GRUB's upper/lower memory display uses the standard BIOS interface for the available memory in the first megabyte, or lower memory, and a synthesized number from various BIOS interfaces of the memory starting at 1MB and going up to the first chipset hole for upper memory (the standard PC upper memory interface is limited to reporting a maximum of 64MB). |
| embed stage1_5 device | Command |
|
Embed the Stage 1.5 stage1_5 in the sectors after the MBR if
device is a drive, or in the boot loader area if device
is a FFS partition or a ReiserFS partition.8 Print the number of sectors which
stage1_5 occupies, if successful.
Usually, you don't need to run this command directly. See setup. |
| find filename | Command |
Search for the file name filename in all of partitions and print
the list of the devices which contain the file. The file name
filename should be an absolute file name like
/boot/grub/stage1.
|
| fstest | Command |
Toggle filesystem test mode.
Filesystem test mode, when turned on, prints out data corresponding to
all the device reads and what values are being sent to the low-level
routines. The format is <partition-offset-sector,
byte-offset, byte-length> for high-level reads inside a
partition, and [disk-offset-sector] for low-level sector
requests from the disk.
Filesystem test mode is turned off by any use of the install
(see install) or testload (see testload) commands.
|
| geometry drive [cylinder head sector [total_sector]] | Command |
| Print the information for the drive drive. In the grub shell, you can set the geometry of the drive arbitrarily. The number of the cylinders, the one of the heads, the one of the sectors and the one of the total sectors are set to CYLINDER, HEAD, SECTOR and TOTAL_SECTOR, respectively. If you omit TOTAL_SECTOR, then it will be calculated based on the C/H/S values automatically. |
halt --no-apm
|
Command |
The command halts the computer. If the --no-apm option
is specified, no APM BIOS call is performed. Otherwise, the computer
is shut down using APM.
|
help --all [pattern ...]
|
Command |
Display helpful information about builtin commands. If you do not
specify pattern, this command shows short descriptions of most of
available commands. If you specify the option --all to this
command, short descriptions of rarely used commands (such as
testload) are displayed as well.
If you specify any patterns, it displays longer information about each of the commands which match those patterns. |
| impsprobe | Command |
| Probe the Intel Multiprocessor Specification 1.1 or 1.4 configuration table and boot the various CPUs which are found into a tight loop. This command can be used only in the Stage 2. |
| initrd file ... | Command |
| Load an initial ramdisk for a Linux format boot image and set the appropriate parameters in the Linux setup area in memory. See also GNU/Linux. |
install [--force-lba] [--stage2=os_stage2_file] stage1_file [d] dest_dev stage2_file [addr] [p] [config_file] [real_config_file]
|
Command |
This command is fairly complex, and you should not use this command
unless you are familiar with GRUB. Use setup (see setup)
instead.
In short, it will perform a full install presuming the Stage 2 or Stage 1.59 is in its final install location. In slightly more detail, it will load stage1_file, validate that
it is a GRUB Stage 1 of the right version number, install a blocklist for
loading stage2_file as a Stage 2. If the option Caution: Several buggy BIOSes don't pass a booting drive
properly when booting from a hard disk drive. Therefore, you will have
to specify the option
Caution2: A number of BIOSes don't return a correct LBA support
bitmap even if they do have the support. So GRUB provides a solution to
ignore the wrong bitmap, that is, the option Caution3: You must specify the option |
| ioprobe drive | Command |
| Probe I/O ports used for the drive drive. This command will list the I/O ports on the screen. For technical information, See Internals. |
kernel [--type=type] [--no-mem-option] file ...
|
Command |
|
Attempt to load the primary boot image (Multiboot a.out or ELF,
Linux zImage or bzImage, FreeBSD a.out, NetBSD a.out, etc.) from
file. The rest of the line is passed verbatim as the kernel
command-line. Any modules must be reloaded after using this command.
This command also accepts the option The option |
| lock | Command |
Prevent normal users from executing arbitrary menu entries. You must use
the command password if you really want this command to be
useful (see password).
This command is used in a menu, as shown in this example:
title This entry is too dangerous to be executed by normal users lock root (hd0,a) kernel /no-security-os See also Security. |
| makeactive | Command |
| Set the active partition on the root disk to GRUB's root device. This command is limited to primary PC partitions on a hard disk. |
| map to_drive from_drive | Command |
Map the drive from_drive to the drive to_drive. This is
necessary when you chain-load some operating systems, such as DOS, if
such an OS resides at a non-first drive. Here is an example:
grub> map (hd0) (hd1) grub> map (hd1) (hd0) The example exchanges the order between the first hard disk and the second hard disk. See also DOS/Windows. |
| md5crypt | Command |
Prompt to enter a password, and encrypt it in MD5 format. The encrypted
password can be used with the command password
(see password). See also Security.
|
| module file ... | Command |
Load a boot module file for a Multiboot format boot image (no
interpretation of the file contents are made, so that user of this
command must know what the kernel in question expects). The rest of the
line is passed as the module command-line, like the
kernel command. You must load a Multiboot kernel image before
loading any module. See also modulenounzip.
|
| modulenounzip file ... | Command |
The same as module (see module), except that automatic
decompression is disabled.
|
| pause message ... | Command |
| Print the message, then wait until a key is pressed. Note that placing <^G> (ASCII code 7) in the message will cause the speaker to emit the standard beep sound, which is useful when prompting the user to change floppies. |
| quit | Command |
Exit from the grub shell grub (see Invoking the grub shell). This command can be used only in the grub shell.
|
| reboot | Command |
| Reboot the computer. |
| read addr | Command |
| Read a 32-bit value from memory at address addr and display it in hex format. |
| root device [hdbias] | Command |
Set the current root device to the device device, then
attempt to mount it to get the partition size (for passing the partition
descriptor in ES:ESI, used by some chain-loaded boot loaders), the
BSD drive-type (for booting BSD kernels using their native boot format),
and correctly determine the PC partition where a BSD sub-partition is
located. The optional hdbias parameter is a number to tell a BSD
kernel how many BIOS drive numbers are on controllers before the current
one. For example, if there is an IDE disk and a SCSI disk, and your
FreeBSD root partition is on the SCSI disk, then use a 1 for
hdbias.
See also rootnoverify. |