Jump to content











Photo
- - - - -

GRUB4DOS for UEFI


  • Please log in to reply
372 replies to this topic

#351 Gerolf

Gerolf

    Member

  • Members
  • 67 posts
  •  
    Germany

Posted A week ago

This Lenovo laptop was sold as new, for little money, and without Windows, by a renowned German notebook shop site. It came with pre-installed FreeDOS, giving the out-of-box experience of a 1980s IBM AT. But that was not because of the Superfish adware shit, which happened later, in 2014. I did not know this story; instead, I was curious whether my machine would be one of those "Lenovo computer models with Secure Boot [that] had firmware that was hardcoded to allow only executables named 'Windows Boot Manager' or 'Red Hat Enterprise Linux' to load, regardless of any other setting" (it isn't).

 

Better don't spend your money on the golden paint.

 

Maybe I should attach emojis to remarks that are meant ironically, but it's funnier for me if I don't. Of course I'm on your side, Alacran, with your criticism of the Secure Boot approach, because booting should become easier, not harder. Also, my initial quoting of Zammibro's complaint (in post no. 341) does not mean that I'm complaining too. I just try to analyze, like: If the malware people laugh about Secure Boot being enabled, then why don't we? I want to know how we can live with it.

By the way,  the Chinese site A1ive and you referred to freqently is either offline now or inaccessible from Germany, even with Tor browser. I probably missed important basic information from there, so it would be nice if someone could upload a backup of that material to a, well, "secure" location.

 

Gerolf commented in a previous post his preferred distro (openSUSE Tumbleweed) has a GUI tool (YaST) to edit the grub.cfg file. Please don't ask how to edit grub.cfg file, as each distro has its own way to automatically create its grub.cfg file, and it is known direct manual edition very frecuently do not work, as it is usually auto-repaired on next boot

 

SUSE Linux gained a little popularity in Germany during the time when Windows still struggled with stability problems. During the past 23 years, I frequently created the classical dual-boot scenario (which I only adopted here for GPT/UEFI/SB) on various machines, and while SUSE Linux never was considered a "cool" distro like Ubuntu, I'm amazed how its installation procedure runs smoother and faster with every year.

SUSE's YaST not only is "Yet another Setup Tool" but also a comprehensive control center for system administration like the one (or two) you are used to on Windows but somehow cannot find on other Linux distros. For instance, its boot manager configuration GUI allows to install another bootloader (Grub2 or Grub2 for EFI) even after setup is already finished. A few options like Secure Boot support or the default operating system can be changed, but a dialog to add further menu entries is missing -- no wonder as grub.cfg is a shell script of quite some complexity rather than a configuration file.

It is correct that grub.cfg gets rebuilt automatically from fragments located elsewhere. I still have to study the mechanism and to use the Grub2 command line meanwhile. I see a new "Grub4EFI" build just arrived; I had downloaded the previous one a few days ago. The EFI partition gets mounted to /boot/efi/EFI and has subfolders Microsoft and opensuse. I opened the file manager in supervisor mode, created a subfolder Grub4EFI and copied the file BOOTX64.EFI from the extracted archive to it. Then I secure-booted to Grub2, opened the command-line and entered:

chainloader (hd0,gpt1)/EFI/Grub4EFI/BOOTX64.EFI
boot

And then it really did show up, with its title line "GRUB4DOS for_UEFI 2021-06-19". (I haven't made any further experiments with it yet, I'm getting tired now.)

You quoted the sentence "Using SB activates 'lockdown' mode in the Linux kernel" from the Debian Wiki and concluded:

 

So as G4E boot loader is not signed with a Devian Key it will not load/run when Secure Boot is enabled.

 

Only that Grub2 which I used here for chainloading "Grub4EFI" obviously does not include a Linux kernel or any other code that is responsive to Secure Boot mode. I understand the Debian Wiki such that only the first-stage bootloader Shim, the "root of trust", then kills the next binary to be chainloaded if that file is not signed. But that's not the case for openSUSE's Grub2, and Shim neither knows nor cares what Grub2 will do later.

So my answer to Zammibro's complaining question ("How to add this thing to a Windows PC?") would be, in a nutshell and still incomplete: Create a dual-boot scenario with a "trusted" Linux distro to get a signed Grub2 installed, and then modify its configuration to chainload "Grub4EFI" and your other cool "untrusted" stuff. You don't trust my reporting? C'mon, you'll find a spare computer to reproduce this experiment.



#352 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15714 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted A week ago

It is correct that grub.cfg gets rebuilt automatically from fragments located elsewhere. I still have to study the mechanism and to use the Grub2 command line meanwhile. 

 

That "feature", that is in my personal opinion one of the stupidest things ever made by humans[1], is AFAIK mis- or under- documented, the only place where I could find an understandable explanation is here, jFYI, on dedoimedo's:

https://www.dedoimed...ers/grub-2.html

https://www.dedoimed...#mozTocId226706

 

:duff:

Wonko

 

[1] not the general idea in itself, but the fact that in practice it makes difficult to "mantain" a valid "customized" grub.cfg in case of updates/changes to the system.


  • alacran and Gerolf like this

#353 wimb

wimb

    Platinum Member

  • Developer
  • 3317 posts
  • Interests:Boot and Install from USB
  •  
    Netherlands

Posted A week ago

So I would expect my test computer to be securely dual-bootable to Windows 10/11 and Debian 10, with the latter's signed Grub2 for UEFI to be able to chainload our new Grub4DOS for UEFI, such that I could do my unsecure booting experiments with virtual disks, right? Which would be the menu entry for Grub2?

 

 

UEFI Secure Multi-Boot of Windows 10 and Linux in VHD using Grub2 and viskchain was realised and described in

 

How to make Linux VHD for Multi-Boot with Windows using Grub2 and vdiskchain

 

in VHD_WIMBOOT PDF page 10 and 11 (Experts Only if you know what you are doing ....)


  • alacran and Gerolf like this

#354 alacran

alacran

    Gold Member

  • .script developer
  • 2111 posts
  •  
    Mexico

Posted A week ago

@ Wonko

 

Good info, thanks, it may very useful for future readers too.

 

alacran



#355 alacran

alacran

    Gold Member

  • .script developer
  • 2111 posts
  •  
    Mexico

Posted A week ago

From: This post.

 

Easy way to create same structure of a USB device created with USB_FORMAT by wimb in a internal HD to be able to boot as MBR/CSM and UEFI on a PC capable to boot both ways.

 

If your PC Bios/Firmware only allow to boot one way that will be only option available.

 

My test machine layout is:

  • HD-0 is MBR formated where first primary active partition is NTFS as usuall, this is the usually default boot disk for every day use, but it always can be switched permanently at will with HD-1 in all Bios/firmwares.
  • HD-1 MBR formated first primary active partition is FAT-32, and as you know, then it is capable to boot fine as MBR and/or UEFI.
  • Several Win OSs and some Linux distros are installed on VHDs.

My procedure to get exactly same content created by a just made USB device using USB_FORMAT program on the HD-1 was the following:

  • Using a spare USB, format it by means of USB_FORMAT using Super UEFI option.
  • Make a 7-zip file of the FAT-32 partition contend.
  • Create HD-1 MBR formated first primary active partition FAT-32, 32 GB Max., this will allow to add many Linux distro ISOs to boot in Live mode if you want.
  • Extract all 7-zip file content to the new just formated FAT-32 partition and keep the 7-zip file for a possible future use.

Usage:

  • Create a second primary NTFS partition and optionally an extended partition with several logical partitions on HD-1.
  • Into NTFS HD-1, create VHD folder to content the VHDs, for easy edition of config files during my tests using ntloader by a1ve, the WIM files are on the root of the partition, ntloader info is in post between  this  and  this
  • Copy all VHD and Wim files to NTFS partition.
  • Copy the ISO files to folder images on FAT-32 partition, or cut and paste images folder to NTFS partition before copy, if you have ISO files exceeding the FAT-32 limit of 4 GB for a single file.
  • Also it is possible to copy a big number of Linux distro ISOs into its respective folder located on iso folder on FAT-32 partition to boot from them in Live mode. (I omited this in my test machine).
  • Optionally Integrate Linux Portable distros to FAT-32 partition, see: this topic
  • Use UEFI_MULTI and/or VHD_WIMBOOT to make all entries required to MBR/UEFI boot.
  • Use VHD_WIMBOOT to create new Win OS VHDs.
  • Easy to run many test manually editing or adding new entries on BCs or config files of a1ve Grub2 and grub4dos (MBR and UEFI versions).
  • On this machine Asus MB, I can select in Bios the Auto option which basically is: CSM + UEFI, SB can be enabled or disabled, and during boot just pressing the Boot Overwrite Key (F8 in my case) I can select booting from HD-0 or HD-1, but for HD-1 also UEFI option will be available.
  • If SB is enabled when booting, an option to install the Security Certificate to NVRAM will appear on screen, once installed, this option will not appear anymore.

NOTE-1: All this can be done also with a single HD.

 

NOTE-2: With this layout almost all in this machine on HD-1 can Filedisk or Ramboot on MBR or UEFI, by means of a1ve Grub2 and grub4dos (MBR and UEFI versions) environments, as long as Win OS VHDs have SVBusdriver installed for Ramboot.

 

NOTE-3: My Linux-Mint.vhd.vtoy (20 GB) and my Linux-Lite.vhd.vtoy (10 GB) located on the root of NTFS partition, were tested booting as filedisk on MBR and UEFI. They can't boot from Ram, there is not a Linux driver similar to SVBus driver available for this. For more info to create a bootable Linux VHD/VDI/RAW see: this post, additional info on this post and following and also on this topic.

 

Note-4: Portable distros: Porteus, FossaDog, Fossapup64_9.5, puppy_slacko64_7.0, that Boot on Ram by design, were also only tested booting fine on MBR, I haven't made and test entries to boot on UEFI, just forgot to do it.

 

alacran

 

alacran


  • Gerolf likes this

#356 gbrao

gbrao

    Frequent Member

  • Advanced user
  • 446 posts
  •  
    India

Posted A week ago


 

Note-4: Portable distros: Porteus, FossaDog, Fossapup64_9.5, puppy_slacko64_7.0, that Boot on Ram by design, were also only tested booting fine on MBR, I haven't made and test entries to boot on UEFI, just forgot to do it.

 

 

Please let me know how you boot Puppy Linux - via the ISO or extracted contents. I cannot boot bionicpup64-8.0-uefi.iso from G4D unless I extract puppy_bionicpup64_8.0.sfs. MBR system,
 



#357 alacran

alacran

    Gold Member

  • .script developer
  • 2111 posts
  •  
    Mexico

Posted A week ago

Hi my friend.

 

Just edited previous post to add that info, but I will quote it for you here:

 

 

Optionally Integrate Linux Portable distros to FAT-32 partition, see: this topic

 

alacran


  • gbrao likes this

#358 steve6375

steve6375

    Platinum Member

  • Developer
  • 7368 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted A week ago

can ipxe wimboot be used with grub4efi? If so how?

I want to be able to add files into the X: boot.wim environment like ipxe wimboot code can in grub2.

i.e. boot directly from a Windows Install ISO and install Windows from UEFI and inject xml and other files...



#359 alacran

alacran

    Gold Member

  • .script developer
  • 2111 posts
  •  
    Mexico

Posted A week ago

can ipxe wimboot be used with grub4efi? If so how?

I want to be able to add files into the X: boot.wim environment like ipxe wimboot code can in grub2.

i.e. boot directly from a Windows Install ISO and install Windows from UEFI and inject xml and other files...

 

Its TFTP PXE boot feature was not working fine until 2021-06-19 version, there are 2 more recent versions after that but unfortunatelly I don't have more info related to this feature yet, I will update this info later.

 

For more info see this post.

 

EDIT: Just read all new post on the chinese page of G4E and there is no new info about TFTP PXE boot, so I assume all related to this feature remains the same.

 

alacran



#360 alacran

alacran

    Gold Member

  • .script developer
  • 2111 posts
  •  
    Mexico

Posted A week ago

Last UEFI version is: grub4dos-for_UEFI-2021-07-23.7z 976K (I haven't tested it yet).

 

On ext folder are the external commands that we can use, default location for them is the root of /EFI/grub folder.

If you want to check default location: on command line just type command and enter to get the default location.

 

The folders i386-efi and x86_64-efi contain the respective kernel images for x86 and x64 and are used for the embed menu, running the file mkimage.exe, additional info on attached ChangeLog_UEFI-EN.txt

 

For an example also see the info in the spoiler of this post.

 

Last MBR version is: grub4dos-0.4.6a-2021-06-02.7z 564K (Tested and working fine).

 

On ext folder are the external commands that we can use, default location for them is the root of /Boot/grub folder.

If you want to check default location: on command line just type command and enter to get the default location.

 

NOTE: In both cases the external commands can be copied to other location, but then it requires to include the full path to run/use them.

 

alacran

Attached Files



#361 steve6375

steve6375

    Platinum Member

  • Developer
  • 7368 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted A week ago

When grub4efi is loaded from grub2, I can see the default menu for 1 second.

I have a \efi\grub\menu.lst 

 

I see the internal menu has the 

configfile

command at the top.

 

If I press spacebar quickly and go to commandline, I can see that the root device has \efi\grub\menu.lst present but it is not loaded by the first configfile command.

 

I want to avoid the 1 second delay and the ugly text menu.

 

What search path does the 'configfile' command use by default?

Attached Thumbnails

  • grub4efi int config.JPG


#362 alacran

alacran

    Gold Member

  • .script developer
  • 2111 posts
  •  
    Mexico

Posted 6 days ago

What search path does the 'configfile' command use by default?

 

On the very first versions the default valid paths were almost the same as in the MBR version, but the default location was changed to /EFI/grub/menu.lst to avoid collition with grub4dos for MBR menu.lst

 

So AFAIK what your picture shows, is the only current location valid on the default embeded menu.

 

I never have seen even for a second the default menu, it seems to me in your case maybe the possible reasons could be the /EFI/grub/menu.lst file is fragmented, or too big, or the speed of your drive.

 

alacran



#363 steve6375

steve6375

    Platinum Member

  • Developer
  • 7368 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 6 days ago

It seems default menu is changed in recent versions.

There does not seem to be any pxe or configfile commands

It starts with title now and has a timeout of 1 second

see https://github.com/c...4dos/issues/288  (I edited timeout to 0 in the file)

 

I have re-made the EFI files and changed the internal menu and the default path, and now it works with no delay.

 

I use a windows cmd file:

@echo off
@color 1f
set ERR=
REM %1 contains folder with source file
if "%~1"=="" echo ERROR: Drag-and-drop grub4efi source folder onto this file & pause & goto :EOF
if not exist "%~1\mkimage.exe" echo ERROR: No mkimage.exe found in source folder & set ERR=1
if not exist "%~1\x86_64-efi\kernel.img" echo ERROR: No x86_64-efi\kernel.img found in source folder & set ERR=1
if not exist "%~1\i386-efi\kernel.img" echo ERROR: No i386-efi\kernel.img found in source folder & set ERR=1
if not exist "%~dp0e2b.lst" echo ERROR: No e2b.lst found in %~dp0 folder & set ERR=1
if "%ERR%"=="1" color 4f & pause & goto :EOF
pushd "%~1"
if exist BOOTX64.EFI del BOOTX64.EFI
if exist BOOTIA32.EFI del BOOTIA32.EFI
mkimage.exe -c "%~dp0e2b.lst" -O x86_64-efi -o BOOTX64.EFI   -p /_ISO/e2b/grub
mkimage.exe -c "%~dp0e2b.lst" -O i386-efi   -o BOOTIA32.EFI -p /_ISO/e2b/grub
echo.
if not exist BOOTX64.EFI  echo ERROR: No BOOTX64.EFI created! & set ERR=1
if not exist BOOTIA32.EFI echo ERROR: No BOOTIA32.EFI created! & set ERR=1
dir *.efi
echo.
echo INTERNAL MENU.LST
echo =================
echo.
type "%~dp0e2b.lst"
echo =================
if "%ERR%"=="1" color 4f & goto :end
echo.
echo PATH=\_ISO\e2b\grub
echo.
set E2BDRIVE=
set /P E2BDRIVE=Destination E2B Drive letter (e.g. N) :
if exist %E2BDRIVE%:\_ISO\e2b\grub\e2b.cfg (
copy BOOTX64.EFI  %E2BDRIVE%:\_ISO\e2b\grub
copy BOOTIA32.EFI %E2BDRIVE%:\_ISO\e2b\grub
dir %E2BDRIVE%:\_ISO\e2b\grub\*.efi
)
:end
popd
pause

So now I can just download and extract a new release and drag-and-drop the folder onto this cmd file to make new EFI files.

 

E2B.lst is currently:

configfile /_ISO/e2b/grub/menuefi.lst
title Reboot
reboot
title commandline
commandline
title Halt
halt


#364 steve6375

steve6375

    Platinum Member

  • Developer
  • 7368 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 6 days ago

I have a basic UEFI version of  E2B working and have reported many bugs (some of which have been fixed).

It uses same menu system as E2B legacy and same user config file (MyE2B.cfg).

It can boot linux iso's  but not much else so far.

Lots of work to do and bugs to fix in grub4efi!

 

Attached Thumbnails

  • e2befibetamainmenu.JPG

  • devdevadev likes this

#365 alacran

alacran

    Gold Member

  • .script developer
  • 2111 posts
  •  
    Mexico

Posted 6 days ago

There does not seem to be any pxe

 

You could try the suggestion from 2011whp mentioned on this post  perhaps Shivan didn't edited fine his embedded menu.

 

alacran



#366 steve6375

steve6375

    Platinum Member

  • Developer
  • 7368 posts
  • Location:UK
  • Interests:computers, programming (masm,vb6,C,vbs), photography,TV,films,guitars, www.easy2boot.com
  •  
    United Kingdom

Posted 6 days ago

Thanks, source files show no code  implemented for  pxe and ipxe commands.

But I was not asking about pxe/ipxe support. I was asking about the wimboot code which was originally part of the ipxe project and which can be called by grub2 to load wim files and boot to them (nothing to do with network/internet).

https://ipxe.org/wimboot

 

I get a 'kernel too old (0x0203 < 0x020b)' message with the ipxe wimboot binary.

 

a1ive ntloader does not seem to work with (0xff) devices mapped to ISOs and cannot inject files into the X: drive?

https://github.com/grub4dos/ntloader


Edited by steve6375, 6 days ago.


#367 alacran

alacran

    Gold Member

  • .script developer
  • 2111 posts
  •  
    Mexico

Posted 6 days ago

If no network/internet involved, you can use ntloader by a1ve which is useful to boot WIM files, it works on grub2, a1ve's grub2, and grub4dos (MBR and UEFI versions), see this post and 2 following.

 

EDIT: Look carefully to Advanced options on README.md, depending of your desired use, you could need to use them, but I haven't needed to use them so far to boot a PE WIM or boot/ramboot a VHD.

 

alacran



#368 Gerolf

Gerolf

    Member

  • Members
  • 67 posts
  •  
    Germany

Posted 4 days ago

To resume my previous postings (no. 341 ff.) concerning:

Secure-Boot Installation of Grub4DOS for UEFI on Internal GPT Disk

Zammibro asked (post no. 285):

How to add this thing to a Windows PC?

I answered (post no. 351):

Create a dual-boot scenario with a "trusted" Linux distro to get a signed Grub2 installed, and then modify its configuration to chainload "Grub4EFI" and your other cool "untrusted" stuff.

 

1. GPT partitioning: post no. 343

 

A 120 GB solid state disk should be sufficient for this experiment.

 

2. Windows 10/11 installation: ditto

 

The minimum partition size for Windows 10 is 32 GiB officially, out of which it uses 20 GiB. Windows 11 wants to have 64 GiB and uses 26 GiB. Thus, if Windows 11 is installed as an update to Windows 10 in order to bypass the newly introduced hardware requirements test, the partition should have at least 84 GiB, which can be reduced after installation.

 

3. openSUSE Tumbleweed installation: post no. 345

 

The recommended partition size for this rolling release is 48 GiB, but only 8 GiB will be used in the default setup with KDE Plasma desktop (which already looks like Windows 11 for quite some time, except that the Start button doesn't move to another position whenever you start or close an application). So you can squeeze it onto a small partition if you only need it for an automated and manageable installation of a secure-bootable Grub2 for EFI.

 

4. "Grub4EFI" installation

 

Download and extract the latest version of Grub4DOS for UEFI to, say, USB drive U:. Since its menu.lst has to go to the /EFI/grub folder of the EFI system partition, copy its binary BOOTX64.EFI to the same location (instead to /EFI/Grub4EFI like in my previous post no. 351), without renaming. (Even that way, a confusion with Grub legacy, which won't get a UEFI update, or Grub2, which won't read menu.lst, should not occur.)

To install "Grub4EFI" under Windows, open a command prompt window as administrator and enter:

mountvol E: /s  
md E:\EFI\grub
copy U:\menu.lst E:\EFI\grub
copy U:\BOOTX64.EFI E:\EFI\grub

The first command mounts the EFI system partition as volume E: but it still won't show up in File Explorer. Under Linux you have to open the file manager in supervisor mode to access this partition, which gets mounted to /boot/efi/EFI in openSUSE.

 

5. Customize "Grub2EFI" menu to add "Grub4EFI"

Sometimes I like to play with stupid things, see my PC Emulator test a few weeks ago, before the new Windows 11 got me: Now, I can better tell one white window from the other in case of overlap, but when I right-click on the name of a file on hard disk, I only hear the DVD drive rattle, and the context menu just pops up and collapses. It may stay open on the second right-click-and-rattle. Or the third. Sometimes it helps to also press [Context Menu] on the keyboard. Or to restart File Explorer.  

But this improves over the weeks, updates are underway. They get installed with a message that just sounds offensive, at least to German ears, somehow alleging you're still recovering from blue cabbage hangover: We give you an "Estimated time: 5 Minutes" until "You are 100% there." And now for my next proposal, dealing with a menu that gets rebuilt automatically from fragments.

Wonko said (post no. 352):

That "feature" (...) is in my personal opinion one of the stupidest things ever made by humans (...) not the general idea in itself, but the fact that in practice it makes difficult to "mantain" a valid "customized" grub.cfg in case of updates/changes to the system.

That feature does make sense for a rolling release like Tumbleweed, which can update its own grub.cfg fragments without losing those you have added for customization. The "stupid" thing is that grub.cfg wouldn't be necessary at all because Grub2 might as well run the menu builder fragment collection at boot time. The grub.cfg script introduces redundancy in order to reduce the time to boot to the menu. A user won't know the former but might notice the latter. And doesn't the update problem haunt you with a menu.lst too?

The menu configuration script /boot/grub2/grub.cfg gets rebuilt whenever any change, like selecting another default menu entry, is done to the boot manager's settings via YaST GUI. As indicated in a comment at the beginning of grub.cfg, you can also trigger this manually, entering the supervisor command

sudo grub2-mkconfig -o /boot/grub2/grub.cfg

(Other distros have

sudo update-grub

which is not mentioned in the Grub2 manual.)

 

The menu builder fragments are collected in /etc/grub.d and named

00_header
00_tuned
10_linux
20_linux_xen
20_memtest86+
30_os-prober
30_uefi_firmware
40_custom
41_custom
80_suse_btrfs_snapshot
90_persistent
95_textmode

Called by grub2-mkconfig, they run in the order of their numbering, with the executable bit being used to enable or disable individual fragments (see Dedoimedo's Grub2 tutorial).
 
The 30_os-prober script detects the Windows Boot Manager. Next year, Tumbleweed may replace it with a buggy update to also find "Grub4EFI", but won't do no harm to your own customized menu entry script (named 09_grub4efi to be listed first, compare Alacran's proposal in post no. 347):

#!/bin/sh -e
# /etc/grub.d/09_grub4efi
# lines between EOF marks go into /boot/grub2/grub.cfg
cat << EOF
  menuentry "Grub4EFI" {
    set file=/EFI/grub/BOOTX64.EFI
    search --file --set root \$file
    chainloader \$file
  }
EOF

This file must be saved in Unix format if created under Windows. On Linux, drop it into the /etc/grub.d folder and change its file mode to "executable" under "Permissions" in the file manager's context menu or, in a terminal window, with the supervisor command

sudo chmod +x /etc/grub.d/09_grub4efi

6. Customize "Grub4EFI" menu to add "Grub2EFI" and BootMGFW

 

Once "Grub4EFI" shows up, system administrators can focus on maintaining, updating, bloating, fragmenting, and auto-rebuilding their own customized /EFI/grub/menu.lst. Essentially, it looks like this, sporting entries to switch to the other two UEFI boot managers (compare posts no. 1 by A1ive and no. 336 by Alacran, and note the DOS/Linux-style syntax differences to the above menu entry definition for Grub2):

# /EFI/grub/menu.lst  
default 0
timeout 10
    
title Grub2EFI\n openSUSE Tumbleweed
set file=/EFI/opensuse/grubx64.efi
find --set-root %file%
chainloader %file%
  
title BootMGFW\n Microsoft Windows 10/11
set file=/EFI/Microsoft/Boot/bootmgfw.efi
find --set-root %file%
chainloader %file%

title Commandline
commandline

title Reboot
reboot

title Halt
halt    

7. Customize BootMGFW menu to add "Grub4EFI" to "Grub2EFI"

 

Sorry, here comes a spoiler: This will fail at the end, despite a promising start. Run Bootice under Windows (using the recommended version 1.3.3.2) and open the dialog to edit UEFI boot entries (like on the second image in Alacran's post no. 346). Bootice retrieves the following Boot Configuration Data from the Windows Boot Manager's store (see post no. 348):

# all entries:
Boot disk:  HDD: ST ... (300 GB, C: D:)
Boot part:  0: (FAT32, 100.0 MB, ESP)

Menu title: Windows Boot Manager
Media file: \EFI\Microsoft\Boot\bootmgfw.efi

Menu title: opensuse-secureboot
Media file: \EFI\opensuse\shim.efi

So openSUSE successfully inscribed itself to the BCD store during its installation, with the first-stage bootloader Shim being the "root of trust" for secure-booting Grub2 (post no. 341). We can take the above UEFI boot menu entries as templates to add a third one for "Grub4EFI" (the required dialog would not open in the last version 1.3.4.0 of Bootice):

Menu title: Grub4EFI
Media file: \EFI\grub\BOOTX64.EFI

But it's all in vain: BootMGFW doesn't show those entries to boot openSUSE's Shim or our "Grub4EFI", not even in non-Secure Boot mode, and thus turns out to be a real "Boot Manager for Windows (only)".
 

 

8. Start from scratch on GPT disk

 
Here I also talk about the creation of a stable testbed for fast hypervisors which make use of hardware-assisted virtualization, so that you can run two modern operating systems at the same time. Windows 10 and 11 bring Hyper-V, which can even be enabled on the Home Edition, while openSUSE, unlike other Linux distros, comes with pre-installed Xen hypervisor.

 

I said (post no. 351):

C'mon, you'll find a spare computer to reproduce this experiment.

Alacran said (post no. 355):

My test machine layout is: (...) HD-0 is MBR formated (...) HD-1 MBR formated

In 2005, the year he lost his re-election bid, German chancellor Gerhard Schroeder introduced "One-Euro-Jobs". His beloved successor, Angela Merkel, introduced and slowly raised minimum wage such that today, after she became re-elected again and again and again, for about two hours of work one can afford a brand-new solid-state disk of at least 120 GB, which is already the smallest available size, and if one takes into consideration the time needed for system re-installation or backup and restore, it might be reasonable to just exchange a suitable and running test computer's internal disk for this experiment without increasing one's stakes too much.

 


#369 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15714 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 4 days ago

@Gerolf

The issue is/was that a number of distro's periodically change (changed?) the (stupid) name of the kernel when updating, and ran "update-grub" (or whatever) in order to ONLY modify that particular kernel name, and in case the grub.cfg had been manually modified and/or the series of script was (by accident or whatever) "wrongly" made, this caused the whole grub.cfg be rebuilt from scratch, with (often) making other entries disappear or be no longer valid...

 

Since the mechanism of the scripts and the behaviour of the various distro's is not well (or at all) documented/advertised in the "basics" (as said the only place where I could find an easy, understandable explanation was dedoimedo's), and it is (AFAIK) "new" to GRUB2, I have seen grown men cry after having updated a distro and finding not anymore a numebr of (directly) added entries in grub.cfg.

 

Your mission, should you accept it, is to replace in a plain txt file the word "kernel123" with the word "kernel234", which approach would you take:
1) just replace that d@mn string
2) rebuild the whole file from bits and pieces WITHOUT warning the user
3) rebuild the whole file from bits and pieces warning the user BEFORE doing it and - in any case - make a backup copy of the current grub.cfg

 

The issue is with the choice #2 that was taken. 

 

:duff:

Wonko 


  • Gerolf likes this

#370 Gerolf

Gerolf

    Member

  • Members
  • 67 posts
  •  
    Germany

Posted A day ago

If a system wants to be cool, it has to hide its complexity, see Windows 10: Its installation feedback messages are of the utmost triviality. Users or admins always have their own problems. Why bother them with a warning, something dangerous may happen right now, but a backup will be created?

I see Grub2's updating issues as being caused by some kind of information redundancy between the input fragments and the output "configuration file". The fragments, however, add at least one layer of complexity, as code must be added to write the relevant information to the end of grub.cfg. Thus admins are tempted to think: "Oh, I better hack that file", whose creation I would rather avoid at all. But no grown man should cry if he has "customized" a file that starts with a warning: "Don't hack me, I'll be overwritten."
 


Edited by Gerolf, A day ago.


#371 Gerolf

Gerolf

    Member

  • Members
  • 67 posts
  •  
    Germany

Posted A day ago

Under the rules of Grub2, however, we are allowed to create, at a location that won't be overwritten, an additional, customized \EFI\grub2\grub.cfg that gets loaded when selecting an entry written by a standard menu builder fragment /etc/grub.d/49_custom_menu defined as follows:

#!/bin/sh -e
# /etc/grub.d/49_custom_menu
# this file must have Unix-style line endings and be made executable
# lines between EOF marks go into /boot/grub2/grub.cfg when running
# sudo grub2-mkconfig -o /boot/grub2/grub.cfg
cat << EOF
  menuentry "More ..." {
    set file=/EFI/grub2/grub.cfg
    search --file --set root \$file
    configfile \$file
  }
EOF

To replace the /etc/grub.d/09_grub4efi fragment proposed in section 5, our customized \EFI\grub2\grub.cfg has to look like this (compare sample and tutorial):

# \EFI\grub2\grub.cfg
# /boot/efi/EFI/grub2/grub.cfg
set timeout=10
set default=0

menuentry "Grub4EFI" {
  set file=/EFI/grub/BOOTX64.EFI
  search --file --set root $file
  chainloader $file
}

menuentry "Reboot" {
  reboot
}

Use arrow keys to reach hidden menu entries. Now guess what solution openSUSE suggests in the /etc/grub.d/41_custom fragment.

Spoiler


Edited by Gerolf, A day ago.


#372 Gerolf

Gerolf

    Member

  • Members
  • 67 posts
  •  
    Germany

Posted A day ago

In my installation, at the Grub2 prompt, the "set" command shows that the environment variable $config_directory is empty, while $prefix is set to "(hd0,gpt6)/boot/grub2". Thus openSUSE's /etc/grub.d/41_custom expects your custom menu as /boot/grub2/custom.cfg on the Linux partition, which might get re-formatted when the system must be re-installed, so that we better load the actual customization from the EFI system partition:

# /boot/grub2/custom.cfg
menuentry "More" {
  set file=/EFI/grub2/grub.cfg
  search --file --set root $file
  configfile $file
}

That way, we won't have to create and activate any menu builder fragment scripts in Unix format. To prevent tears over a non-booting Linux in case of a misconfiguration, you can install it to an ext3 file system, which is accessible from Windows using the ext2fsd driver. Also, to navigate the EFI system partition under Windows, enter the command "mountvol E: /s" and open 7-Zip File Manager 7zFM.exe in administrator mode.



#373 Gerolf

Gerolf

    Member

  • Members
  • 67 posts
  •  
    Germany

Posted A day ago

To stop being locked out from KDE Plasma every five minutes without enough clicking activity, change "Settings/System Settings/Workspace Behavior/Screen Locking". Now that the issue with /boot/grub2/grub.cfg being overwritten automatically seems to be solved with the help of another bypass, I am curious to install Chenall's Universal Master Boot Record in order to also boot Grub4DOS on GPT disk, like in Doveman's dual-boot scenario with Linux-based LibreElec.






9 user(s) are reading this topic

0 members, 9 guests, 0 anonymous users