[lfs-support] Configuring and Installing GRUB for {,U}EFI

Dan McGhee beesnees at grm.net
Wed Nov 6 17:28:06 PST 2013

On 10/28/2013 10:55 AM, Bruce Dubbs wrote:
> Dan McGhee wrote:
> When all this is successful, I could write the procedure up and post
> it.  Then, if anyone wanted to, it could be put in the book somewhere.
> I could also write a hint if that were more practical.
> For now, just let us know your results.
>     -- Bruce
So far my results are just learning. I really haven't done anything yet, 
but some people may be interested in what I have found to date. This is 

Booting Linux in general, or LFS specifically *can be* as 
straightforward as it always has been. But if someone wants to make use 
of their UEFI--formerly EFI--firmware, then it is not so straightforward 
and can be down right complex.

The first thing to note, in the current milieu, is that if you want to 
use *secure boot*--which is an add-on to and not synonymous with 
UEFI--you can install GRUB like you always have, but you will never see 
it boot anything because, if you're doing it in a "pre-UEFI" fashion, 
it's irrelevant to secure boot and won't be seen. Secure boot is an 
option in Linux right now if and only if you are using Ubuntu>12.10, 
Fedora, OpenSuse--I don't know the version numbers--or if you have paid 
Microsoft $95 to let you write a key that you can use with your firmware 
and then figure out how to write a file that will check with the 
firmware to make sure all is OK and then check with the bootloader to 
make sure it's not vicious or malicious. (Sorry for the sarcasm). All of 
this means that you must turn off secure boot in your firmware setup.

So far the only thing we have done in our preparation to boot LFS is 
turn off secure boot. Onward!

The next option is to turn turn on "legacy mode" or "CMS" in the 
firmware. This is vendor specific so there are probably a number of 
things this is called. It just means "going back to the way things used 
to be."--a bootloader in the first sector of the disk. In days of yore 
this was the way all computers shipped. We are all familiar with it--one 
bootloader, chain-linking and four primary partitions. Except if you 
have a GPT partition table. To insure backwards compatibility GPT 
partition tables now have an area at the beginning of the disk called 
the "Protective MBR Layer." This is the place where GRUB would go on a 
GPT disk.

This is also the place at which things start to muddy a bit. BIOS based 
firmware could handle only one bootloader, because it was "limited" to 
one physical spot on a fixed disk. UEFI overcomes that by using a "Boot 
Manager" to select the boot loader, and there can be, theoretically, any 
number of boot loaders, because these loaders now reside in a partition 
and not an actual physical spot on the disk. The following is the 
snipped results of my running <parted -l /dev/sda>

> Number Start End Size File system Name Flags
> 1 1049kB 420MB 419MB ntfs Basic data partition hidden, diag
> 2 420MB 693MB 273MB fat32 EFI system partition boot
If someone has this partition, chances are they've been booting in EFI 
Mode. What I've read so far is that the EFI partition is usually the 
first partition of the disk, but it's not on mine. Another vendor thing 
I think. This partition contains two directories: boot and EFI. I've 
discovered that it's standard in Linux to mount it at /boot/efi--that's 
the way it is in my Ubuntu system and it's listed in /etc/fstab. Here 
are the results of <ls /boot/efi/EFI> using Ubuntu on my HP-Envy:
> Boot HP Microsoft ubuntu
I've put this in here because the Boot Manager--whether written by HP or 
Microsoft I don't know--reads this directory and gives, as choices, the 
names of the directories--Boot comes across as Recovery for an option. 
You can access the Boot Manager by interrupting the boot process. On my 
machine it's done by holding the ESC key during boot and then selecting 
what I want. This is what I had to do to get to Ubuntu after I first 
installed it. The problem is in getting the Boot Manager to have a 
different default selection other than Microsoft. The solution to that 
is not trivial and I don't want to write about it until I study the 
process some more and, possibly, try it.

But at this point let me show you the magic. Since version 3.3, the 
Linux kernel has had "efi hooks." So--and I think it's this simple--you 
could create a directory in /boot/efi/EFi--let's call it LFS-7.4--and 
put the kernel in it. Then "LFS-7.4" would appear as option in the EFI 
Boot Manager, you select it and "Holy shiny boots, Batman, there's my 
new LFS system and I didn't even use GRUB!"

What I've tried to do is describe the "easy" ways to boot LFS now. If 
you want the computer to default to Grub2 with all the selections on it, 
then there's more.

I've found two interesting articles on the "nuts and bolts" of all of this.

"Managing EFI Bootloaders for Linux" 
<http://www.rodsbooks.com/efi-bootloaders/installation.html> gives a lot 
of good detail about EFI, elilo, Grub2 and the kernel. That document 
links to UEFI Booting <https://help.ubuntu.com/community/UEFIBooting> 
which has some good info also. It's slanted toward Ubuntu, but it's 
usable in general.

I have some questions about specific GRUB2 options, but this is enough 
for tonight.

Thanks for wading through this.


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfromscratch.org/pipermail/lfs-support/attachments/20131106/bafcc9c6/attachment.html>

More information about the lfs-support mailing list