Actions

grub bootloader Configuration Changes

From Whonix



Grub logo.png

Introduction[edit]

Info This is a grub, not a Whonix ™ feature. Unspecific to Whonix ™. Therefore Free Support Principle applies.

Before trying specific kernel boot parameters, it is advisable to first add them temporarily for testing or troubleshooting purposes. When the parameters have the intended effect, they can then be added permanently.

Kernel boot parameters are text strings that disable/enable certain features or change specific system behaviors. To achieve the desired change, note kernel boot parameters: [1]

  • can be a simple keywords (like "splash" or "noapic")
  • are case-sensitive (for example "Noapic" would not have any effect but "noapic" would take effect)
  • might have an = sign to denote values (like "acpi_backlight=vendor")
  • might include punctuation (""i8042.noloop")

Kernel boot parameters have no effect unless entered exactly as advised -- spelling/formatting errors or invalid values do not result in an error message.

Kernel Boot Parameter Change[edit]

Follow these steps to temporarily add kernel boot parameters. Useful for testing such a normal (non-recovery mode) boot while enabling verbose boot messages. Alternatively, if that is accessible [2], see Permanent Configuration Changes.

1. Restart the system. [3]

2. Access the grub menu.

Repeatedly press the Esc key until the grub menu appears. Alternatively the Shift key can be held down continuously for BIOS-mode (not UEFI-mode) until the menu appears. [4]

3. Select the relevant entry to edit.

Use the arrow keys to highlight the relevant entry and then press the e key to enter edit mode.

4. Add kernel boot parameter changes.

Use the arrow keys to move down to the line that contains boot arguments: [5]

  • On BIOS systems the line will begin with linux.
  • On UEFI systems the line begins with linuxefi.

Press the End key to move the cursor to the end of that line. Press the space bar and carefully type in kernel boot parameters -- multiple parameters are separated with a space, but no spaces are added before/after any = signs or for punctuation in parameters.

5. Reboot the system.

Press Ctrl + X to boot the system with the new, temporary parameters.

The effect will only last for this boot session; once the system is restarted they will no longer have any effect.

Permanent Configuration Changes[edit]

1. Learn how to configure permanent changes.

Inspect the following resources:

  • folder /etc/default/grub.d
  • file /etc/default/grub.d/40_kernel_hardening.cfg

2. Create a new configuration file.

Open file /etc/default/grub.d/50_user.cfg in an editor with root rights.

This box uses sudoedit for better security [archive]. This is an example and other tools can also achieve the same goal. If this example does not work for you or if you are not using Whonix ™, please refer to this link. 

sudoedit /etc/default/grub.d/50_user.cfg

3. Paste the necessary kernel parameters.

Notes:

  • The following example uses kernel parameter nomodeset.
  • Replace only nomodeset with the actual kernel parameters you want to add.
  • Do not remove the leading text (underlined): GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nomodeset".
  • Do not remove the trailing quote ("; marked in bold): GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nomodeset".

GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nomodeset"

4. Save.

5. Regenerate grub configuration. 

sudo update-grub

6. Done.

The process of adding a kernel parameter is complete.

7. Verification.

Optional.

Inspect /boot/grub/grub.cfg because that is the generated file which is actually used during the boot process.

Inspect Grub Configuration Changes[edit]

1. Put folder /boot/grub under git version control.

Git is a useful tool to record which files in a folder changed in what way.

Git setup for folder /boot/grub.

Install git.

1. Update the package lists. 

sudo apt update

2. Upgrade the system. 

sudo apt full-upgrade

3. Install the git package.

Using apt command line parameter --no-install-recommends is in most cases optional. 

sudo apt install --no-install-recommends git

4. Done.

The procedure of installing git is complete.

Change directory to folder /boot/grub. 

cd /boot/grub

Initialize git in that folder. 

sudo git init

Git needs an e-mail address. That e-mail address doesn't need to actually exist. That e-mail address would appear in git commit change logs if that git repository was ever pushed to any remote. If only used locally, the default you@example.com could be kept. Otherwise, the user may change you@example.com to any e-mail address of their choice. 

sudo git config --global user.email "you@example.com"

Git needs an name. That name address doesn't need to actually exist. That name would appear in git commit change logs if that git repository was ever pushed to any remote. If only used locally, the default Your Name could be kept. Otherwise, the user may change Your Name to any name of their choice. 

sudo git config --global user.name "Your Name"

Add all files in that folder to git. 

sudo git add -A

Commit all files to git. [6] 

sudo git commit -a -m .

2. Change grub configuration.

Make changes according to Permanent Configuration Changes.

3. See which files were modified by update-grub.

From the same folder. 

git status

4. Inspect the changes.

Using command line using default diff viewer diff which might be a bit difficult to read but an alternative is presented in the next step. 

git diff

A graphical diff viewer can be used. Unspecific. Undocumented. 

git difftool

See Also[edit]

Footnotes[edit]

  1. https://wiki.ubuntu.com/Kernel/KernelBootParameters [archive]
  2. Not accessible if boot is broken obviously.
  3. Or shut it down and power it on again.
  4. The system might hang when holding down the Shift key. If that happens, just briefly release the Shift key and hold it down again until the grub menu appears.
  5. https://docs.fedoraproject.org/en-US/Fedora/22/html/Multiboot_Guide/GRUB-runtime.html [archive]
  6. Commits all files to git with commit message . for simplicity. Commit message could also be something else such as {{{sudo_maybe}}} git commit -a -m "initial commit".
Fosshost is sponsors Kicksecure ™ stage server 100px
Fosshost About Advertisements

Search engines: YaCy | Qwant | ecosia | MetaGer | peekier | Whonix ™ Wiki

Follow: 1024px-Telegram 2019 Logo.svg.png Iconfinder Apple Mail 2697658.png Twitter.png Facebook.png Rss.png Reddit.jpg 200px-Mastodon Logotype (Simple).svg.png

Support: Discourse logo.png

Donate: Donate Bank Wire Paypal Bitcoin accepted here Monero accepted here Contribute

Whonix donate bitcoin.png Monero donate Whonix.png United Federation of Planets 1000px.png

Twitter-share-button.png Facebook-share-button.png Telegram-share.png Iconfinder Apple Mail 2697658.png Reddit.jpg Hacker.news.jpg 200px-Mastodon Logotype (Simple).svg.png

Did you know that Whonix ™ could provide protection against backdoors? See Verifiable Builds. Help is wanted and welcomed.

https link onion link Priority Support | Investors | Professional Support

Whonix | © ENCRYPTED SUPPORT LP | Heckert gnu.big.png Freedom Software / Osi standard logo 0.png Open Source (Why?)

The personal opinions of moderators or contributors to the Whonix ™ project do not represent the project as a whole.

Retrieved from "https://www.whonix.org/w/index.php?title=Grub&oldid=71336"
By using our website, you acknowledge that you have read, understood and agreed to our Privacy Policy, Cookie Policy, Terms of Service, and E-Sign Consent.
More information