{{Header}}
{{title|title=
grub bootloader Configuration Changes
}}
{{#seo:
|description=Kernel Boot Parameter Changes
|image=Live-mode-promo.jpg
}}
{{troubleshooting_mininav}}
[[File:Live-mode-promo.jpg|grub boot menu|thumb]]
{{intro|
Kernel Boot Parameter Changes
}}
__TOC__
= Introduction =
{{mbox
| type = notice
| image = [[File:Ambox_notice.png|40px|alt=Info]]
| text = This is a grub, not a {{project_name_long}} feature. [[Unspecific|Unspecific to {{project_name_long}}.]] Therefore [[Self_Support_First_Policy|Self Support First Policy]] applies.
}}
Before trying specific kernel boot parameters, it is advisable to first add them temporarily for testing or troubleshooting purposes. When the parameters have the intended effect, they can then be added permanently.
Kernel boot parameters are text strings that disable/enable certain features or change specific system behaviors. To achieve the desired change, note kernel boot parameters: [
https://wiki.ubuntu.com/Kernel/KernelBootParameters
]
* can be a simple keywords (like "splash
" or "noapic
")
* are case-sensitive (for example "Noapic
" would not have any effect but "noapic
" would take effect)
* might have an =
sign to denote values (like "acpi_backlight=vendor
")
* might include punctuation (""i8042.noloop
")
Kernel boot parameters have no effect unless entered exactly as advised -- spelling/formatting errors or invalid values do not result in an error message.
= Kernel Boot Parameter Change =
Follow these steps to temporarily add and/or remove kernel boot parameters. Example use cases include:
* Testing a normal (non-recovery mode) boot while enabling verbose boot messages.
* Booting into [[Recovery#Recovery_Mode|Recovery Mode]] (single user mode).
* Testing kernel parameters temporarily before making at is accessible [[#Permanent Configuration Changes|Permanent Configuration Changes]].
* This list is far from exhaustive.
{{Box|text=
'''1.''' Restart the system. [
Or shut it down and power it on again.
]
'''2.''' Access the grub menu.
Repeatedly press the {{IconSet|keyboard|ESC}} key until the grub menu appears. Alternatively, the {{IconSet|keyboard|shift}} key can be held down continuously for BIOS-mode (not UEFI-mode) until the menu appears. [
The system might hang when holding down the {{IconSet|keyboard|shift}} key. If that happens, just briefly release the {{IconSet|keyboard|shift}} key and hold it down again until the grub menu appears.
]
'''3.''' Select the relevant entry to edit.
Use the arrow keys ({{IconSet|keyboard|↑}} or {{IconSet|keyboard|↓}}) to highlight the relevant entry and then press the {{IconSet|keyboard|e}} key to enter edit mode.
'''4.''' Add kernel boot parameter changes.
Use the arrow keys to move down to the line that contains boot arguments: [
https://web.archive.org/web/20220312140233/https://docs.fedoraproject.org/en-US/Fedora/22/html/Multiboot_Guide/GRUB-runtime.html
]
* On BIOS systems, the line will begin with linux
.
* On UEFI systems, the line begins with linuxefi
.
Press the {{IconSet|keyboard|end}} key to move the cursor to the end of that line. Press the {{IconSet|keyboard|space}} and carefully type in kernel boot parameters.
Notes:
* Multiple parameters are separated with a space
.
* No space
s are added before/after any =
(equals) signs or for punctuation in parameters.
'''5.''' Reboot the system.
Press {{IconSet|keyboard|ctrl}} + {{IconSet|keyboard|X}} to boot the system with the new, temporary parameters.
The effect will only last for this boot session; once the system is restarted, they will no longer have any effect.
}}
= Permanent Configuration Changes =
{{Box|text=
'''1.''' Learn how to configure permanent changes.
Inspect the following resources:
* folder /etc/default/grub.d
* file /etc/default/grub.d/40_kernel_hardening.cfg
'''2.''' Create a new configuration file.
{{Open with root rights|
filename=/etc/default/grub.d/50_user.cfg
}}
'''3.''' Paste the necessary GRUB configuration change such as adding or removing kernel parameters.
Notes:
* The following example uses kernel parameter nomodeset
.
* Replace only nomodeset
with the actual kernel parameters you want to add.
* Do not remove the leading text (underlined): GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nomodeset"
.
* Do not remove the trailing quote ('''"'''
; marked in bold): GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nomodeset'''"'''
.
{{CodeSelect|code=
GRUB_CMDLINE_LINUX="$GRUB_CMDLINE_LINUX nomodeset"
}}
'''4.''' Save.
'''5.''' Regenerate grub configuration.
{{CodeSelect|code=
sudo update-grub
}}
'''6.''' Done.
The process of adding a kernel parameter is complete.
'''7.''' Verification of GRUB configuration file.
Optional.
Inspect /boot/grub/grub.cfg
because that is the generated file which is actually used during the boot process.
{{CodeSelect|code=
sudoedit /boot/grub/grub.cfg
}}
'''8.''' Reboot.
A reboot is required for changes to take effect.
{{CodeSelect|code=
reboot
}}
'''9.''' Verification of kernel command line
Inspect the virtual file /proc/cmdline
.
{{CodeSelect|code=
cat /proc/cmdline
}}
}}
= Inspect Grub Configuration Changes =
'''1.''' Put folder /boot/grub
under git version control.
Git is a useful tool to record which files in a folder changed in what way.
{{box|text=
Git setup for folder /boot/grub
.
{{Git version control
|sudo_maybe=sudo
|folder=/boot/grub
}}
}}
'''2.''' Change grub configuration.
Make changes according to [[#Permanent Configuration Changes|Permanent Configuration Changes]].
'''3.''' See which files were modified by update-grub
.
From the same folder.
{{CodeSelect|code=
git status
}}
'''4.''' Inspect the changes.
Using command line using default diff viewer diff
which might be a bit difficult to read but an alternative is presented in the next step.
{{CodeSelect|code=
git diff
}}
A graphical diff viewer can be used. [[Unspecific]]. [[Undocumented]].
{{CodeSelect|code=
git difftool
}}
= Inspect Kernel Command Line =
To view the kernel command line of the currently booted kernel, run.
{{CodeSelect|code=
cat /proc/cmdline
}}
If too much output, use grep to filter.
Note: Replace parameter
with the actual kernel parameter you are looking for.
{{CodeSelect|code=
cat /proc/cmdline {{!}} grep parameter
}}
= Goodies =
* https://packages.debian.org/{{Stable_project_version_based_on_Debian_codename}}/grub-image-boot
* https://packages.debian.org/{{Stable_project_version_based_on_Debian_codename}}/grub-customizer
= Boot with Manual Commands =
TODO: document
https://forums.kicksecure.com/t/kicksecure-no-password-prompt-on-gnu-grub/483/3
= Boot Related Screenshots =
TODO: document
== GRUB Bootloader Authentication Password Prompt ==
Notes:
* This is an authentication password for the GRUB bootloader, providing basic protection against unauthorized access. It is unrelated to [[Full Disk Encryption]].
* This is for protecting GRUB menu and settings from unauthorized changes.
Refer to:
* [[Protection_Against_Physical_Attacks#Bootloader_Password|Bootloader Password]]
* [[Protection_Against_Physical_Attacks#How_to_set_a_bootloader_password|How to set a bootloader password]].
'''Figure:''' ''GRUB Bootloader Authentication Password Prompt''
[[File:grub_bootloader_password.jpg]]
== Legacy BIOS - GRUB Bootloader Disk Decryption Password Prompt ==
'''Figure:''' ''GRUB Bootloader Disk Decryption Password Prompt for (Legacy BIOS)''
[[File:Grubpass.png|600px]]
== EFI - GRUB Bootloader Disk Decryption Password Prompt ==
'''Figure:''' ''GRUB Bootloader Disk Decryption Password Prompt (EFI)''
[[File:EFIGrubpass.png|600px]]
== EFI - SecureBoot - Boot Error Message ==
This is a known issue. No bug report is required.
'''Figure:''' ''EFI SecureBoot Boot Error Message''
[[File:EFIDracutpass.png|600px]]
To resolve this issue, refer to [[Secure Boot]].
== initramfs (initramfs-tools or dracut) Based Encryption Password Prompt ==
'''Figure:''' ''initramfs (initramfs-tools or dracut) Based Encryption Password Prompt''
[[File:dracutpass.png|600px]]
= See Also =
* [[Configuration Files]]
* [[grub-live]]
* [[Recovery]]
= Footnotes =
{{reflist|close=1}}
{{Footer}}
[[Category:Documentation]]