Difference between revisions of "GRUB2"

From coreboot
Jump to: navigation, search
(Building a diskimage module: updated title)
(Compiling GRUB2 for being use as a payload)
(25 intermediate revisions by 8 users not shown)
Line 1: Line 1:
'''[http://grub.enbug.org/ GRUB2]''' is a modular, multiboot-capable bootloader for many operating systems.
+
'''[https://www.gnu.org/software/grub/grub.html GRUB2]''' is a modular, multiboot-capable bootloader for many operating systems that can be used as a payload for coreboot.  
  
GRUB2 is an ideal payload for coreboot. It's modular, extensible, supports booting off filesystems, and it has a scriptable shell. Our goal is to replace the common coreboot payload [[FILO]] with a coreboot-capable version of GRUB2.
 
  
 
== Status ==
 
== Status ==
  
* A significant amount of work has been put into GRUB2 in our [[Monotone Repository|monotone repository]], which also provides snapshots.
+
* The mainline version of GRUB2 has a [http://grub.enbug.org/CoreBoot wiki page on the coreboot port] (Update: no longer available)
* The mainline version of GRUB2 has a [http://grub.enbug.org/CoreBoot wiki page on the coreboot port].
+
* Additional information about our former GRUB2 effort (which was part of Google Summer of Code 2007) can be found in the history of this page. Don't expect any link there to work.
 +
* As an alternative, you could consider using [[FILO]]. Both FILO and GRUB2 have various advantages and disadvantages. Which of the two is better suited depends on your requirements.
 +
* Yet another alternative is to not put GRUB into the BIOS ROM, but have it run from your disk as you would with a vendor BIOS. For that, you can use [[SeaBIOS]] as payload, which will then be able to run either GRUB1 or GRUB2 from your disk.
  
== How to build GRUB2 as a payload ==
 
  
It's recommended to use a recent snapshot of the '''allpatches''' branch in the [[Monotone Repository|GRUB2 monotone repository]]
+
== Compiling GRUB2 for being use as a payload (WIP HOWTO) ==
(you can also just download http://coreboot.org/viewmtn/branch/head/tar/org.coreboot.grub2.allpatches - which resolves to the latest revision on that branch; the top level directory in the resulting tarball represents the revision ID, which is a SHA-1 value over revision data, and thus varies wildly).
+
See [[Talk:GRUB2]] and [https://lists.gnu.org/archive/html/grub-devel/2011-06/msg00003.html here] for more details.
  
  $ wget http://coreboot.org/viewmtn/revision/tar/dfb745863916f6f022db54421bf07a6c19ba053e -O grub2.tar
+
=== Compiling ===
  $ tar xfv grub2.tar
+
  bzr branch http://bzr.savannah.gnu.org/r/grub/trunk/grub
$ cd dfb745863916f6f022db54421bf07a6c19ba053e
+
  cd grub
  $ sh autogen.sh
+
  ./autogen.sh
  $ ./configure --with-platform=linuxbios --prefix=$PWD/installed
+
  ./configure --with-platform=coreboot
  $ chmod 755 mkinstalldirs
+
  make
$ make && make install
+
$ $PWD/installed/bin/grub-mkimage -o core.img normal fat iso9660 pc ata memdisk lar ls cat cmp hello help serial terminal test configfile multiboot boot loopback
+
  
== GRUB2 modules ==
+
=== combining with coreboot ===
 
+
cd grub-core
GRUB2 is a modular system, you can include whichever modules you need into the image.
+
tar cvjpf ../../memdisk.tar acpi.mod* ahci.mod* all_video.mod* ata.mod* at_keyboard.mod* boot* cat.mod* chain.mod* efiemu.mod* ehci.mod* elf.mod* exfat.mod* ext2.mod* fat.mod* http.mod* iso9660.mod* linux.mod* loopback.mod* lsacpi.mod* ls.mod* luks.mod* lvm.mod* mdraid09.mod* mdraid1x.mod* memdisk.mod* multiboot2.mod* net.mod* newc.mod* normal.mod* ntfscomp.mod* ntfs.mod* ohci.mod* part_gpt.mod* part_msdos.mod* password.mod* password_pbkdf2.mod* pata.mod* pci.mod* play.mod* png.mod* probe.mod* reboot.mod* squash4.mod* tar.mod* terminal.mod* terminfo.mod* tftp.mod* udf.mod* uhci.mod* usb_keyboard.mod*  usb.mod* vbe.mod* vga.mod* video_fb.mod* videoinfo.mod* video.mod* videotest.mod* #fixme: verify that all modules inside that are sufficent for booting.
 
+
../grub-mkimage -d . -O i386-coreboot -o ../../grub2.elf memdisk tar -m ../../memdisk.tar
In addition to the [http://grub.enbug.org/CommandList full list of available modules in upstream GRUB2] the coreboot version of GRUB2 also adds a few more custom modules.
+
 
+
=== Suggested modules ===
+
 
+
We suggest that you use the following modules:
+
 
+
{| border="0" style="font-size: smaller" valign="top"
+
|- bgcolor="#6699dd"
+
! align="left" | Modules
+
! align="left" | Reason
+
 
+
|- bgcolor="#eeeeee" valign="top"
+
| serial, terminal, terminfo
+
| serial console support
+
 
+
|- bgcolor="#dddddd" valign="top"
+
| coreboot
+
| change to console automatically
+
 
+
|- bgcolor="#eeeeee" valign="top"
+
| digest
+
| crypto (incl. signature checking)
+
 
+
|- bgcolor="#dddddd" valign="top"
+
| memdisk, lar or cpio
+
| filesystem in rom
+
 
+
|}
+
 
+
During development, we used the following list of modules:
+
 
+
  coreboot hello cat cmp fat iso9660 help lspci lsusb serial terminal lar terminfo memdisk atadisk ls
+
configfile boot hexdump digest linux multiboot pc
+
 
+
=== Modules specific to coreboot ===
+
 
+
The following modules are specific to coreboot, or to the coreboot version of GRUB2:
+
 
+
{| border="0" style="font-size: smaller" valign="top"
+
|- bgcolor="#6699dd"
+
! align="left" | Module name
+
! align="left" | Description
+
 
+
|- bgcolor="#eeeeee" valign="top"
+
| atadisk
+
| ATA disk driver based on the OpenBIOS driver
+
 
+
|- bgcolor="#dddddd" valign="top"
+
| coreboot
+
| load serial console information from coreboot table
+
 
+
|- bgcolor="#eeeeee" valign="top"
+
| lar
+
| archive format ("filesystem") driver for LAR files (such as coreboot v3 images)
+
 
+
|- bgcolor="#dddddd" valign="top"
+
| lsusb
+
| in the .usb branch, provides an uhci driver and usb storage support. highly experimental at this time
+
 
+
|}
+
 
+
=== Building a diskimage ===
+
 
+
If you are using coreboot v2, the firmware image is not a LAR archive, as in coreboot v3. If you want to place files in the coreboot+grub2 image, you can still create a diskimage and include it in your payload.
+
 
+
# create a lar/cpio/tar file (cpio must be gnu cpio. files created by other cpios might not be compatible)
+
# add <code>-m lar/cpio-file</code> to your grub-mkimage command line
+
 
+
Per default GRUB2 looks for a configuration file [http://grub.enbug.org/grub.cfg grub.cfg] in the disk image. The path is
+
(memdisk)/grub.cfg
+
 
+
== Checking Signatures ==
+
 
+
Currently the tools for crypto signature verification are not built automatically. To build them, run
+
 
+
$ cd libs/sigtools
+
$ make
+
 
+
=== Using sigtools ===
+
 
+
Create a key pair filename.pub and filename.sec with
+
 
+
$ genkeypair filename
+
 
+
Create a signature of candidate using keyfile.sec and save it as candidate.sig:
+
 
+
$ gensig keyfile candidate
+
 
+
=== Verification in GRUB2 ===
+
 
+
Load /key.pub as public key and block access to all unsigned files with
+
 
+
$ load-pubkey /key.pub
+
 
+
Verify foo using the signature foo.sig, reporting success or failure and grant access to the file foo with:
+
 
+
$ validate /foo /foo.sig
+
 
+
Example:
+
 
+
multiboot grub-invaders # fails
+
validate grub-invaders grub-invaders.sig
+
multiboot grub-invaders # this time it succeeds
+
 
+
== Hints and Tricks ==
+
 
+
=== Loading grub.cfg from disk ===
+
 
+
It is suggested that grub.cfg is contained in a memdisk/lar image. This grub.cfg can be used to load other configuration files from any mass storage media. If you want to load a grub.cfg from the first device that contains one, your in-flash grub.cfg can look like this:
+
 
+
search -f -s /grub.cfg
+
  configfile /grub.cfg
+
 
+
 
+
== To Do ==
+
 
+
* Mainstream GRUB2's grub-mkimage needs to put the program headers right after the ELF header ([http://www.mail-archive.com/grub-devel@gnu.org/msg03547.html Fix available]).
+
* USB stack integration (in progress).
+
* See more information in the "[http://tracker.coreboot.org/trac/coreboot/milestone/Port%20GRUB2%20to%20coreboot Porting GRUB2 to coreboot]" milestone in the coreboot issue tracker.
+
 
+
== History ==
+
 
+
[[User:PatrickGeorgi|Patrick Georgi]] has been working on GRUB2 for coreboot during the Google Summer of Code 2007. He made an [http://coreboot.org/~oxygene/lbgrub2-20070820-1.tar.bz2 original code submission] on August 20th 2007. Please read [http://coreboot.org/~oxygene/lbgrub2-instructions.txt GRUB2 on coreboot instructions] for information on how to use it.
+
 
+
This work was subsequently rejected by the GRUB project, and was eventually re-implemented by Robert Millan, one of the GRUB project members. The re-implementation lacks a couple of fundamental features. From this new base, more work was done.
+
 
+
== How to help? ==
+
 
+
Contact [mailto:stepan@coresystems.de Stefan Reinauer], [mailto:oxygene@coresystems.de Patrick Georgi] or the [[Mailinglist|coreboot mailing list]] for more information.
+

Revision as of 15:36, 26 November 2012

GRUB2 is a modular, multiboot-capable bootloader for many operating systems that can be used as a payload for coreboot.


Status

  • The mainline version of GRUB2 has a wiki page on the coreboot port (Update: no longer available)
  • Additional information about our former GRUB2 effort (which was part of Google Summer of Code 2007) can be found in the history of this page. Don't expect any link there to work.
  • As an alternative, you could consider using FILO. Both FILO and GRUB2 have various advantages and disadvantages. Which of the two is better suited depends on your requirements.
  • Yet another alternative is to not put GRUB into the BIOS ROM, but have it run from your disk as you would with a vendor BIOS. For that, you can use SeaBIOS as payload, which will then be able to run either GRUB1 or GRUB2 from your disk.


Compiling GRUB2 for being use as a payload (WIP HOWTO)

See Talk:GRUB2 and here for more details.

Compiling

bzr branch http://bzr.savannah.gnu.org/r/grub/trunk/grub
cd grub
./autogen.sh
./configure --with-platform=coreboot
make

combining with coreboot

cd grub-core
tar cvjpf ../../memdisk.tar acpi.mod* ahci.mod* all_video.mod* ata.mod* at_keyboard.mod*  boot* cat.mod* chain.mod* efiemu.mod* ehci.mod* elf.mod* exfat.mod* ext2.mod* fat.mod* http.mod* iso9660.mod* linux.mod* loopback.mod* lsacpi.mod* ls.mod* luks.mod* lvm.mod* mdraid09.mod* mdraid1x.mod* memdisk.mod* multiboot2.mod* net.mod* newc.mod* normal.mod* ntfscomp.mod* ntfs.mod* ohci.mod* part_gpt.mod* part_msdos.mod* password.mod* password_pbkdf2.mod* pata.mod* pci.mod* play.mod* png.mod* probe.mod* reboot.mod* squash4.mod* tar.mod* terminal.mod* terminfo.mod* tftp.mod* udf.mod*  uhci.mod* usb_keyboard.mod*  usb.mod* vbe.mod* vga.mod* video_fb.mod* videoinfo.mod* video.mod* videotest.mod* #fixme: verify that all modules inside that are sufficent for booting.
../grub-mkimage -d . -O i386-coreboot -o ../../grub2.elf memdisk tar -m ../../memdisk.tar