- Grub gfxpayload linux keep
- GRUB/Tips and tricks
- Contents
- Alternative installation methods
- Install to external USB stick
- Install to partition or partitionless disk
- Generate core.img alone
- GUI configuration tools
- Visual configuration
- Setting the framebuffer resolution
- 915resolution hack
- Background image and bitmap fonts
- Theme
- Menu colors
- Hidden menu
- Disable framebuffer
- Booting ISO9660 image file directly via GRUB
- Password protection of GRUB menu
- Password protection of GRUB edit and console options only
- Hide GRUB unless the Shift key is held down
- Combining the use of UUIDs and basic scripting
- Multiple entries
- Disable submenu
- Recall previous entry
- Changing the default menu entry
- Boot non-default entry only once
- Play a tune
- Manual configuration of core image for early boot
- UEFI further reading
- Alternative install method
- UEFI firmware workaround
- GRUB standalone
- Technical information
- Speeding up LUKS decryption in GRUB
Grub gfxpayload linux keep
The program grub-mkconfig (see Invoking grub-mkconfig) generates grub.cfg files suitable for most cases. It is suitable for use when upgrading a distribution, and will discover available kernels and attempt to generate menu entries for them.
grub-mkconfig does have some limitations. While adding extra custom menu entries to the end of the list can be done by editing /etc/grub.d/40_custom or creating /boot/grub/custom.cfg , changing the order of menu entries or changing their titles may require making complex changes to shell scripts stored in /etc/grub.d/ . This may be improved in the future. In the meantime, those who feel that it would be easier to write grub.cfg directly are encouraged to do so (see Booting, and Shell-like scripting), and to disable any system provided by their distribution to automatically run grub-mkconfig .
The file /etc/default/grub controls the operation of grub-mkconfig . It is sourced by a shell script, and so must be valid POSIX shell input; normally, it will just be a sequence of ‘ KEY=value ’ lines, but if the value contains spaces or other special characters then it must be quoted. For example:
Valid keys in /etc/default/grub are as follows:
The default menu entry. This may be a number, in which case it identifies the Nth entry in the generated menu counted from zero, or the title of a menu entry, or the special string ‘ saved ’. Using the id may be useful if you want to set a menu entry as the default even though there may be a variable number of entries before it.
For example, if you have:
then you can make this the default using:
Previously it was documented the way to use entry title. While this still works it’s not recommended since titles often contain unstable device names and may be translated
If you set this to ‘ saved ’, then the default menu entry will be that saved by ‘ GRUB_SAVEDEFAULT ’ or grub-set-default . This relies on the environment block, which may not be available in all situations (see Environment block).
The default is ‘ 0 ’.
If this option is set to ‘ true ’, then, when an entry is selected, save it as a new default entry for use by future runs of GRUB. This is only useful if ‘ GRUB_DEFAULT=saved ’; it is a separate option because ‘ GRUB_DEFAULT=saved ’ is useful without this option, in conjunction with grub-set-default . Unset by default. This option relies on the environment block, which may not be available in all situations (see Environment block).
Boot the default entry this many seconds after the menu is displayed, unless a key is pressed. The default is ‘ 5 ’. Set to ‘ 0 ’ to boot immediately without displaying the menu, or to ‘ -1 ’ to wait indefinitely.
If ‘ GRUB_TIMEOUT_STYLE ’ is set to ‘ countdown ’ or ‘ hidden ’, the timeout is instead counted before the menu is displayed.
If this option is unset or set to ‘ menu ’, then GRUB will display the menu and then wait for the timeout set by ‘ GRUB_TIMEOUT ’ to expire before booting the default entry. Pressing a key interrupts the timeout.
If this option is set to ‘ countdown ’ or ‘ hidden ’, then, before displaying the menu, GRUB will wait for the timeout set by ‘ GRUB_TIMEOUT ’ to expire. If ESC or F4 are pressed, or SHIFT is held down during that time, it will display the menu and wait for input. If a hotkey associated with a menu entry is pressed, it will boot the associated menu entry immediately. If the timeout expires before either of these happens, it will boot the default entry. In the ‘ countdown ’ case, it will show a one-line indication of the remaining time.
‘ GRUB_DEFAULT_BUTTON ’ ‘ GRUB_TIMEOUT_BUTTON ’ ‘ GRUB_TIMEOUT_STYLE_BUTTON ’ ‘ GRUB_BUTTON_CMOS_ADDRESS ’
Variants of the corresponding variables without the ‘ _BUTTON ’ suffix, used to support vendor-specific power buttons. See Vendor power-on keys.
Set by distributors of GRUB to their identifying name. This is used to generate more informative menu entry titles.
Select the terminal input device. You may select multiple devices here, separated by spaces.
Valid terminal input names depend on the platform, but may include ‘ console ’ (native platform console), ‘ serial ’ (serial terminal), ‘ serial_
’ (serial terminal with explicit port selection), ‘ at_keyboard ’ (PC AT keyboard), or ‘ usb_keyboard ’ (USB keyboard using the HID Boot Protocol, for cases where the firmware does not handle this).
The default is to use the platform’s native terminal input.
Select the terminal output device. You may select multiple devices here, separated by spaces.
Valid terminal output names depend on the platform, but may include ‘ console ’ (native platform console), ‘ serial ’ (serial terminal), ‘ serial_
’ (serial terminal with explicit port selection), ‘ gfxterm ’ (graphics-mode output), ‘ vga_text ’ (VGA text output), ‘ mda_text ’ (MDA text output), ‘ morse ’ (Morse-coding using system beeper) or ‘ spkmodem ’ (simple data protocol using system speaker).
‘ spkmodem ’ is useful when no serial port is available. Connect the output of sending system (where GRUB is running) to line-in of receiving system (usually developer machine). On receiving system compile ‘ spkmodem-recv ’ from ‘ util/spkmodem-recv.c ’ and run:
The default is to use the platform’s native terminal output.
If this option is set, it overrides both ‘ GRUB_TERMINAL_INPUT ’ and ‘ GRUB_TERMINAL_OUTPUT ’ to the same value.
A command to configure the serial port when using the serial console. See serial. Defaults to ‘ serial ’.
Command-line arguments to add to menu entries for the Linux kernel.
Unless ‘ GRUB_DISABLE_RECOVERY ’ is set to ‘ true ’, two menu entries will be generated for each Linux kernel: one default entry and one entry for recovery mode. This option lists command-line arguments to add only to the default menu entry, after those listed in ‘ GRUB_CMDLINE_LINUX ’.
As ‘ GRUB_CMDLINE_LINUX ’ and ‘ GRUB_CMDLINE_LINUX_DEFAULT ’, but for NetBSD.
As ‘ GRUB_CMDLINE_LINUX ’, but for GNU Mach.
The values of these options are passed to Xen hypervisor Xen menu entries, for all respectively normal entries.
The values of these options replace the values of ‘ GRUB_CMDLINE_LINUX ’ and ‘ GRUB_CMDLINE_LINUX_DEFAULT ’ for Linux and Xen menu entries.
List of space-separated early initrd images to be loaded from ‘ /boot ’. This is for loading things like CPU microcode, firmware, ACPI tables, crypto keys, and so on. These early images will be loaded in the order declared, and all will be loaded before the actual functional initrd image.
‘ GRUB_EARLY_INITRD_LINUX_STOCK ’ is for your distribution to declare images that are provided by the distribution. It should not be modified without understanding the consequences. They will be loaded first.
‘ GRUB_EARLY_INITRD_LINUX_CUSTOM ’ is for your custom created images.
The default stock images are as follows, though they may be overridden by your distribution:
Normally, grub-mkconfig will generate menu entries that use universally-unique identifiers (UUIDs) to identify the root filesystem to the Linux kernel, using a ‘ root=UUID=. ’ kernel parameter. This is usually more reliable, but in some cases it may not be appropriate. To disable the use of UUIDs, set this option to ‘ true ’.
If grub-mkconfig cannot identify the root filesystem via its universally-unique indentifier (UUID), grub-mkconfig can use the UUID of the partition containing the filesystem to identify the root filesystem to the Linux kernel via a ‘ root=PARTUUID=. ’ kernel parameter. This is not as reliable as using the filesystem UUID, but is more reliable than using the Linux device names. When ‘ GRUB_DISABLE_LINUX_PARTUUID ’ is set to ‘ false ’, the Linux kernel version must be 2.6.37 (3.10 for systems using the MSDOS partition scheme) or newer. This option defaults to ‘ true ’. To enable the use of partition UUIDs, set this option to ‘ false ’.
If this option is set to ‘ true ’, disable the generation of recovery mode menu entries.
Normally, grub-mkconfig will generate menu entries that use universally-unique identifiers (UUIDs) to identify various filesystems to search for files. This is usually more reliable, but in some cases it may not be appropriate. To disable this use of UUIDs, set this option to ‘ true ’. Setting this option to ‘ true ’, will also set the options ‘ GRUB_DISABLE_LINUX_UUID ’ and ‘ GRUB_DISABLE_LINUX_PARTUUID ’ to ‘ true ’, unless they have been explicilty set to ‘ false ’.
If graphical video support is required, either because the ‘ gfxterm ’ graphical terminal is in use or because ‘ GRUB_GFXPAYLOAD_LINUX ’ is set, then grub-mkconfig will normally load all available GRUB video drivers and use the one most appropriate for your hardware. If you need to override this for some reason, then you can set this option.
After grub-install has been run, the available video drivers are listed in /boot/grub/video.lst .
Set the resolution used on the ‘ gfxterm ’ graphical terminal. Note that you can only use modes which your graphics card supports via VESA BIOS Extensions (VBE), so for example native LCD panel resolutions may not be available. The default is ‘ auto ’, which tries to select a preferred resolution. See gfxmode.
Set a background image for use with the ‘ gfxterm ’ graphical terminal. The value of this option must be a file readable by GRUB at boot time, and it must end with .png , .tga , .jpg , or .jpeg . The image will be scaled if necessary to fit the screen.
Set a theme for use with the ‘ gfxterm ’ graphical terminal.
Set to ‘ text ’ to force the Linux kernel to boot in normal text mode, ‘ keep ’ to preserve the graphics mode set using ‘ GRUB_GFXMODE ’, ‘ width x height ’[‘ x depth ’] to set a particular graphics mode, or a sequence of these separated by commas or semicolons to try several modes in sequence. See gfxpayload.
Depending on your kernel, your distribution, your graphics card, and the phase of the moon, note that using this option may cause GNU/Linux to suffer from various display problems, particularly during the early part of the boot sequence. If you have problems, set this option to ‘ text ’ and GRUB will tell Linux to boot in normal text mode.
The grub-mkconfig has a feature to use the external os-prober program to discover other operating systems installed on the same machine and generate appropriate menu entries for them. It is disabled by default since automatic and silent execution of os-prober , and creating boot entries based on that data, is a potential attack vector. Set this option to ‘ false ’ to enable this feature in the grub-mkconfig command.
List of space-separated FS UUIDs of filesystems to be ignored from os-prober output. For efi chainloaders it’s @
Normally, grub-mkconfig will generate top level menu entry for the kernel with highest version number and put all other found kernels or alternative menu entries for recovery mode in submenu. For entries returned by os-prober first entry will be put on top level and all others in submenu. If this option is set to ‘ true ’, flat menu with all entries on top level will be generated instead. Changing this option will require changing existing values of ‘ GRUB_DEFAULT ’, ‘ fallback ’ (see fallback) and ‘ default ’ (see default) environment variables as well as saved default entry using grub-set-default and value used with grub-reboot .
If set to ‘ y ’, grub-mkconfig and grub-install will check for encrypted disks and generate additional commands needed to access them during boot. Note that in this case unattended boot is not possible because GRUB will wait for passphrase to unlock encrypted container.
Play a tune on the speaker when GRUB starts. This is particularly useful for users unable to see the screen. The value of this option is passed directly to play.
If this option is set, GRUB will issue a badram command to filter out specified regions of RAM.
This option may be set to a list of GRUB module names separated by spaces. Each module will be loaded as early as possible, at the start of grub.cfg .
The following options are still accepted for compatibility with existing configurations, but have better replacements:
Wait this many seconds before displaying the menu. If ESC or F4 are pressed, or SHIFT is held down during that time, display the menu and wait for input according to ‘ GRUB_TIMEOUT ’. If a hotkey associated with a menu entry is pressed, boot the associated menu entry immediately. If the timeout expires before either of these happens, display the menu for the number of seconds specified in ‘ GRUB_TIMEOUT ’ before booting the default entry.
If you set ‘ GRUB_HIDDEN_TIMEOUT ’, you should also set ‘ GRUB_TIMEOUT=0 ’ so that the menu is not displayed at all unless ESC or F4 are pressed, or SHIFT is held down.
This option is unset by default, and is deprecated in favour of the less confusing ‘ GRUB_TIMEOUT_STYLE=countdown ’ or ‘ GRUB_TIMEOUT_STYLE=hidden ’.
In conjunction with ‘ GRUB_HIDDEN_TIMEOUT ’, set this to ‘ true ’ to suppress the verbose countdown while waiting for a key to be pressed before displaying the menu.
This option is unset by default, and is deprecated in favour of the less confusing ‘ GRUB_TIMEOUT_STYLE=countdown ’.
Variant of ‘ GRUB_HIDDEN_TIMEOUT ’, used to support vendor-specific power buttons. See Vendor power-on keys.
This option is unset by default, and is deprecated in favour of the less confusing ‘ GRUB_TIMEOUT_STYLE=countdown ’ or ‘ GRUB_TIMEOUT_STYLE=hidden ’.
Источник
GRUB/Tips and tricks
Contents
Alternative installation methods
Install to external USB stick
Assume your USB stick’s first partition is FAT32 and its partition is /dev/sdy1
Optionally backup configuration files of grub.cfg :
To have grub write its EFI image to esp/EFI/BOOT/BOOTX64.efi , which the boot firmware will be able to find without any UEFI boot entry, use —removable when you run grub-install .
Install to partition or partitionless disk
To set up grub to a partition boot sector, to a partitionless disk (also called superfloppy) or to a floppy disk, run (using for example /dev/sdaX as the /boot partition):
You need to use the —force option to allow usage of blocklists and should not use —grub-setup=/bin/true (which is similar to simply generating core.img ).
grub-install will give out warnings like which should give you the idea of what might go wrong with this approach:
Without —force you may get the below error and grub-setup will not setup its boot code in the partition boot sector:
With —force you should get:
The reason why grub-setup does not by default allow this is because in case of partition or a partitionless disk is that GRUB relies on embedded blocklists in the partition bootsector to locate the /boot/grub/i386-pc/core.img file and the prefix directory /boot/grub . The sector locations of core.img may change whenever the file system in the partition is being altered (files copied, deleted etc.). For more info, see https://bugzilla.redhat.com/show_bug.cgi?id=728742 and https://bugzilla.redhat.com/show_bug.cgi?id=730915.
The workaround for this is to set the immutable flag on /boot/grub/i386-pc/core.img (using chattr command as mentioned above) so that the sector locations of the core.img file in the disk is not altered. The immutable flag on /boot/grub/i386-pc/core.img needs to be set only if GRUB is installed to a partition boot sector or a partitionless disk, not in case of installation to MBR or simple generation of core.img without embedding any bootsector (mentioned above).
Unfortunately, the grub.cfg file that is created will not contain the proper UUID in order to boot, even if it reports no errors. see https://bbs.archlinux.org/viewtopic.php?pid=1294604#p1294604. In order to fix this issue the following commands:
Now, install linux , then:
Generate core.img alone
To populate the /boot/grub directory and generate a /boot/grub/i386-pc/core.img file without embedding any GRUB bootsector code in the MBR, post-MBR region, or the partition bootsector, add —grub-setup=/bin/true to grub-install :
You can then chainload GRUB’s core.img from GRUB Legacy or syslinux as a Linux kernel or as a multiboot kernel (see also Syslinux#Chainloading).
GUI configuration tools
- grub-customizer — GTK customizer for GRUB or BURG
https://launchpad.net/grub-customizer || grub-customizer
Visual configuration
In GRUB it is possible, by default, to change the look of the menu. Make sure to initialize, if not done already, GRUB graphical terminal, gfxterm, with proper video mode, gfxmode, in GRUB. This video mode is passed by GRUB to the linux kernel via ‘gfxpayload’ so any visual configurations need this mode in order to be in effect.
Setting the framebuffer resolution
GRUB can set the framebuffer for both GRUB itself and the kernel. The old vga= way is deprecated. The preferred method is editing /etc/default/grub as the following sample to set width (pixels) x height (pixels) x color depth:
Multiple resolutions can be specified, including the default auto , so it is recommended that you edit the line to resemble GRUB_GFXMODE=desired_resolution,fallback_such_as_1024x768,auto . For more information, refer to the GRUB gfxmode documentation. The gfxpayload property will make sure the kernel keeps the resolution.
If this method does not work for you, the deprecated vga= method will still work. Just add it next to the «GRUB_CMDLINE_LINUX_DEFAULT=» line in /etc/default/grub for example: «GRUB_CMDLINE_LINUX_DEFAULT=»quiet splash vga=792» will give you a 1024×768 resolution.
915resolution hack
Sometimes for Intel graphic adapters neither # hwinfo —framebuffer nor videoinfo will show you the desired resolution. In this case you can use the 915resolution hack. This hack will temporarily modify video BIOS and add needed resolution. See 915resolution’s home page. The package can be found here: 915resolution AUR
First you need to find a video mode which will be modified later. For that we need the GRUB command shell:
Next, we overwrite the Mode 30 with 1440×900 resolution:
Lastly we need to set GRUB_GFXMODE as described earlier, regenerate grub.cfg and reboot to test changes.
Background image and bitmap fonts
GRUB comes with support for background images and bitmap fonts in pf2 format. The unifont font is included in the grub package under the filename unicode.pf2 , or, as only ASCII characters under the name ascii.pf2 . Run pacman -Ql grub | grep pf2 to get the file paths.
Image formats supported include tga, png and jpeg, providing the correct modules are loaded. The maximum supported resolution depends on your hardware.
Make sure you have set up the proper framebuffer resolution.
Edit /etc/default/grub like this:
Re-generate grub.cfg to apply the changes. If adding the splash image was successful, the user will see «Found background image. » in the terminal as the command is executed. If this phrase is not seen, the image information was probably not incorporated into the grub.cfg file.
If the image is not displayed, check:
- The path and the filename in /etc/default/grub are correct
- The image is of the proper size and format (tga, png, 8-bit jpg)
- The image was saved in the RGB mode, and is not indexed
- The console mode is not enabled in /etc/default/grub
- The command grub-mkconfig must be executed to place the background image information into the /boot/grub/grub.cfg file
- The grub-mkconfig scripts will not quote the file name in grub.cfg so make sure it does not contain spaces
Theme
Here is an example for configuring Starfield theme which was included in GRUB package.
Re-generate grub.cfg to apply the changes. If configuring the theme was successful, you will see Found theme: /usr/share/grub/themes/starfield/theme.txt in the terminal.
Your splash image will usually not be displayed when using a theme.
Menu colors
You can set the menu colors in GRUB. The available colors for GRUB can be found in the GRUB Manual. Here is an example:
Hidden menu
One of the unique features of GRUB is hiding/skipping the menu and showing it by holding Esc when needed. You can also adjust whether you want to see the timeout counter.
Edit /etc/default/grub as you wish. Here are the lines you need to add to enable this feature, the timeout has been set to five seconds and to be shown to the user:
GRUB_TIMEOUT is how many seconds before displaying menu.
Disable framebuffer
Users who use NVIDIA proprietary driver might wish to disable GRUB’s framebuffer as it can cause problems with the binary driver.
To disable framebuffer, edit /etc/default/grub and uncomment the following line:
Another option if you want to keep the framebuffer in GRUB is to revert to text mode just before starting the kernel. To do that modify the variable in /etc/default/grub :
Booting ISO9660 image file directly via GRUB
GRUB supports booting from ISO images directly via loopback devices, see Multiboot USB drive#Using GRUB and loopback devices for examples.
Password protection of GRUB menu
If you want to secure GRUB so it is not possible for anyone to change boot parameters or use the command line, you can add a user/password combination to GRUB’s configuration files. To do this, run the command grub-mkpasswd-pbkdf2 . Enter a password and confirm it:
Then, adjust permissions on /etc/grub.d/40_custom such that only root can read it and add the following to this file:
where password is the string generated by grub-mkpasswd_pbkdf2 .
Regenerate your configuration file. Your GRUB command line, boot parameters and all boot entries are now protected.
This can be relaxed and further customized with more users as described in the «Security» part of the GRUB manual.
Password protection of GRUB edit and console options only
Adding —unrestricted to a menu entry will allow any user to boot the OS while preventing the user from editing the entry and preventing access to the grub command console. Only a superuser or users specified with the —user switch will be able to edit the menu entry.
The factual accuracy of this article or section is disputed.
In order to make Linux entries —unrestricted , the CLASS variable in the beginning of /etc/grub.d/10_linux can be modified.
Hide GRUB unless the Shift key is held down
In order to achieve the fastest possible boot, instead of having GRUB wait for a timeout, it is possible for GRUB to hide the menu, unless the Shift key is held down during GRUB’s start-up.
In order to achieve this, you should add the following line to /etc/default/grub :
Then create the file /etc/grub.d/31_hold_shift containing [1], make it exectuable, and regenerate the grub configuration:
Combining the use of UUIDs and basic scripting
If you like the idea of using UUIDs to avoid unreliable BIOS mappings or are struggling with GRUB’s syntax, here is an example boot menu item that uses UUIDs and a small script to direct GRUB to the proper disk partitions for your system. All you need to do is replace the UUIDs in the sample with the correct UUIDs for your system. The example applies to a system with a boot and root partition. You will obviously need to modify the GRUB configuration if you have additional partitions:
Multiple entries
Disable submenu
If you have multiple kernels installed, say linux and linux-lts, by default grub-mkconfig groups them in a submenu. If you do not like this behaviour you can go back to one single menu by adding the following line to /etc/default/grub :
Recall previous entry
GRUB can remember the last entry you booted from and use this as the default entry to boot from next time. This is useful if you have multiple kernels (i.e., the current Arch one and the LTS kernel as a fallback option) or operating systems. To do this, edit /etc/default/grub and change the value of GRUB_DEFAULT :
This ensures that GRUB will default to the saved entry. To enable saving the selected entry, add the following line to /etc/default/grub :
This will only work if /boot is not a btrfs, because grub cannot write to btrfs. But it will generate a misleading error message: «sparse file not allowed. Press any key to continue.».
Changing the default menu entry
To change the default selected entry, edit /etc/default/grub and change the value of GRUB_DEFAULT :
Using menu titles :
Grub identifies entries in generated menu counted from zero. That means 0 for the first entry which is the default value, 1 for the second and so on. Main and submenu entries are separated by a > .
The example above boots the third entry from the main menu ‘Advanced options for Arch Linux’.
Boot non-default entry only once
The command grub-reboot is very helpful to boot another entry than the default only once. GRUB loads the entry passed in the first command line argument, when the system is rebooted the next time. Most importantly GRUB returns to loading the default entry for all future booting. Changing the configuration file or selecting an entry in the GRUB menu is not necessary.
Play a tune
You can play a tune through the PC-speaker while booting (right before the menu appears) by modifying the variable GRUB_INIT_TUNE . For example, to play Berlioz’s extract from Sabbath Night of Symphonie Fantastique (bassoon part) you can add the following:
This section is being considered for removal.
You can add a menu entry to play each of these common GRUB_INIT_TUNE samples by creating the following file and then re-running grub-mkconfig .
For information on this, you can look at info grub -n play .
Manual configuration of core image for early boot
If you require a special keymap or other complex steps that GRUB is not able to configure automatically in order to make /boot available to the GRUB environment, you can generate a core image yourself. On UEFI systems, the core image is the grubx64.efi file that is loaded by the firmware on boot. Building your own core image will allow you to embed any modules required for very early boot, as well as a configuration script to bootstrap GRUB.
Firstly, taking as an example a requirement for the dvorak keymap embedded in early-boot in order to enter a password for an encrypted /boot on a UEFI system:
Determine from the generated /boot/grub/grub.cfg file what modules are required in order to mount the crypted /boot . For instance, under your menuentry you should see lines similar to:
Take note of all of those modules: they will need to be included in the core image. Now, create a tarball containing your keymap. This will be bundled in the core image as a memdisk:
Now create a configuration file to be used in the GRUB core image. This is in the same format as your regular grub config, but need contain only a few lines to find and load the main config file on the /boot partition:
Finally, generate the core image, listing all of the modules determined to be required in the generated grub.cfg , along with any modules used in the early-grub.cfg script. The example above needs memdisk , tar , at_keyboard , keylayouts and configfile .
The generated EFI core image can now be used in the same way as the image that is generated automatically by grub-install : place it in your EFI partition and enable it with efibootmgr , or configure as appropriate for your system firmware.
UEFI further reading
This article or section needs language, wiki syntax or style improvements. See Help:Style for reference.
Below is other relevant information regarding installing Arch via UEFI.
Alternative install method
This article or section needs expansion.
Usually, GRUB keeps all files, including configuration files, in /boot , regardless of where the EFI System Partition is mounted.
If you want to keep these files inside the EFI System Partition itself, add —boot-directory=esp to the grub-install command:
This puts all GRUB files in esp/grub , instead of in /boot/grub . When using this method, make sure you have grub-mkconfig put the configuration file in the same place:
Configuration is otherwise the same.
UEFI firmware workaround
GRUB standalone
This section assumes you are creating a standalone GRUB for x86_64 systems (x86_64-efi). For 32-bit (IA32) EFI systems, replace x86_64-efi with i386-efi where appropriate.
It is possible to create a grubx64_standalone.efi application which has all the modules embedded in a tar archive within the UEFI application, thus removing the need to have a separate directory populated with all of the GRUB UEFI modules and other related files. This is done using the grub-mkstandalone command (included in grub ) as follows:
Then copy the GRUB config file to esp/EFI/grub/grub.cfg and create a UEFI Boot Manager entry for esp/EFI/grub/grubx64_standalone.efi using efibootmgr.
Technical information
The GRUB EFI file always expects its config file to be at $
Due to this embedding of /boot/grub contents inside the standalone image itself, it does not rely on actual (external) /boot/grub for anything. Thus in case of standalone GRUB EFI file $
Hence to make sure the standalone GRUB EFI file reads the external grub.cfg located in the same directory as the EFI file (inside the GRUB environment, it is denoted by $
This way, the standalone GRUB EFI file and actual grub.cfg can be stored in any directory inside the EFI System Partition (as long as they are in the same directory), thus making them portable.
Speeding up LUKS decryption in GRUB
Upon boot GRUB may in some cases take a long time to verify the password. This can be due to a high PBKDF iteration count, which you can check as follows:
The problem is that the iteration count for a given keyslot is generated when the key is added to ensure a balance between being high enough to protect against brute force attacks and low enough to allow for fast key derivation by estimating the capabilities of your computer. However, when GRUB is started, it might not have the same computational resources at hand, thus being vastly slower.
If your password provides enough entropy to counter common attacks by itself, you can lower this number:
A minimum of 1000 iterations is recommended as per RFC 2898, but you should aim for higher values if you can (The cost for an attacker as well as the time for key derivation scale linearly).
Источник
