4 things you didn’t know about Grub

Hello! Today we expose 4 things you didn’t know about GRUB useful that you didn’t know. With these four points you will be able to solve some of the most common problems. Let’s get started:

1. New entries can be added from other systems on your hard disk.

When you install Linux on a machine with multiple operating systems, sometimes these other systems are not detected. This can be solved by adding the GRUB menu entry of the operating system that is not listed.

4 cosas que no sabías sobre Grub

In this case there is an entry for the Windows system under the Linux entries.  If we want to do this we only have to do one thing, insert the following in the file “/boot/grub/grub.cfg”:

### BEGIN /etc/grub.d/30_os-prober ###
menuentry 'Windows 10 (en /dev/sdb1)' --class windows --class os $menuentry_id_option 'osprober-chain-7EA0E3B659836131' {
	insmod part_msdos
	insmod ntfs
	set root='hd1,msdos1'
	if [ x$feature_platform_search_hint = xy ]; then
	  search --no-floppy --fs-uuid --set=root --hint-bios=hd1,msdos1 --hint-efi=hd1,msdos1 --hint-baremetal=ahci1,msdos1  7EA0E3B659836131
	  search --no-floppy --fs-uuid --set=root 7EA0E3B659836131
	parttool ${root} hidden-
	drivemap -s (hd0) ${root}
	chainloader +1

Where you have to define the disk (in this case it was /dev/sdb1) and you have to define the UUID of the disk (sdb1 in this case has 7EA0E3B659836131), also you have to define the disk number and partition, for example “hd1,msdos1”, where hd1 is disk 2 (starts from hd0), and msdos1 is partition 1 of the disk.

2. You can navigate through the operating system from GRUB.

You can navigate and interact with the system files from grub by pressing the “e” key in the GRUB menu before the system loads.

centos7 grub

Once the “e” key is pressed, the GRUB menu entries are displayed:

centos7 listado grub

Then press “F2”:

centos7 cli grub


centos7 grub hd ls files

You can navigate through the system files (in this case it is LVM and that is why you can only see /boot when doing ls). The commands that allow us to move through the file system from the GRUB console are:

  • ls: Allows us to list the contents in the same way as in a unix/linux system. You can also use “ls -al” or “ls -l”, if used without indicating the directory it will list the available disks and their partitions for example: (hd0) (hd0,1) (hd0,2). If you indicate the disk or a partition followed by “/”, for example “ls -l (hd0,1)/” it will list the content as you can see in the previous image.
  • cat file: Allows you to read a file as you would on a unix/linux system.

Unfortunately it is not possible to edit files from this console, but you can boot the system choosing partition, kernel etc (although it is not in the menu) and edit it once the system is booted.

3. GRUB can be password-protected

To secure the GRUB menu in RHEL/Centos 7 & 7.1 the first thing to do is to generate the encrypted password with the command “grub2-mkpasswd-pbkdf2” as you can see in:


To secure the boot you must enter the following in the file: “/etc/grub2/01_users”.

set superusers=”user
password_pbkdf2 john grub.pbkdf2.sha512.EL-HASH-DEL-RESULT-ANTERIOR

This time we will set the root user with the above hash:

grub2-mkpasswd-pbkdf2 grub users

After doing this, run “grub2-mkconfig -o /boot/grub2/grub.cfg”.


Now we restart and press the “e” key to enter the GRUB command line, we will see that it asks for a password:

grub password

In case the system is RHEL/Centos 7.2 the process changes a bit, first, run the following commands as “root”:

  1. “grub2-setpassword”: Enter the password and copy the resulting hash.
  2. The Hash for the created password has to be entered in /boot/grub/user.cfg and the user “root” is defined in /boot/grub2/grub.cfg.
  3. Run grub2-mkconfig -o /boot/grub2/grub.cfg
  4. Reboot and check that it asks for a password

In case the system is RHEL/Centos 5 or 6 the process also changes:

  1. “grub-md5-crypt: Enter the password and copy the resulting hash.
  2. Open “/boot/grub/grub.con” and enter in the boot line: password -md5 “HASH CREATED”.
  3. Reboot and check that it asks for a password

4. Many of the boot problems can be solved from within GRUB

Sometimes a system upgrade, software installation or a specific change can “break” the GRUB boot. This can usually be solved by doing boot tests from the grub CLI, before getting to boot and modifying the menu from the system.

As mentioned before, from the GRUB CLI you can list the disks and partitions with the “ls ” command:

grub> ls
(hd0) (hd0,msdos2) (hd0,msdos1)

And by passing the disk and partition followed by “/” as a parameter to the ls command, you can list the files on the partition

grub> ls (hd0,1)/
lost+found/ bin/ boot/ cdrom/ dev/ etc/ home/ lib/
lib64/ media/ mnt/ opt/ proc/ root/ run/ sbin/
srv/ sys/ tmp/ usr/ var/ vmlinuz vmlinuz.old
initrd.img initrd.img.old

We can see the file that indicates the operating system in a linux, this is useful if we have several linux systems to boot, to identify the system:

grub> cat (hd0,1)/etc/issue
Ubuntu 18.04 LTS \n \l


Booting from GRUB CLI:

The first thing is to verify which versions kernel, vmlinux and initrd.img, to boot correctly these three files have to be of the same version. Once the version is chosen, we set the root in the corresponding disk and partition (set root=xxx). Then we set the linux kernel with “linux /boot/vmlinuzXXX root=/dev/YYYYY” where XXX is the version and YYY is the disk and partition that will have the root of the system. We also set the initrd.img with “initrd /boot/initrd.imgXXX”. Now we only have to boot with these parameters using the “boot” command:

grub> set root=(hd0,1)
grub> linux /boot/vmlinuz-3.13.0-29-generic root=/dev/sda1
grub> initrd /boot/initrd.img-3.13.0-29-generic
grub> boot

To see the available versions of the kernel and initrd files just run ls -l on the system root and /boot:

$ ls -l (hd0,1)/
vmlinuz -> boot/vmlinuz-3.13.0-29-generic
initrd.img -> boot/initrd.img-3.13.0-29-generic

To start in rescue mode:

grub> set root=(hd0,1)
grub> linux /vmlinuz root=/dev/sda1
grub> initrd /initrd.img
grub> boot
Booting From grub-rescue>

If you are in the rescue GRUB the commands are different, and you have to load the normal.mod and linux.mod modules:

grub rescue> set prefix=(hd0,1)/boot/grub
grub rescue> set root=(hd0,1)
grub rescue> insmod normal
grub rescue> normal
grub rescue> insmod linux
grub rescue> linux /boot/vmlinuz-3.13.0-29-generic root=/dev/sda1
grub rescue> initrd /boot/initrd.img-3.13.0-29-generic
grub rescue> boot

And with this we could now access the system to correct the GRUB boot and make it load the appropriate versions.

That’s all for today.

If you liked it share on your social networks and/or leave a comment.

See you soon!

Leave a Reply