GRUB2: Difference between revisions

From coreboot
Jump to navigation Jump to search
(→‎History: revised, less controversial version)
No edit summary
Line 1: Line 1:
'''[http://grub.enbug.org/ GRUB2]''' is a modular, multiboot-capable bootloader for many operating systems.
'''[http://grub.enbug.org/ GRUB2]''' is a modular, multiboot-capable bootloader for many operating systems.


GRUB2 is an ideal payload for coreboot. It's modular, extensible, supports booting off filesystems, and it has a scriptable shell. Our goal is to replace the common coreboot payload [[FILO]] with a coreboot-capable version of GRUB2.
GRUB2 can be used as a payload for coreboot. It's modular, extensible, supports booting off filesystems, and it has a scriptable shell.


== Status ==
== Status ==

Revision as of 15:32, 5 September 2008

GRUB2 is a modular, multiboot-capable bootloader for many operating systems.

GRUB2 can be used as a payload for coreboot. It's modular, extensible, supports booting off filesystems, and it has a scriptable shell.

Status

How to build GRUB2 as a payload

It's recommended to use a recent snapshot of the allpatches branch in the GRUB2 monotone repository (you can also just download http://coreboot.org/viewmtn/branch/head/tar/org.coreboot.grub2.allpatches - which resolves to the latest revision on that branch; the top level directory in the resulting tarball represents the revision ID, which is a SHA-1 value over revision data, and thus varies wildly).

$ wget http://coreboot.org/viewmtn/revision/tar/edae9d3e3d999c07b2d8a99f04f258586eb79297 -O grub2.tar
$ tar xfv grub2.tar
$ cd edae9d3e3d999c07b2d8a99f04f258586eb79297
$ sh autogen.sh
$ ./configure --with-platform=coreboot --prefix=$PWD/installed
$ chmod 755 mkinstalldirs
$ make && make install
$ $PWD/installed/bin/grub-mkimage -o core.img normal fat iso9660 pc ata memdisk lar ls cat cmp hello help serial terminal test configfile multiboot boot loopback

GRUB2 modules

GRUB2 is a modular system, you can include whichever modules you need into the image.

In addition to the full list of available modules in upstream GRUB2 the coreboot version of GRUB2 also adds a few more custom modules.

Suggested modules

We suggest that you use the following modules:

Modules Reason
serial, terminal, terminfo serial console support
coreboot change to console automatically
digest crypto (incl. signature checking)
memdisk, lar or cpio filesystem in rom

During development, we used the following list of modules:

coreboot hello cat cmp fat iso9660 help lspci lsusb serial terminal lar terminfo memdisk atadisk ls 
configfile boot hexdump digest linux multiboot pc

Modules specific to coreboot

The following modules are specific to coreboot, or to the coreboot version of GRUB2:

Module name Description
atadisk ATA disk driver based on the OpenBIOS driver
coreboot load serial console information from coreboot table
lar archive format ("filesystem") driver for LAR files (such as coreboot v3 images)
lsusb in the .usb branch, provides an uhci driver and usb storage support. highly experimental at this time

Building a diskimage

If you are using coreboot v2, the firmware image is not a LAR archive, as in coreboot v3. If you want to place files in the coreboot+grub2 image, you can still create a diskimage and include it in your payload.

  1. create a lar/cpio/tar file (cpio must be gnu cpio. files created by other cpios might not be compatible)
  2. add -m lar/cpio-file to your grub-mkimage command line

Per default GRUB2 looks for a configuration file grub.cfg in the disk image. The path is

(memdisk)/grub.cfg

Checking Signatures

Currently the tools for crypto signature verification are not built automatically. To build them, run

$ cd libs/sigtools
$ make

Using sigtools

Create a key pair filename.pub and filename.sec with

$ genkeypair filename

Create a signature of candidate using keyfile.sec and save it as candidate.sig:

$ gensig keyfile candidate

Verification in GRUB2

Load /key.pub as public key and block access to all unsigned files with

$ load-pubkey /key.pub

Verify foo using the signature foo.sig, reporting success or failure and grant access to the file foo with:

$ validate /foo /foo.sig

Example:

multiboot grub-invaders # fails
validate grub-invaders grub-invaders.sig
multiboot grub-invaders # this time it succeeds

Hints and Tricks

Loading grub.cfg from disk

It is suggested that grub.cfg is contained in a memdisk/lar image. This grub.cfg can be used to load other configuration files from any mass storage media. If you want to load a grub.cfg from the first device that contains one, your in-flash grub.cfg can look like this:

search -f -s /grub.cfg
configfile /grub.cfg


To Do

  • USB stack integration (in progress).
  • See more information in the "Porting GRUB2 to coreboot" milestone in the coreboot issue tracker.

History

Patrick Georgi has been working on GRUB2 for coreboot during the Google Summer of Code 2007. He made an original code submission on August 20th 2007. If you care, there is documentation on how to use it, but that work is based on a very old version of GRUB2.

For various reasons, Robert Millan of the GRUB project did another original implementation, which got merged, so we moved our effort to their new code base and continued from there.

How to help?

Contact Stefan Reinauer, Patrick Georgi or the coreboot mailing list for more information.