Documentation for a newer release is available. View Latest

GRUB2 부트로더로 동작 중

indexterm:[GRUB 2,configuring GRUB 2]indexterm:[GRUB 2,reinstalling GRUB 2]indexterm:[GRUB 2,customizing GRUB 2]indexterm:[boot loader,GRUB 2 boot loader] Fedora 31 is distributed with the GNU GRand Unified Boot loader (GRUB) version 2 boot loader, which allows the user to select an operating system or kernel to be loaded at system boot time. GRUB 2 also allows the user to pass arguments to the kernel.

GRUB 2 안내

GRUB 2는 전통적인 바이오스-기반 장비의 `/boot/grub2/grub.cfg 파일과 UEFI 장비의 `/boot/efi/EFI/fedora/grub.cfg`에서 이 구성 파일을 읽습니다. 이와 같은 파일은 메뉴 정보를 포함합니다.

The GRUB 2 configuration file, grub.cfg, is generated during installation, or by invoking the /usr/sbin/grub2-mkconfig utility, and is automatically updated by grubby each time a new kernel is installed. When regenerated manually using grub2-mkconfig, the file is generated according to the template files located in /etc/grub.d/, and custom settings in the /etc/default/grub file. Edits of grub.cfg will be lost any time grub2-mkconfig is used to regenerate the file, so care must be taken to reflect any manual changes in /etc/default/grub as well.

Normal operations on grub.cfg, such as the removal and addition of new kernels, should be done using the grubby tool and, for scripts, using new-kernel-pkg tool. If you use grubby to modify the default kernel the changes will be inherited when new kernels are installed. For more information on grubby, see Making Persistent Changes to a GRUB 2 Menu Using the grubby Tool.

The /etc/default/grub file is used by the grub2-mkconfig tool, which is used by anaconda when creating grub.cfg during the installation process, and can be used in the event of a system failure, for example if the boot loader configurations need to be recreated. In general, it is not recommended to replace the grub.cfg file by manually running grub2-mkconfig except as a last resort. Note that any manual changes to /etc/default/grub require rebuilding the grub.cfg file.

grub.cfg에서 메뉴 항목

Among various code snippets and directives, the grub.cfg configuration file contains one or more menuentry blocks, each representing a single GRUB 2 boot menu entry. These blocks always start with the menuentry keyword followed by a title, list of options, and an opening curly bracket, and end with a closing curly bracket. Anything between the opening and closing bracket should be indented. For example, the following is a sample menuentry block for Fedora 31 with Linux kernel 3.17.4-301.fc21.x86_64:

menuentry 'Fedora, with Linux 3.17.4-301.fc21.x86_64' --class fedora --class gnu-linux --class gnu --class os --unrestricted $menuentry_id_option 'gnulinux-3.17.4-301.fc21.x86_64-advanced-effee860-8d55-4e4a-995e-b4c88f9ac9f0' {
        load_video
        set gfxpayload=keep
        insmod gzio
        insmod part_msdos
        insmod ext2
        set root='hd0,msdos1'
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint='hd0,msdos1'  f19c92f4-9ead-4207-b46a-723b7a2c51c8
        else
          search --no-floppy --fs-uuid --set=root f19c92f4-9ead-4207-b46a-723b7a2c51c8
        fi
        linux16 /vmlinuz-3.17.4-301.fc21.x86_64 root=/dev/mapper/fedora-root ro rd.lvm.lv=fedora/swap rd.lvm.lv=fedora/root rhgb quiet LANG=en_US.UTF-8
        initrd16 /initramfs-3.17.4-301.fc21.x86_64.img
}

Each menuentry block that represents an installed Linux kernel contains linux on 64-bit IBM POWER Series, linux16 on x86_64 BIOS-based systems, and linuxefi on UEFI-based systems. Then the initrd directives followed by the path to the kernel and the initramfs image respectively. If a separate /boot partition was created, the paths to the kernel and the initramfs image are relative to /boot. In the example above, the initrd /initramfs-3.17.4-301.fc21.x86_64.img line means that the initramfs image is actually located at /boot/initramfs-3.17.4-301.fc21.x86_64.img when the root file system is mounted, and likewise for the kernel path.

The kernel version number as given on the linux16 /vmlinuz-kernel_version line must match the version number of the initramfs image given on the initrd /initramfs-kernel_version.img line of each menuentry block. For more information on how to verify the initial RAM disk image, see Verifying the Initial RAM Disk Image.

In menuentry blocks, the initrd directive must point to the location (relative to the /boot/ directory if it is on a separate partition) of the initramfs file corresponding to the same kernel version. This directive is called initrd because the previous tool which created initial RAM disk images, mkinitrd, created what were known as initrd files. The grub.cfg directive remains initrd to maintain compatibility with other tools. The file-naming convention of systems using the dracut utility to create the initial RAM disk image is initramfs-kernel_version.img.

For information on using Dracut, see Verifying the Initial RAM Disk Image.

그룹 2 부트로더 구성하기

Changes to the GRUB 2 menu can be made temporarily at boot time, made persistent for a single system while the system is running, or as part of making a new GRUB 2 configuration file.

Grub 2 메뉴로 임시 변경 만들기

커널 메뉴 항목으로 임시 변경 만들기

단일 부트 처리 할 때에만 커널 매개 변수를 변경 할 때에, 다음과 같이 진행합니다:

  1. Start the system and, on the GRUB 2 boot screen, move the cursor to the menu entry you want to edit, and press the e key for edit.

  2. Move the cursor down to find the kernel command line. The kernel command line starts with linux on 64-Bit IBM Power Series, linux16 on x86-64 BIOS-based systems, or linuxefi on UEFI systems.

  3. 커서를 줄의 끝으로 이동합니다.

Press Ctrl+a and Ctrl+e to jump to the start and end of the line, respectively. On some systems, Home and End might also work.

  1. Edit the kernel parameters as required. For example, to run the system in emergency mode, add the emergency parameter at the end of the linux16 line:

linux16      /vmlinuz-4.2.0-1.fc23.x86_64 root=/dev/mapper/fedora-root ro rd.md=0 rd.dm=0 rd.lvm.lv=fedora/swap crashkernel=auto rd.luks=0 vconsole.keymap=us rd.lvm.lv=fedora/root rhgb quiet emergency

rhgb`과 [option]`quiet 매개변수는 시스템 메시지를 활성화 하기 위해서 제거 될 수 있습니다.

These settings are not persistent and apply only for a single boot. To make persistent changes to a menu entry on a system, use the grubby tool. See Adding and Removing Arguments from a GRUB Menu Entry for more information on using grubby.

grubby 도구를 사용하여 GRUB 2 메뉴로 지속적인 변경

The grubby tool can be used to read information from, and make persistent changes to, the grub.cfg file. It enables, for example, changing GRUB menu entries to specify what arguments to pass to a kernel on system start and changing the default kernel.

In Red Hat Enterprise Linux 7, if grubby is invoked manually without specifying a GRUB configuration file, it defaults to searching for /etc/grub2.cfg, which is a symbolic link to the grub.cfg file, whose location is architecture dependent. If that file cannot be found it will search for an architecture dependent default.

기본 커널 나열하기

기본 커널의 파일 이름을 찾아내려면, 다음과 같은 명령을 입력하세요:

~]# grubby --default-kernel
/boot/vmlinuz-4.2.0-1.fc23.x86_64

기본 커널의 색인 번호를 찾아내려면, 다음과 같은 명령을 입력하세요:

~]# grubby --default-index
0
기본 부트 항목 변경하기

기본 커널로 지정된 커널에서 영구적으로 변경하려면, 다음과 같이 grubby 명령을 사용합니다:

~]# grubby --set-default /boot/vmlinuz-4.2.0-1.fc23.x86_64
커널을 위한 GRUB 메뉴 항목 보기

모든 커널 메뉴 항목을 나열하려면, 다음과 같이 명령을 입력합니다:

~]$ grubby --info=ALL

UEFU 시스템에서, 모든 grubby 명령은 `root`으로 입력해야 합니다.

지정된 커널을 위해 GRUB 메뉴 항목을 보려면, 다음과 같이 명령을 입력합니다:

~]$ grubby --info /boot/vmlinuz-4.2.0-1.fc23.x86_64
index=0
kernel=/boot/vmlinuz-4.2.0-1.fc23.x86_64
args="ro rd.lvm.lv=fedora/root rd.lvm.lv=fedora/swap rhgb quiet LANG=en_US.UTF-8"
root=/dev/mapper/fedora-root
initrd=/boot/initramfs-4.2.0-1.fc23.x86_64.img
title=Fedora (4.2.0-1.fc23.x86_64) 23 (Workstation Edition)

`/boot/`디렉토리에 사용 가능한 커널을 보려면 탭 완성을 시도하세요.

Grub 메뉴 항목에서 인수를 추가하고 제거하기

The --update-kernel option can be used to update a menu entry when used in combination with --args to add new arguments and --remove-arguments to remove existing arguments. These options accept a quoted space-separated list. The command to simultaneously add and remove arguments a from GRUB menu entry has the follow format:

grubby --remove-args="argX argY" --args="argA argB" --update-kernel /boot/kernel

커널 GRUB 메뉴 항목에서 인수를 추가하고 제거하려면, 다음처럼 명령을 사용하세요:

~]# grubby --remove-args="rhgb quiet" --args=console=ttyS0,115200 --update-kernel /boot/vmlinuz-4.2.0-1.fc23.x86_64

This command removes the Red Hat graphical boot argument, enables boot message to be seen, and adds a serial console. As the console arguments will be added at the end of the line, the new console will take precedence over any other consoles configured.

변경 사항을 검토하려면, 다음과 같이 --info 명령을 사용하세요:

~]# grubby --info /boot/vmlinuz-4.2.0-1.fc23.x86_64
index=0
kernel=/boot/vmlinuz-4.2.0-1.fc23.x86_64
args="ro rd.lvm.lv=fedora/root rd.lvm.lv=fedora/swap LANG=en_US.UTF-8 console=ttyS0,115200"
root=/dev/mapper/fedora-root
initrd=/boot/initramfs-4.2.0-1.fc23.x86_64.img
title=Fedora (4.2.0-1.fc23.x86_64) 23 (Workstation Edition)
동일한 인수와 함께 모든 커널 메뉴를 최신화하기

To add the same kernel boot arguments to all the kernel menu entries, enter a command as follows:

~]# grubby --update-kernel=ALL --args=console=ttyS0,115200

The --update-kernel parameter also accepts DEFAULT or a comma separated list of kernel index numbers.

커널 인수 변경하기

To change a value in an existing kernel argument, specify the argument again, changing the value as required. For example, if the virtual console font size has been set to latarcyrheb-sun16 and you want to change the virtual console font size to 32, use a command as follows:

~]# grubby --args=vconsole.font=latarcyrheb-sun32 --update-kernel /boot/vmlinuz-4.2.0-1.fc23.x86_64
index=0
kernel=/boot/vmlinuz-4.2.0-1.fc23.x86_64
args="ro rd.lvm.lv=fedora/root crashkernel=auto  rd.lvm.lv=fedora/swap vconsole.font=latarcyrheb-sun32 vconsole.keymap=us LANG=en_US.UTF-8"
root=/dev/mapper/fedora-root
initrd=/boot/initramfs-4.2.0-1.fc23.x86_64.img
title=Fedora (4.2.0-1.fc23.x86_64) 23 (Workstation Edition)

더 많은 명령 옵션을 위해 grubby(8) 설명서 부분을 참고하세요.

그룹 2 구성 파일을 사용자 정의하기

GRUB 2 scripts search the user’s computer and build a boot menu based on what operating systems the scripts find. To reflect the latest system boot options, the boot menu is rebuilt automatically when the kernel is updated or a new kernel is added.

However, users may want to build a menu containing specific entries or to have the entries in a specific order. GRUB 2 allows basic customization of the boot menu to give users control of what actually appears on the screen.

GRUB 2 uses a series of scripts to build the menu; these are located in the /etc/grub.d/ directory. The following files are included:

  • 00_header, which loads GRUB 2 settings from the /etc/default/grub file.

  • 01_users, which is created only when a boot loader password is assigned in a kickstart file.

  • 10_linux, which locates kernels in the default partition of Fedora.

  • 30_os-prober, which builds entries for operating systems found on other partitions.

  • 40_custom, a template, which can be used to create additional menu entries.

Scripts from the /etc/grub.d/ directory are read in alphabetical order and can be therefore renamed to change the boot order of specific menu entries.

With the GRUB_TIMEOUT key set to 0 in the /etc/default/grub file, GRUB 2 does not display the list of bootable kernels when the system starts up. In order to display this list when booting, press and hold any alphanumeric key when the BIOS information is displayed; GRUB 2 will present you with the GRUB menu.

기본 부트 항목 변경하기

By default, the key for the GRUB_DEFAULT directive in the /etc/default/grub file is the word saved. This instructs GRUB 2 to load the kernel specified by the saved_entry directive in the GRUB 2 environment file, located at /boot/grub2/grubenv. You can set another GRUB record to be the default, using the grub2-set-default command, which will update the GRUB 2 environment file.

By default, the saved_entry value is set to the name of latest installed kernel of package type kernel. This is defined in /etc/sysconfig/kernel by the UPDATEDEFAULT and DEFAULTKERNEL directives. The file can be viewed by the root user as follows:

~]# cat /etc/sysconfig/kernel
# UPDATEDEFAULT specifies if new-kernel-pkg should make
# new kernels the default
UPDATEDEFAULT=yes

# DEFAULTKERNEL specifies the default kernel package type
DEFAULTKERNEL=kernel-core

The DEFAULTKERNEL directive specifies what package type will be used as the default. Installing a package of type kernel-debug will not change the default kernel while the DEFAULTKERNEL is set to package type kernel.

GRUB 2 supports using a numeric value as the key for the saved_entry directive to change the default order in which the operating systems are loaded. To specify which operating system should be loaded first, pass its number to the grub2-set-default command. For example:

~]# grub2-set-default 2

Note that the position of a menu entry in the list is denoted by a number starting with zero; therefore, in the example above, the third entry will be loaded. This value will be overwritten by the name of the next kernel to be installed.

To force a system to always use a particular menu entry, use the menu entry name as the key to the GRUB_DEFAULT directive in the /etc/default/grub file. To list the available menu entries, run the following command as root:

~]# awk -F\' '$1=="menuentry " {print $2}' /etc/grub2.cfg

The file name /etc/grub2.cfg is a symlink to the grub.cfg file, whose location is architecture dependent. For reliability reasons, the symlink is not used in other examples in this chapter. It is better to use absolute paths when writing to a file, especially when repairing a system.

Changes to /etc/default/grub require rebuilding the grub.cfg file as follows:

  • 바이오스-기반의 장비에서, `root`으로 다음 명령을 실행합니다:

~]# grub2-mkconfig -o /boot/grub2/grub.cfg
  • UEFI-기반의 장비에서, `root`으로 다음 명령을 실행하세요:

~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg

메뉴 항목 편집하기

If required to prepare a new GRUB 2 file with different parameters, edit the values of the GRUB_CMDLINE_LINUX key in the /etc/default/grub file. Note that you can specify multiple parameters for the GRUB_CMDLINE_LINUX key. For example:

GRUB_CMDLINE_LINUX="console=tty0 console=ttyS0,9600n8"

Where console=tty0 is the first virtual terminal and console=ttyS0 is the serial terminal to be used.

Changes to /etc/default/grub require rebuilding the grub.cfg file as follows:

  • 바이오스-기반의 장비에서, `root`으로 다음 명령을 실행합니다:

~]# grub2-mkconfig -o /boot/grub2/grub.cfg
  • UEFI-기반의 장비에서, `root`으로 다음 명령을 실행하세요:

~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg

새로운 항목 추가하기

When executing the grub2-mkconfig command, GRUB 2 searches for Linux kernels and other operating systems based on the files located in the /etc/grub.d/ directory. The /etc/grub.d/10_linux script searches for installed Linux kernels on the same partition. The /etc/grub.d/30_os-prober script searches for other operating systems. Menu entries are also automatically added to the boot menu when updating the kernel.

The 40_custom file located in the /etc/grub.d/ directory is a template for custom entries and looks as follows:

#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.

이와 같은 파일은 편집되거나 복제 될 수 있습니다. 최소한, 유효한 메뉴 항목에는 적어도 다음이 포함되어야 합니다:

menuentry "<Title>"{
<Data>
}

사용자 정의 메뉴 생성하기

If you do not want menu entries to be updated automatically, you can create a custom menu.

Before proceeding, back up the contents of the /etc/grub.d/ directory in case you need to revert the changes later.

Note that modifying the /etc/default/grub file does not have any effect on creating custom menus.

  1. On BIOS-based machines, copy the contents of /boot/grub2/grub.cfg, or, on UEFI machines, copy the contents of /boot/efi/EFI/fedora/grub.cfg. Put the content of the grub.cfg into the /etc/grub.d/40_custom file below the existing header lines. The executable part of the 40_custom script has to be preserved.

  2. From the content put into the /etc/grub.d/40_custom file, only the menuentry blocks are needed to create the custom menu. The /boot/grub2/grub.cfg and /boot/efi/EFI/fedora/grub.cfg files might contain function specifications and other content above and below the menuentry blocks. If you put these unnecessary lines into the 40_custom file in the previous step, erase them.

이는 사용자 정의 40_custom 스크립트의 예제입니다:

#!/bin/sh
exec tail -n +3 $0
# This file provides an easy way to add custom menu entries.  Simply type the
# menu entries you want to add after this comment.  Be careful not to change
# the 'exec tail' line above.

menuentry 'First custom entry' --class red --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-4.2.0-1.fc23.x86_64-advanced-32782dd0-4b47-4d56-a740-2076ab5e5976' {
        load_video
        set gfxpayload=keep
        insmod gzio
        insmod part_msdos
        insmod xfs
        set root='hd0,msdos1'
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint='hd0,msdos1'  7885bba1-8aa7-4e5d-a7ad-821f4f52170a
        else
          search --no-floppy --fs-uuid --set=root 7885bba1-8aa7-4e5d-a7ad-821f4f52170a
        fi
        linux16 /vmlinuz-4.2.0-1.fc23.x86_64 root=/dev/mapper/fedora-root ro rd.lvm.lv=fedora/root vconsole.font=latarcyrheb-sun16 rd.lvm.lv=fedora/swap vconsole.keymap=us crashkernel=auto rhgb quiet LANG=en_US.UTF-8
        initrd16 /initramfs-4.2.0-1.fc23.x86_64.img
}
menuentry 'Second custom entry' --class red --class gnu-linux --class gnu --class os $menuentry_id_option 'gnulinux-0-rescue-07f43f20a54c4ce8ada8b70d33fd001c-advanced-32782dd0-4b47-4d56-a740-2076ab5e5976' {
        load_video
        insmod gzio
        insmod part_msdos
        insmod xfs
        set root='hd0,msdos1'
        if [ x$feature_platform_search_hint = xy ]; then
          search --no-floppy --fs-uuid --set=root --hint='hd0,msdos1'  7885bba1-8aa7-4e5d-a7ad-821f4f52170a
        else
          search --no-floppy --fs-uuid --set=root 7885bba1-8aa7-4e5d-a7ad-821f4f52170a
        fi
        linux16 /vmlinuz-0-rescue-07f43f20a54c4ce8ada8b70d33fd001c root=/dev/mapper/fedora-root ro rd.lvm.lv=fedora/root vconsole.font=latarcyrheb-sun16 rd.lvm.lv=fedora/swap vconsole.keymap=us crashkernel=auto rhgb quiet
        initrd16 /initramfs-0-rescue-07f43f20a54c4ce8ada8b70d33fd001c.img
}
  1. 다음에서 예외인 /etc/grub.d 디렉토리에서 모든 파일을 제거합니다:

    • 00_header,

    • 40_custom,

    • 01_users (만약 존재한다면),

    • 그리고 읽어보기.

Alternatively, if you want to keep the files in the /etc/grub2.d/ directory, make them unexecutable by running the chmod a-x <file_name> command.

  1. Edit, add, or remove menu entries in the 40_custom file as desired.

  2. Rebuild the grub.cfg file by running the grub2-mkconfig -o command as follows:

    • 바이오스-기반의 장비에서, `root`으로 다음 명령을 실행합니다:

~]# grub2-mkconfig -o /boot/grub2/grub.cfg
  • UEFI-기반의 장비에서, `root`으로 다음 명령을 실행하세요:

~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg

그룹 2 비밀번호 보호

GRUB 2 supports both plain-text and encrypted passwords in the GRUB 2 template files. To enable the use of passwords, specify a superuser who can reach the protected entries. Other users can be specified to access these entries as well. Menu entries can be password-protected for booting by adding one or more users to the menu entry as described in Setting Up Users and Password Protection, Specifying Menu Entries. To use encrypted passwords, see Password Encryption.

If you do not use the correct format for the menu, or modify the configuration in an incorrect way, you might be unable to boot your system.

All menu entries can be password-protected against changes by setting superusers, which can be done in the /etc/grub.d/00_header or the /etc/grub.d/01_users file. The 00_header file is very complicated and, if possible, avoid making modifications in this file. Menu entries should be placed in the /etc/grub.d/40_custom and users in the /etc/grub.d/01_users file. The 01_users file is generated by the installation application anaconda when a grub boot loader password is used in a kickstart template (but it should be created and used it if it does not exist). Examples in this section adopt this policy.

사용자와 암호 보호 설정하기, 메뉴 항목 지정하기

  1. To specify a superuser, add the following lines in the /etc/grub.d/01_users file, where john is the name of the user designated as the superuser, and johnspassword is the superuser’s password:

cat <<EOF
set superusers="john"
password john johnspassword
EOF
  1. To allow other users to access the menu entries, add additional lines per user at the end of the /etc/grub.d/01_users file.

cat <<EOF
set superusers="john"
password john johnspassword
password jane janespassword
EOF
  1. When the users and passwords are set up, specify the menu entries that should be password-protected in the /etc/grub.d/40_custom file in a similar fashion to the following:

menuentry 'Red Hat Enterprise Linux Server' --unrestricted {
set root=(hd0,msdos1)
linux   /vmlinuz
}

menuentry 'Fedora' --users jane {
set root=(hd0,msdos2)
linux   /vmlinuz
}

menuentry 'Red Hat Enterprise Linux Workstation' {
set root=(hd0,msdos3)
linux   /vmlinuz
}

위의 예로:

  • john is the superuser and can therefore boot any menu entry, use the GRUB 2 command line, and edit items of the GRUB 2 menu during boot. In this case, john can access both Red Hat Enterprise Linux Server, Fedora, and Red Hat Enterprise Linux Workstation. Note that only john can access Red Hat Enterprise Linux Workstation because neither the --users nor --unrestricted options have been used.

  • User jane can boot Fedora since she was granted the permission in the configuration.

  • Anyone can boot Red Hat Enterprise Linux Server, because of the --unrestricted option, but only john can edit the menu entry as a superuser has been defined. When a superuser is defined then all records are protected against unauthorized changes and all records are protected for booting if they do not have the --unrestricted parameter

If you do not specify a user for a menu entry, or make use of the --unrestricted option, then only the superuser will have access to the system.

After you have made changes in the template file the GRUB 2 configuration file must be updated.

Rebuild the grub.cfg file by running the grub2-mkconfig -o command as follows:

  • 바이오스-기반의 장비에서, `root`으로 다음 명령을 실행합니다:

~]# grub2-mkconfig -o /boot/grub2/grub.cfg
  • UEFI-기반의 장비에서, `root`으로 다음 명령을 실행하세요:

~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg

비밀번호 암호

By default, passwords are saved in plain text in GRUB 2 scripts. Although the files cannot be accessed on boot without the correct password, security can be improved by encrypting the password using the grub2-mkpasswd-pbkdf2 command. This command converts a desired password into a long hash, which is placed in the GRUB 2 scripts instead of the plain-text password.

  1. 암호화된 비밀번호를 생성하려면, `root`으로 명령줄에서 grub2-mkpasswd-pbkdf2 명령을 실행하세요.

  2. Enter the desired password when prompted and repeat it. The command then outputs your password in an encrypted form.

  3. Copy the hash, and paste it in the template file where you configured the users, that is, either in /etc/grub.d/01_users or /etc/grub.d/40_custom.

다음 형식은 01_users 파일을 위해 적용합니다:

cat <<EOF
set superusers="john"
password_pbkdf2 john grub.pbkdf2.sha512.10000.19074739ED80F115963D984BDCB35AA671C24325755377C3E9B014D862DA6ACC77BC110EED41822800A87FD3700C037320E51E9326188D53247EC0722DDF15FC.C56EC0738911AD86CEA55546139FEBC366A393DF9785A8F44D3E51BF09DB980BAFEF85281CBBC56778D8B19DC94833EA8342F7D73E3A1AA30B205091F1015A85
EOF

다음 형식은 `40_custom`을 다음과 같이 파일에 적용합니다:

set superusers="john"
password_pbkdf2 john grub.pbkdf2.sha512.10000.19074739ED80F115963D984BDCB35AA671C24325755377C3E9B014D862DA6ACC77BC110EED41822800A87FD3700C037320E51E9326188D53247EC0722DDF15FC.C56EC0738911AD86CEA55546139FEBC366A393DF9785A8F44D3E51BF09DB980BAFEF85281CBBC56778D8B19DC94833EA8342F7D73E3A1AA30B205091F1015A85

GRUB 2 재설치

Reinstalling GRUB 2 is a convenient way to fix certain problems usually caused by an incorrect installation of GRUB 2, missing files, or a broken system. Other reasons to reinstall GRUB 2 include the following:

  • 그룹의 이전 버전에서 향상하기.

  • The user requires the GRUB 2 boot loader to control installed operating systems. However, some operating systems are installed with their own boot loaders. Reinstalling GRUB 2 returns control to the desired operating system.

  • 다른 드라이브에 부트 정보를 추가하기.

바이오스-기반 장비에서 GRUB 2를 재설치하기

When using the grub2-install command, the boot information is updated and missing files are restored. Note that the files are restored only if they are not corrupted.

Use the grub2-install device command to reinstall GRUB 2 if the system is operating normally. For example, if sda is your device:

~]# grub2-install /dev/sda

UEFI-기반의 장비에서 GRUB 2를 재설치하기

When using the dnf reinstall grub2-efi shim command, the boot information is updated and missing files are restored. Note that the files are restored only if they are not corrupted.

Use the dnf reinstall grub2-efi shim command to reinstall GRUB 2 if the system is operating normally. For example:

~]# dnf reinstall grub2-efi shim

GRUB 2 재설정과 재설치

This method completely removes all GRUB 2 configuration files and system settings. Apply this method to reset all configuration settings to their default values. Removing of the configuration files and subsequent reinstalling of GRUB 2 fixes failures caused by corrupted files and incorrect configuration. To do so, as root, follow these steps:

  1. rm /etc/grub.d/* 명령을 실행합니다;

  2. rm /etc/sysconfig/grub 명령을 실행합니다;

  3. EFI 시스템 *only*만을 위하여, 다음 명령을 실행하세요:

~]# dnf reinstall grub2-efi shim grub2-tools
  1. Rebuild the grub.cfg file by running the grub2-mkconfig -o command as follows:

    • 바이오스-기반의 장비에서, `root`으로 다음 명령을 실행합니다:

~]# grub2-mkconfig -o /boot/grub2/grub.cfg
  • UEFI-기반의 장비에서, `root`으로 다음 명령을 실행하세요:

~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg
  1. Now follow the procedure in Reinstalling GRUB 2 to restore GRUB2 on the /boot/ partition.

시리얼 콘솔을 통한 GRUB 2

If you use computers with no display or keyboard, it can be very useful to control the machines through serial communications.

GRUB 2 메뉴 구성하기

To set the system to use a serial terminal only during a single boot process, when the GRUB 2 boot menu appears, move the cursor to the kernel you want to start, and press the e key to edit the kernel parameters. Remove the rhgb and quit parameters and add console parameters at the end of the linux16 line as follows:

linux16      /vmlinuz-4.2.0-1.fc23.x86_64 root=/dev/mapper/fedora-root ro rd.md=0 rd.dm=0 rd.lvm.lv=fedora/swap crashkernel=auto rd.luks=0 vconsole.keymap=us rd.lvm.lv=fedora/root console=ttyS0,115200

이 설정은 지속되지 않으며 단일 부트에만 적용됩니다.

To make persistent changes to a menu entry on a system, use the grubby tool. For example, to update the entry for the default kernel, enter a command as follows:

~]# grubby --remove-args="rhgb quiet" --args=console=ttyS0,115200 --update-kernel=DEFAULT

The --update-kernel parameter also accepts the keyword ALL or a comma separated list of kernel index numbers. See Adding and Removing Arguments from a GRUB Menu Entry for more information on using grubby.

If required to build a new GRUB 2 configuration file, add the following two lines in the /etc/default/grub file:

GRUB_TERMINAL="serial"
GRUB_SERIAL_COMMAND="serial --speed=9600 --unit=0 --word=8 --parity=no --stop=1"

The first line disables the graphical terminal. Note that specifying the GRUB_TERMINAL key overrides values of GRUB_TERMINAL_INPUT and GRUB_TERMINAL_OUTPUT. On the second line, adjust the baud rate, parity, and other values to fit your environment and hardware. A much higher baud rate, for example 115200, is preferable for tasks such as following log files. Once you have completed the changes in the /etc/default/grub file, it is necessary to update the GRUB 2 configuration file.

Rebuild the grub.cfg file by running the grub2-mkconfig -o command as follows:

  • 바이오스-기반의 장비에서, `root`으로 다음 명령을 실행합니다:

~]# grub2-mkconfig -o /boot/grub2/grub.cfg
  • UEFI-기반의 장비에서, `root`으로 다음 명령을 실행하세요:

~]# grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg

In order to access the grub terminal over a serial connection an additional option must be added to a kernel definition to make that particular kernel monitor a serial connection. For example:

console=ttyS0,9600n8

Where console=ttyS0 is the serial terminal to be used, 9600 is the baud rate, n is for no parity, and 8 is the word length in bits. A much higher baud rate, for example 115200, is preferable for tasks such as following log files.

For more information on serial console settings, see Installed Documentation

시리얼 콘솔에 연결하여 화면 사용하기

screen 도구는 가용한 시리얼 터미널과 같이 제공합니다. 이를 설치하려면, `root`로서 다음과 같이 실행하세요:

~]# dnf install screen

직렬 콘솔을 사용하여 당신의 장비에 접속하려면, 다음 형식에서 이와 같은 명령을 사용하세요:

screen /dev/콘솔_포트 전송_속도

기본적으로, 만약 어떤 선택도 지정하지 않으면, [application]*screen*은 표준 9600 전송 속도를 사용합니다. 보다 높은 전송 속도을 설정하려면, 다음과 같이 입력하세요:

~]$ screen /dev/console_port 115200

여기서 _콘솔_포트_는 ttyS0, 또는 ttyUSB0 등입니다.

[application]*screen*에서 세션을 종료하려면, Ctrl+a를 누르고, `:quit`을 입력하며 Enter를 누릅니다.

추가 선택과 상세한 정보를 위하여 `screen(1)`설명서 부분을 참고하세요.

부팅시에 터미널 메뉴 편집하기

Menu entries can be modified and arguments passed to the kernel on boot. This is done using the menu entry editor interface, which is triggered when pressing the e key on a selected menu entry in the boot loader menu. The Esc key discards any changes and reloads the standard menu interface. The c key loads the command line interface.

The command line interface is the most basic GRUB interface, but it is also the one that grants the most control. The command line makes it possible to type any relevant GRUB commands followed by the Enter key to execute them. This interface features some advanced features similar to shell, including Tab key completion based on context, and Ctrl+a to move to the beginning of a line and Ctrl+e to move to the end of a line. In addition, the arrow, Home, End, and Delete keys work as they do in the bash shell.

구조 방식으로 부팅

Rescue mode provides a convenient single-user environment and allows you to repair your system in situations when it is unable to complete a normal booting process. In rescue mode, the system attempts to mount all local file systems and start some important system services, but it does not activate network interfaces or allow more users to be logged into the system at the same time. In Fedora, rescue mode is equivalent to single user mode and requires the root password.

  1. GRUB 2 부트 화면에서 부팅 할 때에 구조로 진입하려면, 편집을 위해 e 키를 누르세요.

  2. Add the following parameter at the end of the linux line on 64-Bit IBM Power Series, the linux16 line on x86-64 BIOS-based systems, or the linuxefi line on UEFI systems:

systemd.unit=rescue.target

Press Ctrl+a and Ctrl+e to jump to the start and end of the line, respectively. On some systems, Home and End might also work.

Note that equivalent parameters, 1, s, and single, can be passed to the kernel as well.

  1. Press Ctrl+x to boot the system with the parameter.

응급 모드로 부팅

Emergency mode provides the most minimal environment possible and allows you to repair your system even in situations when the system is unable to enter rescue mode. In emergency mode, the system mounts the root file system only for reading, does not attempt to mount any other local file systems, does not activate network interfaces, and only starts few essential services. In Fedora, emergency mode requires the root password.

  1. GRUB 2 부트 화면에서 응급 방식에 진입하려면, 편집을 위해 e 키를 누릅니다.

  2. Add the following parameter at the end of the linux line on 64-Bit IBM Power Series, the linux16 line on x86-64 BIOS-based systems, or the linuxefi line on UEFI systems:

systemd.unit=emergency.target

Press Ctrl+a and Ctrl+e to jump to the start and end of the line, respectively. On some systems, Home and End might also work.

Note that equivalent parameters, emergency and -b, can be passed to the kernel as well.

  1. Press Ctrl+x to boot the system with the parameter.

root 비밀번호 변경과 재설정

Setting up the root password is a mandatory part of the Fedora installation. If you forget or lose the root password it is possible to reset it, however users who are members of the wheel group can change the root password as follows:

~]$ sudo passwd root

Note that in GRUB 2, resetting the password is no longer performed in single-user mode as it was in GRUB included in Fedora 15 and Red Hat Enterprise Linux 6. The root password is now required to operate in single-user mode as well as in emergency mode.

root 비밀번호를 재설정하기 위한 2가지 절차는 다음과 같이 여기에 표시됩니다:

  • Resetting the Root Password Using an Installation Disk takes you to a shell prompt, without having to edit the grub menu. It is the shorter of the two procedures and it is also the recommended method. You can use a server boot disk or a netinstall installation disk.

  • Resetting the Root Password Using rd.break makes use of rd.break to interrupt the boot process before control is passed from initramfs to systemd. The disadvantage of this method is that it requires more steps, includes having to edit the GRUB menu, and involves choosing between a possibly time consuming SELinux file relabel or changing the SELinux enforcing mode and then restoring the SELinux security context for /etc/shadow/ when the boot completes.

설치 디스크를 사용하여 root 비밀번호를 재설정하기
  1. Start the system and when BIOS information is displayed, select the option for a boot menu and select to boot from the installation disk.

  2. `문제 해결`을 선택합니다.

  3. `페도라-서버 시스템 복구`를 선택합니다.

  4. Choose Continue which is the default option. At this point you will be promoted for a passphrase if an encrypted file system is found.

  5. Press OK to acknowledge the information displayed until the shell prompt appears.

  6. 다음과 같이 파일 시스템 `root`로 변경합니다:

sh-4.2# chroot /mnt/sysimage
  1. Enter the passwd command and follow the instructions displayed on the command line to change the root password.

  2. Remove the autorelable file to prevent a time consuming SELinux relabel of the disk:

sh-4.2# rm -f /.autorelabel
  1. Enter the exit command to exit the chroot environment.

  2. Enter the exit command again to resume the initialization and finish the system boot.

rd.break를 사용하여 root 비밀번호를 재지정하기
  1. 시스템을 시작하고, GRUB 2 부트 화면에서, 편집을 위하여 kdb:[e] 키를 누르세요.

  2. Remove the rhgb and quiet parameters from the end, or near the end, of the linux16 line, or linuxefi on UEFI systems.

Press Ctrl+a and Ctrl+e to jump to the start and end of the line, respectively. On some systems, Home and End might also work.

The rhgb and quiet parameters must be removed in order to enable system messages.

  1. Add the following parameters at the end of the linux line on 64-Bit IBM Power Series, the linux16 line on x86-64 BIOS-based systems, or the linuxefi line on UEFI systems:

rd.break enforcing=0

Adding the enforcing=0 option enables omitting the time consuming SELinux relabeling process.

The initramfs will stop before passing control to the Linux kernel, enabling you to work with the root file system.

Note that the initramfs prompt will appear on the last console specified on the Linux line.

  1. Press Ctrl+x to boot the system with the changed parameters.

With an encrypted file system, a password is required at this point. However the password prompt might not appear as it is obscured by logging messages. You can press the Backspace key to see the prompt. Release the key and enter the password for the encrypted file system, while ignoring the logging messages.

The initramfs switch_root prompt appears.

  1. The file system is mounted read-only on /sysroot/. You will not be allowed to change the password if the file system is not writable.

쓰기 할 수 있도록 파일 시스템을 재적재합니다:

switch_root:/# mount -o remount,rw /sysroot
  1. 파일 시스템은 활성화된 쓰기로 재적재됩니다.

다음과 같이 파일 시스템을 `root`로 변경합니다:

switch_root:/# chroot /sysroot

`sh-4.2#`로 프롬프트 변경.

  1. Enter the passwd command and follow the instructions displayed on the command line to change the root password.

Note that if the system is not writable, the passwd tool fails with the following error:

인증 토근 조작 오류
  1. Updating the password file results in a file with the incorrect SELinux security context. To relabel all files on next system boot, enter the following command:

sh-4.2# touch /.autorelabel

Alternatively, to save the time it takes to relabel a large disk, you can omit this step provided you included the enforcing=0 option in step 3.

  1. 읽기 전용으로만 파일 시스템을 재적재:

sh-4.2# mount -o remount,ro /
  1. Enter the exit command to exit the chroot environment.

  2. Enter the exit command again to resume the initialization and finish the system boot.

With an encrypted file system, a pass word or phrase is required at this point. However the password prompt might not appear as it is obscured by logging messages. You can press and hold the Backspace key to see the prompt. Release the key and enter the password for the encrypted file system, while ignoring the logging messages.

Note that the SELinux relabeling process can take a long time. A system reboot will occur automatically when the process is complete.

  1. If you added the enforcing=0 option in step 3 and omitted the touch /.autorelabel command in step 8, enter the following command to restore the /etc/shadow file’s SELinux security context:

~]# restorcon /etc/shadow

Enter the following commands to turn SELinux policy enforcement back on and verify that it is on:

~]# setenforce 1
~]# getenforce
Enforcing

UEFI 보안 부트

The Secure Boot technology ensures that the system firmware checks whether the system boot loader is signed with a cryptographic key authorized by a database contained in the firmware. With signature verification in the next-stage boot loader, kernel, and, potentially, user space, it is possible to prevent the execution of unsigned code.

Secure Boot is the boot path validation component of the Unified Extensible Firmware Interface (UEFI) specification. The specification defines:

  • a programming interface for cryptographically protected UEFI variables in non-volatile storage,

  • how the trusted X.509 root certificates are stored in UEFI variables,

  • validation of UEFI applications like boot loaders and drivers,

  • procedures to revoke known-bad certificates and application hashes.

UEFI Secure Boot does not prevent the installation or removal of second-stage boot loaders, nor require explicit user confirmation of such changes. Signatures are verified during booting, not when the boot loader is installed or updated. Therefore, UEFI Secure Boot does not stop boot path manipulations, it simplifies the detection of changes and prevents the system from executing a modified boot path once such a modification has occurred.

페도라에서 UEFI 보안 부트 지원

Fedora includes support for the UEFI Secure Boot feature, which means that Fedora can be installed and run on systems where UEFI Secure Boot is enabled. On UEFI-based systems with the Secure Boot technology enabled, all drivers that are loaded must be signed with a valid certificate, otherwise the system will not accept them. All drivers provided by Red Hat are signed by the UEFI CA certificate.

If you want to load externally built drivers — drivers that are not provided on the Fedora Linux DVD — you must make sure these drivers are signed as well.

추가 자원

Please see the following resources for more information on the GRUB 2 boot loader:

설치된 문서
  • /usr/share/doc/grub2-tools-<version-number> — This directory contains information about using and configuring GRUB 2. <version-number> corresponds to the version of the GRUB 2 package installed.

  • info grub2 — The GRUB 2 info page contains a tutorial, a user reference manual, a programmer reference manual, and a FAQ document about GRUB 2 and its usage.

  • grubby(8) — The manual page for the command-line tool for configuring GRUB and GRUB 2.

  • new-kernel-pkg(8) — The manual page for the tool to script kernel installation.

외부 문서
  • Fedora Installation Guide — The Installation Guide provides basic information on GRUB 2, for example, installation, terminology, interfaces, and commands.