Bootloaders: Difference between revisions

From Alpine Linux
(Document booting directly into a UKI)
Line 143: Line 143:
{{Note|
{{Note|
The loader and initrd file arguments are relative to the EFI partition. In a default installation, alpine places these files in <code>/boot/</code>, while EFI is mounted to <code>/boot/efi/</code>. You can either update fstab to mount EFI at <code>/boot/</code>, or manually copy them to <code>/boot/efi/</code>.                                                                                          }}
The loader and initrd file arguments are relative to the EFI partition. In a default installation, alpine places these files in <code>/boot/</code>, while EFI is mounted to <code>/boot/efi/</code>. You can either update fstab to mount EFI at <code>/boot/</code>, or manually copy them to <code>/boot/efi/</code>.                                                                                          }}
= Using a UKI (UEFI only) =
It is possible to boot directly into a '''Unified Kernel Image''' (UKI). A UKI is a single file which contains the initfs, kernel and cmdline. While this is typically done in order to enable [https://en.wikipedia.org/wiki/UEFI SecureBoot], it is perfectly feasible to skip enrolling the custom keys and leave SecureBoot off.
The page [[UEFI Secure Boot]] contains the instructions for setting an a UKI. Additionally, it is possible to install the UKI in the default fallback path used by most UEFI implementations. By installing the UKI into this path, the system will automatically boot into it if no other entries are defined. This can be automated as part of the kernel hook by adding the following to <code>/etc/kernel-hooks.d/secureboot.conf</code>
<pre>
# For the edge kernel, install the UKI into the default UEFI path.
if [ "$1" == "edge" ]; then
  output_dir="/efi/EFI/Boot/"
  output_name="bootx64.efi"
fi
</pre>


= External Links =
= External Links =

Revision as of 15:56, 12 January 2023

This page shows the basic steps you need to perform, if you for any reason want to switch bootloaders or apply some manual configuration.


rEFInd is an easy to use EFI boot menu that allows booting different operating systems.
Syslinux is the default light-weight bootloader used in Alpine.
Grub is a standard linux boot loader.
EFI Boot Stub allows booting linux directly from a motherboard supporting UEFI or another bootloader.


rEFIind

For (U)EFI systems, the refind package can provide a graphical EFI boot menu that allows to boot operating systems that are found on the available partitions.

If refind is not yet available in the used alpine release, it may be installed in another dual/multi-booted linux distribution.

For example, with a Debian based distribution, it can be installed to the EFI partition like this:

apt install refind             # installs the debian package
refind-install --alldrivers    # installs refind to the EFI partitioon

(The --alldrivers option includes all filesystem drivers instead of only the one needed to load the currently running kernel, to allow finding and booting operating systems from more partitions.)

And a first (default) boot menu line needs to be configured with Alpine's default boot parameters. Assuming the bootable partition is mounted at /media/sdXY it can be done like this (at time of writing):

echo '"Alpine" "modules=loop,squashfs,sd-mod,usb-storage quiet initrd=\boot\intel-ucode.img initrd=\boot\amd-ucode.img initrd=\boot\initramfs-lts"' > /media/sdXY/boot/refind_linux.conf
Note:
  1. At the time of writing, it was still needed to use backslashes in the .conf file.
  2. The path in the config file needs to be relative to the partition that the kernel resides on. If /boot resides on its own separate partition, then \boot needs to be removed from the paths.

Installing Syslinux

If you want to switch from another bootloader back to Syslinux, or if you for some reason want to install Syslinux manually, the following steps are required.

Install the syslinux package:

apk add syslinux

If you're using GPT partitions, install the GPT MBR onto the drive you want to install the bootloader on (in this case /dev/sda):

dd bs=440 count=1 conv=notrunc if=/usr/share/syslinux/gptmbr.bin of=/dev/sda

Or if you're using DOS partitions, install the DOS MBR instead:

dd bs=440 count=1 conv=notrunc if=/usr/share/syslinux/mbr.bin of=/dev/sda


Next install the required Syslinux binaries. Despite being called extlinux, Syslinux supports booting from FAT12/16/32, NTFS, ext2/3/4, btrfs, XFS, and UFS/FFS filesystems.

extlinux --install /boot

The configuration file is located in /boot/extlinux.conf. Alpine ships with a script called update-extlinux which automatically (re)generates this file, for example on updates to Syslinux. The settings for this script can be found in /etc/update-extlinux.conf, including the option to disable automatic overwriting of /boot/extlinux.conf. You can also place additional menu entries in the /etc/update-extlinux.d/ directory, e.g. for dual booting.


EFI

Todo: Work in progress. This should at least get you started.


Assuming /mnt is a FAT32 partition of type EF00 and /boot belongs to the rootfs created after running setup-disk:

mkdir -p /mnt/EFI/syslinux
cp /usr/share/syslinux/efi64/* /mnt/EFI/syslinux/
cp /boot/extlinux.conf /mnt/EFI/syslinux/syslinux.cfg
cp /boot/vmlinuz* /mnt/
cp /boot/initramfs* /mnt/

You may need to modify /mnt/EFI/syslinux/syslinux.cfg to change the paths to absolute paths (just add a / in front of the vmlinuz/initramfs entries), or copy the files to /mnt/EFI/syslinux instead (XXX: untested).

GRUB

To install GRUB in BIOS mode, (optionally) remove the Syslinux package and install the required GRUB packages:

apk del syslinux
apk add grub grub-bios

For EFI, install Grub's EFI package instead. Note that /boot has to be an EFI compatible filesystem like FAT32.

apk add grub-efi

Next install the MBR and GRUB binaries to disk for BIOS mode:

grub-install /dev/vda

For EFI mode:

grub-install --target=x86_64-efi --efi-directory=/boot

GRUB ships with an automatic config generator, including some automatic detection of other operating systems installed on the device:

grub-mkconfig -o /boot/grub/grub.cfg

This script can be configured via the /etc/default/grub file. See [1] for a list of available options.


EFI Boot Stub

To boot directly from your motherboard's UEFI boot menu, a boot entry needs to be created with either a UEFI shell or efibootmgr.

efibootmgr

Install efibootmgr:

apk add efibootmgr

Create a boot entry. It's recommended to do this in a script, as efibootmgr does not allow editing entries.

#!/bin/sh

params="root=/dev/sdXZ rw \
  initrd=\intel-ucode.img \
  initrd=\initramfs-lts"

efibootmgr --create --label "Alpine Linux" \
  --disk /dev/sdX --part Y \
  --loader /vmlinuz-lts \
  --unicode "${params}" \
  --verbose

Where /dev/sdXY contains the EFI partition and /dev/sdXZ contains the root partition. If you are using linux-edge, replace lts with edge in the script

Note:

The kernel contains the exhaustive list of ways to specify the block device. For a more robust boot entry, it is recommended to use a persistent name such as the PARTUUID.

Optionally, set the newly created entry as the default:

efibootmgr -n XXXX

Where XXXX is the boot number of the new entry.

Note: The loader and initrd file arguments are relative to the EFI partition. In a default installation, alpine places these files in /boot/, while EFI is mounted to /boot/efi/. You can either update fstab to mount EFI at /boot/, or manually copy them to /boot/efi/.

Using a UKI (UEFI only)

It is possible to boot directly into a Unified Kernel Image (UKI). A UKI is a single file which contains the initfs, kernel and cmdline. While this is typically done in order to enable SecureBoot, it is perfectly feasible to skip enrolling the custom keys and leave SecureBoot off.

The page UEFI Secure Boot contains the instructions for setting an a UKI. Additionally, it is possible to install the UKI in the default fallback path used by most UEFI implementations. By installing the UKI into this path, the system will automatically boot into it if no other entries are defined. This can be automated as part of the kernel hook by adding the following to /etc/kernel-hooks.d/secureboot.conf

# For the edge kernel, install the UKI into the default UEFI path.
if [ "$1" == "edge" ]; then
  output_dir="/efi/EFI/Boot/"
  output_name="bootx64.efi"
fi

External Links