A quick post copying part of my previous post about Grub21.
I just added a few precisions while re-testing those notes.
1. Use case
The goal is :
-
being able to use another usbstick than the dedicated one.
Your crafted Grub2 configuration on your dedicated usbstick is using the option search –fs-uuid –set <UUID>. So, when booting in your (fully encrypted) hard drive the first stage (I do not know if it is the first or 1.5 one) is looking for this UUID. And, of course, it doesn’t find it as you plugged another usbstick.
2. Variables
-
<dev_hardisk> [/dev/sda] : device of the main hard disk, fully encrypted and used to boot
-
<dev_usbstick> [/dev/sdb] : device of the usbstick used to boot
-
<dev_usbstick_bootpartition> [/dev/sdb1] : device of the partition on the usbstick hosting the /boot partition
-
<id_bootpartition> [1] : id of the partition on the usbstick hosting the /boot partition. On my usbstick it is not the first partition as the first one is a FAT one dedicated to Windows that is unable to read a partition if it is not the firt one (on a removable mass storage)
-
<uuid_usbstick_bootpartition> [46521b2b-b510-486c-bdef-ed62z0053c11] : UUID of <dev_usbstick_bootpartition>
-
<dir_mount_usbstick_bootpartition> [/media/tmp] : directory where <dev_usbstick_bootpartition> is mounted
-
<dev_root_kernel> [/dev/mapper/vg_main-lv_slash] : the root device to which initrd pivots once is has done its job (including the opening of the cryptocontainer). In this case, I am using LVM on top of the cryptocontainer with one volume group and several logical volumes. FIXME- add the default naming convention of Debian -FIXME
To get <uuid_usbstick_bootpartition> value :
$ sudo vol_id --uuid <dev_usbstick_bootpartition> 46521b2b-b510-486c-bdef-ed62z0053c11 $
3. To boot a machine when its dedicated boot usbstick is lost
As Grub2 is not finding the UUID of the dedicated usbstick it should get the /boot directory from, it switches to rescue mode.
[…] grub rescue> set <1> grub rescue> prefix=UUID=<uuid_usbstick_lost>/grub <2> grub rescue> root=UUID=<uuid_usbstick_lost> <2> grub rescue> set root=hd1,<id_bootpartition> <3> grub rescue> set prefix=(hd1,<id_bootpartition>)/boot/grub <3> <4> grub rescue> set <5> grub rescue> root=hd1,<id_bootpartition> grub rescue> prefix=(hd1,<id_bootpartition>)/boot/grub grub rescue> insmod /boot/grub/normal.mod <6> <7> grub rescue> normal <8> grub> insmod /boot/grub/_linux.mod <9> grub> insmod /boot/grub/linux.mod <9> grub> linux /boot/<machine_name>/vmlinuz-2.6.28-1-amd64 root=<dev_root_kernel> ro quiet <10> grub> initrd /boot/<machine_name>/initrd.img-2.6.28-1-amd64 <11> grub> insmod /boot/grub/boot.mod <12> grub> boot <13>
-
Let see what variable are set to which value
-
Two variables are set to the UUID of the partition hosting the Grub2 on the lost usbstick
-
Set new value for root and prefix variable according to the usbstick used to boot
-
Parenthesis for the prefix variable are not mandatory. Actually, the whole step is optional
-
Check out which variable are set to which value ; values just set should be displayed
-
Load the normal module
-
There is no completion as the shell is the rescue one. Basic completion will work once in the normal mode
-
Grub2 is now switching to normal mode
-
Load the Linux modules. This adds the following commands to the shell : initrd and linux
-
Set the Linux kernel command and launch it. You better know the mounting point of your encrypted volume for slash (/). By default, if installed with Debian Installer (DI), this is the partition name (such as sda1) with _crypted as a suffix (sda1_crypted). If you are using LVM, I do not remember DI default naming scheme
-
Set the initrd command and launch it
-
Load the boot module
-
Actually launch the boot process
Enjoy !
Tags: grub2