Note: as of this writing, Redhat is still using grub version 0.97. There are significant changes in newer versions of grub, allowing it to boot from more varied devices and making it more like a mini-kernel but the essential concepts are the same.

The grand unified bootloader is a second-level boot program responsible for booting the operating system. It is installed in the master boot record (MBR) of a disk. When the BIOS boots from that disk, grub is invoked. 

The sequence of events that occur from the transfer of control of the BIOS to grub's booting of linux is roughly as follows:

NOTE: There is some discrepancy in the documentation as to the name of grub's configuration file. The actual file is grub.conf; however, grub's documentation refers to the file menu.lst. My suspicion is that menu.lst was the old name. To work around this issue, grub configures itself to use grub.conf as the configuration file, and a symbolic link is created to it. The symbolic link is named menu.lst. 

• grub is installed in the MBR when the system is installed or when grub is instructed to overwrite itself by writing stage1 of grub directly into the MBR. (see below for the stage files)

• when the machine is booted, the stage1 code (machine instructions) of grub in the MBR then do a small amount of work before jumping to the real grub code, stage2, which is located on the target system's filesystem in /boot/grub. 

• grub's stage1 is smart enough to jump to the actual stage2 code by simply using an absolute disk address assuming

• stage2 is in the same location on disk (i.e., uses the same block numbers) as it was when grub was installed (since its absolute address is hard-coded into the stage1 code)

• the linux partition containing stage2 is "near enough" as determined by the old BIOS restriction (I believe this was a maximum of 1024 cylinders)

• stage2 of grub loads grub's configuration from /boot/grub/grub.conf to get it's configuration options and list of bootable systems. If no configuration file can be located, grub outputs its prompt and waits for commands.

• If the grub.conf file was found, grub presents the list of choices and waits for commands. (At this point, grub may be configured to simply count down until booting the default configuration. Typing any key on the keyboard will interrupt it and provide the list of choices.)
  

• grub boots the selected configuration, transferring control to the target operting system.

Many of the intricacies of this process are beyond the scope of this course. However, a working knowledge of grub's operation and syntax is required in order to alter its configuration if required and intercede if problems develop. One of the most unfortunate and frustrating situations to encounter is to have a usable system with valuable data that you just cannot boot!

(FYI, these parts of grub, called stages, are actually files. A listing is below. Notice the filesystem-specific versions of stage1_5)

# cd /boot/grub
# ls -F
device.map     grub.conf         minix_stage1_5     stage2
e2fs_stage1_5  iso9660_stage1_5  reiserfs_stage1_5  ufs2_stage1_5
fat_stage1_5   jfs_stage1_5      splash.xpm.gz      vstafs_stage1_5
ffs_stage1_5   menu.lst          stage1             xfs_stage1_5
#

grub disks and partitions

Even though we have not covered filesystems, the readers know the concepts of disks and of partitions. A disk is a physically separate device. A partition is a self-contained set of data residing on a portion of a disk. (As far as grub is concerned, logical volumes do not exist. The bootable portion of a linux system should always be stored on a physical filesystem.)

grub has its own syntax for referring to disks and partitions. The disk is indicated by a two character abbreviation to indicate the the disk type, followed by a single digit to indicate the number. The number corresponds to the BIOS drive number, zero-based.

fd0 - the first floppy disk

hd4 - the fifth [hard] disk

The partition is then indicated by a zero-based number. The pair is indicated as a tuple:

(hd0,1)  - the second partition of the first disk

(hd1,4) - the fifth partition of the second disk.

A grub filepath is then indicated as an absolute path relative to the start of the indicated disk. For example, if the current disk is set to (hd0,1), and this partition is normally mounted at /usr, then the path to /usr/bin/xxx relative to the start of the partition is /bin/xxx, or, in grub-speak, (hd0,1)/bin/xxx

The boot area

The typical location for boot information on a linux system is /boot. It is common, although not necessary, to configure /boot as a separate small partition which is the first partition for this system. There are several reasons for this:

• physical separation of the boot information protects it if corruption occurs on part of the filesystem that is in general use. This maximizes the possibility of booting a system even if it has significant filesystem issues.
• it allows the placement of the boot information at the beginning, physically, of the disk
• it allows the boot information to be operated as a physical filesystem even if most of the system is configured using logical volumes

The boot area contains kernel files (/boot) and grub information (/boot/grub)

The grub configuration file grub.conf

grub's configuration file is kept at /boot/grub/grub.conf  It is created at installation and contains three types of items

• lines that alter how grub works (i would call these directives. grub calls them commands)
• comments
• boot configurations, each beginning with a title directive and consisting of one or more lines of configuration each. Linux configurations include a kernel directive.

The boot configurations are implicitly numbered, with the first configuration number 0. 

Each new kernel that is installed creates a new configuration #0 and renumbers the existing configurations. Thus the previous configuration #0 becomes configuration #1.

grub directives

The directives that you will most often see are

hiddenmenu - do not display the menu of bootable configurations unless interrupted

timeout=N  - after N seconds, go ahead and boot the default configuration

default=N  - set N as the default configuration. Without a default directive, the default is 0

spashimage=x  - use path x as an image file to use as a background to the menu

password  - set the grub password. If a password is set, it must be entered in order to modify a configuration. If you use a password, you should encrypt it using your choice of hash algorithms (md5, sha256, sha512) with grub-crypt and use the --encrypted option on the password directive. This is discussed in the section on Protecting the Boot Process

A boot configuration

A boot configuration begins with a title directive and continues until the next title directive or the end of the file (at least I believe this is the entire rule). Normally it contains three commands

• The root command identifies the root device. This indicates the disk and partition of the filesystem containing the kernel to boot. (Note that this is probably not the partition that / will be on after the system is booted!) For example, if you have a system with a single hd-type drive that has a foreign operating system on the first partition and the linux /boot partition as the second partition, the root command would be 

• The kernel command indicates the kernel to boot. kernel is followed by an absolute path (relative to the start of the boot partition!) to the kernel. The remainder of the line consists of the kernel command-line. It is passed to the kernel verbatim when the kernel is booted. The following kernel line shows a common syntax

• ro - mount the root device read-only at boot
• root=dev  - indicates where the root device is (the actual / device of the running system) dev may be
  
• a  device file like /dev/hda1, e.g., root=/dev/hda1
  
• a disk label, like /, e.g., root=LABEL=/ (disk labels are often the same as their mount point)
  
• a Universally Unique identifier number (UUID) created by uuidgen such as b88d2f10-cac8-43ee-9ad8-6ce7e0260c39, e.g., root=UUID=b88d2f10-cac8-43ee-9ad8-6ce7e0260c39

• The initrd command indicates the initial ram disk file to load (they used to be created by the mkinitrd command and were called initrd files - now they are created by the dracut facility and called initramfs files.) initrd is followed by an absolute path (again, relative to the start of grub's root partition) to the file. Many current versions of linux use an initrd file. It contains a compressed cpio archive of the pieces of the Unix filesystem that are needed to get the kernel and init started. This includes init itself, some shared libraries, kernel modules and their support routines:

If you'd like to see what is in an initrd file, find one and try the following command (we use the name initrd here. You should substitute the full name like /boot/initramfs-2.6.32-131.6.1.el6.i686.img ) (dont execute this command as root in case you make a mistake)

A sample grub.conf file

# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE:  You have a /boot partition.  This means that
#          all kernel and initrd paths are relative to /boot/, eg.
#          root (hd0,0)
#          kernel /vmlinuz-version ro root=/dev/sda3
#          initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
password --encrypted $1$S6oWcMTQ$t0j2Vnemd24steF4RlJT./
title Red Hat Enterprise Linux Server (2.6.32-131.6.1.el6.i686)
    root (hd0,0)
    kernel /vmlinuz-2.6.32-131.6.1.el6.i686 ro root=UUID=83780f8f-178f-436d-8eb6-00ecb7a9d889 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto crashkernel=auto rhgb quiet
    initrd /initramfs-2.6.32-131.6.1.el6.i686.img
title Red Hat Enterprise Linux Server (2.6.32-131.4.1.el6.i686)
    root (hd0,0)
...

A few things should be pointed out from the above file

• You can see the grub version of an absolute path with the device syntax on the splashimage line.
• As indicated in the comments (anaconda is the installation program, which generated this grub.conf file), this system has a separate partition for booting, which is mounted at /boot. The device (e.g., (hd0,0)) infers /boot, so all paths imply that. (This is hard to explain prior to covering the section on filesystems)
• the hiddenmenu option indicates that grub should not display its configuration when booting. timeout=5 means a 5 second delay before booting.
• grub is protected by an encrypted password. (The --encrypted option is new - evidently it is there to hide the type of encryption used. I'm not sure how grub decides how to decrypt the password, as I have seen at least two different encryptions used with --encrypted.)
  
• This part of the grub configuration shows one complete and one partial configuration for a bootable operating system. Each is indicated by a title directive and the following grub commands. (Although all grub.conf files that I have seen have this type of indentation, I don't believe it is significant.) Both operating systems are linux.
  
• If you have a dual-boot system with that other OS, its boot loader will be booted by grub by chain-loading. This would be indicated by a bootable configuration such as this:

(Note that this is not from the same grub.conf file.) Here the other OS has its own bootloader on the second partition and grub chain-loads to it (+1 means load one sector from the current partition (indicated by the rootnoverify directive)) rootnoverify says that grub should set the current root but should not attempt to mount it. 

Taking a look at the first bootable linux system's configuration:

title Red Hat Enterprise Linux Server (2.6.32-131.6.1.el6.i686)
    root (hd0,0)
    kernel /vmlinuz-2.6.32-131.6.1.el6.i686 ro root=UUID=83780f8f-178f-436d-8eb6-00ecb7a9d889 rd_NO_LUKS rd_NO_LVM rd_NO_MD rd_NO_DM LANG=en_US.UTF-8 SYSFONT=latarcyrheb-sun16 KEYBOARDTYPE=pc KEYTABLE=us crashkernel=auto crashkernel=auto rhgb quiet

• the kernel's path is indicated on the kernel line. It is relative to the start of that /boot partition. The kernel is told where the real root of its data is (root=UUID=xxx means hunt for the partition whose UUID is xxx and use it as the root partition.) As is generally the case, it has an accompanying initrd file with the same version extension as the kernel. A listing of the /boot partition's top-level directory for this system after booting shows:

• The entries in grub's configuration file are also left so that it is easy to back out a newer kernel that does not function correctly by simply selecting an alternative at boot time. Let's look at the second title entry in the file now. You will see that it corresponds to the older kernel (2.6.32-131.4.1 instead of the current 2.6.32-131.6.1) in the listing of /boot above