GRUB Bootloader

GRUB2 bootloader configuration, default kernel selection, and interactive recovery from boot failures.

GRUB Configuration Files

Main configuration — NEVER edit this directly
/boot/grub2/grub.cfg          # RHEL/CentOS (BIOS)
/boot/efi/EFI/redhat/grub.cfg # RHEL/CentOS (UEFI)
/boot/grub/grub.cfg           # Arch, Ubuntu, Fedora

This file is auto-generated. Edit the source files below, then regenerate.

Editable defaults — this is where you make changes
/etc/default/grub
Custom menu entries and scripts
/etc/grub.d/
├── 00_header        # Basic GRUB settings
├── 10_linux         # Auto-detect Linux kernels
├── 20_ppc_terminfo  # PPC-specific (ignore on x86)
├── 30_os-prober     # Detect other OSes (dual-boot)
├── 40_custom        # Your custom entries go here
└── 41_custom        # Additional custom entries

Editing /etc/default/grub

View current GRUB defaults
cat /etc/default/grub
Key variables
GRUB_TIMEOUT=5                          # Seconds to wait before default boot
GRUB_DEFAULT=0                          # Default menu entry (0 = first)
GRUB_CMDLINE_LINUX="crashkernel=auto rhgb quiet"   # Kernel parameters
GRUB_DISABLE_RECOVERY="true"           # Hide recovery entries
GRUB_ENABLE_BLSCFG=true                # Boot Loader Spec (RHEL 8+)
Add a persistent kernel parameter — e.g., disable predictable network names
# Before
sudo grep GRUB_CMDLINE_LINUX /etc/default/grub

# Change
sudo sed -i 's/GRUB_CMDLINE_LINUX="\(.*\)"/GRUB_CMDLINE_LINUX="\1 net.ifnames=0"/' /etc/default/grub

# After
sudo grep GRUB_CMDLINE_LINUX /etc/default/grub
Remove quiet and rhgb — see full boot messages for debugging
sudo sed -i 's/ rhgb quiet//' /etc/default/grub

Regenerating GRUB Config

After editing /etc/default/grub, regenerate the config.

RHEL/CentOS (BIOS)
sudo grub2-mkconfig -o /boot/grub2/grub.cfg
RHEL/CentOS (UEFI)
sudo grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
Arch/Ubuntu/Fedora
sudo grub-mkconfig -o /boot/grub/grub.cfg
Forgetting to regenerate after editing /etc/default/grub is a common mistake. The changes have no effect until you run grub2-mkconfig.

Editing Kernel Parameters at Boot

For one-time changes without modifying files on disk.

Step 2: Find the line starting with linux or linuxefi
linuxefi /vmlinuz-5.14.0-362.el9.x86_64 root=/dev/mapper/rhel-root ro crashkernel=auto rhgb quiet
Step 3: Append or modify parameters at the end of that line
linuxefi /vmlinuz-... root=/dev/mapper/rhel-root ro crashkernel=auto rd.break
Step 4: Press Ctrl+X to boot with the modified parameters

These changes are temporary — they don’t survive reboot.

Common one-time parameters
rd.break                    Break into initramfs (password reset)
systemd.unit=rescue.target  Boot to rescue mode
systemd.unit=emergency.target  Boot to emergency (read-only root)
init=/bin/bash              Skip systemd entirely
selinux=0                   Disable SELinux temporarily

Installing GRUB

Install GRUB on a BIOS system — writes to MBR of the disk (not partition)
sudo grub2-install /dev/sda
Install GRUB for UEFI — writes to the EFI System Partition
sudo grub2-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=rhel
Arch Linux UEFI install
sudo grub-install --target=x86_64-efi --efi-directory=/boot/efi --bootloader-id=GRUB

Reinstalling GRUB from Live USB

When GRUB is corrupted and the system won’t boot.

Step 2: Identify and mount the root filesystem
lsblk -f
sudo mount /dev/mapper/rhel-root /mnt
sudo mount /dev/sda1 /mnt/boot
Step 3: Mount pseudo-filesystems for chroot
sudo mount --bind /dev /mnt/dev
sudo mount --bind /proc /mnt/proc
sudo mount --bind /sys /mnt/sys
Step 4 (UEFI only): Mount the EFI partition
sudo mount /dev/sda1 /mnt/boot/efi
Step 5: Chroot and reinstall
sudo chroot /mnt

# BIOS:
grub2-install /dev/sda
grub2-mkconfig -o /boot/grub2/grub.cfg

# UEFI:
grub2-install --target=x86_64-efi --efi-directory=/boot/efi
grub2-mkconfig -o /boot/efi/EFI/redhat/grub.cfg
Step 6: Exit and reboot
exit
sudo umount -R /mnt
reboot

GRUB Password Protection

Prevent unauthorized kernel parameter editing (e.g., rd.break for root password reset).

Generate a GRUB password hash
grub2-setpassword

This creates /boot/grub2/user.cfg with the hashed password. The root superuser is set automatically.

Manual approach — generate hash and add to config
grub2-mkpasswd-pbkdf2
Add to /etc/grub.d/40_custom
set superusers="admin"
password_pbkdf2 admin grub.pbkdf2.sha512.10000.HASH...
Allow booting without password but require password for editing
# In /etc/grub.d/10_linux, menu entries get --unrestricted by default
# This lets users boot but not edit kernel parameters

After any changes to /etc/grub.d/, regenerate:

sudo grub2-mkconfig -o /boot/grub2/grub.cfg

GRUB Rescue Shell

When GRUB can’t find its config or modules, it drops to grub rescue>.

Find the partition with GRUB files
grub rescue> ls
grub rescue> ls (hd0,msdos1)/grub2/
Set root and prefix, then boot normally
grub rescue> set root=(hd0,msdos1)
grub rescue> set prefix=(hd0,msdos1)/grub2
grub rescue> insmod normal
grub rescue> normal

Once you boot, immediately reinstall GRUB properly from the running system.

BIOS vs UEFI GRUB

Key differences
Feature            BIOS                    UEFI
─────────────────────────────────────────────────────
Boot code          MBR (512 bytes)         EFI System Partition (FAT32)
Partition table    MBR (max 4 primary)     GPT (128+ partitions)
Bootloader path    /boot/grub2/            /boot/efi/EFI/<distro>/
Install command    grub2-install /dev/sda  grub2-install --target=x86_64-efi
Config output      /boot/grub2/grub.cfg    /boot/efi/EFI/<distro>/grub.cfg
Size limit         2 TB disk max           9.4 ZB disk max
Check if system is UEFI or BIOS
[ -d /sys/firmware/efi ] && echo "UEFI" || echo "BIOS"
List UEFI boot entries
efibootmgr -v

See Also

  • Boot — the full boot sequence GRUB initiates

  • Kernel — kernel parameters passed via GRUB