Linux und UEFI Bootprozedur

Aus Port23Wiki
(Unterschied zwischen Versionen)
Wechseln zu: Navigation, Suche
(efibootmgr)
(9 dazwischenliegende Versionen von einem Benutzer werden nicht angezeigt)
Zeile 1: Zeile 1:
 
= Links =
 
= Links =
   
  +
* UEFI Grundlagen http://www.rodsbooks.com/efi-bootloaders/
 
* Secure Boot im Setup abschalten https://docs.fedoraproject.org/en-US/Fedora/18/html/UEFI_Secure_Boot_Guide/ch02s02.html
 
* Secure Boot im Setup abschalten https://docs.fedoraproject.org/en-US/Fedora/18/html/UEFI_Secure_Boot_Guide/ch02s02.html
 
* Secure Boot im Setup abschalten http://www.tweakpc.de/hardware/infos/pc/secure_boot_das_uefi_feature_erklaert/s02.php
 
* Secure Boot im Setup abschalten http://www.tweakpc.de/hardware/infos/pc/secure_boot_das_uefi_feature_erklaert/s02.php
Zeile 8: Zeile 9:
 
* https://wiki.ubuntuusers.de/EFI_Bootmanagement/
 
* https://wiki.ubuntuusers.de/EFI_Bootmanagement/
 
* https://help.ubuntu.com/community/UEFI
 
* https://help.ubuntu.com/community/UEFI
  +
* https://wiki.ubuntuusers.de/efibootmgr/
 
* http://www.uefi.org/learning_center/papers
 
* http://www.uefi.org/learning_center/papers
   
Zeile 17: Zeile 19:
 
efibootmgr version 0.12
 
efibootmgr version 0.12
 
usage: efibootmgr [options]
 
usage: efibootmgr [options]
-a | --active sets bootnum active
+
-a | --active sets bootnum active
-A | --inactive sets bootnum inactive
+
-A | --inactive sets bootnum inactive
-b | --bootnum XXXX modify BootXXXX (hex)
+
-b | --bootnum XXXX modify BootXXXX (hex)
-B | --delete-bootnum delete bootnum (hex)
+
-B | --delete-bootnum delete bootnum (hex)
-c | --create create new variable bootnum and add to bootorder
+
-c | --create create new variable bootnum and add to bootorder
-C | --create-only create new variable bootnum and do not add to bootorder
+
-C | --create-only create new variable bootnum and do not add to bootorder
-D | --remove-dups remove duplicate values from BootOrder
+
-D | --remove-dups remove duplicate values from BootOrder
-d | --disk disk (defaults to /dev/sda) containing loader
+
-d | --disk disk (defaults to /dev/sda) containing loader
-e | --edd [1|3|-1] force EDD 1.0 or 3.0 creation variables, or guess
+
-e | --edd [1|3|-1] force EDD 1.0 or 3.0 creation variables, or guess
-E | --device num EDD 1.0 device number (defaults to 0x80)
+
-E | --device num EDD 1.0 device number (defaults to 0x80)
-g | --gpt force disk with invalid PMBR to be treated as GPT
+
-g | --gpt force disk with invalid PMBR to be treated as GPT
-i | --iface name create a netboot entry for the named interface
+
-i | --iface name create a netboot entry for the named interface
-l | --loader name (defaults to \EFI\redhat\grub.efi)
+
-l | --loader name (defaults to \EFI\redhat\grub.efi)
-L | --label label Boot manager display label (defaults to "Linux")
+
-L | --label label Boot manager display label (defaults to "Linux")
-n | --bootnext XXXX set BootNext to XXXX (hex)
+
-n | --bootnext XXXX set BootNext to XXXX (hex)
-N | --delete-bootnext delete BootNext
+
-N | --delete-bootnext delete BootNext
-o | --bootorder XXXX,YYYY,ZZZZ,... explicitly set BootOrder (hex)
+
-o | --bootorder XXXX,YYYY,ZZZZ,... explicitly set BootOrder (hex)
-O | --delete-bootorder delete BootOrder
+
-O | --delete-bootorder delete BootOrder
-p | --part part (defaults to 1) containing loader
+
-p | --part part (defaults to 1) containing loader
-q | --quiet be quiet
+
-q | --quiet be quiet
-t | --timeout seconds set boot manager timeout waiting for user input.
+
-t | --timeout seconds set boot manager timeout waiting for user input.
-T | --delete-timeout delete Timeout.
+
-T | --delete-timeout delete Timeout.
-u | --unicode | --UCS-2 pass extra args as UCS-2 (default is ASCII)
+
-u | --unicode | --UCS-2 pass extra args as UCS-2 (default is ASCII)
-v | --verbose print additional information
+
-v | --verbose print additional information
-V | --version return version and exit
+
-V | --version return version and exit
-w | --write-signature write unique sig to MBR if needed
+
-w | --write-signature write unique sig to MBR if needed
-@ | --append-binary-args file append extra args from file (use "-" for stdin)
+
-@ | --append-binary-args file append extra args from file (use "-" for stdin)
-h | --help show help/usage
+
-h | --help show help/usage
  +
  +
Anzeigen der vorhandenen Booteinträge:
  +
  +
efibootmgr -v
  +
BootCurrent: 0000
  +
Timeout: 3 seconds
  +
BootOrder: 0000
  +
Boot0000* Fedora HD(1,GPT,07cc856e-867f-4f16-986d-92de81fa9c75,0x800,0xf4240)/File(\EFI\fedora\shim.efi)
  +
  +
Hinzufügen eines neuen Booteintrages:
  +
  +
efibootmgr -c -b 0001 -d /dev/sdc -p 1 -L "Fedora-grubx64" -l "\EFI\fedora\grubx64.efi"
  +
  +
efibootmgr nimmt die Einstellungen im NVRAM des Mainboards vor. Die Einträge sind im Setup der EFI-Firmware vorhanden.
  +
  +
efibootmgr -v
  +
BootCurrent: 0000
  +
Timeout: 3 seconds
  +
BootOrder: 0001,0000
  +
Boot0000* Fedora HD(1,GPT,07cc856e-867f-4f16-986d-92de81fa9c75,0x800,0xf4240)/File(\EFI\fedora\shim.efi)
  +
Boot0001* Fedora-grubx64 HD(1,GPT,490d3bfd-690a-4bed-9ac5-028bac4d6719,0x800,0x800)/File(\EFI\fedora\grubx64.efi)/dev/sdc
  +
  +
efibootmgr -v
  +
BootCurrent: 0001
  +
Timeout: 3 seconds
  +
BootOrder: 0001,0002
  +
Boot0001* Fedora-grubx64-2 HD(1,GPT,07cc856e-867f-4f16-986d-92de81fa9c75,0x800,0xf4240)/File(\EFI\fedora\grubx64.efi)
  +
Boot0002* UEFI OS HD(1,GPT,07cc856e-867f-4f16-986d-92de81fa9c75,0x800,0xf4240)/File(\EFI\BOOT\BOOTX64.EFI)
  +
  +
  +
Erzeugen eines bootfähigen GRUB:
  +
  +
grub2-mkimage --format=x86_64-efi --output=/root/uefi/grubx64.efi --verbose --prefix=/boot/efi
  +
  +
= Fedora Linux =
  +
  +
Fedora Linux unterstützt das Booten im Secure Boot Modus:
  +
  +
https://docs.fedoraproject.org/en-US/Fedora/18/html/UEFI_Secure_Boot_Guide/sect-UEFI_Secure_Boot_Guide-Implementation_of_UEFI_Secure_Boot-Shim.html
  +
  +
Other distributions have chosen to not require signed kernel modules in their Secure Boot implementation. Fedora believes that
  +
to fully support Secure Boot this is required. We are working to limit the impacts of this while ensuring that untrusted module
  +
code is not allowed to execute.
  +
  +
Ein Abschalten der SecureBoot Option im Setup ist möglich, das System startet problemlos.
  +
  +
https://github.com/mjg59/shim

Version vom 30. Mai 2021, 08:48 Uhr

Links

efibootmgr

efibootmgr --help 
efibootmgr version 0.12
usage: efibootmgr [options]
	-a | --active         sets bootnum active
	-A | --inactive       sets bootnum inactive
	-b | --bootnum XXXX   modify BootXXXX (hex)
	-B | --delete-bootnum delete bootnum (hex)
	-c | --create         create new variable bootnum and add to bootorder
	-C | --create-only	create new variable bootnum and do not add to bootorder
	-D | --remove-dups	remove duplicate values from BootOrder
	-d | --disk disk       (defaults to /dev/sda) containing loader
	-e | --edd [1|3|-1]   force EDD 1.0 or 3.0 creation variables, or guess
	-E | --device num      EDD 1.0 device number (defaults to 0x80)
	-g | --gpt            force disk with invalid PMBR to be treated as GPT
	-i | --iface name     create a netboot entry for the named interface
	-l | --loader name     (defaults to \EFI\redhat\grub.efi)
	-L | --label label     Boot manager display label (defaults to "Linux")
	-n | --bootnext XXXX   set BootNext to XXXX (hex)
	-N | --delete-bootnext delete BootNext
	-o | --bootorder XXXX,YYYY,ZZZZ,...     explicitly set BootOrder (hex)
	-O | --delete-bootorder delete BootOrder
	-p | --part part        (defaults to 1) containing loader
	-q | --quiet            be quiet
	-t | --timeout seconds  set boot manager timeout waiting for user input.
	-T | --delete-timeout   delete Timeout.
	-u | --unicode | --UCS-2  pass extra args as UCS-2 (default is ASCII)
	-v | --verbose          print additional information
	-V | --version          return version and exit
	-w | --write-signature  write unique sig to MBR if needed
	-@ | --append-binary-args file  append extra args from file (use "-" for stdin)
	-h | --help             show help/usage

Anzeigen der vorhandenen Booteinträge:

efibootmgr -v
BootCurrent: 0000
Timeout: 3 seconds
BootOrder: 0000
Boot0000* Fedora	HD(1,GPT,07cc856e-867f-4f16-986d-92de81fa9c75,0x800,0xf4240)/File(\EFI\fedora\shim.efi)

Hinzufügen eines neuen Booteintrages:

efibootmgr -c -b 0001 -d /dev/sdc -p 1 -L "Fedora-grubx64" -l "\EFI\fedora\grubx64.efi"

efibootmgr nimmt die Einstellungen im NVRAM des Mainboards vor. Die Einträge sind im Setup der EFI-Firmware vorhanden.

efibootmgr -v
BootCurrent: 0000
Timeout: 3 seconds
BootOrder: 0001,0000
Boot0000* Fedora	HD(1,GPT,07cc856e-867f-4f16-986d-92de81fa9c75,0x800,0xf4240)/File(\EFI\fedora\shim.efi)
Boot0001* Fedora-grubx64	HD(1,GPT,490d3bfd-690a-4bed-9ac5-028bac4d6719,0x800,0x800)/File(\EFI\fedora\grubx64.efi)/dev/sdc
efibootmgr -v
BootCurrent: 0001
Timeout: 3 seconds
BootOrder: 0001,0002
Boot0001* Fedora-grubx64-2	HD(1,GPT,07cc856e-867f-4f16-986d-92de81fa9c75,0x800,0xf4240)/File(\EFI\fedora\grubx64.efi)
Boot0002* UEFI OS	HD(1,GPT,07cc856e-867f-4f16-986d-92de81fa9c75,0x800,0xf4240)/File(\EFI\BOOT\BOOTX64.EFI)


Erzeugen eines bootfähigen GRUB:

grub2-mkimage --format=x86_64-efi --output=/root/uefi/grubx64.efi --verbose --prefix=/boot/efi

Fedora Linux

Fedora Linux unterstützt das Booten im Secure Boot Modus:

https://docs.fedoraproject.org/en-US/Fedora/18/html/UEFI_Secure_Boot_Guide/sect-UEFI_Secure_Boot_Guide-Implementation_of_UEFI_Secure_Boot-Shim.html
Other distributions have chosen to not require signed kernel modules in their Secure Boot implementation. Fedora believes that
to fully support Secure Boot this is  required. We are working to limit the impacts of this while ensuring that untrusted module
code is not allowed to execute.

Ein Abschalten der SecureBoot Option im Setup ist möglich, das System startet problemlos.

https://github.com/mjg59/shim
Meine Werkzeuge