Chapter 6. Making temporary changes to the GRUB menu
You can modify GRUB menu entries or pass arguments to the kernel, which applies only to the current boot. On a selected menu entry in the boot loader menu, you can:
- display the menu entry editor interface by pressing the e key.
- discard any changes and reload the standard menu interface by pressing the Esc key.
- load the command-line interface by pressing the c key.
- type any relevant GRUB commands and enter them by pressing the Enter key.
- complete a command based on context by pressing the Tab key.
- move to the beginning of a line by pressing the Ctrl+a key combination.
- move to the end of a line by pressing the Ctrl+e key combination.
The following procedures provide instruction on making changes to a GRUB Menu during a single boot process.
6.1. Introduction to GRUB
GRUB stands for the GNU GRand Unified Bootloader
. With GRUB, you can select an operating system or kernel to be loaded at system boot time. Also, you can pass arguments to the kernel.
When booting with GRUB, you can use either a menu interface or a command-line interface (the GRUB command shell
). When you start the system, the menu interface appears.
You can switch to the command-line interface by pressing the c key.
You can return to the menu interface by typing exit and pressing the Enter key.
GRUB BLS files
The boot loader menu entries are defined as Boot Loader Specification (BLS
) files. This file format manages boot loader configuration for each boot option in a drop-in directory, without manipulating boot loader configuration files. The grubby
utility can edit these BLS
files.
GRUB configuration file
The /boot/grub2/grub.cfg
configuration file does not define the menu entries.
Additional resources
6.2. Introduction to bootloader specification
The BootLoader Specification (BLS) defines a scheme and the file format to manage the bootloader configuration for each boot option in the drop-in directory without the need to manipulate the bootloader configuration files. Unlike earlier approaches, each boot entry is now represented by a separate configuration file in the drop-in directory. The drop-in directory extends its configuration without having the need to edit or regenerate the configuration files. The BLS extends this concept for the boot menu entries.
Using BLS, you can manage the bootloader menu options by adding, removing, or editing individual boot entry files in a directory. This makes the kernel installation process significantly simpler and consistent across the different architectures.
The grubby
tool is a thin wrapper script around the BLS and it supports the same grubby
arguments and options. It runs the dracut
to create an initial ramdisk image. With this setup, the core bootloader configuration files are static and are not modified after kernel installation.
This premise is particularly relevant in RHEL 8, because the same bootloader is not used in all architectures. GRUB is used in most of them such as the 64-bit ARM, but little-endian variants of IBM Power Systems with Open Power Abstraction Layer (OPAL) uses Petitboot
and the IBM Z architecture uses zipl
.
Additional Resources
- Section 4.2, “Understanding boot entries”
-
the
grubby(8)
manual page
6.3. Booting to rescue mode
Rescue mode provides a convenient single-user environment in which you can repair your system in situations when it is unable to complete a normal booting process. In rescue mode, the system attempts to mount all local file systems and start some important system services. However, it does not activate network interfaces or allow more users to be logged into the system at the same time.
Procedure
- On the GRUB boot screen, press the e key for edit.
Add the following parameter at the end of the
linux
line:systemd.unit=rescue.target
Press Ctrl+x to boot to rescue mode.
6.4. Booting to emergency mode
Emergency mode provides the most minimal environment possible in which you can repair your system even in situations when the system is unable to enter rescue mode.
In emergency mode, the system:
-
mounts the
root
file system only for reading - starts a few essential services
However, the system does not:
- attempt to mount any other local file systems
- activate network interfaces
Procedure
- On the GRUB boot screen, press the e key for edit.
Add the following parameter at the end of the
linux
line:systemd.unit=emergency.target
Press Ctrl+x to boot to emergency mode.
6.5. Booting to the debug shell
The systemd
debug shell provides a shell very early in the start-up process. Once in the debug shell, you can use the systemctl
commands, such as systemctl list-jobs
and systemctl list-units
, to search for the cause of systemd
related boot-up problems.
Procedure
- On the GRUB boot screen, press the e key for edit.
Add the following parameter at the end of the
linux
line:systemd.debug-shell
Optionally add the
debug
option.NoteAdding the
debug
option to the kernel command line increases the number of log messages. Forsystemd
, the kernel command-line optiondebug
is now a shortcut forsystemd.log_level=debug
.- Press Ctrl+x to boot to the debug shell.
Permanently enabling the debug shell is a security risk because no authentication is required to use it. Disable it when the debugging session has ended.
6.6. Connecting to the debug shell
During the boot process, the systemd-debug-generator
configures the debug shell on TTY9.
Prerequisites
- You have booted to the debug shell successfully. See Booting to the debug shell.
Procedure
Press Ctrl+Alt+F9 to connect to the debug shell.
If you work with a virtual machine, sending this key combination requires support from the virtualization application. For example, if you use Virtual Machine Manager, select Send Key
Ctrl+Alt+F9
from the menu.- The debug shell does not require authentication, therefore you can see a prompt similar to the following on TTY9:
sh-4.4#
Verification
Enter a command as follows:
sh-4.4# systemctl status $$
- To return to the default shell, if the boot succeeded, press Ctrl+Alt+F1.
Additional resources
-
The
systemd-debug-generator(8)
manual page
6.7. Resetting the root password using an installation disk
In case you forget or lose the root
password, you can reset it.
Procedure
- Boot the host from an installation source.
In the boot menu for the installation media, select the
Troubleshooting
option.In the Troubleshooting menu, select the
Rescue a Red Hat Enterprise Linux system
option.At the Rescue menu, select
1
and press the Enter key to continue.Change the file system
root
as follows:sh-4.4# chroot /mnt/sysimage
Enter the
passwd
command and follow the instructions displayed on the command line to change theroot
password.Remove the
autorelable
file to prevent a time consuming SELinux relabel of the disk:sh-4.4# rm -f /.autorelabel
-
Enter the
exit
command to exit thechroot
environment. -
Enter the
exit
command again to resume the initialization and finish the system boot.
6.8. Resetting the root password using rd.break
In case you forget or lose the root
password, you can reset it.
Procedure
- Start the system and, on the GRUB boot screen, press the e key for edit.
Add the
rd.break
parameter at the end of thelinux
line:Press Ctrl+x to boot the system with the changed parameters.
Remount the file system as writable.
switch_root:/# mount -o remount,rw /sysroot
Change the file system’s
root
.switch_root:/# chroot /sysroot
Enter the
passwd
command and follow the instructions displayed on the command line.Relabel all files on the next system boot.
sh-4.4# touch /.autorelabel
Remount the file system as read only:
sh-4.4# mount -o remount,ro /
-
Enter the
exit
command to exit thechroot
environment. Enter the
exit
command again to resume the initialization and finish the system boot.NoteThe SELinux relabeling process can take a long time. A system reboot occurs automatically when the process is complete.
You can omit the time consuming SELinux relabeling process by adding the enforcing=0
option.
Procedure
When adding the
rd.break
parameter at the end of thelinux
line, appendenforcing=0
as well.rd.break enforcing=0
Restore the
/etc/shadow
file’s SELinux security context.# restorecon /etc/shadow
Turn SELinux policy enforcement back on and verify that it is on.
# setenforce 1 # getenforce Enforcing
Note that if you added the enforcing=0
option in step 3 you can omit entering the touch /.autorelabel
command in step 8.
6.9. Additional resources
-
The
/usr/share/doc/grub2-common
directory. -
The
info grub2
command.