Slashdot Mirror
GRUB 2.00 Bootloader Officially Released
An anonymous reader writes "After being in development for more than a decade, GRUB2 was released today as stable. The mailing list announcement covers new features including a standard theme, support for new file-systems, ports to new CPU architectures, new driver coverage, better EFI support, and many other new features that have materialized over the years of development to succeed GRUB Legacy."
They should have declared it stable long ago, when all the major distros have adopted it for release after release it's time to move on. Sure, there must have still been bugs but that's where point releases come in handy.
I still like LILO better.
I'm glad GRUB2 is finally finished! Now we can finally move on to scrapping the entire thing and spending years on GRUB3.
Not for long, though.
What Ubuntu has been referring to as Grub2 was Grub1.9x, a pre-release of Grub2. What the OP means is their dropping it because of legal issues around GPLv3, on Windows 8 approved hardware they won't be able to keep the private signing key, private which would result in their certificates being revoked. http://www.extremetech.com/computing/131628-canonical-explains-decision-to-ditch-grub-2-on-uefi-systems
The amusing thing about this is, with secure boot coming out GRUB2 will probably be tossed out in favour of a boot loader with a more liberal license. Ubuntu has already stated they are dropping GRUB2, I imagine other distros will follow in the next few years.
Yes, UEFI Secure Boot means precisely that: you can't use any Linux but Red Hat and Ubuntu, official kernels only. Microsoft agreed to sign their official kernels to have more ammunition in the inevitable antitrust suit. A pox on Ubuntu for cooperating here!
GPL3 on Grub works as designed here: it stops any DRM, disallowing unmodifiable bootloaders and kernels.
The creatures outside looked from Alt-Right to Antifa; but already it was impossible to say which was which.
To boot in non secure mode:
- yup, GRUB2 does support EFI.
To boot in secure-mode:
- technically yes, practically not so easy.
To boot in secure-mode, GRUB2 need to be signed.
As per GPLv3, GRUB2 needs to publish the private key, so any one could rebuilt his/her very own version of GRUB2, sign it, and replace the previous one.
But due to the way microsoft license its keys and signing, GRUB won't be allowed to publish said key, thus can't abid GPLv3. Thus no version of GRUB2 signed with microsoft key.
Then two other possibilities remain:
- Canonical will get efilinux signed with microsoft keys. So GRUB2 has to be made bootable from efillinux (efilinux is rather primitive, it just loads a kernel from a set collection of blocks from the device and run it. It shouldn't be too much difficult to have efilinux load and execute a GRUB2's "stage 1.5" or "stage 2").
Thus efilinux is the part that needs to be signed with microsoft's key (and efilinux's license makes it possible. Although that also means that you won't be able to hack it).
- Canonical is trying to setup its own scheme of signing, a much more open-source friendly way. And trying to get motherboard manufacturer to include canonical's signing keys into the mobo's secure boot.
On motherboards that feature also Canonical's key, one could use a GRUB2 binary signed with canonical's key. As per GPLv3: canonical needs to provide some way so an end user can sign his/her new custom version of GRUB2 to replace the original own.
Now the funny part:
- GRUB2 can load coreboot (an opensource firmware) payloads, so it could also load SeaBIOS (a legacy BIOS implementation as a coreboot payload).
- GRUB2 can also load windows XP's boot loader.
So if any of the above is possible (either chainloading efilinux to grub2, or signing grub2 in a gplv3 compatible way). That means that grub2 could be used to boot windows XP on secure-boot hardware. (with seabios providing the legacy bios compatibility, and windows XP's ntldfr being loaded from grub2).
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
Rarely have I seen a bigger pile of shit than the configuration for grub 2. The config for grub 1 was so simple... and it *almost* made sense. They should have dropped the hurd device naming, but kept the grub.conf format we all know and love. This was another bit of software someone just had to rewrite. Now you have to generate a new configuration after any change.
Only thing I hate worse is systemd.
No. It is designed to generate a chain of trust from the BIOS (UEFI) up to the operating system including drivers. So if you change anything in this chain, DRM-plagued media will refuse to play! It's all about the ability to play content withot the user being able to grab that content or do anything else with it. If it would be about preventing root kits, then the master keys could be in the hand of the user.
No, not really. As designed, it was intended to prevent hardware vendors from designing hardware with locked-down Linux installations. In this case, it is trying (unsuccessfully) to prevent enthusiasts from being able to install locked-down Linux on off-the-shelf ARM hardware without breaking their ability to switch back to Windows. The fact that you also won't be able to install non-locked-down Linux on that hardware is a secondary issue. It's a clear case of the GPLv3 acting against the right to tinker solely for reasons of ideological purity—the right to change everything or the right to change nothing.... That's truly backwards in my book.
The fact of the matter is that not enough people care about running Linux to convince manufacturers to push back on Microsoft over the ARM UEFI Secure Boot mandate. There is exactly one way to guarantee the right to tinker, and that is to get people from the geek community elected to governing bodies so that they can propose and pass legislation that mandates that right. Any other strategies are doomed to failure. It doesn't even have to be federal law. If the State of California passed a law saying that all electronic devices purchased using California tax dollars must provide a way for the user to install alternative operating systems without removing the user's ability to run the OS that came with it, Microsoft's attempts at mandating non-disableable UEFI Secure Boot on ARM would go down like a lead balloon even if no other legislature adopted such a provision.
Check out my sci-fi/humor trilogy at PatriotsBooks.
GRUB2 is cabable of mounting ISO images and loading contained kernels.
That means you can save unmodified liveCD ISO images on a boot partition with GRUB2 and load them directly. /bar.
This is not a CD or DVD emulator but simply loopback access, as if you'd mount it in Linux with mount -o loop foo.iso
If you want to retain the individual boot menus of your liveCDs, you need to recreate them with GRUB2 syntax.
Fortunately some, albeit very few, live CDs ship with a loopback.cfg for this purpose nowadays.
Off the top of my head, new Ubuntu releases and GRML do so. GRML was one of the first.
http://michael-prokop.at/blog/2011/01/07/booting-iso-images-from-within-grub2/
http://www.supergrubdisk.org/wiki/Loopback.cfg
http://grml.org/