Managing EFI Boot Loaders for Linux
Originally written: 9/23/2011; last update: 7/7/2018
This Web page is provided free of charge and with no annoying
outside ads; however, I did take time to prepare it, and Web hosting does
cost money. If you find this Web page useful, please consider making a
small donation to help keep this site up and running. Thanks!
Donate $1.00 |
Donate $2.50 |
Donate $5.00 |
Donate $10.00 |
Donate another value |
|
|
|
|
|
Most computers today boot using Extensible Firmware Interface (EFI) firmware, or its version-2.x variant, Unified EFI (UEFI). The way EFI
computers boot is very different from the way older computers based on the
Basic Input/Output System (BIOS) boot. This fact is both positive and
negative. On the plus side, the EFI boot method is much more flexible and,
in theory, easier to configure than is the BIOS boot method. On the minus
side, EFI skills and documentation still lags BIOS skills and documentation, so people experienced in the BIOS method of booting often make mistakes when dealing with newer EFI-based computers. Even EFI support in Linux distributions continues to be a source of occasional problems, particularly with respect to obscure or unusual situations.
I've written this set of Web pages with the goal of explaining some of
the basics of the EFI boot methods, most notably including how to install
and manage EFI boot loaders. This document is broken into a number of
sections, as detailed below.
Sections
- EFI Boot Principles—The basic
principles that underlie EFI booting. Be sure to read this section if
you don't know much about EFI or how it boots a computer.
- EFI Boot Loader Installation—How
to install an EFI boot loader (or boot manager), in general terms.
- The Boot Loaders—A boot loader loads an OS kernel into
memory and executes it. The following programs can all launch the Linux
kernel in this way. A few can launch other OS kernels or perform boot
manager tasks, too, as described shortly.
- Using ELILO—This boot loader is
modelled after the BIOS-mode LILO. ELILO was one of the (maybe
the) first EFI boot loader for Linux, but it seems to have
been abandoned in 2013.
- Using SYSLINUX—This is a family of
boot loaders for Linux, covering both BIOS-mode and EFI-mode booting
from a variety of media. It's similar to ELILO in overall scope and
capabilities, but it seems to have seen no development since late
2014.
- Using GRUB Legacy—Officially,
the first version of GRUB (aka GRUB Legacy does not support
EFI-mode booting; however, an EFI-enabled version was forked by
Fedora and used by that distribution through Fedora 17, which was
released in 2012. Fedora 18, released in 2013, switched to GRUB
2..
- Using GRUB 2—This boot loader is the
default for most Linux distributions; although many used one of the
preceding boot loaders at one time, by 2014 most had switched to
GRUB 2. GRUB 2 provides the most features of any Linux boot loader,
particularly features related to technical matters such as network
booting, support for LVM and encrypted filesystems, etc.
- Using the Kernel's EFI Stub
Loader—The Linux kernel itself can be configured with a
built-in EFI boot loader. Most Linux distributions enable this
feature by default on their kernels. This unusual feature enables a
simpler boot manager, as described next, to effectively function as
a boot loader....
The Boot Managers—Boot managers hand off control to another
boot program; they don't boot an OS directly. (The EFI stub loader,
though, blurs the lines.)
- Using rEFIt—This boot manager
originated in the Mac world (which switched to EFI earlier than the
rest of the PC world), but was abandoned in 2010. It is a very
graphical boot manager, using icons rather than text in its boot
menu. It remains useful, although it has some serious limitations,
particularly when booting Linux via the EFI stub loader. Chances are
you're better off using rEFInd....
- Using rEFInd—This is my fork of
rEFIt, with the goal of adding features to make it more useful on
UEFI-based PCs and to boot Linux kernels via the EFI stub loader,
while retaining and expanding rEFIt's graphical nature and ease of
use. rEFInd has features that make it a good choice for those who
boot many OSes, and especially those who install multiple Linux
distributions.
- Using gummiboot/systemd-boot—This
program is a bare-bones text-mode boot manager for EFI-based
systems. It's linked to the dominant systemd startup system, and its
developers are promoting a boot standard that could be very helpful
in multi-distribution installations; but systemd-boot has some
design features that limit its utility and it hasn't gained much
traction against the dominant GRUB 2.
- Using fallback.efi—This
program (usually installed using an architecture-specific variant
name, such as fbx64.efi) is a highly specialized program
that I classify as a boot manager because its job is to pass control
to another boot manager or boot loader; however, it presents no
menu. Instead, it tries to re-create the firmware's own built-in
boot manager options, in case they've been wiped out. Linux
distributions are increasingly relying on it to deal with flaky
EFIs; but it can cause problems if you don't understand what it's
doing.
Dealing with Secure Boot—If you have
a computer that shipped with Windows 8 or later, read this section!
Controlling Secure Boot—This
section provides information on advanced techniques for taking full
control of your computer's Secure Boot features.
Signing Kernel Modules for Secure
Boot—To optimize Secure Boot benefits, every Linux kernel
module must be signed. Ideally, this will happen automatically; but if
it doesn't, this page will help.
Repairing Boot Repair—Ubuntu's Boot
Repair tool can create problems, particularly if you don't want to use
GRUB. This page describes how to fix these problems. This section is
largely obsolete, but has been retained for historical
interest.
CSM: The Good, the Bad, and the
Ugly—The EFI Compatibility Support Module (CSM) provides
compatibility with BIOS-mode boot loaders and OSes, but at the cost of
greatly increased complexity.
Note: Another EFI boot loader for Linux, efilinux, is an
out-of-kernel precursor to the kernel's EFI stub loader. It's got the stub
loader's disadvantages and few of its advantages. I've had little success
getting it working, although I've only tested it on a couple of systems. I
therefore don't cover it here, aside from this paragraph. At least two additional programs, Shim and PreLoader, exist to help work around boot problems associated with Secure Boot; these are described in the first section on Secure Boot.
Quick Recommendations
Most Linux distributions install the EFI version of GRUB 2 on EFI-based computers. When I first wrote these pages, GRUB 2 barely worked, but it's much more reliable in 2018 than in 2011. Thus, if you're happy with GRUB 2 as installed by your distribution, you might as well stick with it.
There are problems with GRUB 2, though. Some of these problems relate to the fact that it can be difficult to control your boot mode (EFI vs. BIOS) when you install an OS, and therefore difficult to tell which version of GRUB you've installed. There are also cases where GRUB misbehaves; it may fail to launch, refuse to chainload to Windows or OS X, or do other strange things. In these cases, or if you dislike GRUB 2, you should try something else.
As of mid-2018, the best of these boot loaders is probably the EFI stub loader, which is built into the Linux kernel itself. The stub loader is simple, but it can be awkward to control, so you'll probably want to use it in conjunction with rEFInd or gummiboot/systemd-boot, which are boot managers—they present menus that enable you to launch a boot loader.
The SYSLINUX boot loader is available for both BIOS and EFI, but hasn't seen any development activity since 2014. Its EFI version works reasonably well, although it's not very popular. ELILO is similar to SYSLINUX, but its Sourceforge page includes a note explicitly stating that it is no longer being actively developed. Despite this fact, ELILO is reasonably reliable, in my experience.
GRUB Legacy, like ELILO, is no longer being actively developed. Furthermore, the original version is BIOS-only; EFI support is available only in a significantly-patched version produced by Red Hat/Fedora. Although this version is not being actively developed, it's worked reasonably well for me.
Both versions of GRUB, rEFIt, rEFInd, and gummiboot can function as boot
managers for non-Linux OSes; that is, they can chainload other boot loaders.
ELILO and SYSLINUX are Linux-only tools; if you multi-boot with another OS,
you'll need to use another program to switch between Linux and your other
OS.
Be aware that there are significant system-specific quirks. I've never
gotten ELILO to work on my 32-bit Mac Mini, for instance. ELILO does work with a 32-bit version of VirtualBox's EFI, so I suspect a Mac-specific quirk—but I've seen many references to ELILO working on Macs, so it may be model-specific, or I may be doing something wrong.
If you have a computer that shipped with Windows 8 installed, chances are the firmware is set to use Secure Boot. This is a feature designed to prevent malware from infecting the computer before the OS has a chance to take over. Unfortunately, it also complicates the installation and management of boot loaders. If you need help, read my section on Secure Boot.
Additional Resources
- Intel's EFI page
includes links to various EFI resources, including the EFI
specifications, which include the official GPT 1.x specification. (In
version 1.10, section 11.2.2.1 describes GPT.) Note, however, that most
PCs with EFI support use the newer UEFI 2.x (see next bullet
point).
- The UEFI 2.x specifications and
tools detail UEFI 2.x, as implemented on some modern PC
motherboards. The GPT structure is described in Section 5 (and
especially Section 5.3) of the UEFI 2.3 specification. Note that UEFI
2.x uses the same GPT format (1.0) as described in version 1.x of the
EFI specification, although the description has been clarified or
expanded in a few areas. The GPT version number is unrelated to the
EFI/UEFI version number.
- Ubuntu's Wiki includes a page summarizing EFI
boot loader features.
- My GPT fdisk (gdisk
and sgdisk) documentation provides information on these
partitioning tools, as well as on GPT in general.
- The "Windows
x64 BIOS to UEFI" article describes how to switch Windows from BIOS
to UEFI boot mode without reinstalling.
- Intel has a Web
page that summarizes UEFI shell script commands.
- The Wikipedia article on
UEFI provides a good introduction to what UEFI is and how it
interacts with other software and hardware on the computer.
- This
page describes the EFI boot process.
- Adam Williamson has written a good summary of what EFI is and how it works.
- This blog
entry describes the outlines of how to create Secure Boot keys,
sign EFI binaries, and manage it all.
- The ALT Linux folks have documented, in
excruciating detail, the process required to have Microsoft sign a boot
loader.
- This blog post
provides a succinct summary of some of the most important commands used to
generate Secure Boot keys for use with KeyTool. (It also covers booting
Debian using a self-signed kernel, bypassing GRUB or any other boot
loader.)
- My Web page on Using UEFI DUET
describes how to boot a BIOS-based computer in EFI mode.
- My Web page on Gigabyte's Hybrid
EFI can help owners of Gigabyte's board with this EFI
implementation work around its problems.
- My Web page on rEFInd
is its primary documentation. (I forked rEFInd from the earlier rEFIt
project.)
- My Linux on UEFI: A
Quick Installation Guide page provides helpful tips on how to
install Linux on EFI-based systems.
- Falstaff has a
blog post that analyzes Secure Boot as implemented by Ubuntu
12.10.
- If you're interested in developing EFI software yourself, my Programming for
EFI can help you get started.
copyright © 2011–2018 by Roderick W. Smith
If you have problems with or comments about this web page, please
e-mail me at
rodsmith@rodsbooks.com. Thanks.
Return to my main Web page.