From 21052113ff6fe4eb4a2dec0729b3ad37b0ef7a3d Mon Sep 17 00:00:00 2001 From: Aaron Honeycutt Date: Fri, 10 May 2024 10:36:15 -0600 Subject: [PATCH] Redo bootloader (#1198) * Reorder article and update sections * Update notes about BIOS installs * Fix header for encrypted disk * Add Pop!_OS GRUB steps and fix lint issue * Address feedback * Update bootloader.md Removed > on line 85 to (hopefully) fix markdown failure. --------- Co-authored-by: brandonbaez7 <160044194+brandonbaez7@users.noreply.github.com> --- content/bootloader.md | 188 +++++++++++++++++++++++++++--------------- 1 file changed, 121 insertions(+), 67 deletions(-) diff --git a/content/bootloader.md b/content/bootloader.md index 896ca3e6f2..beea01d205 100644 --- a/content/bootloader.md +++ b/content/bootloader.md @@ -21,7 +21,7 @@ A bootloader takes care of getting the operating system started up. It is also r ### Important Note -If you need to configure grub-pc (for example, after an update), installing GRUB to all devices will break GRUB. You will need to install to `/dev/sda` _not_ `/dev/sda1`. +If you need to configure grub-pc (for example, after an update), installing GRUB to all devices will break GRUB. You will need to install to `/dev/sda` or `/dev/nvme0n1` _not_ `/dev/sda1` or `/dev/nvme0n1p1`. On a fresh install of Pop!_OS 18.04 and newer, systemd-boot is used rather than the GRUB bootloader. The following instructions only apply to systems using the GRUB bootloader, otherwise refer to the systemd-boot section of this article. @@ -33,11 +33,7 @@ Please see our instructions for making a live disk of Pop!_OS [here](/articles/l ### Boot from Live Disk -Once you have the disk made, reboot your system. You'll need to tell the computer to boot from the live disk. When you see the System76 logo on the screen, press and hold the appropriate key for your system: - -Laptops | Desktops --------- | -------- -Hold Esc, F7, or F1 | Hold F8, F10, or F12 +Once you have the disk made, reboot your system. You'll need to tell the computer to boot from the live disk. When you see the System76 logo on the screen, press and hold the appropriate key for your system based on this [article](/articles/boot-menu). Use the arrow keys and Enter key to select the live disk from the boot menu. @@ -68,13 +64,29 @@ Pop!_OS 20.04 LTS 4 496GB 500GB 4295MB linux-swap(v1) swap ``` ---- +Ubuntu 22.04 LTS -## How to tell if your system is EFI-based or legacy boot +``` + Number Start End Size File system Name Flags + 1 1047kB 538MB 537MB fat32 EFI System Partition boot, esp + 2 538MB 496GB 491GB ext4 +``` + +Pop!_OS 22.04 LTS -## systemd-boot +``` + Number Start End Size File system Name Flags + 1 2097kB 524MB 522MB fat32 boot, esp + 2 524MB 4819MB 4295MB fat32 recovery msftdata + 3 4819MB 496GB 491GB ext4 root + 4 496GB 500GB 4295MB linux-swap(v1) swap +``` -### EFI Boot +**NOTE:** A BIOS install of Pop!\_OS will not have a Recovery Partition and the Flags for the Boot Partition will not note esp. + +--- + +## How to tell if your system is EFI-based or legacy boot Most computers sold after 2014 use UEFI mode. If `boot, esp` is listed under `flags` in the earlier `parted` output, then the system is installed in UEFI mode. You can also use this command to verify that your OS is installed in UEFI mode: @@ -90,11 +102,29 @@ Installed in UEFI mode support@pop-os:~$ ``` -Additionally, if `bios_grub` is listed under `flags`, the system is installed in legacy BIOS mode. +Additionally, if `esp` is not listed under `flags` for the Boot Partition, the system is installed in legacy BIOS mode. ### EFI Boot - Pop!_OS (systemd-boot) -If the echo command at the beginning of this page says that the OS is installed in EFI mode **and** you are using Pop!_OS, follow this section. Please note that if you have an encrypted disk, you will need to first unlock it as described below. +If the echo command at the beginning of this page says that the OS is installed in EFI mode **and** you are using Pop!_OS, follow this section. Please note that if you have an encrypted disk, you will need to first unlock it as described below. Running the command below will let us know if the drive is encrypted: + +```bash +sudo cryptsetup luksDump /dev/nvme0n1p3 +``` + +or + +```bash +sudo cryptsetup luksDump /dev/sda3 +``` + +If you get the output below then you do not need to decrypt the drive first: + +``` +Device /dev/nvme0n1p3 or /dev/sda3 is not a valid LUKS device. +``` + +If it is a valid LUKS device then follow these [steps](/articles/bootloader#encrypted-disk) to decrypt the drive first. First, we need to mount the OS partitions. Run these commands based on what type of disk you have: @@ -103,7 +133,7 @@ First, we need to mount the OS partitions. Run these commands based on what type | `sudo mount /dev/nvme0n1p3 /mnt` | `sudo mount /dev/sda3 /mnt` | | `sudo mount /dev/nvme0n1p1 /mnt/boot/efi` | `sudo mount /dev/sda1 /mnt/boot/efi` | -If you are using a non-default partitioning scheme (such as a dual boot), replace `nvme0n1p3` or `sda3` with the Pop!_OS root partition and `nvme0n1p1` or `sda1` with the EFI system partition (ESP). +>**NOTE:** If you are using a non-default partitioning scheme (such as a dual boot), replace `nvme0n1p3` or `sda3` with the Pop!_OS root partition and `nvme0n1p1` or `sda1` with the EFI system partition (ESP). Then continue with the following commands for either disk type: @@ -116,46 +146,76 @@ exit sudo bootctl --path=/mnt/boot/efi install ``` -## GRUB EFI Boot +### EFI Boot - Ubuntu (GRUB) -Most computers sold after 2014 use UEFI mode. If `boot, esp` is listed under `flags` in the `parted` output from earlier, then the system is installed in UEFI mode. You can also use this command to see if the OS is installed in UEFI mode: +If the echo command at the beginning of this page says that the OS is installed in EFI mode **and** you are using Ubuntu, follow this section. Please note that if you have an encrypted disk, you will need to first unlock it as described below. Running the command below will let us know if the drive is encrypted: ```bash -[ -d /sys/firmware/efi ] && echo "Installed in UEFI mode" || echo "Installed in Legacy mode" +sudo cryptsetup luksDump /dev/nvme0n1p2 ``` -Run these commands based on what type of disk you have: +or + +```bash +sudo cryptsetup luksDump /dev/sda2 +``` + +If you get the output below then you do not need to decrypt the drive first: + +``` +Device /dev/nvme0n1p2 or /dev/sda2 is not a valid LUKS device. +``` + +If it is a valid LUKS device then follow these [steps](/articles/bootloader#encrypted-disk) to decrypt the drive first. + +First, we need to mount the OS partitions. Run these commands based on what type of disk you have: -| NVMe Drives | SATA Drives | -| :---------------------------------------- | :------------------------------------| +| NVMe Drive | SATA Drive | +| :---------------------------------------- | :----------------------------------- | | `sudo mount /dev/nvme0n1p2 /mnt` | `sudo mount /dev/sda2 /mnt` | | `sudo mount /dev/nvme0n1p1 /mnt/boot/efi` | `sudo mount /dev/sda1 /mnt/boot/efi` | -If you are using a non-default partitioning scheme (such as a dual boot), replace `nvme0n1p2` or `sda2` with the Pop!_OS root partition and `nvme0n1p1` or `sda1` with the boot partition. +If you are using a non-default partitioning scheme (such as a dual boot), replace `nvme0n1p2` or `sda2` with the Ubuntu root partition and `nvme0n1p1` or `sda1` with the EFI system partition (ESP). Then continue with the following commands for either disk type: ```bash for i in dev dev/pts proc sys run; do sudo mount -B /$i /mnt/$i; done sudo chroot /mnt -apt install --reinstall grub-efi-amd64 linux-generic linux-headers-generic +apt install --reinstall linux-image-generic linux-headers-generic update-initramfs -c -k all -update-grub +exit +sudo update-grub ``` -## GRUB Legacy BIOS Boot +### Legacy EFI Boot - Pop!_OS (GRUB) -If `bios_grub` is listed under `flags`, the system is installed in BIOS mode. You can also use this command to see if the OS is installed in BIOS mode: +If the echo command at the beginning of this page says that the OS is installed in Legacy mode **and** you are using Ubuntu, follow this section. Please note that if you have an encrypted disk, you will need to first unlock it as described below. Running the command below will let us know if the drive is encrypted: ```bash -[ -d /sys/firmware/efi ] && echo "Installed in UEFI mode" || echo "Installed in Legacy mode" +sudo cryptsetup luksDump /dev/nvme0n1p3 +``` + +or + +```bash +sudo cryptsetup luksDump /dev/sda3 ``` +If you get the output below then you do not need to decrypt the drive first: + +``` +Device /dev/nvme0n1p3 or /dev/sda3 is not a valid LUKS device. +``` + +If it is a valid LUKS device then follow these [steps](/articles/bootloader#encrypted-disk) to decrypt the drive first. + Run these commands based on what type of disk you have: | NVMe Drive | SATA Drive | | :------------------------------- | :-------------------------- | | `sudo mount /dev/nvme0n1p2 /mnt` | `sudo mount /dev/sda2 /mnt` | +| `sudo mount /dev/nvme0n1p1 /mnt/boot/` | `sudo mount /dev/sda1 /mnt/boot/` | If you are using a non-default partitioning scheme (such as a dual boot), replace `nvme0n1p2` or `sda2` with the Pop!_OS root partition. @@ -171,80 +231,74 @@ update-initramfs -c -k all sudo update-grub ``` -### Encrypted Disk +### Legacy BIOS Boot - Ubuntu (GRUB) -Pop!_OS supports full-disk encryption as an option by default, whereas, Ubuntu does not. If you are on Ubuntu, you likely don't need to follow this section. - -To get access to an encrypted disk, these additional commands need to be run in order to unlock the disk. Please use the `parted` command described above to determine the correct drive and partition. The encrypted partition will typically be the largest one on the main drive. - -| NVMe Drive | SATA Drive | -| :-------------------------------------------------- | :--------------------------------------------- | -| `sudo cryptsetup luksOpen /dev/nvme0n1p3 cryptdata` | `sudo cryptsetup luksOpen /dev/sda3 cryptdata` | +If the echo command at the beginning of this page says that the OS is installed in Legacy mode **and** you are using Ubuntu, follow this section. Please note that if you have an encrypted disk, you will need to first unlock it as described below. Running the command below will let us know if the drive is encrypted: ```bash -sudo lvscan -sudo vgchange -ay +sudo cryptsetup luksDump /dev/nvme0n1p2 ``` -Take note as to what the volume group is called. Substitute the correct info into this next command. Make sure that `-root` is on the end. - -After running the `vgchange` command, take note of what the volume group is called. Substitute the correct info into this next command. Make sure that `-root` is added to the end of the volume group name: +or ```bash -sudo mount /dev/mapper/data-root /mnt +sudo cryptsetup luksDump /dev/sda2 ``` -Now the existing hard drive can be accessed by going to the `/mnt` folder. To use the Files program, go to `+ Other Locations` -> `Computer` and then click on the `/mnt` folder. +If you get the output below then you do not need to decrypt the drive first: -### EFI Boot - Ubuntu +``` +Device /dev/nvme0n1p2 or /dev/sda2 is not a valid LUKS device. +``` -If the echo command above says the system is installed in EFI mode **and** you are using Ubuntu, follow this section. +If it is a valid LUKS device then follow these [steps](/articles/bootloader#encrypted-disk) to decrypt the drive first. -First, we need to mount the OS partitions. Run these commands based on what type of disk you have (based on the ```parted``` output from your system): +Run these commands based on what type of disk you have: -| NVMe Drives | SATA Drives | -| :------------------------------------------- | :------------------------------------- | -| ```sudo mount /dev/nvme0n1p2 /mnt``` | ```sudo mount /dev/sda2 /mnt``` | -|```sudo mount /dev/nvme0n1p1 /mnt/boot/efi``` |```sudo mount /dev/sda1 /mnt/boot/efi```| +| NVMe Drive | SATA Drive | +| :------------------------------- | :-------------------------- | +| `sudo mount /dev/nvme0n1p2 /mnt` | `sudo mount /dev/sda2 /mnt` | +| `sudo mount /dev/nvme0n1p1 /mnt/boot/` | `sudo mount /dev/sda1 /mnt/boot/` | -chroot is a way to run commands as if the existing operating system had been booted. Once the chroot commands have been run, then package manager (apt) and other system level commands can be run. +If you are using a non-default partitioning scheme (such as a dual boot), replace `nvme0n1p2` or `sda2` with the Pop!_OS root partition. -The EFI partition is usually around 512MB, and that is the partition to substitute into the next command. The Recovery partition is around 4GB. +Then continue with the following commands for either disk type: -| NVMe Drive | SATA Drive | -| :---------------------------------------- | :----------------------------------- | -| `sudo mount /dev/nvme0n1p1 /mnt/boot/efi` | `sudo mount /dev/sda1 /mnt/boot/efi` | +After the partitions are mounted, we'll ensure the internet settings from the OS are coped over, as well as reinstall the kernel and the bootloader. ```bash for i in dev dev/pts proc sys run; do sudo mount -B /$i /mnt/$i; done -sudo cp -n /etc/resolv.conf /mnt/etc/ sudo chroot /mnt apt install --reinstall grub-efi-amd64 linux-generic linux-headers-generic update-initramfs -c -k all -update-grub +sudo update-grub ``` -### Legacy BIOS Boot +## Encrypted Disk -As mentioned above, if `bios_grub` is listed under `flags`, the system is installed in legacy BIOS mode. If this is the case, you need to follow this section to repair your bootloader. +Pop!_OS supports full-disk encryption as an option by default, whereas, Ubuntu does not. If you are on Ubuntu, you likely don't need to follow this section. -Run these commands based on what type of disk you have: +To get access to an encrypted disk, these additional commands need to be run in order to unlock the disk. Please use the `parted` command described above to determine the correct drive and partition. The encrypted partition will typically be the largest one on the main drive. + +| NVMe Drive | SATA Drive | +| :-------------------------------------------------- | :--------------------------------------------- | +| `sudo cryptsetup luksOpen /dev/nvme0n1p3 cryptdata` | `sudo cryptsetup luksOpen /dev/sda3 cryptdata` | + +```bash +sudo lvscan +sudo vgchange -ay +``` -| NVMe Drive | SATA Drive | -| :----------------------------------- | :------------------------------ | -| ```sudo mount /dev/nvme0n1p2 /mnt``` | ```sudo mount /dev/sda2 /mnt``` | +Take note as to what the volume group is called. Substitute the correct info into this next command. Make sure that `-root` is on the end. -You now have root administrator access to your installed OS. If you are trying to either fix or undo changes that you made to the system, you now have the access to do so. Once you are done, to exit from the chroot and reboot the computer, run these commands: +After running the `vgchange` command, take note of what the volume group is called. Substitute the correct info into this next command. Make sure that `-root` is added to the end of the volume group name: ```bash -for i in dev dev/pts proc sys run; do sudo mount -B /$i /mnt/$i; done -sudo cp -n /etc/resolv.conf /mnt/etc/ -sudo chroot /mnt -apt install --reinstall grub-amd64 linux-generic linux-headers-generic -update-initramfs -c -k all -sudo update-grub +sudo mount /dev/mapper/data-root /mnt ``` +Now the existing hard drive can be accessed by going to the `/mnt` folder. To use the Files program, go to `+ Other Locations` -> `Computer` and then click on the `/mnt` folder. + As your system reboots, remove the disk when prompted. The computer should now boot normally. ## Troubleshooting