Install or reinstall CentOS Stream 9 grub 2 under UEFI system

Under CentOS Stream 9 the grub2-install tool cannot install the bootloader manager Grub 2 when using UEFI-based systems. In fact, the grub2-install command installs only the old legacy mode Grub 2.
The grub2-mkconfig generates the Grub configuration file and adds an UEFI entry in the UEFI enabled BIOS of the systems. The grub2-mkconfig adds a boot entry with path to the /boot/efi/EFI/centos/shimx64.efi, which is a small and simple program to start the Grub 2 program grubx64.efi in the same directory. All this method is because of the UEFI Secure Boot support. Using the previous method it was not possible to support UEFI Secure Boot though it was possible to boot in UEFI mode.
There are some considerations to take in mind when using this new version of Grub 2:

  • grub2-mkconfig has two functions – generates the grub.cfg AND adds boot entry in the UEFI BIOS!
  • The efi partition with this file may not be the first partition.
  • It is an ordinary partition, i.e. it is not mandatory to be of ESP type.
  • The system CANNOT boot without a boot entry in the UEFI BIOS.
  • Booting in UEFI mode only by pointing the disk in the BIOS (or in the boot manager) may not occur. No auto detection and there is no boot program installed in the first sectors of the disk or what so ever. Even, the default install of CentOS Stream 9 creates the efi disk as second partition and without ESP flag enabled.
  • Grub 2 uses /boot/efi/EFI/centos/grub.cfg and this file should hold the latest output of grub2-mkconfig for successful booting after installation.
  • Some dedicated servers’ providers forbid any modification or changes to the server’s BIOS (even with UEFI BIOS), so those servers cannot boot in UEFI mode with the newer Grub 2 versions. Install the legacy mode Grub 2 with bios_grub flag partition and grub2-install.
  • Now, Grub 2 with this method supports UEFI Secure Boot.
  • Use grubby command to select the default kernel. More information here – removing the default kernel in CentOS 8 – remove elrepo kernel

More information might be available here – https://docs.fedoraproject.org/en-US/quick-docs/bootloading-with-grub2/ and https://fedoraproject.org/wiki/GRUB_2.

Note: The CentOS Stream 8 also have this new Grub 2 version, which supports only this kind of Grub 2 installation. So the procedure may be the same for CentOS Stream 8.

Grub 2 installation under CentOS Stream 9 and UEFI mode.

[root@srv ~]# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
Generating grub configuration file ...
Adding boot menu entry for UEFI Firmware Settings ...
done

The above command will recreate the grub.cfg with the proper kernels and kernel command-line arguments from /etc/default/grub and it will add a boot entry in the UEFI BIOS pointing to the “(partition,file-system-UUID)/EFI/centos/shimx64.efi“.
No grub2-install is needed to install the bootloader program anywhere in the first sectors of disk!

SCREENSHOT 1) The grub2-mkconfig tool will add this boot entry with name “CentOS Linux” with the full path to bootloader program shimx64.efi.

The full path is HD(1,GPT, C31EFB93-690C-4137-B589-0A962BE4B960,0x800,0x11D800)/EFI/centos/shimx64.efi. Most UEFI BIOS setups allow the user to add manually this entry by browsing to the file when adding boot entry.

main menu
BIOS boot entry and shimx64


The whole procedure to install (or reinstall) the Grub 2 under UEFI mode is as follows:

  1. Delete the /boot/efi/EFI/centos/grub.cfg and /boot/grub2/grub.cfg
  2. Reinstall the grub2 RPM files to recover the proper location of the UEFI bootloader files under /boot/efi.
  3. Run grub2-mkconfig to generate the proper Grub 2 configuration for the current system and add an UEFI boot entry to this UEFI bootloader under /boot/efi/EFI/centos/shimx64.efi.

Here is the output of manual reinstall (install) of Grub 2 on UEFI system:

[root@srv ~]# rm -f /boot/grub2/grub.cfg
[root@srv ~]# rm -f /boot/efi/EFI/centos/grub.cfg
[root@srv ~]# dnf reinstall -y grub2-efi grub2-efi-modules shim
CentOS Stream 9 - AppStream                                                    30 kB/s | 9.3 kB     00:00    
CentOS Stream 9 - AppStream                                                   1.3 MB/s |  14 MB     00:10
CentOS Stream 9 - Extras packages                                              11 kB/s | 9.9 kB     00:00    
Extra Packages for Enterprise Linux 9 - x86_64                                 47 kB/s |  32 kB     00:00    
Extra Packages for Enterprise Linux 9 - x86_64                                2.3 MB/s | 7.2 MB     00:03    
Extra Packages for Enterprise Linux 9 - Next - x86_64                          29 kB/s |  36 kB     00:01    
Package grub2-efi-aa64-modules available, but not installed.
No match for argument: grub2-efi-modules
Dependencies resolved.
==============================================================================================================
 Package                      Architecture          Version                       Repository             Size
==============================================================================================================
Reinstalling:
 grub2-efi-x64                x86_64                1:2.06-32.el9                 baseos                1.3 M
 shim-x64                     x86_64                15-15.el8_2                   baseos                666 k

Transaction Summary
==============================================================================================================

Total download size: 2.0 M
Installed size: 9.8 M
Is this ok [y/N]: y
Downloading Packages:
(1/2): shim-x64-15-15.el8_2.x86_64.rpm                                        1.0 MB/s | 666 kB     00:00    
(2/2): grub2-efi-x64-2.06-32.el9.x86_64.rpm                                   1.5 MB/s | 1.3 MB     00:00    
--------------------------------------------------------------------------------------------------------------
Total                                                                         765 kB/s | 2.0 MB     00:02     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                      1/1 
  Reinstalling     : shim-x64-15-15.el8_2.x86_64                                                          1/4 
  Reinstalling     : grub2-efi-x64-1:2.06-32.el9.x86_64                                                   2/4 
  Cleanup          : shim-x64-15-15.el8_2.x86_64                                                          3/4 
  Cleanup          : grub2-efi-x64-1:2.06-32.el9.x86_64                                                   4/4 
  Verifying        : grub2-efi-x64-1:2.06-32.el9.x86_64                                                   1/4 
  Verifying        : grub2-efi-x64-1:2.06-32.el9.x86_64                                                   2/4 
  Verifying        : shim-x64-15-15.el8_2.x86_64                                                          3/4 
  Verifying        : shim-x64-15-15.el8_2.x86_64                                                          4/4 

Reinstalled:
  grub2-efi-x64-1:2.06-32.el9.x86_64                        shim-x64-15-15.el8_2.x86_64                       

Complete!
[root@srv ~]# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
Generating grub configuration file ...
Adding boot menu entry for UEFI Firmware Settings ...
done

Troubleshooting 1

If an error occurs when using the above
dnf reinstall grub2-efi grub2-efi-modules shim
Replace the reinstall with install dnf command:
dnf install grub2-efi grub2-efi-modules shim
Or with
dnf reinstall shim-* grub2-efi-* grub2-common

Troubleshooting 2

Evoking grub2-install will trigger errors:

[root@srv ~]# grub2-install /dev/sda
grub2-install: error: /usr/lib/grub/x86_64-efi/modinfo.sh doesn't exist. Please specify --target or --directory.
[root@srv ~]# dnf whatprovides /usr/lib/grub/x86_64-efi/modinfo.sh
Last metadata expiration check: 1:23:13 ago on Tue 28 Jun 2022 01:14:39 PM UTC.
grub2-efi-x64-modules-1:2.06-21.el9.noarch : Modules used to build custom grub.efi images
Repo        : baseos
Matched from:
Filename    : /usr/lib/grub/x86_64-efi/modinfo.sh

grub2-efi-x64-modules-1:2.06-23.el9.noarch : Modules used to build custom grub.efi images
Repo        : baseos
Matched from:
Filename    : /usr/lib/grub/x86_64-efi/modinfo.sh

grub2-efi-x64-modules-1:2.06-25.el9.noarch : Modules used to build custom grub.efi images
Repo        : baseos
Matched from:
Filename    : /usr/lib/grub/x86_64-efi/modinfo.sh

grub2-efi-x64-modules-1:2.06-32.el9.noarch : Modules used to build custom grub.efi images
Repo        : baseos
Matched from:
Filename    : /usr/lib/grub/x86_64-efi/modinfo.sh
[root@srv ~]# dnf install -y grub2-efi-x64-modules
Last metadata expiration check: 1:23:43 ago on Tue 28 Jun 2022 01:14:39 PM UTC.
Dependencies resolved.
==============================================================================================================
 Package                            Architecture        Version                     Repository           Size
==============================================================================================================
Installing:
 grub2-efi-x64-modules              noarch              1:2.06-32.el9               baseos              1.1 M

Transaction Summary
==============================================================================================================
Install  1 Package

Total download size: 1.1 M
Installed size: 5.4 M
Downloading Packages:
grub2-efi-x64-modules-2.06-32.el9.noarch.rpm                                  1.1 MB/s | 1.1 MB     00:00    
--------------------------------------------------------------------------------------------------------------
Total                                                                         471 kB/s | 1.1 MB     00:02     
Running transaction check
Transaction check succeeded.
Running transaction test
Transaction test succeeded.
Running transaction
  Preparing        :                                                                                      1/1 
  Installing       : grub2-efi-x64-modules-1:2.06-32.el9.noarch                                           1/1 
  Running scriptlet: grub2-efi-x64-modules-1:2.06-32.el9.noarch                                           1/1 
  Verifying        : grub2-efi-x64-modules-1:2.06-32.el9.noarch                                           1/1 

Installed:
  grub2-efi-x64-modules-1:2.06-32.el9.noarch                                                                  

Complete!
[root@srv ~]# grub2-install /dev/sda
grub2-install: error: this utility cannot be used for EFI platforms because it does not support UEFI Secure Boot.

First, there is an error for missing file – /usr/lib/grub/x86_64-efi/modinfo.sh and after installation of the package, which provides this package, the grub2-install reports error that this utilities cannot be used for EFI platforms!
grub2-install: error: this utility cannot be used for EFI platforms because it does not support UEFI Secure Boot.

Leave a Reply

Your email address will not be published. Required fields are marked *