Install or reinstall CentOS Stream 9 grub 2 under UEFI system

Under CentOS Stream 9 the grub2-install tool cannot install the bootloader manager Grub 2 when using UEFI-based systems. In fact, the grub2-install command installs only the old legacy mode Grub 2.
The grub2-mkconfig generates the Grub configuration file and adds an UEFI entry in the UEFI enabled BIOS of the systems. The grub2-mkconfig adds a boot entry with path to the /boot/efi/EFI/centos/shimx64.efi, which is a small and simple program to start the Grub 2 program grubx64.efi in the same directory. All this method is because of the UEFI Secure Boot support. Using the previous method it was not possible to support UEFI Secure Boot though it was possible to boot in UEFI mode.
There are some considerations to take in mind when using this new version of Grub 2:

  • grub2-mkconfig has two functions – generates the grub.cfg AND adds boot entry in the UEFI BIOS!
  • The efi partition with this file may not be the first partition.
  • It is an ordinary partition, i.e. it is not mandatory to be of ESP type.
  • The system CANNOT boot without a boot entry in the UEFI BIOS.
  • Booting in UEFI mode only by pointing the disk in the BIOS (or in the boot manager) may not occur. No auto detection and there is no boot program installed in the first sectors of the disk or what so ever. Even, the default install of CentOS Stream 9 creates the efi disk as second partition and without ESP flag enabled.
  • Grub 2 uses /boot/efi/EFI/centos/grub.cfg and this file should hold the latest output of grub2-mkconfig for successful booting after installation.
  • Some dedicated servers’ providers forbid any modification or changes to the server’s BIOS (even with UEFI BIOS), so those servers cannot boot in UEFI mode with the newer Grub 2 versions. Install the legacy mode Grub 2 with bios_grub flag partition and grub2-install.
  • Now, Grub 2 with this method supports UEFI Secure Boot.
  • Use grubby command to select the default kernel. More information here – removing the default kernel in CentOS 8 – remove elrepo kernel

More information might be available here – https://docs.fedoraproject.org/en-US/quick-docs/bootloading-with-grub2/ and https://fedoraproject.org/wiki/GRUB_2.

Note: The CentOS Stream 8 also have this new Grub 2 version, which supports only this kind of Grub 2 installation. So the procedure may be the same for CentOS Stream 8.

Grub 2 installation under CentOS Stream 9 and UEFI mode.

[root@srv ~]# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
Generating grub configuration file ...
Adding boot menu entry for UEFI Firmware Settings ...
done

The above command will recreate the grub.cfg with the proper kernels and kernel command-line arguments from /etc/default/grub and it will add a boot entry in the UEFI BIOS pointing to the “(partition,file-system-UUID)/EFI/centos/shimx64.efi“.
No grub2-install is needed to install the bootloader program anywhere in the first sectors of disk!

SCREENSHOT 1) The grub2-mkconfig tool will add this boot entry with name “CentOS Linux” with the full path to bootloader program shimx64.efi.

The full path is HD(1,GPT, C31EFB93-690C-4137-B589-0A962BE4B960,0x800,0x11D800)/EFI/centos/shimx64.efi. Most UEFI BIOS setups allow the user to add manually this entry by browsing to the file when adding boot entry.

main menu
BIOS boot entry and shimx64

Keep on reading!

Supermicro server cannot enter BIOS with F2, DEL or other when UEFI mode OS is installed

If you happen to have a supermicro server (X10SLH-F) and install Linux in UEFI mode in our case CentOS 7 and you want to enter the BIOS you’ll be surprised that you cannot with the keys provided in the very same BIOS boot screen – F2, DEL. The F11 and F12 also does not work for menu selection and network boot!

Even if you manage to press the DEL key and you see on the screen “Entering BIOS setup…” – the server WON’T enter BIOS, but will continue with the UEFI BIOS boot drive!

So what to do? Ammm break temporary your system by removing (renaming or moving) the EFI directory in your efi boot partition, resetting your server and holding pressed DEL key (again) on all start up screens of the server. When the UEFI BIOS boot entry is not valid any more and there are no other boot devices (and probably because we pressed DEL key) we were able to enter in the BIOS without remote hands on the collocation side or any other intervention on the server.

[root@srv ~]# mv /boot/efi/EFI/ /boot/efi/EFI_org
[root@srv ~]# reboot

This is the path in CentOS 7 and our standard partition layout:

[root@srv ~]# df -h
Filesystem      Size  Used Avail Use% Mounted on
/dev/sda3         26G  4.5G    20G  19% /
devtmpfs         7.8G     0   7.8G   0% /dev
tmpfs            7.8G     0   7.8G   0% /dev/shm
tmpfs            7.8G  8.5M   7.8G   1% /run
tmpfs            7.8G     0   7.8G   0% /sys/fs/cgroup
/dev/sda2        976M   98M   812M  11% /boot
/dev/sda1        200M  9.8M   191M   5% /boot/efi
tmpfs            1.6G     0   1.6G   0% /run/user/0

DO NOT forget to remove all other (virtual) CD/DVD ROM Devices and temporary disable your network PXE Server (if you have any in the network)

Because it when the UEFI BIOS cannot find the EFI file saved in the UEFI BIOS BOOT drive it might follow the boot order before entering the BIOS!

Enter the bios by remote console on our X9 boards with UEFI bios

Apparently there is an issue with X8 and X9 supermicro boards in UEFI mode BIOS: https://www.supermicro.com/support/faqs/faq.cfm?faq=14029
So for someone it could be useful pressing and holding “ESC” + “-” or F4 to enter the UEFI BIOS, but we could not make it because of the IPMI KVM we used to manage the server.

Update BIOS motherboard ASUS Zenith Extreme x399

This time we show what to expect when updating your UEFI BIOS of your ASUS Zenith Extreme (chipset x399) – a pretty good and performance setup! Here we update the UEFI BIOS from the BIOS itself – in fact, no OS is needed! This motherboard has a built-on utility called

Asus EZ Flash 3 Utility

which is started from the BIOS and it could read your NTFS or FAT filesystem to locate the update firmware file or the easy way to get connected to the Internet, check, download and install the update if any!
So here some screenshots to how to perform the update from 1003 to 1402 – it is easy and safe just couple of reboots needed – total of 4 (but in your case may vary).

STEP 1) Press DEL or F2 to enter your UEFI BIOS

main menu
Enter UEFI BIOS

Keep on reading!

Manual install of base Gentoo Linux x86_64 with openrc (init) and uefi using minimal installation cd

Here we are going to show the minimum steps to install a base Gentoo Linux on your computer – server or desktop using “Minimal Installation CD”.
The installation ISO CD is generated on 11.09.2018, but you can use an older or newer one, this guide uses commands, which are available in really old ISOs (10 years ago) and probably will be available in the future, too! The idea is not to change this ISO a lot and to have only the basic tools for installation, which should be the same for a really long time! If you need more tools there two other options: Hybrid IS0, which is a LiveDVD – a system with GUI and Admin CD, which is an extended version of the minimal installation CD (no GUI).

Our base Gentoo system will use:

  1. OpenRC, which is based on init to boot the server. This is the default in Gentoo, but you might have problems using Gnome
  2. GRUB 2 UEFI enabled and the server will be booted in UEFI mode. Recently most of the desktop machine and server support it and in many cases it is mandatory to use a new hardware.
  3. No GUI will be installed (KDE, Gnome, Xfce and so on), there are other tutorials for this, you can check here (coming soon)

Keep on reading!

Gentoo Minimal Installation CD (amd64 aka x86_64) – booting (in UEFI mode)

Here is the process of booting from a Gentoo Minimal Installation CD amd64 (x86_64) with UEFI mode enabled. This is not an installation guide!
You can download the CD from here: https://www.gentoo.org/downloads/ Here is the ISO file: http://distfiles.gentoo.org/releases/amd64/autobuilds/20180911T214502Z/install-amd64-minimal-20180911T214502Z.iso or you can check it in some mirror like leaseweb – http://mirror.leaseweb.com/gentoo/releases/amd64/autobuilds/current-install-amd64-minimal/install-amd64-minimal-20180911T214502Z.iso.

Our motherboard is Asus ROG Zenith Extreme motherboard using X399 chipset https://www.asus.com/th/Motherboards/ROG-ZENITH-EXTREME/ and you’ll see the BIOS options for it, but they do not differ much with the other motherboard boot options. Here also setup the network and start up an openssh server to manage our Gentoo Linux installation – (coming soon).

SCREENSHOT 1) Starting the machine

main menu
Start up

Keep on reading!

grub2: grub-install: error: disk mduuid not found even after the partition has bios_grub on

This tutorial is for all of us that has done everything by the book with parted and still they receive an error when installing grub2 to the boot sector!

srv@local ~ # grub2-install /dev/sda
Installing for i386-pc platform.
grub2-install: error: disk `mduuid/613f3f0bb202bf03a5664e17b3d568a0' not found. 

The solution is relatively simple:

Boot from a rescue disk and reinstall grub from there!

The problem is that currently loaded kernel remembers the old device, which was deleted, and probably you won’t be able to fresh the metadata in the memory. In fact, if you receive this error when booted in a rescue disc you probably have done some changes on the layout of the disks or the partitions or the RAID devices and you must reboot the machine again and then JUST reinstall the grub.
Such problems could have happened if you deleted partitions or made some disk layout changes (using parted?) on mounted or partitions in use and the kernel could loaded the partition changes in memory. The parted reports the changes will take effect after system reboot.

STEP 1) Check the devices and mount the root and boot

They might be on the same device here they are on different MD devices (in the case, software array). md1 is the boot and md2 is the root.

root@rescue ~ # cat /proc/mdstat 
Personalities : [raid1] 
md3 : active raid1 sda5[3] sdb5[2]
      422716416 blocks super 1.2 [2/2] [UU]
      bitmap: 0/4 pages [0KB], 65536KB chunk

md2 : active raid1 sda3[3] sdb3[2]
      31440896 blocks super 1.2 [2/2] [UU]
      
md1 : active raid1 sda2[3] sdb2[2]
      523712 blocks super 1.2 [2/2] [UU]
      
md0 : active raid1 sda1[3] sdb1[2]
      33521664 blocks super 1.2 [2/2] [UU]
      
unused devices: <none>
root@rescue ~ # mount /dev/md2 /mnt/
root@rescue ~ # mount /dev/md1 /mnt/boot/
root@rescue ~ # ls -altr /mnt/
total 396K
drwxr-xr-x.  2 root root 4.0K Apr 11  2018 srv
drwxr-xr-x.  2 root root 4.0K Apr 11  2018 opt
drwxr-xr-x.  2 root root 4.0K Apr 11  2018 mnt
drwxr-xr-x.  2 root root 4.0K Apr 11  2018 media
drwxr-xr-x.  2 root root 4.0K Apr 11  2018 home
lrwxrwxrwx.  1 root root    8 May 14  2018 sbin -> usr/sbin
lrwxrwxrwx.  1 root root    9 May 14  2018 lib64 -> usr/lib64
lrwxrwxrwx.  1 root root    7 May 14  2018 lib -> usr/lib
lrwxrwxrwx.  1 root root    7 May 14  2018 bin -> usr/bin
drwxr-xr-x. 13 root root 4.0K May 14  2018 usr
drwx------.  2 root root  16K Feb 12  2019 lost+found
drwxr-xr-x   2 root root 4.0K Feb 12  2019 boot
drwxr-xr-x   2 root root 4.0K Feb 12  2019 storage1
drwxr-xr-x   2 root root 4.0K Feb 12  2019 sys
drwxr-xr-x   2 root root 4.0K Feb 12  2019 dev
drwxr-xr-x   2 root root 4.0K Feb 12  2019 prochttps://www.google.com/search?client=firefox-b-d&q=samsung+tab10+2020
drwxr-xr-x   3 root root 4.0K Feb 12  2019 run
-rw-r-----.  1 root root  575 Feb 12  2019 installimage.conf
-rw-r-----.  1 root root  13K Feb 12  2019 installimage.debug
drwxr-xr-x. 20 root root 4.0K Feb 12  2019 var
drwxr-xr-x. 85 root root 4.0K Nov  2  2019 etc
-rw-r--r--.  1 root root 291K Nov  2  2019 .readahead
drwxr-xr-x. 19 root root 4.0K Nov  2  2019 .
dr-xr-x---.  6 root root 4.0K May  4 19:24 root
drwxrwxrwt.  7 root root 4.0K May  8 14:14 tmp
drwxr-xr-x   1 root root  160 May  8 16:57 ..
root@rescue ~ # ls -altr /mnt/boot/
total 194M
drwxr-xr-x.  3 root root 1.0K Sep 18  2017 efi
-rw-------.  1 root root  49M Sep 18  2017 initramfs-0-rescue-9063ac396d784f4c997ceacdd0590c25.img
-rwxr-xr-x.  1 root root 5.7M Sep 18  2017 vmlinuz-0-rescue-9063ac396d784f4c997ceacdd0590c25
-rw-------.  1 root root 3.4M Feb  1  2019 System.map-3.10.0-957.5.1.el7.x86_64
-rw-r--r--.  1 root root 149K Feb  1  2019 config-https://www.google.com/search?client=firefox-b-d&q=samsung+tab10+20203.10.0-957.5.1.el7.x86_64
-rw-r--r--.  1 root root  170 Feb  1  2019 .vmlinuz-3.10.0-957.5.1.el7.x86_64.hmac
-rwxr-xr-x.  1 root root 6.4M Feb  1  2019 vmlinuz-3.10.0-957.5.1.el7.x86_64
-rw-r--r--.  1 root root 307K Feb  1  2019 symvers-3.10.0-957.5.1.el7.x86_64.gz
drwx------.  2 root root  12K Feb 12  2019 lost+found
drwxr-xr-x.  2 root root 1.0K Feb 12  2019 grub
-rw-------.  1 root root 3.5M Oct 18  2019 System.map-3.10.0-1062.4.1.el7.x86_64
-rw-r--r--.  1 root root 150K Oct 18  2019 config-3.10.0-1062.4.1.el7.x86_64
-rw-r--r--.  1 root root  171 Oct 18  2019 .vmlinuz-3.10.0-1062.4.1.el7.x86_64.hmac
-rwxr-xr-x.  1 root root 6.5M Oct 18  2019 vmlinuz-3.10.0-1062.4.1.el7.x86_64
-rw-r--r--.  1 root root 312K Oct 18  2019 symvers-3.10.0-1062.4.1.el7.x86_64.gz
-rw-------.  1 root root  13M Nov  2  2019 initramfs-3.10.0-957.5.1.el7.x86_64kdump.img
-rw-------.  1 root root  47M Nov  2md  2019 initramfs-3.10.0-1062.4.1.el7.x86_64.img
-rw-------.  1 root root  46M Nov  2  2019 initramfs-3.10.0-957.5.1.el7.x86_64.img
-rw-------.  1 root root  13M Nov  2  2019 initramfs-3.10.0-1062.4.1.el7.x86_64kdump.img
dr-xr-xr-x.  6 root root 1.0K Nov  2  2019 .
drwxr-xr-x. 19 root root 4.0K Nov  2  2019 ..
drwx------.  5 root root 1.0K May  4 16:11 grub2

STEP 2) mount the dev, proc and sys relative to the root mount above and chroot in the root.

After chroot it is recommended to

root@rescue ~ # mount -o bind /dev /mnt/dev
root@rescue ~ # mount -o bind /proc /mnt/proc
root@rescue ~ # mount -o bind /sys /mnt/sys
root@rescue ~ # chroot /mnt/
root@rescue / # cd
root@rescue ~ # . /etc/profile

STEP 3)Install grub2

Unmount all mounted directories above and reboot.

root@rescue ~ # grub2-install /dev/sda
Installing for i386-pc platform.
Installation finished. No error reported.
root@rescue ~ # grub2-install /dev/sdb
Installing for i386-pc platform.
Installation finished. No error reported.
root@rescue ~ # exit
root@rescue ~ # umount /mnt/boot 
root@rescue ~ # umount /mnt/dev
root@rescue ~ # umount /mnt/proc 
root@rescue ~ # umount /mnt/sys
root@rescue ~ # umount /mnt/
root@rescue ~ # reboot

* If you are using UEFI enabled boot you probably need more options for the grub installation

Something like that for the grub2 installation (but it is specific for your distro – the path for efi directory, just find it under /boot and put the right path – nothing special!):

grub-install --recheck --target=x86_64-efi --efi-directory=/boot/efi/ /dev/sda

Where does this error come from?

If you search the ID by part of it you will discover it under /dev/disk/by-id/, which is a link to md1, but still there is an error for missing device, because the kernel loaded the device as md-name-rescue:1. And if you reboot the kernel the old and wrong name won’t exists. As mentioned above this could have happened if you deleted partitions or made some disk layout changes (using parted?) on mounted or partitions in use and the kernel could loaded the partition changes.

[root@srv47 ~]# cd /dev/disk/by-id/
[root@srv47 by-id]# ls -altr
total 0
drwxr-xr-x. 5 root root 100  4 May  9,14 ..
lrwxrwxrwx. 1 root root   9  4 May 10,14 md-uuid-e4023626:e09f7c39:20ed5720:2ef1b5af -> ../../md0
lrwxrwxrwx. 1 root root   9  4 May 10,14 md-uuid-ae63857c:b8d537f5:4c09ae48:48148f59 -> ../../md3
lrwxrwxrwx. 1 root root   9  4 May 10,14 md-uuid-4a28f3a7:94dc6dc7:a40a7084:c21463d7 -> ../../md2
lrwxrwxrwx. 1 root root   9  4 May 10,14 md-name-rescue:3 -> ../../md3
lrwxrwxrwx. 1 root root   9  4 May 10,14 md-name-rescue:2 -> ../../md2
lrwxrwxrwx. 1 root root   9  4 May 10,14 md-name-rescue:0 -> ../../md0
lrwxrwxrwx. 1 root root   9  4 May 10,14 md-uuid-613f3f0b:b202bf03:a5664e17:b3d568a0 -> ../../md1
lrwxrwxrwx. 1 root root   9  4 May 10,14 md-name-rescue:1 -> ../../md1
drwxr-xr-x. 2 root root 680  4 May 12,16 .
lrwxrwxrwx. 1 root root   9  8 May 12,01 wwn-0x500a075116bd3e33 -> ../../sda
lrwxrwxrwx. 1 root root   9  8 May 12,01 ata-Micron_1100_MTFDDAK512TBN_171416BD3E33 -> ../../sda
lrwxrwxrwx. 1 root root  10  8 May 12,01 wwn-0x500a075116bd3e33-part1 -> ../../sda1
lrwxrwxrwx. 1 root root  10  8 May 12,01 ata-Micron_1100_MTFDDAK512TBN_171416BD3E33-part1 -> ../../sda1
lrwxrwxrwx. 1 root root  10  8 May 12,01 wwn-0x500a075116bd3e33-part5 -> ../../sda5
lrwxrwxrwx. 1 root root  10  8 May 12,01 wwn-0x500a075116bd3e33-part4 -> ../../sda4
lrwxrwxrwx. 1 root root  10  8 May 12,01 wwn-0x500a075116bd3e33-part3 -> ../../sda3
lrwxrwxrwx. 1 root root  10  8 May 12,01 wwn-0x500a075116bd3e33-part2 -> ../../sda2
lrwxrwxrwx. 1 root root  10  8 May 12,01 ata-Micron_1100_MTFDDAK512TBN_171416BD3E33-part5 -> ../../sda5
lrwxrwxrwx. 1 root root  10  8 May 12,01 ata-Micron_1100_MTFDDAK512TBN_171416BD3E33-part4 -> ../../sda4
lrwxrwxrwx. 1 root root  10  8 May 12,01 ata-Micron_1100_MTFDDAK512TBN_171416BD3E33-part3 -> ../../sda3
lrwxrwxrwx. 1 root root  10  8 May 12,01 ata-Micron_1100_MTFDDAK512TBN_171416BD3E33-part2 -> ../../sda2
lrwxrwxrwx. 1 root root   9  8 May 12,01 wwn-0x500a07511bb48b38 -> ../../sdb
lrwxrwxrwx. 1 root root   9  8 May 12,01 ata-Micron_1100_MTFDDAK512TBN_18081BB48B38 -> ../../sdb
lrwxrwxrwx. 1 root root  10  8 May 12,01 wwn-0x500a07511bb48b38-part5 -> ../../sdb5
lrwxrwxrwx. 1 root root  10  8 May 12,01 wwn-0x500a07511bb48b38-part4 -> ../../sdb4
lrwxrwxrwx. 1 root root  10  8 May 12,01 wwn-0x500a07511bb48b38-part3 -> ../../sdb3
lrwxrwxrwx. 1 root root  10  8 May 12,01 wwn-0x500a07511bb48b38-part2 -> ../../sdb2
lrwxrwxrwx. 1 root root  10  8 May 12,01 wwn-0x500a07511bb48b38-part1 -> ../../sdb1
lrwxrwxrwx. 1 root root  10  8 May 12,01 ata-Micron_1100_MTFDDAK512TBN_18081BB48B38-part5 -> ../../sdb5
lrwxrwxrwx. 1 root root  10  8 May 12,01 ata-Micron_1100_MTFDDAK512TBN_18081BB48B38-part4 -> ../../sdb4
lrwxrwxrwx. 1 root root  10  8 May 12,01 ata-Micron_1100_MTFDDAK512TBN_18081BB48B38-part3 -> ../../sdb3
lrwxrwxrwx. 1 root root  10  8 May 12,01 ata-Micron_1100_MTFDDAK512TBN_18081BB48B38-part2 -> ../../sdb2
lrwxrwxrwx. 1 root root  10  8 May 12,01 ata-Micron_1100_MTFDDAK512TBN_18081BB48B38-part1 -> ../../sdb1