Bootable flash drive for both Linux and Windows: boot loader

The following text is the second part of a reboot —as they say for films, now— of my 3-year-old series about having a universal Linux and Windows toolbox on a bootable USB flash drive. The main target is a full portable Linux OS, but I will also address the Windows OS, for those times when you have no choice ;-)

This part is about the boot loader and miscellaneous tools accessible from there.

In the first part, I prepared a FAT32 partition on a flash drive named “FLASH”, with room for Grub2. Note that I use Arch Linux' Grub2, which is very recent. You may have to adapt the commands to your situation with older versions of Grub2. I recommend you use at least Grub2 version 2.0, which has support for multiple initrd.

Remember my goals: Among other things, I wish to have a French keyboard layout, and to have boot files hidden from both Windows and Linux. The former is taken care of below (adapt to your own language). The latter, unfortunately, is not entirely possible due to the fact that I must have an EFI folder. As well use it, then, and put all boot files in there, including Grub2. Then, later, while using Windows, you can at least mark the EFI folder as “hidden”, which has no effect on the Linux side, but does hide it from the Windows Explorer (with standard settings).

Last but not least, “Secure Boot” must be accounted for, as it is enforced on a number of computers. The lines below deal with installing the required software; read ArchLinux’ wiki for instructions about usage.

So, next step is to mount the flash drive partition, and run the following commands. Let’s assume the flash drive’s device is /dev/sdb and its partition’s mount point is /media/FLASH:

# grub-install --locales=fr --themes= --target=i386-efi --efi-directory=/media/FLASH --boot-directory=/media/FLASH/EFI --bootloader-id=grub32 --no-nvram --removable /dev/sdb
# grub-install --locales=fr --themes= --target=x86_64-efi --efi-directory=/media/FLASH --boot-directory=/media/FLASH/EFI --bootloader-id=grub64 --no-nvram --removable /dev/sdb
# grub-install --locales=fr --themes= --target=i386-pc --boot-directory=/media/FLASH/EFI --no-nvram --removable /dev/sdb
# grub-kbdcomp -o /media/FLASH/EFI/grub/locale/fr.gkb /usr/share/X11/xkb/symbols/fr
# mv /media/FLASH/EFI/BOOT/BOOTX64.EFI /media/FLASH/EFI/BOOT/loader.efi
# wget -P /media/FLASH/EFI/BOOT/ http://blog.hansenpartnership.com/wp-uploads/2013/HashTool.efi
# wget -O /media/FLASH/EFI/BOOT/BOOTX64.EFI http://blog.hansenpartnership.com/wp-uploads/2013/PreLoader.efi

Note the location where Grub2 is installed: it is the whole drive, not the partition. Now, I want some tools available in my Grub2 menu, namely ntpasswd, and HDT. First ntpasswd:

# wget http://pogostick.net/~pnh/ntpasswd/usb140201.zip
# mkdir /media/FLASH/EFI/nt140201
# unzip usb140201.zip initrd.cgz scsi.cgz vmlinuz -d /media/FLASH/EFI/nt140201
# rm -f usb140201.zip

Now HDT. The easiest way is to simply use the provided ISO file, which can be booted with the memdisk tool from the syslinux package (to be installed on your computer’s Linux OS):

# wget -P /media/FLASH/EFI/hdt http://www.hdt-project.org/raw-attachment/wiki/hdt-0.5.0/hdt-0.5.2.iso
# cp /usr/lib/syslinux/bios/memdisk /media/FLASH/EFI/

Finally, let me create the Grub2 menu. I need to know the UUID for my FAT32 partition. The UUID can be found with the command ls -l /dev/disk/by-uuid/. In my case, I have to find the name of the symbolic link, the target of which is sdb1. Then I can reuse the value (in italics below):

cat >/media/FLASH/EFI/grub/grub.cfg <<-"THEEND"
set menu_color_normal=red/black
set menu_color_highlight=light-red/black
set gfxmode=auto
set gfxpayload=keep
insmod part_msdos
insmod part_gpt
insmod lvm
insmod fat
insmod ntfs
insmod all_video
insmod gfxterm
insmod keylayouts
insmod gettext

# FLASH
search --no-floppy --fs-uuid --set=root XXXX-XXXX
set locale_dir=($root)/EFI/grub/locale
set lang=fr
keymap /EFI/grub/locale/fr.gkb
loadfont /EFI/grub/fonts/unicode.pf2
terminal_input console
terminal_output gfxterm

echo "theYinYeti's Rescue System (FR)"

set timeout=10
set default=0

# … here will come Linux, later …

menuentry "ntpasswd: Windows password recovery" {
linux16 /EFI/nt140201/vmlinuz rw
initrd16 /EFI/nt140201/initrd.cgz /EFI/nt140201/scsi.cgz
}
menuentry "HDT: Hardware detection tool" {
linux16 /EFI/memdisk iso raw
initrd16 /EFI/hdt/hdt-0.5.2.iso
}
menuentry "CLAVIER GRUB FRANÇAIS" {
terminal_input at_keyboard
}

submenu "Else…" {
insmod regexp
for d in (*); do if [ $grub_platform == "pc" ]; then
menuentry "Chainload $d" "$d" {
set root=$2
chainloader +1
boot
}
else
for p in EFI EFI/boot EFI/Microsoft/Boot; do for e in $d/$p/*.efi; do
unset is32; regexp --set is32 '(32)' "$e"
unset is64; regexp --set is64 '(64)' "$e"
unset notfound; regexp --set notfound '(\*)' "$e"
if [ "$notfound" ]; then continue; fi
if [ $grub_cpu == "i386" -a "$is64" ]; then continue; fi
if [ $grub_cpu == "x86_64" -a "$is32" ]; then continue; fi
menuentry "Chainload $e" "$d" "$e" {
set root=$2
regexp --set e '^\([^)]*\)(/.*)$' "$3"
chainloader $e
boot
}
done; done
fi; done
}
THEEND

The end of the menu is about trying to auto-detect bootable partitions (MBR) or kernels (EFI), and proposing them for chain-loading.

The flash drive should now be able to boot and start the above tools. Next blog post will deal with the installation of the Linux operating system.

Changelog:

Ajouter un commentaire

Le code HTML est affiché comme du texte et les adresses web sont automatiquement transformées.

La discussion continue ailleurs

URL de rétrolien : http://yalis.fr/cms/index.php/trackback/93

Fil des commentaires de ce billet