[Discuss] Grub, EFI, Partitioning…

Kent Borg kentborg at borg.org
Sun Sep 8 13:06:41 EDT 2024 

After various futzing around, I finally can get it to do what I want. 
There are ways to mess up:

- grub-install installs lots of stuff for me, but not 
|config-*,||initrd*, ||memtest*, ||System.map*, nor ||vmlinuz-*, and 
/boot/efi/ directory, those need to be in /boot first, then those grub 
utilities will install everything else.|

|-| update-grub installs stuff. Need to do it, too.

|- hibernate is a nice way to test boot partitions, less disruptive than 
a complete reboot, *but*, don't forget to umount them first or the 
changes won't be seen.
|

|- /etc/fstab matters, if it has incorrect UUIDs for /boot and /boot/efi 
partitions, things don't work right.|

|- GPT partition table|

|- vfat 32 efi (type OxEF00) partition can apparently be hundreds of MB, 
one useful web page suggested 1 GB, and 1 GB is good for /boot, too, 
because kernels are big these days.|

|- /boot can apparently be any ||reasonable||file system one wants, 
btrfs works for me.
|

|Nothing difficult in that list, but mess up one and it won't work, and 
before I went in to this, that list was not clear in my mind.
|

|
|

|The reason I went down this path is I have run a fully encrypted "disk" 
on my notebooks for years. Except it always bugged me that the boot 
partitions are not. Secure boot seems destined to at some point stymie 
me, so this time I decided to use a USB thumbdrive for booting 
(actually, more than one, want spares). I don't boot often, so it 
shouldn't be too much of a burden on me to pull one out of my pocket or 
purse. And if it is a burden, I can recreate the internal boot 
partitions, I know now how.|

|As for /etc/fstab, I put in /dev/sda1 and /dev/sda2 for my boot 
partitions, that way I can boot from more than one (little things can 
get lost, stepped on, etc., want a spare). The "--removable" option to 
grub-install seems a good idea, too.
|

|
|

|As for updates to kernels, I have not yet crossed that bridge, it would 
be nice if apt were willing to install the kernel files in my 
non-bootable, encrypted /boot tree, then I can copy them out to my boot 
media, and run update-grub. We'll see.
|

|
|

|-kb
|

More information about the Discuss mailing list