UEFI: BOOTING BOOT CAMP (REBOOTED)

We've been using the BIOS for decades. It's as perennial as your keyboard and mouse, breathing life into inert hardware when a little electricity is applied. These days, the POST status messages delivered after your BIOS initialises the system race across the screen so quickly you seldom get the chance to read the text, making entering the BIOS itself a mad keyboard-bashing mini-game that more often than not ends with Grub than the configuration menus you're after. Modern PCs aren't well suited to the old-school charm of the BIOS. They don't want to wait for permission, they don't want low- res large white fonts on a blue background. They just want to get on with the job at hand, and that's booting your computer.

And so the BIOS is being wheeled out, albeit slowly, while its replacement makes itself comfortable. Initially developed by Intel, the booting heir was called the EFI – the Extensible Firmware Interface. But it's now better know as UEFI. The U is for unified, because it's not just Intel anymore. UEFI has been hanging over the Linux boot system like the Sword of Damocles, threatening to upend the booting status quo and exclude us from installing our own operating systems, thanks to the spectre of Secure Boot. Secure Boot is a system that embeds a key without your firmware so that only operating systems signed by the key are allowed to boot. It's primarily a way for Microsoft – in part, legitimately – to ensure nothing has been tampered with from the very first moment your PC gets power to the moment you get to play with the inspirational Windows 8.1 interface. But it could also make life harder for when you do intentionally want to tamper with your PC by making the choice to install another operating system. In reality, the Secure Boot cataclysm has yet to materialise, as many PCs still include a traditional BIOS or allow you to disable Secure Boot. The latter option should always be available, and you'll need to disable Secure Boot unless you want to start dealing with signing a bootloader shim.


Muddy waters

Another potentially confusing option is something called the Compatibility Support Module. To the user, this will appear as a hybrid between UEFI and the BIOS, a magical panacea that seems to allow us to forget about UEFI and BIOS completely. You'll typically see its effects from your computer's own boot device selection menu, usually the one you get when you hold F12 after turning on your machine. What's not always made clear is that the mode you boot into from this point will affect how your Linux distribution installs itself, which in turn affects whether you'll be able to boot Linux from a UEFI boot. An installer won't install a UEFI bootloader, for instance, unless you boot into UEFI mode. And if your install medium doesn't support a UEFI bootloader, you're stuck.

But defaulting to a UEFI installation and forgetting about the BIOS and the Compatibility Support Module is beginning to make more sense. Modern laptops are often pre-configured to boot UEFI, and there will be a time when falling back to the BIOS won't be an option. But these days, there's nothing to be scared of, and in many ways, UEFI can make the whole booting process more transparent. The bootloaders may, at the moment, feel slightly more primitive that their well worn BIOS equivalents, but to us the boot process actually makes more sense than the black arts involved in the old methods. If you've spent the last decade thinking about booting in terms of MBR bootloaders, Grub and old-style partitions, get ready to update your notes.

We're going to create our own UEFI boot environment, and we'll be doing this primarily from the Mint Live desktop as found on last month's DVD, in much the same way you might fix a broken MBR installation or reconfigure Grub. You can use any similar distribution, however, as there's nothing Mint- specific about our instructions. We're also going to use a 1GB USB stick to get around the limitation of BIOS-only booting DVD drives, but we'll only use this to ‘fix' the installation, rather than initiate it.

The system we create won't be perfect. It won't handle distribution updates to the kernel without a little further tinkering, and you'll need to make plenty of considerations for your own hardware rather than these instructions for ours. But you will learn how UEFI works from a practical perspective, and learn how to troubleshoot the future of Linux booting.


Look into the black box

The great thing about taking control of UEFI yourself is that you don't have the problem of which mode your system has booted from – UEFI or BIOS, which is especially useful if you're booting off a DVD that can only boot in the old BIOS mode. When you get one distribution running , it's easy to add more, and it can also be the only way of running the latest Microsoft Windows or even Apple's OS X alongside.

Mint 16 and many other distributions have their own preliminary support for UEFI bootloaders, as long as you've booted into the correct boot mode, but we've found its approach a little unpredictable, along with many other distributions. We had similar problems with Mageia, for example. Which is why we want to roll our own – the intention being to learn more about how it works and how you might approach installation with a distribution that doesn't support UEFI. And the real trick isn't installing the distribution, it's configuring your drive in such a way that it works with UEFI. The most important part is booting to a Live distribution.

But before we get to the booting part, we need to start with partitioning. To boot UEFI, need to use a different partitioning scheme. So you'll need a spare drive – or one you're willing to sacrifice, as all the data it contains will be removed in the process, and you'll need to be confident about your current drive configuration. We're going to be reformatting the drive and you don't want to overwrite or repartition personal data in the process of experimentation, so it may even be wise to disconnect any other drives. With all that in mind, locate your nearest Linux live CD and USB stick and boot your machine.

There's nothing wrong with the command line, but when it comes to partitioning drives, we like the visual safety net provided by GParted. Fortunately, this essential application is part of most live distributions, and you'll find it in Mint 16's Administration menu. It's an application that hides a lot of power. In the top-right you'll find a drop-down list of all the drives detected and connected to your system. When you select one of these drives, the horizontal bar beneath the menu will become populated with a graphical representation of the partitions on that drive. Each partition is a self- contained horizontal block and its border colour is used to show the filesystem used for each partition. Within each partition, a yellow bar is used to indicate how much space is taken up by data, with white used to indicate free space on the partition. This is handy if you want to use free space to resize a partition.


Danger: partitioning!

Make sure you select the correct drive from the drop-down list. If you've only got one drive installed, this isn't going to be a problem. If you've got five, you need to be certain the drive you're selecting is the one you intend to partition for a UEFI bootloader, because you're going to remove all the data on the drive in the process. Our drive, for example, already has a Linux partition on it, but this is going to disappear in the very next paragraph – you have been warned. The old partitioning scheme used a table to store the partition data, and this table was stored on the Master Boot Record (MBR), a statically located 512 bytes allocated to explain the layout of a drive to the BIOS. Nearly all Linux drives prior to UEFI used MBR, and MBR can still be used in some cases with UEFI. But it's better to make clean break. The first thing we need to do with our drive is create a new partition table.

With your drive definitely selected, click on a partition on the drive and select Device > Create Partition Table from the menu. From the dialog that appears, click on ‘Advanced' and while avoiding the temptation to click on ‘amiga', select ‘gpt' as the partition type followed by Apply. All the data on that drive is effectively dead to us now, and you'll see there are no partitions on your drive. Just the cold grey of unallocated space.

We're now going to create a couple of partitions to fill the space, but the first is mandatory. This is the EFI system partition, and it's this that UEFI expects to find on your drive and where it will eventually find your UEFI bootloader. For that reason, it's operating system-agnostic, and needs to be formatted as FAT32 for maximum compatibility. It should also be a certain size. The UEFI standard recommends this as 512MB, although in execution we've found that 100MB partitions work just as well. Eventually, you could install Linux kernel images into this partition, so there's no harm in making it larger unless you're working with an expensive SSD. To create this partition, click on the ‘plus' icon in the toolbar, set its size to 512MB and make sure it uses the FAT32 filesystem.

The next step is important. If you were doing this from the command line, using a tool like gdisk, you'd need to mark this partition as type EF00. This tells UEFI that this is the system partition (also known as the ESP – the EFI System Partition), and it's the one to use for booting. GParted doesn't use hex codes, but you still have to tell UEFI about the partition. You do this by setting the ‘boot' flag, which is a little incongruous when you may be used to using a similar flag in MBR systems to tell the BIOS which partition to boot. Right-click on the freshly created partition and select ‘Manage Flags'. From the list of flags that appears, select ‘boot', this should disable the default ‘msftdata' flag as well as cause some drive activity. With the EFI partition created, assigned a partition type and formatted FAT32, we can now install the bootloader. There are several that work with EFI – and even Grub can be made to work with the new scheme, although you don't win any house points for simplicity of you take that route. The two we tried for this tutorial were Gummiboot and Refind. Both have a couple of things in common.

Firstly, their names are terrible. But they're both straightforward to install and use a simple directory structure on your UEFI partition plus a configuration file to hold information on the operating systems you want to boot. We went with Refind. We've now got to the point where we can install the UEFI bootloader, and there are two stages to the process. The first is to mount the distribution you want to add, and to now make the boot folder the UEFI partition we just created. The second is to move all the files you need to the UEFI partition and add the new UEFI boot scheme to your system firmware so that it knows there's a new way to boot the system. You will need to know where your distribution is installed. The easiest way of doing this is from GParted's drop-down device menu, as you'll be able to see the device node (/dev/sda1, for instance) along with the partition configuration and the UUID of the device if you make a note of it.

To mount the partition, open a terminal and type the following, replacing sda2 with the location of your own distribution's root partition:

sudo -s
mount /dev/sda2 /mnt/

With an MBR installation, Grub uses the /boot folder to not only hold its configuration files, but also the kernel and filesystem image for booting. We need both of these for UEFI and the UEFI partition needs to replace /boot on the filesystem tree. Here's the list of commands we used to move the old boot aside, mount the new one and copy the files we need over (remember to replace filenames and devices with ones that match your own system):

cd /mnt
mv boot boot_old
mkdir boot
mount /dev/sda1 /mnt/boot
mkdir boot/EFI
cp boot_old/vmlinuz-3.11.0-12-generic boot/vmlinuz
cp boot_old/initrd.img-3.11.0-12-generic boot//initrd.img

We now need to add the new UEFI partition as a mount point, and to do this we need to add the partition's unique identifier (its UUID) to the etc/ftsab configuration file. You can get the UUID from GParted or by typing the following:

blkid
/dev/sda1: UUID=”BD8C-E7B3” TYPE=”vfat”
/dev/sda2: UUID=”0abcc4da-c2aa-437b” TYPE=”ext4”

We've shortened the output slightly, but you can see the UUID for the UEFI ‘vfat' partition on the first line. This needs to be added as a new line in etc/fstab on your distribution's root partition by editing the file with nano etc/fstab:

UUID=BD8C-E7B3 /boot/efi vfat defaults 0 2


Installing the bootloader

We can now install the bootloader itself. If we'd been able to boot into the distribution using UEFI, we could simply install this through a package manager and everything else would be handled automatically. But because our system is currently booted from BIOS mode, we need to copy the files manually, edit a config file and then add the bootloader to the UEFI firmware by booting in UEFI mode off a USB stick. Let's first download the binary version of the Refind bootloader (refind-bin-0.7.7.zip) plus the image of the same bootloader (refind-flashdrive-0.7.7.zip) we're going to use to boot off the USB stick. Both can be grabbed from www.rodsbooks.com/refind via links to SourceForge.

To install the bootloader, we need to unzip it and copy the folder to the mounted It's vital that the EFI partition you create has a partition type of EF00. Either use cgdisk on the command line or enable the ‘boot' flag for the partition in GParted. boot partition on our distribution:

cd ~/Download
unzip refind-bin-0.7.7.zip
cd refind-bin-0.7.7/
cp -r refind /mnt/boot/EFI/
cd /mnt/boot/EFI/refind

From here you need to remove either the 32-bit or the 64-bit bootloader, depending on what your system is capable of, with rm refind_ia32.efi or rm refind_x64.efi, and edit the configuration file (nano refind.conf) to add the details about the partition that contains the distribution you want to boot. Here's the contents if ours for booting Mint 16 – you should take a look at your boot options first, to make sure you get any kernel options specific to your system:

resolution 1024 768
menuentry “Mint Linux” {
icon EFI/refind/icons/os_linuxmint.icns
loader vmlinuz
initrd initrd.img
options “root=/dev/sda2 rw rootfstype=ext4
add_efi_memmap”
}

Our final challenge is to tell the UEFI firmware that we've created a new EFI partition and bootloader. Had we been able to boot into the live desktop through UEFI, the firmware variables would be mounted as part of the system, and we'd be able to add the bootloader by typing:

sudo apt-get install efibootmgr
efibootmgr -c -l \\EFI\\refind\\refind_x64.efi -L new_refind

But we can't. Instead, one solution is to create a USB stick with the Refind bootloaders installed, and from there, use the EFI shell to add the bootloader manually. This isn't really what we'd recommend. You're better off installing Mint through a UEFI- booted USB live image, but the EFI shell is much more interesting and can be a very powerful tool if your system doesn't boot. Plug in your USB stick and use either GParted or dmesg to find for certain what its device node is and type the following from the unzipped folder of the Refind flash image:

dd if=refind-flashdrive-0.7.7.img of=/dev/sde

Remember to replace /dev/sde with the location of your own USB drive and also remember that this will delete all data at that location, so get it right and make sure there's nothing on there you want to keep. You can now reboot your system and launch your BIOS/ system boot menu. You should see the USB stick appear as a UEFI boot source. Select this and from the graphical boot menu that appears, choose the first option, which should take you to the EFI shell.


Welcome to your new shell

The EFI shell is full of commands for adding, removing and managing storage from the EFI bootloader. Before you get to the prompt itself, you'll see how EFI is interpreting your various filesystems and the aliases it's giving them. For us, fs0: was the USB drive and fs1: was the EFI partition we just created on the hard drive, but these assignments will depend on your own system. From the command prompt, type fs1: to switch to the root folder of our new EFI partition. The EFI shell is crammed full of commands to help you manage storage and booting. Type help if you want to see what it's capable of – you can use ls, cp and rm, for example. But we're only going to use one command to add our bootloader to the system firmware. We're assuming you don't have any other EFI boot loaders installed, because using one of them would have been a much easier solution for all of this, but you can check by typing bcfg boot dump -b. If you do have another installed, you'll need to adjust the number 1 to a free slot in the command below, which is going to add the new bootloader to the firmware:

bcfg boot add 1 fs1:\EFI\refind\refind_x64.efi “LV_Refind”
**bcfg instructions output
Target = 0001.
bcfg: Add Boot0001 as 1

And that's all there is too it. It's been a challenge, but when you now reboot your machine (type reset from the EFI shell), you'll see LV_Refind as a new EFI boot option. Hopefully, you've learnt how UEFI works and how it's implemented, and also how you might be able to troubleshoot UEFI problems in the future. Adding new distributions, for instance, is now a case of copying their kernel and filesystem images to the partition and adding a new configuration entry. You might also want to look into making symbolic links for these files for when your distribution updates itself. Other than that, you're ready to go.