, or press to
+enter the password.
+
+14.3 Editing a menu entry
+=========================
+
+The menu entry editor looks much like the main menu interface, but the
+lines in the menu are individual commands in the selected entry instead
+of entry names.
+
+ If an is pressed in the editor, it aborts all the changes made
+to the configuration entry and returns to the main menu interface.
+
+ Each line in the menu entry can be edited freely, and you can add new
+lines by pressing at the end of a line. To boot the edited entry,
+press .
+
+ Although GRUB unfortunately does not support "undo", you can do
+almost the same thing by just returning to the main menu using .
+
diff --git a/boot/grub/persistent/docs/15_environment_variables.txt b/boot/grub/persistent/docs/15_environment_variables.txt
new file mode 100644
index 0000000..1c12c22
--- /dev/null
+++ b/boot/grub/persistent/docs/15_environment_variables.txt
@@ -0,0 +1,459 @@
+15 GRUB environment variables
+*****************************
+
+GRUB supports environment variables which are rather like those offered
+by all Unix-like systems. Environment variables have a name, which is
+unique and is usually a short identifier, and a value, which is an
+arbitrary string of characters. They may be set (*note set::), unset
+(*note unset::), or looked up (*note Shell-like scripting::) by name.
+
+ A number of environment variables have special meanings to various
+parts of GRUB. Others may be used freely in GRUB configuration files.
+
+15.1 Special environment variables
+==================================
+
+These variables have special meaning to GRUB.
+
+15.1.1 biosnum
+--------------
+
+When chain-loading another boot loader (*note Chain-loading::), GRUB may
+need to know what BIOS drive number corresponds to the root device
+(*note root::) so that it can set up registers properly. If the BIOSNUM
+variable is set, it overrides GRUB's own means of guessing this.
+
+ For an alternative approach which also changes BIOS drive mappings
+for the chain-loaded system, *note drivemap::.
+
+15.1.2 check_signatures
+-----------------------
+
+This variable controls whether GRUB enforces digital signature
+validation on loaded files. *Note Using digital signatures::.
+
+15.1.3 chosen
+-------------
+
+When executing a menu entry, GRUB sets the CHOSEN variable to the title
+of the entry being executed.
+
+ If the menu entry is in one or more submenus, then CHOSEN is set to
+the titles of each of the submenus starting from the top level followed
+by the title of the menu entry itself, separated by '>'.
+
+15.1.4 cmdpath
+--------------
+
+The location from which 'core.img' was loaded as an absolute directory
+name (*note File name syntax::). This is set by GRUB at startup based
+on information returned by platform firmware. Not every platform
+provides this information and some may return only device without path
+name.
+
+15.1.5 color_highlight
+----------------------
+
+This variable contains the "highlight" foreground and background
+terminal colors, separated by a slash ('/'). Setting this variable
+changes those colors. For the available color names, *note
+color_normal::.
+
+ The default is 'black/light-gray'.
+
+15.1.6 color_normal
+-------------------
+
+This variable contains the "normal" foreground and background terminal
+colors, separated by a slash ('/'). Setting this variable changes those
+colors. Each color must be a name from the following list:
+
+ * black
+ * blue
+ * green
+ * cyan
+ * red
+ * magenta
+ * brown
+ * light-gray
+ * dark-gray
+ * light-blue
+ * light-green
+ * light-cyan
+ * light-red
+ * light-magenta
+ * yellow
+ * white
+
+ The default is 'light-gray/black'.
+
+ The color support support varies from terminal to terminal.
+
+ 'morse' has no color support at all.
+
+ 'mda_text' color support is limited to highlighting by black/white
+reversal.
+
+ 'console' on ARC, EMU and IEEE1275, 'serial_*' and 'spkmodem' are
+governed by terminfo and support only 8 colors if in modes 'vt100-color'
+(default for console on emu), 'arc' (default for console on ARC),
+'ieee1275' (default for console on IEEE1275). When in mode 'vt100' then
+the color support is limited to highlighting by black/white reversal.
+When in mode 'dumb' there is no color support.
+
+ When console supports no colors this setting is ignored. When
+console supports 8 colors, then the colors from the second half of the
+previous list are mapped to the matching colors of first half.
+
+ 'console' on EFI and BIOS and 'vga_text' support all 16 colors.
+
+ 'gfxterm' supports all 16 colors and would be theoretically
+extendable to support whole rgb24 palette but currently there is no
+compelling reason to go beyond the current 16 colors.
+
+15.1.7 config_directory
+-----------------------
+
+This variable is automatically set by GRUB to the directory part of
+current configuration file name (*note config_file::).
+
+15.1.8 config_file
+------------------
+
+This variable is automatically set by GRUB to the name of configuration
+file that is being processed by commands 'configfile' (*note
+configfile::) or 'normal' (*note normal::). It is restored to the
+previous value when command completes.
+
+15.1.9 debug
+------------
+
+This variable may be set to enable debugging output from various
+components of GRUB. The value is a list of debug facility names
+separated by whitespace or ',', or 'all' to enable all available
+debugging output. The facility names are the first argument to
+grub_dprintf. Consult source for more details.
+
+15.1.10 default
+---------------
+
+If this variable is set, it identifies a menu entry that should be
+selected by default, possibly after a timeout (*note timeout::). The
+entry may be identified by number (starting from 0 at each level of the
+hierarchy), by title, or by id.
+
+ For example, if you have:
+
+menuentry 'Example GNU/Linux distribution' --class gnu-linux --id example-gnu-linux {
+ ...
+}
+
+ then you can make this the default using:
+
+ default=example-gnu-linux
+
+ If the entry is in a submenu, then it must be identified using the
+number, title, or id of each of the submenus starting from the top
+level, followed by the number, title, or id of the menu entry itself,
+with each element separated by '>'. For example, take the following
+menu structure:
+
+ GNU/Hurd --id gnu-hurd
+ Standard Boot --id=gnu-hurd-std
+ Rescue shell --id=gnu-hurd-rescue
+ Other platforms --id=other
+ Minix --id=minix
+ Version 3.4.0 --id=minix-3.4.0
+ Version 3.3.0 --id=minix-3.3.0
+ GRUB Invaders --id=grub-invaders
+
+ The more recent release of Minix would then be identified as 'Other
+platforms>Minix>Version 3.4.0', or as '1>0>0', or as
+'other>minix>minix-3.4.0'.
+
+ This variable is often set by 'GRUB_DEFAULT' (*note Simple
+configuration::), 'grub-set-default', or 'grub-reboot'.
+
+15.1.11 fallback
+----------------
+
+If this variable is set, it identifies a menu entry that should be
+selected if the default menu entry fails to boot. Entries are
+identified in the same way as for 'default' (*note default::).
+
+15.1.12 gfxmode
+---------------
+
+If this variable is set, it sets the resolution used on the 'gfxterm'
+graphical terminal. Note that you can only use modes which your
+graphics card supports via VESA BIOS Extensions (VBE), so for example
+native LCD panel resolutions may not be available. The default is
+'auto', which selects a platform-specific default that should look
+reasonable. Supported modes can be listed by 'videoinfo' command in
+GRUB.
+
+ The resolution may be specified as a sequence of one or more modes,
+separated by commas (',') or semicolons (';'); each will be tried in
+turn until one is found. Each mode should be either 'auto',
+'WIDTHxHEIGHT', or 'WIDTHxHEIGHTxDEPTH'.
+
+15.1.13 gfxpayload
+------------------
+
+If this variable is set, it controls the video mode in which the Linux
+kernel starts up, replacing the 'vga=' boot option (*note linux::). It
+may be set to 'text' to force the Linux kernel to boot in normal text
+mode, 'keep' to preserve the graphics mode set using 'gfxmode', or any
+of the permitted values for 'gfxmode' to set a particular graphics mode
+(*note gfxmode::).
+
+ Depending on your kernel, your distribution, your graphics card, and
+the phase of the moon, note that using this option may cause GNU/Linux
+to suffer from various display problems, particularly during the early
+part of the boot sequence. If you have problems, set this variable to
+'text' and GRUB will tell Linux to boot in normal text mode.
+
+ The default is platform-specific. On platforms with a native text
+mode (such as PC BIOS platforms), the default is 'text'. Otherwise the
+default may be 'auto' or a specific video mode.
+
+ This variable is often set by 'GRUB_GFXPAYLOAD_LINUX' (*note Simple
+configuration::).
+
+15.1.14 gfxterm_font
+--------------------
+
+If this variable is set, it names a font to use for text on the
+'gfxterm' graphical terminal. Otherwise, 'gfxterm' may use any
+available font.
+
+15.1.15 grub_cpu
+----------------
+
+In normal mode (*note normal::), GRUB sets the 'grub_cpu' variable to
+the CPU type for which GRUB was built (e.g. 'i386' or 'powerpc').
+
+15.1.16 grub_platform
+---------------------
+
+In normal mode (*note normal::), GRUB sets the 'grub_platform' variable
+to the platform for which GRUB was built (e.g. 'pc' or 'efi').
+
+15.1.17 icondir
+---------------
+
+If this variable is set, it names a directory in which the GRUB
+graphical menu should look for icons after looking in the theme's
+'icons' directory. *Note Theme file format::.
+
+15.1.18 lang
+------------
+
+If this variable is set, it names the language code that the 'gettext'
+command (*note gettext::) uses to translate strings. For example,
+French would be named as 'fr', and Simplified Chinese as 'zh_CN'.
+
+ 'grub-mkconfig' (*note Simple configuration::) will try to set a
+reasonable default for this variable based on the system locale.
+
+15.1.19 locale_dir
+------------------
+
+If this variable is set, it names the directory where translation files
+may be found (*note gettext::), usually '/boot/grub/locale'. Otherwise,
+internationalization is disabled.
+
+ 'grub-mkconfig' (*note Simple configuration::) will set a reasonable
+default for this variable if internationalization is needed and any
+translation files are available.
+
+15.1.20 menu_color_highlight
+----------------------------
+
+This variable contains the foreground and background colors to be used
+for the highlighted menu entry, separated by a slash ('/'). Setting
+this variable changes those colors. For the available color names,
+*note color_normal::.
+
+ The default is the value of 'color_highlight' (*note
+color_highlight::).
+
+15.1.21 menu_color_normal
+-------------------------
+
+This variable contains the foreground and background colors to be used
+for non-highlighted menu entries, separated by a slash ('/'). Setting
+this variable changes those colors. For the available color names,
+*note color_normal::.
+
+ The default is the value of 'color_normal' (*note color_normal::).
+
+15.1.22 net__boot_file
+---------------------------------
+
+*Note Network::.
+
+15.1.23 net__dhcp_server_name
+----------------------------------------
+
+*Note Network::.
+
+15.1.24 net__domain
+------------------------------
+
+*Note Network::.
+
+15.1.25 net__extensionspath
+--------------------------------------
+
+*Note Network::.
+
+15.1.26 net__hostname
+--------------------------------
+
+*Note Network::.
+
+15.1.27 net__ip
+--------------------------
+
+*Note Network::.
+
+15.1.28 net__mac
+---------------------------
+
+*Note Network::.
+
+15.1.29 net__next_server
+-----------------------------------
+
+*Note Network::.
+
+15.1.30 net__rootpath
+--------------------------------
+
+*Note Network::.
+
+15.1.31 net_default_interface
+-----------------------------
+
+*Note Network::.
+
+15.1.32 net_default_ip
+----------------------
+
+*Note Network::.
+
+15.1.33 net_default_mac
+-----------------------
+
+*Note Network::.
+
+15.1.34 net_default_server
+--------------------------
+
+*Note Network::.
+
+15.1.35 pager
+-------------
+
+If set to '1', pause output after each screenful and wait for keyboard
+input. The default is not to pause output.
+
+15.1.36 prefix
+--------------
+
+The location of the '/boot/grub' directory as an absolute file name
+(*note File name syntax::). This is normally set by GRUB at startup
+based on information provided by 'grub-install'. GRUB modules are
+dynamically loaded from this directory, so it must be set correctly in
+order for many parts of GRUB to work.
+
+15.1.37 pxe_blksize
+-------------------
+
+*Note Network::.
+
+15.1.38 pxe_default_gateway
+---------------------------
+
+*Note Network::.
+
+15.1.39 pxe_default_server
+--------------------------
+
+*Note Network::.
+
+15.1.40 root
+------------
+
+The root device name (*note Device syntax::). Any file names that do
+not specify an explicit device name are read from this device. The
+default is normally set by GRUB at startup based on the value of
+'prefix' (*note prefix::).
+
+ For example, if GRUB was installed to the first partition of the
+first hard disk, then 'prefix' might be set to '(hd0,msdos1)/boot/grub'
+and 'root' to 'hd0,msdos1'.
+
+15.1.41 superusers
+------------------
+
+This variable may be set to a list of superuser names to enable
+authentication support. *Note Security::.
+
+15.1.42 theme
+-------------
+
+This variable may be set to a directory containing a GRUB graphical menu
+theme. *Note Theme file format::.
+
+ This variable is often set by 'GRUB_THEME' (*note Simple
+configuration::).
+
+15.1.43 timeout
+---------------
+
+If this variable is set, it specifies the time in seconds to wait for
+keyboard input before booting the default menu entry. A timeout of '0'
+means to boot the default entry immediately without displaying the menu;
+a timeout of '-1' (or unset) means to wait indefinitely.
+
+ If 'timeout_style' (*note timeout_style::) is set to 'countdown' or
+'hidden', the timeout is instead counted before the menu is displayed.
+
+ This variable is often set by 'GRUB_TIMEOUT' (*note Simple
+configuration::).
+
+15.1.44 timeout_style
+---------------------
+
+This variable may be set to 'menu', 'countdown', or 'hidden' to control
+the way in which the timeout (*note timeout::) interacts with displaying
+the menu. See the documentation of 'GRUB_TIMEOUT_STYLE' (*note Simple
+configuration::) for details.
+
+15.2 The GRUB environment block
+===============================
+
+It is often useful to be able to remember a small amount of information
+from one boot to the next. For example, you might want to set the
+default menu entry based on what was selected the last time. GRUB
+deliberately does not implement support for writing files in order to
+minimise the possibility of the boot loader being responsible for file
+system corruption, so a GRUB configuration file cannot just create a
+file in the ordinary way. However, GRUB provides an "environment block"
+which can be used to save a small amount of state.
+
+ The environment block is a preallocated 1024-byte file, which
+normally lives in '/boot/grub/grubenv' (although you should not assume
+this). At boot time, the 'load_env' command (*note load_env::) loads
+environment variables from it, and the 'save_env' (*note save_env::)
+command saves environment variables to it. From a running system, the
+'grub-editenv' utility can be used to edit the environment block.
+
+ For safety reasons, this storage is only available when installed on
+a plain disk (no LVM or RAID), using a non-checksumming filesystem (no
+ZFS), and using BIOS or EFI functions (no ATA, USB or IEEE1275).
+
+ 'grub-mkconfig' uses this facility to implement 'GRUB_SAVEDEFAULT'
+(*note Simple configuration::).
diff --git a/boot/grub/persistent/docs/16_available_commands.txt b/boot/grub/persistent/docs/16_available_commands.txt
new file mode 100644
index 0000000..a792de6
--- /dev/null
+++ b/boot/grub/persistent/docs/16_available_commands.txt
@@ -0,0 +1,1462 @@
+16 The list of available commands
+*********************************
+
+In this chapter, we list all commands that are available in GRUB.
+
+ Commands belong to different groups. A few can only be used in the
+global section of the configuration file (or "menu"); most of them can
+be entered on the command-line and can be used either anywhere in the
+menu or specifically in the menu entries.
+
+ In rescue mode, only the 'insmod' (*note insmod::), 'ls' (*note
+ls::), 'set' (*note set::), and 'unset' (*note unset::) commands are
+normally available. If you end up in rescue mode and do not know what
+to do, then *note GRUB only offers a rescue shell::.
+
+16.1 The list of commands for the menu only
+===========================================
+
+The semantics used in parsing the configuration file are the following:
+
+ * The files _must_ be in plain-text format.
+
+ * '#' at the beginning of a line in a configuration file means it is
+ only a comment.
+
+ * Options are separated by spaces.
+
+ * All numbers can be either decimal or hexadecimal. A hexadecimal
+ number must be preceded by '0x', and is case-insensitive.
+
+ These commands can only be used in the menu:
+
+16.1.1 menuentry
+----------------
+
+ -- Command: menuentry TITLE ['--class=class' ...] ['--users=users']
+ ['--unrestricted'] ['--hotkey=key'] ['--id=id'] [ARG ...] {
+ COMMAND; ... }
+ This defines a GRUB menu entry named TITLE. When this entry is
+ selected from the menu, GRUB will set the CHOSEN environment
+ variable to value of '--id' if '--id' is given, execute the list of
+ commands given within braces, and if the last command in the list
+ returned successfully and a kernel was loaded it will execute the
+ 'boot' command.
+
+ The '--class' option may be used any number of times to group menu
+ entries into classes. Menu themes may display different classes
+ using different styles.
+
+ The '--users' option grants specific users access to specific menu
+ entries. *Note Security::.
+
+ The '--unrestricted' option grants all users access to specific
+ menu entries. *Note Security::.
+
+ The '--hotkey' option associates a hotkey with a menu entry. KEY
+ may be a single letter, or one of the aliases 'backspace', 'tab',
+ or 'delete'.
+
+ The '--id' may be used to associate unique identifier with a menu
+ entry. ID is string of ASCII aphanumeric characters, underscore
+ and hyphen and should not start with a digit.
+
+ All other arguments including TITLE are passed as positional
+ parameters when list of commands is executed with TITLE always
+ assigned to '$1'.
+
+16.1.2 submenu
+--------------
+
+ -- Command: submenu TITLE ['--class=class' ...] ['--users=users']
+ ['--unrestricted'] ['--hotkey=key'] ['--id=id'] { MENU ENTRIES
+ ... }
+ This defines a submenu. An entry called TITLE will be added to the
+ menu; when that entry is selected, a new menu will be displayed
+ showing all the entries within this submenu.
+
+ All options are the same as in the 'menuentry' command (*note
+ menuentry::).
+
+16.2 The list of general commands
+=================================
+
+Commands usable anywhere in the menu and in the command-line.
+
+16.2.1 serial
+-------------
+
+ -- Command: serial ['--unit=unit'] ['--port=port'] ['--speed=speed']
+ ['--word=word'] ['--parity=parity'] ['--stop=stop']
+ Initialize a serial device. UNIT is a number in the range 0-3
+ specifying which serial port to use; default is 0, which
+ corresponds to the port often called COM1. PORT is the I/O port
+ where the UART is to be found; if specified it takes precedence
+ over UNIT. SPEED is the transmission speed; default is 9600. WORD
+ and STOP are the number of data bits and stop bits. Data bits must
+ be in the range 5-8 and stop bits must be 1 or 2. Default is 8
+ data bits and one stop bit. PARITY is one of 'no', 'odd', 'even'
+ and defaults to 'no'.
+
+ The serial port is not used as a communication channel unless the
+ 'terminal_input' or 'terminal_output' command is used (*note
+ terminal_input::, *note terminal_output::).
+
+ See also *note Serial terminal::.
+
+16.2.2 terminal_input
+---------------------
+
+ -- Command: terminal_input ['--append'|'--remove'] [terminal1]
+ [terminal2] ...
+ List or select an input terminal.
+
+ With no arguments, list the active and available input terminals.
+
+ With '--append', add the named terminals to the list of active
+ input terminals; any of these may be used to provide input to GRUB.
+
+ With '--remove', remove the named terminals from the active list.
+
+ With no options but a list of terminal names, make only the listed
+ terminal names active.
+
+16.2.3 terminal_output
+----------------------
+
+ -- Command: terminal_output ['--append'|'--remove'] [terminal1]
+ [terminal2] ...
+ List or select an output terminal.
+
+ With no arguments, list the active and available output terminals.
+
+ With '--append', add the named terminals to the list of active
+ output terminals; all of these will receive output from GRUB.
+
+ With '--remove', remove the named terminals from the active list.
+
+ With no options but a list of terminal names, make only the listed
+ terminal names active.
+
+16.2.4 terminfo
+---------------
+
+ -- Command: terminfo [-a|-u|-v] [term]
+ Define the capabilities of your terminal by giving the name of an
+ entry in the terminfo database, which should correspond roughly to
+ a 'TERM' environment variable in Unix.
+
+ The currently available terminal types are 'vt100', 'vt100-color',
+ 'ieee1275', and 'dumb'. If you need other terminal types, please
+ contact us to discuss the best way to include support for these in
+ GRUB.
+
+ The '-a' ('--ascii'), '-u' ('--utf8'), and '-v' ('--visual-utf8')
+ options control how non-ASCII text is displayed. '-a' specifies an
+ ASCII-only terminal; '-u' specifies logically-ordered UTF-8; and
+ '-v' specifies "visually-ordered UTF-8" (in other words, arranged
+ such that a terminal emulator without bidirectional text support
+ will display right-to-left text in the proper order; this is not
+ really proper UTF-8, but a workaround).
+
+ If no option or terminal type is specified, the current terminal
+ type is printed.
+
+16.3 The list of command-line and menu entry commands
+=====================================================
+
+These commands are usable in the command-line and in menu entries. If
+you forget a command, you can run the command 'help' (*note help::).
+
+16.3.1 [
+--------
+
+ -- Command: '[' expression ']'
+ Alias for 'test EXPRESSION' (*note test::).
+
+16.3.2 acpi
+-----------
+
+ -- Command: acpi ['-1'|'-2']
+ ['--exclude=table1,...'|'--load-only=table1,...']
+ ['--oemid=id'] ['--oemtable=table'] ['--oemtablerev=rev']
+ ['--oemtablecreator=creator'] ['--oemtablecreatorrev=rev']
+ ['--no-ebda'] filename ...
+ Modern BIOS systems normally implement the Advanced Configuration
+ and Power Interface (ACPI), and define various tables that describe
+ the interface between an ACPI-compliant operating system and the
+ firmware. In some cases, the tables provided by default only work
+ well with certain operating systems, and it may be necessary to
+ replace some of them.
+
+ Normally, this command will replace the Root System Description
+ Pointer (RSDP) in the Extended BIOS Data Area to point to the new
+ tables. If the '--no-ebda' option is used, the new tables will be
+ known only to GRUB, but may be used by GRUB's EFI emulation.
+
+16.3.3 authenticate
+-------------------
+
+ -- Command: authenticate [userlist]
+ Check whether user is in USERLIST or listed in the value of
+ variable 'superusers'. See *note superusers:: for valid user list
+ format. If 'superusers' is empty, this command returns true.
+ *Note Security::.
+
+16.3.4 background_color
+-----------------------
+
+ -- Command: background_color color
+ Set background color for active terminal. For valid color
+ specifications see *note Colors: Theme file format. Background
+ color can be changed only when using 'gfxterm' for terminal output.
+
+ This command sets color of empty areas without text. Text
+ background color is controlled by environment variables
+ COLOR_NORMAL, COLOR_HIGHLIGHT, MENU_COLOR_NORMAL,
+ MENU_COLOR_HIGHLIGHT. *Note Special environment variables::.
+
+16.3.5 background_image
+-----------------------
+
+ -- Command: background_image [['--mode' 'stretch'|'normal'] file]
+ Load background image for active terminal from FILE. Image is
+ stretched to fill up entire screen unless option '--mode' 'normal'
+ is given. Without arguments remove currently loaded background
+ image. Background image can be changed only when using 'gfxterm'
+ for terminal output.
+
+16.3.6 badram
+-------------
+
+ -- Command: badram addr,mask[,addr,mask...]
+ Filter out bad RAM.
+
+ This command notifies the memory manager that specified regions of
+RAM ought to be filtered out (usually, because they're damaged). This
+remains in effect after a payload kernel has been loaded by GRUB, as
+long as the loaded kernel obtains its memory map from GRUB. Kernels that
+support this include Linux, GNU Mach, the kernel of FreeBSD and
+Multiboot kernels in general.
+
+ Syntax is the same as provided by the Memtest86+ utility
+(http://www.memtest.org/): a list of address/mask pairs. Given a
+page-aligned address and a base address / mask pair, if all the bits of
+the page-aligned address that are enabled by the mask match with the
+base address, it means this page is to be filtered. This syntax makes
+it easy to represent patterns that are often result of memory damage,
+due to physical distribution of memory cells.
+
+16.3.7 blocklist
+----------------
+
+ -- Command: blocklist file
+ Print a block list (*note Block list syntax::) for FILE.
+
+16.3.8 boot
+-----------
+
+ -- Command: boot
+ Boot the OS or chain-loader which has been loaded. Only necessary
+ if running the fully interactive command-line (it is implicit at
+ the end of a menu entry).
+
+16.3.9 cat
+----------
+
+ -- Command: cat ['--dos'] file
+ Display the contents of the file FILE. This command may be useful
+ to remind you of your OS's root partition:
+
+ grub> cat /etc/fstab
+
+ If the '--dos' option is used, then carriage return / new line
+ pairs will be displayed as a simple new line. Otherwise, the
+ carriage return will be displayed as a control character ('') to
+ make it easier to see when boot problems are caused by a file
+ formatted using DOS-style line endings.
+
+16.3.10 chainloader
+-------------------
+
+ -- Command: chainloader ['--force'] file
+ Load FILE as a chain-loader. Like any other file loaded by the
+ filesystem code, it can use the blocklist notation (*note Block
+ list syntax::) to grab the first sector of the current partition
+ with '+1'. If you specify the option '--force', then load FILE
+ forcibly, whether it has a correct signature or not. This is
+ required when you want to load a defective boot loader, such as SCO
+ UnixWare 7.1.
+
+16.3.11 clear
+-------------
+
+ -- Command: clear
+ Clear the screen.
+
+16.3.12 cmosclean
+-----------------
+
+ -- Command: cmosclean byte:bit
+ Clear value of bit in CMOS at location BYTE:BIT. This command is
+ available only on platforms that support CMOS.
+
+16.3.13 cmosdump
+----------------
+
+ -- Dump: CMOS contents
+ Dump full CMOS contents as hexadecimal values. This command is
+ available only on platforms that support CMOS.
+
+16.3.14 cmostest
+----------------
+
+ -- Command: cmostest byte:bit
+ Test value of bit in CMOS at location BYTE:BIT. Exit status is
+ zero if bit is set, non zero otherwise. This command is available
+ only on platforms that support CMOS.
+
+16.3.15 cmp
+-----------
+
+ -- Command: cmp file1 file2
+ Compare the file FILE1 with the file FILE2. If they differ in
+ size, print the sizes like this:
+
+ Differ in size: 0x1234 [foo], 0x4321 [bar]
+
+ If the sizes are equal but the bytes at an offset differ, then
+ print the bytes like this:
+
+ Differ at the offset 777: 0xbe [foo], 0xef [bar]
+
+ If they are completely identical, nothing will be printed.
+
+16.3.16 configfile
+------------------
+
+ -- Command: configfile file
+ Load FILE as a configuration file. If FILE defines any menu
+ entries, then show a menu containing them immediately. Any
+ environment variable changes made by the commands in FILE will not
+ be preserved after 'configfile' returns.
+
+16.3.17 cpuid
+-------------
+
+ -- Command: cpuid [-l] [-p]
+ Check for CPU features. This command is only available on x86
+ systems.
+
+ With the '-l' option, return true if the CPU supports long mode
+ (64-bit).
+
+ With the '-p' option, return true if the CPU supports Physical
+ Address Extension (PAE).
+
+ If invoked without options, this command currently behaves as if it
+ had been invoked with '-l'. This may change in the future.
+
+16.3.18 crc
+-----------
+
+ -- Command: crc arg ...
+ Alias for 'hashsum --hash crc32 arg ...'. See command 'hashsum'
+ (*note hashsum::) for full description.
+
+16.3.19 cryptomount
+-------------------
+
+ -- Command: cryptomount device|'-u' uuid|'-a'|'-b'
+ Setup access to encrypted device. If necessary, passphrase is
+ requested interactively. Option DEVICE configures specific grub
+ device (*note Naming convention::); option '-u' UUID configures
+ device with specified UUID; option '-a' configures all detected
+ encrypted devices; option '-b' configures all geli containers that
+ have boot flag set.
+
+ GRUB suports devices encrypted using LUKS and geli. Note that
+ necessary modules (LUKS and GELI) have to be loaded manually before
+ this command can be used.
+
+16.3.20 date
+------------
+
+ -- Command: date [[year-]month-day] [hour:minute[:second]]
+ With no arguments, print the current date and time.
+
+ Otherwise, take the current date and time, change any elements
+ specified as arguments, and set the result as the new date and
+ time. For example, 'date 01-01' will set the current month and day
+ to January 1, but leave the year, hour, minute, and second
+ unchanged.
+
+16.3.21 linux
+-------------
+
+ -- Command: devicetree file
+ Load a device tree blob (.dtb) from a filesystem, for later use by
+ a Linux kernel. Does not perform merging with any device tree
+ supplied by firmware, but rather replaces it completely. *note
+ GNU/Linux::.
+
+16.3.22 distrust
+----------------
+
+ -- Command: distrust pubkey_id
+ Remove public key PUBKEY_ID from GRUB's keyring of trusted keys.
+ PUBKEY_ID is the last four bytes (eight hexadecimal digits) of the
+ GPG v4 key id, which is also the output of 'list_trusted' (*note
+ list_trusted::). Outside of GRUB, the key id can be obtained using
+ 'gpg --fingerprint'). These keys are used to validate signatures
+ when environment variable 'check_signatures' is set to 'enforce'
+ (*note check_signatures::), and by some invocations of
+ 'verify_detached' (*note verify_detached::). *Note Using digital
+ signatures::, for more information.
+
+16.3.23 drivemap
+----------------
+
+ -- Command: drivemap '-l'|'-r'|['-s'] from_drive to_drive
+ Without options, map the drive FROM_DRIVE to the drive TO_DRIVE.
+ This is necessary when you chain-load some operating systems, such
+ as DOS, if such an OS resides at a non-first drive. For
+ convenience, any partition suffix on the drive is ignored, so you
+ can safely use ${root} as a drive specification.
+
+ With the '-s' option, perform the reverse mapping as well, swapping
+ the two drives.
+
+ With the '-l' option, list the current mappings.
+
+ With the '-r' option, reset all mappings to the default values.
+
+ For example:
+
+ drivemap -s (hd0) (hd1)
+
+16.3.24 echo
+------------
+
+ -- Command: echo ['-n'] ['-e'] string ...
+ Display the requested text and, unless the '-n' option is used, a
+ trailing new line. If there is more than one string, they are
+ separated by spaces in the output. As usual in GRUB commands,
+ variables may be substituted using '${var}'.
+
+ The '-e' option enables interpretation of backslash escapes. The
+ following sequences are recognised:
+
+ '\\'
+ backslash
+
+ '\a'
+ alert (BEL)
+
+ '\c'
+ suppress trailing new line
+
+ '\f'
+ form feed
+
+ '\n'
+ new line
+
+ '\r'
+ carriage return
+
+ '\t'
+ horizontal tab
+
+ '\v'
+ vertical tab
+
+ When interpreting backslash escapes, backslash followed by any
+ other character will print that character.
+
+16.3.25 eval
+------------
+
+ -- Command: eval string ...
+ Concatenate arguments together using single space as separator and
+ evaluate result as sequence of GRUB commands.
+
+16.3.26 export
+--------------
+
+ -- Command: export envvar
+ Export the environment variable ENVVAR. Exported variables are
+ visible to subsidiary configuration files loaded using
+ 'configfile'.
+
+16.3.27 false
+-------------
+
+ -- Command: false
+ Do nothing, unsuccessfully. This is mainly useful in control
+ constructs such as 'if' and 'while' (*note Shell-like scripting::).
+
+16.3.28 gettext
+---------------
+
+ -- Command: gettext string
+ Translate STRING into the current language.
+
+ The current language code is stored in the 'lang' variable in
+ GRUB's environment (*note lang::). Translation files in MO format
+ are read from 'locale_dir' (*note locale_dir::), usually
+ '/boot/grub/locale'.
+
+16.3.29 gptsync
+---------------
+
+ -- Command: gptsync device [partition[+/-[type]]] ...
+ Disks using the GUID Partition Table (GPT) also have a legacy
+ Master Boot Record (MBR) partition table for compatibility with the
+ BIOS and with older operating systems. The legacy MBR can only
+ represent a limited subset of GPT partition entries.
+
+ This command populates the legacy MBR with the specified PARTITION
+ entries on DEVICE. Up to three partitions may be used.
+
+ TYPE is an MBR partition type code; prefix with '0x' if you want to
+ enter this in hexadecimal. The separator between PARTITION and
+ TYPE may be '+' to make the partition active, or '-' to make it
+ inactive; only one partition may be active. If both the separator
+ and type are omitted, then the partition will be inactive.
+
+16.3.30 halt
+------------
+
+ -- Command: halt '--no-apm'
+ The command halts the computer. If the '--no-apm' option is
+ specified, no APM BIOS call is performed. Otherwise, the computer
+ is shut down using APM.
+
+16.3.31 hashsum
+---------------
+
+ -- Command: hashsum '--hash' hash '--keep-going' '--uncompress'
+ '--check' file ['--prefix' dir]|file ...
+ Compute or verify file hashes. Hash type is selected with option
+ '--hash'. Supported hashes are: 'adler32', 'crc64', 'crc32',
+ 'crc32rfc1510', 'crc24rfc2440', 'md4', 'md5', 'ripemd160', 'sha1',
+ 'sha224', 'sha256', 'sha512', 'sha384', 'tiger192', 'tiger',
+ 'tiger2', 'whirlpool'. Option '--uncompress' uncompresses files
+ before computing hash.
+
+ When list of files is given, hash of each file is computed and
+ printed, followed by file name, each file on a new line.
+
+ When option '--check' is given, it points to a file that contains
+ list of HASH NAME pairs in the same format as used by UNIX 'md5sum'
+ command. Option '--prefix' may be used to give directory where
+ files are located. Hash verification stops after the first
+ mismatch was found unless option '--keep-going' was given. The
+ exit code '$?' is set to 0 if hash verification is successful. If
+ it fails, '$?' is set to a nonzero value.
+
+16.3.32 help
+------------
+
+ -- Command: help [pattern ...]
+ Display helpful information about builtin commands. If you do not
+ specify PATTERN, this command shows short descriptions of all
+ available commands.
+
+ If you specify any PATTERNS, it displays longer information about
+ each of the commands whose names begin with those PATTERNS.
+
+16.3.33 initrd
+--------------
+
+ -- Command: initrd file
+ Load an initial ramdisk for a Linux kernel image, and set the
+ appropriate parameters in the Linux setup area in memory. This may
+ only be used after the 'linux' command (*note linux::) has been
+ run. See also *note GNU/Linux::.
+
+16.3.34 initrd16
+----------------
+
+ -- Command: initrd16 file
+ Load an initial ramdisk for a Linux kernel image to be booted in
+ 16-bit mode, and set the appropriate parameters in the Linux setup
+ area in memory. This may only be used after the 'linux16' command
+ (*note linux16::) has been run. See also *note GNU/Linux::.
+
+ This command is only available on x86 systems.
+
+16.3.35 insmod
+--------------
+
+ -- Command: insmod module
+ Insert the dynamic GRUB module called MODULE.
+
+16.3.36 keystatus
+-----------------
+
+ -- Command: keystatus ['--shift'] ['--ctrl'] ['--alt']
+ Return true if the Shift, Control, or Alt modifier keys are held
+ down, as requested by options. This is useful in scripting, to
+ allow some user control over behaviour without having to wait for a
+ keypress.
+
+ Checking key modifier status is only supported on some platforms.
+ If invoked without any options, the 'keystatus' command returns
+ true if and only if checking key modifier status is supported.
+
+16.3.37 linux
+-------------
+
+ -- Command: linux file ...
+ Load a Linux kernel image from FILE. The rest of the line is
+ passed verbatim as the "kernel command-line". Any initrd must be
+ reloaded after using this command (*note initrd::).
+
+ On x86 systems, the kernel will be booted using the 32-bit boot
+ protocol. Note that this means that the 'vga=' boot option will
+ not work; if you want to set a special video mode, you will need to
+ use GRUB commands such as 'set gfxpayload=1024x768' or 'set
+ gfxpayload=keep' (to keep the same mode as used in GRUB) instead.
+ GRUB can automatically detect some uses of 'vga=' and translate
+ them to appropriate settings of 'gfxpayload'. The 'linux16'
+ command (*note linux16::) avoids this restriction.
+
+16.3.38 linux16
+---------------
+
+ -- Command: linux16 file ...
+ Load a Linux kernel image from FILE in 16-bit mode. The rest of
+ the line is passed verbatim as the "kernel command-line". Any
+ initrd must be reloaded after using this command (*note
+ initrd16::).
+
+ The kernel will be booted using the traditional 16-bit boot
+ protocol. As well as bypassing problems with 'vga=' described in
+ *note linux::, this permits booting some other programs that
+ implement the Linux boot protocol for the sake of convenience.
+
+ This command is only available on x86 systems.
+
+16.3.39 list_env
+----------------
+
+ -- Command: list_env ['--file' file]
+ List all variables in the environment block file. *Note
+ Environment block::.
+
+ The '--file' option overrides the default location of the
+ environment block.
+
+16.3.40 list_trusted
+--------------------
+
+ -- Command: list_trusted
+ List all public keys trusted by GRUB for validating signatures.
+ The output is in GPG's v4 key fingerprint format (i.e., the output
+ of 'gpg --fingerprint'). The least significant four bytes (last
+ eight hexadecimal digits) can be used as an argument to 'distrust'
+ (*note distrust::). *Note Using digital signatures::, for more
+ information about uses for these keys.
+
+16.3.41 load_env
+----------------
+
+ -- Command: load_env ['--file' file] ['--skip-sig']
+ [whitelisted_variable_name] ...
+ Load all variables from the environment block file into the
+ environment. *Note Environment block::.
+
+ The '--file' option overrides the default location of the
+ environment block.
+
+ The '--skip-sig' option skips signature checking even when the
+ value of environment variable 'check_signatures' is set to
+ 'enforce' (*note check_signatures::).
+
+ If one or more variable names are provided as arguments, they are
+ interpreted as a whitelist of variables to load from the
+ environment block file. Variables set in the file but not present
+ in the whitelist are ignored.
+
+ The '--skip-sig' option should be used with care, and should always
+ be used in concert with a whitelist of acceptable variables whose
+ values should be set. Failure to employ a carefully constructed
+ whitelist could result in reading a malicious value into critical
+ environment variables from the file, such as setting
+ 'check_signatures=no', modifying 'prefix' to boot from an
+ unexpected location or not at all, etc.
+
+ When used with care, '--skip-sig' and the whitelist enable an
+ administrator to configure a system to boot only signed
+ configurations, but to allow the user to select from among multiple
+ configurations, and to enable "one-shot" boot attempts and
+ "savedefault" behavior. *Note Using digital signatures::, for more
+ information.
+
+16.3.42 loadfont
+----------------
+
+ -- Command: loadfont file ...
+ Load specified font files. Unless absolute pathname is given, FILE
+ is assumed to be in directory '$prefix/fonts' with suffix '.pf2'
+ appended. *Note Fonts: Theme file format.
+
+16.3.43 loopback
+----------------
+
+ -- Command: loopback ['-d'] device file
+ Make the device named DEVICE correspond to the contents of the
+ filesystem image in FILE. For example:
+
+ loopback loop0 /path/to/image
+ ls (loop0)/
+
+ With the '-d' option, delete a device previously created using this
+ command.
+
+16.3.44 ls
+----------
+
+ -- Command: ls [arg ...]
+ List devices or files.
+
+ With no arguments, print all devices known to GRUB.
+
+ If the argument is a device name enclosed in parentheses (*note
+ Device syntax::), then print the name of the filesystem of that
+ device.
+
+ If the argument is a directory given as an absolute file name
+ (*note File name syntax::), then list the contents of that
+ directory.
+
+16.3.45 lsfonts
+---------------
+
+ -- Command: lsfonts
+ List loaded fonts.
+
+16.3.46 lsmod
+-------------
+
+ -- Command: lsmod
+ Show list of loaded modules.
+
+16.3.47 md5sum
+--------------
+
+ -- Command: md5sum arg ...
+ Alias for 'hashsum --hash md5 arg ...'. See command 'hashsum'
+ (*note hashsum::) for full description.
+
+16.3.48 module
+--------------
+
+ -- Command: module [--nounzip] file [arguments]
+ Load a module for multiboot kernel image. The rest of the line is
+ passed verbatim as the module command line.
+
+16.3.49 multiboot
+-----------------
+
+ -- Command: multiboot [--quirk-bad-kludge]
+ [--quirk-modules-after-kernel] file ...
+ Load a multiboot kernel image from FILE. The rest of the line is
+ passed verbatim as the "kernel command-line". Any module must be
+ reloaded after using this command (*note module::).
+
+ Some kernels have known problems. You need to specify -quirk-* for
+ those. -quirk-bad-kludge is a problem seen in several products
+ that they include loading kludge information with invalid data in
+ ELF file. GRUB prior to 0.97 and some custom builds prefered ELF
+ information while 0.97 and GRUB 2 use kludge. Use this option to
+ ignore kludge. Known affected systems: old Solaris, SkyOS.
+
+ -quirk-modules-after-kernel is needed for kernels which load at
+ relatively high address e.g. 16MiB mark and can't cope with
+ modules stuffed between 1MiB mark and beginning of the kernel.
+ Known afftected systems: VMWare.
+
+16.3.50 nativedisk
+------------------
+
+ -- Command: nativedisk
+ Switch from firmware disk drivers to native ones. Really useful
+ only on platforms where both firmware and native disk drives are
+ available. Currently i386-pc, i386-efi, i386-ieee1275 and
+ x86_64-efi.
+
+16.3.51 normal
+--------------
+
+ -- Command: normal [file]
+ Enter normal mode and display the GRUB menu.
+
+ In normal mode, commands, filesystem modules, and cryptography
+ modules are automatically loaded, and the full GRUB script parser
+ is available. Other modules may be explicitly loaded using
+ 'insmod' (*note insmod::).
+
+ If a FILE is given, then commands will be read from that file.
+ Otherwise, they will be read from '$prefix/grub.cfg' if it exists.
+
+ 'normal' may be called from within normal mode, creating a nested
+ environment. It is more usual to use 'configfile' (*note
+ configfile::) for this.
+
+16.3.52 normal_exit
+-------------------
+
+ -- Command: normal_exit
+ Exit normal mode (*note normal::). If this instance of normal mode
+ was not nested within another one, then return to rescue mode.
+
+16.3.53 parttool
+----------------
+
+ -- Command: parttool partition commands
+ Make various modifications to partition table entries.
+
+ Each COMMAND is either a boolean option, in which case it must be
+ followed with '+' or '-' (with no intervening space) to enable or
+ disable that option, or else it takes a value in the form
+ 'COMMAND=VALUE'.
+
+ Currently, 'parttool' is only useful on DOS partition tables (also
+ known as Master Boot Record, or MBR). On these partition tables,
+ the following commands are available:
+
+ 'boot' (boolean)
+ When enabled, this makes the selected partition be the active
+ (bootable) partition on its disk, clearing the active flag on
+ all other partitions. This command is limited to _primary_
+ partitions.
+
+ 'type' (value)
+ Change the type of an existing partition. The value must be a
+ number in the range 0-0xFF (prefix with '0x' to enter it in
+ hexadecimal).
+
+ 'hidden' (boolean)
+ When enabled, this hides the selected partition by setting the
+ "hidden" bit in its partition type code; when disabled,
+ unhides the selected partition by clearing this bit. This is
+ useful only when booting DOS or Windows and multiple primary
+ FAT partitions exist in one disk. See also *note
+ DOS/Windows::.
+
+16.3.54 password
+----------------
+
+ -- Command: password user clear-password
+ Define a user named USER with password CLEAR-PASSWORD. *Note
+ Security::.
+
+16.3.55 password_pbkdf2
+-----------------------
+
+ -- Command: password_pbkdf2 user hashed-password
+ Define a user named USER with password hash HASHED-PASSWORD. Use
+ 'grub-mkpasswd-pbkdf2' (*note Invoking grub-mkpasswd-pbkdf2::) to
+ generate password hashes. *Note Security::.
+
+16.3.56 play
+------------
+
+ -- Command: play file | tempo [pitch1 duration1] [pitch2 duration2] ...
+ Plays a tune
+
+ If the argument is a file name (*note File name syntax::), play the
+ tune recorded in it. The file format is first the tempo as an
+ unsigned 32bit little-endian number, then pairs of unsigned 16bit
+ little-endian numbers for pitch and duration pairs.
+
+ If the arguments are a series of numbers, play the inline tune.
+
+ The tempo is the base for all note durations. 60 gives a 1-second
+ base, 120 gives a half-second base, etc. Pitches are Hz. Set
+ pitch to 0 to produce a rest.
+
+16.3.57 probe
+-------------
+
+ -- Command: probe ['--set' var]
+ '--driver'|'--partmap'|'--fs'|'--fs-uuid'|'--label' device
+ Retrieve device information. If option '--set' is given, assign
+ result to variable VAR, otherwise print information on the screen.
+
+16.3.58 pxe_unload
+------------------
+
+ -- Command: pxe_unload
+ Unload the PXE environment (*note Network::).
+
+ This command is only available on PC BIOS systems.
+
+16.3.59 rdmsr
+-------------
+
+ -- Command:: rdmsr 0xADDR [-v VARNAME]
+ Read a model-specific register at address 0xADDR. If the parameter
+ '-v' is used and an environment variable VARNAME is given, set that
+ environment variable to the value that was read.
+
+ Please note that on SMP systems, reading from a MSR that has a
+ scope per hardware thread, implies that the value that is returned
+ only applies to the particular cpu/core/thread that runs the
+ command.
+
+ Also, if you specify a reserved or unimplemented MSR address, it
+ will cause a general protection exception (which is not currently
+ being handled) and the system will reboot.
+
+16.3.60 read
+------------
+
+ -- Command: read [var]
+ Read a line of input from the user. If an environment variable VAR
+ is given, set that environment variable to the line of input that
+ was read, with no terminating newline.
+
+16.3.61 reboot
+--------------
+
+ -- Command: reboot
+ Reboot the computer.
+
+16.3.62 regexp
+--------------
+
+ -- Command: regexp ['--set' [number:]var] regexp string
+ Test if regular expression REGEXP matches STRING. Supported
+ regular expressions are POSIX.2 Extended Regular Expressions. If
+ option '--set' is given, store NUMBERth matched subexpression in
+ variable VAR. Subexpressions are numbered in order of their
+ opening parentheses starting from '1'. NUMBER defaults to '1'.
+
+16.3.63 rmmod
+-------------
+
+ -- Command: rmmod module
+ Remove a loaded MODULE.
+
+16.3.64 save_env
+----------------
+
+ -- Command: save_env ['--file' file] var ...
+ Save the named variables from the environment to the environment
+ block file. *Note Environment block::.
+
+ The '--file' option overrides the default location of the
+ environment block.
+
+ This command will operate successfully even when environment
+ variable 'check_signatures' is set to 'enforce' (*note
+ check_signatures::), since it writes to disk and does not alter the
+ behavior of GRUB based on any contents of disk that have been read.
+ It is possible to modify a digitally signed environment block file
+ from within GRUB using this command, such that its signature will
+ no longer be valid on subsequent boots. Care should be taken in
+ such advanced configurations to avoid rendering the system
+ unbootable. *Note Using digital signatures::, for more
+ information.
+
+16.3.65 search
+--------------
+
+ -- Command: search ['--file'|'--label'|'--fs-uuid'] ['--set' [var]]
+ ['--no-floppy'] name
+ Search devices by file ('-f', '--file'), filesystem label ('-l',
+ '--label'), or filesystem UUID ('-u', '--fs-uuid').
+
+ If the '--set' option is used, the first device found is set as the
+ value of environment variable VAR. The default variable is 'root'.
+
+ The '--no-floppy' option prevents searching floppy devices, which
+ can be slow.
+
+ The 'search.file', 'search.fs_label', and 'search.fs_uuid' commands
+ are aliases for 'search --file', 'search --label', and 'search
+ --fs-uuid' respectively.
+
+16.3.66 sendkey
+---------------
+
+ -- Command: sendkey
+ ['--num'|'--caps'|'--scroll'|'--insert'|'--pause'|'--left-shift'|'--right-shift'|'--sysrq'|'--numkey'|'--capskey'|'--scrollkey'|'--insertkey'|'--left-alt'|'--right-alt'|'--left-ctrl'|'--right-ctrl'
+ 'on'|'off']... ['no-led'] keystroke
+ Insert keystrokes into the keyboard buffer when booting. Sometimes
+ an operating system or chainloaded boot loader requires particular
+ keys to be pressed: for example, one might need to press a
+ particular key to enter "safe mode", or when chainloading another
+ boot loader one might send keystrokes to it to navigate its menu.
+
+ You may provide up to 16 keystrokes (the length of the BIOS
+ keyboard buffer). Keystroke names may be upper-case or lower-case
+ letters, digits, or taken from the following table:
+
+ Name Key
+ -------------------------------------------------------------------
+ escape Escape
+ exclam !
+ at @
+ numbersign #
+ dollar $
+ percent %
+ caret ^
+ ampersand &
+ asterisk *
+ parenleft (
+ parenright )
+ minus -
+ underscore _
+ equal =
+ plus +
+ backspace Backspace
+ tab Tab
+ bracketleft [
+ braceleft {
+ bracketright ]
+ braceright }
+ enter Enter
+ control press and release Control
+ semicolon ;
+ colon :
+ quote '
+ doublequote "
+ backquote '
+ tilde ~
+ shift press and release left Shift
+ backslash \
+ bar |
+ comma ,
+ less <
+ period .
+ greater >
+ slash /
+ question ?
+ rshift press and release right Shift
+ alt press and release Alt
+ space space bar
+ capslock Caps Lock
+ F1 F1
+ F2 F2
+ F3 F3
+ F4 F4
+ F5 F5
+ F6 F6
+ F7 F7
+ F8 F8
+ F9 F9
+ F10 F10
+ F11 F11
+ F12 F12
+ num1 1 (numeric keypad)
+ num2 2 (numeric keypad)
+ num3 3 (numeric keypad)
+ num4 4 (numeric keypad)
+ num5 5 (numeric keypad)
+ num6 6 (numeric keypad)
+ num7 7 (numeric keypad)
+ num8 8 (numeric keypad)
+ num9 9 (numeric keypad)
+ num0 0 (numeric keypad)
+ numperiod . (numeric keypad)
+ numend End (numeric keypad)
+ numdown Down (numeric keypad)
+ numpgdown Page Down (numeric keypad)
+ numleft Left (numeric keypad)
+ numcenter 5 with Num Lock inactive (numeric
+ keypad)
+ numright Right (numeric keypad)
+ numhome Home (numeric keypad)
+ numup Up (numeric keypad)
+ numpgup Page Up (numeric keypad)
+ numinsert Insert (numeric keypad)
+ numdelete Delete (numeric keypad)
+ numasterisk * (numeric keypad)
+ numminus - (numeric keypad)
+ numplus + (numeric keypad)
+ numslash / (numeric keypad)
+ numenter Enter (numeric keypad)
+ delete Delete
+ insert Insert
+ home Home
+ end End
+ pgdown Page Down
+ pgup Page Up
+ down Down
+ up Up
+ left Left
+ right Right
+
+ As well as keystrokes, the 'sendkey' command takes various options
+ that affect the BIOS keyboard status flags. These options take an
+ 'on' or 'off' parameter, specifying that the corresponding status
+ flag be set or unset; omitting the option for a given status flag
+ will leave that flag at its initial state at boot. The '--num',
+ '--caps', '--scroll', and '--insert' options emulate setting the
+ corresponding mode, while the '--numkey', '--capskey',
+ '--scrollkey', and '--insertkey' options emulate pressing and
+ holding the corresponding key. The other status flag options are
+ self-explanatory.
+
+ If the '--no-led' option is given, the status flag options will
+ have no effect on keyboard LEDs.
+
+ If the 'sendkey' command is given multiple times, then only the
+ last invocation has any effect.
+
+ Since 'sendkey' manipulates the BIOS keyboard buffer, it may cause
+ hangs, reboots, or other misbehaviour on some systems. If the
+ operating system or boot loader that runs after GRUB uses its own
+ keyboard driver rather than the BIOS keyboard functions, then
+ 'sendkey' will have no effect.
+
+ This command is only available on PC BIOS systems.
+
+16.3.67 set
+-----------
+
+ -- Command: set [envvar=value]
+ Set the environment variable ENVVAR to VALUE. If invoked with no
+ arguments, print all environment variables with their values.
+
+16.3.68 sha1sum
+---------------
+
+ -- Command: sha1sum arg ...
+ Alias for 'hashsum --hash sha1 arg ...'. See command 'hashsum'
+ (*note hashsum::) for full description.
+
+16.3.69 sha256sum
+-----------------
+
+ -- Command: sha256sum arg ...
+ Alias for 'hashsum --hash sha256 arg ...'. See command 'hashsum'
+ (*note hashsum::) for full description.
+
+16.3.70 sha512sum
+-----------------
+
+ -- Command: sha512sum arg ...
+ Alias for 'hashsum --hash sha512 arg ...'. See command 'hashsum'
+ (*note hashsum::) for full description.
+
+16.3.71 sleep
+-------------
+
+ -- Command: sleep ['--verbose'] ['--interruptible'] count
+ Sleep for COUNT seconds. If option '--interruptible' is given,
+ allow to interrupt sleep. With '--verbose' show countdown of
+ remaining seconds. Exit code is set to 0 if timeout expired and to
+ 1 if timeout was interrupted by .
+
+16.3.72 source
+--------------
+
+ -- Command: source file
+ Read FILE as a configuration file, as if its contents had been
+ incorporated directly into the sourcing file. Unlike 'configfile'
+ (*note configfile::), this executes the contents of FILE without
+ changing context: any environment variable changes made by the
+ commands in FILE will be preserved after 'source' returns, and the
+ menu will not be shown immediately.
+
+16.3.73 test
+------------
+
+ -- Command: test expression
+ Evaluate EXPRESSION and return zero exit status if result is true,
+ non zero status otherwise.
+
+ EXPRESSION is one of:
+
+ STRING1 '==' STRING2
+ the strings are equal
+ STRING1 '!=' STRING2
+ the strings are not equal
+ STRING1 '<' STRING2
+ STRING1 is lexicographically less than STRING2
+ STRING1 '<=' STRING2
+ STRING1 is lexicographically less or equal than STRING2
+ STRING1 '>' STRING2
+ STRING1 is lexicographically greater than STRING2
+ STRING1 '>=' STRING2
+ STRING1 is lexicographically greater or equal than STRING2
+ INTEGER1 '-eq' INTEGER2
+ INTEGER1 is equal to INTEGER2
+ INTEGER1 '-ge' INTEGER2
+ INTEGER1 is greater than or equal to INTEGER2
+ INTEGER1 '-gt' INTEGER2
+ INTEGER1 is greater than INTEGER2
+ INTEGER1 '-le' INTEGER2
+ INTEGER1 is less than or equal to INTEGER2
+ INTEGER1 '-lt' INTEGER2
+ INTEGER1 is less than INTEGER2
+ INTEGER1 '-ne' INTEGER2
+ INTEGER1 is not equal to INTEGER2
+ PREFIXINTEGER1 '-pgt' PREFIXINTEGER2
+ INTEGER1 is greater than INTEGER2 after stripping off common
+ non-numeric PREFIX.
+ PREFIXINTEGER1 '-plt' PREFIXINTEGER2
+ INTEGER1 is less than INTEGER2 after stripping off common
+ non-numeric PREFIX.
+ FILE1 '-nt' FILE2
+ FILE1 is newer than FILE2 (modification time). Optionally
+ numeric BIAS may be directly appended to '-nt' in which case
+ it is added to the first file modification time.
+ FILE1 '-ot' FILE2
+ FILE1 is older than FILE2 (modification time). Optionally
+ numeric BIAS may be directly appended to '-ot' in which case
+ it is added to the first file modification time.
+ '-d' FILE
+ FILE exists and is a directory
+ '-e' FILE
+ FILE exists
+ '-f' FILE
+ FILE exists and is not a directory
+ '-s' FILE
+ FILE exists and has a size greater than zero
+ '-n' STRING
+ the length of STRING is nonzero
+ STRING
+ STRING is equivalent to '-n STRING'
+ '-z' STRING
+ the length of STRING is zero
+ '(' EXPRESSION ')'
+ EXPRESSION is true
+ '!' EXPRESSION
+ EXPRESSION is false
+ EXPRESSION1 '-a' EXPRESSION2
+ both EXPRESSION1 and EXPRESSION2 are true
+ EXPRESSION1 EXPRESSION2
+ both EXPRESSION1 and EXPRESSION2 are true. This syntax is not
+ POSIX-compliant and is not recommended.
+ EXPRESSION1 '-o' EXPRESSION2
+ either EXPRESSION1 or EXPRESSION2 is true
+
+16.3.74 true
+------------
+
+ -- Command: true
+ Do nothing, successfully. This is mainly useful in control
+ constructs such as 'if' and 'while' (*note Shell-like scripting::).
+
+16.3.75 trust
+-------------
+
+ -- Command: trust ['--skip-sig'] pubkey_file
+ Read public key from PUBKEY_FILE and add it to GRUB's internal list
+ of trusted public keys. These keys are used to validate digital
+ signatures when environment variable 'check_signatures' is set to
+ 'enforce'. Note that if 'check_signatures' is set to 'enforce'
+ when 'trust' executes, then PUBKEY_FILE must itself be properly
+ signed. The '--skip-sig' option can be used to disable
+ signature-checking when reading PUBKEY_FILE itself. It is expected
+ that '--skip-sig' is useful for testing and manual booting. *Note
+ Using digital signatures::, for more information.
+
+16.3.76 unset
+-------------
+
+ -- Command: unset envvar
+ Unset the environment variable ENVVAR.
+
+16.3.77 uppermem
+----------------
+
+This command is not yet implemented for GRUB 2, although it is planned.
+
+16.3.78 verify_detached
+-----------------------
+
+ -- Command: verify_detached ['--skip-sig'] file signature_file
+ [pubkey_file]
+ Verifies a GPG-style detached signature, where the signed file is
+ FILE, and the signature itself is in file SIGNATURE_FILE.
+ Optionally, a specific public key to use can be specified using
+ PUBKEY_FILE. When environment variable 'check_signatures' is set
+ to 'enforce', then PUBKEY_FILE must itself be properly signed by an
+ already-trusted key. An unsigned PUBKEY_FILE can be loaded by
+ specifying '--skip-sig'. If PUBKEY_FILE is omitted, then public
+ keys from GRUB's trusted keys (*note list_trusted::, *note trust::,
+ and *note distrust::) are tried.
+
+ Exit code '$?' is set to 0 if the signature validates successfully.
+ If validation fails, it is set to a non-zero value. *Note Using
+ digital signatures::, for more information.
+
+16.3.79 videoinfo
+-----------------
+
+ -- Command: videoinfo [[WxH]xD]
+ List available video modes. If resolution is given, show only
+ matching modes.
+
+16.3.80 wrmsr
+-------------
+
+ -- Command:: wrmsr 0xADDR 0xVALUE
+ Write a 0xVALUE to a model-specific register at address 0xADDR.
+
+ Please note that on SMP systems, writing to a MSR that has a scope
+ per hardware thread, implies that the value that is written only
+ applies to the particular cpu/core/thread that runs the command.
+
+ Also, if you specify a reserved or unimplemented MSR address, it
+ will cause a general protection exception (which is not currently
+ being handled) and the system will reboot.
+
+16.3.81 xen_hypervisor
+----------------------
+
+ -- Command: xen_hypervisor file [arguments] ...
+ Load a Xen hypervisor binary from FILE. The rest of the line is
+ passed verbatim as the "kernel command-line". Any other binaries
+ must be reloaded after using this command. This command is only
+ available on AArch64 systems.
+
+16.3.82 xen_module
+------------------
+
+ -- Command: xen_module [--nounzip] file [arguments]
+ Load a module for xen hypervisor at the booting process of xen.
+ The rest of the line is passed verbatim as the module command line.
+ Modules should be loaded in the following order: - dom0 kernel
+ image - dom0 ramdisk if present - XSM policy if present This
+ command is only available on AArch64 systems.
+
+16.4 The list of networking commands
+====================================
+
+16.4.1 net_add_addr
+-------------------
+
+ -- Command: net_add_addr INTERFACE CARD ADDRESS
+ Configure additional network INTERFACE with ADDRESS on a network
+ CARD. ADDRESS can be either IP in dotted decimal notation, or
+ symbolic name which is resolved using DNS lookup. If successful,
+ this command also adds local link routing entry to the default
+ subnet of ADDRESS with name INTERFACE':local' via INTERFACE.
+
+16.4.2 net_add_dns
+------------------
+
+ -- Command: net_add_dns SERVER
+ Resolve SERVER IP address and add to the list of DNS servers used
+ during name lookup.
+
+16.4.3 net_add_route
+--------------------
+
+ -- Command: net_add_route SHORTNAME IP[/PREFIX] [INTERFACE | 'gw'
+ GATEWAY]
+ Add route to network with address IP as modified by PREFIX via
+ either local INTERFACE or GATEWAY. PREFIX is optional and defaults
+ to 32 for IPv4 address and 128 for IPv6 address. Route is
+ identified by SHORTNAME which can be used to remove it (*note
+ net_del_route::).
+
+16.4.4 net_bootp
+----------------
+
+ -- Command: net_bootp [CARD]
+ Perform configuration of CARD using DHCP protocol. If no card name
+ is specified, try to configure all existing cards. If
+ configuration was successful, interface with name CARD':dhcp' and
+ configured address is added to CARD. Additionally the following
+ DHCP options are recognized and processed:
+
+ '1 (Subnet Mask)'
+ Used to calculate network local routing entry for interface
+ CARD':dhcp'.
+ '3 (Router)'
+ Adds default route entry with the name CARD':dhcp:default' via
+ gateway from DHCP option. Note that only option with single
+ route is accepted.
+ '6 (Domain Name Server)'
+ Adds all servers from option value to the list of servers used
+ during name resolution.
+ '12 (Host Name)'
+ Sets environment variable 'net_''_dhcp_hostname' (*note
+ net__hostname::) to the value of option.
+ '15 (Domain Name)'
+ Sets environment variable 'net_''_dhcp_domain' (*note
+ net__domain::) to the value of option.
+ '17 (Root Path)'
+ Sets environment variable 'net_''_dhcp_rootpath' (*note
+ net__rootpath::) to the value of option.
+ '18 (Extensions Path)'
+ Sets environment variable 'net_''_dhcp_extensionspath'
+ (*note net__extensionspath::) to the value of
+ option.
+
+16.4.5 net_del_addr
+-------------------
+
+ -- Command: net_del_addr INTERFACE
+ Remove configured INTERFACE with associated address.
+
+16.4.6 net_del_dns
+------------------
+
+ -- Command: net_del_dns ADDRESS
+ Remove ADDRESS from list of servers used during name lookup.
+
+16.4.7 net_del_route
+--------------------
+
+ -- Command: net_del_route SHORTNAME
+ Remove route entry identified by SHORTNAME.
+
+16.4.8 net_get_dhcp_option
+--------------------------
+
+ -- Command: net_get_dhcp_option VAR INTERFACE NUMBER TYPE
+ Request DHCP option NUMBER of TYPE via INTERFACE. TYPE can be one
+ of 'string', 'number' or 'hex'. If option is found, assign its
+ value to variable VAR. Values of types 'number' and 'hex' are
+ converted to string representation.
+
+16.4.9 net_ipv6_autoconf
+------------------------
+
+ -- Command: net_ipv6_autoconf [CARD]
+ Perform IPv6 autoconfiguration by adding to the CARD interface with
+ name CARD':link' and link local MAC-based address. If no card is
+ specified, perform autoconfiguration for all existing cards.
+
+16.4.10 net_ls_addr
+-------------------
+
+ -- Command: net_ls_addr
+ List all configured interfaces with their MAC and IP addresses.
+
+16.4.11 net_ls_cards
+--------------------
+
+ -- Command: net_ls_cards
+ List all detected network cards with their MAC address.
+
+16.4.12 net_ls_dns
+------------------
+
+ -- Command: net_ls_dns
+ List addresses of DNS servers used during name lookup.
+
+16.4.13 net_ls_routes
+---------------------
+
+ -- Command: net_ls_routes
+ List routing entries.
+
+16.4.14 net_nslookup
+--------------------
+
+ -- Command: net_nslookup NAME [SERVER]
+ Resolve address of NAME using DNS server SERVER. If no server is
+ given, use default list of servers.
+
diff --git a/boot/grub/persistent/docs/17_internationalisation b/boot/grub/persistent/docs/17_internationalisation
new file mode 100644
index 0000000..f09493e
--- /dev/null
+++ b/boot/grub/persistent/docs/17_internationalisation
@@ -0,0 +1,136 @@
+17 Internationalisation
+***********************
+
+17.1 Charset
+============
+
+GRUB uses UTF-8 internally other than in rendering where some
+GRUB-specific appropriate representation is used. All text files
+(including config) are assumed to be encoded in UTF-8.
+
+17.2 Filesystems
+================
+
+NTFS, JFS, UDF, HFS+, exFAT, long filenames in FAT, Joliet part of
+ISO9660 are treated as UTF-16 as per specification. AFS and BFS are
+read as UTF-8, again according to specification. BtrFS, cpio, tar,
+squash4, minix, minix2, minix3, ROMFS, ReiserFS, XFS, ext2, ext3, ext4,
+FAT (short names), F2FS, RockRidge part of ISO9660, nilfs2, UFS1, UFS2
+and ZFS are assumed to be UTF-8. This might be false on systems
+configured with legacy charset but as long as the charset used is
+superset of ASCII you should be able to access ASCII-named files. And
+it's recommended to configure your system to use UTF-8 to access the
+filesystem, convmv may help with migration. ISO9660 (plain) filenames
+are specified as being ASCII or being described with unspecified escape
+sequences. GRUB assumes that the ISO9660 names are UTF-8 (since any
+ASCII is valid UTF-8). There are some old CD-ROMs which use CP437 in
+non-compliant way. You're still able to access files with names
+containing only ASCII characters on such filesystems though. You're
+also able to access any file if the filesystem contains valid Joliet
+(UTF-16) or RockRidge (UTF-8). AFFS, SFS and HFS never use unicode and
+GRUB assumes them to be in Latin1, Latin1 and MacRoman respectively.
+GRUB handles filesystem case-insensitivity however no attempt is
+performed at case conversion of international characters so e.g. a file
+named lowercase greek alpha is treated as different from the one named
+as uppercase alpha. The filesystems in questions are NTFS (except POSIX
+namespace), HFS+ (configurable at mkfs time, default insensitive), SFS
+(configurable at mkfs time, default insensitive), JFS (configurable at
+mkfs time, default sensitive), HFS, AFFS, FAT, exFAT and ZFS
+(configurable on per-subvolume basis by property "casesensitivity",
+default sensitive). On ZFS subvolumes marked as case insensitive files
+containing lowercase international characters are inaccessible. Also
+like all supported filesystems except HFS+ and ZFS (configurable on
+per-subvolume basis by property "normalization", default none) GRUB
+makes no attempt at check of canonical equivalence so a file name
+u-diaresis is treated as distinct from u+combining diaresis. This
+however means that in order to access file on HFS+ its name must be
+specified in normalisation form D. On normalized ZFS subvolumes
+filenames out of normalisation are inaccessible.
+
+17.3 Output terminal
+====================
+
+Firmware output console "console" on ARC and IEEE1275 are limited to
+ASCII.
+
+ BIOS firmware console and VGA text are limited to ASCII and some
+pseudographics.
+
+ None of above mentioned is appropriate for displaying international
+and any unsupported character is replaced with question mark except
+pseudographics which we attempt to approximate with ASCII.
+
+ EFI console on the other hand nominally supports UTF-16 but actual
+language coverage depends on firmware and may be very limited.
+
+ The encoding used on serial can be chosen with 'terminfo' as either
+ASCII, UTF-8 or "visual UTF-8". Last one is against the specification
+but results in correct rendering of right-to-left on some readers which
+don't have own bidi implementation.
+
+ On emu GRUB checks if charset is UTF-8 and uses it if so and uses
+ASCII otherwise.
+
+ When using gfxterm or gfxmenu GRUB itself is responsible for
+rendering the text. In this case GRUB is limited by loaded fonts. If
+fonts contain all required characters then bidirectional text, cursive
+variants and combining marks other than enclosing, half (e.g. left half
+tilde or combining overline) and double ones. Ligatures aren't
+supported though. This should cover European, Middle Eastern (if you
+don't mind lack of lam-alif ligature in Arabic) and East Asian scripts.
+Notable unsupported scripts are Brahmic family and derived as well as
+Mongolian, Tifinagh, Korean Jamo (precomposed characters have no
+problem) and tonal writing (2e5-2e9). GRUB also ignores deprecated (as
+specified in Unicode) characters (e.g. tags). GRUB also doesn't handle
+so called "annotation characters" If you can complete either of two
+lists or, better, propose a patch to improve rendering, please contact
+developer team.
+
+17.4 Input terminal
+===================
+
+Firmware console on BIOS, IEEE1275 and ARC doesn't allow you to enter
+non-ASCII characters. EFI specification allows for such but author is
+unaware of any actual implementations. Serial input is currently
+limited for latin1 (unlikely to change). Own keyboard implementations
+(at_keyboard and usb_keyboard) supports any key but work on
+one-char-per-keystroke. So no dead keys or advanced input method. Also
+there is no keymap change hotkey. In practice it makes difficult to
+enter any text using non-Latin alphabet. Moreover all current input
+consumers are limited to ASCII.
+
+17.5 Gettext
+============
+
+GRUB supports being translated. For this you need to have language *.mo
+files in $prefix/locale, load gettext module and set "lang" variable.
+
+17.6 Regexp
+===========
+
+Regexps work on unicode characters, however no attempt at checking
+cannonical equivalence has been made. Moreover the classes like
+[:alpha:] match only ASCII subset.
+
+17.7 Other
+==========
+
+Currently GRUB always uses YEAR-MONTH-DAY HOUR:MINUTE:SECOND [WEEKDAY]
+24-hour datetime format but weekdays are translated. GRUB always uses
+the decimal number format with [0-9] as digits and . as descimal
+separator and no group separator. IEEE1275 aliases are matched
+case-insensitively except non-ASCII which is matched as binary. Similar
+behaviour is for matching OSBundleRequired. Since IEEE1275 aliases and
+OSBundleRequired don't contain any non-ASCII it should never be a
+problem in practice. Case-sensitive identifiers are matched as raw
+strings, no canonical equivalence check is performed. Case-insenstive
+identifiers are matched as RAW but additionally [a-z] is equivalent to
+[A-Z]. GRUB-defined identifiers use only ASCII and so should
+user-defined ones. Identifiers containing non-ASCII may work but aren't
+supported. Only the ASCII space characters (space U+0020, tab U+000b,
+CR U+000d and LF U+000a) are recognised. Other unicode space characters
+aren't a valid field separator. 'test' (*note test::) tests <, >, <=,
+>=, -pgt and -plt compare the strings in the lexicographical order of
+unicode codepoints, replicating the behaviour of test from coreutils.
+environment variables and commands are listed in the same order.
+
diff --git a/boot/grub/persistent/docs/18_security b/boot/grub/persistent/docs/18_security
new file mode 100644
index 0000000..9d06f4f
--- /dev/null
+++ b/boot/grub/persistent/docs/18_security
@@ -0,0 +1,186 @@
+18 Security
+***********
+
+18.1 Authentication and authorisation in GRUB
+=============================================
+
+By default, the boot loader interface is accessible to anyone with
+physical access to the console: anyone can select and edit any menu
+entry, and anyone can get direct access to a GRUB shell prompt. For
+most systems, this is reasonable since anyone with direct physical
+access has a variety of other ways to gain full access, and requiring
+authentication at the boot loader level would only serve to make it
+difficult to recover broken systems.
+
+ However, in some environments, such as kiosks, it may be appropriate
+to lock down the boot loader to require authentication before performing
+certain operations.
+
+ The 'password' (*note password::) and 'password_pbkdf2' (*note
+password_pbkdf2::) commands can be used to define users, each of which
+has an associated password. 'password' sets the password in plain text,
+requiring 'grub.cfg' to be secure; 'password_pbkdf2' sets the password
+hashed using the Password-Based Key Derivation Function (RFC 2898),
+requiring the use of 'grub-mkpasswd-pbkdf2' (*note Invoking
+grub-mkpasswd-pbkdf2::) to generate password hashes.
+
+ In order to enable authentication support, the 'superusers'
+environment variable must be set to a list of usernames, separated by
+any of spaces, commas, semicolons, pipes, or ampersands. Superusers are
+permitted to use the GRUB command line, edit menu entries, and execute
+any menu entry. If 'superusers' is set, then use of the command line
+and editing of menu entries are automatically restricted to superusers.
+Setting 'superusers' to empty string effectively disables both access to
+CLI and editing of menu entries.
+
+ Other users may be allowed to execute specific menu entries by giving
+a list of usernames (as above) using the '--users' option to the
+'menuentry' command (*note menuentry::). If the '--unrestricted' option
+is used for a menu entry, then that entry is unrestricted. If the
+'--users' option is not used for a menu entry, then that only superusers
+are able to use it.
+
+ Putting this together, a typical 'grub.cfg' fragment might look like
+this:
+
+ set superusers="root"
+ password_pbkdf2 root grub.pbkdf2.sha512.10000.biglongstring
+ password user1 insecure
+
+ menuentry "May be run by any user" --unrestricted {
+ set root=(hd0,1)
+ linux /vmlinuz
+ }
+
+ menuentry "Superusers only" --users "" {
+ set root=(hd0,1)
+ linux /vmlinuz single
+ }
+
+ menuentry "May be run by user1 or a superuser" --users user1 {
+ set root=(hd0,2)
+ chainloader +1
+ }
+
+ The 'grub-mkconfig' program does not yet have built-in support for
+generating configuration files with authentication. You can use
+'/etc/grub.d/40_custom' to add simple superuser authentication, by
+adding 'set superusers=' and 'password' or 'password_pbkdf2' commands.
+
+18.2 Using digital signatures in GRUB
+=====================================
+
+GRUB's 'core.img' can optionally provide enforcement that all files
+subsequently read from disk are covered by a valid digital signature.
+This document does *not* cover how to ensure that your platform's
+firmware (e.g., Coreboot) validates 'core.img'.
+
+ If environment variable 'check_signatures' (*note check_signatures::)
+is set to 'enforce', then every attempt by the GRUB 'core.img' to load
+another file 'foo' implicitly invokes 'verify_detached foo foo.sig'
+(*note verify_detached::). 'foo.sig' must contain a valid digital
+signature over the contents of 'foo', which can be verified with a
+public key currently trusted by GRUB (*note list_trusted::, *note
+trust::, and *note distrust::). If validation fails, then file 'foo'
+cannot be opened. This failure may halt or otherwise impact the boot
+process.
+
+ GRUB uses GPG-style detached signatures (meaning that a file
+'foo.sig' will be produced when file 'foo' is signed), and currently
+supports the DSA and RSA signing algorithms. A signing key can be
+generated as follows:
+
+ gpg --gen-key
+
+ An individual file can be signed as follows:
+
+ gpg --detach-sign /path/to/file
+
+ For successful validation of all of GRUB's subcomponents and the
+loaded OS kernel, they must all be signed. One way to accomplish this
+is the following (after having already produced the desired 'grub.cfg'
+file, e.g., by running 'grub-mkconfig' (*note Invoking grub-mkconfig::):
+
+ # Edit /dev/shm/passphrase.txt to contain your signing key's passphrase
+ for i in `find /boot -name "*.cfg" -or -name "*.lst" -or \
+ -name "*.mod" -or -name "vmlinuz*" -or -name "initrd*" -or \
+ -name "grubenv"`;
+ do
+ gpg --batch --detach-sign --passphrase-fd 0 $i < \
+ /dev/shm/passphrase.txt
+ done
+ shred /dev/shm/passphrase.txt
+
+ See also: *note check_signatures::, *note verify_detached::, *note
+trust::, *note list_trusted::, *note distrust::, *note load_env::, *note
+save_env::.
+
+ Note that internally signature enforcement is controlled by setting
+the environment variable 'check_signatures' equal to 'enforce'. Passing
+one or more '--pubkey' options to 'grub-mkimage' implicitly defines
+'check_signatures' equal to 'enforce' in 'core.img' prior to processing
+any configuration files.
+
+ Note that signature checking does *not* prevent an attacker with
+(serial, physical, ...) console access from dropping manually to the
+GRUB console and executing:
+
+ set check_signatures=no
+
+ To prevent this, password-protection (*note Authentication and
+authorisation::) is essential. Note that even with GRUB password
+protection, GRUB itself cannot prevent someone with physical access to
+the machine from altering that machine's firmware (e.g., Coreboot or
+BIOS) configuration to cause the machine to boot from a different
+(attacker-controlled) device. GRUB is at best only one link in a secure
+boot chain.
+
+18.3 UEFI secure boot and shim support
+======================================
+
+The GRUB, except the 'chainloader' command, works with the UEFI secure
+boot and the shim. This functionality is provided by the shim_lock
+module. It is recommend to build in this and other required modules
+into the 'core.img'. All modules not stored in the 'core.img' and the
+ACPI tables for the 'acpi' command have to be signed, e.g. using PGP.
+Additionally, the 'iorw', the 'memrw' and the 'wrmsr' commands are
+prohibited if the UEFI secure boot is enabled. This is done due to
+security reasons. All above mentioned requirements are enforced by the
+shim_lock module. And itself it is a persistent module which means that
+it cannot be unloaded if it was loaded into the memory.
+
+18.4 Measuring boot components
+==============================
+
+If the tpm module is loaded and the platform has a Trusted Platform
+Module installed, GRUB will log each command executed and each file
+loaded into the TPM event log and extend the PCR values in the TPM
+correspondingly. All events will be logged into the PCR described below
+with a type of EV_IPL and an event description as described below.
+
+Event type PCR Description
+---------------------------------------------------------------------------
+Command 8 All executed commands (including those
+ from configuration files) will be logged
+ and measured as entered with a prefix of
+ "grub_cmd: "
+Kernel command line 8 Any command line passed to a kernel will
+ be logged and measured as entered with a
+ prefix of "kernel_cmdline: "
+Module command line 8 Any command line passed to a kernel
+ module will be logged and measured as
+ entered with a prefix of "module_cmdline:
+ "
+Files 9 Any file read by GRUB will be logged and
+ measured with a descriptive text
+ corresponding to the filename.
+
+ GRUB will not measure its own 'core.img' - it is expected that
+firmware will carry this out. GRUB will also not perform any
+measurements until the tpm module is loaded. As such it is recommended
+that the tpm module be built into 'core.img' in order to avoid a
+potential gap in measurement between 'core.img' being loaded and the tpm
+module being loaded.
+
+ Measured boot is currently only supported on EFI platforms.
+
diff --git a/boot/grub/persistent/docs/19_platform_limitations b/boot/grub/persistent/docs/19_platform_limitations
new file mode 100644
index 0000000..122a96c
--- /dev/null
+++ b/boot/grub/persistent/docs/19_platform_limitations
@@ -0,0 +1,148 @@
+19 Platform limitations
+***********************
+
+GRUB2 is designed to be portable and is actually ported across
+platforms. We try to keep all platforms at the level. Unfortunately
+some platforms are better supported than others. This is detailed in
+current and 2 following sections.
+
+ ARC platform is unable to change datetime (firmware doesn't seem to
+provide a function for it). EMU has similar limitation.
+
+ On EMU platform no serial port is available.
+
+ Console charset refers only to firmware-assisted console. gfxterm is
+always Unicode (see Internationalisation section for its limitations).
+Serial is configurable to UTF-8 or ASCII (see Internationalisation). In
+case of qemu and coreboot ports the refered console is vga_text.
+Loongson always uses gfxterm.
+
+ Most limited one is ASCII. CP437 provides additionally
+pseudographics. GRUB2 doesn't use any language characters from CP437 as
+often CP437 is replaced by national encoding compatible only in
+pseudographics. Unicode is the most versatile charset which supports
+many languages. However the actual console may be much more limited
+depending on firmware
+
+ On BIOS network is supported only if the image is loaded through
+network. On sparc64 GRUB is unable to determine which server it was
+booted from.
+
+ Direct ATA/AHCI support allows to circumvent various firmware
+limitations but isn't needed for normal operation except on baremetal
+ports.
+
+ AT keyboard support allows keyboard layout remapping and support for
+keys not available through firmware. It isn't needed for normal
+operation except baremetal ports.
+
+ Speaker allows morse and spkmodem communication.
+
+ USB support provides benefits similar to ATA (for USB disks) or AT
+(for USB keyboards). In addition it allows USBserial.
+
+ Chainloading refers to the ability to load another bootloader through
+the same protocol
+
+ Hints allow faster disk discovery by already knowing in advance which
+is the disk in question. On some platforms hints are correct unless you
+move the disk between boots. On other platforms it's just an educated
+guess. Note that hint failure results in just reduced performance, not
+a failure
+
+ BadRAM is the ability to mark some of the RAM as "bad". Note: due to
+protocol limitations mips-loongson (with Linux protocol) and
+mips-qemu_mips can use only memory up to first hole.
+
+ Bootlocation is ability of GRUB to automatically detect where it
+boots from. "disk" means the detection is limited to detecting the disk
+with partition being discovered on install time. "partition" means that
+disk and partiton can be automatically discovered. "file" means that
+boot image file name as well as disk and partition can be discovered.
+For consistency default install ignores partition and relies solely on
+disk detection. If no bootlocation discovery is available or boot and
+grub-root disks are different, UUID is used instead. On ARC if no
+device to install to is specified, UUID is used instead as well.
+
+ BIOS Coreboot Multiboot Qemu
+video yes yes yes yes
+console CP437 CP437 CP437 CP437
+charset
+network yes (*) no no no
+ATA/AHCI yes yes yes yes
+AT keyboard yes yes yes yes
+Speaker yes yes yes yes
+USB yes yes yes yes
+chainloader local yes yes no
+cpuid partial partial partial partial
+rdmsr partial partial partial partial
+wrmsr partial partial partial partial
+hints guess guess guess guess
+PCI yes yes yes yes
+badram yes yes yes yes
+compression always pointless no no
+exit yes no no no
+bootlocation disk no no no
+
+ ia32 EFI amd64 EFI ia32 Itanium
+ IEEE1275
+video yes yes no no
+console Unicode Unicode ASCII Unicode
+charset
+network yes yes yes yes
+ATA/AHCI yes yes yes no
+AT keyboard yes yes yes no
+Speaker yes yes yes no
+USB yes yes yes no
+chainloader local local no local
+cpuid partial partial partial no
+rdmsr partial partial partial no
+wrmsr partial partial partial no
+hints guess guess good guess
+PCI yes yes yes no
+badram yes yes no yes
+compression no no no no
+exit yes yes yes yes
+bootlocation file file file, file
+ ignored
+
+ Loongson sparc64 Powerpc ARC
+video yes no yes no
+console N/A ASCII ASCII ASCII
+charset
+network no yes (*) yes no
+ATA/AHCI yes no no no
+AT keyboard yes no no no
+Speaker no no no no
+USB yes no no no
+chainloader yes no no no
+cpuid no no no no
+rdmsr no no no no
+wrmsr no no no no
+hints good good good no
+PCI yes no no no
+badram yes (*) no no no
+compression configurable no no configurable
+exit no yes yes yes
+bootlocation no partition file file (*)
+
+ MIPS qemu emu xen
+video no yes no
+console CP437 Unicode (*) ASCII
+charset
+network no yes no
+ATA/AHCI yes no no
+AT keyboard yes no no
+Speaker no no no
+USB N/A yes no
+chainloader yes no yes
+cpuid no no yes
+rdmsr no no yes
+wrmsr no no yes
+hints guess no no
+PCI no no no
+badram yes (*) no no
+compression configurable no no
+exit no yes no
+bootlocation no file no
+
diff --git a/boot/grub/persistent/docs/20_outline b/boot/grub/persistent/docs/20_outline
new file mode 100644
index 0000000..b360613
--- /dev/null
+++ b/boot/grub/persistent/docs/20_outline
@@ -0,0 +1,33 @@
+20 Outline
+**********
+
+Some platforms have features which allows to implement some commands
+useless or not implementable on others.
+
+ Quick summary:
+
+ Information retrieval:
+
+ * mipsel-loongson: lsspd
+ * mips-arc: lsdev
+ * efi: lsefisystab, lssal, lsefimmap, lsefi
+ * i386-pc: lsapm
+ * i386-coreboot: lscoreboot, coreboot_boottime, cbmemc
+ * acpi-enabled (i386-pc, i386-coreboot, i386-multiboot, *-efi):
+ lsacpi
+
+ Workarounds for platform-specific issues:
+ * i386-efi/x86_64-efi: loadbios, fakebios, fix_video
+ * acpi-enabled (i386-pc, i386-coreboot, i386-multiboot, *-efi): acpi
+ (override ACPI tables)
+ * i386-pc: drivemap
+ * i386-pc: sendkey
+
+ Advanced operations for power users:
+ * x86: iorw (direct access to I/O ports)
+
+ Miscelaneous:
+ * cmos (x86-*, ieee1275, mips-qemu_mips, mips-loongson): cmostest
+ (used on some laptops to check for special power-on key), cmosclean
+ * i386-pc: play
+
diff --git a/boot/grub/persistent/docs/21_supported_boot_targets b/boot/grub/persistent/docs/21_supported_boot_targets
new file mode 100644
index 0000000..7e461fa
--- /dev/null
+++ b/boot/grub/persistent/docs/21_supported_boot_targets
@@ -0,0 +1,152 @@
+21 Supported boot targets
+*************************
+
+X86 support is summarised in the following table. "Yes" means that the
+kernel works on the given platform, "crashes" means an early kernel
+crash which we hope will be fixed by concerned kernel developers. "no"
+means GRUB doesn't load the given kernel on a given platform.
+"headless" means that the kernel works but lacks console drivers (you
+can still use serial or network console). In case of "no" and "crashes"
+the reason is given in footnote.
+ BIOS Coreboot
+BIOS chainloading yes no (1)
+NTLDR yes no (1)
+Plan9 yes no (1)
+Freedos yes no (1)
+FreeBSD bootloader yes crashes (1)
+32-bit kFreeBSD yes crashes (5)
+64-bit kFreeBSD yes crashes (5)
+32-bit kNetBSD yes crashes (1)
+64-bit kNetBSD yes crashes
+32-bit kOpenBSD yes yes
+64-bit kOpenBSD yes yes
+Multiboot yes yes
+Multiboot2 yes yes
+32-bit Linux (legacy protocol) yes no (1)
+64-bit Linux (legacy protocol) yes no (1)
+32-bit Linux (modern protocol) yes yes
+64-bit Linux (modern protocol) yes yes
+32-bit XNU yes ?
+64-bit XNU yes ?
+32-bit EFI chainloader no (2) no (2)
+64-bit EFI chainloader no (2) no (2)
+Appleloader no (2) no (2)
+
+ Multiboot Qemu
+BIOS chainloading no (1) no (1)
+NTLDR no (1) no (1)
+Plan9 no (1) no (1)
+FreeDOS no (1) no (1)
+FreeBSD bootloader crashes (1) crashes (1)
+32-bit kFreeBSD crashes (5) crashes (5)
+64-bit kFreeBSD crashes (5) crashes (5)
+32-bit kNetBSD crashes (1) crashes (1)
+64-bit kNetBSD yes yes
+32-bit kOpenBSD yes yes
+64-bit kOpenBSD yes yes
+Multiboot yes yes
+Multiboot2 yes yes
+32-bit Linux (legacy protocol) no (1) no (1)
+64-bit Linux (legacy protocol) no (1) no (1)
+32-bit Linux (modern protocol) yes yes
+64-bit Linux (modern protocol) yes yes
+32-bit XNU ? ?
+64-bit XNU ? ?
+32-bit EFI chainloader no (2) no (2)
+64-bit EFI chainloader no (2) no (2)
+Appleloader no (2) no (2)
+
+ ia32 EFI amd64 EFI
+BIOS chainloading no (1) no (1)
+NTLDR no (1) no (1)
+Plan9 no (1) no (1)
+FreeDOS no (1) no (1)
+FreeBSD bootloader crashes (1) crashes (1)
+32-bit kFreeBSD headless headless
+64-bit kFreeBSD headless headless
+32-bit kNetBSD crashes (1) crashes (1)
+64-bit kNetBSD yes yes
+32-bit kOpenBSD headless headless
+64-bit kOpenBSD headless headless
+Multiboot yes yes
+Multiboot2 yes yes
+32-bit Linux (legacy protocol) no (1) no (1)
+64-bit Linux (legacy protocol) no (1) no (1)
+32-bit Linux (modern protocol) yes yes
+64-bit Linux (modern protocol) yes yes
+32-bit XNU yes yes
+64-bit XNU yes (4) yes
+32-bit EFI chainloader yes no (3)
+64-bit EFI chainloader no (3) yes
+Appleloader yes yes
+
+ ia32 IEEE1275
+BIOS chainloading no (1)
+NTLDR no (1)
+Plan9 no (1)
+FreeDOS no (1)
+FreeBSD bootloader crashes (1)
+32-bit kFreeBSD crashes (5)
+64-bit kFreeBSD crashes (5)
+32-bit kNetBSD crashes (1)
+64-bit kNetBSD ?
+32-bit kOpenBSD ?
+64-bit kOpenBSD ?
+Multiboot ?
+Multiboot2 ?
+32-bit Linux (legacy protocol) no (1)
+64-bit Linux (legacy protocol) no (1)
+32-bit Linux (modern protocol) ?
+64-bit Linux (modern protocol) ?
+32-bit XNU ?
+64-bit XNU ?
+32-bit EFI chainloader no (2)
+64-bit EFI chainloader no (2)
+Appleloader no (2)
+
+ 1. Requires BIOS
+ 2. EFI only
+ 3. 32-bit and 64-bit EFI have different structures and work in
+ different CPU modes so it's not possible to chainload 32-bit
+ bootloader on 64-bit platform and vice-versa
+ 4. Some modules may need to be disabled
+ 5. Requires ACPI
+
+ PowerPC, IA64 and Sparc64 ports support only Linux. MIPS port
+supports Linux and multiboot2.
+
+21.1 Boot tests
+===============
+
+As you have seen in previous chapter the support matrix is pretty big
+and some of the configurations are only rarely used. To ensure the
+quality bootchecks are available for all x86 targets except EFI
+chainloader, Appleloader and XNU. All x86 platforms have bootcheck
+facility except ieee1275. Multiboot, multiboot2, BIOS chainloader,
+ntldr and freebsd-bootloader boot targets are tested only with a fake
+kernel images. Only Linux is tested among the payloads using Linux
+protocols.
+
+ Following variables must be defined:
+
+GRUB_PAYLOADS_DIR directory containing the required kernels
+GRUB_CBFSTOOL cbfstool from Coreboot package (for coreboot
+ platform only)
+GRUB_COREBOOT_ROM empty Coreboot ROM
+GRUB_QEMU_OPTS additional options to be supplied to QEMU
+
+ Required files are:
+
+kfreebsd_env.i386 32-bit kFreeBSD device hints
+kfreebsd.i386 32-bit FreeBSD kernel image
+kfreebsd.x86_64, same from 64-bit kFreeBSD
+kfreebsd_env.x86_64
+knetbsd.i386 32-bit NetBSD kernel image
+knetbsd.miniroot.i386 32-bit kNetBSD miniroot.kmod.
+knetbsd.x86_64, same from 64-bit kNetBSD
+knetbsd.miniroot.x86_64
+kopenbsd.i386 32-bit OpenBSD kernel bsd.rd image
+kopenbsd.x86_64 same from 64-bit kOpenBSD
+linux.i386 32-bit Linux
+linux.x86_64 64-bit Linux
+
diff --git a/boot/grub/persistent/docs/22_error_messages b/boot/grub/persistent/docs/22_error_messages
new file mode 100644
index 0000000..6c753fe
--- /dev/null
+++ b/boot/grub/persistent/docs/22_error_messages
@@ -0,0 +1,71 @@
+22 Error messages produced by GRUB
+**********************************
+
+22.1 GRUB only offers a rescue shell
+====================================
+
+GRUB's normal start-up procedure involves setting the 'prefix'
+environment variable to a value set in the core image by 'grub-install',
+setting the 'root' variable to match, loading the 'normal' module from
+the prefix, and running the 'normal' command (*note normal::). This
+command is responsible for reading '/boot/grub/grub.cfg', running the
+menu, and doing all the useful things GRUB is supposed to do.
+
+ If, instead, you only get a rescue shell, this usually means that
+GRUB failed to load the 'normal' module for some reason. It may be
+possible to work around this temporarily: for instance, if the reason
+for the failure is that 'prefix' is wrong (perhaps it refers to the
+wrong device, or perhaps the path to '/boot/grub' was not correctly made
+relative to the device), then you can correct this and enter normal mode
+manually:
+
+ # Inspect the current prefix (and other preset variables):
+ set
+ # Find out which devices are available:
+ ls
+ # Set to the correct value, which might be something like this:
+ set prefix=(hd0,1)/grub
+ set root=(hd0,1)
+ insmod normal
+ normal
+
+ However, any problem that leaves you in the rescue shell probably
+means that GRUB was not correctly installed. It may be more useful to
+try to reinstall it properly using 'grub-install DEVICE' (*note Invoking
+grub-install::). When doing this, there are a few things to remember:
+
+ * Drive ordering in your operating system may not be the same as the
+ boot drive ordering used by your firmware. Do not assume that your
+ first hard drive (e.g. '/dev/sda') is the one that your firmware
+ will boot from. 'device.map' (*note Device map::) can be used to
+ override this, but it is usually better to use UUIDs or file system
+ labels and avoid depending on drive ordering entirely.
+
+ * At least on BIOS systems, if you tell 'grub-install' to install
+ GRUB to a partition but GRUB has already been installed in the
+ master boot record, then the GRUB installation in the partition
+ will be ignored.
+
+ * If possible, it is generally best to avoid installing GRUB to a
+ partition (unless it is a special partition for the use of GRUB
+ alone, such as the BIOS Boot Partition used on GPT). Doing this
+ means that GRUB may stop being able to read its core image due to a
+ file system moving blocks around, such as while defragmenting,
+ running checks, or even during normal operation. Installing to the
+ whole disk device is normally more robust.
+
+ * Check that GRUB actually knows how to read from the device and file
+ system containing '/boot/grub'. It will not be able to read from
+ encrypted devices with unsupported encryption scheme, nor from file
+ systems for which support has not yet been added to GRUB.
+
+22.2 Firmware stalls instead of booting GRUB
+============================================
+
+The EFI implementation of some older MacBook laptops stalls when it gets
+presented a grub-mkrescue ISO image for x86_64-efi target on an USB
+stick. Affected are models of year 2010 or earlier. Workaround is to
+zeroize the bytes 446 to 461 of the EFI partition, where mformat has put
+a partition table entry which claims partition start at block 0. This
+change will not hamper bootability on other machines.
+
diff --git a/boot/grub/persistent/docs/show-docs.cfg b/boot/grub/persistent/docs/show-docs.cfg
new file mode 100644
index 0000000..babede0
--- /dev/null
+++ b/boot/grub/persistent/docs/show-docs.cfg
@@ -0,0 +1,120 @@
+menuentry "License" --class docs {
+ cat "${docs}/000_license"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Index" --class docs {
+ cat "${docs}/00_index"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Introduction" --class docs {
+ cat "${docs}/01_introduction"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Naming Convention" --class docs {
+ cat "${docs}/02_naming_convention"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "OS Specific Notes" --class docs {
+ cat "${docs}/03_os_specific_notes"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Installation" --class docs {
+ cat "${docs}/04_installation"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Booting" --class docs {
+ cat "${docs}/05_booting"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Your own Configuration File" --class docs {
+ cat "${docs}/06_your_own_configuration_file"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Themes" --class docs {
+ cat "${docs}/07_themes"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Network Booting" --class docs {
+ cat "${docs}/08_network_booting"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Serial Line" --class docs {
+ cat "${docs}/09_serial_line"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Vendor Power-on Keys" --class docs {
+ cat "${docs}/10_vendor_poweron_keys"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Grub Image Files" --class docs {
+ cat "${docs}/11_grub_image_files"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Core Image Size Limitation" --class docs {
+ cat "${docs}/12_core_image_size_limitation"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Filesystem Syntax" --class docs {
+ cat "${docs}/13_filesystem_syntax"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "User Interface" --class docs {
+ cat "${docs}/14_user_interface"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Environment Variables.txt" --class docs {
+ cat "${docs}/15_environment_variables.txt"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Available Commands.txt" --class docs {
+ cat "${docs}/16_available_commands.txt"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Internationalisation" --class docs {
+ cat "${docs}/17_internationalisation"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Security" --class docs {
+ cat "${docs}/18_security"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Platform Limitations" --class docs {
+ cat "${docs}/19_platform_limitations"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Outline" --class docs {
+ cat "${docs}/20_outline"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Supported Boot Targets" --class docs {
+ cat "${docs}/21_supported_boot_targets"
+ configfile "${docs}/show-docs.cfg"
+}
+
+menuentry "Error Messages" --class docs {
+ cat "${docs}/22_error_messages"
+ configfile "${docs}/show-docs.cfg"
+}
+
diff --git a/boot/grub/persistent/memtest86/memtest86+-5.31b.bin b/boot/grub/persistent/memtest86/memtest86+-5.31b.bin
new file mode 100644
index 0000000..5738e08
Binary files /dev/null and b/boot/grub/persistent/memtest86/memtest86+-5.31b.bin differ
diff --git a/boot/grub/persistent/netboot/netboot.xyz.efi b/boot/grub/persistent/netboot/netboot.xyz.efi
new file mode 100644
index 0000000..9cf64d6
Binary files /dev/null and b/boot/grub/persistent/netboot/netboot.xyz.efi differ
diff --git a/boot/grub/persistent/netboot/netboot.xyz.lkrn b/boot/grub/persistent/netboot/netboot.xyz.lkrn
new file mode 100644
index 0000000..7dec802
Binary files /dev/null and b/boot/grub/persistent/netboot/netboot.xyz.lkrn differ
diff --git a/boot/grub/theming.cfg b/boot/grub/theming.cfg
index bfea841..19e5b28 100644
--- a/boot/grub/theming.cfg
+++ b/boot/grub/theming.cfg
@@ -1,4 +1,8 @@
-set theme="${prefix}/themes/stylish_dark/theme.txt"
-set icondir="${prefix}/themes/icons"
-export theme icondir
+set theme_name="Cyberpunk"
+insmod jpeg
+insmod png
+
+set theme="${prefix}/themes/${theme_name}/theme.txt"
+set icondir="${prefix}/themes/${theme_name}/icons"
+export theme icondir theme_name
diff --git a/boot/isos.cfg b/boot/isos.cfg
new file mode 100644
index 0000000..d586b14
--- /dev/null
+++ b/boot/isos.cfg
@@ -0,0 +1,17 @@
+# Load ISO configuration files
+
+set isopath="/boot/isos"
+export isopath
+
+set isoconfdir="${isoconfig}.d"
+export isoconfdir
+
+if [ -d "${isoconfdir}" ]; then
+ echo "${isoconfdir} is a directory"
+ for conf in isoconfdir/*.cfg; do
+ echo "Sourcing $conf"
+ source "$conf"
+ done
+else
+ echo "Cannot read ${isoconfdir}"
+fi
diff --git a/boot/iso/.gitignore b/boot/isos.cfg.d/.gitignore
similarity index 100%
rename from boot/iso/.gitignore
rename to boot/isos.cfg.d/.gitignore
diff --git a/boot/isos/.gitignore b/boot/isos/.gitignore
new file mode 100644
index 0000000..3788e34
--- /dev/null
+++ b/boot/isos/.gitignore
@@ -0,0 +1,2 @@
+# This is merely as a keeper for this directory
+*