How to fix grub i broke on fedora workstation?

when i turn on the pc the list of kernels is no longer in the correct order so i have to click down to the correct kernel before booting

here is what i had done, i think the last command was unnecessary and thats what i did wrong?:

sudo grubby --update-kernel=ALL --args=“CONFIG_AMD_MEM_ENCRYPT_ACTIVE_BY_DEFAULT=y”

sudo grubby --update-kernel=ALL --args=“mem_encrypt=on”

sudo grub2-mkconfig -o /boot/efi/EFI/fedora/grub.cfg

i was trying to activate SME on my ryzen 7 pro 4750g i ended up just using tsme becuse im not sure if my motherboard supports it, my board is aus tuf gaming x570 if anyone has any tips

but for now im just trying to fix grub so it knows what kernel to use, by the way how can i learn more about configuring and editing grub on fedora, all guides ive found are from other distros

i would like to harden my grub so that there is no recovery option or E or C key options available at boot, and maybe set custom names for boot options if i have dual boot setup

so i guess what im asking is what is the correct commands to apply a kernel parameter and what is the correct commands and file/path to edit when updating/configuring grub

and how do i fix this current grub problem, i really appreciate the help from this community, thank you very much

Hello @forestsounds89 ,
The fedora documentation on Grub2 can be found at Working with the GRUB 2 Boot Loader :: Fedora Docs

1 Like

thanks ill read it and see if i can figure it out

So further in the reading there you will come across using the grubby tool follow that link where you will see this grubby command in use to set the default kernel, which is what I think you are after …

~]# grubby --default-kernel /boot/vmlinuz-4.2.0-1.fc23.x86_64 

The prompt is a root prompt so you will need to add sudo like this sudo grubby --default-kernel /<path-to-default-kernel> which can be found in /boot/efi (likely there)

thank you i will read and use this to set the right kernel, im wondering if this will also update to the new kernel next time it is updated

ive received a few kernel updates since i broke my grub and the list keeps getting longer so i think its no longer doing maintenance on the list of kernels nor is it selecting the most up to date kernel

That command breaks fedora booting in the default manner and prevents future updates from being seen. The file you altered should be only a pointer file that redirects grub to the actual grub.cfg file located at /boot/grub2/grub.cfg.

This change was made back at about the time of release of Fedora 34.

One may fix this error by doing the following.

  1. remove the file that was overwritten and the one to be updated with
    sudo rm /boot/grub2/grub.cfg /boot/efi/EFI/fedora/grub.cfg
  2. recreate both those files as they should be with
    sudo dnf reinstall grub2-common grub2-efi\*

Once that is completed the boot time grub config should be restored to normal and updates should be seen as expected.

If this is not restored to the default config then only the designated kernel will ever boot by default and the system must be updated manually with grub2-mkconfig with every kernel update in order to remain current.

thanks that fixxed my grub, for some reason all the different file paths and files used for grub are confusing me, i have a few projects im working on that require me to edit grub, what is the correct way todo that? what files should i edit and what ones should i not touch?

for example i want to password protect all other grub options besides default kernel

i found guides for this but they are all outdated or different distro, thanks again for the help

Please be specific on what you may be attempting to do and the end goal. “a few projects” is a rather vague term.

Your solution may be as simple as using LUKS to encrypt the disk so everything is protected – or it may not: but without knowing the goal and what is expected at the end we cannot make informed suggestions.

first time i edited grub was to try and enable SME that was when i broke my grub

right now i want to password protect all other grub options besides default kernel, if any other grub options are selected i want it to require password

i also want to setup a luks keyslot to use a usb drive keyfile at boot to unlock the full disk encryption

most of guides i found were other distros or outdated

this is the guide im reading now but its also outdated
https://chrisirwin.ca/posts/fedora-encrypted-root-with-key/

also what about dual booting two types of linux from two ssd’s or two fedora installs on two separate ssd’s, will i have to edit grub for that, or manually choose ssd from bios?