Michael Shriver Senior Computer Specialist - College of the Environment

Creating a GRUB Multiboot USB Drive

Using the repository at https://github.com/mpolitzer/grub-iso-multiboot, it is possible to setup a bootable USB stick that will allow selection of one of many different live distros from isos stored on the USB. Some Distributions (ie, Tails) are not set up out of the box to work booting ’loopback.’ It is possible to edit the grub configuration files on a live ISO and repack the ISO to make it work

Create mountpoints:

mkdir mnt iso

Download the Live distribution iso files and save them to a known location

Extract and repack the iso file https://www.unixmen.com/edit-iso-files-using-mkisofs-in-linux/:

mount /path/to/live.iso ~/iso
mkdir ~/temp_dir
cd ~/iso
sudo tar cf - . | (cd ~/temp_dir; tar xfp -)

You can now edit the appropriate loopback.cfg files (see below), and repack the iso:

cd ~/temp/dir
sudo mkisofs -o /path/to/live.loopback.iso -b isolinux/isolinux.bin -c isolinux/boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -J -R -V "Live Linux CD Title" .

Two distributions I have modified below are Kodachi Linux and Tails Linux:

Kodachi example /boot/grub/loopback.cfg:

if loadfont /boot/grub/font.pf2 ; then
  set gfxmode=auto
  insmod efi_gop
  insmod efi_uga
  insmod gfxterm
  terminal_output gfxterm
fi

set default="0"
set menu_color_normal=white/black
#~ set menu_color_highlight=black/light-gray
set menu_color_highlight=green/black
#warith 
set_background_image "/isolinux/splash.png"
set timeout=7

menuentry "kodachi UEFI Live" {
  set gfxpayload=keep
  linux /casper/vmlinuz noprompt boot=casper iso-scan/filename=${iso_path} quiet splash --
  initrd /casper/initrd.lz
}


menuentry "kodachi Full RAM mode" {
  set gfxpayload=keep
  linux /casper/vmlinuz noprompt boot=casper toram iso-scan/filename=${iso_path} --
  initrd /casper/initrd.lz
}

menuentry "kodachi Persistent" {
  set gfxpayload=keep
  linux /casper/vmlinuz noprompt boot=casper persistent persistence iso-scan/filename=${iso_path} --
  initrd /casper/initrd.lz
}


menuentry "kodachi Encrypted persistence" {
  set gfxpayload=keep
  linux /casper/vmlinuz noprompt boot=casper persistent=cryptsetup persistence-encryption=luks persistent persistence iso-scan/filename=${iso_path} --
  initrd /casper/initrd.lz
}

menuentry "kodachi Terminal text mode" {
  set gfxpayload=keep
  linux /casper/vmlinuz noprompt boot=casper systemd.unit=multi-user.target iso-scan/filename=${iso_path} --
  initrd /casper/initrd.lz
}

menuentry "kodachi Forensics mode" {
  set gfxpayload=keep
  linux /casper/vmlinuz noprompt boot=casper net.ifnames=0 noautomount noswap toram iso-scan/filename=${iso_path} --
  initrd /casper/initrd.lz
}


menuentry "kodachi Old NIC names" {
  set gfxpayload=keep
  linux /casper/vmlinuz noprompt boot=casper net.ifnames=0 biosdevname=0 quiet splash iso-scan/filename=${iso_path} --
  initrd /casper/initrd.lz
}


submenu 'Advanced Failsafe options...' {

menuentry "kodachi Noapic" {
  set gfxpayload=keep
  linux /casper/vmlinuz noprompt boot=casper noacpi noapic iso-scan/filename=${iso_path} --
  initrd /casper/initrd.lz
}
menuentry "kodachi Acpioff" {
  set gfxpayload=keep
  linux /casper/vmlinuz noprompt boot=casper acpi=off iso-scan/filename=${iso_path} --
  initrd /casper/initrd.lz
}

menuentry "kodachi Nomodeset" {
  set gfxpayload=keep
  linux /casper/vmlinuz noprompt boot=casper nomodeset iso-scan/filename=${iso_path} --
  initrd /casper/initrd.lz
}


menuentry "kodachi iommu-soft" {
  set gfxpayload=keep
  linux /casper/vmlinuz noprompt boot=casper iommu=soft iso-scan/filename=${iso_path} --
  initrd /casper/initrd.lz
}


menuentry "kodachi preserve casper path" {
  set gfxpayload=keep
  linux /casper/vmlinuz noprompt boot=casper live-media-path=/casper/ ignore_uuid iso-scan/filename=${iso_path} --
  initrd /casper/initrd.lz
}

menuentry "kodachi Disable nvdia/amd gpu" {
  set gfxpayload=keep
  linux /casper/vmlinuz noprompt boot=casper nouveau.modeset=0 nvidia.modeset=0 radeon.modeset=0 iso-scan/filename=${iso_path} --
  initrd /casper/initrd.lz
}

menuentry "kodachi Xforcevesa-nomodeset" {
  set gfxpayload=keep
  linux /casper/vmlinuz noprompt boot=casper nomodeset xforcevesa iso-scan/filename=${iso_path} --
  initrd /casper/initrd.lz
}

menuentry "kodachi Errors prevention" {
  set gfxpayload=keep
  linux /casper/vmlinuz noprompt boot=casper noautomount config memtest noapic noapm nodma nomce nolapic nomodeset nosmp nosplash pci=noaer vga=normal iso-scan/filename=${iso_path} --
  initrd /casper/initrd.lz
}


# Warith comment if not working
menuentry "Direct install kodachi" {
	set gfxpayload=keep
	linux	/casper/vmlinuz noprompt boot=casper only-ubiquity quiet splash iso-scan/filename=${iso_path} ---
	initrd	/casper/initrd.lz
}
menuentry "OEM install kodachi (for manufacturers)" {
	set gfxpayload=keep
	linux	/casper/vmlinuz noprompt boot=casper only-ubiquity quiet splash oem-config/enable=true iso-scan/filename=${iso_path} ---
	initrd	/casper/initrd.lz
}

menuentry "Check disc for defects" {
  set gfxpayload=keep
  linux /casper/vmlinuz boot=casper integrity-check quiet splash iso-scan/filename=${iso_path} --
  initrd /casper/initrd.lz
}


} # End advanced menu entry

Example Tails /EFI/debian/grub/loopback.cfg:

# The Debian-signed GRUB binaries have the path of this very configuration file
# (/EFI/debian/grub.cfg) hardcoded. Let's use it instead of adding layers
# of indirection.

function load_video {
  if [ x$feature_all_video_module = xy ]; then
    insmod all_video
  else
    insmod efi_gop
    insmod efi_uga
    insmod ieee1275_fb
    insmod vbe
    insmod vga
    insmod video_bochs
    insmod video_cirrus
  fi
}

set linux_gfx_mode=
export linux_gfx_mode
load_video

set grub_dir="/EFI/debian/grub"

# Load background image
insmod gfxterm
insmod png
loadfont ${grub_dir}/unicode.pf2
terminal_output gfxterm
background_image ${grub_dir}/splash.png

set timeout=4

probe --set rootuuid --fs-uuid ($root)

# Based on the output of `grub-syslinux2cfg /EFI/BOOT/syslinux.cfg`
menuentry 'Tails' --id 'live' {
	  echo "Loading the Linux kernel..."
	  linux /live/vmlinuz initrd=/live/initrd.img boot=live config nopersistence noprompt timezone=Etc/UTC splash noautologin module=Tails slab_nomerge slub_debug=FZP mce=0 vsyscall=none page_poison=1 init_on_free=1 mds=full,nosmt FSUUID=${rootuuid} findiso=${iso_path} quiet
	  echo "Loading the initramfs..."
	  initrd /live/initrd.img
	  echo "Booting..."
	  boot
}

menuentry 'Tails (Boot to RAM)' --id 'live' {
	  echo "Loading the Linux kernel..."
	  linux /live/vmlinuz initrd=/live/initrd.img boot=live config nopersistence noprompt timezone=Etc/UTC splash noautologin module=Tails slab_nomerge slub_debug=FZP mce=0 vsyscall=none page_poison=1 init_on_free=1 mds=full,nosmt FSUUID=${rootuuid} findiso=${iso_path} quiet toram
	  echo "Loading the initramfs..."
	  initrd /live/initrd.img
	  echo "Booting..."
	  boot
}

menuentry 'Tails (Troubleshooting Mode)' --id 'livefailsafe' {
	  echo "Loading the Linux kernel..."
	  linux /live/vmlinuz initrd=/live/initrd.img boot=live config nopersistence noprompt timezone=Etc/UTC splash noautologin module=Tails slab_nomerge slub_debug=FZP mce=0 vsyscall=none page_poison=1 init_on_free=1 mds=full,nosmt FSUUID=${rootuuid} noapic noapm nodma nomce nolapic nomodeset nosmp vga=normal findiso=${iso_path}
	  echo "Loading the initramfs..."
	  initrd /live/initrd.img
	  echo "Booting..."
	  boot
}

menuentry 'Tails (External Hard Disk)' --id 'livenonremovable' {
	  echo "Loading the Linux kernel..."
	  linux /live/vmlinuz initrd=/live/initrd.img boot=live config nopersistence noprompt timezone=Etc/UTC splash noautologin module=Tails slab_nomerge slub_debug=FZP mce=0 vsyscall=none page_poison=1 init_on_free=1 mds=full,nosmt FSUUID=${rootuuid} findiso=${iso_path} quiet
	  echo "Loading the initramfs..."
	  initrd /live/initrd.img
	  echo "Booting..."
	  boot
}