The Linux boot process have different stages, here i will try to explain all of them in detail mapping all memory addresses used by each stage. Starting with POST tests definitions and explaining the BIOS instructions and configurations.
After our hardware is validated by the POST testes and the BIOS configured i will explain how the stage 1 bootloader works and how it passes control for the stage 2 bootloader in order to load the kernel and initramfs into memory and start the Operating System initialization process.
Table of Contents
Linux Boot Process
Power On the PC
After a user click the PC on power button a RESET instruction is sent to CPU and peripheral start initializing, after that the computer starts the Power Self-Test (POST) in order to check if the hardware is functional.
POST Tests
When the computer power up it reads the machine-code stored at BIOS chip and starts making some tests in order to verify if all hardware is working properly.
What tests are made at POST?
- Chipsets communication
- Video card Tests
- Memory RAM tests
- Verify if a boot device exists
- DRAM parameters
- UPnP Devices
In case there are some hardware problem the motherboard start emitting bips indicating what device can be corrupted. These bips can be different with different BIOS vendors.
If all hardware is working all our internal BUSes can communicate and is time to verify our basic IO devices like monitor and keyboard to be possible interact with the computer.
Assuming everything is OK we can see the POST tests on our screen, these tests can be configured at BIOS settings if our keyboard is detected we can press the key F2 to access BIOS menu.
BIOS – Basic Input Output System
BIOS is the soul of a computer it is responsible to verify the status of all peripherals, the BIOS code is pure machine code and is located at a dedicated ROM chip.
Remember the BIOS chip is a non-volatile chip.
The BIOS configurations are stored on the CMOS chip, this chip is powered by a battery to maintain BIOS settings adjusted by users.
Remember the CMOS chip is a volatile chip.
What settings can be configured at BIOS?
- Computer Time settings
- Low level Disks configuration
- Device boot order
- FANs Voltage
- Monitor Devices Temperature
- BIOS Security
Now the BIOS will detect what device as a bootloader to start the Operating System it can be defined manually at BIOS.
BIOS Instructions to manage disks
- INT 0x13, AH = 0 — reset floppy/hard disk
- INT 0x13, AH = 2 — read floppy/hard disk in CHS mode
- INT 0x13, AH = 3 — write floppy/hard disk in CHS mode
- INT 0x13, AH = 0x15 — detect second disk
- INT 0x13, AH = 0x41 — test existence of INT 13 extensions
- INT 0x13, AH = 0x42 — read hard disk in LBA mode
- INT 0x13, AH = 0x43 — write hard disk in LBA mode
The stage 1 bootloader can be found on HDE or SATA disks, USB or network devices (PXE) located at the disk boot sector. The BIOS will execute the instruction INT 0x13 (mass storage access) and read the disk boot sector from the selected boot device.
After the BIOS detect the stage 1 bootloader it is loaded into memory address 0x7c00 and start reading our filesystem type and partitions structure.
What is the boot sector?
The boot sector is the standard location of our stage 1 bootloader (MBR) is located, which is at the first cylinder (0), first head (0) and sector 1.
Read about how a magnet disk works here!
talk about firmware disk and LBA/CHS
Stage 1 Bootloader MBR
MBR or Master Boot Record can load an Operating System directly or load the stage 2 bootloader (GRUB), the MBR have 512 bytes and allocates its own code to the first 446 bytes.
Next 64 bytes are for partition table and the remains 2 bytes are the magic number or boot signature used for error management.
What Information about partitions MBR have?
- File System Type
- Partitions Size
- If the Partition is bootable
- Partition Start and Partition End (old CHS Notation)
- Offset
At this point our machine test all hardware for failures, detect the first Input disk from the list with a bootloader and loads the MBR and partitions information into memory.
Now is time to load the stage 2 bootloader GRUB2 into memory and select which kernel and initramfs we want to load.
How to extract MBR for Analysis in Linux?
dd if=/dev/sda of=mbr_for_analysis.mbr bs=466 count=1
Stage 2 Bootloader GRUB2
Now we have our stage 2 bootloader loaded into memory the GRUB, the main function of GRUB is to give us flexibility when we want to load our Operating System. GRUB is responsible to manage what operating system we can boot it is possible to have multi operating systems installed on one disk.
GRUB give us the GRUB Menu we can select what operating system load with specific kernel boot parameters to control how the operating system initializes.
GRUB2 Location
GRUB2 is located at boot partition /boot and its configurations are at /boot/grub/grug.cfg this folder should not be edited manually. GRUB2 has the tools necessary to edit the grub configurations and another tool to update the grub settings.
GRUB2 Configuration Files
GRUB2 MENU
GRUB2 is responsible to load the Kernel and the Initramfs into memory.
Kernel is Load into Memory
What is Initramfs?
Init RAM filesystem is the first filesystem loaded into memory it helps the kernel mount the local filesystem contains the necessary drivers for the kernel to interact with the Hardware and it helps the Kernel to mount the root filesystem
MBR
Free Tutorial Libreswan IPSec Host-To-Host with RSA Keys 2020
