In order for a computer to successfully boot into device we know, a computer should pass some process which we refer as boot process. The BIOS, operating system, and harware components must all be working properly. Failure of any of these three elemens will likely result in a failed boot sequence.
The first sector of a boot device is called as sector ’0′ or the Master Boot Record (MBR) . BIOS can read only sector ‘0’, it can’t read any other sector. They are programmed to read the first 512 bytes of disk or the Master Boot Record section. It has three components: primary boot loader info in first 446 bytes, partition table in next 64 bytes, MBR validation check in last 2 bytes.
To load Operating System, a special program called boot loader written here. Boot loader even helps us to boot more than one operating systems on the machine (called chaining).
The infamous boot loaders for Linux are GRUB and LILO. GRUB (Grand Unified Boot loader) is used by default on majority of Linux distributions. GRUB is capable of booting DOS, Windows, Linux, and BSD operating system. The LILO (Linux Loader) is an old boot loader, used by several distribution.
When BIOS finished initialized the system, it will jump to Master Boot Record and loads the boot loader from there.
Boot loader does:
- Bring the kernel (and all the kernel needs to bootstrap) into memory
- Provide kernel with the information it needs to work correctly
- Switch to an environment that the kernel will like
- Transfer control to the kernel.
Boot loaders can be divided into some categorizes by the design: single stage boot loader, two stage boot loader, and mixed stage boot loader.
A single stage boot loader is a boot loader which consists of a single file that is loaded entirely by the BIOS. This image performs the steps described above to start the kernel. However, on x86 the boot loader is limited to the 512 bytes.
We can take an entire dump/backup of MBR in Linux, using dd utility:
dd if=/dev/sda of=mbr bs=512 count=1
When the above command executed, it will dump the contents of our first sector which of 512 byte to a file named mbr. The bs stands for block size. The count means to dump only the first sector. So the overall command will dump only first sector (512 bytes) of disk /dev/sda.
As discussed before, the MBR has a structure in which it has partition table. We can see the partition table information from our MBR backup file as show below:
A two stage boot loader actually consists of two boot loaders after each other. The first being small which then load the second one. The second one can then contain all the code needed for loading kernel.
Mixed boot loader is a boot loader similar to two stage boot loader. it splits the bootloader in two parts, where the first half (512 bytes) can load the rest. This can be achieved by inserting a ‘512-bytes’ break in the ASM code, making sure the rest of the loader is put after the bootsector.
In Linux, after boot loader is loaded into memory it looks into /boot directory and loads the kernel image. Note here, that it is boot loader that expects all the files and kernel image needed for booting under /boot directory. This is the reason why kernel image and all boot related files are kept under /boot directory.
For GRUB, it has three stages of bootloading:
- GRUB stage 1
- GRUB stage 1.5
- GRUB stage 2
The hard disk sectors are counted from 0 to the last sector. The first sector contains the GRUB stage 1. Normally partitions will not start before sector 63 hence we have sectors from 1 to 63 free. This space is used for storing GRUB stage 1.5. The free space between MBR and the beginning of the partition is called as MBR GAP. This space contains the drivers for reading file system. So the GRUB stage 1 will load grub stage 1.5 to the RAM and will pas the control to it.
Now grub stage 1.5 will load the file system drivers and once the file system drivers are loaded, it can now access /boot/grub/grub.conf file which contains other details about kernel path and initrd path etc.
Once boot loader loads kernel image to memory , the control is passed to kernel image .linux