Many of us are using Linux, but how many have ever wondered what exactly happens when a system is powered on, how Linux kernel is loaded, how a login screen prompts? Let's have a deep walk though Linux booting process. After reading this, one would have understanding not only on Linux booting process, but also on BIOS, UEFI firmware, MBR & GPT partitions, bootloaders like GRUB, Linux kernel etc. Let's get started . . . .
In order to boot Linux, a Linux capable bootloader such as syslinux or GRUB is needed. They need to be installed in Master Boot Record (MBR) or in GUID Partition Table (GPT). Boot loader loads the kernel and initial ramdisk before actual boot process is initialized. This process is different for different firmwares such as BIOS and UEFI.
When the power is on, Power On Self Test (POST) begins which ensures hardwares are ready. After it, BIOS or UEFI firmware is loaded which initializes required hardwares for booting.
WHAT IS BIOS?
BIOS (Basic Input Output System) is a firmware which normally resides in a independent flash storage or ROM in the motherboard. After POST operation, POST code gets flushed from RAM but BIOS runtime remains and searches for devices (CD-ROM, USB, partitions on HDD or even devices on the network), which are both active and bootable in the order defined in CMOS settings. It understands partition table only. So it loads stage-1 bootloader i.e. MBR, a 512 byte sector located in the first sector on the disk (sector 1 of cylinder 0, head 0), whose job is to load stage-2 bootloader such as GRUB, Linux Loader (LILO), syslinux etc. Then MBR takes control from BIOS and loads next disk sector which looks for actual bootloader in the partition, which then loads the OS.
WHAT IS UEFI?
Unlike BIOS, which supports MBR boot code, UEFI is not limited to 446 byte code limitation as it recognizes both partition table and the filesystems. UEFI firmware supports both MBR and GPT though it does not use MBR whether it exists or not, instead it uses EFI partition to determine which UEFI application to be executed, from which disk and partition. If EFISTUB is enabled by default, the application could be the kernel itself else it could be other shell scripts or boot manager or even the boot entry could be a disk.
Vendor can store its files under EFI_FILE_SYSTEM/EFI/VENDOR_NAME/ folder and the boot programs can be launched using UEFI shell.
In my case EFI_FILE_SYSTEM = /boot/efi and VENDOR_NAME = ubuntu.
So I can find my boot programs in /boot/efi/EFI/ubuntu/ folder. Normally EFI file system is formatted as FAT32. In my case EFI file system is installed in /dev/sda1. So I can check informations by typing [fdisk -l /dev/sda1], which would result:
root@ubuntu:# fdisk -l /dev/sda1
Disk /dev/sda1: 513 MiB, 537919488 bytes, 1050624 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
UEFI also verifies authenticity of EFI binary if secure boot is enabled.
After bootloader is loaded, based on configuration it loads the kernel with required kernel parameters and optional initial RAM disk (initramfs/initrd), a temporary root file system. Bootloader passes control to the kernel, which then gets decompressed and initialized. If initramfs is used, it gets unpacked, which becomes the initial root filesystem. The kernel then executes /init or main.c program which is the main function for the Linux kernel, as the first user-space process. So init always gets process id as One. Then high level system initialization starts.
After kernel is booted, the real root is mounted which replaces the initial temporary root filesystem. /sbin/init gets executed replacing /init process. Few Linux distros use systemd as default init. 'init' calls getty once for each virtual terminal. It initializes each TTY which would ask for username and password. Once credentials are entered, they are checked against passwd and shadow file by getty. passwd and shadow files can be found under /etc/ directory. Then it calls login, which initiates session for the user and provides a shell (which ever is configured in passwd file for the user).
If graphical user interface is desired then display manager can be configured to avoid getting login prompt on tty. The login program sets up environment variables and begins a session for the user. Once shell is started it would run bashrc for that user else if start-X is configured at login then startx or xinit would be called.
This is how we get our workspace after turning the system on.
It seems a hell lot of processes are executed, but these happens incredibly fast, that login screen prompts with in few seconds. Hopefully I have not missed any intermediate processes. If you find any, feel free to add in comment section, I will update my post accordingly.
Thanks
Ayush
In order to boot Linux, a Linux capable bootloader such as syslinux or GRUB is needed. They need to be installed in Master Boot Record (MBR) or in GUID Partition Table (GPT). Boot loader loads the kernel and initial ramdisk before actual boot process is initialized. This process is different for different firmwares such as BIOS and UEFI.
When the power is on, Power On Self Test (POST) begins which ensures hardwares are ready. After it, BIOS or UEFI firmware is loaded which initializes required hardwares for booting.
WHAT IS BIOS?
BIOS (Basic Input Output System) is a firmware which normally resides in a independent flash storage or ROM in the motherboard. After POST operation, POST code gets flushed from RAM but BIOS runtime remains and searches for devices (CD-ROM, USB, partitions on HDD or even devices on the network), which are both active and bootable in the order defined in CMOS settings. It understands partition table only. So it loads stage-1 bootloader i.e. MBR, a 512 byte sector located in the first sector on the disk (sector 1 of cylinder 0, head 0), whose job is to load stage-2 bootloader such as GRUB, Linux Loader (LILO), syslinux etc. Then MBR takes control from BIOS and loads next disk sector which looks for actual bootloader in the partition, which then loads the OS.
WHAT IS UEFI?
Unlike BIOS, which supports MBR boot code, UEFI is not limited to 446 byte code limitation as it recognizes both partition table and the filesystems. UEFI firmware supports both MBR and GPT though it does not use MBR whether it exists or not, instead it uses EFI partition to determine which UEFI application to be executed, from which disk and partition. If EFISTUB is enabled by default, the application could be the kernel itself else it could be other shell scripts or boot manager or even the boot entry could be a disk.
Vendor can store its files under EFI_FILE_SYSTEM/EFI/VENDOR_NAME/ folder and the boot programs can be launched using UEFI shell.
In my case EFI_FILE_SYSTEM = /boot/efi and VENDOR_NAME = ubuntu.
So I can find my boot programs in /boot/efi/EFI/ubuntu/ folder. Normally EFI file system is formatted as FAT32. In my case EFI file system is installed in /dev/sda1. So I can check informations by typing [fdisk -l /dev/sda1], which would result:
root@ubuntu:# fdisk -l /dev/sda1
Disk /dev/sda1: 513 MiB, 537919488 bytes, 1050624 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 4096 bytes
I/O size (minimum/optimal): 4096 bytes / 4096 bytes
Disklabel type: dos
UEFI also verifies authenticity of EFI binary if secure boot is enabled.
After bootloader is loaded, based on configuration it loads the kernel with required kernel parameters and optional initial RAM disk (initramfs/initrd), a temporary root file system. Bootloader passes control to the kernel, which then gets decompressed and initialized. If initramfs is used, it gets unpacked, which becomes the initial root filesystem. The kernel then executes /init or main.c program which is the main function for the Linux kernel, as the first user-space process. So init always gets process id as One. Then high level system initialization starts.
After kernel is booted, the real root is mounted which replaces the initial temporary root filesystem. /sbin/init gets executed replacing /init process. Few Linux distros use systemd as default init. 'init' calls getty once for each virtual terminal. It initializes each TTY which would ask for username and password. Once credentials are entered, they are checked against passwd and shadow file by getty. passwd and shadow files can be found under /etc/ directory. Then it calls login, which initiates session for the user and provides a shell (which ever is configured in passwd file for the user).
If graphical user interface is desired then display manager can be configured to avoid getting login prompt on tty. The login program sets up environment variables and begins a session for the user. Once shell is started it would run bashrc for that user else if start-X is configured at login then startx or xinit would be called.
This is how we get our workspace after turning the system on.
It seems a hell lot of processes are executed, but these happens incredibly fast, that login screen prompts with in few seconds. Hopefully I have not missed any intermediate processes. If you find any, feel free to add in comment section, I will update my post accordingly.
Thanks
Ayush
Comments
Post a Comment