logo

OS Booting Process

TL;DR: Booting Process

A simplified and modern version:

  • CPU is powered up and loads UEFI firmware from ROM.
  • CPU runs UEFI to test and initialize hardware (e.g. RAM and disk).
  • UEFI looks for a bootable device (your hard disk, or a USB drive).
  • UEFI hands off to OS's boot loader (e.g. GRUB); boot loader boots the actual OS.
  • On Linux, GRUB loads Linux kernel (kernel image: /boot/vmlinuz); the kernel starts the init system (e.g. systemd)
  • The init system starts services and other user processes. User will see the login prompt.

UEFI supports different boot devices e.g. over network.

BMC can control the boot order of devices

     --  (CD)  -->ISOlinux--
     |                     |
UEFI--- (Disk) --> GRUB  ----> Kernel -> init ramdisk
     |                     |
     --(Network)-> iPXE  ---

Firmware

Firmware is a specific class of computer software that provides the low-level control for a device's specific hardware.

As its name suggests, it is in between software and hardware.

For less complex devices, firmware may act as the device's complete operating system, performing all control, monitoring and data manipulation functions.

Firmware Interface: UEFI vs BIOS

Unified Extensible Firmware Interface (UEFI):

  • a software interface between an operating system and platform firmware. (OS <-> UEFI <-> Firmware <-> Hardware)
  • a publicly available specification.
  • Replaces Basic Input/Output System (BIOS).

UEFI is used in both Windows (default as of Windows 11) and Unix-like operating systems (The mount point for the EFI system partition is usually /boot/efi, where its content is accessible after the OS is booted.)

UEFI specification also contains "secure boot", which basically wants the UEFI code to be digitally signed and hasn’t been tampered with.

The UEFI (not legacy boot via CSM) does not rely on boot sectors, UEFI system loads the boot loader directly.

Boot process: UEFI -> GPT -> Kernel -> OS.

Disk: Sector vs Boot Sector

  • sector: a subdivision of a track on a magnetic disk or optical disc. Each sector stores a fixed amount of user-accessible data, traditionally 512 bytes for hard disk drives (HDDs). Newer HDDs use 4096-byte (4 KiB) sectors, which are known as the Advanced Format (AF).
    • the minimum storage unit of a hard drive.
    • each physical sector is made up of two basic parts: the sector header area (typically called "ID") and the data area.
  • boot sector: the sector of a persistent data storage device (e.g. hard disk, floppy disk, optical disc, etc.) which contains machine code to be loaded into RAM and then executed by a computer system's built-in firmware (e.g.s the BIOS).
    • Usually, the very first sector of the hard disk is the boot sector, regardless of sector size (512 or 4096 bytes) and partitioning flavor (MBR or GPT).
  • master boot record (MBR): a special type of boot sector at the very beginning of partitioned computer mass storage devices, contains code that loads the rest of the operating system, known as a "bootloader".

Bootloader

bootloader: a small bit of code that generally loads the larger boot loader from another partition on a drive.

  • Windows: Windows boot loader (Bootmgr.exe).
  • Linux: GRUB boot loader.
  • macOS: boot.efi (/System/Library/CoreServices/boot.efi).
  • FreeBSD: boot0.

GNU GRUB (GRand Unified Bootloader) is a boot loader package from the GNU Project.

When GRUB is installed on a hard disk, boot.img is written into the boot sector of that hard disk. boot.img has a size of only 446 bytes.

PXE

Preboot eXecution Environment (PXE): a network booting process using a DHCP server or a TFTP server.

PXE = a client with PXE-capable network interface controller (NIC) + DHCP/TFTP Server

  • you can simultaneously boot multiple machines in your Local Area Network (LAN) using a DHCP server.
  • UEFI executes code on the NIC to load more code over network.
  • iPXE is an open-source implementation of the Preboot eXecution Environment (PXE) client software and bootloader. https://ipxe.org/

Partition: MBR vs GPT

You have to partition Hard disks, USB drives, SD cards before you can use them.

Partition styles: MBR is being replaced by GPT

  • MBR (Master Boot Record): a special boot sector located at the beginning of a drive. This sector contains a boot loader.
    • only works with disks up to 2 TB
    • only supports up to four primary partitions. if you want more, you have to make one of your primary partitions an “extended partition” and create logical partitions inside it.
    • the partitioning and boot data is stored in one place. If this data is overwritten or corrupted, you’re in trouble.
    • no way of knowing if its data was corrupted
  • GPT (GUID Partition Table): replacing MBR
    • associated with UEFI.
    • every partition on your drive has a "globally unique identifier" (GUID) — a random string so long that every GPT partition on earth likely has its own unique identifier.
    • doesn't suffer from MBR's limits, size limits dependent on the operating system and its file systems, allows for a nearly unlimited number of partitions. Windows allows up to 128 partitions on a GPT drive
    • stores multiple copies of partitioning and boot data across the disk, so it’s much more robust and can recover if the data is corrupted.
    • stores cyclic redundancy check (CRC) values to check that its data is intact. If the data is corrupted, GPT can notice the problem and attempt to recover the damaged data from another location on the disk.
    • tend to include a “protective MBR.” to protect the GPT data from being overwritten.

A partition structure defines how information is structured on the partition, where partitions begin and end, and also the code that is used during startup if a partition is bootable.

Each partition is formatted with a file system.