Booting a System

Posted on | Edited on | In | Comments:

Legacy BIOS

  • 传统的bios假设boot device start with a record called MBR,MBR512个字节,包含first-stage boot loader(也叫boot block)和一个分区表
  • 无论是BIOS还是第一阶段的boot loader都没有足够的能力去读取标准的文件系统,所以第二阶段的boot loader的位置必须足够容易获取。在大多数场景下,boot block从MBR读取分区表,识别出那些marked as “active”的硬盘分区,然后其从这些分区的开头读取并运行第二阶段boot loader,这个方案被叫做”volume boot record”
  • 第二阶段的boot loader还可以处于MBR和第一个磁盘分区之间的”dead zone”。由于历史原因,第一个磁盘分区从第64个disk block开始(MBR所在的那个是第0个block),所以这个区域包含有32KB的空间,这个空间足够包含一个文件系统驱动。这个方案通常被GRUB使用
  • MBR boot block是OS-agnostic的,但是因为第二阶段的boot loader有多个版本可以安装,所以第二阶段的boot loader通常是了解操作系统和文件系统的,并且是可配置的

MBR

  • MBR disks support only four partition table entries. For more than four partitions, a secondary structure known as an extended partition is necessary. Extended partitions can then be subdivided into one or more logical disks.

EFI

  • Intel’s extensible firmware interface (EFI)
  • EFI演变成UEFI(unified EFI),被多家制造商支持,不过EFI仍然是更常使用的术语。EFI和UEFI基本上可以互换使用

GPT

  • The EFI partitioning scheme, known as a “GUID partition table” or GPT

    A partition is a contiguous space of storage on a physical or logical disk that functions as if it were a physically separate disk. Partitions are visible to the system firmware and the installed operating systems. Access to a partition is controlled by the system firmware before the system boots the operating system, and then by the operating system after it is started.

  • 只有一种分区类型(没有诸如逻辑分区),可以任意多的分区数目,有16-byte的GUID

    The specification allows an almost unlimited number of partitions. However, the Windows implementation restricts this to 128 partitions. The number of partitions is limited by the amount of space reserved for partition entries in the GPT.

    The 16-byte partition type GUID, which is similar to a System ID in the partition table of an MBR disk, identifies the type of data that the partition contains and identifies how the partition is used, for example, whether it is a basic disk or a dynamic disk. Note that each GUID partition entry has a backup copy.

  • Windows and GPT FAQ

    Can a disk be both GPT and MBR?

    No. However, all GPT disks contain a Protective MBR.

    What is a Protective MBR?

    The Protective MBR, beginning in sector 0, precedes the GPT partition table on the disk. The MBR contains one type 0xEE partition that spans the disk.

    Why does the GPT have a Protective MBR?

    The Protective MBR protects GPT disks from previously released MBR disk tools such as Microsoft MS-DOS FDISK or Microsoft Windows NT Disk Administrator. These tools are not aware of GPT and don’t know how to properly access a GPT disk. Legacy software that does not know about GPT interprets only the Protected MBR when it accesses a GPT disk. These tools will view a GPT disk as having a single encompassing (possibly unrecognized) partition by interpreting the Protected MBR, rather than mistaking the disk for one that is unpartitioned.

    Why would a GPT-partitioned disk appear to have an MBR on it?

    This occurrs when you use an MBR-only-aware disk tool to access the GPT disk.

  • 如果没有保护性的MBR,一些MBR-only的工具可能会认为该磁盘没有格式化所以去格式化该磁盘

  • 不要使用不支持GPT的分区工具,这些工具会认为自己理解了磁盘布局,其实并没有。这是很危险的。

ESP

  • The EFI system partition (also called ESP or EFISYS) is an OS independent partition that acts as the storage place for the EFI bootloaders, applications and drivers to be launched by the UEFI firmware. It is mandatory for UEFI boot.

    The UEFI specification mandates support for the FAT12, FAT16, and FAT32 filesystems (see UEFI specification version 2.7, section 13.3.1.1), but any conformant vendor can optionally add support for additional filesystems; for example, Apple Macs support (and by default use) their own HFS+ filesystem drivers.

  • 因为这只是一个普通的FAT分区,所以可以被操作系统挂载、读写。

  • At boot time, the firmware consults the GPT partition table to identify the ESP. It then reads the configured target application directly from a file in the ESP and executes it.

BOOT

  • 没有boot block(除了Protective MBR)

  • 在UEFI 系统,并不需要boot loader,UEFI boot target 可以是UNIX/Linux kernel,这些kernel可以被配置为direct UEFI loading。不过,实践中,为了兼容legacy BIOSes,所以还是使用了boot loader

  • 在modern intel system,UEFI默认从/efi/boot/boot64.efi加载。这个路径可以作为一个参数配置

  • UEFI定义了很多访问系统硬件的API,在这个意义上,其已经是一个小型操作系统了,甚至有UEFI-level add-on device drivers(使用处理器无关的语言编写,存储在ESP)。操作系统可以使用这些API访问硬件,也可以直接控制硬件。

  • 因为UEFI有formal API,所以可以在运行的操作系统修改UEFI 变量

  • firmware可以被mounted read/write(从可以修改UEFI变量就可以知道确实可读写)

  • 在那些默认允许写的系统(typically, those with systemd),rm -rf / 可以永久的摧毁system at fireware level。并且,除了移除文件,rm还移除variables and other UEFI information accessible through /sys