Bootloaders - an introduction
Transcription
Bootloaders - an introduction
Bootloaders - an introduction Barry Nauta December 3, 2008 2 Contents 1 Introduction 5 2 The Bootloader 7 2.1 Bootstrapping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.2 Partitions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.3 Disk addressing schemes . . . . . . . . . . . . . . . . . . . . . . . 8 2.4 Bios/Mbr . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9 2.4.1 Volume Boot Record . . . . . . . . . . . . . . . . . . . . . 11 2.5 Efi/Gpt . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 2.6 MBR, GPT - Side by Side . . . . . . . . . . . . . . . . . . . . . . 13 2.7 Bootsector virus . . . . . . . . . . . . . . . . . . . . . . . . . . . 13 3 Bootloading an operating system 15 3.1 BIOS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15 3.2 EFI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.3 Microsoft . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16 3.3.1 Windows DOS, Windows 3.x, Windows 9x 17 3.3.2 Windows NT, Windows XP, Windows 2000, Windows 2003 18 3.3.3 Windows Vista, Windows 2008 . . . . . . . . . . . . . . . 20 3.4 Grub4Dos . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.5 Macintosh . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22 3.5.1 Bootcamp . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 Linux . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23 3.6.1 24 3.6 . . . . . . . . LILO . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3 4 CONTENTS 3.7 3.6.2 GRUB . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25 3.6.3 Loading the Linux kernel . . . . . . . . . . . . . . . . . . 26 Multiboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27 4 Some experiments 29 4.1 Dualboot: Xp and then Vista . . . . . . . . . . . . . . . . . . . . 29 4.2 Dualboot: Vista and then Xp . . . . . . . . . . . . . . . . . . . . 30 4.3 Multiboot: Xp, Vista, 2008, Linux . . . . . . . . . . . . . . . . . 32 4.3.1 Step 1: partitioning . . . . . . . . . . . . . . . . . . . . . 32 4.3.2 Installing Windows Xp . . . . . . . . . . . . . . . . . . . 32 4.3.3 Installing Windows Vista . . . . . . . . . . . . . . . . . . 33 4.3.4 Installing Windows 2008 Server . . . . . . . . . . . . . . . 34 4.3.5 Linux installation . . . . . . . . . . . . . . . . . . . . . . . 35 4.3.6 Multiboot installation conclusions . . . . . . . . . . . . . 35 A MBR - a closer look A.1 The partition table . . . . . . . . . . . . . . . . . . . . . . . . . . 37 39 B GPT - a closer look 41 C Utilities 43 D Glossary 45 Chapter 1 Introduction This document is the result of a study performed for the course “Operating Systems and Security”. The course is given at the “Vrije Universiteit Brussel” (Vub) by Prof. Timmermans as part of the study “Master in applied computer sciences”. As the title suggests, this article is an introduction on bootloaders. There are many operating systems and many bootloaders available, what you will find in this document is a small explanation on Bios/Mbr versus Efi/Gpt architectures, and some explanations on the bootloading process using Ntldr, Bcd and Lilo/Grub. Additionally, there are some experiments by using multiboot systems on common operating systems including Windows Xp, Windows Vista and Linux (Ubuntu). The experiments are all based on the Bios/Mbr architecture. 5 6 CHAPTER 1. INTRODUCTION Chapter 2 The Bootloader When a computer is turned on, the first thing it does, is loading a small program into memory, which aids in choosing and loading the desired operating system (Os). This process is called ‘bootstrapping’ or ‘booting’ in short. The program that is initially loaded is called the ‘bootloader’. 2.1 Bootstrapping In general computer terms, a bootstrap process is one in which a small and simple process is used to help loading a bigger and more complicated program. In this document, we will refer to the type of bootstrap program that is used to select and load an appropriate operating system. 2.2 Partitions Hard-disks are often divided into partitions, which is a physical division of the disk. There are several reasons to use partitions, the most obvious for the bootprocess is the use of different operating systems. Different operating systems are often placed on different partitions since they may have a similar file structure or even files that may cause conflicts (a good example is the c:\Windows directory for Windows Xp and Windows Vista, those operating systems cannot coexist on the same partition) or that they have a different filesystem (for example Ntfs for Windows Xp and Ext2 for Linux). When a computer starts up, it needs to know which partition contains the operating system that will be started. On Ibm-Pc architectures, this information can be found in the Master Boot Record (Mbr), a small segment on a harddisk that can be found in front of the very first partition. On newer architectures (Itanium), this information can be found in the Guid Partition Table (Gpt). Both the Mbr (in combination with the Bios) and Gpt (in combination with Efi) will be discussed in more detail in the next sections. 7 8 2.3 CHAPTER 2. THE BOOTLOADER Disk addressing schemes Disk addressing schemes are partially related to the boot process. For instance; the Bios uses Chs as addressing scheme, Efi uses Lba. The initial method (IBM PCs) of addressing disks was using Cylinder-HeadSector addressing. A harddisk is divided into platters, physical disks with a narrow gap between them. The platters are double-side, meaning that information is stored on each side of the platter, much like the old-days vinyl records. Each platter has a head that can read information from the platter, the platter is spinning in rounds so a head reads from a ring (called a track), when it reads data. All the heads are positioned at the same location, which makes that if you read from a specific track on one platter, the head on the other platter is positioned at the same location and you can read data from that location as well. This operation of reading multiple platters at the same time forms a stack of logical rings, which in disk-terms is called a ’cylinder’. Finally, each circle on a platter (a track or ‘one ring’) is divided into smaller segments (usually 64), called ‘sectors’. The 16-byte entries within an Mbr use Chs values that are limited to 1024 cylinders, 255 heads and 63 sectors. This leads to a maximum disk-size of 1024 · 255 · 63 · 512 = 8.422.686.720 2.4. BIOS/MBR 9 bytes. Since there is a limit on the size of disks using this addressing scheme, ‘Logical-Block-Addressing’ (LBA) has been introduced which is used by most modern operating systems. It is important to realize that although the operating systems bypass the Bios-calls (i.e. int13 for disk access), the bootloaders/managers still uses the Bios-calls. 2.4 Basic Input/Output System - Master Boot Record The Bios is the only available software (more precise: it is firmware; software that is embedded in hardware) available to a personal computer when it has not yet booted.1 When a computer starts, the Bios2 loads and executes a small program (the bootstrap program) which resides in the Master Boot Record (Mbr).3 This program is also called the “Master Boot Code” (also known as ‘Initial Program Load’ (Ipl) . a term that comes from the Ibm mainframe systems. 4 The “Master Boot Code”, on its turn, reads the partition table that resides at the end of the sector. The partition table is used to determine which partition is bootable.5 It is, of course, the bootable partition that must contain the stage 2 boot-loader (more on this later). The Ibm-Pc architecture supports up to 4 primary partitions. The Mbr actually has a partition table that is split into 4 entries. If more partitions are needed, one of those primary partitions can be changed to an extended partition which can on its turn contain 24 logical partitions. 1 The Bios is basically a set of basic instructions (machine code) that enable the communication between the hardware and the operating system that is going to be loaded. 2 In fact; the CPU is started, finds that its memory is empty and jumps to a fixed address FFFF0-FFFFF, which contains a jump statement to the Bios code (which can be located anywhere) 3 The Master Boot Record (also called the ‘partition sector’ or the ‘master boot block’) is the first physical sector of the first boot device. The Mbr uses Cylinder-Head-Sector (chs) addressing. The boot device is usually a hard disk, but it can also be a floppy disk/Cd-Rom etc. 4 These terms are often used in an ambiguous way; the Ipl is sometimes confused with the Mbr and vice versa. The Mbr is actually the combination of the Ipl and the partition table. 5 One (and only one!) of the four partitions in the Mbr partition table can have an ‘active’ status, indicating that this is the partition to use when a computer is booted. 10 CHAPTER 2. THE BOOTLOADER The following image (source: 5) shows an overview of a Mbr strtucture. This picture also contains a reference to extended partitions which will be explained in more detail afterwards. Each logical drive in the extended partitions has an ‘Extended Boot Record’ (Ebr), which describes the partitioning of the logical drive. The Ebr is also called the ‘Extended Partition Boot Record’ (Epbr), it will always be located on the first sector of the extended partition. The primary partitions are limited and they are all described in the partition table in the Mbr. This is not the case for extended partitions and since there can be many logical partitions, each Ebr is placed in the beginning of a logical partition. If there are multiple logical partitions, the preceding partition will contain a pointer to the next logical partition (Ebr). 2.5. EFI/GPT 11 The following image (source: 5) gives a better explanation: 2.4.1 Volume Boot Record A Volume Boot Record (Vbr) (also know as the Volume Boot Sector) or “Primary Boot Record” (Pbr) is a type of bootsector. On non-partitioned devices (and thus also external devices), the Vbr is the first sector of the device, on partitioned devices, it is the first sector of any specific partion (in this case, the first sector of the device itself is the Mbr). The process of a bootloader invoking the Vbr is known as ‘Chainloading’, going from the first stage to the second stage. 2.5 Extensible Firmware Interface - GUID Partition Table The Extensible Firmware Interface is a proposition of Intel to replace the Bios and uses the guid (Globally Unique IDentifier) Partition Table (Gpt) as a replacement of the Bios’ Master Boot Record (Mbr). Efi is proposed as improvement over Bios, since Bios has limitations like 16bit processor mode, 1 Mb addressable space etc. Some of the enhancements to the standard Bios like Advanced Configuration and Power Interface (Acpi) and System Management Bios (Smbios) are also present in Efi, since they are not bound by the 16-bit limitations. Efi is an open-source standard, that defines an architecture independent in- 12 CHAPTER 2. THE BOOTLOADER terface between the platform firmware and operating system. Since it is an interface, it is (in theory) easier to make modifications by motherboard vendors. Gpt does not use ‘Cylinder-Head-Sector’ (Chs) addressing, like the Mbr does, it uses ‘Logical Block Addressing’ (Lba) instead. A very big difference between Mbr and Gpt is that the Mbr contains an executable binary for identifiying and booting the active partition which lies outside the Mbr, the Gpt contains this functionality itself. In other words: Efi contains it’s own boot-loader. It starts with a protective Mbr block, which is used for backwards compatibility and makes sure that tools that try to modify the Mbr do not accidentally destroy vital boot information when they think that they are dealing with Mbr code. This part is also called ‘Legacy Mbr’ or ‘Protective Mbr (Lba0) To recognize the partition table scheme, the SystemId for the partition is set to 0xEE, indicating that Gpt is used, which makes Efi ignore the Mbr. Gpt also has a redundancy feature, the header and the partition table are written at the beginning as well as the end of the disk. The Efi system partition (the partition that contains the bootloader programs for all operating systems that are installed on the system) is formatted in a Fat variant. 2.6. MBR, GPT - SIDE BY SIDE 2.6 13 MBR, GPT - Side by Side The following picture gives an overview of the partitions of a disk for an ibm-pc6 architecture (Mbr disk), compared to an Itanium7 Gpt disk (source: 5). 2.7 Bootsector virus A bootsector virus is a virus that infects the very first sector of a disk (floppy disk or hard disk). The first sector of your hard-disk is your bootsector and it contains the Mbr. Since the Mbr is executed every time your systems starts, the virus can be very harmful. Once the Mbr is infected, the virus loads into memory and can infect every hard disk, or external disk, known to the system. Bootvirusses were typically spread via infected floppy disks. When a user left a floppy disk accidentally in the drive, the next time the system booted, it tried to boot from the floppy (this is a feature that can nowadays be (de)activated in the Bios) and the virus kicked in. 8 Any antivirus software is sufficient to clean an infected bootsector/Mbr. 6 ibm-pc or x86 stands for the 32-bit instruction set architecture that is binary compatible with the 80386, a microprocessor which has been the most commonly used processor for personal computers from 1986 up until now (end of 2008). 7 Itanium is the brand name for Intel 64-bit microprocessors that implements the Intel Itanium architecture (which was, despite the name, originally developed by Hewlett-Packard (hp)) 8 In the past, a lot of floppy disks were bootable, but a floppy disk does not need to be bootable to infect a system. 14 CHAPTER 2. THE BOOTLOADER Chapter 3 Bootloading an operating system This chapter describes from a high-level point of view, the different steps in the booting process of some of the major operating systems. First the differences between the Bios and Efi startup processes are explained, after which the boot processes of some of the major operating systems are examined. 3.1 BIOS In a few words, we could say that on startup, the Bios runs a Post (Power-On Self Test) to check for the availability of some vital hardware and executes the Mbr afterwards. The full steps are shown below: 1. The computer is switched on, the (x86) Cpu is programmed to look at the address FFFF:0000h, the last 16 bytes of memory in the first megabyte. This address contains a jump (jmp) command to the Bios. 2. The Bios runs the Post. During this process (hardware vendor dependent), a video Bios, a check for a warm/cold boot (a warm boot indicates that a large part of the Post can be skipped) 3. Sets up the interrupt table containing the addresses to the interrupt routines. Interrupt 13 is the most important of these interrupts, it contains the Bios fixed disk (native I/O) services. 4. Initializes (after performing some tests) vital hardware like the Cmos (Complementary Metal–Oxide–Semiconductor; a special memory-chip that stores information like the boot-order, system-clock etc), the Dma (Direct Memory Access), controller, the keyboard controller, and the like. 5. Initializes (again after performing some tests) hardware like keyboards, hard disks etc. 15 16 CHAPTER 3. BOOTLOADING AN OPERATING SYSTEM 6. Looks for Rom extensions (a Bios on an option card). Typical Rom extensions can be found in video cards, network adapters etc. The first two bytes of a Rom extension are 55aa, the Bios locates Rom extensions by searching for this pattern. If an extension is found, the Rom initialization code is called. 7. Finally, the Bios looks for a boot sector (Vbr) 1 on an external device, or the Mbr on a hard disk (this option can usually be set in the Bios, although this was not the case for older systems) and copies it to address 0x7c00. 3.2 EFI On machines with Efi firmware, it is the firmware itself that contains a bootmanager. It is the BootRom that performs a Post. Efi takes care of basic hardware initialization and the selection of the actual operating system to start. The Microsoft boot-manager entry is called “Windows Boot Manager” and can be found at the following location: \EFI\Microsoft\Boot\Bootmgfw.efi. On Macintosh machines, the file called /System/Library/CoreServices/boot.efi. Since the Efi is modular and the specification an interface, each vendor provides a different version. Microsoft even implements a second bootmanager with its own menu with boot options. 3.3 Microsoft Microsoft has three generations of bootloaders. The first one loads Dos based operating systems like Dos itself, Windows 3.x and Windows 95/98. The Windows Nt generation (version 4 and 5) include a new bootloader called Ntldr. Windows Vista and Windows 2008 use Bcd as bootloader. 1 A VBR is the first sector of a device that has not been partitioned, or the first sector of an individual partition on a device that has been partitioned. 3.3. MICROSOFT 3.3.1 17 Windows DOS, Windows 3.x, Windows 9x Once the Bios has completed its initialization phase, the boot process looks for the bootable partition and starts the operating system by invoking the operating system files (io.sys, msdos.sys and command.com) The full explanation of the steps follow: 1. The Bios loads the Mbrs boot code and executes it. It looks for the boot device, if the device is a hard-disk, some additional steps (examining the master partition table including retrieving information on extended partitions) are performed: (a) If the master boot code has found an extended partition, the extended partition table will be loaded. This table lists the logical volumes in the extended partition. The extended partition tables of the logical volumes are chained, the process uses this feature to find and load all extended partitions. 18 CHAPTER 3. BOOTLOADING AN OPERATING SYSTEM (b) Once the (optional) extended partitions have been loaded the master boot code tries to boot the active (primary) partition, resulting in error codes on failure. 2. The Volume Boot Record is loaded and executes 3. The Volume Boot Code inspects the disk from which it boots, resulting in error codes on failure. 4. The root directory of the device that is used for booting must now contain three files: (io.sys, msdos.sys and command.com) (If these files are not found, an error message is displayed) 5. The boot program loads the three operating system files into memory and executes them. The files, on their turn, load the command interpreter and the system control files (config.sys and autoexec.bat) The kernel image was implemented in two files (io.sys and msdos.sys) in older Dos versions, Dos 7 implemented the kernel image in one file (io.sys). The file msdos.sys was transferred to a text-based configuration file. For the windows systems, the last line of the autoexec.bat called the file win.com which on its turn loads the Windows kernel (krnl386.com) and some additional modules. The Windows kernel finally loads the primary shell (progman.exe for Windows 3.x, explorer.exe for later versions) Since the windows kernel is loaded from the autoexec.bat file, this file can be used to implement some sort of bootmanager. Different bootoptions are shown in the accompanying image. 3.3.2 Windows NT, Windows XP, Windows 2000, Windows 2003 These versions of Windows all use Ntldr as bootloader. NTLDR Ntldr has some tasks to perform before the user can select the actual operating system to boot: 1. The windows loader (Ntldr) is loaded. 2. The loader switches the processor to 32-bit mode (which is needed by Ntldr) 3. Ntldr starts a mini-filesystem with appropriate drivers. This is needed to be able to load Windows from different filesystem formats. 4. The loader reads the boot.ini file and presents the user with a menu, based on the configuration in the boot.ini file. If this file is not present, 3.3. MICROSOFT 19 the system assumes default values, prints an error message and continues. If only one boot option is present in the configuration file, the system reads the configuration and continues without presenting the menu to the user. 5. Ntldr loads the operating system that is selected by the user. If the selected operating system is any of the ones mentioned in this section, Ntldr set’s up the hardware and loads and executes ntdetect.com. For other operating systems, the control is passed to the file bootsect.dos, or any other bootloader. 6. ntdetect.com (osloader.exe on Risc systems) scans the hardware and gives the discovered list to the Ntldr which loads ntoskrnl.exe and gives it the list previously received. We now enter the Windows Load Phases. The Windows Load Phases for the mentioned systems can differ slightly from one to another, however the general sequence for the mentioned systems consists of the following: 20 CHAPTER 3. BOOTLOADING AN OPERATING SYSTEM 1. Kernel Load Phase 2. Kernel Initialization Phase 3. Services Load Phase 4. Windows Load Phase (Windows Subsystem Start Phase) Kernel Load Phase The ‘Kernel Load Phase’ loads the ‘Hardware Abstraction Layer’ (Hal, found in the file hal.dll) and the registry is loaded and checked for additional needed device drivers. ntoskernel.exe is loaded (but not executed). Ntldr now initializes the kernel and passes control to it. Kernel Initialization Phase The drivers that were loaded in the ‘Kernel Load Phase’ as well as the kernel itself are initialized. The registry hardware list is created with the information collected by ntdetect.com. Service Load Phase The session manager is started who’s task is to check all programs that must be started. The paging file is setup and the disk is checked for errors (chkdsk.exe). Windows Load Phase The Win32 subsystem starts and invokes winlogon.exe. The service controller checks the registry for services that must be started, right after the login screen is presented indicating that the system has properly started.2 3.3.3 Windows Vista, Windows 2008 It is either the Bios or the Efi that loads the Windows Nt6 boot manager called ‘Winload’. It is Winload that bootstraps the Windows kernel3 , it loads the operating system kernel, the Hardware Abstraction Layer (Hal) and the system registry. 2 Actually, the boot process is not yet finished; it finishes after a successful logon and the ‘Last Known Good Configuration’ boot-sequence has been copied. 3 Winload is the equivalent of Ntldr for older Windows Nt systems, although it does not implement features like hibernation (dispatched to the program called winresume or implementation of the bootmenu (already handled by the boot-manager)) 3.3. MICROSOFT 21 The boot manager (which must be located at the root directory of the boot volume) reads the ‘Boot Configuration Data’ file and presents the user a bootmenu. Whenever an operating system is chosen, the bootmanager executes winload.exe to load the operating system. The steps the Winload takes are simpler than Ntldr, since some of the tasks performed by Ntldr have already been performed by the bootmanager (presentation of the menu) or are delegated to other programs (winresume for hibernation). The steps that Winload performs are the following: 1. It loads the system registry. 2. Winload loads the operating system kernel. The Hardware Abstraction Layer is initialized as well as all needed kernel libraries. 3. All (kernel, Hal, libraries and device drivers) the image files are checked by their digital signature and loaded. 4. The registry is scanned to check all used device drivers, the device drivers that are in the ‘boot’ classes are verified and loaded into memory. 22 CHAPTER 3. BOOTLOADING AN OPERATING SYSTEM 3.4 Grub4Dos Not really a specific Windows bootloader, but has some interesting features that are worth to mention. Grub4Dos is a fork of the Grub project (see 3.6.2), but has evolved a lot. Grub uses a staging mechanism, each stage containing a different small program, to bootload an operating system, Grub4Dos on the other hand, uses one single file (grldr or grub.exe, depending from which operating system you boot) which can be chainloaded from other bootloaders like Ntldr, Grub4Dos can be written to the bootsector of a device (using the file grldr.mbr) or grldr can be loaded via the device’s Mbr. Additionally, Grub4Dos can be loaded in multiple ways (it can be loaded by the bootloader in the Mbr, it can be loader from the Windows Vista bootloader and it can serve as bootfile for bootable Cdroms (El Torito). Finally, Grub4Dos implements functionality that allows you to map virtual disks (harddisk or floppydisks) from image files which can be used after Dos has started. If the Grub4Dos bootloader (grldr of grub.exe) is chainloaded from another bootloader, it scan the local disks for the configuration. This means that the configuration file is not bound to a specific location, it can even be mobed between disks. If Grub4Dos (the Mbr of Grub4Dos) is installed in the Mbr, it scans all devices for the loader, which on its turn scans devices for the bootmenu (menu.lst). If no menu configuration is found, a command-line is presented, otherwise the menu is shown. 3.5 Macintosh The latest Mac versions come in two flavors, Power PC (Ppc which uses Open Firmware (a Bios based bootloader) or Intel based Macs, which use Efi/Gpt. Apple divides the boot process in ten major steps: 1. Power on. The hardware activates the Boot Rom firmware. In case of OpenFirmware, a Bios variant, the following two steps are performed: (a) Post, checks vital hardware (b) Open Firmware, builds the device tree and selects which operating system to boot. 2. Booter, the ‘BootX’ is the loader that loads the kernel. It is the bootloader that passes control to this bootloader when Mac OsX is selected as the operating system. The bootloader can be found at the following location: /System/Library/CoreServices/BootX. 3. Kernel load, device drivers are loaded and the mach init process (the process that manages all Cpu processes, like multi-tasking, memory usage etc.) is launched. 3.6. LINUX 23 4. System initialization. The System initialization is divided into four subtasks: (a) Determination of single-user boot or Cdrom boot (b) System initialization scripts are run, completes the basic initialization tasks and load the startup items (c) The login window is launched. (d) System processes that were needed during boot are cleaned up 5. Startup items, these consist of programs and shell scripts that clean the temporary files and launch daemon background processes. 6. Login. After the user has logged in, the users environment is loaded, the Dock, Finder and UI server are started. Optionally the setup assistent is loaded (in case an installation is in progress) and some of the applications (user specified) are launched. 7. Authenticating users. This process occurs after the login process. It uses the Directory Services to authenticate the user (the loginwindow manages the authenticating process, but does not authenticate the user itself) 8. User environment setup. 3.5.1 Bootcamp Bootcamp is a utility that lets the user install other operating systems (like Windows Xp or Windows Vista) on a Macintosch. The Gpt specification uses a ‘protective Mbr’, as mentioned earlier, this Mbr should have exactly one partition, its Id should be set to 0xEE. Apple has bypassed this rule and Bootcamp uses a hyrbid Mbr/Gpt. What happens is that when you create a new partition on the disk (using the tools that are supplied by Apple!), this partition gets copied to the partition table of the protective Mbr of the Gpt (and thus breaking the standard). 3.6 Linux While technically spoken, Lilo and Grub are not ‘Linux’ bootloaders (they can boot a multitude of operating systems), they are freely distributed with Linux and are therefor often seen as ‘Linux’ bootloaders. Both Lilo and Grub are staged bootloaders where the first stage (which is a small part of code in the Mbr) is only used to load the second stage. Once the second stage is loaded into the main memory, the user is presented with a screen showing the different bootoptions (operating systems) that are available. 24 CHAPTER 3. BOOTLOADING AN OPERATING SYSTEM If the selected operating system is a linux flavour, the kernel is loaded from the boot directory. If the selected operating system is not a linux flavour, another bootloader will be invoked. Lilo and Grub are very similar, their main differences are: • Grub has an interactive interface, whereas Lilo only alows one command with parameters for interaction. • Lilo stores information about the operatings system (like kernel location etc) in the Mbr. The downside of this approach is that after each kernel modification, the bootloader needs to be adapted as well, Grub uses a dedicated stage for this. • Grub can handle many more partition types (Lilo cannot read ext2 partitions for example) • Lilo is a two-stage bootloader, Grub has more stages 3.6.1 LILO The first stage of the bootloader has finished, the second stage of the bootloader displays the bootloader screen, reads the kernel and initrd into memory and hands over the control of the machine to the kernel. The bootprocess using Lilo shows the word Lilo, each letter indicating a milestone within the boot process. The boot sequence will be explained using these letters 1. L: When the primary bootloader begins to execute, the first ‘L’ is printed. This is the first stage of the boot process. It reads the map file (which is compiled into the boot code) which contains the pointers to the available operating systems to boot. This map file also contains the address of the second bootloader. 2. I: The ‘I’ is printed just before Lilo loads the second bootloader (stage 2). If during a boot you see the letters ‘LI’ appear, after which the system halts, this indicates that the second bootloader cannot be found. (this happens often after recompilation of a kernel or installation of another kernel. It is possible to recompile a kernel, move bootloader etc., but the command /sbin/lilo needs to be executed afterwards to update the Mbr) 3. L: The first thing the second bootloader does is printing the second ‘L’. It reads the map file afterwards to retrieve the additional needed files. 4. O: Lilo runs after the map contents have been loaded and verified. Lilo is ready to pass the control to the kernel. Lilo can also load boot code for a non-linux system. 3.6. LINUX 3.6.2 25 GRUB This subsection deals with Grub 1, also known as Grub legacy. This is still the most widespread version of Grub although Grub 2 has made a lot of progress. Grub stage 1 is contained in the Mbr, its main task is to load the next stage of Grub; stage 24 Grub stage 2 presents the user with a boot menu as well as a command prompt which can be used to enter additional parameters for the boot process. Once the options are known, Grub loads the kernel which takes over control. Grub can also give control to another bootloader for operating systems that do not support the multiboot standard. This process is called chainloading. The other bootloader is loaded as if it was called by the Mbr directly. A more detailed explanation of the boot sequence: 1. The Mbr boot code (stage 1) is executed 2. The bootloader code contains the address of the next stage, which is usually stage 1.5. Stage 1.5 is located in the first 30 bytes, right after the Mbr. This space is also known as the “Dos compatibility space”. 3. Stage 1.5 knows about the bot filesyste,. It opens the filesystem, looks for the stage 2 executable and passes control to it. This step is created to give a greater flexibility in upgrading kernels, stage 2 upgrades etc, since changes do not imply modifications to the Mbr (which is not the case for Lilo). 4 Stage 1 can also load stage 1.5 which is located directly after the Mbr. Stage 1.5 is used to load other filesystems than ext2 and ext3. Stage 1.5 is filesystem aware and simply loads stage 2. 26 CHAPTER 3. BOOTLOADING AN OPERATING SYSTEM 4. Stage 2 executes. It loads the menu configuration (menu.lst) and (usually) provides the user with a menu, based on its configuration. The next step is to load the Linux kernel. Stage 1.5 - The DOS compatibility region Previously, disks were addressed in Cylinder-Head-Sector (Chs) mode, a physical layout of the disk. Nowadays, disks are addressed in ‘Logical Block Addressing’ (Lba) mode.5 Dos required that its image stayed in one cylinder. Partition managers therefor added a region so that the first partition was aligned with the boundaries of the cylinder. The usual number of sectors per cylinder is 63 of which the Mbr takes only one. This leaves 62 sectors (usually 512 bytes per sector) of unused disk space. The Dos compatibility region is used by Grub to store stage 1.5, the stage that contains file-system specific code. 3.6.3 Loading the Linux kernel After the bootloader has loaded the kernel, the kernel initializes, configures and examines the system’s hardware. It looks for a initrd image in well known location in it memory. The initrd image is mounted and the necessary drivers 5 In Lba, only one number is used to address data, rather than three. Each linear base address describes a single block. The reason for using Lba instead of Chs in the filesystem is because of its simplicity. (source: wikipedia) 3.7. MULTIBOOT 27 are loaded. Virtual devices (lvm or Software raid) are optionally loaded before the image is unmounted and the kernel continues by freeing up all unused memory. The filesystem is setup, by creating a root device, which is mounted as read-only. Again all unused memory is freed, we now have a fully-loaded and operational kernel in memory. Next step is to invoke the /sbin/init program (which is also simply called ‘init’), to setup a user environment (otherwise, we could not do a lot with the computer). The init process becomes the parent process of all subprocesses that will be started. It starts by initializing the available run-levels, usually ending at runlevel 5 (graphical multi-user environment). 3.7 Multiboot The image below shows some possible boot scenarios. There is one part with dotted lines, it shows a path from the Ntldr to a file called bootsect.dos. This file is actually installed by the Windows Nt installation process, simulating a normal boot process (actually, it is a copy of the ’old’ bootsector before the installation on Windows Nt). 28 CHAPTER 3. BOOTLOADING AN OPERATING SYSTEM The image shows some of the possible paths during a multiboot bootprocess. Most bootloaders are capable of chainloading another bootloader. This has one big implication: multiple bootmenus. If you boot Grub, for instance, and you use it to load Windows, you get redirected to the Windows bootloader. If this bootloader only contains one entry, it will skip the menu, however, mutliple entries lead to the effect that you will first see the Grub bootmenu, afterwards the Windows menu. A remedy might be to setup the multi-boot system in such a way, that each operating system has its own bootloader. 6 A more complicated setup includes creating images of each operating system to be installed, reinstalling them afterwards and let the bootmanager link the different operating systems. Both methods are undesirable, they require a lot of work, with limited outcome, they are thus not part of the experiments. 7 . 6 This might work if the number of operating systems is limited and fit within the maximum limit of four primary partitions (a partition can be set hidden when a new operating system is installed, therefor the installer will not modify the specific boot process). 7 Dan Goodell did follow this setup Chapter 4 Some experiments Before experimenting with dual boot systems, it is convenient to have a partition manager available, since the installation procedures of Windows Xp nor Windows Vista foresee any partitioning options during installation. The experiments with the combination of Windows Xp and Windows Vista are run on a Pentium with 2 Gb of internal memory and a disk capacity of 60 Gb. The multiboot experiment is performed within a Virtual Machine (using VmWare Fusion) with a Mac (running OsX Leopard) as host. The virtual machine has 1 Gb of internal memory assigned and a disk capacity of 30 Gb. 4.1 Dualboot: Installing Windows Vista next to Windows Xp Starting with an easy scenario, we install Windows Vista on a system with Windows Xp already installed (and we assume that it is properly partitioned). The Vista installation recognizes Xp, creates an entry in the bootloader, so next time the system is booted, the user is presented with a menu allowing the choice of either operating system. Let’s have a closer look. After the installation, a file called boot.bak is placed in the root of the Xp partition. The contents show the following: ; ;Warning: Boot.ini is used on Windows XP and earlier operating systems. ;Warning: Use BCDEDIT.exe to modify Windows Vista boot options. ; [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /NOEXECUTE=OPTIN /FASTDETECT The comments mention the bcdedit.exe application, which is a commandline utility that can be found in the directory c:\Windows\System32. 1 Running 1 BcdEdit is a commandline utility to manage Bcd stores; a Bcd store contains the different 29 30 CHAPTER 4. SOME EXPERIMENTS this program gives the following output: c:\Windows\System32>bcdedit.exe Windows Boot Manager -------------------identifier device description locale inherit default displayorder toolsdisplayorder timeout {bootmgr} partition=D: Windows Boot Manager en-US {globalsettings} {current} {ntldr} {current} {memdiag} 30 Windows Legacy OS Loader -----------------------identifier {ntldr} device partition=D: path \ntldr description Earlier Version of Windows Windows Boot Loader ------------------identifier device path description locale inherit osdevice systemroot resumeobject nx {current} partition=C: \Windows\system32\winload.exe Microsoft Windows Vista en-US {bootloadersettings} partition=C: \Windows {18a863e9-9cf4-11dd-acd6-81fd24c4e1bb} OptIn Using BCDedit, these options can be changed, new entries can be added etc.2 Bcd is an abbreviation for ‘Boot Configuration Data’ . Vista no longer uses Ntldr, but Bcd. The configuration file (boot.ini) has been backup and contains a message that this type of loading is no longer supported. 4.2 Dualboot: Installing Windows Xp next to Windows Vista Installing Windows Xp, after Vista has been installed, requires some manual intervention afterwards. Windows Xp is older than Vista, the technology (read: the boot process) is simply not built to cope with newer technologies. When Vista is already installed, and a copy of Windows Xp is placed next to it, the Windows Xp installation overwrites the Windows Vista bootloader and replaces it by the one known to Xp: Ntldr. Since this bootloader has no boot entries 2 There is also a utility called msconfig.exe which provides a Graphical User Interface (GUI) that allows you to change some basic options like default boot option, timeout etc. Its functionality is limited compared to BCDEdit 4.2. DUALBOOT: VISTA AND THEN XP 31 notion of Vista, you will find yourself booting straight into Xp, no option to boot Vista is presented. Intuitively, you might consider two rescue options: modify Xp’s bootloader to also present the option to boot Vista or install Vista’s bootloader and configure it to allow the choice of either Xp or Vista (and we have seen that this works in the previous section) After booting to Xp, a ‘boot.ini’ file is available with the following contents: [boot loader] timeout=30 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect Since the bootloader of Windows Xp (ntldr) is not forward compatible, it didn’t recognize Windows Vista, the option is not available in the boot menu. Since there is only one operating system defined, the system will skip the bootmenu and boot straight into Windows Xp. To fix this unwanted behaviour, Microsoft has a support-page explaining the details. Following the indicated steps3 I was able to reinstall the Vista bootloader with an entry for both Windows Xp and Windows Vista. The steps to take are the following (6): 1. Use Bootsect.exe to restore the Windows Vista Mbr and the boot code that transfers control to the Windows Boot Manager program. To do this, type the following command at a command prompt: Drive:\boot\Bootsect.exe /NT60 All In this command, Drive is the drive where the Windows Vista installation media is located. 2. Use Bcdedit.exe to manually create an entry in the bcd Boot.ini file for the earlier version of the Windows operating system. To do this, type the following commands at a command prompt. In these commands, Drive is the drive where Windows Vista is installed. (a) Drive:\Windows\system32\Bcdedit /create ntldr /d "Description for earlier Windows version" Note: In this command, the description for earlier Windows version can be any text that you want. For example, the description for earlier Windows version can be “Windows Xp” or “Windows Server 2003”. (b) Drive:\Windows\system32\Bcdedit /set ntldr device partition=x: Note: In this command, x: is the drive letter for the active partition. (c) Drive:\Windows\system32\Bcdedit /set ntldr path \ntldr (d) Drive:\Windows\system32\Bcdedit /displayorder ntldr /addlast 3 I had to perform those steps from the Vista installation cd since there were problems locking the harddisks. There were some additional errors, but these appeared to be non-fatal 32 CHAPTER 4. SOME EXPERIMENTS 4.3 Multiboot: Xp, Vista, Windows 2008 Server and Linux It should now be clear that we should start with the installation of the oldest operating system first, working our way ‘up’ unto the latest, finishing with Linux, since the Linux bootloaders recognize all other. Before that, however, I used gparted to partition the disk, since not all operating systems provide a partitioning option during installation. Some things are convenient to know before starting: • Windows 2008 Server need minimal 6 Gb to install • Linux uses a dedicated partition for its swap-space (not necessary, but common practice) • Linux stores boot information in a dedicated directory called ‘boot’. If we would like to setup two Linux partitions, we can either give them a seperate boot-location, or we can let them point to the same location. In the latter case, changes only need to be made once. (An additional note; for older Bioses, this boot partition must be within the first 1024 cylinders of the harddrive in order to be bootable! If you have an old Bios, place the boot partition at the front of your partition table), this is also the reason why I placed a dedicated partition in the beginnning of the disk. 4.3.1 Step 1: partitioning I chose the following setup (screenshot from gparted): 4.3.2 Installing Windows Xp The installation detects the partitions that I have recently setup (except for the Linux partitions, which is quite logical) and after selecting the first partition, 4.3. MULTIBOOT: XP, VISTA, 2008, LINUX 33 the installer asks me what to do with the partition (format, convert to ntfs). I chose not to format, not to convert the partition, thus leaving it in fat32. The installation leads to no suprises, after rebooting, we boot straight into Windows Xp. 4.3.3 Installing Windows Vista The windows installation asks whether I am interested in going online to get the latest updates during installation. To speed up the process, I chose not to. Vista also recognizes the created partitions (as expected) and it comes with a warning that windows cannot be installed on the first partition, since it is not an ntfs partition. During the Windows Vista, the installer reboots and we directly notice that the new bootloader is already installed. Two options are available: ‘Earlier version of windows’ and ‘Windows setup’. We do not get to chose, the installer boots straight into the setup program. 34 4.3.4 CHAPTER 4. SOME EXPERIMENTS Installing Windows 2008 Server The installer asks which version of Windows 2008 I purchased (actually, I didn’t purchase any, I downloaded it from Msdn). Chose one of the available options (beware that the ‘Core’ option gives a command-line only interface!) and after booting we see that Windows 2008 adapted the bootoptions that were available after Vista installation: 4.3. MULTIBOOT: XP, VISTA, 2008, LINUX 35 Windows 2008 Server installed without problems, the menu shows the three expected boot-options. 4.3.5 Linux installation The initial idea was to install Fedora (which allows the option to use Lilo as bootloader as well as Grub), but the Fedora installer/partitioner does not recognize any of the NTFS partitions (additionally it crashed when trying to set it up), so I switched to Ubuntu. The installation finishes and after a reboot, we are presented with Grub, which allows us to boot to either Ubuntu, or go to the Vista/Longhorn loader. This last option goes, as expected, to the Windows Bootloader as it was installed by Vista. This means that if we would like to boot into any windows system, we have to pass two bootloaders.... 4.3.6 Multiboot installation conclusions Proper planning is clearly needed, the partitions, their filesystem format and sizes need to be known upfront. Once you have determined this information, start with the oldest windows version first and work your way up to the newer windows versions. Installing Linux with either Lilo or Grub afterwards should not pose any problems, but be prepared to perform some manual interventions afterwards. 36 CHAPTER 4. SOME EXPERIMENTS Appendix A MBR - a closer look The Mbr that I retrieved during of one of the experiments; Windows Xp (This image is best viewed in full scale and in color) 37 38 0000 012c 017c 01b5 01b8 01bc 01be 01fe APPENDIX A. MBR - A CLOSER LOOK Master Boot Code, also known as Initial Program Load. Error messages, ends with 00 (in bold). Padding, all zero-bytes. Fixed for english versions of windows: 2c 44 63 - Part of dmadmin.exe, used by Windows Nt to display the Mbr error codes which may be language dependent. Disk signature, needed by Windows Nt to identify the right disk and used for drive assignation. Unused, usually nulls: 0x0000. Start of the partition table, it contains 4 16-byte entries (this Mbr has only one defined partition). The active partition is Indicated with the value “80”, the other partitions start with the value “00” (values in bold). Mbr signature: 0xAA55 (on all Ibm-Pcs, and compatible, numbers of two or more bytes are always stored in reverse order). Actually 0xAA55 is called the ‘Magic Number’, it is used to denote the end of both Mbrs and bootsectors. Each of the four possible primary partitions contain a boot-indicator, the value of 80 indicates that this partition is active (booteable), in which case we call it a ‘high bit’. Partition Partition Partition Partition 1: 2: 3: 4: 80 01 01 00 07 fe ff ff 3f 00 00 00 62 04 53 07 00 fe ff ff 0f fe ff ff a1 04 53 07 5f f4 a5 06 . . . empty. . . . . . empty. . . byte 0: The first byte tells use whether the partition is bootable (80 for the active partition, 00 for an inactive partition. There can only be one active partition). It is the active partition that contains the boot manager. byte 1-3: The next three bytes contain the “Cylinder/Heads/Sector” (Chs) address of the partition start. byte 4: This byte indicates the partition type. A few examples: 07 indicates Windwows Nt or OS/2 HPFS, 0f indicates Win95 Extended, 83 indicates linux swap. byte 5-7: Chs address of the partition end. byte 8-11: The starting sector number (little endian) byte 12-15: The partition size A.1. THE PARTITION TABLE A.1 39 The partition table The partition table is a 64-byte structure, as we have seen above. The table contains 4 entries, leaving us with 16 bytes for one partition. The first entry in the example of this chapter contains the following code: 80 01 01 00 07 fe ff ff 3f 00 00 00 62 04 53 07. The first entry of a partition table always starts at address 01be, this gives us the following dissection of the tabel (little endian!) Offset 01be 01bf 01x0 Length 8 bits 8 bits 16 bits Value 80 01 01 00 01c2 01c3 01c4 8 bits 8 bits 16 bits 07 fe ff ff 01c6 32 bits 3f 00 00 00 01ca 32 bits 62 04 53 07 Description Boot indicator, 80 for the active boot-partition, 00 for inactive. Starting head Starting sector, only the first 6 bytes are used. The upper 2 bits of this byte are used by the starting cylinder field. Starting cylinder, uses this byte + 2 bits from the starting sector to get the cylinder value. System ID. 07 means Ntfs Ending head Ending sector. Same division as the starting sector. Ending cylinder, borrows 2 bits from the ending sector Relative sectors, the offset from the beginning of the disk to the beginning of the volume, counting by sectors. Total sectors. 40 APPENDIX A. MBR - A CLOSER LOOK Appendix B GPT - a closer look I have not tried to modify anything on my Mac (no bootcamp installed) so the presented information here is more limited compared to that of the Mbr, however, some things can be interesting. First, I tried to view a dump of the Mbr using the following commands: Barry$ sudo dd if=/dev/disk0 of=/Users/Barry/Desktop/macmbr.code bs=1 count=512 512+0 records in 512+0 records out 512 bytes transferred in 0.064308 secs (79648 bytes/sec) Viewing the result in a hexviewer is uninteresting, the magic number can be seen, as well as a lot of nulls. The partition table is more interesting, especially with the information following afterwards: 01B0: 01C0: 01D0: 01E0: 01F0: 00 FF 00 00 00 00 FF 00 00 00 00 EE 00 00 00 00 FE 00 00 00 00 FF 00 00 00 00 FF 00 00 00 00 01 00 00 00 00 00 00 00 00 90 00 00 00 00 63 00 00 00 00 00 2F 00 00 00 00 60 00 00 00 00 38 00 00 00 00 3A 00 00 00 00 00 00 00 55 FE 00 00 00 AA The disk signature is set to 90 63 00, one partition is visible, but it is nonbootable. 41 42 APPENDIX B. GPT - A CLOSER LOOK The following shows some more interesting information: Barry$ sudo fdisk /dev/rdisk0 Disk: /dev/rdisk0 geometry: 60801/255/63 [976773168 sectors] Signature: 0xAA55 Starting Ending #: id cyl hd sec - cyl hd sec [ start size] -----------------------------------------------------------------------1: EE 1023 254 63 - 1023 254 63 [ 1 - 976773167] <Unknown ID> 2: 00 0 0 0 0 0 0 [ 0 0] unused 3: 00 0 0 0 0 0 0 [ 0 0] unused 4: 00 0 0 0 0 0 0 [ 0 0] unused The Magic Number is not a surprise, what is surprising is the ‘unknown ID’. Actually, this is not surprising at all; the identifier EE is used to protect the Gpt to tools designed for the Mbr (like fdisk), but unaware of Gpt (see 2.5). The following commands show a bit of information as well: Barry$ sudo gpt -r show /dev/rdisk0 start size index contents 0 1 PMBR 1 1 Pri GPT header 2 32 Pri GPT table 34 6 40 409600 1 GPT part - C12A7328-F81F-11D2-BA4B-00A0C93EC93B 409640 976101344 2 GPT part - 48465300-0000-11AA-AA11-00306543ECAC 976510984 262151 976773135 32 Sec GPT table 976773167 1 Sec GPT header We clearly see the redundancy that is built in into Gpt; the partition table and the header are duplicated. Furthermore, the Guid C12A7328-F81F-11D2-BA4B-00A0C93EC93B indicates that we are dealing with a Efi System Partition, 48465300-0000-11AA-AA11-00306543ECAC indicates a ‘Hierarchical File System’ (Hps) filesystem, which is the default filesystem for Osx. One last command, the outcome should be self-explanable: Barry$ diskutil list /dev/disk0 #: TYPE NAME 0: GUID_partition_scheme 1: EFI 2: Apple_HFS Harddrive SIZE *465.8 Gi 200.0 Mi 465.4 Gi IDENTIFIER disk0 disk0s1 disk0s2 Appendix C Utilities There are several useful utilties to work with bootloaders (Tools come with the description provided by the vendors/developers) 1. BCDEdit Boot Configuration Data (Bcd) files provide a store that is used to describe boot applications and boot application settings. The objects and elements in the store effectively replace Boot.ini. BCDEdit is a command-line tool for managing Bcd stores. It can be used for a variety of purposes, including creating new stores, modifying existing stores, adding boot menu options, and so on. BCDEdit serves essentially the same purpose as Bootcfg.exe on earlier versions of Windows, but with two major improvements: • BCDEdit exposes a wider range of boot options than Bootcfg.exe. • BCDEdit has improved scripting support. BCDEdit is the primary tool for editing the boot configuration of Windows Vista and later versions of Windows. It is included with the Windows Vista distribution in the %systemroot%\System32 folder. 2. Beeblebrox Beeblebrox is a partition table editor for Windows 95/98 or NT. With Beeblebrox you can : backup and restore your partition tables, edit any value in any partition table, hide/unhide partitions, change the active partition, search for partition boot records to help in partition recovery, view partition boot sector information and delete a partition. 3. GParted GParted s used for creating, deleting, resizing, moving, checking and copying partitions, and the file systems on them. This is useful for creating space for new operating systems (works with Vista System and Data partitions), reorganizing disk usage, copying data residing on hard disks and mirroring one partition with another (disk imaging). 43 44 APPENDIX C. UTILITIES 4. HDHacker HDHacker is a stand-alone micro-utility that saves, visualizes, and restores the Mbr (from a physical drive), the BootSector (from a logical drive) or any specified sector from any disk (even removable disks). HDHacker can be used, for example, to save and restore a particular boot manager (such as Lilo, for example) before a new Windows setup (which, obviously, overwrites it). An Mbr and BootSector backup can also be useful for simple precautionary purposes too, since sometimes viruses or other Os setup (like Linux) could overwrite and/or alter the Mbr/Boot Sectors, making it impossible to start up previous Os and/or access datas stored on the disk. HDHacker can provide “insurance” against all these types of loss. 5. MbrFix Perform several Master Boot Record (Mbr) tasks, like backing up, restoring, fixing the boot code in the Mbr, etc. The utility should not be used for Guid Partition Table (Gpt) disks. 6. MBRWizard MBRwizard is a powerful, yet flexible utility designed to assist with all types of Master Boot Record difficulties. Intially developed to overcome MBR problems introduced by disk imaging products such as Symantec Ghost and Acronis True Image, MBRwizard has become a popular utility for repairing all types of Mbr problems, especially those caused by disk2-disk (d2d) and system backup and recovery applications. 7. PartInfo This Dos or Nt/2000/Xp utility will display the partition information in the Mbr and Embr. The output can be redirected to a file and sent for review if needed. 8. SecInspect SecInspect.exe is a command-line diagnostics tool that allows administrators to view the contents of master boot records, boot sectors, and IA64 Guid partition tables. Additional features include creating hex dumps of binary files and backup/restore of sector ranges. 9. VmWare Fusion VMware Fusion is a virtual machine software product developed by VMware for Macintosh computers with Intel processors. Fusion allows Intel-based Macs to run x86 and x86-64 “guest” operating systems, such as Microsoft Windows, Linux, NetWare and Solaris as virtual machines simultaneously with Mac OS X as the “host” operating system using a combination of virtualization, emulation and dynamic recompilation. Appendix D Glossary A lot of the items in this glossary are retrieved from http://www.wikipedia. org. • Basic Input/Output System (BIOS) Firmware code run by a personal computer (Ibm-Pc architecture) when it first starts up. The Bios is responsible for initializing vital hardware (like video-card, keyboard etc). The Bios gives contraol to a bootloader for system startup. • Booting In computing, booting (booting up) is a bootstrapping process that starts operating systems when the user turns on a computer system. A boot sequence is the initial set of operations that the computer performs when it is switched on. The bootloader typically loads the main operating system for the computer. • Boot Configuration Data (BCD) Boot Configuration Data (Bcd) is a firmware- independent database for boot-time configuration data. It replaces the boot.ini that was used by Ntldr, and is used by Microsoft’s new Windows Boot Manager. • Bootloader A bootloader is a small program that is user to boot other operating systems. • Bootmgr For Vista, the Mbr looks for and loads bootmgr, Vista’s replacement for Ntldr, however, bootmgr serves only one function: as a bootmanager. Bootmgr refers to a file called bcd (short for boot configuration data). You can say bcd is like boot.ini, it contains the menu entries for Vista’s boot menu. • bootsect.dos ootsect.dos is created by Windows NT Setup. It is a copy of the bootsector as it existed before the installation of Windows Nt and allows the 45 46 APPENDIX D. GLOSSARY Windows not loader (Ntldr to load Dos based operating systems, simulating the previous operating system’s normal boot procedure). • Bootstrapping In computing, bootstrapping (”to pull oneself up by one’s bootstraps”) refers to techniques that allow a simple system to activate a more complicated system. A common scenario is the start up process of a computer system, where a small program, such as the Bios, initializes and tests hardware, peripherals and external memory devices, then loads a program from one of them and passes control to it, thus allowing loading of larger programs, such as an operating system. Bootstrapping was shortened to booting, or the process of starting up any computer, which is the most common meaning for non-technical computer users. The verb “boot” is similarly derived. A “bootstrap” most commonly refers to the simple program itself that actually begins the initialization of the computer’s operating system, like Grub, Lilo or Ntldr. • Chainloading Chain loading is a method used by computer programs to replace the currently executing program with a new program, using a common data area (a so-called core common area) to pass information from the current program to the new program. It occurs in several areas of computing. In operating system boot manager programs, chain loading is used to pass control from the boot manager to a boot sector. The target boot sector is loaded in from disk, replacing the boot sector from which the boot manager itself was bootstrapped, and executed. • Complementary Metal-Oxide-Semiconductor (CMOS) Complementary metal-oxide-semiconductor (Cmos), is a major class of integrated circuits. Cmos technology is used in microprocessors, microcontrollers, static RAM, and other digital logic circuits. The Bios uses the Cmos to store information like the bootorder of physical devices, hardware clock etc. • Cylinder-Head-Sector (CHS) Cylinder-head-sector, also known as Chs, was an early method for giving addresses to each physical block of data on a hard disk drive. In the case of floppy drives, for which the same exact diskette medium can be truly low-level formatted to different capacities, this is still true. Though Chs values no longer have a direct physical relationship to the data stored on disks, pseudo Chs values (which can be translated by disk electronics or software) are still being used by many utility programs. • Direct Memory Access (DMA) Direct memory access (DMA) is a feature of modern computers and microprocessors that allows certain hardware subsystems within the computer to access system memory for reading and/or writing independently of the central processing unit. Many hardware systems use DMA including disk drive controllers, graphics cards, network cards, sound cards and GPUs 47 • Electrically Erasable Programmable Read-Only Memory (EEPROM) EEPROM is a type of non-volatile memory used in computers and other electronic devices to store small amounts of data that must be saved when power is removed. • EXT2 The ext2 or second extended file system is a file system for the Linux kernel. Although ext2 is not a journaling file system, its successor, ext3, provides journaling and is almost completely compatible with ext2. • Extended Boot Record (EBR) An Extended Boot Record (Ebr), or Extended Partition Boot Record (Epbr), is a descriptor for a logical partition under the common Dos disk drive partitioning system. In that system, when one (and only one) partition record entry in the Master Boot Record (Mbr) is designated an ”extended partition,” then that partition can be subdivided into a number of logical drives. The actual structure of that extended partition is described by one or more Ebrs, which are located inside the extended partition. The first (and sometimes only) Ebr will always be located on the very first sector of the extended partition. Unlike primary partitions, which are all described by a single partition table within the Mbr, and thus limited in number, each Ebr precedes the logical partition it describes. If another logical partition follows, then the first Ebr will contain an entry pointing to the next Ebr; thus, multiple Ebrs form a sort of chain from the first to the next, and finally to the last one. This means the number of logical drives that can be formed within an extended partition is limited only by the amount of available disk space.4 • Extensible Firmware Interface (EFI) The Extensible Firmware Interface (Efi) is a specification that defines a software interface between an operating system and platform firmware. Efi is intended as a significantly improved replacement of the old legacy Bios firmware interface historically used by all Ibm-Pc-compatible personal computers. The Efi specification was originally developed by Intel, and is now managed by the Unified Efi Forum and is officially known as Unified Efi (Uefi). • File Allocation Table (FAT) File Allocation Table or Fat is a computer file system architecture. It is the primary file system for various operating systems including MsDos, DrDos, and Microsoft Windows (up to Windows Me). • Firmware Executable machine code, installed in a computers non-volatile memory (Eeprom). It initializes low-level hardware, and passes on the control the the operating system loader. The firmware examples described in the document are Bios and Efi. • Guid Partition Table (GPT) In computer hardware, Guid Partition Table (Gpt) is a standard for 48 APPENDIX D. GLOSSARY the layout of the partition table on a physical hard disk. It is a part of the Extensible Firmware Interface (Efi) standard proposed by Intel as a replacement for the Pc Bios, one of the few remaining parts of the original Ibm-Pc. Efi uses Gpt whereas Bios uses a Master Boot Record (Mbr). • Globally Unique Identifier (GUID) A Globally Unique Identifier or (Guid) is a special type of identifier used in software applications in order to provide a reference number which is unique in any context (hence, ”Globally”). While each generated Guid is not guaranteed to be unique, the total number of unique keys (2128 or 3.4 · 1038 ) is so large that the probability of the same number being generated twice is very small. • Grand Unified Bootloader (GRUB) Gnu Grub (”Grub” for short) is a boot loader package from the Gnu Project. Grub is the reference implementation of the Multiboot Specification, which allows a user to have several different operating systems on their computer at once, and to choose which one to run when the computer starts. Grub can be used to select from different kernel images available on a particular operating system’s partitions, as well as to pass boot-time parameters to such kernels. • Hardware Abstraction Layer (HAL) A hardware abstraction layer (Hal) is an abstraction layer, implemented in software, between the physical hardware of a computer and the software that runs on that computer. Its function is to hide differences in hardware from most of the operating system kernel, so that most of the kernelmode code does not need to be changed to run on systems with different hardware. The Windows Nt operating system has a Hal in the kernel space, between hardware and kernel, drivers, executive services. This allows portability of the Windows Nt kernel-mode code to a variety of processors, with different memory management unit architectures, and a variety of systems with differentI/O bus architectures; most of that code runs without change on those systems, when compiled for the instruction set for those systems. • Initial Program Load (IPL) The program that resides in the Master Boot Code part of the Master Boot Record. • Linux Loader (LILO) Lilo (LInux LOader) is a generic boot loader for Linux. It was one of the most popular bootloaders until Grub was released. • Logical Block Addressing (LBA) Logical block addressing (Lba) is a common scheme used for specifying the location of blocks of data stored on computer storage devices, generally secondary storage systems such as hard disks. The term Lba can mean either the address or the block to which it refers. Logical blocks in modern computer systems are typically 512 or 1024 bytes each. ISO 9660 CDs (and images of them) use 2048-byte blocks. 49 The Lba scheme replaces earlier schemes which exposed the physical details of the storage device to the software of the operating system. Chief among these was the cylinder-head-sector (Chs) scheme, where blocks were addressed by means of a tuple which defined the cylinder, head, and sector at which they appeared on the hard disk. Chs didn’t map well to devices other than hard disks (such as tapes and networked storage), and was generally not used for them. • Master Boot Code The first 440 bytes of the Master Boot Record, it contains a small program that is used to chainload a bootmanager. Also known as ‘Initial Program Load’ • Master Boot Record (MBR) The first 512 bytes of the boot sector of a harddisk. It contains code to bootstrap operatings systems (the ‘Master Boot Code’) as well as the partition table of the disk, used to indicate the active partition from which to boot the operating system. • NT File System (NTFS) Ntfs is the standard file system of Windows Nt, including its later versions Windows 2000, Windows Xp, Windows Server 2003, Windows Server 2008, and Windows Vista. • NT Loader (NTLDR) Ntldr (abbreviation of Nt Loader) is the boot loader for all releases of Microsoft’s Windows NT operating system up to and including Windows XP and Windows Server 2003. Ntldr is typically run from the primary hard disk drive, but it can also run from portable storage devices such as a CD-ROM, USB flash drive, or floppy disk. Ntldr can also load a non NT-based operating system given the appropriate boot sector in a file. For Xp, the Mbr looks for and loads ntldr. Ntldr then read from boot.ini. If it finds two or more entries in boot.ini, then it will present a menu option for the entries (unless you set to boot an item automatically). • Power-On Self Test (POST) Power-on self-test (Post) is the common term for a computer, router or printer’s pre-boot sequence. The same basic sequence is present on all computer architectures. It is the first step of the more general process called initial program load (Ipl), booting, or bootstrapping. The term Post has become popular in association with and as a result of the proliferation of the Pc. It can be used as a noun when referring to the code that controls the pre-boot phase or when referring to the phase itself. It can also be used as a verb when referring to the code or the system as it progresses through the pre-boot phase. Alternatively this may be called “Posting.” • Random Access Memory (RAM) Ram is a form of computer data storage. Today it takes the form of integrated circuits that allow the stored data to be accessed in any order 50 APPENDIX D. GLOSSARY (i.e., at random). The word random thus refers to the fact that any piece of data can be returned in a constant time, regardless of its physical location and whether or not it is related to the previous piece of data. The word Ram is mostly associated with volatile types of memory, where the information is lost after the power is switched off. • Volume Boot Record (VBR) A Volume Boot Record (also known as a volume boot sector or a partition boot sector, although the latter is not strictly correct) is a type of boot sector, stored in a disc volume on a hard disk, floppy disk, or similar data storage device, that contains code for booting programs (usually, but not necessarily, operating systems) stored in other parts of the volume. On non-partitioned storage devices, it is the first sector of the device. On partitioned devices, it is the first sector of an individual partition on the device, with the first sector of the entire device instead being a Master Boot Record (Mbr). The code in volume boot records is invoked either directly by the machine’s firmware or indirectly by an Mbr or a boot manager. Invoking a Vbr via a boot manager is known as chain loading. Some dual boot systems, such as Ntldr, take copies of the bootstrap code that individual operating systems install into a single partition’s Vbr and store them in disc files, loading the relevant Vbr content from file after the boot loader has asked the user which operating system to bootstrap. In certain file system formats, in addition to bootstrap code the Vbr contains a Bios parameter block that specifies the location and layout of the principal on-disc data structures for the file system. References [1] Microsoft Technet, How Basic Disks and Volumes Work http://technet.microsoft.com/en-us/library/cc739412.aspx [2] Microsoft Technet, Boot INI Options Reference http://technet.microsoft.com/en-gb/sysinternals/bb963892.aspx [3] Microsoft Technet, Microsoft Advanced Windows Debugging and Troubleshooting - How windows starts up http://blogs.msdn.com/...art-1-of-4.aspx http://blogs.msdn.com...the-second.aspx [4] Microsoft Technet, Troubleshooting the Startup Process http://technet.microsoft.com/en-us/library/bb457123.aspx [5] Microsoft Technet, How Basic Disks and Volumes Work http://technet.microsoft.com/en-us/library/cc739412.aspx [6] Microsoft Support, Windows Vista no longer starts after you install an earlier version of the Windows operating system in a dual-boot configuration http://support.microsoft.com/kb/919529 [7] Apple Developer Connection, Technical Note TN2166, Secrets of the GPT http://developer.apple.com/technotes/tn2006/tn2166.html [8] Boot Process and Startup Sequence Overview http://ali.apple.com/ali_sites/adcchd/Exhibits/Assets/unit_additional/ ADD_1_SG_BootOverview.pdf [9] GNU GRUB, The GRUB Homepage http://www.gnu.org/software/grub/ [10] Manpages, The LILO manpage http://www.netadmintools.com/html/5lilo.conf.man.html [11] Intel, Extensible Firmware Interface (EFI) http://www.intel.com/technology/efi/ [12] Starman. An Examination of the Windows 2000 and Windows Xp Mbr http://mirror.href.com/thestarman/asm/mbr/Win2kmbr.htm [13] Multibooters. Dual/Multi booting with Vista http://www.multibooters.co.uk/ 51 52 APPENDIX D. GLOSSARY [14] Jonathan de Boyne Pollard. Frequently Given Answers written by JdeBP - Operating System bootstraps http://homepages.tesco.net./J.deBoynePollard/FGA/ [15] Wikipedia, The Free Encyclopedia BIOS - BootCamp - Booting - Boot sector - Chain loading - CHS - Disk partitioning - EFI - EFI partition - GRUB - GPT - Linux startup - MBR - Multi boot - NTLDR - Open Firmware - POST - Volume Boot Record Windows NT startup - Windows Vista startup Index bootmgr, 45 bootsect.dos, 45 File Allocation Table, 47 Firmware, 9, 47 80386, 13 Globally Unique Identifier, 11, 48 GPT, see GUID Partition Table GRUB, 48 Grub4Dos, 22 GUID, see Globally Unique Identifier GUID Partition Table, 11, 47 Basic Input/Output System, 9, 45 BCD, see Boot Configuration Data BIOS, see Basic Input/Output System Boot Configuration Data, 30, 45 Booting, 45 Bootloader, 7, 45 BootRom, 16 Bootstrapping, 7, 46 Bootx, 22 HAL, see Hardware Abstraction Layer Hardware Abstraction Layer, 20, 48 HFS, see Hierarchical File System Hierarchical File System, 42 Chainloading, 11, 46 Initial Program Load, 9, 48 CHS, see Cylinder-Head-Sector, see CylinderIPL, see Initial Program Load Head-Sector Itanium, 13 CMOS, see Complementary Metal OxLBA, see Logical-Block-Addresing, see ide Semiconductor Logical Block Addressing Complementary Metal Oxide SemiconLegacy MBR, 12 ductor, 15, 46 Cylinder-Head-Sector, 12, 26, 38, 46 LILO, 48 Logical Block Addresing, 9 Direct Memory Access, 15, 46 Logical Block Addressing, 12, 48 DMA, see Direct Memory Access Master Boot Code, 9, 49 EBR, see Extended Boot Record Master Boot Record, 9, 49 EEPROM, see Electrically Erasable Pro- MBR, see Master Boot Record grammable Read-Only Memory NT File System, 49 EFI, see Extensible Firmware Interface NT Loader, 49 Electrically Erasable Programmable ReadNTFS, see NT File System Only Memory, 47 NTLD, see NT Loader EPBR, see Extended Partition Boot OpenFirmware, 22 Record Operating System, 7 EXT2, 47 OS, see Operating System Extended Boot Record, 10, 47 Extended Partition Boot Record, 10 Extensible Firmware Interface, 11, 47 PBR, see Primary Boot Record POST, see Power-On Self Test FAT, see File Allocation Table Power-On Self Test, 15, 49 53 54 Primary Boot Record, 11 Protective MBR, 12 RAM, see Random Access Memory Random Access Memory, 49 ROM extension, 16 VBR, see Volume Boot Record, see Volume Boot Record Volume Boot Record, 11, 16, 50 x86, 13 INDEX