How Linux Boots

From docwiki
Jump to: navigation, search


Motivation

Nothing is more frustrating then not being able to boot into your system. If it hangs a boot with a cryptic message, then what do you do? People running other Operating Systems then tend to try to re-install their OS at this point. Once you know how Linux boots then it is almost always possible to boot into your system again as long as your hard-drive is not damaged.

Stages of Booting Linux

Simplified:

  1. your PC boots (BIOS from EEPROM chips on your motherboard. e.g when you press F12 during boot this is handled by the BIOS)
  2. loads the first ca 300 bytes from block 0 of your hard drive
  3. loads the rest of GRUB boot loader
  4. GRUB can readonly mount most filesystems and load kernel (vmlinuz) and initial-ramdisk (initrd)
  5. kernel unpacks itself and intializes hardware
  6. kernel unpacks initial ramdisk and starts script there (e.g. /init )
  7. initial ramdisk scripts loads additional modules and mount real /
  8. starts init process. (today usually systemd)
  9. systemd runs boot scripts for all configured items. (e.g. ssh, X11, ..) and mounts additional filesystems, ..

A few notes to the above:

  • The BIOS is specific to PCs and this looks different on other hardware. E.g. Raspberry Pi and other ARM systems, etc..
  • The initial boot blocks can also be loaded via network (PXE network boot).
  • you can also directly boot a kernel without an initial ram-disk but that means that the kernel needs to have all necessary drives compiled in that are needed for at least reading the harddisk.
  • systemd is still a bit controversial and there are distributions out there that try to avoid it. e.g. devuan.
  • newer PCs support "UEFI/secure boot". Which does not offer much security but was intended to force the lock-in into proprietary operating systems. Most modern Linux Distributions can deal with UEFI-Boot but if you can turn this off in your BIOS settings it will make installing Linux much easier. For an overview of how the UEFI/SecureBoot works see: wiki.debian.org/SecureBoot
  • when booting from CDrom there is a special syslinux bootloader used.

What can you do if your Linux does not Boot?

BIOS

When you do not even get to the Grub bootscreen then you have to check your BIOS. If you have more then 1 Harddrive you can select which one to use for boot and you can allow booting from CDrom or USB drive there. In some BIOS versions you can press F12 to select your boot device

GRUB

When the GRUB boot-loader is working it will show you a menu for booting into all your installed OSs and will allow you to boot with an older kernel. When GRUB fails to load it will drop you into a prompt where you can try various commands, yet it is usually easier to fix your GRUB by booting with a Live-CD or USB-Stick.

When GRUB is working one can also "edit" the arguments that are passed to the kernel. This is often useful. (see below)

GRUB can be protected with a password so that one can only boot the default option and one is not able to pass different arguments to the kernel.


Kernel command-line

When you boot with grub you can specify arguments that are passed to the kernel. Those are usually of the form NAME=value or just some flag.

useful here are:

root=/dev/sdb7 --- would try to use partition 7 of /dev/sdb as your root partition.
init=/bin/bash --- instead of loading sytemd it will directly boot into just a shell.

See: kernel parameters for more.

Booting into Shell

Assume you have an unusual video-card and installed some buggy driver from the vender and now, each time you try to boot your system freezes. Or you start at a new job and you are told to fix an old Linux Server where no one even has a root-password. In this cases you might want to change the boot process so that you can fix that. One way would be to interrupt the normal boot process:

  1. on the GRUB screen press Ctrl-e to edit the command line
  2. go to the part where the kernel parameters are listed and add init=/bin/bash (your changes are just for this boot and not permanent)
  3. press Ctrl-x to boot with this settings.
  4. you will be dropped in a shell where you are root but the filesystem is mounted readonly
  5. in order to change something you need to mount it read write: mount -o remount -rw -n /
  6. now you could change the root password (beware of the keyboard layout!) by typing passwd
  7. or you could edit config files etc...
  8. after you are done: mount readonly again: mount -o remount -r -n /
  9. type: sync and then reboot or halt or you can also just turn the machine off since the file-system is mounted readonly anayways.

Fixing Boot with a Live-CD or USB-thumb-drive

Similar to the above you can boot with a Live-CD like grml, knoppix or similar. With the Live-CD systems you have a fully working Linux system including graphical desktop that normally does not touch your harddrive at all. In order to fix something there:

  1. become root user on the live CD: open a terminal windows and type sudo su -
  2. mount your root partition somewhere. e.g. mount /dev/sda2 /mnt (if you do not know which is your root partition - there are not that many. you might also first check if you have LVM (logical volume management) and start this first and also check if there are software RAID devices.
  3. lets assume you have mounted your root at /mnt
  4. you can then use chroot /mnt to change into that system. This only works if the system is compatible with your kernel.
  5. you also do not have /proc /sys and /dev mounted. this could be done with the mount --bind .. as described in Cloning Systems. (you need to do this before the chroot).
  6. you can then fix scripts, change passwords, rewrite boot loaders, etc..
  7. after you are done type exit to leave the chroot
  8. if you have used them, umount the --bind file-systems
  9. umount your mounted system e.g. umount /mnt
  10. you can now shutdown or reboot your live system: shutdown -r now

Protecting your systems against being hacked via Live-CD or GRUB boot

  1. restricted physical access to your machine.
  2. set a password in BIOS so that no one can change the boot order and restrict booting to the builtin harddrive
  3. set a GRUB password that restricts who can use Ctrl-e to edit parameters
  4. on a laptop: you might want to use an encrypted root file-system. The only downside is that for booting you need to enter the passphrase
  5. seal the screws on your laptop so that you are aware if someone opened the case.


Exercises

  1. review the grub configuration or your system in /etc/default/grub
  2. try to boot into a shell with the init=/bin/bash also try the "rescue modes" that your distribution offers in the GRUB-menu
  3. try booting a live-CD or USB stick and try to mount your root filesystem