Booting Process: A step by step tutorial for understanding Linux boot sequence

One of the most remarkable achievement in the history of mankind is computers. Another amazing fact about this remarkable achievement called computers is that its a collection of different electronic components, and they work together in coordination to give you a meaningful output. We in our day to day lives use this complex system in one or the other way. But not many of us know how these things work together.

Press the power button on your system, and after few moments you see the login prompt or desktop. Have you ever wondered what happens behind the scenes from the time you press the power button until the desktop appears?

In this tutorial, we will be discussing how a computer boots. I must say how a computer with Linux operating system boots. I hope this will be helpful to other readers as well.

Understanding the boot process, will help you understand how the hardware and software is working together, and also will give you the required information to begin troubleshooting a booting problem you have.

Linux booting process can be divided to multiple stages. The below shown diagram explains the different stages. We will be discussing each of these stages in detail, in their respective sections.

Step 1: Power Supply & SMPS

One of the main component of a computer is SMPS(Switching Mode Power Supply). The primary objective of this component is to provide the perfect required voltage level to the motherboard and other computer components. Computer internals work in DC, however the power supply we have at home and other places are AC. SMPS converts AC to DC and maintain the required voltage level so that the computer can work flawlessly.

But the main task performed by SMPS, is to inform about the good power supply. As I told if the voltage is more/ or is less, in both the conditions a computer cannot work. As soon as you supply power to the computer, the SMPS checks the voltage level's its providing to the motherboard. If the power signal level is perfect, then SMPS will send a POWER GOOD signal to the motherboard timer.

On receiving this POWER GOOD signal from SMPS, the motherboard timer will stop sending reset signal to the CPU. Which means the power level is good and the computer can boot.

 

Step 2: Bootstrapping

Something has to be programmed by default, so that the CPU knows where to search for instructions.

This is an address location in the ROM. This address location is almost always constant in X86 based computers. The address location is FFFF:0000h.

This address location is the last region of the ROM. It only contains one instruction. The instruction is to jump to another memory address location. This JUMP command, will tell the location of the BIOS program in the ROM.

This is how the computer will come to know where the BIOS program is located.

Step 3: The Role of BIOS in booting process

The word booting comes from another word called bootstrapping. The computer knows how to bring itself up, when you press the start button, because of the instructions that are fed to a program called as BIOS. BIOS stands for Basic Input Output System. The most important use of BIOS during the booting process is POST. POST stands for Power on Self Test. Its a series of tests conducted by the bios, which confirms the proper functioning of different hardware components attached to the computer.

POST is very important thing to have before the Operating system is loaded. Just imagine if you have a faulty hard drive or faulty memory, sometimes these things can cause data loss. POST checks and confirms the integrity of the following hardware components.

• Timer IC's
• DMA controllers
• CPU
• Video ROM

A full POST check will confirm the integrity of the following devices as well.

• Motherboard
• Keyboard
• Printer port
• Hard Drive etc

If you are doing a warm start (which means you did a reset of a running machine, most of the times reset button is the small one near the power button on the CPU), a full POST check will not be conducted by the BIOS. However if you are doing a Cold Start, which means you have applied the power now, it will conduct a full POST.

BIOS determines whether its a cold or warm start, by looking at a flag in a predefined memory location. Once the POST completes, the BIOS will inform you about any problems it found with the help of beep codes (through system speaker). Different number of beep codes have different meaning.

There are two things that people often get confused with. Its CMOS & BIOS. CMOS & BIOS are two completely different things in the computer motherboard. CMOS is a small memory RAM chip that's present in the motherboard. This RAM is different from the computers main RAM chip (which are replaceable memory chips.

These days RAM chips are available in the range of Gigabytes.). Unlike the main RAM chip, CMOS RAM does not flush its memory when a computer is turned off. It remembers all the configuration with the help of a battery called CMOS battery.

Removing a CMOS battery will make the CMOS to forget all the configuration you have saved previously.

• This is the reason you can unlock a computer that's protected with a CMOS password, by simply removing the CMOS battery.
• Also removing the CMOS battery will make the operating system to show you wrong time. Because system time consistency is maintained in CMOS settings.

So its always advisable to replace your CMOS battery at regular intervals, for proper functioning of the computer.

Normally people say that we have modified BIOS settings. But its completely wrong. What they modified is in fact CMOS settings. CMOS settings is the place where you modify the boot order etc.

Bios settings cannot be altered by the user. It requires a flash program provided by the manufacturer.

So Let's get back to our booting process. Once the POST check is completed successfully, BIOS will look CMOS settings to know what is the boot order. Boot order is nothing but a user defined order which tells where to look for the operating system.

The order will be something like the below.

1. CD ROM
2. HARD DISK
3. USB
4. Floppy DISK

The above shown order means that the BIOS will look at CD ROM first to check whether an OS can be loaded from there, if it does not find a bootable disk in the CD ROM, it will look check whether a bootable OS is there in the hard disk, then USB and then Floppy disk.

Let's assume that you don’t have a bootable CD in your CD ROM drive, then the BIOS will turn to HARD disk.

BIOS :- Quick Guide

1. BIOS stands for Basic Input/Output System
2. Performs some system integrity checks
3. Searches, loads, and executes the boot loader program.
4. It looks for boot loader in floppy, cd-rom, or hard drive. You can press a key (typically F12 of F2, but it depends on your system) during the BIOS startup to change the boot sequence.
5. Once the boot loader program is detected and loaded into the memory, BIOS gives the control to it.
6. So, in simple terms BIOS loads and executes the MBR boot loader.

Linux Boot Process 



 The stages of a typical Linux boot process.

Step 4: MBR 

 

Now as you don't have any bootable CD in your CD ROM Drive, the bios will look at the second device from the boot order settings. The second device is your Hard Disk.
BIOS is programmed to look at a permanent location on the hard disk to complete its task. This location is called a Boot sector. This is nothing but the first sector of your hard disk. This area is sometimes called as MBR (Master Boot Record). This is the location that contains the program that will help our computer to load the operating system. As soon as bios finds a valid MBR, it will load the entire content of MBR to RAM, and then further execution is done by the content of MBR.
This first sector of the hard disk is only of 512 bytes. Yeah its too small an area for an entire boot loader program to fit in. Hence most of the operating system store only the first stage of their boot loader program in here. Only the first 440 bytes from the total of 512 bytes is used by the first stage boot loader, the remaining part is used to store partition table information.

Root user can take an entire dump/backup of your MBR in linux with the help of the following command:
 dd if=/dev/sda of=mbr bs=512 count=1

Now you get like this output:









MBR :- Quick Guide

1. MBR stands for Master Boot Record.
2. It is located in the 1st sector of the bootable disk. Typically /dev/hda, or /dev/sda
3. MBR is less than 512 bytes in size. This has three components.
4. It contains information about GRUB (or LILO in old systems).
5. So, in simple terms MBR loads and executes the GRUB boot loader.





Read: What is MBR and GPT Partition Table


Step 5: GRUB

 

As the title of this article says "Linux Booting process", we will be having grub stage one in the first 440 bytes of the MBR. I would suggest to read the artcle to understand grub and its details.


MBR :- Quick Guide
1. GRUB stands for Grand Unified Bootloader.
2. If you have multiple kernel images installed on your system, you can choose which one to be executed.
3. GRUB displays a splash screen, waits for few seconds, if you don’t enter anything, it loads the default kernel image as specified in the grub configuration file.
4. GRUB has the knowledge of the filesystem (the older Linux loader LILO didn’t understand filesystem).
5. Grub configuration file is /boot/grub/grub.conf (/etc/grub.conf is a link to this). The following is sample grub.conf of CentOS.#boot=/dev/sda default=0 timeout=5 splashimage=(hd0,0)/boot/grub/splash.xpm.gz hiddenmenu title CentOS (2.6.18-194.el5PAE) root (hd0,0) kernel /boot/vmlinuz-2.6.18-194.el5PAE ro root=LABEL=/ initrd /boot/initrd-2.6.18-194.el5PAE.img
6. As you notice from the above info, it contains kernel and initrd image.
7. So, in simple terms GRUB just loads and executes Kernel and initrd images.



1. Kernel

   1. Mounts the root file system as specified in the “root=” in grub.conf
   2. Kernel executes the /sbin/init program
   3. Since init was the 1st program to be executed by Linux Kernel, it has the process id (PID) of 1. Do a ‘ps -ef | grep init’ and check the pid.
   4. initrd stands for Initial RAM Disk.
   5. initrd is used by kernel as temporary root file system until kernel is booted and the real root file system is mounted. It also contains necessary drivers compiled inside, which helps it to access the hard drive partitions, and other hardware.

2. Init

   1. Looks at the /etc/inittab file to decide the Linux run level.
   2. Following are the available run levels
      • 0 – halt
      • 1 – Single user mode
      • 2 – Multiuser, without NFS
      • 3 – Full multiuser mode
      • 4 – unused
      • 5 – X11
      • 6 – reboot
   3. Init identifies the default initlevel from /etc/inittab and uses that to load all appropriate program.
   4. Execute ‘grep initdefault /etc/inittab’ on your system to identify the default run level
   5. If you want to get into trouble, you can set the default run level to 0 or 6. Since you know what 0 and 6 means, probably you might not do that.
   6. Typically you would set the default run level to either 3 or 5

3. Runlevel Programs

   1. When the Linux system is booting up, you might see various services getting started. For example, it might say “starting sendmail …. OK”. Those are the runlevel programs, executed from the run level directory as defined by your run level.
   2. Depending on your default init level setting, the system will execute the programs from one of the following directories.
      • Run level 0 – /etc/rc.d/rc0.d/
      • Run level 1 – /etc/rc.d/rc1.d/
      • Run level 2 – /etc/rc.d/rc2.d/
      • Run level 3 – /etc/rc.d/rc3.d/
      • Run level 4 – /etc/rc.d/rc4.d/
      • Run level 5 – /etc/rc.d/rc5.d/
      • Run level 6 – /etc/rc.d/rc6.d/
   3. Please note that there are also symbolic links available for these directory under /etc directly. So, /etc/rc0.d is linked to /etc/rc.d/rc0.d.
   4. Under the /etc/rc.d/rc*.d/ directories, you would see programs that start with S and K.
   5. Programs starts with S are used during startup. S for startup.
   6. Programs starts with K are used during shutdown. K for kill.
   7. There are numbers right next to S and K in the program names. Those are the sequence number in which the programs should be started or killed.
   8. For example, S12syslog is to start the syslog deamon, which has the sequence number of 12. S80sendmail is to start the sendmail daemon, which has the sequence number of 80. So, syslog program will be started before sendmail.

There you have it. That is what happens during the Linux boot process.