Bootloader Detailed (reprint)

Reproduced, the source is unknown, the article is very good.

One. bootloader Introduction

Bootloader is the hardware in the power-on, in addition to the BIOS curing program to run the first software, responsible for loading the real operating system, can be understood as a very small OS. Currently in the Linux platform mainly has LILO, grub and so on, in the Windows platform mainly has NTLDR, bootmgr, GRLDR and so on. This describes the startup process of the bootloader based on grub-0.97.

General Grub is mainly divided into stage1 and stage2 two stages. The MBR stage1 as the boot device exists in the first sector and is only 512 bytes in size. Stage1 loads the Start program in the second sector, and the start loads the stage2 in the form of a disk sector rather than a file system. The stage2 contains a process that enables user interaction, and is actually a small OS. Stage2 allows you to choose which version of the operating system you want to load and the associated parameters, and Stage2 also provides special features such as encryption, networking, and CD-ROM startup.

If GRUB supports Stage1_5, the start of stage1 load is not to load the stage2, but to load the stage1_5 first, then load stage1_5 through the file system, driven by the Stage2 supported file system.

To be particularly pointed out, start. S is the beginning of the Stage1_5 512-byte Start program source code, but also the beginning of the Stage2 512 bytes of source code, but some of the specific procedures and parameters because of conditional compilation is different, such as in the compilation of the Stage1_5 start of the use of the-dstage1 _5, but not when compiling stage2.

The Stage1 is located in the MBR sector, which is the 1th sector of the 0-side 0 track, 512 bytes (388-byte code + 58-byte BIOS Parameter block BPB information + 64-byte partition table + 2 byte flag 55AA). The Start program is located on the 0-side 0-Channel 2nd sector. If the system support stage1_5,stage1_5 generally from the 0-side 0-Track 3rd sector start, this time stage2 can be loaded in a file, otherwise stage2 generally from the 0 0-track 3rd sector. These are all grub is ready to install into the system.

Two. Boot Process for GRUB

1. System power, BIOS self-test hardware status, such as CPU, memory, hard disk and other information.

2. The BIOS performs int 0x19, reads the MBR of the boot device, that is, 512 bytes of the starting sector, actually the grub stage1, loads it into the memory address 0x7c00 and jumps to execute. Note When the initial system is installed, the GRUB installer will embed stage1_5 or stage2 disk location information in the Stage1 when you install the Grub stage1 to the boot device start sector, and with this preparation, Stage1 can be downloaded into Stage2 without file system support.

3. Stage1 starts execution, loads the start program in the second sector to 0x2000 (if Stage1_5 is supported) or 0x8000 (does not support stage1_5), and jumps execution.

4. Execute _start (in file start.) s), if support stage1_5, then load stage1_5 to 0x2200, otherwise load stage2 to 0x8200, and jump execution.

5. Executes Ext_c (main) in the file ASM. s), through Ext_c (Init_bios_info) into the cmain.

6. Execution Cmain (available in file stage1_5.c or stage2.c). To support Stage1_5, first enter the Cmain in stage1_5, load stage2 through the file system, then execute Chain_stage2, jump to Stage2 (main), and then enter Ext_c (ext_c info), then the Cmain in the Stage2, or directly into the Stage2 Cmain.

7. Call Run_menu, which allows user interaction to select the boot kernel.

8. Execute run_script (in file cmdline.c), and then run Builtin->func in Menu.lst (grub.conf), such as Root_func, Kernel_func, and Initrd_func ( See file BUILTINS.C), and finally run the Boot_func boot kernel.

Three. Introduction to Hard disk working mode and related BIOS calls

1. Hard disk Working mode

Today's hard drives generally support both logical block Addressing (LBA) and cylindrical head sector addressing (CHS) patterns, which are 3D addressing methods consisting of cylindrical/head/sector (Cylinder/head/sector). In the disk CHS addressing mode, the data transmission address is written to 4 8-bit registers, namely: cylindrical low register, cylinder high register, Sector register and device/head registers.

The cylinder address is 16 bits, that is, the cylindrical low register (8-bit) plus the cylindrical high register (8-bit). The sector address is 8 bits (note: The first sector in sector registers is 1 sectors, not 0 sectors). The head address is 4 bits (not fully occupied by 8 bits). As a result, the maximum number of disk cylinders is 65,536 (2 of 16), the maximum number of heads is 16 (2 of 4), the maximum number of sectors is 255 (2 8 to 1, note the sector register problem we mentioned just now). Therefore, the maximum number of sectors that can be addressed is 267,386,880 (65,536x16x255). The size of one sector is 512 bytes, which means that the maximum capacity of the IDE hard disk is 136.9GB if CHS is addressed.

In the LBA addressing mode, the total 28-bit available register space (16+8+4) described above is considered to be a complete LBA address because a bit 0 is included (the sector in CHS mode cannot be computed from 0), and the number of sectors it can address is 268,435,456 (65,536x16x256) , the IDE hard disk has a maximum capacity of 137.4GB.

In particular, the 528MB and 8.4GB limitations caused by int13 defects in the BIOS

Earlier hard disk capacity is smaller, so when you design the BIOS, when converting addressing addresses from address registers of INT 13 to an IDE (ATA) address register, only the 10-bit address in the INT13 corresponds to the 16-bit cylindrical registers in the IDE (ATA) interface, and the not-used 6-bit ( High register) address is set to 0. At the same time, only the 6-bit sector address corresponds to the 8-bit sector register of the IDE (ATA) interface, where 2 bits are not used to 0. The IDE (ATA) is used only with the 4 bits of the head Register in INT13 (4 bits removed). Therefore, at this point the maximum number of disk cylinders is 1024 (2 of 10), the maximum number of heads is 16 (2 4), and the maximum number of sectors is 63 (2 6 to 1). So the number of sectors that can be addressed becomes 1,032,192 (1,024x16x63). The capacity of one sector is 512 bytes, which means that the maximum capacity of the IDE hard disk is 528.4MB if CHS is addressed. As a result, the 528MB hard disk capacity limit appears.

Later, although the Eide interface extended to the common IDE interface, it supported the LBA access mode, broke the 528MB capacity limit, and theoretically supported the 128G hard disk capacity. But older Bois continue to use 10bit to represent the number of cylinders, 8bit for the number of heads, and 6bit for the number of sectors, so older Bois can support 8.4GB capacity (512X63X255X1024=8.4GB).

In the current newly designed BIOS, the new INT13 does not use the original registers to deliver the addressing parameters of the hard drive, which uses the address packets stored in the operating system's memory (there is still a problem with no OS support). The address pack holds a 64-bit LBA address, and if the hard drive supports LBA addressing, the lower 28 bits are passed directly to the ATA interface, and if not, the operating system converts the LBA address to the CHS address and then to the ATA interface. In this way, the maximum capacity of CHS addressing on the ATA bus base is 136.9GB, while the maximum LBA addressable capacity is 137.4GB.

At the same time, along with the ATA-6 specification and 48-bit LBA adress the implementation and development of the specification, plus ICH4 above the South Bridge support, has already broken hard disk encountered 137.4GB problems.

Maxtor is the first company to launch the 48-bit LBA address specification, the central idea is to increase the number of CHS, in the 48-bit LBA adress specification, the sector addresses set to 16-bit registers, the head address register is also set to 16 bits, the cylinder address register unchanged. This allows the register space available in the LBA address to be raised from 28 bits to 48 bits (16+16+16), the number of sectors that can be addressed is 281,474,976,710,655 (65,536x65,535x65,536), and the capacity of the entire hard drive is 281. 474,976,710,655x512=144,115,188,075,855,872 byte, approximately equal to 144PB (1pb=1000,000,000,000,000 bytes). The 48-bit LBA addressing can basically support the addressing of very large-capacity hard drives.

2. Related BIOS calls

Here refers to the BIOS call is mainly INT13 related disk features, interested can refer to the Interrupt encyclopedia.

2.1. function 0x41

Check to see if the disk supports LBA, for example:

Movb $0x41,%ah

MOVW $0X55AA,%BX

int $0x13

2.2. function 0x42

Reads data to memory from a specified sector

%DL can be obtained from the functional 0x41, which is the device number, and the disk is 0x80

%ds:%si is the specified memory address

2.3. function 0x8

Getting disk parameters

2.4. function 0x2

Reads the specified sector data to memory

%al is the number of sectors

%ch is a cylindrical number.

%CL is a sector area code, 6th, 7 is the high level of the cylinder number

%DH is the head.

%DL is a device, 0x80 is a disk, 0x0 is a floppy drive

%ES:%BX is the specified memory address

Four. MBR (Stage1) detailed

* MBR Fetch: DD IF=/DEV/SDA of=mbr bs=512 count=1
* MBR disassembly, NASM tool centralized Ndisam MBR:

So we use bview to delete the 0x4a before the data is removed and then disassembled.

An MBR content that actually starts the hard drive, with a size of 512 bytes.

Below we analyze the contents of the MBR. We use AT&T assembly language to interpret MBR startup by disassembly of the MBR. Note that the MBR is loaded into the 0x7c00 location of memory when the system starts.

1. Start jump

00000000h:eb 48:jmp $0x0000004a jump to 0x0000004a position execution, actually 0x00000048+2 (EB 48 accounted for two bytes)

00000003h:90:nop

2. Parameter information

00000004h to 0000003DH is a BIOS parameter block BPB.

0000003eh:03:compat_version_major Version number

0000003fh:02:compat_version_minor Version number

00000040h:ff:grub_invalid_drive, loading stage2 tag

00000042h:00 20:start The address 0x2000 that the program loads into, you can actually see from here that this bootloader is supported by stage1_5

00000044H:01 the sector location of the 00:start program

00000048h:00 02:start program's segment address 0x0200

3. Start the disk check and prepare before loading the start program

0000004ah:fa:cli the mark of the break

0000004bh:90 90:nop NOP

0000004dh:f6 C2 80:testb $0x80,%dl: This is to avoid some problematic bios not putting boot devices in%DL

00000050h:75 02:jnz $0x00000054: If the test is not 0, then the grub is considered to be installed on the floppy drive, directly to

00000052h:b2 80:movb $0x80,%dl: If%DL is not set, set it to 0x80

00000054h:ea 7C 00:ljmp $0x00007c59 long jump to 0x7c59, which is actually the 0x0059 here, because the 0x0000 on the disk corresponds to the 0x7c00 in memory, Long jumps are used to avoid problematic BIOS jumps to 07c0:0000 instead of 0000:7C00

00000059h:31 c0:xorw%ax,%ax

0000005bh:8e D8:MOVW%ax,%ds

0000005dh:8e D0:MOVW%ax,%ss; set%ds and%ss to 0

0000005FH:BC 20:MOVW $0x2000,%sp; setting up the stack start from the 0x2000

00000062h:fb:sti; set interrupt Flags

00000063h:a0 7c:movb $ (0X7C40),%al; Actually, it's 0x40, 0x7c40-0x7c00, this is 0xFF.

00000066h:3c FF:CMPB $0xff,%al; Check to see if a grub_invalid_drive tag is set to confirm that the%al is 0xFF

00000068h:74 02:je $0x0000006c: Jump to 0x0000006c if equal

0000006ah:88 C2:movb%al,%DL, save 0xFF to%dl

0000006CH:52:PUSHW%DX

0000006dh:be 7F 7D:MOVW $ (0x7d7f),%si; Take the contents of the 0x7d7f-0x7c00=0x17f, which is currently grub

00000070h:e8 01:call $0x01a7; that is, 0X0134+0X70+0X03=0X01A7 is actually calling the message procedure to print grub on the screen

4. Determine disk mode, CHS or LBA

00000073h:f6 C2 80:testb $0x80,%DL, and if it is a floppy drive (0x80), no LBA judgment is made.

00000076h:74 54:JZ $0X00CC;0X76+0X54+0X2=0XCC, if the comparison result is 0, is the floppy drive, jump directly to the CHS mode

00000078h:b4 41:movb $0x41,%ah

0000007AH:BB AA 55:MOVW $0X55AA,%BX

0000007DH:CD 13:int $0x13; call int13 0x41 Check if the disk supports LBA mode

0000007FH:5A:POPW%DX

00000080H:52:PUSHW%DX

00000081h:72 49:JC $0x00cc; error jump to CHS mode

00000083h:81 FB AA:CMPW $0xaa55,%BX

00000087h:75 43:jne $0x00cc, unequal jump to CHS mode

00000089h:a0 7c:$ (0x7c41),%al; Take the contents of the 0x0041, force it to LBA (you can force LBA when the grub is installed), currently 0, not forced LBA

0000008ch:84 C0:testb%al,%al

0000008eh:75 05:jnz $0x0095, if not 0, is forced LBA, jump to LBA mode

00000090h:83 E1 01:ANDW $,%cx

00000093h:74 37:JZ $0x00cc If it is 0, jump to CHS mode, apparently here for 0, so it is actually entering the CHS mode

5. Read the Start program in LBA mode and read to the memory 0x7000

00000095h:66 8B 4C 10:movl 0x10 (%si),%ecx; This is the gateway to the LBA mode, the number of saved sectors to%ECX

00000099h:be 7C:MOVW $ (0x7c05),%si

0000009CH:C6 FF 01:movb $1 (%si): Set non 0 mode

000000a0h:66 8B 1E 7C:MOVL $ (0X7C44),%EBX: Save sector position to%EBX, here is 1, is actually 2nd sector

000000a5h:c7 00:MOVW $0x0010, (%SI)

000000a9h:c7 00:MOVW $2 (%si)

000000aeh:66 5c 08:movl%ebx, 8 (%SI); Calculate the LBA absolute address of a sector

000000b2h:c7 70:MOVW $0x7000, 6 (%SI)

000000b7h:66 C0:xorl%eax,%eax

000000bah:89 04:MOVW%ax, 4 (%SI)

000000bdh:66 0c:movl%eax, (%SI)

000000c1h:b4 42:movb $0x42,%ah

000000C3H:CD 13:int $0x13, using the INT13 feature 42 to copy the disk data specified by LBA to the 0x7000

000000c5h:72 05:JC $0x00cc; If an error occurs, jump to CHS mode

000000C7H:BB 70:MOVW $0x7000,%BX

000000cah:eb 7d:jmp $0x0149; jumps to the call portal at the specified location

6. Read the Start program using CHS mode, read to the memory 0x7000

000000cch:b4 08:movb,%ah; Here is the entrance to the CHS mode, INT13 function 8 to get drive parameters

000000CEH:CD 13:int $0x13; Calling the BIOS determines the disk's geometry

000000d0h:74 0a:jnc $0X00DC; The process of initiation at normal entry

000000d2h:f6 C2 80:testb $0x80,%DL

000000d5h:0f EA 00:JZ $0x01c3; call failed, detect floppy disk if%DL is 0x80

000000d9h:e9 8D 00:JMP $0x0169; otherwise print hard drive error

000000dch:be 7C:MOVW $ (0X7C05),%si CHS initialization process started

000000DFH:C6 FF 00:movb $1 (%si); set Mode to 0

000000e3h:66 to C0:xorl%eax,%eax; Keep the number of heads started

000000e6h:88 F0:movb%dh,%al

000000E8H:40:INCW%ax

000000e9h:66 04:MOVL%eax, 4 (%SI)

000000edh:31 d2:xorw%dx,%DX

000000efh:88 Ca:movb%cl,%DL

000000F1H:C1 E2 02:SHLW $,%DX

000000f4h:88 E8:movb%ch,%al

000000f6h:88 F4:movb%dh,%ah; save head number End

000000F8H:40:INCW%ax; Save the number of cylinders start

000000f9h:89 08:MOVW%ax, 8 (%SI)

000000fch:31 c0:xorw%ax,%ax

000000feh:88 D0:movb%dl,%al

00000100H:C0 E8 02:SHRB $,%al; Save the number of cylinders end

00000103h:66 04:movl%eax, (%si); number of saved sectors

00000106h:66 A1 7C:MOVL $ (0x7c44),%eax, loading the logical start sector address from the 0x44 location, here is 1, actually the 2nd sector

0000010ah:66 to D2:xorl%edx,%edx; Qing 0

0000010dh:66 F7 34:DIVL (%si); divided by the number of sectors

00000110h:88 0a:movb%dl (%si); Save the starting sector

00000113h:66 to D2:xorl%edx,%edx; Qing 0

00000116h:66 F7 04:DIVL 4 (%SI); divided by the number of heads

0000011ah:88 0b:movb%dl, one (%si); Save the starting head

0000011dh:89 0C:MOVW%ax, (%si); Saving the starting cylinder

00000120h:3b 08:CMPW 8 (%si),%ax;

00000123h:7d 3c:jge $0x0161; Geom error if greater than or equal

00000125h:8a 0d:movb (%si),%dl; Get the high level of the cylinder

00000128H:C0 E2 06:SHLB $,%dl; translation 6 bits

0000012bh:8a 4C 0a:movb (%si),%CL; get sector

0000012eh:fe C1:INCB%CL

00000130h:08 D1:orb%dl,%CL

00000132h:8a 6C 0c:movb (%si),%ch, placing sector + column high to CL, placing the cylinder in CH

00000135H:5A:POPW%DX

00000136h:8a 0b:movb (%si),%DH, magnetic number One

00000139H:BB 70:MOVW $0x7000,%BX

0000013ch:8e C3:MOVW%BX,%es

0000013eh:31 db:xorw%BX,%BX

00000140h:b8 02:MOVW $0x0201,%ax

00000143H:CD 13:int $0x13 int13 function 0x2, read the specified sector contents to 0x7000

00000145h:72 24:JC $0x0171, disk read error jump

7. Move the start program from 0x7000 to the specified start address location, here is 0x2000, and jump to start program

00000147h:8c C3:MOVW%es,%BX

00000149h:8e 7C:MOVW $ (0x7c48),%es; Copy the contents of the 0x7000 to the address specified by 0x0048, this is 0x0200:0x0000

0000014dh:60:pusha

0000014EH:1E:PUSHW%ds

0000014fh:b9 01:MOVW $0x100,%CX

00000152h:8e DB:MOVW%BX,%ds

00000154h:31 f6:xorw%si,%si

00000156h:31 ff:xorw%di,%di

00000158h:fc:cld

00000159h:f3 a5:rep MOVSW; string movement

0000015BH:1F:POPW%ds

0000015ch:61:popa

0000015dh:ff 7c:jmp $ (0x7c42); jump to 0x2000, go to start phase

8. Some basic function calls

00000161h:be 7D:MOVW $0x7d85,%si; Geometry_error call

00000164h:e8 00:call $0x01a7

00000167h:eb 0e:jmp $0x0177

00000169h:be 8A 7D:MOVW $0x7d8a,%si; Hd_probe_error call

0000016ch:e8 00:call $0x01a7

0000016fh:eb 06:jmp $0x0177

00000171h:be 7D:MOVW $0x7d94,%si; Read_error call

00000174h:e8 00:call $0x01a7

00000177h:be 7D:MOVW $0x7d99,%si; General_error call

0000017ah:e8 2A 00:call $0x01a7

0000017dh:eb fe:jmp $0x017d; into the dead cycle

。。。

000001A0H:BB 00:MOVW $0x0001,%BX

000001a3h:b4 0e:movb $0xe,%ah

000001A5H:CD 10:int $0x10

000001A7H:AC:LODSB the call to display messages on the screen

000001A8H:3C 00:CMPB $,%al

000001aah:75 F4:jne $0x01a0

000001ach:c3:ret