OS computer startup

0. Meaning of boot

Ask a question first, "START?

The answer is boot. However, boot originally meant boots. What is the relationship between "Boot" and boots? It turns out that the boot here is the abbreviation of Bootstrap (shoelaces), which comes from a proverb:

"pull oneself up by one‘s bootstraps"

Literally, it is impossible to pull yourself up with your shoelaces. At the earliest time, engineers used it as a metaphor. Computer startup is a very conflicting process: you must first run the program before the computer can start, but the computer cannot run the program if it is not started!

In the early days, we had to try every means to load a small program into the memory before the computer can run normally. Therefore, engineers call this process "shoelaces" and, over time, it is referred to as "Boot.

The entire computer startup process is divided into four stages.

I. Phase 1: BIOS

In the early 1970s S, the read-only memory (read-only memory) was invented, and the boot program was flushed into the ROM chip. After the computer was powered on, the first thing is to read it.

The program in this chip is called the basic input/output system (BiOS.

1.1 hardware self-check

The main programs stored in BIOS include: Self-diagnosis program (Identify hardware configurations by reading the content in cmos ram, and perform self-check and initialization), CMOS setup program (during the boot process, start with a special hotkey, set it, and store it in cmos ram), and automatically load the program (after the system self-check is successful, load the boot program on the disk relative to the 0-sector 0 into the memory to run) and the main I/O driver and interrupt service (bios and hardware directly deal, to load the I/O driver ).

The BIOS program first checks whether the computer hardware meets the basic operating conditions. This is called "Hardware self-test" (post.

If there is a hardware problem, the motherboard will beep with different meanings and start to stop. If no problem occurs, the screen displays information such as CPU, memory, and hard disk.

1.2 startup sequence

After the hardware self-check is completed, the BIOS transfers the control to the Startup Program of the next stage.

In this case, the BIOS needs to know which device the next phase of the Startup Program is stored in. That is to say, the BIOS needs to sort an external storage device. The device that comes first is the device that gives priority to control. This sort is called boot sequence ).

Open the BIOS operation interface, which contains "set startup sequence ".

Ii. Phase 2: Master Guide record

The BIOS forwards control to the first storage device in the boot sequence. That is, read the MBR of the Startup Device from a floppy disk, hard disk, or removable device according to the boot sequence specified by the user, and put it in the specified position (0x7c000) memory.

In this case, the computer reads the first sector of the device, that is, the first 512 bytes. If the last two bytes of the 512 bytes are 0x55 and 0xaa, the device can be used for startup. If not, the device cannot be used for startup, the control is then transferred to the next device in the startup sequence.

The first 512 bytes are called "Master Boot Record" (MBR ).

2.1 Structure of the Master Boot Record

The "primary Boot Record" contains only 512 bytes, which cannot be put too much. It is mainly used to tell the computer where to find the operating system from the hard disk.

The Master Boot Record consists of three parts:

（1） 第1-446字节：调用操作系统的机器码。（2） 第447-510字节：分区表（Partition table）。（3） 第511-512字节：主引导记录签名（0x55和0xAA）。

The second part "partition table" is used to divide the hard disk into Several partitions.

2.2 partitioned table

Hard Disk partitioning has many advantages. Considering that different operating systems can be installed in each zone, the "Master Boot Record" must know which zone the control is transferred.

The partition table is only 64 bytes in length and is divided into four items, each of which is 16 bytes. Therefore, a hard disk can be divided into up to four primary partitions, also known as "primary partition ".

The 16 bytes of each primary partition are composed of six parts:

（1） 第1个字节：如果为0x80，就表示该主分区是激活分区，控制权要转交给这个分区。四个主分区里面只能有一个是激活的。（2） 第2-4个字节：主分区第一个扇区的物理位置（柱面、磁头、扇区号等等）。（3） 第5个字节：主分区类型。（4） 第6-8个字节：主分区最后一个扇区的物理位置。（5） 第9-12字节：该主分区第一个扇区的逻辑地址。（6） 第13-16字节：主分区的扇区总数。

The last four bytes ("the total number of sectors in the primary partition") determine the length of the primary partition. That is to say, the total number of sectors in a primary partition cannot exceed 2 to the power of 32.

If each slice is 512 bytes, it means that a single partition cannot exceed 2 TB. Considering that the logical address of the slice is also 32 bits, the maximum available space of a single hard disk cannot exceed 2 TB. To use a larger hard disk, there are only two methods: one is to increase the number of bytes for each sector, and the other is to increase the total number of sectors.

Stage 3: Hard Disk startup

At this time, the control of the computer will be transferred to a partition of the hard disk, which is divided into three situations.

3.1 case A: volume boot records

As mentioned in the previous section, only one of the four primary partitions is active. The computer reads the first sector of the active partition, which is called "volume Boot Record" (volume Boot Record, abbreviated as VBR ).

The main function of volume Boot Record is to tell the computer where the operating system is located in this partition. Then, the computer will load the operating system.

3.2 case B: Extended partitions and logical partitions

As the hard disk grows, four primary partitions are insufficient and more partitions are needed. However, there are only four partition tables, so there is a rule that only one partition can be defined as an extended partition ).

The so-called "extended partition" means that the partition is divided into multiple zones. The partition in this type of partition is called "logical partition ).

The computer first reads the first sector of the extended partition, which is called extended Boot Record (EBR ). It also contains a 64-byte partition table, but there are only two items at most (that is, two logical partitions ).

The computer then reads the first sector of the second logical partition, finds the location of the third logical partition from the partition table, and so on, until the partition table of a logical partition only contains itself (that is, there is only one partition item ). Therefore, extended partitions can contain countless logical partitions.

However, it seems that the operating system is rarely started in this way. If the operating system is indeed installed in the extended partition, it is generally started in one of the following ways.

3.3 Case C: Start the manager

In this case, after the computer reads the machine code of the first 446 bytes of the "Master Boot Record", it no longer transfers control to a partition, instead, run the pre-installed boot loader, which is the operating system you choose to start.

In Linux, grub is the most popular startup manager.

For grub, the 446-byte boot program in MBR is the starting execution program of grub. Through this program, the execution process of stage1.5 or stage2 is described in detail below.

Among them, stage1.5 or stage2 is a phase 2 pilot process, and stage2 is also the core code of grub kernel. The stage1.5 process (for grub, stage1.5 and grub2 do not exist) has a single function, mainly to guide the stage2 process service. Because the code of the stage2 process is stored in the boot partition directory of the file system, the stage1.5 process is to provide a file system environment, the file system environment must ensure that the system can find files in the stage2 process. The file system provided in the stage1.5 stage must be corresponding to the boot file system, this is determined during the execution of grub install. During the stage2 process, the system will switch to the protection mode, set the runtime environment of C, find the config file (in fact, it is the menulist file), and execute a shell if it is not found, wait for the execution of the user. Then the task becomes a loop of entering the command-> parsing command-> Executing command. Of course, the final state of this phase is to execute the boot command, load the kernel and initrd image into the memory, and then transfer the control to the kernel.

Iv. Stage 4: Operating System

After control is transferred to the operating system, the kernel of the operating system is first loaded into the memory.

Take the Linux system as an example. Load the kernel under the/boot directory first. After the kernel is loaded successfully, the first program to run is/sbin/init. It generates the INIT process according to the configuration file (the Debian system is/etc/initab. This is the first process after Linux is started. The PID process number is 1, and other processes are its descendants.

Then, the init thread loads various modules of the system, such as window programs and network programs, until the/bin/login program is executed and jumps out of the logon interface, waiting for the user to enter the user name and password.

So far, all the startup processes have been completed.

There are also many details in dalei's blog:

BiOS startup details:

A) Press the power switch and the power supply starts to supply power to the motherboard and other devices. When the chipset detects that the power supply has begun to stabilize the power supply (of course, the process from unstable to stable is just a moment ), it then removes the reset signal (if you manually press the reset button on the computer panel to restart the machine, the chipset will remove the reset signal when the button is released); the CPU immediately goes from the address FFFF: start to execute the command at 0000 h. Here, it is just a jump command that jumps to the real startup code in the system BIOS.

B) the startup code of the system BIOS is post (power-on self test, self-check after power-on ). The post mainly checks whether some key devices in the system exist and can work normally, such as memory and video card devices. Because the post is the earliest detection process, the video card has not been initialized yet, if the system BIOS finds some fatal errors during the post process, for example, the memory is not found or the memory is faulty (at this time, only KB of general memory will be checked ), then, the system BIOS will directly control the speaker voice to report errors. The length and number of sounds represent the type of errors. Under normal circumstances, the post process is very fast, it is almost impossible to feel its existence. After the post is completed, other code will be called for more complete hardware detection.

C) The system BIOS will look for the BIOS of the video card. As mentioned above, the starting address of the ROM chip storing the video card BIOS is usually located at c0000h. After the system BIOS finds the video card bios, it calls its initialization code. The video card BIOS initializes the video card. At this time, most graphics cards will display some initialization information on the screen to introduce the manufacturers, graphics chip types and other content, but this picture is almost a flash. The system BIOS then looks for the BIOS program of another device. After finding the program, you also need to call the initialization code in the BIOS to initialize the relevant device.

D) after finding the BIOS of all other devices, the system BIOS displays its own boot screen, including the type, serial number, and version number of the system BIOS.

E) then, the system BIOS detects and displays the CPU type and operating frequency, tests all ram, and displays the Memory Test Progress on the screen. You can choose to use a simple, time-consuming or detailed testing method in the CMOS settings.

F) after the memory test is passed, the system BIOS will start to detect some standard hardware devices installed in the system, including hard disks, CD-Rom, serial ports, parallel ports, and soft drives, in addition, the vast majority of newer versions of the system BIOS also need to automatically detect and set the memory timing parameters, hard disk parameters and access mode.

G) after the standard device is detected, the plug-and-play code in the system BIOS starts to detect and configure the plug-and-play devices installed in the system. After a device is found, the system BIOS displays the device name, model, and other information on the screen, and allocates resources such as interrupt, DMA channel, and I/O port to the device.

H) by now, all hardware has been tested and configured. Most system BIOS will be refreshed and a table is displayed above the screen, it roughly lists the various standard hardware devices installed in the system, the resources they use, and some related working parameters.

I) The system BIOS will update escd (extended system configuration data, extended system configuration data ). The escd is a means for the system BIOS to exchange hardware configuration information with the operating system. The data is stored in CMOS (a small block of special ram, powered by a battery on the motherboard. Generally, the escd data is updated only after the hardware configuration of the system changes. Therefore, the "Update escd... Success. However, the BIOS of some motherboard uses a different data format than Windows 9x when saving escd data, therefore, Windows 9x will modify the escd data to its own format during its own startup process. However, even if the hardware configuration does not change during the next boot, the system BIOS will change the escd data format back. Such a loop will lead to a new escd in the system bios every time the machine is started, which is why some machines will display relevant information at each startup.

J) after the escd is updated, the startup code of the system BIOS is used to start MBR from a floppy disk, hard disk, or optical drive according to the boot sequence specified by the user. In this process, the end two locations where the MBR is placed are compared according to the Starting sequence, and whether the two ends are 0xaa55. In this way, the device is guided by the device. After confirming, read the MBR content of the boot device to the position of 0x7c00 [1], and judge the last two digits again. After the detection is correct, perform Phase 1's guidance.

EFI startup details

Compared with traditional MBR, GPT adopts different partitioning methods.

For traditional MBR, its structure is mainly as follows:

That is, the image description described above. In the figure, we can see that MBR is divided into three parts: bootloader, table, and magic number. The bootloader part is the starting part of stage1.

On the contrary, the GPT partitioning method adopted in the EFI system is different from the MBR partitioning method, from which we can find that:

As shown in, GPT partition tables mainly include: Protection MBR, primary GPT header, primary GPT, standby GPT, backup GPT header, and disk data zone. Protection MBR is not much different from normal MBR, mainly because of the differences in partition tables. In the protection MBR, only one partition represented as 0xEE is used to indicate that the hard disk uses GPT partition tables. The primary GPT header contains a large amount of information. The specific content is as follows:

The partition table header defines the available space of the hard disk and the size and quantity of items that constitute the partition table. The partition table header also records the guid of the hard disk and records the position and size of the Partition Table header (The position is always in lba1) and the location and size of the backup partition table header and Partition Table (at the end of the hard disk ). It also stores its own CRC32 verification with the partition table. When the firmware, boot program, and operating system are started, you can determine whether the partition table has an error based on the check value. If an error occurs, you can use the software to restore the entire partition table from the last backup GPT Partition Table on the hard disk, if the backup GPT is also validated incorrectly, the disk will be unavailable and the system will refuse to start.

Next we will focus on 128 Partition Table items. GPT partition tables use simple and direct representation of partitions. The first 16 bytes of a partition table item are the partition type guid. For example, the guid type for the EFI system partition is {C12A7328-F81F-11D2-BA4B-00A0C93EC93B }. The next 16 bytes are the unique guid of the partition (this refers to the partition itself, and the previous guid refers to the type of the partition ). The next step is the 64-bit LBA number at the end of the partition and the name and attribute of the partition. The specific structure is as follows:

MBR boot

Next, let's start the real boot process, which mainly describes the grup guidance. In general, grub is more like a mini OS, but this mini OS only loads other operating systems. Grub includes stage1, stage1.5 (optional), and stage2, stage1 and stage1.5 belong to boot loader, and stage2 belongs to the kernel part of mini OS. In grub, The stage1 process is mainly located in the first 446 bytes of MBR (for disks that support GPT partitioning, the first 512 bytes are also used as the protection MBR, which is slightly different from normal MBR protection, this is mainly because of the differences in partition tables. in MBR protection, only one partition represented as 0xEE is used to indicate that this hard disk uses GPT partition tables, operating systems that cannot recognize GPT hard disks usually recognize an unknown partition and refuse to operate on the hard disk). The subsequent 64 bytes are the Partition Table of the hard disk, the last two bytes are the ending mark (0xaa55) of MBR ).

Stage1 occupies 446 bytes. The code file is the stage1/stage1.s file in the source code directory. After compilation, a 512-byte boot is generated. IMG is written in the zero-face, zero-sector, and one-sector of the hard disk as the MBR of the hard disk. The work of stage1 is very simple, that is, loading 512 bytes to 0x8000 on 0-side 0-Channel 2 sectors, and then jump to 0x8000 for execution.

The 512-byte content on the 0-side, 0-way, 2-sector isStage1/start. sFiles are assembled and generated. The content on this slice is used to load the stage1.5 or stage2 process and transfer the control.

GRUB boot

After the START process transfers control, the next step is the core grub process. The difference between stage1.5 and stage2 is mainly caused by the difference between grub and grub2. In grub2, The stage1.5 process is integrated into the stage2 process, so the stage1.5 process is only for grub. The following describes the two grub versions.

4.1 stage1.5 process in grub

The stage1.5 process is innocent and has a single role, but it is critical. Its main function is to construct a file system corresponding to the boot partition system, so that the core required by the stage2 process can be searched through the path of the file system (/boot/GRUB. IMG, and then load it To the memory to start execution.

Stage1.5 exists at the beginning of 0-side 0-Sector 3, and continues in a region of dozens of K bytes, the specific size is related to the size of the corresponding file system (this article involves 0 sectors, 0 sectors, 1-3 + X sectors, this part of the sector is reserved sector, the BIOS will not place any data. Because of this, if it is converted to the GPT partition form, the system will not be correctly guided, as shown above, the sectors behind MBR will be occupied by other content ). The stage1.5 process is constructed into a variety of different types, but the functions are similar. The following describes the basic file system of stage1.5 process. E2fs_stage1_5 (for ext2fs, ext2 and ext3 file systems can be booted), fat_stage1_5 (for fat file systems, FAT32 and fat16 can be booted), ffs_stage1_5, kernel, minix_stage1_5, kernel, kernel, and Kernel, these files are called the stage1.5 process. Each of these files must be at least 11 kb. In addition, there are two special files, nbgrub and pxegrub, which are mainly used during network boot, but in different formats. They are similar to stage2, you only need to create a network to obtain the configuration file.

Because the stage1.5 process involves files corresponding to multiple file systems, this article mainly uses ext2fs as an example to describe. Other file systems can be analyzed and understood similarly.

For the ext2fs file system, the code used to generate the stage1.5 process file (e2fs_stage1_5) of the file system isStage2/fsys_ext2fs.cFile.

InStage2/filesys. hThe file defines the external interfaces of each file system for upper-layer calls. It is used as the core code for the stage2 process. Generally, the file system defines three interfaces, they are the mount, read, and Dir functions. Corresponding to ext2fs, its defined function is:

12345678

# Ifdef fsys_ext2fs # define limit 1int ext2fs_mount (void); int ext2fs_read (char * Buf, int Len); int ext2fs_dir (char * dirname); # else # define limit 0 # endif

For the ext2fs function nameStage2/fsys_ext2fs.cIt is defined in the file and does not contain any write process. For bootloader, only reading can complete the task, and there is no need to write the system. The ext2fs_mount function is used to check the file system type and read the superblock into the memory. The ext2fs_read function and the ext2fs_dir function are used to perform specific operations on the file system. InStage2/fsys_ext2fs.cIn addition to defining these three functions, the file also requires the data structures (superblock, inode, and group structures) of file system attributes. These structures are initially defined inInclude/Linux/ext2_fs.hFile). The data structure is used to describe a file system.

If you are interested, you can try to create support for a new file system. You can refer to the existing file system templates (instances) for writing.

4.2 stage2 process in grub

The core process in grub is the stage2 process. This process mainly selects an appropriate operating system after the file system is established for loading and transferring control to achieve the goal of finally guiding the operating system. Grub is a multi boot loader, so you need to select the operating system to run during boot. There are two main methods in grub. The first is to read the display from menu. list to the screen for the user to choose from, and the second is to manually start it through the commands defined in grub-shell. This article will introduce how to run these two methods later. Next we will introduce the specific execution process of stage2.

As described in the previous section, the file system of the boot partition is loaded in the stage1.5 process, and then another thing is to transfer the control to stage2, where the stage2 entry isStage2/ASM. sFile.Stage2/ASM. sThe file is an assembly code. It is mainly used to initialize the runtime environment of the C language and prepare the function for executing the C language below. After preparation, the init_bios_info (Stage2/common. c) Function. The init_bios_info function is used to execute some underlying functions and jump to cmain for execution. The cmain function is located inStage2/stage2.cFile. The cmain function carries out an endless loop. in the loop, the configuration file is first loaded and displayed to the user. At the same time, an inner loop is loop. In the inner loop, commands in the configuration file are obtained, and parse and execute. If no configuration file is available during the process, enter the command line mode (enter_cmdline function). If the available menu is found, execute the corresponding content of the menu (run_menu function ).

For enter_cmdline (Stage2/stage2.c) Function, will call find_command (Stage2/cmdline. c), And then execute the function of the corresponding command.

For run_menu (Stage2/stage2.c) Function.Stage2/cmdline. cThe run_script function in the file, and then call find_command to execute the function of the corresponding command.

Although these two methods have gone through different processes, they analyze and process user input behaviors, and finally call the find_command function, in this function, check whether the "input" command is the same as that defined in the system. If it is the same, convert it to execute this function. The comparison process contains a global data structure: struct builtin (Stage2/shared. h), Which is composed of the data structure of a table type (Stage2/builtins. c), And concatenates commands with the corresponding builtin structure. The following describes the definition of the builtin structure:

1234567891011121314

Struct builtin {/* command name, important, is the basis for command search */char * Name;/* command function, important, it is the function */INT (* func) (char *, INT) called after search matching;/* Function Identifier, which is generally not used. */INT flags;/* brief help information */char * short_doc;/* Complete help information */char * long_doc;}; struct builtin * builtin_table [];

Interested readers can expand the content to form their own commands, mainly inStage2/builtins. cFiles are updated according to the predefined format and added to builtin_table.

In the process of opening the configuration file above, we mainly use some file operation functions (defined inStage2/disk_io.c. These file operation functions mainly include grub_open, grub_read, grub_seek, and grub_close. These functions are grub's external upper-layer interfaces, the specific function internally calls the corresponding function of the file system corresponding to the boot partition mentioned earlier. This process is mainly completed through the callback function. The overall idea of this process is similar to the object-oriented process, through which specific functions are operated.

 

Connection: http://blog.csdn.net/langeldep/article/details/8788119

OS computer startup