[lug] boot loader mystery

[Ken MacFerrin]

> So that's the second part that still needs
> clarification.  The bootloader (grub or lilo) itself
> needs to know where on the disk the kernel(s) and or
> initrd live.  That would seem to be location specific
> as well and require a bios installed call to access
> that since the driver isn't loaded yet.
> 
> So disk locations would seem to be necessary.
> I think that might be what that map file is for in
> lilo?  And that's probably why you need to rerun lilo
> every time you make a change to it.  But I'm wondering
> how grub knows the physical location of /boot?
> 

By no means being a master of the black arts of bootloader/bios magic,
here is my understanding of the typical PC boot using a hard disk:

1) On power-up the CPU looks at location 0xFFFF0000 in the BIOS which
executes machine instructions for POST and runs through the order of
devices until it finds one that bootable.  In the case of hard drive
this will be the first valid Master Boot Record (MBR).. in the case of a
floppy it would be a Volume Boot Record (VBR).

2) When initializing a hard drive, the BIOS uses built-in ROM
bootstrapping firmware to load the onboard controllers and look at the
first sector of the _disk_ for an "active" MBR containing a 2 byte
"signature" that identifies the disk as bootable.  Once found, it loads
the MBR to physical address 0x7C00 and executes the raw machine language
contained in the 512 byte MBR.

3) The MBR contains 446 bytes of raw machine code, a 64 byte disk
partition table and the 2 byte "signature". This first 446 bytes
typically contain "stage 1" of the bootloader, which depending on the
bootloader, will either load the next stage of the bootloader or
automatically scan the disk's primary partitions for an "active" Volume
Boot Record (VBR). A VBR is also 512 bytes long, resides in the first
sector of a primary disk _partition_ and is identified as "active" by
the same 2 byte signature.  Once an active VBR is found the MBR
relocates itself to another place in memory, chainloads the VBR for that
partition to address 0x7C00 and executes the VBR instructions.

4) From here the process varies..
a) In Windows systems the partition's VBR will contain a BPB "bios
parameter block" that contains bootstrap code to describes the basic
layout of the FAT or NTFS filesystem and enables locating and loading of
the NTDR boot loader.  The NTDR will then begin loading the Windows
drivers and remaining boot process.

b) In an MBR with GRUB installed, the Stage 1 section of GRUB stored in
the MBR does little more than store the physical disk location of, and
load, GRUB Stage 1.5.  Stage 1.5 is typically stored in an empty section
of the disk immediately following the MBR called the "DOS compatibility
region" (usually 63 sectors long).  The Stage 1.5 area contains
filesystem specific code (e2fs, xfs, reiserfs, fat, iso, etc) that
allows it to read the /boot partition and find the Stage 2 GRUB binary,
which it then executes.  Stage 2 grub then parses the menu.lst file,
locates the kernel images residing on /boot and provides the boot menu
to the user.  Depending on the setup, it can then either load a kernel
on /boot or chainload a VBR on another partition such as the Windows VBR
mentioned above..

Disclaimer.. the above info is based on my fuzzy understanding of the
boot process.  I take no responsibility if repeating it gets you fired,
subjects you to public humiliation or causes your significant other to
change their name and disappear to a foreign land with the children..

-Ken