UP | HOME
../../ | ../ | ./index.html | No Slides

Files, Volumes and Mounts at Boot

Abstract: How does booting "know" the Files, Volumes and Mounts even before the kernel begins, etc? This article is focused only on files, volumes and mounts.

1 Boot Devices, and Partitions

1.1 Master Boot Record on a HDD

boot-mbr.gif

Figure 1: Master Boot Record (MBR) disks, obsolete now. More than 4 partitions need a logical extended partition.

1.2 GUID Partition Table (GPT) Disks

  1. GPT disks use Unified Extensible Firmware Interface (UEFI).
  2. One advantage of GPT disks is that you can have more than four partitions on each disk.
  3. GPT is also required for disks larger than 2 TB.

2 Before the Kernel Begins

  1. Assume that the OS-boot-loader (OSBL), such as Grub, is in control. The kernel has not been invoked yet.
  2. Does OSBL do any mounting? Yes. A file volume is mounted.
  3. Volume must have been made already.
  4. A path name in the mounted volume determines a file.
  5. How does OSBL open, read and close files?
  6. Where is the kernel? Ex: In the fisrt Grub stanza below (hd0,msdos1)/vmlinuz
  7. OSBL gives the kernel an argument just as shell gives argv[] and argc to an invoked program that just became a process.
  8. Study the Grub-2 stanzas below. [Minor inconsistencies are intentional.] 
    menuentry 'Linux Kubuntu Cosmic-Cuttlefish' {
 linux (hd0,msdos1)/vmlinuz ro root=/dev/sda1
 initrd (hd0,msdos1)/initrd.img
}

menuentry "Linux Knoppix 64-bit frugal-install" {
 linux (hd0,1)/boot/Knoppix/boot/isolinux/linux64 \
   knoppix_dir=/boot/Knoppix/KNOPPIX home=knoppix-data.img \
   lang=en_US keyboard=us desktop=kde
 initrd (hd0,1)/boot/Knoppix/boot/isolinux/minirt.gz
}

# note: findiso
menuentry kali-linux-amd64-iso {
  set isofile='/boot/iso/kali-linux-1.0.7-amd64.iso'
  loopback loop $isofile
  linux (loop)/live/vmlinuz boot=live findiso=$isofile\
    noconfig=sudo username=root hostname=kali \
    debug --verbose # nomodeset
  initrd (loop)/live/initrd.img
}

3 During the Kernel Startup

3.1 Background

  1. Read up on the -o bind option.
  2. Lookup pivot_root(8) and pivot_root(2)

3.2 Pivot

  1. Assuming $_RUNFS is … and $SYSTEM is …, study this shell script. [Ellipsis is distro/ system dependent.] 
    mount -r $_RUNFS /mnt
for dnm in lib bin sbin usr
do
  mount -o bind /$dnm /mnt/$dnm
done
pivot_root /mnt /mnt/$SYSTEM
cd /
exec /sbin/init $*

4 After Init has Started

  1. The root pivoted to is the root from now on.
  2. All full-path-names are evaluated starting from this (new) root.
  3. Does init process run in kernel or user mode? Who owns it?
  4. What other processes begin chronologically before the init?

5 Security Implications

  1. Where is the original pre-kernel root given?
  2. Where is the during-kernel root to pivot (RTP) to given?
  3. What if RTP is populated with Trojans, and other malware?
  4. What if kernel invokes Trojaned init?
  5. What if kernel itself is compromised? Who checks this?
  6. Who checks the binaries, in /bin /sbin /usr/bin /usr/sbin, are good?
  7. Who checks the libraries, in /lib /usr/lib, are good?

6 References

  1. https://www.ibm.com/developerworks/library/l-linuxboot/index.html 2006

7 End

Copyright © 2018 www.wright.edu/~pmateti • 2018-08-31