Booting Up Linux

Prabhaker Mateti

Wright State University

cecs.wright.edu/~pmateti

1 Overview

1.1 Penguins Boot House

boot-penguins.jpg

1.2 The 20,000-foot view of the Linux boot process

boot-0.gif

1.3 Booting Up Timeline, a total of about 15 secs?

  1. Yes! [Excluding graphical login.] [On machines from 2010+]
  2. SSDs? Even less.
  3. https://www.quora.com/How-many-seconds-does-it-take-for-your-Windows-10-to-boot-up

2 System Startup

2.1 BIOS

  1. ./bootup.html

2.2 UEFI

platform-integrity-win8.png

Figure 3: Good enough for all OS

  1. ./bootup.html

2.3 GRUB

LinuxBootingProcess.jpg

Figure 4: Enjoy!

  1. http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html Back to 28: Grub2 Authentication 0-Day, Dec 2015.
  2. Does it still work? Does the attacker have to be present physically?
  3. Should we place a password on Grub?
  4. ./bootup.html

2.4 Before Kernel Begins

  1. OS-Boot-Loaders (OSBL) do not check (deeply) hardware or the kernel.
  2. They do check for "magic numbers".
  3. Open the kernel as a file at the path name given, using borrowed portions of OS code built into OSBL.
  4. Load the program into real (non-virtual) memory.
  5. Pass control to the kernel.

2.5 After Kernel Begins

  1. Device discovery and initialization
  2. Virtual memory initialization

3 Files and Mounts

  1. ./fileMounts.html

4 After Kernel Begins

  1. Perform a variety of checks …
  2. Its main goal is to invoke the program named "init". Locations searched for: /sbin and /etc.
  3. Extremely poor practice: Path name of init given to the OS-boot-loader; ex: init=/bin/bash

5 After Init Begins

  1. Save the kernel logs, spewed during boot but before init.
  2. Where? On a separate system.
  3. When do we mount the rest of volumes?
  4. Every action of init must be logged.

6 Security Implications of a "Bad" Boot

  1. Everything is compromised.
  2. And, you may not even recognize it!
  3. Unauthorized access – yes.
  4. Trojans invoked as trusted programs – yes.
  5. Check the trustworthiness of a file/ program – answers yes, because of rootkits and Trojaned libraries.

7 Hibernation

  1. https://wiki.archlinux.org/index.php/Power_management/Suspend_and_hibernate Recommended Reading.

8 What is Kernel Doing after init has Begun?

  1. Postponed. Haha!

9 References

  1. https://utcc.utoronto.ca/~cks/space/blog/tech/UEFIBootThings Reference.
  2. https://www.blackhat.com/presentations/bh-usa-07/Heasman/Presentation/bh-usa-07-heasman.pdf 2007, 41 slides. Highly recommended reading.
  3. http://www.rodsbooks.com/refind/ The rEFInd Boot Manager. Also, explains UEFI, etc. Highly Recommended Deployment and Reading.
  4. https://opensource.com/article/18/1/analyzing-linux-boot-process Highly Recommended Reading.
  5. https://www.linux.com/blog/demystify-gnulinux-boot-process-systemd Recommended Reading.
  6. https://wiki.archlinux.org/index.php/Improving_performance/Boot_process Highly Recommended Deployment and Reading.

10 End

Copyright © 2018 www.wright.edu/~pmateti • 2018-08-31