UP | HOME
../../ | ../ | No Slides

Booting Up Linux

1 Overview

1.1 Penguins Boot House

boot-penguins.jpg

1.2 The 20,000-foot view of the Linux boot process

boot-0.gif

Figure 2: The widths of the rectangles: Why are they decreasing? BIOS or UEFI

1.3 Booting Up Timeline, a total of about 15 secs?

  1. Yes! [Excluding graphical login.] [On machines from 2010+]
  2. SSDs? Even less.
  3. https://www.quora.com/How-many-seconds-does-it-take-for-your-Windows-10-to-boot-up

2 System Startup

2.1 BIOS

  1. ./bootup.html Study it!

2.2 UEFI

platform-integrity-win8.png

Figure 3: Good enough for all OS

  1. ./bootup.html

2.3 GRUB

LinuxBootingProcess.jpg

Figure 4: Enjoy! [CEG4420 does not focus on GRUB]

  1. All modern (2015+) Linux distros use Grub2.
  2. Are there security issues in GRUB?
  3. http://hmarco.org/bugs/CVE-2015-8370-Grub2-authentication-bypass.html Back to 28: Grub2 Authentication 0-Day, Dec 2015.
  4. Does it still work? Does the attacker have to be present physically?
  5. Should we place a password on Grub?
  6. ./bootup.html

2.4 Before Kernel Begins

  1. OS-Boot-Loaders (OSBL) do not check (deeply) hardware or the kernel.
  2. They do check for "magic numbers".
  3. Open the kernel as a file at the path name given, using borrowed portions of OS code built into OSBL.
  4. Load the program into real (non-virtual) memory.
  5. Pass control to the kernel.

2.5 After Kernel Begins

  1. Device discovery and initialization
  2. Virtual memory initialization

3 Files and Mounts

  1. ./filesMounts.html Study it!

4 After Kernel Begins

  1. Perform a variety of checks …
  2. Its main goal is to invoke the program named "init". Locations searched for: /sbin and /etc.
  3. Extremely poor practice: Path name of init given to the OS-boot-loader; ex: init=/bin/bash

5 After Init Begins

  1. Save the kernel logs, spewed during boot but before init.
  2. Where? On a separate system.
  3. When do we mount the rest of volumes?
  4. Every action of init must be logged.

6 Security Implications of a "Bad" Boot

  1. Everything is compromised.
  2. And, you may not even recognize it!
  3. Unauthorized access – yes.
  4. Trojans invoked as trusted programs – yes.
  5. Check the trustworthiness of a file/ program – answers yes, because of rootkits and Trojaned libraries. [Such forward references will be resolved.]

7 Hibernation

8 What is Kernel Doing after init has Begun?

  1. Discussion Topic! Start from how we should interpret "doing"? init has begun – does it end?
  2. See syllabus. Discussion 5% Bonus. Active participation in the group discussions is expected.

9 References

10 End


Copyright © 2020 www.wright.edu/~pmateti • 2020-08-26