The Early System Start-Up Process. Group Presentation by: Tianyuan Liu, Caiwei He, Krishna Parasuram Srinivasan, Wenbin Xu

Similar documents
PL-I Assignment Broup B-Ass 5 BIOS & UEFI

User. Applications. Operating System. Hardware

Boot. How OS boots

Boot Process in details for (X86) Computers

Linux+ Guide to Linux Certification, Third Edition. Chapter 2 Linux Installation and Usage

IA32 OS START-UP UEFI FIRMWARE. CS124 Operating Systems Fall , Lecture 6

CS 410/510. Mark P Jones Portland State University

A+ Guide to Managing and Maintaining Your PC. How Hardware and Software Work Together

Advanced Operating Systems and Virtualization. Alessandro Pellegrini A.Y. 2017/2018

BIOS. Chapter The McGraw-Hill Companies, Inc. All rights reserved. Mike Meyers CompTIA A+ Guide to Managing and Troubleshooting PCs

CSE 265: System and Network Administration

CSE 265: System and Network Administration

The kernel is not to be confused with the Basic Input/Output System (BIOS).

RHCE BOOT CAMP. The Boot Process. Wednesday, November 28, 12

CST8177 Linux II. Linux Boot Process

Initial Bootloader. On power-up, when a computer is turned on, the following operations are performed:

Introduction to Configuration. Chapter 4

ECE 471 Embedded Systems Lecture 12

Backup, File Backup copies of individual files made in order to replace the original file(s) in case it is damaged or lost.

Hard Disk Organization. Vocabulary

Introduction to Linux start-up. Hao-Ran Liu

OPERATING SYSTEMS & UTILITY PROGRAMS

Embedded Linux Architecture

Linux Boot Process. Nassim Eddequiouaq LSE Summer Week 2015

CSE543 - Computer and Network Security Module: Trusted Computing

Systems software. Definition. Categories of software. Examples Of Systems Software 11/23/2018

Chapter 6. Boot time configuration. Chapter 6 Boot time configuration

FreeBSD and the IBM PC BIOS

OVAL + The Trusted Platform Module

Oracle 1Z Enterprise Linux System Administration. Download Full Version :

Definition. A series of detailed instructions that control the operation of a computer system. are developed by computer programmers

ECE 471 Embedded Systems Lecture 16

Flicker: An Execution Infrastructure for TCB Minimization

System Administration. Startup Process

ECE 471 Embedded Systems Lecture 16

Linux/Citrix Virtual Environment Documentation

Chapter 3: System Configuration

CIS 4360 Secure Computer Systems. Trusted Platform Module

Booting Up & Processes

Installing Linux (Chapter 8) Note packet # 4. CSN 115 Operating Systems Ken Mead Genesee Community College. Objectives

DVD :50 PM Page 1 BIOS

ECE 550D Fundamentals of Computer Systems and Engineering. Fall 2017

Introduction p. 1 Why Linux? p. 2 Embedded Linux Today p. 3 Open Source and the GPL p. 3 Free Versus Freedom p. 4 Standards and Relevant Bodies p.

Introduction to OS. Introduction MOS Mahmoud El-Gayyar. Mahmoud El-Gayyar / Introduction to OS 1

Secure, Trusted and Trustworthy Computing

Technology in Action. Chapter 5 System Software: The Operating System, Utility Programs, and File Management

BOOTSTRAP, PC BIOS, AND IA32 MEMORY MODES. CS124 Operating Systems Winter , Lecture 5

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

Bootstrapping. Steve Muckle Dave Eckhardt

Four Components of a Computer System

COSC 243. Input / Output. Lecture 13 Input/Output. COSC 243 (Computer Architecture)

University of Pennsylvania Zachary Goldberg. CIS c. More Kernel Bits. 10/03/09 Slide 1

Lab1 tutorial CS

Sirrix AG security technologies. TPM Laboratory I. Marcel Selhorst etiss 2007 Bochum Sirrix AG

Chapter 2. Operating-System Structures

Operating Systems. Computer Science & Information Technology (CS) Rank under AIR 100

New Vision of the Computer Operating System

ECE 598 Advanced Operating Systems Lecture 2

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

Smart Port Card (SPC) William Eatherton Toshiya Aramaki Edward Spitznagel Guru Parulkar Applied Research Lab Washington University in St.

Firmware Rootkits: The Threat to the Enterprise. John Heasman, Director of Research

ECE 598 Advanced Operating Systems Lecture 10

Expert Reference Series of White Papers. BitLocker: Is It Really Secure? COURSES.

Chapter 3: Computer Assembly

Using grub to Boot various Operating Systems

Hardware OS & OS- Application interface

Architectural Support for Operating Systems

Computers Are Your Future Chapter 4

Scheduling. CS 161: Lecture 4 2/9/17

Chapter 4. File Systems. Part 1

CIT 480: Securing Computer Systems

CIS 4360 Secure Computer Systems. Trusted Platform Module

Operating Systems Design Fall 2010 Exam 1 Review. Paul Krzyzanowski

Troubleshooting & Repair

The Linux Boot Process

TPM Entities. Permanent Entities. Chapter 8. Persistent Hierarchies

The Linux IPL Procedure

Phoenix Technologies, Ltd.

Introduction. Yolanda Becerra Fontal Juan José Costa Prats

Department of Computer Science Institute for System Architecture, Operating Systems Group TRUSTED COMPUTING CARSTEN WEINHOLD

Initial Bootloader > Flash Drive. Warning. If not used carefully this process can be dangerous

Lecture Secure, Trusted and Trustworthy Computing Trusted Platform Module

ROM (read-only memory) is a type of memory that stores data even when the main computer power is off.

CHAPTER 11: IMPLEMENTING FILE SYSTEMS (COMPACT) By I-Chen Lin Textbook: Operating System Concepts 9th Ed.

DELLEMC. TUESDAY September 19 th 4:00PM (GMT) & 10:00AM (CST) Webinar Series Episode Nine WELCOME TO OUR ONLINE EVENTS ONLINE EVENTS

Lecture Embedded System Security Trusted Platform Module

Systems View -- Current. Trustworthy Computing. TC Advantages. Systems View -- Target. Bootstrapping a typical PC. Boot Guarantees

What Operating Systems Do An operating system is a program hardware that manages the computer provides a basis for application programs acts as an int

Introduction to Embedded Bootloader. Intel SSG/SSD/UEFI

Terra: A Virtual Machine-Based Platform for Trusted Computing by Garfinkel et al. (Some slides taken from Jason Franklin s 712 lecture, Fall 2006)

Platform Configuration Registers

LPI EXAM LPI Level 1 Exam 101, Junior Level Linux Certification, Part 1 of 2. Buy Full Product.

Another fundamental component of the computer is the main memory.

BIOS UPDATES Click to scan for Bios Updates

Hypervisor Security First Published On: Last Updated On:

TPM v.s. Embedded Board. James Y

GA-G1975X Post Code Definition

Certifying Program Execution with Secure Processors. Benjie Chen Robert Morris Laboratory for Computer Science Massachusetts Institute of Technology

Fujitsu Stylistic ST6000 Series

TRUSTED COMPUTING TRUSTED COMPUTING. Overview. Why trusted computing?

Transcription:

The Early System Start-Up Process Group Presentation by: Tianyuan Liu, Caiwei He, Krishna Parasuram Srinivasan, Wenbin Xu 1

Boot Process Booting is the initialization of a computerized system In Linux, boot process is the multi-stage initialization process performed during starting a Linux installation 2

Boot Process 1.Firmware initialization 1.Execution of a boot loader 1.Loading and startup of a Linux kernel image 1.Execution of various startup scripts and daemons 3

Boot Process 4

Overview - BIOS Stands for Basic Input/Output System Runs Power-On Self Tests (POST) and other integrity checks Searches, loads, and executes the boot loader program 5

Overview - MBR Stands for Master Root Record Loads and executes the GRUB boot loader Picture from engineersgarage.com 6

Overview - GRUB Stands for Grand Unified Bootloader If multiple kernel images are installed on your system, you can choose which one to be executed Loads and executes Kernel and initrd images 7

Overview - Kernel Kernel(as a compressed image file) is loaded into memory and decompressed. Looks for an init process to run Establishes memory management Switches to non-architecture specific Linux kernel functionality via start_kernel() 8

Overview - Init & Runlevel Init is responsible for starting all other processes Init establishes and operates the user space Runlevel takes a value from 0-6, determining which subsystems are to be made operational BIOS next 9

BIOS Provides a series of routines to directly access hardware. Can be bypassed by programs which access hardware directly. BIOS routines invoked through a system of software interrupts Stored in BIOS ROM(Read Only Memory), which is persistent storage ( Doesn t lose values when power is off) 10

CMOS Chip(Complementary Metal Oxide Semiconductor) Stores configuration regarding how OS is to be booted. Sequence of devices to look at to boot the OS from. Contains passwords, time and date info. Located on a separate battery powered CMOS RAM chip. 11

CMOS Setup Example 12

What happens when CPU is powered on? First instruction executed by the CPU is at xffff. Jump instruction to BIOS startup program entry point (inside BIOS ROM). BIOS startup program then runs the Power on Self Test (POST). Full POST performed when the CPU is turned on. If CPU is reset, some POST checks can be avoided 13

POST Checks BIOS ROM and CMOS RAM chip for battery failure. Checks the integrity of various Hardware devices Timer IC s Video ROM Keyboard DMA Controller 14

AFTER POST BIOS startup routine detects and executes BIOS device routines. Used to initialize hardware (e.g Video Mem) Perform memory test Configure PCI Bus devices. Assign IRQ numbers and other resources. Startup routine issues an int x19 to execute BIOS routine which locates OS. 15

Option ROMs Firmware called by system BIOS ( BIOS extensions). BIOS routines specific to devices Stored in a separate device - specific ROM Can override the device routines provided by system BIOS Usually executed after POST 16

Option ROMs Video BIOS Executed early on in boot process so POST results can be viewed. Network Boot ROM Hooks onto BIOS routine x18, which is called when no bootable device is formed. Allows computer to download OS. 17

Locating the OS BIOS refers to the sequence of devices in which the OS can be present from CMOS (Boot sequence). Bootable devices have to contain persistent storage. BIOS looks at the first sector(mbr) of a device to determine if device is bootable. Last 2 bytes need to be x aa55 18

LOCATING the OS If device is Bootable: BIOS loads MBR into RAM at linear address x7c00 Transfer control to MBR code. If device is not Bootable BIOS examines the next persistent storage device from boot sequence. bootloader next 19

Bootloader What does a bootloader do Main purpose: Bring the kernel into memory Provide the kernel with the information it needs to work correctly Switch to an environment that the kernel will work properly Transfer control to kernel 20

Bootloader Loading kernel to memory code of bootloader knows where is the kernel and under what file system kernel image reside in arch/i386/boot if the kernel is modular, we need to load the modules along with the kernel 21

Bootloader Giving the kernel its information For example, the root partition to start from, maybe a mapping of where physical memory is and where it s not. 22

Bootloader Types Single-Stage Bootloader consist of a single file (MBR), usually has limited size of 512 bytes Two-Stage Bootloader Stage 1 bootloader Stage 2 bootloader 23

Two-Stage Bootloader Why use Two-Stage Bootloader MBR size is limited Apart from the bootloader code, MBR contains BIOS structures and FAT file system headers, which leaves less spaces to work with 24

Two-Stage Bootloader Stage-1 Bootloader Small Sole purpose of loading the stage-2 bootloader Stage-2 Bootloader Large Contain all the code needed for loading the kernel and possible modules 25

Bootloader - GRUB 2 GRand Unified Bootloader 2 Example of Two-Stage bootloader Rather a Three-Stage bootloader new stage 1.5: bootloader understand the particular file system containing the Linux kernel image. can load linux kernel from an ext2 or ext3 file system 26

Bootloader - GRUB 2 With the kernel, load the kernel image initrd (initial ramdisk) into memory When stage 2 loaded and executed a list of available kernel is displayed user select a kernel and can have additional kernel parameters finally loads the selected kernel 27

Bootloader - GRUB 2 Picture from debuntu.org Kernel & init next 28

Kernel phase What does a Kernel do memory management task scheduling I/O interprocess communication Overall system control Kernel is loaded in two stages in Kernel phase 29

Kernel phase Picture from ibm.com Init next 30

First Kernel Stage Kernel loading stage starts via start() and startup_32() (for x86 based processors) process 1st startup_32() Initializes the segmentation registers and a provisional stack Decompress the kernel via decompress_kernel( ) Jumps to physical address 0x00100000, where the decompressed kernel image resides 31

Second Kernel Stage Kernel startup stage 2nd startup_32(): Initializes the segmentation registers with their final values Sets up the kernel mode stack for process 0 Puts the system parameters obtained from the BIOS and the parameters passed to the operating system into the first page frame Identifies the model of the processor Jump to start_kernel() function 32

Second Kernel Stage Kernel startup stage start_kernel(): The page tables are initialized The page descriptors are initialized The system date and time are initialized Setup interrupt handling (IRQ) The kernel thread for process 1 is created. In turn, this kernel thread creates other kernel threads and executes the Init program. 33

Init The grandparent or parent of all processes that start up automatically on the Linux system PID = 1 34

Init What does it do? check the file systems set the clock initialize serial ports set default run level between 0 to 6 ultimately switch to a user-environment when system startup is completed 35

Init Run level a configuration of processes how the system should be set up Init reads /etc/inittab file for detail information for each run level Level 5:Full Multiuser with Networking and X Windows(GUI) 36

Init After determines run level init starts all of the background processes necessary for the system to run by looking in the appropriate rc directory for that specific run level runs all of the start scripts in the appropriate run level directory so that all services and applications are started correctly. Security & TPM next 37

Booting Security 38

Trusted Platform Module What is TPM? Small cryptographic device Trusted boot Remote attestation Key management 39

TPM Components credit: Stanford 2016 40

Non-Volatile Storage Endorsement Key (EK - 2048 bits) Created at manufacturing Used for attestation Storage Root Key (SRK - 2048 bits) Used for encrypted storage Owner Password (160 bits) and other flags 41

Platform Configuration Registers PCR specs 32-bytes SHA256 digests At least 16 PCRs Initialized as 0 when booted PCR extension with measurements PCR[i] = SHA(PCR[i] M) 42

Trusted Boot Measure booting components and extend PCRs 43

Remote Attestation Prove to server what code is loaded e.g. Company requires employees to run a firewall program on their laptop Steps of Attestation Client generates Attestation Identity Key, and send public key to attestation server Server asks for signed PCR state Check if PCR state match known good state 44

Key Management TPM can generate keys and encrypt them by SRK encrypted key blobs are stored on hard disk keys are loaded and decrypted at runtime in TPM 45

References http://www.webopedia.com/didyouknow/hardware_ Software/BootProcess.asp http://www.thegeekstuff.com/2011/02/linux-bootprocess https://www.engineersgarage.com/tutorials/howcomputer-pc-boots-up https://www.ibm.com/developerworks/library/lbootload/ http://www.tldp.org/ldp/introlinux/html/sect_04_02.html 46

References https://0xax.gitbooks.io/linuxinsides/content/booting/linux-bootstrap-1.html 47

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback