When a FreeBSD system is powered on, it goes through several boot stages to initialize the kernel. The BIOS performs initial checks and loads the master boot record (MBR) from the boot device. The MBR contains the boot0 stage which initializes partitions and loads the boot2 stage. Boot2 loads the loader stage, which loads and passes control to the kernel. The kernel then performs initialization like setting up memory mappings and starting essential processes and daemons.

1. Bootstrap and kernel initialization
Prepared by: Gohar Sultan
Blog: http://iamacollegedropout.com
Email: contact2gohar@gmail.com

2. Initialization
BIOS POST
boot0 stage
boot2 stage
loader stage
kernel initialization
1
2
3
BIOS (Basic Input Output System)
POST (Power On Self Test)
Bootstrap
Boot files resides out of the file system so boot files are invisible to commands like ls
When you power ON your FreeBSD machine

3. BIOS POST
BIOS (Basic Input Output System)
POST (Power On Self Test)
POST is a includes the memory check, system bus check and other low-level stuff so that the CPU can initialize the computer properly
Instruction pointer register
32-bitvalue
Control register (crl)
32-bit value of 0xfffffff0
INT 0x19 instruction
its value just after the reboot is 0
Reads 512 bytes from the first sector of boot
device into the memory at address 0x7c00
Hard drive's magnetic plate is divided to a number of cylindrical tracks. Tracks are numbered, and every
track is divided by a number (usually 64) sectors.
Track number 0 is the outermost on the magnetic plate, and sector 1, the first sector called Master Boot
Record, or MBR, remaining sectors on the first track are never used.

4. MBR
MBR (Master Boot Record)
/boot/boot0
Size: 512 bytes
/boot/mbr keeps the same information in more simpler format
Partition Table (partition table)
16 bytes 16 bytes 16 bytes 16 bytes
Partition Records
Starting offset 0x1be
1-byte filesystem type
1-byte bootable flag
6 byte descriptor in CHS format
8 byte descriptor in LBA format
Partition Records Partition Records Partition Records
Total 4 Partition Records
Partition record descriptor has the information
about where exactly the partition resides on the
drive
LBA (Logical Block Addressing) has the starting
sector for the partition and the partition's length
CHS (Cylinder Head Sector) has coordinates for
the first and last sectors of the partition
Boot manager look at the partition table
and prints the menu on the screen for user
to choose disk slice
By pressing an appropriate key, boot0
performs the following actions:
Modifies the bootable flag for the selected
partition to make it bootable, and clears
the previous
Saves itself to disk to remember what
partition (slice) has been selected so to
use it as the default on the next boot
Loads the first sector of the selected
partition (slice) into memory and jumps
there
boot0 stage
boot0 perform action on hard disk
/boot/mbr
Size: 512 bytes
/boot/boot0 and /boot/boot2 files are NOT used by Bootstrap,
but by the utilities like boot0cfg

5. boot1 stage
MBR (Master Boot Record)
/boot/boot1
Size: 512 bytes
Perform the same routines as boot0 for floppy disk
See the boot0 (previous slide) for details

6. boot2BTX
boot2 stage
Perform the same routines as boot0 for floppy disk
Execution code resides at: sys/boot/i386/boot2/
Load /boot/loader
User Input to select disk,
unit, slice, partition.
Selection
boot2 binary creation
sys/boot/i386/boot2/Makefile
boot2: boot2.ldr boot2.bin ${BTX}/btx/btx
btxld -v -E ${ORG2} -f bin -b ${BTX}/btx/btx -l
boot2.ldr
-o boot2.ld -P 1 boot2.bin
BTX (BooT eXtender) - btxld
btxld links an object file with the BTX,
producing the binary file suitable to be put
on the beginning of the partition for the
system boot.
boot0
BIOS service

7. boot2 stage
BTX (BooT eXtender)
Virtual v86 mode
Interrupt Descriptor Table (IDT)
Defined system calls exec
and exit
sys/boot/i386/btx/lib/btxsys.s:
.set INT_SYS,0x30 # Interrupt number
#
# System call: exit
#
__exit: xorl %eax,%eax # BTX system
int $INT_SYS # call 0x0
#
# System call: exec
#
__exec: movl $0x1,%eax # BTX system
int $INT_SYS # call 0x1
sys/boot/i386/btx/btx/btx.s:
gdt: .word 0x0,0x0,0x0,0x0 # Null entry
.word 0xffff,0x0,0x9a00,0xcf # SEL_SCODE
.word 0xffff,0x0,0x9200,0xcf # SEL_SDATA
.word 0xffff,0x0,0x9a00,0x0 # SEL_RCODE
.word 0xffff,0x0,0x9200,0x0 # SEL_RDATA
.word 0xffff,MEM_USR,0xfa00,0xcf# SEL_UCODE
.word 0xffff,MEM_USR,0xf200,0xcf# SEL_UDATA
.word _TSSLM,MEM_TSS,0x8900,0x0 # SEL_TSS
Descriptor Privilege Level (DPL)
Global Descriptor Table (GDT)
boot2 enters into an infinite loop waiting
for user input, then calls load(). If the user
does not press anything, the
loop brakes by a timeout, so load() will
load the default file (/boot/loader).

8. loader stage
boot2BTX
Load /boot/loader
boot0
BIOS service
sys/conf/Makefile.i386:
ld -elf -Bdynamic -T /usr/src/sys/conf/ldscript.i386 -export-dynamic
-dynamic-linker /red/herring -o kernel -X locore.o
<lots of kernel .o files>
(entry point)
Kernel
init386()
mi_startup()
Kernel Initialization

9. (entry point)
Kernel
init386()
mi_startup()
Kernel Initialization
Initialize kernel tunable
parameters
Prepare the GDT
Prepare the IDT
Initialize the system console
Initialize the DDB, if it is
compiled into kernel
Initialize the TSS
Prepare the LDT
Setup proc0's pcb
sys/kern/init_main.c:
for (sipp = sysinit; *sipp; sipp++) {
/* ... skipped ... */
/* Call function */
(*((*sipp)->func))((*sipp)->udata);
/* ... skipped ... */
}
This function performs a bubble sort of all the
system initialization objects and then calls the
entry of each object one by one.
SYSINT()
/usr/include/sys/kernel.h
DATA_SET()
MAKE_SET()
objdump
scheduler()
/sbin/init
/sbin/oinit
/sbin/init.bak
/stand/sysinstall

10. References
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/binary-formats.html
http://www.freebsd.org/cgi/man.cgi?query=elf&sektion=5
http://docs.sun.com/app/docs/doc/802-6319/6ia12qkfn?l=en&a=view
Other Public Forums
Prepared by: Gohar Sultan
Blog: http://iamacollegedropout.com
Email: contact2gohar@gmail.com
For suggestions and feedback