The document discusses the Linux boot process and management tools Grub and Dracut. It provides an overview of the BIOS and UEFI boot methods, the kernel loading process, and the role of the initramfs and systemd. It describes Grub fundamentals like the multi-stage boot process and configuration via grub.cfg. Diagnostic tools like the Grub shell, initramfs shell, and systemd targets are covered. The document concludes with demonstrations of BIOS vs UEFI boot and recovering from a boot failure.

1. Linux boot process and management
Grub and it’s pal Dracut
For FredLug September 2016
By Peter Larsen

2. Agenda
● Boot proces overview
– Bios
– UEFI
● Grub fundamentals
● Initramfs fundamentals
● Diagnosis
● Demos – how to fix a broken system

3. Boot process overview
● Bios
● UEFI
● Kernel
● Initrd
● Systemd

4. Boot: BIOS
Source: http://resources.infosecinstitute.com/uefi-and-tpm/
● Traditional/Old. 16Bit, 1MB
addressable space, limited
boot partition size
● “Blind” - easy to inject bad
code
● No real standards
● Very hardware
manufactorer dependent
● Basic UI

5. Boot: UEFI
● Unified Extensible Firmware Interface
● Trusted Boot
Source: http://www.antapex.org/diskdevices.htm

6. Bios/UEFI setup
● Pressing a key during boot (DEL, F1, F2 etc – depends on BIOS)
● # dmidecode
Show content of bios settings and discovered hardware
● # lspci
List hardware found on the PCI Bus
● # lsusb
List discovered USB devices
● # lscpu
List discovered CPUs and settings
● # lsscsi
List SCSI devices (most drives today show up as SCSI devices)
● Hardware vendors sometimes provide executables to change BIOS
settings.

7. Key BIOS/UEFI settings
● Boot Device / Boot Device Order
● ACPI – Advanced Configuration and Power
Interface
● CPU features – important for virtualization
● USB boot enabled/disabled
● UEFI mode – in this mode, each boot device
must be registered to be available. In secure
mode, they must be signed to be available.

8. Boot: Kernel
● Kernel is loaded into memory and executed
● Bulk of kernel is compressed and will be
uncompressed into specific memory locations.
● Memory and other structures are initialized
● Kernel modules are initialized – PCI and other busses
are found, initialized etc.
● Mounts root device (kernel parameter)
● Executes PID 1 /init -> systemd
● First systemd process is located on initramfs.

9. Kernel implementation
● Most people do not compile their own kernels
● Kernels are installed via rpm or deb packages
● Located in /boot
● Fedora/CentOS/RHEL puts /boot on a primary
partition of at least 512MB in size. Contains the
current and 2 other kernels.
● /boot is NOT a “bootable” partition in terms of
MBR (Microsoft terminology). The boot flag is
ignored by linux.

10. Kernel options
● Too many to list here – we’ll cover some in the other sections
● Install kernel-doc for /usr/share/doc/kernel* documentation
● https://www.kernel.org/doc/Documentation/kernel-parameters.txt
● Use Grub to change/set parameters – permanent changes goes
into grub.cfg
● Example (one long line):
kernel /vmlinuz-3.10.0-327.36.1.el7.x86_64
root=/dev/mapper/test-root ro crashkernel=auto
rd.lvm.lv=test/root rd.lvm.lv=test/swap rhgb quiet
LANG=en_US.UTF-8

11. Boot: Initramfs
● Dynamic kernel module initializer
● Ram disk image used to “kickstart” a system
● The kernel is very large, but would be enourmous if it
contained all device code statically.
● Instead the kernel loads modules based on devices
identified during startup.
● Since the kernel doesn’t have all devices needed for
boot, initramfs is required to initialize the right
modules, so the root device can be activated/read.

12. GRUB: GRand Unified Bootloader
● Legacy Grub is no more
● Grub2 Staged boot
● Loads Kernel
● Mounts ram disk (initramfs)

13. GRUB Boot process
● POST – Stage 1/1.5
– BIOS
● Finds bootable device and transfers control to MBR
● GPT/MBR contains stage 1, very small. Fits in less than 512bytes
● GRUB stage 1.5 is located in the first 30 KB of boot device immediately
following MBR.
● Stage 1.5 does better device discovery, supports larger partitions etc. and
passes control to Stage 2
– UEFI
● Loads UEFI boot system, mounts EFI partition, loads GRUB stage 2
● Stage 2
– Read Grub.cfg and displays menu and other actions.
– Grub executes the commands in the boot menu

14. /boot and /boot/efi
Partition Table: gpt
Disk Flags:
Number Start End Size File system Name Flags
1 1049kB 211MB 210MB fat16 EFI System Partition boot
2 211MB 525MB 315MB xfs
3 525MB 9663MB 9137MB lvm
● EFI is only used when UEFI is enabled. Mounted on
/boot/efi
● /boot is partition 2 – notice NOT a boot partition
● The rest can be partitions, LVM etc. - your choice.

15. /boot structure
/boot
├── efi
│ └── EFI
│ ├── BOOT
│ └── redhat
│ └── fonts
└── grub2
└── themes
└── system
● /boot/efi only exists when EFI was detected during
boot
● Grub themes are rather cool.
Install plymouth-theme-change to get cool graphics
on your boot menu!

16. Grub configuration commands
● # grub2-mkconfig
Create configuration/menu by scanning system for bootable images.
Will detect Windows and lots of different Linux distros and boot loaders
● # grubby
Command line tool for configuring grub. Very advanced. Using grub2-
install is a lot easier if you are looking to fix a boot problem. Can be used
to manually add menu items and set configuration options.
● # grub2-install <device>
Install grub (boot) on device. Injects stage1 and 1.5 boot loaders and
makes them refer to the boot device.
DO NOT USE IF YOU’RE USING EFI!
● # efibootmgr
Manage boot setup of EFI. List existing systems, reorder, add new
system, delete systems etc.

17. Configuration grub.cfg
● Located in /boot/grub2/ or /boot/efi/EFI/redhat
● Created using grub2-mkconfig
● If manually editing, use /etc/grub.d to add files,
then run grub2-mkconfig to generate a new
configuration.

18. Example configuration
menuentry 'Red Hat Enterprise Linux Server (3.10.0-
327.36.1.el7.x86_64) 7.2 (Maipo)' --class red --class
gnu-linux --class gnu --class os --unrestricted
$menuentry_id_option 'gnulinux-3.10.0-327.el7.x86_64-
advanced-6e59c4d3-dbf6-4ba7-bd9e-7104482f66cd' {
load_video
set gfxpayload=keep
insmod gzio
insmod part_gpt
insmod xfs
linux /vmlinuz-3.10.0-327.36.1.el7.x86_64
root=/dev/mapper/test-root ro crashkernel=auto
rd.lvm.lv=test/root rd.lvm.lv=test/swap rhgb quiet
LANG=en_US.UTF-8
initrd /initramfs-3.10.0-327.36.1.el7.x86_64.img
}

19. Kernel: Linux begins!
● Fundamentals
– Processes
– Memory Management
– Device Management
– File systems
– Etc.
● Kernel starts PID 1 from root file system

20. Initramfs – managed by dracut
● Small root device loaded during boot right after
the kernel
● Created and managed using “dracut”
● Initramfs file located in /boot with kernel
● Must match kernel version
● “lsinitrd” shows/lists content of initramfs
● Extract all using zcat | cpio -i
Extract single file using “lsinitrd -f <file>”

21. Dracut
● Use modules to enable boot features
– Examples: lvm, mdraid, luks, iscsi etc.
● List all modules: dracut –list-modules
● If transposing to new hardware, you may need to
generate a new initramfs with modules fitting
the hardware

22. September 2016 Grub and Dracut
22
Customizing initramfs on boot
● LVM
– rd.lvm=0
disable LVM detection
– rd.lvm.vg=<volume group name>
only activate the volume groups with
the given name.
– rd.lvm.lv=<logical volume name>
only activate the logical volumes with
the given name.
– rd.lvm.conf=0
remove any /etc/lvm/lvm.conf, which
may exist in the initramfs

23. Diagnostics
● Grub Shell
● Initramfs Shell (RD)
● Emergency Shell
● Single User Mode (mode 1)
● MultiUser mode (non graphical) (mode 3)
● Graphical mode (mode 5)

24. Diagnostics: Grub Shell
● Configuration errors in grub.cfg is the most common
cause for going to the shell
● grub>
● The cfg file is nothing but a list of commands that the
grub-shell understands and executes.
● Basic commands to boot a system:
set root=’hd0,msdos1’
kernel /vmlinuz-<version> root=/dev/<root partition> ro
initrd /initramfs-<version>.img
boot

25. Diagnostics: Initramfs Shell (RD)
● Initramfs is very minimal and a bad shell to do recovery in. Use for
boot diagnostics, to see why a device isn’t found, responding etc.
● RD = Root Device
● Parameters are given on the kernel command line
– rd.break
Drop to shell
Options: cmdline, pre-udev, pre-mount, mount, cleanup
– rd.info
Print debug information
– rd.shell
Drop to shell if root mounting fails
– rd.udev.{info|debug}
Set udev to info/debug level in output

26. Diagnostics: Emergency Shell/Mode
● Starts minimal shell on a system where the root
device is mounted (ro).
● Full system command line options – but data
disks, network and other key features are not
enabled.
● Will prompt for root password!
● Kernel Parameter:
systemd.unit=emergency.target

27. Diagnostics: Systemd debug
● Systemd startup process has problems. Used to
debug services and other system management
features controlled by systemd.
● Advanced system diagnostics
● Kernel Parameter:
systemd.debug-shell

28. Diagnostics: Single User Mode (mode 1)
● Goes to shell after all core services are started.
Disks mounted, devices active etc. No network.
● Will prompt for root password!!
● Kernel Parameter:
systemd.target=rescue.target

29. Diagnostics: MultiUser mode (non graphical)
(mode 3)
● Full system running – no graphical sub
component. For most servers, this is the run
target for a normal running system.
● Network active
● Kernel parameter:
systemd.unit=multi-user.target
● Graphical subsystem does not start
● Primary services (web server, data volume) does
not start

30. Diagnostics: Install Disk/Recovery Boot
● Alternative: Use LiveUSB/CD
● Allows full access to root device, fsck of root device
and full recovery/repair
● Limited commands
– Full LVM
– Full File system support
– Bypass root password
● Potential selinux corruption – use with CARE!
– Always run “fixfiles onboot” if major changes are done to
files

31. Demo
● Show traditional BIOS boot system
● Show EFI system
● Recover boot failure

32. How to reset the root password
● The old tricks are no longer valid.
● Add rd.break to kernel command line
● Command line:
– # mount -o remount,rw /sysroot
– # chroot /sysroot
– # passwd
– # touch ./autorelabel
● Exit twice and system will reboot.
● Note, system will relabel ALL files on boot – and this will
take considerable time

33. Questions