Lab 2: OS main components

Environment Preparation

1. Ensure that you enabled EFI standard of booting. How did you check this?

Exercise 1: GPT partition

• Check the currently connected storage devices

  $ fdisk -l
  

  Locate the bootable device on your machine from the output

  Disk /dev/sda: 931,53 GiB, 1000204886016 bytes, 1953525168 sectors
  Disk model: WDC WD10EZEX-60M
  Units: sectors of 1 * 512 = 512 bytes
  Sector size (logical/physical): 512 bytes / 4096 bytes
  I/O size (minimum/optimal): 4096 bytes / 4096 bytes
  Disklabel type: gpt
  Disk identifier: F3C9420A-67A8-4E94-B0E1-F0CED23135AC
  

MBR Dump and Analysis

• MBR starts at logical block address (LBA) 0 of the GPT layout. Use dd to dump the first 512 bytes from LBA 0.

  $ sudo dd if=/dev/sda bs=512 count=1 skip=0 > lba.0
  

  The if option specifies the disk we want to dump from, bs indicates the LBA size, count specifies how many LBAs we want to dump, and skip indicates the sector we will start the dump from.

• Use hexedit to view the MBR dump.

  $ hexedit lba.0
  

  000001B0   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
  000001C0   02 00 EE FF  FF FF 01 00  00 00 AF 6D  70 74 00 00  ...........mpt..
  000001D0   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
  000001E0   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
  000001F0   00 00 00 00  00 00 00 00  00 00 00 00  00 00 55 AA  ..............U.
  

  At index 1BE, the value 00 indicates that it is not a bootable MBR device.
  00 02 00 (512 in decimal) indicates where the GPT header is located.

GPT Header Dump and Analysis

• GPT header starts from LBA 1. Use dd to dump the 512 bytes in sector 1:

  $ sudo dd if=/dev/sda bs=512 count=1 skip=1 > lba.1
  

• View the GPT dump with hexedit

  $ hexedit lba.1
  

  00000000   45 46 49 20  50 41 52 54  00 00 01 00  5C 00 00 00  EFI PART....\...
  00000010   A6 5A 8D 0B  00 00 00 00  01 00 00 00  00 00 00 00  .Z..............
  00000020   AF 6D 70 74  00 00 00 00  22 00 00 00  00 00 00 00  .mpt....".......
  00000030   8E 6D 70 74  00 00 00 00  0A 42 C9 F3  A8 67 94 4E  .mpt.....B...g.N
  00000040   B0 E1 F0 CE  D2 31 35 AC  02 00 00 00  00 00 00 00  .....15.........
  00000050   80 00 00 00  80 00 00 00  FB B5 7D D9  00 00 00 00  ..........}.....
  00000060   00 00 00 00  00 00 00 00  00 00 00 00  00 00 00 00  ................
  

  Notice45 46 49 20 50 41 52 54 or EFI PART identifies this as an EFI-compatible GPT header.

  Additional material
  GUID Partition Table http://www.ntfs.com/guid-part-table.htm

Questions to answer

1. What is fdisk utility used for?
2. Show the bootable device(s) on your machine, and identify which partition(s) are bootable.
3. What is logical block address?
4. Why did we specify the count, the bs, and the skip options when using dd?
5. Why does a GPT formatted disk have the MBR?
6. Name two differences between primary and logical partitions in an MBR partitioning scheme

Exercise 2 - UEFI Booting

The Unified Extensible Firmware Interface Specification describes an interface between the operating system and the platform firmware.

1. Boot sequence

• Platform initialization to prepare the hardware (memory, storage devices, peripherals).

• Power on Self Test (POST)

• The firmware has the BootEntry variables in the NVRAM (non-volatile random-access memory). This contains a list of bootable devices and programs on the computer.
  The BootOrder is the sequence that the firmware will check for system boot files.
  To view the boot entry on a UEFI enabled system, run efibootmgr -v

  $ efibootmgr -v
  BootCurrent: 0012
  Timeout: 1 seconds
  BootOrder: 0012,0010,0011,000D,0001,0009,0008,0000,0002
  Boot0000* Windows Boot Manager	VenHw(99e27c00cb...)WINDOWS.........x...B.C.D.O.B.J.E.C.T.=.{.9.d.e.a.8.6.2.c.-.5.c.d.d.-.4.e.7.0.-.a.c.c.1.-.f.3.2.b.3.4.4.d.4.7.9.5.}...a................
  Boot0001* debian	VenHw(99e275eb...)
  Boot0002* ubuntu	VenHw(99e27b...)
  Boot0008* Generic Usb Device	VenHw(99e275b...)
  Boot0009* CD/DVD Device	VenHw(99e275cb...)
  Boot000D* Realtek PXE B01 D00	BBS(Network,,0x0)..BO
  Boot0010* TOSHIBA DT01ACA050                LENOVO	BBS(HD,,0x0)..BO
  Boot0011* TOSHIBA HDWD130	BBS(HD,,0x0)..BO
  Boot0012* ubuntu	HD(2,GPT,14fc7215-4232-53ac-dbd0-9a1e007acead,0x1000,0x100800)/File(\EFI\Ubuntu\shimx64.efi)..BO
  

  From the output above, shim is going to be loaded first on the system.

  Shim is the pre-bootloader that runs on UEFI systems. It is signed by Microsoft, and it is used to load the “real” bootloader: GRUB.

• The firmware validates and loads the shim binary.

  $ ls -lah /boot/efi/EFI/ubuntu/
  

• Shim then loads GRUB bootloader.

  Shim reads the partition table of the storage and mounts the EFI System Partition (ESP). The EFI partition is typically mounted at /boot/efi/ on Ubuntu and all specific Ubuntu files are located at /boot/efi/EFI/ubuntu/.

  $ ls -lah /boot/efi/
  

• The UEFI boot manager selects the GRUB file located at /boot/efi/EFI/ubuntu/grub*.efi and runs it.

  The user will be prompted to select an application to run if there are other UEFI applications in the ESP root directory.

• GRUB will determine which operating system kernel to start based on the configuration. The operating system kernel is loaded into memory and the control of the system is transferred to it.

  GRUB provides more compatibility for UEFI firmware. When loaded, GRUB can boot kernel images from all devices, partitions, and file systems it supports without being restricted to the capabilities of UEFI (FAT). GRUB also gives users the privilege to make changes during boot time which includes: modifying initrd, changing boot entries, and selecting kernels.
  

• Once loaded, the kernel will disable the firmware’s Boot Services.

Questions to answer

1. Why is Shim used to load the GRUB bootloader?
2. Can you locate your grub configuration file? Show the path.
3. According to the boot order, what is the third boot device on your computer? How did you check this?

Exercise 3: Filesystem

• View filesystem of block devices

  $ lsblk -f
  

• View all /dev filesystems

  $ ls -lah /dev
  

• View memory info from the /proc filesystem

  $ cat /proc/meminfo
  

Questions to answer

1. How many inodes are in use on your system?
2. What is the filesystem type of the EFI partition?
3. What device is mounted at your root / directory? Show proof.
4. What is your partition UUID?
5. Show at least two methods of viewing the UUID of a block device.
6. What is the function of /dev/zero?