Linux systems may seem complex, but at their core, they consist of two fundamental components: the kernel and a root filesystem. Understanding how these elements interact during the boot process can demystify Linux and provide insight into how your system comes to life each time you power it on. The Two Main Components of a Linux Distribution 1. The Linux Kernel The kernel is the heart of any Linux system. It’s responsible for: ...
Boot process - context In general, the boot process looks like this: ROM | DISK Pre-EFI initialization -> EFI firwmare -|> shim -> grub -> Linux The pre-efi initialization is about initializing CPU and devices. Especially, it is responsible for initializing the DRAM controller on the CPU. Before this step the system is in a very precurious state and can only use its cache as memory (aka Cache as RAM). ...
The flow In order to decrypt the root filesystem, the kernel uses a initial ram disk (initramfs). The initramfs provides an temporary filesystem from which extra kernel modules can be loaded, it also contains a set of scripts used to boot the system including scripts to decrypt the user’s root filesystem. This initramfs image is a file stored un-encrypted next to the kernel image. However, unlike the kernel image, it is not signed by the kernel publisher as the iniramfs is generated locally and can be modified by the user. Thus, anyone with physical access to the user’s drive can inject a malicious initramfs that would log the user’s passphrase and thus make FDE useless. ...
To boot the Linux Kernel, most distro use a bootloader and one of the most popular is GRUB. But did you know you can directly boot the Kernel without using a bootloader? DISCLAIMER: This is only for fun and learning, I do not advise anyone to do that on their main system. Be safe, use a VM. VM setup Just a quick recap of what is needed (mostely stolen from powersj’s excelent blog post). ...