202.3. Alternate Bootloaders
    202.3 Alternate Bootloaders
Weight: 2
Description: Candidates should be aware of other bootloaders and their major features.
Key Knowledge Areas:
    SYSLINUX, ISOLINUX, PXELINUX
    Understanding of PXE for both BIOS and UEFI
    Awareness of systemd-boot and U-Boot
Terms and Utilities:
    syslinux
    extlinux
    isolinux.bin
    isolinux.cfg
    isohdpfx.bin
    efiboot.img
    pxelinux.0
    pxelinux.cfg/
    uefi/shim.efi
    uefi/grubx64.efi

Linux Boot Loader

The grandfather of all linux boot loaders is LiLo (Linux boot Loader). LiLo has its configuration file in /etc/lilo.conf which was compiled to binary and reside on first sectors of hard disk. But all those good days of simplicity have been passed.
1
#sample lilo.conf of system configured to boot 2 operating system.
2
boot=/dev/hda
3
map=/boot/map
4
install=/boot/boot.b
5
prompt
6
timeout=50
7
message=/boot/message
8
lba32
9
default=linux
10
11
image=/boot/vmlinuz-2.4.0-0.43.6
12
label=linux
13
initrd=/boot/initrd-2.4.0-0.43.6.img
14
read-only
15
root=/dev/hda5
16
17
other=/dev/hda1
18
label=dos
Copied!
LiLo has some shortages which is way grub and grub2 has developed. But beside these Boot Loaders there are some other Boot Loaders which are not leaders but have been developed for specific purposes. As not all system has ext file system, we might need to load linux from inside of other files systems or partitions:
Boor Loader
Supported File System(s)
Used Media
syslinux
ms-dos (FAT32)
USB
ext linux
FAT32 , ext3, ext4
usually used on Hard Disk
iso linux
create .iso files
CD/DVD

syslinux

Lets try syslinux , we want to make a bootable usb disk using syslinux on 8 gig flash with FAT32 file system:
2
NAME MAJ:MIN RM SIZE RO TYPE MOUNTPOINT
3
sdb 8:16 1 7.5G 0 disk
4
└─sdb1 8:17 1 7.5G 0 part /media/myflash
5
sr0 11:0 1 1.5G 0 rom /media/payam/Ubuntu 16.04.3 LTS amd64
6
fd0 2:0 1 4K 0 disk
7
sda 8:0 0 50G 0 disk
8
├─sda2 8:2 0 1K 0 part
9
├─sda5 8:5 0 1021M 0 part [SWAP]
10
└─sda1 8:1 0 49G 0 part /
11
[email protected]:~# umount /media/myflash
12
[email protected]:~# mkfs.vfat -F 32 -n KING8GIG /dev/sdb1
13
mkfs.fat 3.0.28 (2015-05-16)
14
[email protected]:~# fdisk -l /dev/sdb1
15
Disk /dev/sdb1: 7.5 GiB, 8026849280 bytes, 15677440 sectors
16
Units: sectors of 1 * 512 = 512 bytes
17
Sector size (logical/physical): 512 bytes / 512 bytes
18
I/O size (minimum/optimal): 512 bytes / 512 bytes
19
Disklabel type: dos
20
Disk identifier: 0x00000000
Copied!
Lets install syslinux in our system:
1
[email protected]:~# apt install syslinux syslinux-utils
Copied!
And install syslinux on the flash:
1
[email protected]:~# syslinux -maf /dev/sdb1
Copied!
This command copy tiny file /usr/lib/syslinux/mbr/mbr.bin on the first 512 bytes of flash disk and make it bootbale.
1
[email protected]:~# mount /dev/sdb1 /media/myflash/
2
[email protected]:~# mkdir /media/myflash/syslinux
3
[email protected]:~# cp /usr/lib/syslinux/modules/bios/{libcom32.c32,libutil.c32,vesamenu.c32} /media/myflash/syslinux/
Copied!
make a folder in order to put linux sources there:
1
[email protected]:~# mkdir /media/myflash/iso
2
[email protected]:~# mkdir /media/myflash/iso/ubuntu_1604
Copied!
syslinux configuration file is syslinux.cfg, create like this:
1
DEFAULT Ubuntu_1604
2
PROMPT 0
3
allowoptions 0
4
TIMEOUT 100
5
UI vesamenu.c32
6
MENU syslinux USB Multiboot Key
7
8
LABEL Ubuntu_1604
9
MENU LABEL Ubuntu 14.04 Trusty Thar
10
kernel /syslinux/iso/ubuntu_1604/casper/vmlinuz.efi
11
append initrd=/syslinux/iso/ubuntu_1604/casper/initrd.lz live-media-path=/syslinux/iso/ubuntu_1604/casper boot=live console-setup/layoutcode=it ignore_uuid boot=casper quiet splash --
12
13
LABEL 2nd OS
14
MENU LABEL Your 2nd OS
15
kernel
16
append
17
18
LABEL 3rd OS
19
MENU LABEL Your 3rd OS
20
kernel
21
append
Copied!
Now make desired folder in /syslinux/iso/... and copy source files:
1
[email protected]:~# mkdir /media/myflash/syslinux/iso
2
[email protected]:~# mkdir /media/myflash/syslinux/iso/ubuntu_1404
3
[email protected]:~# mkdir /media/ubuntu1404
4
[email protected]:~# mount -t iso9660 -o loop,ro /tmp/ubuntu-14.04.3-desktop-amd64.iso /media/ubuntu1404/
5
[email protected]:~# cp -r /media/ubuntu1404/* /media/myflash/syslinux/iso/ubuntu_1404/
6
cp: cannot create symbolic link '/media/myflash/syslinux/iso/ubuntu_1404/dists/stable': Operation not permitted
7
cp: cannot create symbolic link '/media/myflash/syslinux/iso/ubuntu_1404/dists/unstable': Operation not permitted
8
cp: cannot create symbolic link '/media/myflash/syslinux/iso/ubuntu_1404/ubuntu': Operation not permitted
Copied!
as we are using FAT32 file system symbolic links are not supported so that right, lets chek:

extlinux

extlinux is another member of syslinux family, lets install and use it intead of grub in our system:
1
[email protected]:~# apt install extlinux syslinux-common
2
[email protected]:~# extlinux --install /boot/extlinux/
3
/boot/extlinux/ is device /dev/sda1
4
[email protected]:~# dd if=/usr/lib/syslinux/mbr/mbr.bin of=/dev/sda
5
0+1 records in
6
0+1 records out
7
440 bytes copied, 0.0061595 s, 71.4 kB/s
8
[email protected]:~# cp /usr/lib/syslinux/modules/bios/{libcom32.c32,libutil.c32,vesamenu.c32} /boot/extlinux/
Copied!
and create syslinux.cfg in /boot/extlinux/ directory like this:
1
PROMPT 0
2
TIMEOUT 100
3
UI vesamenu.c32
4
MENU TITLE extlinux bootloader menu
5
label Ubuntu
6
menu label Ubuntu 16.04.3
7
kernel /boot/vmlinuz-4.10.0-28-generic
8
append root=/dev/sda1 initrd=/boot/initrd.img-4.10.0-28-generic
Copied!
and enjoy the result:

isolinux

1
[email protected]:~# wget https://www.kernel.org/pub/linux/utils/boot/syslinux/syslinux-6.03.tar.gz
2
[email protected]:~# tar -xvf syslinux-6.03.tar.gz
4
total 11404
5
drwxrwxr-x 33 1026 1026 4096 Oct 6 2014 syslinux-6.03
6
-rw-r--r-- 1 root root 11671940 Oct 6 2014 syslinux-6.03.tar.gz
7
[email protected]:~# mkdir cdroot
8
9
[email protected]:~# cp syslinux-6.03/bios/core/isolinux.bin cdroot/
10
11
[email protected]:~# cp syslinux-6.03/bios/com32/elflink/ldlinux/ldlinux.c32 cdroot/
12
13
[email protected]:~# cp syslinux-6.03/bios/com32/lib/libcom32.c32 cdroot/
14
[email protected]:~# cp syslinux-6.03/bios/com32/libutil/libutil.c32 cdroot/
15
[email protected]:~# cp syslinux-6.03/bios/com32/menu/vesamenu.c32 cdroot/
16
17
[email protected]:~# cp /boot/vmlinuz-4.10.0-28-generic cdroot/vmlinuz
18
[email protected]:~# cp /boot/initrd.img-4.10.0-28-generic cdroot/initrd
Copied!
now create isolinux.cfg file insode cdroot/ directory :
1
PROMPT 0
2
TIMEOUT 100
3
UI vesamenu.c32
4
MENU TITLE isolinux bootloader menu
5
label Ubuntu
6
menu label Ubuntu 16.04.3
7
kernel vmlinuz
8
append initrd=initrd root=/dev/sda1
Copied!
Lets create bootable media from folder that we have made:
1
[email protected]:~# cp syslinux-6.03/bios/core/isolinux.bin .
2
[email protected]:~# mkisofs -o bootcd.iso -b isolinux.bin -c boot.cat -no-emul-boot -boot-load-size 4 -boot-info-table -input-charset utf8 cdroot
3
Size of boot image is 4 sectors -> No emulation
4
20.58% done, estimate finish Sun Dec 24 00:31:31 2017
5
41.09% done, estimate finish Sun Dec 24 00:31:33 2017
6
61.66% done, estimate finish Sun Dec 24 00:31:32 2017
7
82.17% done, estimate finish Sun Dec 24 00:31:32 2017
8
Total translation table size: 2048
9
Total rockridge attributes bytes: 0
10
Total directory bytes: 0
11
Path table size(bytes): 10
12
Max brk space used 0
13
24339 extents written (47 MB)
Copied!
and lets boot the system with bootcd.iso :
you can see that the system will be booted up using initrd and vmlinuz that we have put in CD and then follow next required steps from hard disk.

uefi/shim.efi & uefi/grubx64.efi

As we have talked uefi runs everything which we have put inside EFI System Partition, special FAT32 partition. So from security perspective its some how dangerous. Because boot loaders might be changed or manipulated.To avoid that we can digitally sign boot loaders. But the problem is that boot loaders update! They are changed time to time. Using a tiny fix boot loader before main boot bootloader which loads before main bootloader(grub) and run it in sub sequence. So in case of update or upgrade this tiny boot loader remains safe and secure and just watch for grub folder changes in order to refer to it. this tine bootloader is shim.efi.
1
[email protected]:/boot/efi/EFI/ubuntu# pwd
2
/boot/efi/EFI/ubuntu
3
[email protected]:/boot/efi/EFI/ubuntu# tree
4
.
5
├── fw
6
├── fwupx64.efi
7
├── grub.cfg
8
├── grubx64.efi
9
├── mmx64.efi
10
└── shimx64.efi
11
12
1 directory, 5 files
13
14
[email protected]:/boot/efi/EFI/ubuntu# dpkg -S shimx64.efi
15
shim: /usr/lib/shim/shimx64.efi
16
shim-signed: /usr/lib/shim/shimx64.efi.signed
Copied!
lets take a look at inside and verify if its calling grub:
1
[email protected]:/boot/efi/EFI/ubuntu# hexdump -C shimx64.efi | egrep -i -C 2 'grub|g.r.u.b'
2
000ab900 74 00 20 00 4d 00 6f 00 6b 00 49 00 67 00 6e 00 |t. .M.o.k.I.g.n.|
3
000ab910 6f 00 72 00 65 00 44 00 42 00 3a 00 20 00 25 00 |o.r.e.D.B.:. .%.|
4
000ab920 72 00 0a 00 00 00 5c 00 67 00 72 00 75 00 62 00 |r.....\.g.r.u.b.|
5
000ab930 78 00 36 00 34 00 2e 00 65 00 66 00 69 00 00 00 |x.6.4...e.f.i...|
6
000ab940 46 00 61 00 69 00 6c 00 65 00 64 00 20 00 74 00 |F.a.i.l.e.d. .t.|
7
--
8
000abcb0 69 00 6e 00 20 00 69 00 6e 00 73 00 65 00 63 00 |i.n. .i.n.s.e.c.|
9
000abcc0 75 00 72 00 65 00 20 00 6d 00 6f 00 64 00 65 00 |u.r.e. .m.o.d.e.|
10
000abcd0 0a 00 00 00 00 00 00 00 5c 67 72 75 62 78 36 34 |........\grubx64|
11
000abce0 2e 65 66 69 00 74 66 74 70 3a 2f 2f 00 00 00 00 |.efi.tftp://....|
12
000abcf0 55 00 52 00 4c 00 53 00 20 00 4d 00 55 00 53 00 |U.R.L.S. .M.U.S.|
13
--
14
00111990 58 35 30 39 5f 41 54 54 52 49 42 55 54 45 5f 63 |X509_ATTRIBUTE_c|
15
001119a0 72 65 61 74 65 5f 62 79 5f 4f 42 4a 00 69 6e 69 |reate_by_OBJ.ini|
16
001119b0 74 5f 67 72 75 62 00 58 35 30 39 5f 74 72 75 73 |t_grub.X509_trus|
17
001119c0 74 5f 63 6c 65 61 72 00 42 49 4f 5f 73 5f 6e 75 |t_clear.BIO_s_nu|
18
001119d0 6c 6c 00 58 35 30 39 76 33 5f 67 65 74 5f 65 78 |ll.X509v3_get_ex|
Copied!
and to see what is inside grubx64.efi:
1
[email protected]:/boot/efi/EFI/ubuntu# strings grubx64.efi | grep grub.cfg
2
%s/grub.cfg
3
4
[email protected]:/boot/efi/EFI/ubuntu# dpkg -S shimx64.efi
5
shim: /usr/lib/shim/shimx64.efi
6
shim-signed: /usr/lib/shim/shimx64.efi.signed
Copied!

PXELINUX

Up to now we have booted up our system with Hard Disk, USB drive and CD/DVD ROM. The last topic here is booting up your system trough the network. Pixie or Pre Execution Environment is a name which is called to this environment. It describe standardize client-server environment at which client has a pxe-support network interface and its able to boot up from the network. Obviously client cant be alone in this environment and we need DHCP, TFTP and nfs servers.

How dose it work ?

When Client boots up it starts asking for an ip address, DHCP server receives its requests and as our client is pxe-support, DHCP gives it an IP Address and the IP address of TFTP server and required files. Now taht client has an IP address goes for TFTP server and download boot loader and the kernel stuff form TFTP server. Kernel and its modules are downloaded by the client trough the network and they are loaded into RAM. And part of kernel loading process it Tries to mount root partition by mounting it from a NFS server. and system boots up .
Last modified 2yr ago