Table of Contents
Red Hat Boot Process
Summary: Explaining the Red Hat Boot process.
Date: Around 2014
Refactor: 29 March 2025: Checked links and formatting.
Red Hat has a 4 stage boot process:
- BIOS
- GRUB
- Kernel
- Init
BIOS
The BIOS, also known as Basic Input/Output System is the firmware built into the hardware that initializes the hardware and prepares the system to start an OS.
There are two main functions:
- Detects and initializes the hardware
- Determines the device to boot from
Normally it can be interrupted using Vendor Specific or Functions Keys:
- F1/F2: Often used for opening the BIOS configuration utility
- vSphere (VMware) uses the F2 key, but it also allows you to configure the VM to automatically boot into BIOS
- F12: Often used to perform a one-time override of the boot device
GRUB
GRUB, the GRand Unified Bootloader, is loaded by the BIOS and is used to select the Operating System.
There are three main functions:
- Loads Initial RAM file system (initramfs)
- Loads and executes kernel
- Provides kernel's command line
GRUB can be interrupted to:
- Use
eorato select a different kernel image or edit the kernel command line - Edit the kernel command line to boot into single user mode
- Use
eto go into editing - Select the second line (the kernel line)
- At the end, add
singleto the line - Press
bto boot the system
- Boot with
init=/bin/bash- Use
eto go into editing - Select the second line (the kernel line)
- At the end, add
init=/bin/bashto the line - Press
bto boot the system
The last option opens a command line to do some basic system troubleshooting. However, the filesystems will be mounted by default as readonly. You can remount the filesystems like this:
mount -o remount,rw /
Now you could, for example reset the root password using the passwd command.
Grub.conf
This is the /boot/grub/grub.conf config file:
[root@localhost ~]# cat /boot/grub/grub.conf
# grub.conf generated by anaconda
#
# Note that you do not have to rerun grub after making changes to this file
# NOTICE: You have a /boot partition. This means that
# all kernel and initrd paths are relative to /boot/, eg.
# root (hd0,0)
# kernel /vmlinuz-version ro root=/dev/sda2
# initrd /initrd-[generic-]version.img
#boot=/dev/sda
default=0
timeout=5
splashimage=(hd0,0)/grub/splash.xpm.gz
hiddenmenu
title Red Hat Enterprise Linux (2.6.32-431.el6.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32-431.el6.x86_64 ro root=UUID=57d2527c-66f3-46d8-a7b5-dd45be6169ab rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
initrd /initramfs-2.6.32-431.el6.x86_64.img
[root@localhost ~]#
Securing GRUB
You can secure GRUB to prevent it from being edited. It's a two step system:
- Create a password string using the grub crypt command
- Add this string to the grub.conf file
So first create the password string:
[root@localhost ~]# grub-md5-crypt Password: Retype password: $1$7l1/g1$qQ2Q/KR6iI8FGL9r/O0d11
Now add this string to the grub.conf file:
....
hiddenmenu
password --md5 $1$7l1/g1$qQ2Q/KR6iI8FGL9r/O0d11
title Red Hat Enterprise Linux (2.6.32-431.el6.x86_64)
root (hd0,0)
kernel /vmlinuz-2.6.32-431.el6.x86_64 ro root=UUID=57d2527c-66f3-46d8-a7b5-dd45be6169ab rd_NO_LUKS rd_NO_LVM LANG=en_US.UTF-8 rd_NO_MD SYSFONT=latarcyrheb-sun16 crashkernel=auto KEYBOARDTYPE=pc KEYTABLE=us rd_NO_DM rhgb quiet
initrd /initramfs-2.6.32-431.el6.x86_64.img
Now you can still boot without a password, but if you'd like to edit these options you are requested to enter a password:
Kernel
The kernel is the heart of the OS, it manages the hardware. Drivers are integrated into the kernel.
There are four main functions:
- Detect hardware devices
- Load device drivers (modules) for the devices
- Mount the root file system read only
Start the initial process init
The only way to generally influence this is through GRUB. You can load kernel modules after the initial boot:
- Use
lsmodto show loaded kernel modules - Use
modinfoto display more info about a particular module - Use
modprobe <module_name>to load a module, and usemodprobe -vto also show the loading of dependent modules - Use
modprobe -r <module_name>to unload a module
Lsmod displays the module, how much memory it takes up, and the number of processes that are using the module:
[root@localhost ~]# lsmod Module Size Used by lp 9242 0 rfcomm 74119 4 sco 18005 2 bridge 83177 0 bnep 16690 2 l2cap 55682 16 rfcomm,bnep bnx2fc 90507 0 cnic 57079 1 bnx2fc uio 10462 1 cnic fcoe 23298 0 libfcoe 56791 2 bnx2fc,fcoe libfc 108670 3 bnx2fc,fcoe,libfcoe scsi_transport_fc 55299 3 bnx2fc,fcoe,libfc 8021q 25349 0 scsi_tgt 12077 1 scsi_transport_fc garp 7152 1 8021q stp 2218 2 bridge,garp llc 5546 3 bridge,garp,stp ipt_REJECT 2351 9 nf_conntrack_ipv4 9506 4 nf_defrag_ipv4 1483 1 nf_conntrack_ipv4 iptable_filter 2793 1 ip_tables 17831 1 iptable_filter nf_conntrack_ftp 12913 0 ip6t_REJECT 4628 8 nf_conntrack_ipv6 8748 4 nf_defrag_ipv6 11182 1 nf_conntrack_ipv6 xt_state 1492 8 nf_conntrack 79758 4 nf_conntrack_ipv4,nf_conntrack_ftp,nf_conntrack_ipv6,xt_state ip6table_filter 2889 1 ip6_tables 18732 1 ip6table_filter ipv6 317340 156 cnic,ip6t_REJECT,nf_conntrack_ipv6,nf_defrag_ipv6 fuse 73530 2 vmhgfs 49720 0 vsock 46726 0 uinput 7992 0 microcode 112685 0 ppdev 8537 0 vmware_balloon 7199 0 btusb 16851 2 bluetooth 99271 9 rfcomm,sco,bnep,l2cap,btusb rfkill 19255 2 bluetooth snd_ens1371 21587 2 snd_rawmidi 23017 1 snd_ens1371 snd_ac97_codec 124967 1 snd_ens1371 ac97_bus 1452 1 snd_ac97_codec snd_seq 55727 0 snd_seq_device 6500 2 snd_rawmidi,snd_seq snd_pcm 87409 2 snd_ens1371,snd_ac97_codec snd_timer 22443 2 snd_seq,snd_pcm snd 70569 11 snd_ens1371,snd_rawmidi,snd_ac97_codec,snd_seq,snd_seq_device,snd_pcm,snd_timer soundcore 7958 1 snd snd_page_alloc 8856 1 snd_pcm e1000 170646 0 parport_pc 22690 1 parport 36209 3 lp,ppdev,parport_pc sg 29350 0 vmci 74263 2 vmhgfs,vsock i2c_piix4 12608 0 i2c_core 31084 1 i2c_piix4 shpchp 32778 0 ext4 374902 3 jbd2 93427 1 ext4 mbcache 8193 1 ext4 sr_mod 15177 0 cdrom 39085 1 sr_mod sd_mod 39069 6 crc_t10dif 1541 1 sd_mod ahci 42215 0 pata_acpi 3701 0 ata_generic 3837 0 ata_piix 24601 0 mptspi 16603 4 mptscsih 36700 1 mptspi mptbase 93615 2 mptspi,mptscsih scsi_transport_spi 25863 1 mptspi dm_mirror 14384 0 dm_region_hash 12085 1 dm_mirror dm_log 9930 2 dm_mirror,dm_region_hash dm_mod 84209 2 dm_mirror,dm_log
Modinfo show general info and parameters:
[root@localhost ~]# modinfo e1000 filename: /lib/modules/2.6.32-431.el6.x86_64/kernel/drivers/net/e1000/e1000.ko version: 7.3.21-k8-NAPI license: GPL description: Intel(R) PRO/1000 Network Driver author: Intel Corporation, <linux.nics@intel.com> srcversion: 1D4F1E82BB99EA36D320B1B alias: pci:v00008086d00002E6Esv*sd*bc*sc*i* .... alias: pci:v00008086d00001000sv*sd*bc*sc*i* depends: vermagic: 2.6.32-431.el6.x86_64 SMP mod_unload modversions parm: TxDescriptors:Number of transmit descriptors (array of int) parm: RxDescriptors:Number of receive descriptors (array of int) parm: Speed:Speed setting (array of int) parm: Duplex:Duplex setting (array of int) parm: AutoNeg:Advertised auto-negotiation setting (array of int) parm: FlowControl:Flow Control setting (array of int) parm: XsumRX:Disable or enable Receive Checksum offload (array of int) parm: TxIntDelay:Transmit Interrupt Delay (array of int) parm: TxAbsIntDelay:Transmit Absolute Interrupt Delay (array of int) parm: RxIntDelay:Receive Interrupt Delay (array of int) parm: RxAbsIntDelay:Receive Absolute Interrupt Delay (array of int) parm: InterruptThrottleRate:Interrupt Throttling Rate (array of int) parm: SmartPowerDownEnable:Enable PHY smart power down (array of int) parm: KumeranLockLoss:Enable Kumeran lock loss workaround (array of int) parm: copybreak:Maximum size of packet that is copied to a new buffer on receive (uint) parm: debug:Debug level (0=none,...,16=all) (int)
And an example of loading and unloading a kernel module:
[root@localhost ~]# modprobe -v wacom insmod /lib/modules/2.6.32-431.el6.x86_64/kernel/drivers/input/tablet/wacom.ko [root@localhost ~]# modprobe -r wacom
Init
The first process that starts is init, it is responsible for starting all remaining processes, directly or indirectly.
These steps are taken:
- Init runs the /etc/init/rcS.conf job which:
- Runs /etc/rc.d/rc.sysinit ro start LVM, mount filesystems, set system clock and other things
- Check /etc/inittab for the runlevel
- Tells the runlevel to init
- The runlevel event makes init run the /etc/init/rc.conf job which
- Runs /etc/etc/rc.d/rc script with the runlevel as argument
You can take a look at the process by:
- Pressing
ALT-TABfrom a graphical environment to view error messages - Pressing
ALT-F11to watch the boot process as it happens - Press
I(capitali) during service startup to select services interactively
This last option will show a screen like this:
