THE LINUX/I386 BOOT PROTOCOL
----------------------------
H. Peter Anvin <[email protected]>
Last update 2002-01-01
On the i386 platform, the Linux kernel uses a rather complicated boot
convention. This has evolved partially due to historical aspects, as
well as the desire in the early days to have the kernel itself be a
bootable image, the complicated PC memory model and due to changed
expectations in the PC industry caused by the effective demise of
real-mode DOS as a mainstream operating system.
Currently, four versions of the Linux/i386 boot protocol exist.
Old kernels: zImage/Image support only. Some very early kernels
may not even support a command line.
Protocol 2.00: (Kernel 1.3.73) Added bzImage and initrd support, as
well as a formalized way to communicate between the
boot loader and the kernel. setup.S made relocatable,
although the traditional setup area still assumed
writable.
Protocol 2.01: (Kernel 1.3.76) Added a heap overrun warning.
Protocol 2.02: (Kernel 2.4.0-test3-pre3) New command line protocol.
Lower the conventional memory ceiling. No overwrite
of the traditional setup area, thus making booting
safe for systems which use the EBDA from SMM or 32-bit
BIOS entry points. zImage deprecated but still
supported.
Protocol 2.03: (Kernel 2.4.18-pre1) Explicitly makes the highest possible
initrd address available to the bootloader.
**** MEMORY LAYOUT
The traditional memory map for the kernel loader, used for Image or
zImage kernels, typically looks like:
| |
0A0000 +------------------------+
| Reserved for BIOS | Do not use. Reserved for BIOS EBDA.
09A000 +------------------------+
| Stack/heap/cmdline | For use by the kernel real-mode code.
098000 +------------------------+
| Kernel setup | The kernel real-mode code.
090200 +------------------------+
| Kernel boot sector | The kernel legacy boot sector.
090000 +------------------------+
| Protected-mode kernel | The bulk of the kernel image.
010000 +------------------------+
| Boot loader | <- Boot sector entry point 0000:7C00
001000 +------------------------+
| Reserved for MBR/BIOS |
000800 +------------------------+
| Typically used by MBR |
000600 +------------------------+
| BIOS use only |
000000 +------------------------+
When using bzImage, the protected-mode kernel was relocated to
0x100000 ("high memory"), and the kernel real-mode block (boot sector,
setup, and stack/heap) was made relocatable to any address between
0x10000 and end of low memory. Unfortunately, in protocols 2.00 and
2.01 the command line is still required to live in the 0x9XXXX memory
range, and that memory range is still overwritten by the early kernel.
The 2.02 protocol resolves that problem.
It is desirable to keep the "memory ceiling" -- the highest point in
low memory touched by the boot loader -- as low as possible, since
some newer BIOSes have begun to allocate some rather large amounts of
memory, called the Extended BIOS Data Area, near the top of low
memory. The boot loader should use the "INT 12h" BIOS call to verify
how much low memory is available.
Unfortunately, if INT 12h reports that the amount of memory is too
low, there is usually nothing the boot loader can do but to report an
error to the user. The boot loader should therefore be designed to
take up as little space in low memory as it reasonably can. For
zImage or old bzImage kernels, which need data written into the
0x90000 segment, the boot loader should make sure not to use memory
above the 0x9A000 point; too many BIOSes will break above that point.
**** THE REAL-MODE KERNEL HEADER
In the following text, and anywhere in the kernel boot sequence, "a
sector" refers to 512 bytes. It is independent of the actual sector
size of the underlying medium.
The first step in loading a Linux kernel should be to load the
real-mode code (boot sector and setup code) and then examine the
following header at offset 0x01f1. The real-mode code can total up to
32K, although the boot loader may choose to load only the first two
sectors (1K) and then examine the bootup sector size.
The header looks like:
Offset Proto Name Meaning
/Size
01F1/1 ALL setup_sects The size of the setup in sectors
01F2/2 ALL root_flags If set, the root is mounted readonly
01F4/2 ALL syssize DO NOT USE - for bootsect.S use only
01F6/2 ALL swap_dev DO NOT USE - obsolete
01F8/2 ALL ram_size DO NOT USE - for bootsect.S use only
01FA/2 ALL vid_mode Video mode control
01FC/2 ALL root_dev Default root device number
01FE/2 ALL boot_flag 0xAA55 magic number
0200/2 2.00+ jump Jump instruction
0202/4 2.00+ header Magic signature "HdrS"
0206/2 2.00+ version Boot protocol version supported
0208/4 2.00+ realmode_swtch Boot loader hook (see below)
020C/2 2.00+ start_sys The load-low segment (0x1000) (obsolete)
020E/2 2.00+ kernel_version Pointer to kernel version string
0210/1 2.00+ type_of_loader Boot loader identifier
0211/1 2.00+ loadflags Boot protocol option flags
0212/2 2.00+ setup_move_size Move to high memory size (used with hooks)
0214/4 2.00+ code32_start Boot loader hook (see below)
0218/4 2.00+ ramdisk_image initrd load address (set by boot loader)
021C/4 2.00+ ramdisk_size initrd size (set by boot loader)
0220/4 2.00+ bootsect_kludge DO NOT USE - for bootsect.S use only
0224/2 2.01+ heap_end_ptr Free memory after setup end
0226/2 N/A pad1 Unused
0228/4 2.02+ cmd_line_ptr 32-bit pointer to the kernel command line
022C/4 2.03+ initrd_addr_max Highest legal initrd address
For backwards compatibility, if the setup_sects field contains 0, the
real value is 4.
If the "HdrS" (0x53726448) magic number is not found at offset 0x202,
the boot protocol version is "old". Loading an old kernel, the
following parameters should be assumed:
Image type = zImage
initrd not supported
Real-mode kernel must be located at 0x90000.
Otherwise, the "version" field contains the protocol version,
e.g. protocol version 2.01 will contain 0x0201 in this field. When
setting fields in the header, you must make sure only to set fields
supported by the protocol version in use.
The "kernel_version" field, if set to a nonzero value, contains a
pointer to a null-terminated human-readable kernel version number
string, less 0x200. This can be used to display the kernel version to
the user. This value should be less than (0x200*setup_sects). For
example, if this value is set to 0x1c00, the kernel version number
string can be found at offset 0x1e00 in the kernel file. This is a
valid value if and only if the "setup_sects" field contains the value
14 or higher.
Most boot loaders will simply load the kernel at its target address
directly. Such boot loaders do not need to worry about filling in
most of the fields in the header. The following fields should be
filled out, however:
vid_mode:
Please see the section on SPECIAL COMMAND LINE OPTIONS.
type_of_loader:
If your boot loader has an assigned id (see table below), enter
0xTV here, where T is an identifier for the boot loader and V is
a version number. Otherwise, enter 0xFF here.
Assigned boot loader ids:
0 LILO
1 Loadlin
2 bootsect-loader
3 SYSLINUX
4 EtherBoot
Please contact <[email protected]> if you need a bootloader ID
value assigned.
loadflags, heap_end_ptr:
If the protocol version is 2.01 or higher, enter the
offset limit of the setup heap into heap_end_ptr and set the
0x80 bit (CAN_USE_HEAP) of loadflags. heap_end_ptr appears to
be relative to the start of setup (offset 0x0200).
setup_move_size:
When using protocol 2.00 or 2.01, if the real mode
kernel is not loaded at 0x90000, it gets moved there later in
the loading sequence. Fill in this field if you want
additional data (such as the kernel command line) moved in
addition to the real-mode kernel itself.
ramdisk_image, ramdisk_size:
If your boot loader has loaded an initial ramdisk (initrd),
set ramdisk_image to the 32-bit pointer to the ramdisk data
and the ramdisk_size to the size of the ramdisk data.
The initrd should typically be located as high in memory as
possible, as it may otherwise get overwritten by the early
kernel initialization sequence. However, it must never be
located above the address specified in the initrd_addr_max
field. The initrd should be at least 4K page aligned.
cmd_line_ptr:
If the protocol version is 2.02 or higher, this is a 32-bit
pointer to the kernel command line. The kernel command line
can be located anywhere between the end of setup and 0xA0000.
Fill in this field even if your boot loader does not support a
command line, in which case you can point this to an empty
string (or better yet, to the string "auto".) If this field
is left at zero, the kernel will assume that your boot loader
does not support the 2.02+ protocol.
ramdisk_max:
The maximum address that may be occupied by the initrd
contents. For boot protocols 2.02 or earlier, this field is
not present, and the maximum address is 0x37FFFFFF. (This
address is defined as the address of the highest safe byte, so
if your ramdisk is exactly 131072 bytes long and this field is
0x37FFFFFF, you can start your ramdisk at 0x37FE0000.)
