Based on kernel version 2.6.26. Page generated on 2008-07-16 21:12 EST.
1 THE LINUX/I386 BOOT PROTOCOL 2 ---------------------------- 3 4 H. Peter Anvin <hpa[AT]zytor[DOT]com> 5 Last update 2007-05-23 6 7 On the i386 platform, the Linux kernel uses a rather complicated boot 8 convention. This has evolved partially due to historical aspects, as 9 well as the desire in the early days to have the kernel itself be a 10 bootable image, the complicated PC memory model and due to changed 11 expectations in the PC industry caused by the effective demise of 12 real-mode DOS as a mainstream operating system. 13 14 Currently, the following versions of the Linux/i386 boot protocol exist. 15 16 Old kernels: zImage/Image support only. Some very early kernels 17 may not even support a command line. 18 19 Protocol 2.00: (Kernel 1.3.73) Added bzImage and initrd support, as 20 well as a formalized way to communicate between the 21 boot loader and the kernel. setup.S made relocatable, 22 although the traditional setup area still assumed 23 writable. 24 25 Protocol 2.01: (Kernel 1.3.76) Added a heap overrun warning. 26 27 Protocol 2.02: (Kernel 2.4.0-test3-pre3) New command line protocol. 28 Lower the conventional memory ceiling. No overwrite 29 of the traditional setup area, thus making booting 30 safe for systems which use the EBDA from SMM or 32-bit 31 BIOS entry points. zImage deprecated but still 32 supported. 33 34 Protocol 2.03: (Kernel 2.4.18-pre1) Explicitly makes the highest possible 35 initrd address available to the bootloader. 36 37 Protocol 2.04: (Kernel 2.6.14) Extend the syssize field to four bytes. 38 39 Protocol 2.05: (Kernel 2.6.20) Make protected mode kernel relocatable. 40 Introduce relocatable_kernel and kernel_alignment fields. 41 42 Protocol 2.06: (Kernel 2.6.22) Added a field that contains the size of 43 the boot command line 44 45 46 **** MEMORY LAYOUT 47 48 The traditional memory map for the kernel loader, used for Image or 49 zImage kernels, typically looks like: 50 51 | | 52 0A0000 +------------------------+ 53 | Reserved for BIOS | Do not use. Reserved for BIOS EBDA. 54 09A000 +------------------------+ 55 | Command line | 56 | Stack/heap | For use by the kernel real-mode code. 57 098000 +------------------------+ 58 | Kernel setup | The kernel real-mode code. 59 090200 +------------------------+ 60 | Kernel boot sector | The kernel legacy boot sector. 61 090000 +------------------------+ 62 | Protected-mode kernel | The bulk of the kernel image. 63 010000 +------------------------+ 64 | Boot loader | <- Boot sector entry point 0000:7C00 65 001000 +------------------------+ 66 | Reserved for MBR/BIOS | 67 000800 +------------------------+ 68 | Typically used by MBR | 69 000600 +------------------------+ 70 | BIOS use only | 71 000000 +------------------------+ 72 73 74 When using bzImage, the protected-mode kernel was relocated to 75 0x100000 ("high memory"), and the kernel real-mode block (boot sector, 76 setup, and stack/heap) was made relocatable to any address between 77 0x10000 and end of low memory. Unfortunately, in protocols 2.00 and 78 2.01 the 0x90000+ memory range is still used internally by the kernel; 79 the 2.02 protocol resolves that problem. 80 81 It is desirable to keep the "memory ceiling" -- the highest point in 82 low memory touched by the boot loader -- as low as possible, since 83 some newer BIOSes have begun to allocate some rather large amounts of 84 memory, called the Extended BIOS Data Area, near the top of low 85 memory. The boot loader should use the "INT 12h" BIOS call to verify 86 how much low memory is available. 87 88 Unfortunately, if INT 12h reports that the amount of memory is too 89 low, there is usually nothing the boot loader can do but to report an 90 error to the user. The boot loader should therefore be designed to 91 take up as little space in low memory as it reasonably can. For 92 zImage or old bzImage kernels, which need data written into the 93 0x90000 segment, the boot loader should make sure not to use memory 94 above the 0x9A000 point; too many BIOSes will break above that point. 95 96 For a modern bzImage kernel with boot protocol version >= 2.02, a 97 memory layout like the following is suggested: 98 99 ~ ~ 100 | Protected-mode kernel | 101 100000 +------------------------+ 102 | I/O memory hole | 103 0A0000 +------------------------+ 104 | Reserved for BIOS | Leave as much as possible unused 105 ~ ~ 106 | Command line | (Can also be below the X+10000 mark) 107 X+10000 +------------------------+ 108 | Stack/heap | For use by the kernel real-mode code. 109 X+08000 +------------------------+ 110 | Kernel setup | The kernel real-mode code. 111 | Kernel boot sector | The kernel legacy boot sector. 112 X +------------------------+ 113 | Boot loader | <- Boot sector entry point 0000:7C00 114 001000 +------------------------+ 115 | Reserved for MBR/BIOS | 116 000800 +------------------------+ 117 | Typically used by MBR | 118 000600 +------------------------+ 119 | BIOS use only | 120 000000 +------------------------+ 121 122 ... where the address X is as low as the design of the boot loader 123 permits. 124 125 126 **** THE REAL-MODE KERNEL HEADER 127 128 In the following text, and anywhere in the kernel boot sequence, "a 129 sector" refers to 512 bytes. It is independent of the actual sector 130 size of the underlying medium. 131 132 The first step in loading a Linux kernel should be to load the 133 real-mode code (boot sector and setup code) and then examine the 134 following header at offset 0x01f1. The real-mode code can total up to 135 32K, although the boot loader may choose to load only the first two 136 sectors (1K) and then examine the bootup sector size. 137 138 The header looks like: 139 140 Offset Proto Name Meaning 141 /Size 142 143 01F1/1 ALL(1 setup_sects The size of the setup in sectors 144 01F2/2 ALL root_flags If set, the root is mounted readonly 145 01F4/4 2.04+(2 syssize The size of the 32-bit code in 16-byte paras 146 01F8/2 ALL ram_size DO NOT USE - for bootsect.S use only 147 01FA/2 ALL vid_mode Video mode control 148 01FC/2 ALL root_dev Default root device number 149 01FE/2 ALL boot_flag 0xAA55 magic number 150 0200/2 2.00+ jump Jump instruction 151 0202/4 2.00+ header Magic signature "HdrS" 152 0206/2 2.00+ version Boot protocol version supported 153 0208/4 2.00+ realmode_swtch Boot loader hook (see below) 154 020C/2 2.00+ start_sys The load-low segment (0x1000) (obsolete) 155 020E/2 2.00+ kernel_version Pointer to kernel version string 156 0210/1 2.00+ type_of_loader Boot loader identifier 157 0211/1 2.00+ loadflags Boot protocol option flags 158 0212/2 2.00+ setup_move_size Move to high memory size (used with hooks) 159 0214/4 2.00+ code32_start Boot loader hook (see below) 160 0218/4 2.00+ ramdisk_image initrd load address (set by boot loader) 161 021C/4 2.00+ ramdisk_size initrd size (set by boot loader) 162 0220/4 2.00+ bootsect_kludge DO NOT USE - for bootsect.S use only 163 0224/2 2.01+ heap_end_ptr Free memory after setup end 164 0226/2 N/A pad1 Unused 165 0228/4 2.02+ cmd_line_ptr 32-bit pointer to the kernel command line 166 022C/4 2.03+ initrd_addr_max Highest legal initrd address 167 0230/4 2.05+ kernel_alignment Physical addr alignment required for kernel 168 0234/1 2.05+ relocatable_kernel Whether kernel is relocatable or not 169 0235/3 N/A pad2 Unused 170 0238/4 2.06+ cmdline_size Maximum size of the kernel command line 171 023C/4 2.07+ hardware_subarch Hardware subarchitecture 172 0240/8 2.07+ hardware_subarch_data Subarchitecture-specific data 173 174 (1) For backwards compatibility, if the setup_sects field contains 0, the 175 real value is 4. 176 177 (2) For boot protocol prior to 2.04, the upper two bytes of the syssize 178 field are unusable, which means the size of a bzImage kernel 179 cannot be determined. 180 181 If the "HdrS" (0x53726448) magic number is not found at offset 0x202, 182 the boot protocol version is "old". Loading an old kernel, the 183 following parameters should be assumed: 184 185 Image type = zImage 186 initrd not supported 187 Real-mode kernel must be located at 0x90000. 188 189 Otherwise, the "version" field contains the protocol version, 190 e.g. protocol version 2.01 will contain 0x0201 in this field. When 191 setting fields in the header, you must make sure only to set fields 192 supported by the protocol version in use. 193 194 195 **** DETAILS OF HEADER FIELDS 196 197 For each field, some are information from the kernel to the bootloader 198 ("read"), some are expected to be filled out by the bootloader 199 ("write"), and some are expected to be read and modified by the 200 bootloader ("modify"). 201 202 All general purpose boot loaders should write the fields marked 203 (obligatory). Boot loaders who want to load the kernel at a 204 nonstandard address should fill in the fields marked (reloc); other 205 boot loaders can ignore those fields. 206 207 The byte order of all fields is littleendian (this is x86, after all.) 208 209 Field name: setup_sects 210 Type: read 211 Offset/size: 0x1f1/1 212 Protocol: ALL 213 214 The size of the setup code in 512-byte sectors. If this field is 215 0, the real value is 4. The real-mode code consists of the boot 216 sector (always one 512-byte sector) plus the setup code. 217 218 Field name: root_flags 219 Type: modify (optional) 220 Offset/size: 0x1f2/2 221 Protocol: ALL 222 223 If this field is nonzero, the root defaults to readonly. The use of 224 this field is deprecated; use the "ro" or "rw" options on the 225 command line instead. 226 227 Field name: syssize 228 Type: read 229 Offset/size: 0x1f4/4 (protocol 2.04+) 0x1f4/2 (protocol ALL) 230 Protocol: 2.04+ 231 232 The size of the protected-mode code in units of 16-byte paragraphs. 233 For protocol versions older than 2.04 this field is only two bytes 234 wide, and therefore cannot be trusted for the size of a kernel if 235 the LOAD_HIGH flag is set. 236 237 Field name: ram_size 238 Type: kernel internal 239 Offset/size: 0x1f8/2 240 Protocol: ALL 241 242 This field is obsolete. 243 244 Field name: vid_mode 245 Type: modify (obligatory) 246 Offset/size: 0x1fa/2 247 248 Please see the section on SPECIAL COMMAND LINE OPTIONS. 249 250 Field name: root_dev 251 Type: modify (optional) 252 Offset/size: 0x1fc/2 253 Protocol: ALL 254 255 The default root device device number. The use of this field is 256 deprecated, use the "root=" option on the command line instead. 257 258 Field name: boot_flag 259 Type: read 260 Offset/size: 0x1fe/2 261 Protocol: ALL 262 263 Contains 0xAA55. This is the closest thing old Linux kernels have 264 to a magic number. 265 266 Field name: jump 267 Type: read 268 Offset/size: 0x200/2 269 Protocol: 2.00+ 270 271 Contains an x86 jump instruction, 0xEB followed by a signed offset 272 relative to byte 0x202. This can be used to determine the size of 273 the header. 274 275 Field name: header 276 Type: read 277 Offset/size: 0x202/4 278 Protocol: 2.00+ 279 280 Contains the magic number "HdrS" (0x53726448). 281 282 Field name: version 283 Type: read 284 Offset/size: 0x206/2 285 Protocol: 2.00+ 286 287 Contains the boot protocol version, in (major << 8)+minor format, 288 e.g. 0x0204 for version 2.04, and 0x0a11 for a hypothetical version 289 10.17. 290 291 Field name: readmode_swtch 292 Type: modify (optional) 293 Offset/size: 0x208/4 294 Protocol: 2.00+ 295 296 Boot loader hook (see ADVANCED BOOT LOADER HOOKS below.) 297 298 Field name: start_sys 299 Type: read 300 Offset/size: 0x20c/4 301 Protocol: 2.00+ 302 303 The load low segment (0x1000). Obsolete. 304 305 Field name: kernel_version 306 Type: read 307 Offset/size: 0x20e/2 308 Protocol: 2.00+ 309 310 If set to a nonzero value, contains a pointer to a NUL-terminated 311 human-readable kernel version number string, less 0x200. This can 312 be used to display the kernel version to the user. This value 313 should be less than (0x200*setup_sects). 314 315 For example, if this value is set to 0x1c00, the kernel version 316 number string can be found at offset 0x1e00 in the kernel file. 317 This is a valid value if and only if the "setup_sects" field 318 contains the value 15 or higher, as: 319 320 0x1c00 < 15*0x200 (= 0x1e00) but 321 0x1c00 >= 14*0x200 (= 0x1c00) 322 323 0x1c00 >> 9 = 14, so the minimum value for setup_secs is 15. 324 325 Field name: type_of_loader 326 Type: write (obligatory) 327 Offset/size: 0x210/1 328 Protocol: 2.00+ 329 330 If your boot loader has an assigned id (see table below), enter 331 0xTV here, where T is an identifier for the boot loader and V is 332 a version number. Otherwise, enter 0xFF here. 333 334 Assigned boot loader ids: 335 0 LILO (0x00 reserved for pre-2.00 bootloader) 336 1 Loadlin 337 2 bootsect-loader (0x20, all other values reserved) 338 3 SYSLINUX 339 4 EtherBoot 340 5 ELILO 341 7 GRuB 342 8 U-BOOT 343 9 Xen 344 A Gujin 345 B Qemu 346 347 Please contact <hpa[AT]zytor[DOT]com> if you need a bootloader ID 348 value assigned. 349 350 Field name: loadflags 351 Type: modify (obligatory) 352 Offset/size: 0x211/1 353 Protocol: 2.00+ 354 355 This field is a bitmask. 356 357 Bit 0 (read): LOADED_HIGH 358 - If 0, the protected-mode code is loaded at 0x10000. 359 - If 1, the protected-mode code is loaded at 0x100000. 360 361 Bit 6 (write): KEEP_SEGMENTS 362 Protocol: 2.07+ 363 - if 0, reload the segment registers in the 32bit entry point. 364 - if 1, do not reload the segment registers in the 32bit entry point. 365 Assume that %cs %ds %ss %es are all set to flat segments with 366 a base of 0 (or the equivalent for their environment). 367 368 Bit 7 (write): CAN_USE_HEAP 369 Set this bit to 1 to indicate that the value entered in the 370 heap_end_ptr is valid. If this field is clear, some setup code 371 functionality will be disabled. 372 373 Field name: setup_move_size 374 Type: modify (obligatory) 375 Offset/size: 0x212/2 376 Protocol: 2.00-2.01 377 378 When using protocol 2.00 or 2.01, if the real mode kernel is not 379 loaded at 0x90000, it gets moved there later in the loading 380 sequence. Fill in this field if you want additional data (such as 381 the kernel command line) moved in addition to the real-mode kernel 382 itself. 383 384 The unit is bytes starting with the beginning of the boot sector. 385 386 This field is can be ignored when the protocol is 2.02 or higher, or 387 if the real-mode code is loaded at 0x90000. 388 389 Field name: code32_start 390 Type: modify (optional, reloc) 391 Offset/size: 0x214/4 392 Protocol: 2.00+ 393 394 The address to jump to in protected mode. This defaults to the load 395 address of the kernel, and can be used by the boot loader to 396 determine the proper load address. 397 398 This field can be modified for two purposes: 399 400 1. as a boot loader hook (see ADVANCED BOOT LOADER HOOKS below.) 401 402 2. if a bootloader which does not install a hook loads a 403 relocatable kernel at a nonstandard address it will have to modify 404 this field to point to the load address. 405 406 Field name: ramdisk_image 407 Type: write (obligatory) 408 Offset/size: 0x218/4 409 Protocol: 2.00+ 410 411 The 32-bit linear address of the initial ramdisk or ramfs. Leave at 412 zero if there is no initial ramdisk/ramfs. 413 414 Field name: ramdisk_size 415 Type: write (obligatory) 416 Offset/size: 0x21c/4 417 Protocol: 2.00+ 418 419 Size of the initial ramdisk or ramfs. Leave at zero if there is no 420 initial ramdisk/ramfs. 421 422 Field name: bootsect_kludge 423 Type: kernel internal 424 Offset/size: 0x220/4 425 Protocol: 2.00+ 426 427 This field is obsolete. 428 429 Field name: heap_end_ptr 430 Type: write (obligatory) 431 Offset/size: 0x224/2 432 Protocol: 2.01+ 433 434 Set this field to the offset (from the beginning of the real-mode 435 code) of the end of the setup stack/heap, minus 0x0200. 436 437 Field name: cmd_line_ptr 438 Type: write (obligatory) 439 Offset/size: 0x228/4 440 Protocol: 2.02+ 441 442 Set this field to the linear address of the kernel command line. 443 The kernel command line can be located anywhere between the end of 444 the setup heap and 0xA0000; it does not have to be located in the 445 same 64K segment as the real-mode code itself. 446 447 Fill in this field even if your boot loader does not support a 448 command line, in which case you can point this to an empty string 449 (or better yet, to the string "auto".) If this field is left at 450 zero, the kernel will assume that your boot loader does not support 451 the 2.02+ protocol. 452 453 Field name: initrd_addr_max 454 Type: read 455 Offset/size: 0x22c/4 456 Protocol: 2.03+ 457 458 The maximum address that may be occupied by the initial 459 ramdisk/ramfs contents. For boot protocols 2.02 or earlier, this 460 field is not present, and the maximum address is 0x37FFFFFF. (This 461 address is defined as the address of the highest safe byte, so if 462 your ramdisk is exactly 131072 bytes long and this field is 463 0x37FFFFFF, you can start your ramdisk at 0x37FE0000.) 464 465 Field name: kernel_alignment 466 Type: read (reloc) 467 Offset/size: 0x230/4 468 Protocol: 2.05+ 469 470 Alignment unit required by the kernel (if relocatable_kernel is true.) 471 472 Field name: relocatable_kernel 473 Type: read (reloc) 474 Offset/size: 0x234/1 475 Protocol: 2.05+ 476 477 If this field is nonzero, the protected-mode part of the kernel can 478 be loaded at any address that satisfies the kernel_alignment field. 479 After loading, the boot loader must set the code32_start field to 480 point to the loaded code, or to a boot loader hook. 481 482 Field name: cmdline_size 483 Type: read 484 Offset/size: 0x238/4 485 Protocol: 2.06+ 486 487 The maximum size of the command line without the terminating 488 zero. This means that the command line can contain at most 489 cmdline_size characters. With protocol version 2.05 and earlier, the 490 maximum size was 255. 491 492 Field name: hardware_subarch 493 Type: write 494 Offset/size: 0x23c/4 495 Protocol: 2.07+ 496 497 In a paravirtualized environment the hardware low level architectural 498 pieces such as interrupt handling, page table handling, and 499 accessing process control registers needs to be done differently. 500 501 This field allows the bootloader to inform the kernel we are in one 502 one of those environments. 503 504 0x00000000 The default x86/PC environment 505 0x00000001 lguest 506 0x00000002 Xen 507 508 Field name: hardware_subarch_data 509 Type: write 510 Offset/size: 0x240/8 511 Protocol: 2.07+ 512 513 A pointer to data that is specific to hardware subarch 514 515 516 **** THE KERNEL COMMAND LINE 517 518 The kernel command line has become an important way for the boot 519 loader to communicate with the kernel. Some of its options are also 520 relevant to the boot loader itself, see "special command line options" 521 below. 522 523 The kernel command line is a null-terminated string. The maximum 524 length can be retrieved from the field cmdline_size. Before protocol 525 version 2.06, the maximum was 255 characters. A string that is too 526 long will be automatically truncated by the kernel. 527 528 If the boot protocol version is 2.02 or later, the address of the 529 kernel command line is given by the header field cmd_line_ptr (see 530 above.) This address can be anywhere between the end of the setup 531 heap and 0xA0000. 532 533 If the protocol version is *not* 2.02 or higher, the kernel 534 command line is entered using the following protocol: 535 536 At offset 0x0020 (word), "cmd_line_magic", enter the magic 537 number 0xA33F. 538 539 At offset 0x0022 (word), "cmd_line_offset", enter the offset 540 of the kernel command line (relative to the start of the 541 real-mode kernel). 542 543 The kernel command line *must* be within the memory region 544 covered by setup_move_size, so you may need to adjust this 545 field. 546 547 548 **** MEMORY LAYOUT OF THE REAL-MODE CODE 549 550 The real-mode code requires a stack/heap to be set up, as well as 551 memory allocated for the kernel command line. This needs to be done 552 in the real-mode accessible memory in bottom megabyte. 553 554 It should be noted that modern machines often have a sizable Extended 555 BIOS Data Area (EBDA). As a result, it is advisable to use as little 556 of the low megabyte as possible. 557 558 Unfortunately, under the following circumstances the 0x90000 memory 559 segment has to be used: 560 561 - When loading a zImage kernel ((loadflags & 0x01) == 0). 562 - When loading a 2.01 or earlier boot protocol kernel. 563 564 -> For the 2.00 and 2.01 boot protocols, the real-mode code 565 can be loaded at another address, but it is internally 566 relocated to 0x90000. For the "old" protocol, the 567 real-mode code must be loaded at 0x90000. 568 569 When loading at 0x90000, avoid using memory above 0x9a000. 570 571 For boot protocol 2.02 or higher, the command line does not have to be 572 located in the same 64K segment as the real-mode setup code; it is 573 thus permitted to give the stack/heap the full 64K segment and locate 574 the command line above it. 575 576 The kernel command line should not be located below the real-mode 577 code, nor should it be located in high memory. 578 579 580 **** SAMPLE BOOT CONFIGURATION 581 582 As a sample configuration, assume the following layout of the real 583 mode segment: 584 585 When loading below 0x90000, use the entire segment: 586 587 0x0000-0x7fff Real mode kernel 588 0x8000-0xdfff Stack and heap 589 0xe000-0xffff Kernel command line 590 591 When loading at 0x90000 OR the protocol version is 2.01 or earlier: 592 593 0x0000-0x7fff Real mode kernel 594 0x8000-0x97ff Stack and heap 595 0x9800-0x9fff Kernel command line 596 597 Such a boot loader should enter the following fields in the header: 598 599 unsigned long base_ptr; /* base address for real-mode segment */ 600 601 if ( setup_sects == 0 ) { 602 setup_sects = 4; 603 } 604 605 if ( protocol >= 0x0200 ) { 606 type_of_loader = <type code>; 607 if ( loading_initrd ) { 608 ramdisk_image = <initrd_address>; 609 ramdisk_size = <initrd_size>; 610 } 611 612 if ( protocol >= 0x0202 && loadflags & 0x01 ) 613 heap_end = 0xe000; 614 else 615 heap_end = 0x9800; 616 617 if ( protocol >= 0x0201 ) { 618 heap_end_ptr = heap_end - 0x200; 619 loadflags |= 0x80; /* CAN_USE_HEAP */ 620 } 621 622 if ( protocol >= 0x0202 ) { 623 cmd_line_ptr = base_ptr + heap_end; 624 strcpy(cmd_line_ptr, cmdline); 625 } else { 626 cmd_line_magic = 0xA33F; 627 cmd_line_offset = heap_end; 628 setup_move_size = heap_end + strlen(cmdline)+1; 629 strcpy(base_ptr+cmd_line_offset, cmdline); 630 } 631 } else { 632 /* Very old kernel */ 633 634 heap_end = 0x9800; 635 636 cmd_line_magic = 0xA33F; 637 cmd_line_offset = heap_end; 638 639 /* A very old kernel MUST have its real-mode code 640 loaded at 0x90000 */ 641 642 if ( base_ptr != 0x90000 ) { 643 /* Copy the real-mode kernel */ 644 memcpy(0x90000, base_ptr, (setup_sects+1)*512); 645 base_ptr = 0x90000; /* Relocated */ 646 } 647 648 strcpy(0x90000+cmd_line_offset, cmdline); 649 650 /* It is recommended to clear memory up to the 32K mark */ 651 memset(0x90000 + (setup_sects+1)*512, 0, 652 (64-(setup_sects+1))*512); 653 } 654 655 656 **** LOADING THE REST OF THE KERNEL 657 658 The 32-bit (non-real-mode) kernel starts at offset (setup_sects+1)*512 659 in the kernel file (again, if setup_sects == 0 the real value is 4.) 660 It should be loaded at address 0x10000 for Image/zImage kernels and 661 0x100000 for bzImage kernels. 662 663 The kernel is a bzImage kernel if the protocol >= 2.00 and the 0x01 664 bit (LOAD_HIGH) in the loadflags field is set: 665 666 is_bzImage = (protocol >= 0x0200) && (loadflags & 0x01); 667 load_address = is_bzImage ? 0x100000 : 0x10000; 668 669 Note that Image/zImage kernels can be up to 512K in size, and thus use 670 the entire 0x10000-0x90000 range of memory. This means it is pretty 671 much a requirement for these kernels to load the real-mode part at 672 0x90000. bzImage kernels allow much more flexibility. 673 674 675 **** SPECIAL COMMAND LINE OPTIONS 676 677 If the command line provided by the boot loader is entered by the 678 user, the user may expect the following command line options to work. 679 They should normally not be deleted from the kernel command line even 680 though not all of them are actually meaningful to the kernel. Boot 681 loader authors who need additional command line options for the boot 682 loader itself should get them registered in 683 Documentation/kernel-parameters.txt to make sure they will not 684 conflict with actual kernel options now or in the future. 685 686 vga=<mode> 687 <mode> here is either an integer (in C notation, either 688 decimal, octal, or hexadecimal) or one of the strings 689 "normal" (meaning 0xFFFF), "ext" (meaning 0xFFFE) or "ask" 690 (meaning 0xFFFD). This value should be entered into the 691 vid_mode field, as it is used by the kernel before the command 692 line is parsed. 693 694 mem=<size> 695 <size> is an integer in C notation optionally followed by 696 (case insensitive) K, M, G, T, P or E (meaning << 10, << 20, 697 << 30, << 40, << 50 or << 60). This specifies the end of 698 memory to the kernel. This affects the possible placement of 699 an initrd, since an initrd should be placed near end of 700 memory. Note that this is an option to *both* the kernel and 701 the bootloader! 702 703 initrd=<file> 704 An initrd should be loaded. The meaning of <file> is 705 obviously bootloader-dependent, and some boot loaders 706 (e.g. LILO) do not have such a command. 707 708 In addition, some boot loaders add the following options to the 709 user-specified command line: 710 711 BOOT_IMAGE=<file> 712 The boot image which was loaded. Again, the meaning of <file> 713 is obviously bootloader-dependent. 714 715 auto 716 The kernel was booted without explicit user intervention. 717 718 If these options are added by the boot loader, it is highly 719 recommended that they are located *first*, before the user-specified 720 or configuration-specified command line. Otherwise, "init=/bin/sh" 721 gets confused by the "auto" option. 722 723 724 **** RUNNING THE KERNEL 725 726 The kernel is started by jumping to the kernel entry point, which is 727 located at *segment* offset 0x20 from the start of the real mode 728 kernel. This means that if you loaded your real-mode kernel code at 729 0x90000, the kernel entry point is 9020:0000. 730 731 At entry, ds = es = ss should point to the start of the real-mode 732 kernel code (0x9000 if the code is loaded at 0x90000), sp should be 733 set up properly, normally pointing to the top of the heap, and 734 interrupts should be disabled. Furthermore, to guard against bugs in 735 the kernel, it is recommended that the boot loader sets fs = gs = ds = 736 es = ss. 737 738 In our example from above, we would do: 739 740 /* Note: in the case of the "old" kernel protocol, base_ptr must 741 be == 0x90000 at this point; see the previous sample code */ 742 743 seg = base_ptr >> 4; 744 745 cli(); /* Enter with interrupts disabled! */ 746 747 /* Set up the real-mode kernel stack */ 748 _SS = seg; 749 _SP = heap_end; 750 751 _DS = _ES = _FS = _GS = seg; 752 jmp_far(seg+0x20, 0); /* Run the kernel */ 753 754 If your boot sector accesses a floppy drive, it is recommended to 755 switch off the floppy motor before running the kernel, since the 756 kernel boot leaves interrupts off and thus the motor will not be 757 switched off, especially if the loaded kernel has the floppy driver as 758 a demand-loaded module! 759 760 761 **** ADVANCED BOOT LOADER HOOKS 762 763 If the boot loader runs in a particularly hostile environment (such as 764 LOADLIN, which runs under DOS) it may be impossible to follow the 765 standard memory location requirements. Such a boot loader may use the 766 following hooks that, if set, are invoked by the kernel at the 767 appropriate time. The use of these hooks should probably be 768 considered an absolutely last resort! 769 770 IMPORTANT: All the hooks are required to preserve %esp, %ebp, %esi and 771 %edi across invocation. 772 773 realmode_swtch: 774 A 16-bit real mode far subroutine invoked immediately before 775 entering protected mode. The default routine disables NMI, so 776 your routine should probably do so, too. 777 778 code32_start: 779 A 32-bit flat-mode routine *jumped* to immediately after the 780 transition to protected mode, but before the kernel is 781 uncompressed. No segments, except CS, are guaranteed to be 782 set up (current kernels do, but older ones do not); you should 783 set them up to BOOT_DS (0x18) yourself. 784 785 After completing your hook, you should jump to the address 786 that was in this field before your boot loader overwrote it 787 (relocated, if appropriate.) 788 789 790 **** 32-bit BOOT PROTOCOL 791 792 For machine with some new BIOS other than legacy BIOS, such as EFI, 793 LinuxBIOS, etc, and kexec, the 16-bit real mode setup code in kernel 794 based on legacy BIOS can not be used, so a 32-bit boot protocol needs 795 to be defined. 796 797 In 32-bit boot protocol, the first step in loading a Linux kernel 798 should be to setup the boot parameters (struct boot_params, 799 traditionally known as "zero page"). The memory for struct boot_params 800 should be allocated and initialized to all zero. Then the setup header 801 from offset 0x01f1 of kernel image on should be loaded into struct 802 boot_params and examined. The end of setup header can be calculated as 803 follow: 804 805 0x0202 + byte value at offset 0x0201 806 807 In addition to read/modify/write the setup header of the struct 808 boot_params as that of 16-bit boot protocol, the boot loader should 809 also fill the additional fields of the struct boot_params as that 810 described in zero-page.txt. 811 812 After setupping the struct boot_params, the boot loader can load the 813 32/64-bit kernel in the same way as that of 16-bit boot protocol. 814 815 In 32-bit boot protocol, the kernel is started by jumping to the 816 32-bit kernel entry point, which is the start address of loaded 817 32/64-bit kernel. 818 819 At entry, the CPU must be in 32-bit protected mode with paging 820 disabled; a GDT must be loaded with the descriptors for selectors 821 __BOOT_CS(0x10) and __BOOT_DS(0x18); both descriptors must be 4G flat 822 segment; __BOOS_CS must have execute/read permission, and __BOOT_DS 823 must have read/write permission; CS must be __BOOT_CS and DS, ES, SS 824 must be __BOOT_DS; interrupt must be disabled; %esi must hold the base 825 address of the struct boot_params; %ebp, %edi and %ebx must be zero.