GRUB2 : Classic Generic MBR (Master Boot Record):
In a Personal Computer (PC) the microprocessor (such as intel x86) execute the instructions collectively called software programs. Software programs can be the operating system or application software. The Software programs are stored in the non-volatile memories such as Hard Disk. The software programs are loaded (copied) into RAM and the microprocessor fetches instructions from here for execution. Of course the microprocessor can also execute software programs stored in CD-ROM, Flash Drives etc. But here we will consider the case of hard disk. The microprocessor needs a defined start point for execution of software. This defined start point is provided by the firmware in a ROM (Read Only Memory) chip on the motherboard. The firmware executes after a power on begining at a particular fixed (hardwired) address (“FFFF:0000). The firmware might either be the legacy BIOS or adhering to the newer UEFI specification (In this post I only consider the legacy BIOS MBR). The firmware tests and initializes the hardware components of the PC and finally transfers the execution to the software stored in the hard disk. We are going to see how this transfer of execution from the firmware to this software is facilitated in the legacy BIOS system. In my system I have the CrunchBang 11 “Waldorf” Linux distro using the classical generic MBR.
The firmware copies the MBR in the first sector of the hard disk to the RAM location starting from 0000:7C00. The microprocessor execution is transferred to this RAM address. The MBR has a size of 512 bytes.
To see the MBR on your PC run the following linux commands. The first command creates a file mbr.bin with the MBR contents and the second command displays the contents. The dd command can be very dangerous hence run it as exactly mentioned here. In my case the drive name is sda.
dd if=/dev/sda of=mbr.bin bs=512 count=1
hexdump -C mbr.bin
The classic generic MBR has first 446 bytes of Boot Code followed by 64 bytes of partition table and 2 byte signature (0x55AA).
If the output of the hexdump command begins with “eb 63 90” the PC might be having the classic generic MBR with the GRUB2 boot loader.
The 446 byte boot code has the BIOS parameter block and the address of the next stage of the GRUB2 boot loader. The BIOS parameter block begins at an offset of 4 bytes and ends at an offset of 0x5a. The next 2 bytes has the kernel address. This is the RAM address where the next stage of the GRUB2 boot loader is copied from the hard disk for execution, The next 8 bytes have the sector address of the next stage of the GRUB2 boot loader in the hard disk.
The partition table begins at the offset 0x1be. Each partition entry in the partition table is of the size 16 bytes. Hence the classic generic MBR supports only 4 primary partition.
The source code for the GRUB2 can be obtained from here. The piece of code that goes to the Boot Sector is /Grub/grub-core/boot/i386/pc/boot.S.
This post only discusses the GRUB2 Classic MBR which is common on PCs that run the classic BIOS firmware. Newer PCs might use UEFI compatible firmware, hence the classic MBR is not required.