"A complex system that works is invariably found to have evolved from a simple system that worked." — John Gall
The network boot is a collection of simple technologies that have come together to form the complex beast. In order to effectively use the network boot, you need to understand the various fairly simple parts that make up the completed boot. By looking at each piece of the puzzle in detail, the bigger picture becomes easier to understand. The system boot process is reviewed first. The BIOS control process then covers how the BIOS makes the determination if a device is bootable or not. This is followed by a quick look into the devices that allows a network interface card (NIC) to bring its own loadable code with it.
The Boot Process
The PC isn’t like a VCR or a television. It takes a long string of events to get even the video display up and running. While this won’t be a complete blow-by-blow coverage of the system boot, we’ll try to get a good overview in before the bell sounds.
1. The system comes out of either complete power off, as in unplugged from the wall, or a soft off, where the system just looks like it’s off. The system still has power on the soft off, so be careful putting cards (like Network Interface Cards) in and out of the system.
2. The processor is held in reset until the power has flowed evenly for a short period of time. This is to protect the processor from poor power waveforms. This step isn’t noticeable. The power supply sends a Power Good signal and processor is removed from reset.
3. The processor starts executing instructions at segment 0FFFFh offset 0. Sometimes this is expressed as segment F000:FFF0h. It starts here by convention. This address is 16 bytes from the top of the ROM memory. It contains a ‘jump’ instruction that commands the processor to start its execution somewhere else. Since the BIOS can run from E000:0000 to the end of F000:0000, this jump can go anywhere in this range.
4. The system is initialized one sub-system at a time. Before the video is initialized, the system will report out errors via the speaker. These beep codes can be found in most major hardware books.
5. The video option ROM is loaded into memory and executed. The video card provider branding information is usually the firs thing to be displayed.
6. The BIOS determines if this is a ‘cold’ or a ‘warm’ boot. This is determined by the value in word 0000:0472h in system memory. If this word is 1234h it is a warm boot. Not all sub-systems are initialized and/or tested on a warm reboot. Memory for example is typically not re-initialized on a warm reboot. Most laptops won’t request a lockout code on warm reboot.
7. The system does a power-on self test (POST) on the video, and memory subsystems while displaying branding information on the motherboard, BIOS, etc. Some motherboard vendors now display a logo in place of the initialization screen. This can usually be disabled in a BIOS setup menu if you need to watch for error messages.
Now the system is in a good state and we are ready to move from the BIOS init phase to the PCI scan phase. At this point nothing in the system has resources. The system uses the PCI configuration methods to figure out what needs resources are needed. This is a complex process and we’ll spare you the details. What’s important from a Boot perspective?
Option ROM Start
1. The Option area is scanned. The memory area from C800:0000h to F000:0000h is scanned. The BIOS looks at every 2-kilobyte block looking for the option ROM signature, AA55h. This is the key to the option ROM system. Every block that starts with AA55h is parsed as an option ROM and code is executed based off of the table.
2. The Option ROM determines if it is a bootable device. This might be a SCSI device or in our case, a network bootable device. The option ROM installs any code it might need to execute, and alerts the BIOS in a return code as to whether or not it is actually bootable.
3. If the system is BIOS Boot Specification compliant, the BIOS can determine the order in which to call the bootable devices looking for a valid boot. On other systems, Interrupt 19h or Interrupt 18h is called. It is up to the option ROM software run in step 9 to make sure that these interrupt calls will get to option ROM software.
4. Once the BIOS makes a call to any of the bootable devices, the system is now considered booted.It’s a lot of steps just to get to point where the operating system starts, but given the power of today’s machines, it’s usually less than 10 seconds from start to finish. The more memory, sub-systems, hard disk configurations and amount of option ROMs to be called all effect the time it takes to boot. A single SCSI device can almost double the time it takes to boot a system. RAID devices will also slow things down.
BIOS Boot Specification
Also known as BBS, most modern systems use a set of APIs to allow for expansion ROMs to change the boot order. This is both good and bad. First of all it allows for the users to move the option ROM calling order explicitly, something that couldn't be done in the legacy system (which is coming up next). This means you could select your network boot to go first, then a floppy drive then the local hard disk. Or invert it as needed. With older legacy stuff, where you ended up in the chain was your spot. But that flexibility comes with a cost. In most BBS implementations, all option ROMs must register with the BIOS which means the BIOS must call all of them before the BIOS setup can be entered. This slows things down when trying to get into the BIOS setup screens to make changes. So if it seems like a long time since you hit F12 or DEL or F2 to get into your BIOS, its all the option ROMs that your waiting for.
Legacy Interrupt System Start Points
Interrupt 18h and 19h are the older method of starting the boot process beyond the POST. They are legacy methods since replaced by BBS. Interrupt 18 is a call to the boot sector. Interrupt 19h is the start point for the BASIC interpreter that used to be built into systems. Any casual research on the web into 18h and 19h will yield mostly information on virus technologies. Interrupt 19h is commonly intercepted by virus boot loaders, but is still a legal interrupt to call. In the legacy system, the BIOS calls the interrupts blindly with regard of what happens after the call. This is what makes them so attractive to the virus creators. In the network boot environment, the interrupts are chained.
The first part of the diagram shows the boot path of the interrupt before the insertion of the network boot device. During the initialization phase the boot technology inserts itself into the boot chain. The second part of the diagram highlights what this looks like once insertion is complete. Where the network boot gets inserted is up to the boot agent. Any other device inserted may move the network boot device back.
Now that the picture is set, next time we'll talk PXE.
1) Booting from the Network can provide lots of value
2) BBS is must have for modern systems
3) Thanks for using Intel(R) Ethernet
(Note 2/8/2010 - Updated to fix a typo or two.)