Skip to content

Boot Process

Jump to bottom
Zack Didcott edited this page Apr 7, 2025 · 1 revision

Summary

The boot process of IGEL OS is important when considering the structure of the file system.

In short, GRUB (via a shim on UEFI systems) loads igelfs.mod, which allows booting a kernel from a partition extent with an embedded initramfs, from where the rootfs is mounted and boot continues.

Kernel

Once installed, the Linux kernel is stored as a partition extent of the sys (partition minor 1) partition.

When querying the file type, you should receive output similar to the following:

Linux kernel x86 boot executable bzImage, version 4.19.65 (IGEL@ITGA) #mainline-udos

Where the kernel version and OS edition, e.g. udos, lxos or lxos12, will vary.

For IGEL OS installation media, the kernel is stored as a separate bzImage file on disk - not as a partition extent. Additionally, the IGEL filesystem image is stored alongside the kernel, named ddimage.bin.

UEFI

For UEFI systems, the boot process is described below:

  1. bootx64.efi or bootia32.efi (signed by /C=US/ST=Washington/L=Redmond/O=Microsoft Corporation/CN=Microsoft Corporation UEFI CA 2011)
    1. These images are signed (by Microsoft) shims to hand off execution to GRUB
    2. The source code for these images can be found at the following forks: igelboot and IGEL-Technology
    3. These were reviewed by the SHIM review board via issue #11 (review) and issue #434 (review) respectively
    4. These were then submitted and signed by Microsoft according to these instructions
  2. igelx64.efi or igelia32.efi (signed by /CN=IGEL Secure Boot Signing CA/O=IGEL Technology GmbH/L=Bremen/C=DE)
    1. These images are signed (by IGEL) GRUB binaries
    2. The kernel is also signed by this key
    3. These certificates can be downloaded from the following links: igel-efi-pub-key (2017-2047) and igel-uefi-ca (2024-2054)
  3. GRUB loads signed igelfs.mod to load and boot kernel from IGEL filesystem
    1. The initramfs is embedded into the kernel (bzImage)
    2. For IGEL OS installation media, the kernel is stored as a separate file on disk, not within an IGEL filesystem (see above)
  4. The system partition (squashfs, usually zstd compressed) is mounted from initramfs
    1. The root directory is changed to /igfimage
    2. Real init (systemd) process is started

This extract from a Red Hat article describes the initial boot process clearly:

shim is a first-stage boot loader that embeds a self-signed Certificate Authority (CA) certificate. Microsoft signs shim binaries, which ensures that they can be booted on all machines with a pre-loaded Microsoft certificate. shim uses the embedded certificate to verify the signature of the GRUB 2 boot loader. shim also provides a protocol that GRUB 2 uses to verify the kernel signature.

Clone this wiki locally