GRUB discussion follow up ?

Jacques B. jjrboucher at gmail.com
Mon Oct 22 11:13:00 UTC 2007 

On 10/21/07, Robert P. J. Day <rpjday at crashcourse.ca> wrote:
> On Sun, 21 Oct 2007, Jacques B. wrote:
>
> > ... And as Robert indicated, the 512 bytes is broken down as MBR for
> > 446 bytes, 64 bytes for partition table (4 X 15), and 2 byte magic
>                                                ^^ 16 :-)
> > number \x55\xaa.  I spent a bit of time last Spring trying to figure
> > out where in the MBR code was the info telling it where to get stage
> > 1.5. I didn't spend any real significant time on it seeing it was
> > way beyond what I had to understand so dropped it due to lack of
> > time.  If you figure out that info I'd be interested.
>
> the GRUB code in the MBR doesn't jump to the stage 1.5 code
> immediately.  from memory (a long while back), more of GRUB is
> installed in the remaining 20K of the hard drive after the MBR.  i
> (vaguely) remember this when *i* was wondering how the hell GRUB
> worked, and i perused the source of the grub install command.  that's
> where i noticed more GRUB code being written to offset 1K -> 20K of
> the hard drive.
>
> in any event, /sbin/grub-install is a shell script on fedora, so it's
> readable.
>
> rday
> --
> ========================================================================
> Robert P. J. Day
> Linux Consulting, Training and Annoying Kernel Pedantry
> Waterloo, Ontario, CANADA
>
> http://crashcourse.ca

You are exactly correct.  Just checked my FC6 install and indeed there
is more Grub code beyond the first sector.  Of particular interest was
the following (note that the byte offset is not from the start of the
disk as I skipped the 1st sector):

0000100: 00eb fe4c 6f61 6469 6e67 2073 7461 6765  ...Loading stage
0000110: 312e 3500 2e00 0d0a 0047 656f 6d00 5265  1.5......Geom.Re
0000120: 6164 0020 4572 726f 7200 bb01 00b4 0ecd  ad. Error.......

So we see where stage 1.5 is referenced.
and

0000210: 0500 302e 3937 00ff ff05 ff2f 626f 6f74  ..0.97...../boot
0000220: 2f67 7275 622f 7374 6167 6532 202f 626f  /grub/stage2 /bo
0000230: 6f74 2f67 7275 622f 6d65 6e75 2e6c 7374  ot/grub/menu.lst

where we see the version of grub (0.97) and the path for stage 2.
Note that at this point it's /boot/grub/stage2 and
/boot/grub/menu.lst.  So it's using the Linux path to those files in a
fully mounted Linux file system vs grub's path when it has the boot
partition only mounted (the one that stirred the debate...).

Of course I am making educated guesses here because I am not able to
decompile/debug the code.  That's beyond my abilities.

I did note that the code occupies \x0000 to \x25ff so \x2600 bytes
(after that mine had \x00 at least up to sector 50 so beyond the 20k
mark).  If you exclude the first sector that translates to 9k of code
in addition to the boot sector.  It's certainly possible that grub
owns the first 20k after the first sector but only uses 9k of it in my
case.

I believe it was in this thread that someone mentioned that there was
a jmp in the first sector?  I'll have to go back and re-read some of
the postings when I get a chance.

Jacques B.

More information about the fedora-list mailing list