iTranslated by AI
How Linux Boots: A Quick Guide to kexec and initrd
Introduction
After reading the article "Linux is an interpreter," I found the kexec mechanism to be incredibly fascinating!
Embedding a base64-encoded kernel + ramdisk inside a shell script and then switching to a completely different kernel while the current OS is running... I mean, how is that not magic?
So, I decided to take a look at how kexec and initrd work.
What is the Linux boot flow, anyway?
Normally, when you boot a PC, it proceeds in this order:
Power ON
↓
BIOS/UEFI (Hardware initialization)
↓
Bootloader (e.g., GRUB)
↓
Linux kernel (vmlinuz) is decompressed and executed
↓
initrd/initramfs (Temporary root filesystem) is decompressed
↓
Mount the real root filesystem
↓
init/systemd starts
↓
Login screen
The key point here is that "the kernel doesn't know all the drivers from the start."
The initrd (initial RAM disk) exists to solve the chicken-and-egg problem of needing drivers to read the HDD, while those very drivers are located on the HDD.
What is initrd?
initrd is a temporary filesystem that is decompressed into memory immediately after the kernel boots.
# Checking the contents of initramfs (on Ubuntu)
$ file /boot/initrd.img-$(uname -r)
/boot/initrd.img-6.8.0: gzip compressed data
# Peeking inside
$ mkdir /tmp/initrd-contents
$ cd /tmp/initrd-contents
$ zcat /boot/initrd.img-$(uname -r) | cpio -idv 2>/dev/null | head -20
Looking inside, it contains minimal commands (sh, mount, modprobe, etc.) and device drivers (.ko files).
The kernel decompresses this first, loads the necessary drivers, and then becomes able to mount the actual disk.
What is kexec?
kexec is a mechanism that allows you to "boot into another kernel from the currently running kernel."
Unlike a normal reboot, here is how it differs:
| Normal Reboot | kexec | |
|---|---|---|
| BIOS/UEFI | Processed | Skipped |
| Bootloader | Processed | Skipped |
| Kernel Loading | Takes time | Lightning fast |
Actually, BIOS/UEFI initialization takes quite a bit of time, especially in server environments.
By using kexec, reboots after kernel updates become dramatically faster.
Trying it out
# Install kexec-tools
$ sudo apt install kexec-tools
# Load a new kernel
$ sudo kexec -l /boot/vmlinuz-$(uname -r) \
--initrd=/boot/initrd.img-$(uname -r) \
--reuse-cmdline
# Perform the switch (the kernel reboots at this exact moment)
$ sudo systemctl kexec
The ingenious concept of "Linux is an interpreter"
The article mentioned at the beginning does something like this:
#!/bin/bash
# Embed the kernel and ramdisk into a shell script using base64
KERNEL_B64="..."
INITRD_B64="..."
# Decode and extract to temporary files
echo "$KERNEL_B64" | base64 -d > /tmp/vmlinuz
echo "$INITRD_B64" | base64 -d > /tmp/initrd.img
# Replace the current OS using kexec
kexec -l /tmp/vmlinuz --initrd=/tmp/initrd.img
kexec -e
In other words, a shell script can replace itself with an entirely different OS.
The metaphor that "Linux is an interpreter where the kernel is the interpreter, and you can run scripts (another kernel)" is truly brilliant!
Summary
- initrd: A temporary file system extracted immediately after the kernel boots. It solves the chicken-and-egg problem of drivers.
- kexec: A mechanism that skips the BIOS/UEFI to switch directly to another kernel.
- By combining these two, you can essentially hijack the entire OS using a shell script (!)
Low-level topics might seem difficult, but they can be surprisingly fun when you start by asking, "Why is this mechanism necessary?"
Next, I would like to look into the cpio archive format and its relationship with UEFI Secure Boot 💪
Discussion