What happens first when Linux server is started?

The Linux boot process is a meticulously orchestrated sequence of events that transforms a powered-off machine into a fully operational system. For system administrators, developers, and enthusiasts, understanding this process is critical for troubleshooting, optimizing performance, and securing infrastructure. In this comprehensive guide, we’ll dissect every stage of the Linux boot process, from the moment you press the power button to the user login prompt. We’ll explore modern components like UEFI, initramfs, and systemd, and provide practical examples to solidify your understanding.

Table of Contents

1. Introduction: Why Understanding the Boot Process Matters
2. Stage 1: Power-On Self-Test (POST)
3. Stage 2: UEFI/BIOS Initialization
4. Stage 3: Bootloader (GRUB2) Execution
5. Stage 4: Kernel Initialization and initramfs
6. Stage 5: systemd – The Modern Init System
7. Stage 6: Targets, Services, and Dependency Management
8. Stage 7: User Login and Session Management
9. Troubleshooting Boot Issues

1. Introduction: Why Understanding the Boot Process Matters

The Linux boot process is foundational to system reliability. Whether you’re dealing with a failed service, a corrupted filesystem, or a misconfigured network, knowing how the system initializes helps you diagnose and resolve issues efficiently. Modern Linux systems leverage advanced components like UEFI firmware, GRUB2, and systemd, which replace legacy tools like BIOS and SysVinit. Let’s break down each stage with technical precision.

2. Stage 1: Power-On Self-Test (POST)

Explanation

When the server powers on, the motherboard’s firmware (either BIOS or UEFI) initiates the Power-On Self-Test (POST). This hardware diagnostic phase checks critical components:

• CPU: Verifies functionality and clock speed.
• RAM: Tests memory modules for errors.
• Storage Controllers: Detects connected disks (HDDs, SSDs).
• Peripherals: Checks keyboards, GPUs, and network interfaces.

If POST fails, the system halts and signals errors via beep codes (for motherboards with speakers) or LED indicators. For example, a continuous beep often indicates RAM failure.

Example

A server with a faulty RAM module might emit a repetitive beep pattern (e.g., three long beeps). Administrators would then reseat the RAM or replace defective sticks.

3. Stage 2: UEFI/BIOS Initialization

Explanation

After POST, the firmware (BIOS or UEFI) initializes hardware and locates a bootable device.

BIOS (Legacy)

• Limited to MBR partitioning (disks up to 2TB).
• Searches for a Master Boot Record (MBR) on the first sector of the disk.
• No support for Secure Boot or advanced hardware features.

UEFI (Modern)

• Supports GPT partitioning (disks larger than 2TB).
• Stores bootloaders in the EFI System Partition (ESP), a FAT32-formatted partition.
• Enables Secure Boot to prevent unauthorized bootloaders/kernels.

Example

A UEFI system’s ESP might look like this:

/boot/efi/
├── EFI/
│   ├── ubuntu/
│   │   ├── grubx64.efi    # UEFI bootloader
│   │   └── shimx64.efi    # Secure Boot component
│   └── BOOT/
│       └── BOOTX64.EFI    # Fallback bootloader

Configuring Boot Order

UEFI/BIOS settings define the boot priority (e.g., disk, USB, PXE). Administrators can access these settings by pressing keys like F2, Delete, or Esc during startup.

4. Stage 3: Bootloader (GRUB2) Execution

Explanation

The bootloader’s job is to load the Linux kernel and initramfs into memory. GRUB2 (Grand Unified Bootloader 2) is the default for most distributions.

Key Components

• grub.cfg: Configuration file (auto-generated; avoid editing manually).
• initramfs: Initial RAM filesystem containing drivers/modules needed to mount the root filesystem.

Example: GRUB2 Configuration

A simplified grub.cfg entry:

menuentry 'Ubuntu' {
    insmod ext4
    set root='hd0,gpt2'
    linux /vmlinuz-5.15.0-78-generic root=/dev/mapper/vg-root ro quiet
    initrd /initrd.img-5.15.0-78-generic
}

• linux: Specifies the kernel image and parameters (e.g., root= defines the root filesystem).
• initrd: Loads the initramfs for early userspace.

Secure Boot and Shim

On UEFI systems with Secure Boot enabled, a shim (e.g., shimx64.efi) acts as a trust bridge between UEFI and GRUB2, verifying cryptographic signatures.

5. Stage 4: Kernel Initialization and initramfs

Explanation

The kernel is the core of the OS. Its initialization involves:

1. Decompression: The kernel unpacks itself from a compressed format (e.g., vmlinuz).
2. Hardware Detection: Probes for CPUs, storage controllers, and devices.
3. Mounting Root Filesystem: Uses initramfs to load drivers (e.g., for LVM, encryption).

initramfs: The Temporary Root

The initramfs is a CPIO archive loaded into memory. It contains:

• Essential utilities (mount, lsmod).
• Kernel modules (drivers).
• Scripts to prepare the real root filesystem.

Example: LUKS Encryption

If the root filesystem is encrypted with LUKS, the initramfs prompts for a passphrase:

Loading initramfs...
Please unlock disk sda5_crypt: █

After decryption, the kernel mounts the root filesystem and pivots to it (pivot_root).

6. Stage 5: systemd – The Modern Init System

Explanation

The kernel hands control to systemd (PID 1), which replaces legacy init systems like SysVinit. Key features:

• Parallel Service Startup: Services start concurrently, reducing boot time.
• Dependency Management: Ensures services start in the correct order.
• Logging: Integrated with journalctl for centralized logs.

Example: systemd Units

Services are defined in unit files (e.g., sshd.service):

[Unit]
Description=OpenSSH Daemon
After=network.target

[Service]
ExecStart=/usr/sbin/sshd -D
Restart=always

[Install]
WantedBy=multi-user.target

• After=network.target: Ensures networking is ready before SSH starts.

Key Commands

• systemctl start httpd: Start a service.
• journalctl -u sshd: View logs for the SSH service.

7. Stage 6: Targets, Services, and Dependency Management

Explanation

systemd uses targets (similar to SysVinit runlevels) to group services. Common targets:

• multi-user.target: Non-graphical multi-user mode.
• graphical.target: Includes a GUI (e.g., GNOME, KDE).
• rescue.target: Single-user mode for recovery.

Dependency Resolution

systemd starts services based on dependencies. For example:

• network.target: Indicates networking is available.
• network-online.target: Waits for an active internet connection.

Example: Debugging Dependencies

systemctl list-dependencies graphical.target

Output:

graphical.target
● ├─accounts-daemon.service
● ├─network-online.target
● │ └─NetworkManager-wait-online.service
● └─lightdm.service

8. Stage 7: User Login and Session Management

Explanation

After services start, the system is ready for user interaction.

Console Login

• getty: Spawns login prompts on virtual terminals (e.g., tty1).
• Example: A user enters their credentials at /dev/tty1.

Graphical Login

• Display Managers: GDM, LightDM, or SDDM handle GUI logins.
• Example: After logging in via GDM, the user’s desktop environment (e.g., GNOME) starts.

Remote Login

• SSH: The sshd service listens on port 22 for remote connections.
• Example: ssh user@192.168.1.10 connects to the server using key-based authentication.

9. Troubleshooting Boot Issues

Common Problems & Fixes

1. Kernel Panic:

   • Cause: Missing root filesystem or corrupted initramfs.
   • Fix: Boot into a rescue environment and rebuild initramfs:

     mkinitramfs -o /boot/initrd.img-$(uname -r)
     

2. GRUB Rescue Prompt:

   • Cause: Bootloader misconfiguration.
   • Fix: Manually locate the kernel and initramfs:

     grub> set root=(hd0,gpt2)
     grub> linux /vmlinuz root=/dev/sda1
     grub> initrd /initrd.img
     grub> boot
     

3. Failed Service:

   • Use systemctl status httpd to identify why a service failed.

4. Debugging systemd:

   • Add systemd.debug-shell to kernel parameters to enable a root shell on tty9.

The Linux boot process is a symphony of hardware initialization, firmware interactions, and software orchestration. From UEFI’s Secure Boot to systemd’s dependency management, each component plays a vital role in ensuring a secure and efficient startup. By mastering these stages , system administrators and developers can troubleshoot issues effectively, optimize performance, and enhance security.

Understanding the intricacies of the boot process not only empowers you to resolve problems but also equips you with the knowledge to configure systems more effectively. As you delve deeper into Linux, consider exploring advanced topics such as kernel tuning, custom initramfs creation, and service management with systemd. Each of these areas offers opportunities for further learning and mastery.

In summary, the Linux boot process is a complex yet fascinating journey that begins with hardware checks and culminates in a fully operational system ready for user interaction. By familiarizing yourself with each stage, you can ensure that your systems are robust, reliable, and ready to meet the demands of modern computing environments.