Last modified: May 11, 2025
This article is written in: 🇺🇸
What happens between the time you push the power button and the time you see the login prompt?
[1] Power On
│
▼
+----------------------------------+
| [2] BIOS / UEFI |
| • Load firmware from NVRAM |
| • Run POST (Power-On Self Test) |
+----------------------------------+
│
▼
+--------------------------------+
| [3] Device Detection |
| • Enumerate CPU, RAM, disks |
| • Initialize bus controllers |
+--------------------------------+
│
▼
+--------------------------------+
| [4] Boot-Device Selection |
| • UEFI Boot Manager or MBR |
| • Choose EFI partition or MBR |
+--------------------------------+
│
▼
+----------------------------------+
| [5] Bootloader (GRUB2 / LILO) |
| • Read /boot/grub2/grub.cfg |
| • Display menu (timeout/user) |
| • Load: |
| – vmlinuz-<version> (kernel) |
| – initramfs-<version>.img |
| – Kernel cmdline args |
+----------------------------------+
│
▼
+------------------------------------------------+
| [6] Linux Kernel + Initramfs |
| • Decompress & relocate kernel image |
| • Mount initramfs (dracut/busybox) |
| • Load early userspace tools & modules (.ko) |
| • Probe hardware & mount real root FS |
| • pivot_root/switch_root → exec /sbin/init |
+------------------------------------------------+
│
▼
+-------------------------------------------------+
| [7] systemd (PID 1) |
| • Execute /usr/lib/systemd/systemd |
| • Read default.target → resolves into |
| multi-user.target → |
| ├─ sysinit.target (fsck, sysctl, kmod) |
| ├─ basic.target (journald, udev) |
| └─ multi-user.target |
| ├─ getty@.service (login prompts) |
| ├─ sshd.service |
| └─ network-online.target |
| [opt] graphical.target → display-manager |
+-------------------------------------------------+
│
▼
+-------------------------------------------------+
| [8] User‐Space Initialization |
| • systemd-login (logind) |
| • Shell startup: /etc/profile, ~/.bashrc |
| • GUI login manager (gdm/kdm/xdm) |
| → Finally: users can log in & start sessions |
+-------------------------------------------------+
The bootup process is the ordered set of steps a computer follows after power-on, moving from firmware control to a fully running operating system. At a high level it consists of:
When power is applied the system firmware—either classic BIOS or modern UEFI (Unified Extensible Firmware Interface)—executes POST. POST verifies CPU registers, firmware integrity, system RAM, basic chipset functions, and often attached devices such as GPUs. Many firmwares emit diagnostic beep codes or on-screen messages if errors are found; fatal errors halt the boot process so that subsequent stages are never reached.
After a successful POST the firmware locates a bootable device according to its configured boot order.
On BIOS systems
On UEFI systems
*.efi
executable (e.g. \EFI\Microsoft\Boot\bootmgfw.efi
, \EFI\debian\grubx64.efi
, or a shim in Secure Boot scenarios) and transfers control to it.efibootmgr
.To modify the boot sequence you usually press Esc, F2, F10, F12 or Del during POST; the key varies by vendor.
Types of Firmware and First-Stage Code
Firmware Model | First-Stage Location | Notes |
BIOS | First 446 bytes of the disk’s MBR | Limited space; must chain-load a second-stage loader (GRUB Legacy, LILO, Syslinux, etc.). |
UEFI (without Secure Boot) | EFI executable on ESP | Can load GRUB 2, systemd-boot, rEFInd, or the kernel directly. |
UEFI (with Secure Boot) | Microsoft-signed shim → GRUB 2 | shim validates GRUB’s signature before handing off. |
Most modern x86 machines ship with UEFI; legacy BIOS mode is often still available for compatibility.
The MBR is the first sector (LBA 0) of a traditional BIOS disk. By convention it is 512 bytes and contains:
0x55 AA
used by firmware to validate the readGPT note – On GUID Partition Table disks a protective MBR is still present for legacy tools, but real partition metadata lives in GPT headers and tables beyond LBA 0.
Computer Starts
|
v
+---------------------+
| BIOS / UEFI |
+---------------------+
|
(if BIOS) Reads MBR
v
+---------------------+
| Master Boot |
| Record |
+---------------------+
|
+------------------+------------------+
| First-Stage | Partition Table |
| Loader (446B) | (4 entries) |
+------------------+------------------+
|
0x55AA Signature Check
v
+---------------------+
| Second-Stage Boot |
| Loader |
+---------------------+
The full-featured second stage (or, on UEFI, the firmware boot manager itself) understands filesystems and can present a menu.
GRUB Legacy vs GRUB 2
GRUB Legacy | GRUB 2 | |
Main files | stage1 , stage2 , menu.lst , grub.conf |
/boot/grub/grub.cfg (generated) |
Editing config | Manual edit | Edit /etc/default/grub + grub-mkconfig |
Filesystem support | ext2/3, iso9660 (limited) | ext2-4, btrfs, xfs, ZFS, LVM, LUKS… |
ISO/USB live boot | No (patches existed) | Native loopback / search --file |
Menu visibility | Always shown | Hidden unless Esc/Shift pressed (configurable) |
Other popular loaders include systemd-boot (formerly gummiboot
), rEFInd, and LILO/Syslinux on legacy systems.
Once the loader selects a kernel it usually loads:
vmlinuz-*
)After decompression the kernel:
/lib/modules/$(uname -r)/
) drivers.root=
kernel parameter./sbin/init
on SysV-init systems/usr/lib/systemd/systemd
on the vast majority of modern distributionsinit
(or systemd
) is the root of the user-space process tree.
/etc/inittab
and launches scripts in /etc/rc.d/rc*.d/
./usr/lib/systemd/
and /etc/systemd/
.(Only relevant to SysV-init or distributions that still provide compatibility.)
Runlevel | Traditional Meaning (Red Hat / Debian)* |
0 | Halt / power-off |
1 | Single-user (rescue) |
2 | Multi-user (Debian: full network; Red Hat: unused) |
3 | Multi-user, networking, no GUI |
4 | Undefined / custom |
5 | Multi-user + graphical login |
6 | Reboot |
Runlevel semantics vary slightly across families. Use runlevel
to query, telinit <N>
to switch, and edit /etc/inittab
to change the default (if SysV-init is in use).
# Show current and previous runlevel
runlevel
# Switch to runlevel 3
sudo telinit 3
systemd
replaces runlevels with targets, which can aggregate any number of services (units).
Target | Approx. Runlevel | Purpose |
poweroff.target |
0 | Power-off |
rescue.target |
1 | Single-user (basic services) |
emergency.target |
— | Root shell, minimal mounts (stricter than rescue) |
multi-user.target |
2/3 | Text-mode multi-user |
graphical.target |
5 | GUI login manager + multi-user |
reboot.target |
6 | Reboot |
# Show active targets
systemctl list-units --type=target --state=active
# Switch to graphical target
sudo systemctl isolate graphical.target
# Query / set default target
systemctl get-default
sudo systemctl set-default multi-user.target
Symbolic links keep backward compatibility:
ls -l /usr/lib/systemd/system/runlevel*.target
A kernel panic is an unrecoverable fault detected by the kernel (NULL pointer dereference, unhandled IRQ, corrupted stack, etc.). When it occurs the kernel prints a panic stack trace, optionally dumps memory to disk (kdump / crashkernel), and halts or reboots according to kernel.panic
sysctl.
Common causes
Recovery steps
single
or systemd.unit=rescue.target
to the kernel command line.dmesg
, /var/log/kern.log
, or crash dumps.memtest86+
, manufacturer disk diagnostics, or swap suspected components.In Linux, several command-line utilities allow you to manage your system effectively. Here are some of the most commonly used commands.
A hostname is a unique name that identifies a system within a network. It's essential for communication in a network environment as it differentiates one machine from another.
Viewing the hostname: Use the hostname
command to print the current hostname of the system:
hostname
Setting the hostname: In SystemD-based systems, you can change the hostname using the hostnamectl command. Alternatively, you can manually modify the /etc/hostname file.
bash
hostnamectl set-hostname your_new_name
The uptime command is used to check how long the system has been running without rebooting. It also displays the current time, number of logged-in users, and system load averages over the last 1, 5, and 15 minutes.
uptime
Immediate reboot: Use the reboot command or systemctl reboot to restart the system immediately.
# Using reboot
reboot
# Using systemctl
systemctl reboot
Scheduled reboot: To reboot at a specific time, use the shutdown command with the -r option followed by the time in minutes. For instance, to reboot in 5 minutes:
shutdown -r +5
Immediate shutdown: The system can be shut down immediately using the shutdown now command or systemctl poweroff.
# Using shutdown
shutdown now
# Using systemctl
systemctl poweroff
Scheduled shutdown: A shutdown can be scheduled at a specific time using the shutdown command with the -h option followed by the time in minutes. For example, to shut down the system in 30 minutes:
shutdown -h +30
Understanding and correctly using these commands can be incredibly beneficial when managing Linux-based systems. It allows users to maintain control over their systems, schedule tasks, and keep track of their system's status.
If you forget the root password on your Linux system, you can recover it by following these steps. We will interrupt the boot process to gain access to a shell, then change the root password.
Reboot the machine. Start by restarting your computer. You can do this with the reboot
command or by manually turning it off and on again.
Interrupt the boot process. During the boot process, you'll see the Grub bootloader screen. This is where you select which kernel you want to boot. Interrupt this by pressing any key before the timer runs out.
Edit the boot options. Highlight the kernel you want to boot and press e
to edit the boot options.
Modify the kernel parameters. In the kernel parameters line (usually starting with linux16
or linux
), navigate to the end and add rd.break
which interrupts the boot process before control is passed from the initramfs to the actual kernel. Press Ctrl-x
or F10
to continue booting.
Gain write access to the system root. After booting, you'll be in an emergency shell. The system root is mounted as read-only. Remount it as read-write with the following command:
mount -o remount,rw /sysroot
chroot /sysroot
Change the root password. You are now in a position to change the root password. Use the passwd command and follow the prompts to enter a new root password.
Update SELinux parameters. If your system uses SELinux, you need to update the SELinux parameters. Run the following command to ensure the context labels are reset on the filesystem:
touch /.autorelabel
reboot
command to restart your system, then use the uptime
command to confirm the restart by observing the system uptime. Discuss how the uptime
command can help you monitor system stability and determine when the system was last rebooted.hostname
command, then change it using hostnamectl set-hostname new_hostname
. Verify the change by running hostname
again. Discuss the significance of hostname settings, particularly for networked environments where unique identification is necessary.runlevel
on init-based systems or systemctl get-default
on systemd-based systems. Change the runlevel (for init) or switch targets (for systemd), and confirm that the change was successful. Explain the differences between runlevels and targets and their roles in controlling system state.shutdown
command (e.g., shutdown +10
to schedule a shutdown in 10 minutes), then cancel it before it takes effect using shutdown -c
. Practice scheduling a reboot in a similar way, and explain how to manage scheduled tasks effectively to prevent unintended system downtime.systemctl list-timers
command to view all active timers on your system. Identify which services are associated with each timer and discuss the role of timers in automating system maintenance tasks, such as updates or backups, on a scheduled basis.timedatectl set-timezone
followed by the appropriate timezone (e.g., America/New_York
). Verify the change with timedatectl
and discuss how setting the correct timezone is essential for accurate logging and scheduling, especially on servers used by teams in different geographic locations.cron
. For example, configure a cron job that runs a simple script every day at midnight, such as creating a backup of a directory. Verify that the cron job is functioning by checking the output or logs. Discuss the importance of cron in automating routine maintenance tasks.journalctl
to view system logs from the most recent boot, filtering the logs to show only critical or error messages. Explain how analyzing boot logs can help you troubleshoot startup issues and identify potential system problems early.