@Paul Bolle, GRUB stage1/stage2

[Wolf Lammen]

Hi Paul,

The following is restricted to IA32 and a typical PC. Other architectures
(like a Mac) may have different requirements and approaches.

Stage 1 needs two informations to find the next stage:
1. the drive where the following stage is stored (floppy, 1. HDD, 2. HDD
etc.);
2. the exact sector containing the first 512 bytes of the following stage.

When stage 1 is loaded by the BIOS (or a chainloader), it is provided with
the number of the drive where stage 1 itself is located on. Since one will
often have stage 1 and the following stages on the same media, this is mostly ok
to find the following code. But GRUB can be instructed to put stage 1 and
the rest on different drives; in this case the installer (the program that puts
stage 1 into the MBR, for instance) provides the drive number by modifying
address 0x40 of stage 1 (0xFF means: use BIOS drive number, other values
represent the drive stage 1 uses to locate the next stage).

In addition, stage 1 needs the sector number containing the beginning of the
next stage. A disk is seen by stage 1 as a numbered sequence of sectors (512
bytes), the very first one labelled sector 0. The installer has to evaluate
the position of the next stage and provide this value as a sector number by
patching address 0x44-0x47. Since this value is hard-coded in stage 1, the
following stage must not move any more, or stage 1 will fail to load its
successor.
File systems drivers like those for DOS-FAT occasionally shuffle files
around on the disk, when defragmenting for instance. If you place the following
stage(s) into such a file system, and you do not take special precautions, the
above chain will break.
On DOS-like partitioned HDDs the first cylinder (=track) (typically, but not
always, 63 sectors) of a partition may be used to hold the following code.
This cylinder is out of reach of file system drivers, so data stay fixed.
Sometimes file systems set aside sectors dedicated to boot loaders and protected
against moving. The installer of GRUB has to figure out a safe place. Often
this is the sector next to that of stage 1.

Instead of hard-coding the address of its successor into stage 1, it would
be more flexible to let stage 1 search for it. Unfortunately, stage 1 has to
fit into some 400 bytes, and that little space does not allow for any luxury.
Thus, a general purpose stage 1 cannot bypass BIOS functions, and there is no
way to do any searching. Further, these restrictions imply, that the drive
stage 2 resides on has to be supported by the BIOS. This holds true for HDDs
and the first 2 floppy drives, but other 'fancy' media may not be accessible
at boot time.
The current implementation of stage 1 allows a maximum sector address of
0xFFFFFFFF sectors or about 4,000,000,000 * 512 bytes = 2 TB sized disks. When
this limit is exceeded, stage 1 will not be able to access all parts of a disk
any more.

Finally, I must tell you, that I am not a maintainer of GRUB, and that I
have not contributed to GRUB by now. I simply analyzed stage 1 recently, and
together with some generally available information, came to the above
conclusions. So be warned, there might be some false information lurking around!

Wolf Lammen

-- 
GMX ProMail (250 MB Mailbox, 50 FreeSMS, Virenschutz, 2,99 EUR/Monat...)
jetzt 3 Monate GRATIS + 3x DER SPIEGEL +++ http://www.gmx.net/derspiegel +++