Boot and EFI File Overview (Demo)

Video Activity
Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
21 hours 25 minutes
Difficulty
Intermediate
CEU/CPE
21
Video Transcription
00:00
>> Hello, Cybrarians and welcome back to
00:00
the Linux Plus Course here at Cybrary.
00:00
I'm your instructor, Rob Goelz and
00:00
today's lesson we'll be discussing boot and EFI files.
00:00
Upon completion of the lesson,
00:00
you'll be able to locate boot and EFI files in CentOS.
00:00
You'll locate boot files on Ubuntu and know how to
00:00
navigate the Linux file system to find both.
00:00
Demo time.
00:00
Let's start with our CentOS system.
00:00
We're over here, and let's go ahead and open up
00:00
a terminal window and maximize the terminal window.
00:00
What we want to do is we want to
00:00
navigate to the boot directory.
00:00
We're going to go cd boot, and inside of here,
00:00
we're going to run an LS with
00:00
the list command to display
00:00
>> the files in this directory.
00:00
>> What we're going to see here are kernel images.
00:00
Now these are identified with the name vmlinuz.
00:00
For example, vmlinuz-41824010.1.
00:00
yada, yada, yada.
00:00
This is not a typo.
00:00
The fact that it has a Z instead of
00:00
an x at the end indicates that
00:00
these kernel files are compressed with
00:00
either bzImage or gzip compression.
00:00
We'll talk about compression later in the course.
00:00
We can see this,
00:00
if we run the file command.
00:00
For instance, we can do file on this one here.
00:00
Let's copy that.
00:00
What we can see when we run that command
00:00
is that it is a Linux kernel,
00:00
X86 boot executable bzImage.
00:00
This kernel file in
00:00
particular is compressed with the bzImage format.
00:00
Then also in this directory,
00:00
we can see the initramfs image files.
00:00
For example, initramfs 4.18.0-240 dot etc.
00:00
That will be associated with the kernel.
00:00
The reason for this is that the kernel decompresses and
00:00
mounts that initial RAM disk that
00:00
is specified by the boot loader.
00:00
Now, another thing we can take a look at inside of
00:00
CentOS is the EFI directory structure.
00:00
As I previously mentioned,
00:00
EFI files can be found in boot, EFI.
00:00
If we go ls here again,
00:00
we can see our EFI file over here.
00:00
Inside of there, we would normally be able to see
00:00
some stuff but since we're
00:00
>> working in a virtual machine,
00:00
>> we're not going to really see anything.
00:00
We can navigate down into the directory.
00:00
For instance, if you go into cd boot and then cd EFI,
00:00
inside of here, we're going to see the EFI folders.
00:00
We'll do cd EFI,
00:00
capital and there we see ls is a CentOS directory.
00:00
We can do an ls-al and we can see that that's actually
00:00
marked as a directory with
00:00
rewrite execute permissions for the user root.
00:00
Inside the CentOS directory,
00:00
we can run an ls on CentOS as root.
00:00
[NOISE] We'll see the directory
00:00
is empty but that returns nothing.
00:00
It's just an empty directory
00:00
here because this is a virtual machine,
00:00
it's not running EFI.
00:00
If the system was set up to use EFI for booting,
00:00
there would be a FAT32 ESP.
00:00
Remember that's an EFI system partition
00:00
that's mounted on boot EFI
00:00
and that partition would contain
00:00
boot files used to control
00:00
>> OS boot options on the system.
00:00
>> For example, you might see a file that would be
00:00
called something like vmlinuz,
00:00
but instead of it being vmlinuz,
00:00
we would say vmlinuz-Linux.efi.
00:00
Or you might also see something just called
00:00
Linux.efi and that would be
00:00
the EFI system partition that you'll be looking for.
00:00
Now, let's take a look at our Ubuntu system.
00:00
In here we're going to go ahead and
00:00
open a terminal window as
00:00
well and then maximize that terminal window.
00:00
We're also going to look in the boot partition
00:00
on Ubuntu as well and we're going to run an ls again,
00:00
so you can see all the boot files in this directory.
00:00
One thing we're going to notice right
00:00
away is that the kernel versions,
00:00
the vmlinuz files,
00:00
are a lot newer.
00:00
We see 5.4.8 or 5.8.0-48-generic and the reason for
00:00
this is because Ubuntu was using
00:00
current kernel releases and
00:00
CentOS chips with a custom built
00:00
4.x kernel for stability and integrity.
00:00
Then what happens is that they backboard
00:00
changes into that kernel.
00:00
It's still secure, but for stability,
00:00
they run an older kernel and then they
00:00
just push fixes and
00:00
updates into that older kernel
00:00
from the main line, newer kernel releases.
00:00
Another thing we can see here is we
00:00
see vmlinuz and vmlinuz.old.
00:00
Let's run an ls-al and see what that's all about.
00:00
We see the vmlinuz here is actually just
00:00
pointing to vmlinuz-5.8.0-48- generic.
00:00
That's the current kernel there versus vmlinuz.
00:00
old is [inaudible] pointer here
00:00
an arrow to vmlinuz-5.8.0-45.
00:00
That was the previous one and
00:00
that's just generally used by the boot process
00:00
to basically be a shortcut
00:00
to the current kernel versus the old kernel.
00:00
But with that being said in this lesson,
00:00
we covered the location of
00:00
>> boot and EFI files on CentOS.
00:00
>> We also covered the location
00:00
of boot files in Ubuntu and you
00:00
learned how to navigate a Linux file system
00:00
in order to find the files.
00:00
Thank you for being here and I look
00:00
forward to seeing you in the next lesson.
Up Next