Skip to main content

Apple booting in a nutshell

As part of GSoC I need to get an easy tool to create boot able usb sticks from Intel Macs. This past week I've been investigating how Macs do boot. In the process I've wiped my partition table, recovered using testdisk, plaid around with rEFIt, mac boot options, NVRAM, efi shell read tons of apple source code, and UEFI specs. Overall it's quite complex and fun =). I'll try to document as much as possible of everything I have found out in the rest of this post.

On power-on, BootROM is doing Power-on-Sefl-test and hands over to OpenFirmware on PowerPC machines, or to the EFI bootmanager (as far as I understand) on Intel Macs. The BootROM "knows" about the fancy startup keys, e.g. options key which can passes hints to OpenFirmware & EFI bootmanager on what user wants to do (e.g. clean NVRAM & PRAM, force pop-out cd, perform target-disk mode boot, netboot or present available boot drives).

OpenFirmware later on passes onto BootX and that boots OS 9 or OS X kernels & brings up init-rc / launchd. This is PowerPC. I'll stop talking about PowerPC from now on =)

The EFI bootmanager is the gray screen screen which also produces the WALL-E sound (aka mac jiggle). This EFI bootmanager brings up to live some hardware and it can read NVRAM, FAT r/w and HFS+ read-only as well as get onto network. It reads NVRAM to figure out default boot partition, picks that, reads HFS+ headers of that partition to find EFI loader (aka "blessed" loader) and passes onto that to do the rest of initialisation, brings up launchd and gets to the desktop.

This EFI bootmanager after the Boot Camp upgrade (or all recent macs) can also find mbr bootable internal "legacy" systems, emulate BIOS and boot those / make them selectable. And it is a bit stubborn =) it doesn't like identifying my LiveUSB sticks, even though when I jump through the hoops it loads. The Hoops being:

  1. EFI bootmanager ->
  2. rEFIt ->
  3. grub-efi -> in grub-efi "appleloader usb" ->
  4. ? EFI bootmanager ? ->
  5. syslinux/grub-pc from USB stick loads.
Also the EFI bootmanager doesn't "see" regular simple file system efi bootloaders e.g. (/efi/boot/bootia32.efi) and doesn't let me boot those =( although some people reported this to work as well as regular legacy usb-sticks (various random posts on grub-devel & ubuntuforums)

What about regular booting of the installed system?

Ideally we should be able to put grub-efi on EFI system parition as /Ubuntu/bootia32.efi & /Ubuntu/bootx64.efi and set NVRAM to boot those. That grub probably should just chainload into another grub-pc or grub-efi installed on the root ubuntu partition.

Or we can modify rEFIt to read ext4 partitions and stick that into system /efi partition.

What does "bless" tool do on Macs? It can do many things but in general it does this:
  • Sets the HFS+ partition headers with a pointer to a directory/file which should be used to finish efi boot
  • Stores in NVRAM default boot device / default efi to load
I haven't looked into hfsplus yet but hopefully it can be used to mimic bless tool to set hfs+ headers to point to custom efi's.

Ideally we should be able to access NVRAM from linux to load Ubuntu, the efibootmgr package should be able to do this, but I can't get it to work on my machine yet. The kernel efivars module is not loaded =( and modprobe can't find it either.

I have loads of pages in my page history / bookmarks. Most of this has been found through trial & error, reading bless & BootX sourcecode, notes from apple, UEFI spec, grub-devel mailing list, and ubuntuforums.


  1. Good luck! Being able to boot and instal from USB on a Intel Mac would be awesome!

  2. Wild Casinois the most effective 바카라사이트 on-line on line casino with actual money slots for US players. Plus, new accounts can take advantage of|benefit from|reap the benefits of} theirwelcome bonus of up to as} $14,000and tons of ongoing promos and progressive jackpots. Free spins are precisely as the name implies, spins that are be} freed from cost. These bonuses can encompass a mix of free spins and free money.


Post a Comment

Popular posts from this blog

How to disable TLS 1.0 and TLS 1.1 on Ubuntu

Example of website that only supports TLS v1.0, which is rejected by the client Overivew TLS v1.3 is the latest standard for secure communication over the internet. It is widely supported by desktops, servers and mobile phones. Recently Ubuntu 18.04 LTS received OpenSSL 1.1.1 update bringing the ability to potentially establish TLS v1.3 connections on the latest Ubuntu LTS release. Qualys SSL Labs Pulse report shows more than 15% adoption of TLS v1.3. It really is time to migrate from TLS v1.0 and TLS v1.1. As announced on the 15th of October 2018 Apple , Google , and Microsoft will disable TLS v1.0 and TLS v1.1 support by default and thus require TLS v1.2 to be supported by all clients and servers. Similarly, Ubuntu 20.04 LTS will also require TLS v1.2 as the minimum TLS version as well. To prepare for the move to TLS v1.2, it is a good idea to disable TLS v1.0 and TLS v1.1 on your local systems and start observing and reporting any websites, systems and applications that

Ubuntu 23.10 significantly reduces the installed kernel footprint

Photo by Pixabay Ubuntu systems typically have up to 3 kernels installed, before they are auto-removed by apt on classic installs. Historically the installation was optimized for metered download size only. However, kernel size growth and usage no longer warrant such optimizations. During the 23.10 Mantic Minatour cycle, I led a coordinated effort across multiple teams to implement lots of optimizations that together achieved unprecedented install footprint improvements. Given a typical install of 3 generic kernel ABIs in the default configuration on a regular-sized VM (2 CPU cores 8GB of RAM) the following metrics are achieved in Ubuntu 23.10 versus Ubuntu 22.04 LTS: 2x less disk space used (1,417MB vs 2,940MB, including initrd) 3x less peak RAM usage for the initrd boot (68MB vs 204MB) 0.5x increase in download size (949MB vs 600MB) 2.5x faster initrd generation (4.5s vs 11.3s) approximately the same total time (103s vs 98s, hardware dependent) For minimal cloud images that do not in

Ubuntu Livepatch service now supports over 60 different kernels

Linux kernel getting a livepatch whilst running a marathon. Generated with AI. Livepatch service eliminates the need for unplanned maintenance windows for high and critical severity kernel vulnerabilities by patching the Linux kernel while the system runs. Originally the service launched in 2016 with just a single kernel flavour supported. Over the years, additional kernels were added: new LTS releases, ESM kernels, Public Cloud kernels, and most recently HWE kernels too. Recently livepatch support was expanded for FIPS compliant kernels, Public cloud FIPS compliant kernels, and as well IBM Z (mainframe) kernels. Bringing the total of kernel flavours support to over 60 distinct kernel flavours supported in parallel. The table of supported kernels in the documentation lists the supported kernel flavours ABIs, the duration of individual build's support window, supported architectures, and the Ubuntu release. This work was only possible thanks to the collaboration with the Ubuntu C