where grub's 2 core.img is located on disk?

SUSE Linux Enterprise Server SLES Install-Boot
1

Hello All,

I am trying to figure out where exactly grub2 is stored on disk.

BIOS (vmware)
DOS style layout
server with gui installation using seperate /boot (ext4) as first partition and / (ext4)

inspecting the MBR reveals

dd if=/dev/sda count=1 bs=512 | od -t x1 -A x
1+0 records in
1+0 records out
512 bytes copied, 6.5017e-05 s, 7.9 MB/s
000000 33 c0 fa 8e d8 8e d0 bc 00 7c 89 e6 06 57 8e c0
000010 fb fc bf 00 06 b9 00 01 f3 a5 ea 1f 06 00 00 52
000020 52 b4 41 bb aa 55 31 c9 30 f6 f9 cd 13 72 13 81
000030 fb 55 aa 75 0d d1 e9 73 09 66 c7 06 8d 06 b4 42
000040 eb 15 5a b4 08 cd 13 83 e1 3f 51 0f b6 c6 40 f7
000050 e1 52 50 66 31 c0 66 99 e8 66 00 e8 35 01 4d 69
000060 73 73 69 6e 67 20 6f 70 65 72 61 74 69 6e 67 20
000070 73 79 73 74 65 6d 2e 0d 0a 66 60 66 31 d2 bb 00
000080 7c 66 52 66 50 06 53 6a 01 6a 10 89 e6 66 f7 36
000090 f4 7b c0 e4 06 88 e1 88 c5 92 f6 36 f8 7b 88 c6
0000a0 08 e1 41 b8 01 02 8a 16 fa 7b cd 13 8d 64 10 66
0000b0 61 c3 e8 c4 ff be be 7d bf be 07 b9 20 00 f3 a5
0000c0 c3 66 60 89 e5 bb be 07 b9 04 00 31 c0 53 51 f6
0000d0 07 80 74 03 40 89 de 83 c3 10 e2 f3 48 74 5b 79
0000e0 39 59 5b 8a 47 04 3c 0f 74 06 24 7f 3c 05 75 22
0000f0 66 8b 47 08 66 8b 56 14 66 01 d0 66 21 d2 75 03
000100 66 89 c2 e8 ac ff 72 03 e8 b6 ff 66 8b 46 1c e8
000110 a0 ff 83 c3 10 e2 cc 66 61 c3 e8 76 00 4d 75 6c
000120 74 69 70 6c 65 20 61 63 74 69 76 65 20 70 61 72
000130 74 69 74 69 6f 6e 73 2e 0d 0a 66 8b 44 08 66 03
000140 46 1c 66 89 44 08 e8 30 ff 72 27 66 81 3e 00 7c
000150 58 46 53 42 75 09 66 83 c0 04 e8 1c ff 72 13 81
000160 3e fe 7d 55 aa 0f 85 f2 fe bc fa 7b 5a 5f 07 fa
000170 ff e4 e8 1e 00 4f 70 65 72 61 74 69 6e 67 20 73
000180 79 73 74 65 6d 20 6c 6f 61 64 20 65 72 72 6f 72
000190 2e 0d 0a 5e ac b4 0e 8a 3e 62 04 b3 07 cd 10 3c
0001a0 0a 75 f1 cd 18 f4 eb fd 00 00 00 00 00 00 00 00
0001b0 00 00 00 00 00 00 00 00 01 b4 04 00 00 00 80 20
0001c0 21 00 83 fd 3e 3f 00 08 00 00 00 a8 0f 00 00 fd
0001d0 3f 3f 83 fe ff ff 00 b0 0f 00 00 08 80 02 00 fe
0001e0 ff ff 82 fe ff ff 00 b8 8f 02 00 f8 7f 00 00 fe
0001f0 03 7c 05 b4 f7 bd 00 b0 0f 03 00 50 90 0c 55 aa

after that until first partition disk contains all zeroes…

Disk /dev/sda: 125 GiB, 134217728000 bytes, 262144000 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x0004b401

Device Boot Start End Sectors Size Id Type
/dev/sda1 * 2048 1028095 1026048 501M 83 Linux
/dev/sda2 1028096 42973183 41945088 20G 83 Linux
/dev/sda3 42973184 51359743 8386560 4G 82 Linux swap / Solaris
/dev/sda4 51359744 262143999 210784256 100.5G 5 Extended
/dev/sda5 51361792 262143999 210782208 100.5G 8e Linux LVM

examining a centos/redhat7 based installation (using same disk layout/type) picture is very different…

the grub code is present in MBR gap and disk starts with eb …

any help is very appreciated also if i do something wrong would be great to know!

Thank you in advance

Michael.

2

Hi
If you fire up yast bootloader, on the first page (Boot Loader Settings) it will show where it’s installed, boot partition, mbr etc. It could be in /dev/sda1 rather than MBR.

3

Thank you Malcom for you time,

grub’s main code (stage 1.5) must be outside of filesystem so it could be direct loaded from stage1 (code in MBR) which is usually resides in MBR Gap.

in redhat it is located after the partition signature (55AA)

i am using a standard installation , so if you can provide me a command which can show the code itself would be greatly appreciated.

Thanks again.

Michael.

4

[QUOTE=maikcat;55084]Thank you Malcom for you time,

grub’s main code (stage 1.5) must be outside of filesystem so it could be direct loaded from stage1 (code in MBR) which is usually resides in MBR Gap.

in redhat it is located after the partition signature (55AA)

i am using a standard installation , so if you can provide me a command which can show the code itself would be greatly appreciated.

Thanks again.

Michael.[/QUOTE]
Hi Michael
On my system that uses BIOS boot, I see;

file -s /dev/sda

/dev/sda: DOS/MBR boot sector; partition 1 : ID=0x83, active, start-CHS (0x0,32,33), end-CHS (0x3f,221,30), startsector 2048, 1024000 sectors; partition 2 : ID=0x5, start-CHS (0x3f,221,31), end-CHS (0x41,80,63), startsector 1026048, 1464123120 sectors

fdisk -l

Disk /dev/sda: 698.7 GiB, 750156374016 bytes, 1465149168 sectors
Units: sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disklabel type: dos
Disk identifier: 0x5df89e17

Device     Boot     Start        End    Sectors   Size Id Type
/dev/sda1  *         2048    1026047    1024000   500M 83 Linux
/dev/sda2         1026048 1465149167 1464123120 698.2G  5 Extended
/dev/sda5         1028096  210743295  209715200   100G 83 Linux
/dev/sda6       210745344  223328255   12582912     6G 82 Linux swap / Solaris
/dev/sda7       223330304  433045503  209715200   100G 83 Linux
/dev/sda8       433047552 1465149167 1032101616 492.1G 83 Linux

dd if=/dev/sda bs=1 count=512 | grep -aob GRUB

512+0 records in
512+0 records out
512 bytes copied, 0.00145033 s, 353 kB/s

dd if=/dev/sda1 bs=1 count=512 | grep -aob GRUB

384:GRUB

512+0 records in
512+0 records out
512 bytes copied, 0.00187192 s, 274 kB/s

So in my case it’s on sda1, not sda…

5

Thanks again malcolm for your response,

yes indeed the grub it self is right before /boot partition (sda1)
perfoming a dd verifies that

# dd if=/dev/sda count=1 bs=2M | od -t x1 -A x | more
000000 33 c0 fa 8e d8 8e d0 bc 00 7c 89 e6 06 57 8e c0
000010 fb fc bf 00 06 b9 00 01 f3 a5 ea 1f 06 00 00 52
000020 52 b4 41 bb aa 55 31 c9 30 f6 f9 cd 13 72 13 81
000030 fb 55 aa 75 0d d1 e9 73 09 66 c7 06 8d 06 b4 42
000040 eb 15 5a b4 08 cd 13 83 e1 3f 51 0f b6 c6 40 f7
000050 e1 52 50 66 31 c0 66 99 e8 66 00 e8 35 01 4d 69
000060 73 73 69 6e 67 20 6f 70 65 72 61 74 69 6e 67 20
000070 73 79 73 74 65 6d 2e 0d 0a 66 60 66 31 d2 bb 00
000080 7c 66 52 66 50 06 53 6a 01 6a 10 89 e6 66 f7 36
000090 f4 7b c0 e4 06 88 e1 88 c5 92 f6 36 f8 7b 88 c6
0000a0 08 e1 41 b8 01 02 8a 16 fa 7b cd 13 8d 64 10 66
0000b0 61 c3 e8 c4 ff be be 7d bf be 07 b9 20 00 f3 a5
0000c0 c3 66 60 89 e5 bb be 07 b9 04 00 31 c0 53 51 f6
0000d0 07 80 74 03 40 89 de 83 c3 10 e2 f3 48 74 5b 79
0000e0 39 59 5b 8a 47 04 3c 0f 74 06 24 7f 3c 05 75 22
0000f0 66 8b 47 08 66 8b 56 14 66 01 d0 66 21 d2 75 03
000100 66 89 c2 e8 ac ff 72 03 e8 b6 ff 66 8b 46 1c e8
000110 a0 ff 83 c3 10 e2 cc 66 61 c3 e8 76 00 4d 75 6c
000120 74 69 70 6c 65 20 61 63 74 69 76 65 20 70 61 72
000130 74 69 74 69 6f 6e 73 2e 0d 0a 66 8b 44 08 66 03
000140 46 1c 66 89 44 08 e8 30 ff 72 27 66 81 3e 00 7c
000150 58 46 53 42 75 09 66 83 c0 04 e8 1c ff 72 13 81
000160 3e fe 7d 55 aa 0f 85 f2 fe bc fa 7b 5a 5f 07 fa
000170 ff e4 e8 1e 00 4f 70 65 72 61 74 69 6e 67 20 73
000180 79 73 74 65 6d 20 6c 6f 61 64 20 65 72 72 6f 72
000190 2e 0d 0a 5e ac b4 0e 8a 3e 62 04 b3 07 cd 10 3c
0001a0 0a 75 f1 cd 18 f4 eb fd 00 00 00 00 00 00 00 00
0001b0 00 00 00 00 00 00 00 00 01 b4 04 00 00 00 80 20
0001c0 21 00 83 fd 3e 3f 00 08 00 00 00 a8 0f 00 00 fd
0001d0 3f 3f 83 fe ff ff 00 b0 0f 00 00 08 80 02 00 fe
0001e0 ff ff 82 fe ff ff 00 b8 8f 02 00 f8 7f 00 00 fe
0001f0 03 7c 05 b4 f7 bd 00 b0 0f 03 00 50 90 0c 55 aa
000200 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*
[B][U]100000 eb 63 90 00 00 00 00 00 00 00 00 00 00 00 00 00[/U][/B]
100010 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*
100050 00 00 00 00 00 00 00 00 00 00 00 80 42 8f 04 00
100060 00 00 00 00 ff fa 90 90 f6 c2 80 74 05 f6 c2 70
100070 74 02 b2 80 ea 79 7c 00 00 31 c0 8e d8 8e d0 bc
100080 00 20 fb a0 64 7c 3c ff 74 02 88 c2 52 be 80 7d
100090 e8 17 01 be 05 7c b4 41 bb aa 55 cd 13 5a 52 72
1000a0 3d 81 fb 55 aa 75 37 83 e1 01 74 32 31 c0 89 44
1000b0 04 40 88 44 ff 89 44 02 c7 04 10 00 66 8b 1e 5c
1000c0 7c 66 89 5c 08 66 8b 1e 60 7c 66 89 5c 0c c7 44
1000d0 06 00 70 b4 42 cd 13 72 05 bb 00 70 eb 76 b4 08
1000e0 cd 13 73 0d 5a 84 d2 0f 83 d8 00 be 8b 7d e9 82
1000f0 00 66 0f b6 c6 88 64 ff 40 66 89 44 04 0f b6 d1
100100 c1 e2 02 88 e8 88 f4 40 89 44 08 0f b6 c2 c0 e8
100110 02 66 89 04 66 a1 60 7c 66 09 c0 75 4e 66 a1 5c
100120 7c 66 31 d2 66 f7 34 88 d1 31 d2 66 f7 74 04 3b
100130 44 08 7d 37 fe c1 88 c5 30 c0 c1 e8 02 08 c1 88
100140 d0 5a 88 c6 bb 00 70 8e c3 31 db b8 01 02 cd 13
100150 72 1e 8c c3 60 1e b9 00 01 8e db 31 f6 bf 00 80
100160 8e c6 fc f3 a5 1f 61 ff 26 5a 7c be 86 7d eb 03
100170 be 95 7d e8 34 00 be 9a 7d e8 2e 00 cd 18 eb fe
100180 47 52 55 42 20 00 47 65 6f 6d 00 48 61 72 64 20
100190 44 69 73 6b 00 52 65 61 64 00 20 45 72 72 6f 72
1001a0 0d 0a 00 bb 01 00 b4 0e cd 10 ac 3c 00 75 f4 c3
1001b0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
*
1001f0 00 00 00 00 00 00 00 00 00 00 00 00 00 00 55 aa

so yes its in 100000 position…

thank you.

Michael