I tried to explain everything in detail and to keep the code as simple as possible. If you have any questions, suggestions or other issues, please leave a comment or on Github. The source code is available in a repository, too.

Note that this tutorial is written mainly for Linux. For some known problems on OS X see the comment section and . If you want to use a virtual Linux machine, you can find instructions and a Vagrantfile in Ashley Willams’s x86-kernel repository.

When you turn on a computer, it loads the BIOS from some special flash memory. The BIOS runs self test and initialization routines of the hardware, then it looks for bootable devices. If it finds one, the control is transferred to its bootloader, which is a small portion of executable code stored at the device’s beginning. The bootloader has to determine the location of the kernel image on the device and load it into memory. It also needs to switch the CPU to the so-called because x86 CPUs start in the very limited real mode by default (to be compatible to programs from 1978).

We won’t write a bootloader because that would be a complex project on its own (if you really want to do it, check out ). Instead we will use one of the many well-tested bootloaders out there to boot our kernel from a CD-ROM. But which one?

Multiboot

Fortunately there is a bootloader standard: the Multiboot Specification. Our kernel just needs to indicate that it supports Multiboot and every Multiboot-compliant bootloader can boot it. We will use the Multiboot 2 specification () together with the well-known GRUB 2 bootloader.

To indicate our Multiboot 2 support to the bootloader, our kernel must start with a Multiboot Header, which has the following format:

Converted to a x86 assembly file it looks like this (Intel syntax):

If you don’t know x86 assembly, here is some quick guide:

  • the header will be written to a section named .multiboot_header (we need this later)
  • header_start and header_end are labels that mark a memory location, we use them to calculate the header length easily
  • dd stands for define double (32bit) and dw stands for define word (16bit). They just output the specified 32bit/16bit constant.
  • the additional 0x100000000 in the checksum calculation is a small hack[^fn-checksum_hack] to avoid a compiler warning

We can already assemble this file (which I called multiboot_header.asm) using nasm. It produces a flat binary by default, so the resulting file just contains our 24 bytes (in little endian if you work on a x86 machine):

  1. > nasm multiboot_header.asm
  2. > hexdump -x multiboot_header
  3. 0000000 50d6 e852 0000 0000 0018 0000 af12 17ad
  4. 0000010 0000 0000 0008 0000
  5. 0000018

The Boot Code

To boot our kernel, we must add some code that the bootloader can call. Let’s create a file named boot.asm:

  1. global start
  2. section .text
  3. bits 32
  4. start:
  5. ; print `OK` to screen
  6. mov dword [0xb8000], 0x2f4b2f4f
  7. hlt

There are some new commands:

  • global exports a label (makes it public). As start will be the entry point of our kernel, it needs to be public.
  • the .text section is the default section for executable code
  • the mov dword instruction moves the 32bit constant 0x2f4b2f4f to the memory at address b8000 (it prints OK to the screen, an explanation follows in the next posts)
  • hlt is the halt instruction and causes the CPU to stop
  1. > nasm boot.asm
  2. > hexdump -x boot
  3. 0000000 05c7 8000 000b 2f4b 2f4f 00f4
  4. 000000b
  5. > ndisasm -b 32 boot
  6. -4F2F
  7. 0000000A F4 hlt

To boot our executable later through GRUB, it should be an executable. So we want nasm to create ELF object files instead of plain binaries. To do that, we simply pass the ‑f elf64 argument to it.

To create the ELF executable, we need to the object files together. We use a custom linker script named linker.ld:

Let’s translate it:

  • start is the entry point, the bootloader will jump to it after loading the kernel
  • . = 1M; sets the load address of the first section to 1 MiB, which is a conventional place to load a kernel[^Linker 1M]
  • the executable will have two sections: .boot at the beginning and .text afterwards
  • the .text output section contains all input sections named .text
  • Sections named .multiboot_header are added to the first output section (.boot) to ensure they are at the beginning of the executable. This is necessary because GRUB expects to find the Multiboot header very early in the file.

So let’s create the ELF object files and link them using our new linker script:

  1. > nasm -f elf64 multiboot_header.asm
  2. > nasm -f elf64 boot.asm
  3. > ld -n -o kernel.bin -T linker.ld multiboot_header.o boot.o

It’s important to pass the -n (or --nmagic) flag to the linker, which disables the automatic section alignment in the executable. Otherwise the linker may page align the .boot section in the executable file. If that happens, GRUB isn’t able to find the Multiboot header because it isn’t at the beginning anymore.

We can use objdump to print the sections of the generated executable and verify that the .boot section has a low file offset:

  1. > objdump -h kernel.bin
  2. kernel.bin: file format elf64-x86-64
  3. Sections:
  4. Idx Name Size VMA LMA File off Algn
  5. 0 .boot 00000018 0000000000100000 0000000000100000 00000080 2**0
  6. CONTENTS, ALLOC, LOAD, READONLY, DATA
  7. 1 .text 0000000b 0000000000100020 0000000000100020 000000a0 2**4
  8. CONTENTS, ALLOC, LOAD, READONLY, CODE

Note: The ld and objdump commands are platform specific. If you’re not working on x86_64 architecture, you will need to . Then use x86_64‑elf‑ld and x86_64‑elf‑objdump instead of ld and objdump.

Creating the ISO

All PC BIOSes know how to boot from a CD-ROM, so we want to create a bootable CD-ROM image, containing our kernel and the GRUB bootloader’s files, in a single file called an . Make the following directory structure and copy the kernel.bin to the right place:

  1. └── boot
  2. ├── grub
  3. └── grub.cfg
  4. └── kernel.bin

The grub.cfg specifies the file name of our kernel and its Multiboot 2 compliance. It looks like this:

Now we can create a bootable image using the command:

  1. grub-mkrescue -o os.iso isofiles

Note: causes problems on some platforms. If it does not work for you, try the following steps:

  • try to run it with --verbose
  • make sure xorriso is installed (xorriso or libisoburn package)
  • If you’re using an EFI-system, grub-mkrescue tries to create an EFI image by default. You can either pass -d /usr/lib/grub/i386-pc to avoid EFI or install the mtools package to get a working EFI image
  • on some system the command is named grub2-mkrescue

Booting

  1. qemu-system-x86_64 -cdrom os.iso

Notice the green OK in the upper left corner. If it does not work for you, take a look at the comment section.

Let’s summarize what happens:

  1. the BIOS loads the bootloader (GRUB) from the virtual CD-ROM (the ISO)
  2. the bootloader reads the kernel executable and finds the Multiboot header
  3. it copies the .boot and .text sections to memory (to addresses 0x100000 and 0x100020)
  4. it jumps to the entry point (0x100020, you can obtain it through objdump -f)
  5. our kernel prints the green OK and stops the CPU

You can test it on real hardware, too. Just burn the ISO to a disk or USB stick and boot from it.

Right now we need to execute 4 commands in the right order every time we change a file. That’s bad. So let’s automate the build using a Makefile. But first we should create some clean directory structure for our source files to separate the architecture specific files:

  1. ├── Makefile
  2. └── src
  3. └── arch
  4. └── x86_64
  5. ├── multiboot_header.asm
  6. ├── boot.asm
  7. ├── linker.ld
  8. └── grub.cfg

The Makefile looks like this (indented with tabs instead of spaces):

Some comments (see the [Makefile tutorial] if you don’t know make):

  • the $(wildcard src/arch/$(arch)/*.asm) chooses all assembly files in the src/arch/$(arch)` directory, so you don’t have to update the Makefile when you add a file
  • the patsubst operation for assembly_object_files just translates src/arch/$(arch)/XYZ.asm to build/arch/$(arch)/XYZ.o
  • the $< and $@ in the assembly target are automatic variables

Now we can invoke make and all updated assembly files are compiled and linked. The make iso command also creates the ISO image and make run will additionally start QEMU.

What’s next?

In the next post we will create a page table and do some CPU configuration to switch to the 64-bit .

Footnotes

[^fn-checksum_hack]: The formula from the table, -(magic + architecture + header_length), creates a negative value that doesn’t fit into 32bit. By subtracting from 0x100000000 (= 2^(32)) instead, we keep the value positive without changing its truncated value. Without the additional sign bit(s) the result fits into 32bit and the compiler is happy :).

[^Linker 1M]: We don’t want to load the kernel to e.g. 0x0 because there are many special memory areas below the 1MB mark (for example the so-called VGA buffer at 0xb8000, that we use to print to the screen).