What should the MBR look like?

Posted on

Problem :

I was reading about a computer’s booting process and found out that the computer loads the bootloader’s code from the MBR. So I wanted to take a look at my MBR like this:

sudo dd if=/dev/sda of=mbr bs=512 count=1

I opened it with Vim and executed :%!xxd to get a hex view of the file. This file looks like this

enter image description here

According to what I found on the Internet, the first 446 bytes of this record should be code of the loader. But in my case it’s only zeroes. I dont think that the bootloader should look like this, but my computer loads absolutely fine. Why is this so? Why is it only zeroes in the MBR (except for the partition table I suppose) but my computer loads. I have GRUB as the bootloader.

Solution :

You probably had read an outdated text. Today’s computers don’t boot via MBR. More precisely, we’re on a transition period, some of them use MBR, some don’t.

One cause is the fact MBR doesn’t allow to paritition drive larger than 2 TiB.

Yes, you have dd’ed a place where MBR is typically located, but there is no code there and the partition table contains only one entry, which spans the whole drive. This is so called Protective MBR, your disk has a GUID Partition Table (GPT) layout (i.e. uses other partitioning system) and your computer probably boots via UEFI. You probably have a small partition with FAT32 file system, which is called EFI System Partition (ESP) and contains EFI/BOOT/bootx64.efi file – that file is a boot loader (grub, or some stub loader which immediatly executes grub), which is executed by firmware. Or you could have set up firmware to boot an arbitrary EFI executable, but it still should present on ESP.

You could confirm you have booted UEFI in linux, if your loaded system has non-empty /sys/firmare/efi directory.

Leave a Reply

Your email address will not be published. Required fields are marked *