Boot to Shell
From the power button to a prompt — firmware, bootloader, kernel init, and the process tree.
From Power Button to Prompt
Booting is a hand-off chain: each stage loads and trusts the next. Understanding it demystifies "the computer is on but nothing happens".
Firmware & Bootloader
Firmware (legacy BIOS or modern UEFI) runs first from ROM, does POST (power-on self-test), initializes basic hardware, and hands off to a bootloader (GRUB). The bootloader finds the OS kernel on disk, loads it into memory, and jumps to it. UEFI adds Secure Boot (only signed bootloaders run).
Kernel & init
The kernel decompresses itself, sets up memory management and interrupts, loads drivers, mounts the root filesystem, and starts the first user-space process — PID 1, the init system (systemd on most Linux). Every other process descends from it, forming the process tree you see in pstree.
systemd starts services in parallel based on dependencies (units + targets), which is why modern Linux boots in seconds where older SysV init started scripts one by one.User vs Kernel Mode
The CPU runs in two privilege levels. Kernel mode can touch any hardware and memory; user mode cannot. Applications cross into the kernel only through system calls, which trap into kernel mode, do the privileged work, and return. This boundary is what keeps a buggy app from crashing the machine.
- Runs apps; no direct hardware access
- Full privilege; entered via syscalls/interrupts
Interview Questions
Walk through the boot sequence.
Firmware (BIOS/UEFI) runs POST and loads the bootloader; the bootloader (GRUB) loads the kernel; the kernel initializes hardware and mounts root; it starts init (PID 1, systemd); init starts services and reaches a login shell.
What is PID 1?
The first user-space process the kernel starts — the init system (systemd). It’s the ancestor of every other process and adopts orphans.
User mode vs kernel mode?
Two CPU privilege levels. User mode runs applications without direct hardware access; kernel mode has full privilege. Apps request privileged operations via system calls that trap into the kernel.
What is a system call?
A controlled entry point from user space into the kernel (e.g. read, write, fork). It switches to kernel mode, performs the privileged operation, and returns — the only sanctioned way apps use hardware/OS services.