xref: /freebsd/stand/man/loader_4th.8 (revision 9729f076e4d93c5a37e78d427bfe0f1ab99bbcc6)
1.\" Copyright (c) 1999 Daniel C. Sobral
2.\" All rights reserved.
3.\"
4.\" Redistribution and use in source and binary forms, with or without
5.\" modification, are permitted provided that the following conditions
6.\" are met:
7.\" 1. Redistributions of source code must retain the above copyright
8.\"    notice, this list of conditions and the following disclaimer.
9.\" 2. Redistributions in binary form must reproduce the above copyright
10.\"    notice, this list of conditions and the following disclaimer in the
11.\"    documentation and/or other materials provided with the distribution.
12.\"
13.\" THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
14.\" ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
15.\" IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
16.\" ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
17.\" FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
18.\" DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
19.\" OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
20.\" HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
21.\" LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
22.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
23.\" SUCH DAMAGE.
24.\"
25.\" $FreeBSD$
26.\"
27.Dd September 29, 2021
28.Dt LOADER_4TH 8
29.Os
30.Sh NAME
31.Nm loader_4th
32.Nd kernel bootstrapping final stage
33.Sh DESCRIPTION
34The program called
35.Nm
36is the final stage of
37.Fx Ns 's
38kernel bootstrapping process.
39On IA32 (i386) architectures, it is a
40.Pa BTX
41client.
42It is linked statically to
43.Xr libsa 3
44and usually located in the directory
45.Pa /boot .
46.Pp
47It provides a scripting language that can be used to
48automate tasks, do pre-configuration or assist in recovery
49procedures.
50This scripting language is roughly divided in
51two main components.
52The smaller one is a set of commands
53designed for direct use by the casual user, called "builtin
54commands" for historical reasons.
55The main drive behind these commands is user-friendliness.
56The bigger component is an
57.Tn ANS
58Forth compatible Forth interpreter based on FICL, by
59.An John Sadler .
60.Pp
61During initialization,
62.Nm
63will probe for a console and set the
64.Va console
65variable, or set it to serial console
66.Pq Dq Li comconsole
67if the previous boot stage used that.
68If multiple consoles are selected, they will be listed separated by spaces.
69Then, devices are probed,
70.Va currdev
71and
72.Va loaddev
73are set, and
74.Va LINES
75is set to 24.
76Next,
77.Tn FICL
78is initialized, the builtin words are added to its vocabulary, and
79.Pa /boot/boot.4th
80is processed if it exists.
81No disk switching is possible while that file is being read.
82The inner interpreter
83.Nm
84will use with
85.Tn FICL
86is then set to
87.Ic interpret ,
88which is
89.Tn FICL Ns 's
90default.
91After that,
92.Pa /boot/loader.rc
93is processed if available.
94These files are processed through the
95.Ic include
96command, which reads all of them into memory before processing them,
97making disk changes possible.
98.Pp
99At this point, if an
100.Ic autoboot
101has not been tried, and if
102.Va autoboot_delay
103is not set to
104.Dq Li NO
105(not case sensitive), then an
106.Ic autoboot
107will be tried.
108If the system gets past this point,
109.Va prompt
110will be set and
111.Nm
112will engage interactive mode.
113Please note that historically even when
114.Va autoboot_delay
115is set to
116.Dq Li 0
117user will be able to interrupt autoboot process by pressing some key
118on the console while kernel and modules are being loaded.
119In some
120cases such behaviour may be undesirable, to prevent it set
121.Va autoboot_delay
122to
123.Dq Li -1 ,
124in this case
125.Nm
126will engage interactive mode only if
127.Ic autoboot
128has failed.
129.Sh BUILTIN COMMANDS
130In
131.Nm ,
132builtin commands take parameters from the command line.
133Presently,
134the only way to call them from a script is by using
135.Pa evaluate
136on a string.
137If an error condition occurs, an exception will be generated,
138which can be intercepted using
139.Tn ANS
140Forth exception handling
141words.
142If not intercepted, an error message will be displayed and
143the interpreter's state will be reset, emptying the stack and restoring
144interpreting mode.
145The commands are described in the
146.Xr loader_simp 8
147.Dq BUILTIN COMMANDS
148section.
149.Ss BUILTIN ENVIRONMENT VARIABLES
150The environment variables common to all interpreters are described in the
151.Xr loader_simp 8
152.Dq BUILTIN ENVIRONMENT VARIABLES
153section.
154.Ss BUILTIN PARSER
155When a builtin command is executed, the rest of the line is taken
156by it as arguments, and it is processed by a special parser which
157is not used for regular Forth commands.
158.Pp
159This special parser applies the following rules to the parsed text:
160.Bl -enum
161.It
162All backslash characters are preprocessed.
163.Bl -bullet
164.It
165\eb , \ef , \er , \en and \et are processed as in C.
166.It
167\es is converted to a space.
168.It
169\ev is converted to
170.Tn ASCII
17111.
172.It
173\ez is just skipped.
174Useful for things like
175.Dq \e0xf\ez\e0xf .
176.It
177\e0xN and \e0xNN are replaced by the hex N or NN.
178.It
179\eNNN is replaced by the octal NNN
180.Tn ASCII
181character.
182.It
183\e" , \e' and \e$ will escape these characters, preventing them from
184receiving special treatment in Step 2, described below.
185.It
186\e\e will be replaced with a single \e .
187.It
188In any other occurrence, backslash will just be removed.
189.El
190.It
191Every string between non-escaped quotes or double-quotes will be treated
192as a single word for the purposes of the remaining steps.
193.It
194Replace any
195.Li $VARIABLE
196or
197.Li ${VARIABLE}
198with the value of the environment variable
199.Va VARIABLE .
200.It
201Space-delimited arguments are passed to the called builtin command.
202Spaces can also be escaped through the use of \e\e .
203.El
204.Pp
205An exception to this parsing rule exists, and is described in
206.Sx BUILTINS AND FORTH .
207.Ss BUILTINS AND FORTH
208All builtin words are state-smart, immediate words.
209If interpreted, they behave exactly as described previously.
210If they are compiled, though,
211they extract their arguments from the stack instead of the command line.
212.Pp
213If compiled, the builtin words expect to find, at execution time, the
214following parameters on the stack:
215.D1 Ar addrN lenN ... addr2 len2 addr1 len1 N
216where
217.Ar addrX lenX
218are strings which will compose the command line that will be parsed
219into the builtin's arguments.
220Internally, these strings are concatenated in from 1 to N,
221with a space put between each one.
222.Pp
223If no arguments are passed, a 0
224.Em must
225be passed, even if the builtin accepts no arguments.
226.Pp
227While this behavior has benefits, it has its trade-offs.
228If the execution token of a builtin is acquired (through
229.Ic '
230or
231.Ic ['] ) ,
232and then passed to
233.Ic catch
234or
235.Ic execute ,
236the builtin behavior will depend on the system state
237.Bf Em
238at the time
239.Ic catch
240or
241.Ic execute
242is processed!
243.Ef
244This is particularly annoying for programs that want or need to
245handle exceptions.
246In this case, the use of a proxy is recommended.
247For example:
248.Dl : (boot) boot ;
249.Sh FICL
250.Tn FICL
251is a Forth interpreter written in C, in the form of a forth
252virtual machine library that can be called by C functions and vice
253versa.
254.Pp
255In
256.Nm ,
257each line read interactively is then fed to
258.Tn FICL ,
259which may call
260.Nm
261back to execute the builtin words.
262The builtin
263.Ic include
264will also feed
265.Tn FICL ,
266one line at a time.
267.Pp
268The words available to
269.Tn FICL
270can be classified into four groups.
271The
272.Tn ANS
273Forth standard words, extra
274.Tn FICL
275words, extra
276.Fx
277words, and the builtin commands;
278the latter were already described.
279The
280.Tn ANS
281Forth standard words are listed in the
282.Sx STANDARDS
283section.
284The words falling in the two other groups are described in the
285following subsections.
286.Ss FICL EXTRA WORDS
287.Bl -tag -width wid-set-super
288.It Ic .env
289.It Ic .ver
290.It Ic -roll
291.It Ic 2constant
292.It Ic >name
293.It Ic body>
294.It Ic compare
295This is the STRING word set's
296.Ic compare .
297.It Ic compile-only
298.It Ic endif
299.It Ic forget-wid
300.It Ic parse-word
301.It Ic sliteral
302This is the STRING word set's
303.Ic sliteral .
304.It Ic wid-set-super
305.It Ic w@
306.It Ic w!
307.It Ic x.
308.It Ic empty
309.It Ic cell-
310.It Ic -rot
311.El
312.Ss FREEBSD EXTRA WORDS
313.Bl -tag -width XXXXXXXX
314.It Ic \&$ Pq --
315Evaluates the remainder of the input buffer, after having printed it first.
316.It Ic \&% Pq --
317Evaluates the remainder of the input buffer under a
318.Ic catch
319exception guard.
320.It Ic .#
321Works like
322.Ic "."
323but without outputting a trailing space.
324.It Ic fclose Pq Ar fd --
325Closes a file.
326.It Ic fkey Pq Ar fd -- char
327Reads a single character from a file.
328.It Ic fload Pq Ar fd --
329Processes a file
330.Em fd .
331.It Ic fopen Pq Ar addr len mode Li -- Ar fd
332Opens a file.
333Returns a file descriptor, or \-1 in case of failure.
334The
335.Ar mode
336parameter selects whether the file is to be opened for read access, write
337access, or both.
338The constants
339.Dv O_RDONLY , O_WRONLY ,
340and
341.Dv O_RDWR
342are defined in
343.Pa /boot/support.4th ,
344indicating read only, write only, and read-write access, respectively.
345.It Xo
346.Ic fread
347.Pq Ar fd addr len -- len'
348.Xc
349Tries to read
350.Em len
351bytes from file
352.Em fd
353into buffer
354.Em addr .
355Returns the actual number of bytes read, or -1 in case of error or end of
356file.
357.It Ic heap? Pq -- Ar cells
358Return the space remaining in the dictionary heap, in cells.
359This is not related to the heap used by dynamic memory allocation words.
360.It Ic inb Pq Ar port -- char
361Reads a byte from a port.
362.It Ic key Pq -- Ar char
363Reads a single character from the console.
364.It Ic key? Pq -- Ar flag
365Returns
366.Ic true
367if there is a character available to be read from the console.
368.It Ic ms Pq Ar u --
369Waits
370.Em u
371microseconds.
372.It Ic outb Pq Ar port char --
373Writes a byte to a port.
374.It Ic seconds Pq -- Ar u
375Returns the number of seconds since midnight.
376.It Ic tib> Pq -- Ar addr len
377Returns the remainder of the input buffer as a string on the stack.
378.It Ic trace! Pq Ar flag --
379Activates or deactivates tracing.
380Does not work with
381.Ic catch .
382.El
383.Ss FREEBSD DEFINED ENVIRONMENTAL QUERIES
384.Bl -tag -width Ds
385.It arch-i386
386.Ic TRUE
387if the architecture is IA32.
388.It FreeBSD_version
389.Fx
390version at compile time.
391.It loader_version
392.Nm
393version.
394.El
395.Sh SECURITY
396Access to the
397.Nm
398command line provides several ways of compromising system security,
399including, but not limited to:
400.Pp
401.Bl -bullet
402.It
403Booting from removable storage, by setting the
404.Va currdev
405or
406.Va loaddev
407variables
408.It
409Executing binary of choice, by setting the
410.Va init_path
411or
412.Va init_script
413variables
414.It
415Overriding ACPI DSDT to inject arbitrary code into the ACPI subsystem
416.El
417.Pp
418One can prevent unauthorized access
419to the
420.Nm
421command line by setting the
422.Va password ,
423or setting
424.Va autoboot_delay
425to -1.
426See
427.Xr loader.conf 5
428for details.
429In order for this to be effective, one should also configure the firmware
430(BIOS or UEFI) to prevent booting from unauthorized devices.
431.Sh MD
432Memory disk (MD) can be used when the
433.Nm
434was compiled with
435.Va MD_IMAGE_SIZE .
436The size of the memory disk is determined by
437.Va MD_IMAGE_SIZE .
438If MD available, a file system can be embedded into the
439.Nm
440with
441.Pa /sys/tools/embed_mfs.sh .
442Then, MD will be probed and be set to
443.Va currdev
444during initialization.
445.Pp
446Currently, MD is only supported in
447.Xr loader.efi 8 .
448.Sh FILES
449.Bl -tag -width /usr/share/examples/bootforth/ -compact
450.It Pa /boot/loader
451.Nm
452itself.
453.It Pa /boot/boot.4th
454Additional
455.Tn FICL
456initialization.
457.It Pa /boot/defaults/loader.conf
458.It Pa /boot/loader.4th
459Extra builtin-like words.
460.It Pa /boot/loader.conf
461.It Pa /boot/loader.conf.local
462.Nm
463configuration files, as described in
464.Xr loader.conf 5 .
465.It Pa /boot/loader.rc
466.Nm
467bootstrapping script.
468.It Pa /boot/loader.help
469Loaded by
470.Ic help .
471Contains the help messages.
472.It Pa /boot/support.4th
473.Pa loader.conf
474processing words.
475.It Pa /usr/share/examples/bootforth/
476Assorted examples.
477.El
478.Sh EXAMPLES
479Boot in single user mode:
480.Pp
481.Dl boot -s
482.Pp
483Load the kernel, a splash screen, and then autoboot in five seconds.
484Notice that a kernel must be loaded before any other
485.Ic load
486command is attempted.
487.Bd -literal -offset indent
488load kernel
489load splash_bmp
490load -t splash_image_data /boot/chuckrulez.bmp
491autoboot 5
492.Ed
493.Pp
494Set the disk unit of the root device to 2, and then boot.
495This would be needed in a system with two IDE disks,
496with the second IDE disk hardwired to ada2 instead of ada1.
497.Bd -literal -offset indent
498set root_disk_unit=2
499boot /boot/kernel/kernel
500.Ed
501.Pp
502Set the default device used for loading a kernel from a ZFS filesystem:
503.Bd -literal -offset indent
504set currdev=zfs:tank/ROOT/knowngood:
505.Ed
506.Pp
507.Sh ERRORS
508The following values are thrown by
509.Nm :
510.Bl -tag -width XXXXX -offset indent
511.It 100
512Any type of error in the processing of a builtin.
513.It -1
514.Ic Abort
515executed.
516.It -2
517.Ic Abort"
518executed.
519.It -56
520.Ic Quit
521executed.
522.It -256
523Out of interpreting text.
524.It -257
525Need more text to succeed -- will finish on next run.
526.It -258
527.Ic Bye
528executed.
529.It -259
530Unspecified error.
531.El
532.Sh SEE ALSO
533.Xr libsa 3 ,
534.Xr loader.conf 5 ,
535.Xr tuning 7 ,
536.Xr boot 8 ,
537.Xr btxld 8
538.Sh STANDARDS
539For the purposes of ANS Forth compliance, loader is an
540.Bf Em
541ANS Forth System with Environmental Restrictions, Providing
542.Ef
543.Bf Li
544.No .( ,
545.No :noname ,
546.No ?do ,
547parse, pick, roll, refill, to, value, \e, false, true,
548.No <> ,
549.No 0<> ,
550compile\&, , erase, nip, tuck
551.Ef
552.Em and
553.Li marker
554.Bf Em
555from the Core Extensions word set, Providing the Exception Extensions
556word set, Providing the Locals Extensions word set, Providing the
557Memory-Allocation Extensions word set, Providing
558.Ef
559.Bf Li
560\&.s,
561bye, forget, see, words,
562\&[if],
563\&[else]
564.Ef
565.Em and
566.Li [then]
567.Bf Em
568from the Programming-Tools extension word set, Providing the
569Search-Order extensions word set.
570.Ef
571.Sh HISTORY
572The
573.Nm
574first appeared in
575.Fx 3.1 .
576.Sh AUTHORS
577.An -nosplit
578The
579.Nm
580was written by
581.An Michael Smith Aq msmith@FreeBSD.org .
582.Pp
583.Tn FICL
584was written by
585.An John Sadler Aq john_sadler@alum.mit.edu .
586