diff --git a/docs/specs/boot-process.md b/docs/specs/boot-process.md index cbaf62f..254d57d 100644 --- a/docs/specs/boot-process.md +++ b/docs/specs/boot-process.md @@ -31,10 +31,14 @@ If signatures match, BOOT2 is launched directly. ## Stage 2: system loader (BOOT2) -This component checks signature for BOOT3. It also provides more advanced troubleshooting thanks to the whole storage being decryptable. +This component is responsible to user account selection and storage decryption. It is stored in a dedicated partition as the `/sys/boot` file, a header-less raw executable program. + +It starts by checking signature of all system files (everything located in `/sys` and `/etc/sys`). If signatures are not valid, an error message is shown and the booting process is halt. By inputting a specific phrase displayed on the screen, the user can force the boot process, at the expense of security. +BOOT2 also provides more advanced troubleshooting thanks to the whole storage being decryptable. + It then initializes all required drivers, initialize a graphical session, and asks to select a user account. At this point, it also provides more troubleshooting options. If the provided username and password are valid, it then does the following: @@ -43,3 +47,7 @@ If the provided username and password are valid, it then does the following: * If [per-user encryption](../features/encryption.md#per-user-encryption) is enabled, the user key is decrypted The user session is then opened by calling the relevant system component. + +Note that the BOOT2 partition is read-only except to the [system user](../concepts/users.md#users-type) itself. + +It is only updated through the [system update process](update-processes.md#system-updates) and when rollbacked. \ No newline at end of file diff --git a/docs/specs/filesystem.md b/docs/specs/filesystem.md index c1594cc..c850328 100644 --- a/docs/specs/filesystem.md +++ b/docs/specs/filesystem.md @@ -178,7 +178,7 @@ _NOTE:_ `` indicates the item is a file. │   └── root Soft link to `/` ├── sys (4) System - immutable outside of installation, repair processes and updates │   ├── apps System applications -│   ├── boot System's boot program +│   ├── boot (5) System's boot program (BOOT2) │   ├── langs Translation files │   ├── old Old versions of the system, used during the repair process (compressed archives) │   ├── backup Copy of the last system version (compressed archive) @@ -193,7 +193,8 @@ Links: - (1) [UPE requests](../concepts/users.md#user-privileges-elevation-upe) - (2) Used for [integrity checking](../specs/boot-process.md) - (3) Global storage's [encryption](../features/encryption.md) key -- (4) Not stored in the main data pratition but in the [BOOT2 partition](#partitions) +- (4) Not stored in the main data partition but in [BOOT2's partition](#partitions) +- (5) Raw boot program (without header), represented by [BOOT2](boot-process.md#stage-2-system-loader-boot2) ### Notes