Getting an image
The /boot file system of a Raspberry Pi is formatted as a FAT16 file system. It’s a small file system so we’re just going to make a copy of it. This is the only time, we’ll need to use the sudo command.
[…]$ cd […]$ sudo dd if=/dev/mmcblk0p1 of=boot.img bs=1M
We store the image of /boot into the file boot.img
The reference
Download a copy of the Microsoft EFI FAT32 File System Specification. It is the only reference we will use.
The specification is in MS Word format. You will have to accept a license agreement.
The BPB and its fields
Read pages 7 and 8 which talks about the BPB (BIOS Parameter Block), which is contained in the first 512 bytes of the file system image. Use the dd command to copy those first 512 bytes into a file called boot.BPB.img.
[…]$ dd if=boot.img of=boot.BPB.img bs=512 count=1
1+0 records in
1+0 records out
512 bytes (512 B) copied, 0.00834778 s, 61.3 kB/s
The BPB contains many field that specify the layout of the file system. We are going to get copies of the ones we will need in our task. We will use od to get these fields and assign them to shell variables. We are using the variable name of the Microsoft specification.
This is going to be tedious.
Bytes per sector
Sectors are the smallest unit of disk allocation.
[…]$ od -A d -j 11 -N 2 -t d2 boot.BPB.img 0000011 512 0000013 […]$ BPB_BytsPerSec=512
Sectors per cluster
However, files are allocated in clusters. Sectors are just too small for efficient file allocation.
[…]$ od -A d -j 13 -N 1 -t d1 boot.BPB.img 0000013 16 0000014 […]$ BPB_SecPerClus=16
Number of reserved sectors
This is the number of sectors reserved for BPB and, presumably, other stuff. The Microsoft specification states that it should “never be anything other than 1’ for a FAT16 file system. However, that doesn&rssquo;t seem to always be the case.
[…]$ od -A d -j 14 -N 2 -t d2 boot.BPB.img 0000014 16 0000016 […] $BPB_RsvdSecCnt=16
Number of FATs
The FAT file system is named after the File Allocation Table which tells you were the cluster of files and directories are stored. There ought to be only two of these.
[…]$ od -A d -j 16 -N 1 -t d1 boot.BPB.img 0000016 2 0000017 […]$ BPB_NumFATs=2
Root directory entry count
This is a count of the number of root directory entries for FAT12 and FAT16 file systems. Each of these entries is 32-bytes long. Expect to find 512 entries.
[…]$ od -A d -j 17 -N 2 -t d2 boot.BPB.img 0000017 512 0000019 […]$ BPB_RootEntCnt=512
Total sectors
This one can be tricky because the number of sectors may by larger than the maximum number (65535 or 216-1) that can be stored in 16 bits. If the 16 bit field is 0, you must look at the 32 bit field.
[…]$ od -A d -j 19 -N 2 -t d2 boot.BPB.img 0000019 0 0000021 […]$ BPB_TotSec16=0 […]$ od -A d -j 32 -N 4 -t d4 boot.BPB.img 0000032 114688 0000036 […]$ BPB_TotSec32=114688 […]$ TotSec=$BPB_TotSec32 […]$ echo $TotSec 114688
Sanity check
If you multipy the number of sectors by the number of bytes per sectors, you will find out the size of the file system. The ought to be the same size as the file system image. It certainly can’t be bigger.
[…]$ echo $(( $TotSec * $BPB_BytsPerSec )) 58720256 […]$ ls -l boot.img -rw-r--r-- 1 root root 58720256 Mar 24 09:17 boot.img
That one looks good.
What kind of FAT
We’ve made it to pages 13 &d 14 of the specification where we can take our first look at the File Allocation Table or FAT.
However, we better first figure out there the data sectors really are located. That requires knowing the sizes of the root directory (for FAT16) and FAT structures.
Number of root directory sectors
In a FAT12 or FAT16 file system, a number of sectors are allocated for the root directory.
[…]$ RootDirSectors=$(( ( ( $BPB_RootEntCnt * 32 ) + ( $BPB_BytsPerSec - 1 ) ) / $BPB_BytsPerSec )) […]$ echo $RootDirSectors 32
If you perform this calculation for a FAT32 system, it will always assign 0 because BPB_RootEnCnt is 0.
Number of FAT sectors
We have to read some more BPB fields to determine the number of sectors used to store a single copy of the FAT.
[…]$ od -A d -j 22 -N 2 -t d2 boot.BPB.img 0000022 32 0000024 […]$ BPB_FATSz16=32 […]$ FATSz=$BPB_FATSz16
First data cluster
The first data cluster follows the reserved sectors, the FAT sectors and the root directory sectors (for FAT16). Determine the first data sector and the number of data sectors.
[…]$ FirstDataSector=$(( $BPB_RsvdSecCnt + ( $BPB_NumFATs * $FATSz ) + $RootDirSectors )) […]$ echo $FirstDataSector 112 […]$ DataSec=$(( $TotSec - ( $BPB_RsvdSecCnt + ( $BPB_NumFATs * $FATSz ) + $RootDirSectors ) )) […]$ echo $DataSec 114576
What FAT
The official MS-sanctioned way to determine FAT type is to calculate the number of sectors and compare that number to 212, 216 and 232.
[…]$ CountofClusters=$(( $DataSec / $BPB_SecPerClus )) […]$ echo $CountofClusters 7161
This is officially a FAT16 file system.
Root directory
Finally, let’s copy the root directory.
[…]$ echo $(( $BPB_RsvdSecCnt + $BPB_NumFATs * $FATSz )) 80 […]$ echo $RootDirSectors 32 […]$ dd if=boot.img of=boot.rootdir.img bs=512 count=32 skip=80 32+0 records in 32+0 records out 16384 bytes (16 kB) copied, 0.00549986 s, 3.0 MB/s
Starting at page 22, the directory structure is explained in the Microsoft specification.
First directory entry
The first directory entry is for the directory itself.
[…]$ od -A d -j 0 -N 32 -t a boot.rootdir.img
0000000 b o o t sp sp sp sp sp sp sp bs nul nul U &
0000016 ' D ' D nul nul U & ' D nul nul nul nul nul nul
0000032
Second directory entry
The second directory entry is a long entry for the lower-case name bootcode.bin . We will ignore it.
[…]$ od -A d -j 32 -N 32 -t a boot.rootdir.img
0000032 A b nul o nul o nul t nul c nul si nul enq o nul
0000048 d nul e nul . nul b nul i nul nul nul n nul nul nul
0000064
The third directory entry
Finally, we get the real directory entry, the one for
[…]$ od -A d -j 64 -N 32 -t a boot.rootdir.img
0000064 B O O T C O D E B I N sp nul d T %
0000080 9 E 9 E nul nul T % 9 E etx nul 0 E nul nul
0000096
Get the size of BOOTCODE.BIN .
[…]$ od -A d -j $(( 64 + 28 )) -N 4 -t d4 boot.rootdir.img
0000092 17840
0000096
Make sure it matches the size of BOOTCODE.BIN as seen by the operating system.
[…]$ ls -l /boot/bootcode.bin
-rwxr-xr-x 1 root root 17840 Sep 25 2014 /boot/bootcode.bin
Now determine the address of the first cluster of BOOTCODE.BIN .
[…]$ od -A d -j $(( 64 + 26 )) -N 2 -t d2 boot.rootdir.img 0000090 3 0000092 […]$ BOOTCODEBINCLUSTER=3
The FAT
Copy the entire FAT.
[…]$ dd if=boot.img of=boot.fat.img bs=512 skip=16 count=32
32+0 records in
32+0 records out
16384 bytes (16 kB) copied, 0.0144706 s, 1.1 MB/s
Take a quick look at the FAT’s linked list structure. Our file seems to be in clusters 3, 4 and 5.
[…]$ od -A d -j 0 -N 32 -t d2 boot.fat.img
0000000 -8 -1 0 4 5 -1 -1 -1
0000016 -1 10 -1 12 13 14 15 16
0000032
Do a quick check to determine that the file contains three clusters.
[…]$ echo $*(( $BPB_SecPerClus * $BPB_BytsPerSec )) (( 16 * 512 )) […]$ echo $(( $BPB_SecPerClus * $BPB_BytsPerSec )) 8192 […]$ echo $(( ( 17840 - 1) / 8192 + 1 )) 3
The file
Finally, let’s read the file from the raw disk image.
Start by one last look at the relevant fields of the FAT.
[…]$ od -A d -j 6 -N 6 -t d2 boot.fat.img
0000006 4 5 -1
0000012
Get the sector address of the three clusters.
[…]$ FirstSectorofCluster3=$((( ( 3 - 2 ) * $BPB_SecPerClus ) + $FirstDataSector )) […]$ FirstSectorofCluster4=$((( ( 4 - 2 ) * $BPB_SecPerClus ) + $FirstDataSector )) […]$ FirstSectorofCluster5=$((( ( 5 - 2 ) * $BPB_SecPerClus ) + $FirstDataSector )) […]$ echo $FirstSectorofCluster3 128 […]$ echo $FirstSectorofCluster4 144 […]$ echo $FirstSectorofCluster5 160
Now read the three clusters.
[…]$ dd if=boot.img of=boot.cluster3.img bs=512 skip=128 count=16 16+0 records in 16+0 records out 8192 bytes (8.2 kB) copied, 0.00104097 s, 7.9 MB/s […]$ dd if=boot.img of=boot.cluster4.img bs=512 skip=144 count=16 16+0 records in 16+0 records out 8192 bytes (8.2 kB) copied, 0.00104697 s, 7.8 MB/s […]$ dd if=boot.img of=boot.cluster5.img bs=512 skip=160 count=16 16+0 records in 16+0 records out 8192 bytes (8.2 kB) copied, 0.00118497 s, 6.9 MB/s
Concatentate the three clusters and truncate the result to 17840 bytes.
[…]$ cat boot.cluster3.img boot.cluster4.img boot.cluster5.img > boot.clusters3-5.img […]$ ls -l boot.cluster* -rw-r--r-- 1 brock brock 8192 Apr 7 00:02 boot.cluster3.img -rw-r--r-- 1 brock brock 8192 Apr 7 00:02 boot.cluster4.img -rw-r--r-- 1 brock brock 8192 Apr 7 00:02 boot.cluster5.img -rw-r--r-- 1 brock brock 24576 Apr 7 00:03 boot.clusters3-5.img […]$ dd if=boot.clusters3-5.img of=boot.bootcode.bin.img bs=17840 count=1 1+0 records in 1+0 records out 17840 bytes (18 kB) copied, 0.0110697 s, 1.6 MB/s
This better work.
[…]$ ls -l boot.bootcode.bin.img -rw-r--r-- 1 brock brock 17840 Apr 7 00:04 boot.bootcode.bin.img […]$ ls -l /boot/bootcode.bin -rwxr-xr-x 1 root root 17840 Sep 25 2014 /boot/bootcode.bin […]$ cmp boot.bootcode.bin.img /boot/bootcode.bin […]$ echo $? 0
It does!