Goodbye Bootloader?

More than 20 years ago, early adopters of Linux would typically rely on the Linux Loader (LILO) boot manager to fire up their systems. LILO, which began development in 1992 with the last version released in 2015, had one major drawback: It was unable to read filesystems, meaning that it had to know the kernel's precise memory addresses. Every kernel update meant reading the blocks again before the system could boot. Despite this drawback, LILO was easy to configure and did not require filesystem support during the boot process, because it grabbed the kernel directly at the previously defined location on the hard disk (Figure 1).

At the turn of the millennium, the Grand Unified Bootloader (GRUB) gradually replaced LILO, because it offered more flexibility in terms of filesystems and installation targets. The majority of today's systems boot with the help of GRUB 2, which was first released in 2012. GRUB 2 can handle a wide variety of filesystems, plus encryption, compression, and RAID. For some time now, systems that use systemd to initialize have also been able to opt for systemd-boot [1], which emerged from the Gummiboot bootloader as an alternative.

GRUB can be used on different architectures; it is capable of accessing networks and supports a variety of filesystems and data carrier types (Figure 2). This means that it offers significantly more functionality than most users actually need. In recent years, though, numerous medium- to high-level vulnerabilities have been discovered in GRUB, prompting increasing criticism of the bootloader. Its massive codebase with more than half a million lines is considered cluttered and susceptible to errors and attacks. In addition, the distributed configuration across multiple files at different locations makes it hard for beginners to manage. All of this suggests that the veteran bootloader may be past its prime.

[...]