Operating System Lifecycle: From Boot to Shutdown Explained

Name: Every operating system concept in one video…
Uploaded: 2026-05-07T17:32:34+00:00
Duration: 11 min 30 s
Channel: Fireship
Description: Summary and key takeaways on Operating System Lifecycle: From Boot to Shutdown Explained, covering OS Architecture Overview An operating system coordinates

Fireship

May 07, 2026

•

11 min video

•

3 min read

YouTube video ID: MtxP2pyCvYA

Source: YouTube video by Fireship — Watch original video

PDF

An operating system coordinates hardware and software through a layered architecture. The kernel runs in the most privileged CPU ring, while user‑space programs operate in a restricted ring. This separation, combined with virtual memory, file systems, device drivers, and scheduling, enables the system to manage resources safely from power‑on to shutdown.

Booting and Firmware

When power is applied, the CPU fetches instructions from a hard‑coded address in the firmware—UEFI or BIOS. The firmware performs minimal hardware initialization, locates a bootable disk, and transfers control to a bootloader such as Grub, IBO, or Bootmagger. The bootloader’s sole responsibility is to load the kernel image into RAM and start its execution.

Privilege Rings (Kernel vs. User Space)

CPUs enforce privilege levels called rings. Ring 0 hosts the kernel and enjoys full hardware access with no guardrails; a single wrong pointer can crash the entire machine. Ring 3 contains user‑space applications, which must request kernel services for any hardware interaction. This isolation prevents a buggy program from bringing down the whole system.

Virtual Memory and the MMU

The kernel creates a virtual address space for each process. The Memory Management Unit (MMU) translates these virtual addresses into physical addresses using per‑process page tables. Because each process has its own page table, it cannot read another process’s memory. When a program accesses a page not present in RAM, the MMU triggers a page fault, and the kernel loads the missing page from disk. Memory pages are typically 4 KB, and the Translation Lookaside Buffer (TLB) caches recent translations for speed.

File Systems and Inodes

File systems expose raw disk blocks as hierarchical files and folders. Each file is represented by an inode that stores metadata and pointers to the data blocks. Directories map human‑readable names to inode numbers. Journaling writes intent information before actual data, protecting the file system from corruption during unexpected power loss.

Device Drivers and Interrupts

Device drivers act as translators, converting generic kernel requests into hardware‑specific commands. Drivers run in kernel mode, so a single faulty driver can crash the OS. Hardware devices generate interrupts—tiny electrical screams that tell the CPU “something happened, deal with it.” The CPU pauses the current task, services the interrupt, and then resumes execution.

Process Management and System Calls

PID 1, often the systemd process, is the first user‑space program and the ancestor of all other processes. User programs request kernel services through system calls, the most important API in computing that most developers never write by hand. During a system call, the CPU switches from Ring 3 to Ring 0, executes the kernel routine, then returns to user space.

Scheduling and Threads

The scheduler functions like an air‑traffic controller, deciding which process receives CPU time at any moment. Threads enable a single process to perform multiple tasks concurrently by sharing memory and file descriptors. Shared memory introduces race conditions, so synchronization primitives are required to maintain correctness.

Interprocess Communication (IPC)

IPC mechanisms let separate processes exchange data safely. Pipes stream bytes between processes without shared memory, exemplified by commands such as cat | grep. Additional IPC methods include sockets and message queues, each providing different trade‑offs for performance and complexity.

Shutdown Sequence

When the system is instructed to shut down, PID 1 sends a SIGTERM signal to all processes, requesting a graceful exit. After a timeout, it follows up with SIGKILL to force termination of any remaining processes. The kernel then flushes file system journals, unmounts drives, disables interrupts, and finally halts the CPU.

Takeaways

The boot process begins with firmware (UEFI or BIOS) initializing minimal hardware, locating a disk, and handing control to a bootloader that loads the kernel into RAM.
CPU privilege rings separate kernel (Ring 0) with unrestricted hardware access from user space (Ring 3), preventing a single buggy program from crashing the entire system.
Virtual memory uses the MMU and per‑process page tables to translate virtual addresses to physical memory, isolating processes and handling page faults by loading missing pages from disk.
The kernel manages files through inodes and directories, employs journaling to guard against corruption, and relies on kernel‑mode device drivers and interrupts to translate requests into hardware actions.

Frequently Asked Questions

Why does the kernel use privilege rings to separate kernel and user space?

Privilege rings assign distinct access levels to code; Ring 0 (kernel) has unrestricted hardware control while Ring 3 (user space) is limited. This separation forces applications to request kernel services, so a buggy or malicious program cannot directly corrupt hardware or core data structures, protecting overall system stability.

How does virtual memory isolation prevent processes from accessing each other's memory?

Each process receives its own page table, which the MMU uses to map virtual addresses to physical frames. Because the kernel switches page tables on context switches, a process's virtual addresses resolve only to its allocated frames, and any attempt to read another process's memory triggers a fault, keeping memory isolated.

Who is Fireship on YouTube?

Fireship is a YouTube channel that publishes videos on a range of topics. Browse more summaries from this channel below.

Does this page include the full transcript of the video?

Yes, the full transcript for this video is available on this page. Click 'Show transcript' in the sidebar to read it.

Helpful resources related to this video

If you want to practice or explore the concepts discussed in the video, these commonly used tools may help.

Operating Systems Three Easy Pieces Book Recommended

This book provides a deep, academic dive into OS architecture, memory management, and scheduling, perfectly complementing the technical lecture.

Amazon →

Computer Organization And Design Risc-V Edition

Explains the hardware-software interface, including how CPUs handle interrupts, privilege levels, and memory management.

Amazon →

Linux Kernel Development Robert Love Book

Focuses on the internals of the Linux kernel, covering process management, system calls, and interrupts in practical detail.

Amazon →

Digital Logic And Computer Design Textbook

Covers the fundamental building blocks of computing, including how hardware signals and interrupts are physically processed.

Amazon →

Links may be affiliate links. We only include resources that are genuinely relevant to the topic.

Summarize another video

Full Transcript YouTube

But right now, you're watching this
video because one, God put at least one
eyeball on your head. And two, because
an operating system decided you could.
It might be Mac OS if you're rich,
Windows if you've given up on life, or
Linux if you're part of the 3% of base
gigachads out there. Either way, your
CPU is running something like 400 other
programs, if Chrome is eating 20 GB of
RAM for no reason, and somehow your
cursor still moves when you wiggle the
mouse. This is not normal. It's a
miracle performed thousands of times per
second by the most underappreciated
software ever written, the operating
system. The first one, GM-NIO,
was shipped in 1956 at General Motors
because an engineer decided humanity had
better things to do than hand feed punch
cards into a two-story IBM mainframe. It
could run exactly one program at a time,
had no memory protection, no users, no
files, and it still crashed less than
Windows Millennium Edition. It's now 70
years later, and in today's video,
you'll finally understand how the
bootloadader, processes, scheduling,
threads, system calls, virtual memory,
interrupts, privilege rings, IO, index
nodes, and more all work together in
perfect harmony by figuring out exactly
what happens in your computer from the
moment you press the power button to the
moment you rage quit and shut it down.
Stage one, the boot loader. You press
the power button, electricity hits the
motherboard, and the CPU wakes up in the
most primitive state possible. At this
point, there's no memory management or
even a concept of files. It's just a
single core executing instructions at a
hard-coded address burned into the
firmware. On modern machines, that's
UEFI, but on ancient ones, it was called
BIOS. A firmware's job is to wake up
just enough hardware to find a disc,
then hand it off to a bootloadader. On
Linux, it's called Grub, the grand
unified bootloader. On Mac, it's called
IBO, and on Windows, it's called
Bootmagger. But the job of the
bootloader is simple. Find the kernel on
disk and load it into RAM. That's the
handoff. And at this point, the CPU is
running kernel code with full hardware
privileges. But everything interesting
about your computer, like files,
processes, windows, and so on, doesn't
even exist yet. The colonel has to build
it all from scratch over the next few
seconds. Before we go any further,
though, we need to understand stage two,
privilege rings. Your CPU is protected
by multiple privilege levels. On x86,
there are four, but basically only two
matter. Ring zero for the kernel which
can do basically anything and ring three
user space which can run applications
but needs to ask permission for
everything else. Currently the kernel is
running CC code in ring zero with no
guardrails. One wrong pointer and the
entire machine catches on fire. That's
why kernel developers drink. But if we
didn't have this ring of separation
enforced by the CPU itself, every
program would be able to read every
other program's memory and crash your
entire system. But with the privilege
ring in place, it means a buggy program
can usually only crash itself. But now
we enter stage three where the colonel
tells the biggest lie in computing
virtual memory. Here's how the scam
works. When a program eventually
requests a memory address like this,
that address doesn't exist. It's a fake
virtual address that gets translated
into a real physical address by a piece
of hardware called the MMU, the memory
management unit, which itself uses a
data structure called a page table that
the colonel is building right now.
Memory is handed out in chunks called
pages, typically four kilobytes each.
But what's really interesting is that
each process gets its own page table.
And that means two applications can work
together without screwing each other
over. Like your browser can't read your
password manager's memory and vice
versa. They live in parallel universes
that only the kernel can see between.
Pretty cool. But the MMU also caches
recent translations in a tiny structure
called the TLB. The translation look
aside buffer. a translation, meaning a
virtual address mapped to a physical
address. When a program touches a page
that isn't in RAM, the MMU raises a page
fault, which wakes the kernel up and
loads a page from disk and resumes the
program like nothing happened. And now
that we have these memory lies in place,
it's time for stage four, the file
system. Your disc at the lowest level is
a long line of numbered blocks. But a
file system is the software that lies
about that and presents you with these
nice files and folders instead. The
colonel mounts the file system, but the
files themselves are stored as something
called index nodes. But the index node
isn't actually the file itself. Instead,
it contains metadata like size,
permissions, and timestamps, and most
importantly, a pointer to the actual
data block on disk. But it's also
important to notice what's not in the
index node, the file name. You see, file
names live in directories, which are
themselves just special files mapping
names to index node numbers. This is why
you can have multiple file names
pointing to the same file. Now, file
system architectures come in a variety
of different personalities like ext4,
NTFS, and APFS, just to name a few. But
what's cool about modern file systems is
that they use a feature called
journaling, which will write your
intentions before writing data. And that
means if you accidentally yank the power
cord midwrite, you don't end up with a
bunch of corrupted garbage most of the
time. But now it's time to move on to
stage five, device drivers and
interrupts. But first, we need to
quickly talk about Railway, who was cool
enough to sponsor this 11-minute video
on esoteric operating system knowledge.
It's an all-in-one intelligent cloud
provider that lets you deploy anything
in a few clicks. So, instead of drowning
in YAML, you can just connect your repo
and Railway will read your code and set
up the right config for you
automatically. Or you can use the new
Railway CLI with their official agent
skills to let Codeex, Claude Code, or
one of your favorite AI agent minions to
do all the dirty work instead.
Developers love how easy it is to spin
up any service you want, and how Rayway
only charges you for the resources you
actually use and not what you provision,
which can save over 65% on cloud costs.
Sign up for free today at the link below
and you'll get $20 in free credits when
you upgrade. Pardon the interruption,
but now it's time to talk about device
drivers and interrupts. At this point,
we have memory in a file system. So, the
kernel starts loading device drivers,
which is specialized code that
translates generic kernel requests into
specific hieroglyphics for a given chip
architecture. Each piece of external
hardware, like your GPU, Wi-Fi card, and
keyboard, it gets a driver loaded from
disk and registered with the kernel. The
drivers actually run in kernel mode,
which means one buggy driver can often
crash the entire operating system. Like
the Windows blue screen of death often
comes from graphics drivers. And a
couple years ago, a bad driver released
by the cyber security company
Crowdstrike almost took down the entire
global economy. But once the drivers are
loaded, the colonel then enables
something called interrupts. Like, have
you ever wondered how does the keyboard
tell the operating system a key was
pressed? Well, the OS doesn't sit there
in an infinite loop asking. Instead, the
keyboard fires an interrupt, which is an
electrical signal that yanks the CPU out
of whatever it's doing and jumps to an
interrupt handler in the kernel.
Interrupts are the magic that lets your
computer react instantly to input. Like
when you move the mouse, an interrupt
fires and the cursor moves. Or if your
Wi-Fi receives some data from the
internet, an interrupt fires and the
network stack wakes up so that
applications can use it. But basically,
the entire machine is driven by tiny
electrical screams from hardware saying,
"Hey, something happened. Deal with it."
But now that all the drivers are loaded,
we can move on to stage six, PID1, the
first process. The kernel is now fully
operational, but it's lonely. So it
creates the first user space program,
PID1. On Linux, that's usually systemd,
but essentially a process is just a
running program. But creating one means
the colonel needs to allocate memory,
load an executable from disk, set up the
virtual address space in a page table we
talked about earlier, and then finally
add an entry to a giant data structure
called a process table. This is how the
kernel keeps score and every process
gets a PID or process ID. PID1 is
special because it's the ancestor of
every other process on the machine. If
P1 dies, the colonel panics and the
whole system goes down. But a key thing
to understand here is that PID1 runs in
ring 3, the user space. And that means
from this moment forward, everything
running on your machine needs to ask the
kernel for permission. And that's where
stage 7 comes in, system calls, which
might be the single most important API
in computing that you've never actually
written by hand. When a process wants to
read a file, it can't just reach into
the disk. The CPU will physically
refuse. Instead, it has to make a system
call where it puts arguments into
specific registers. it triggers a
special instruction and the CPU switches
from ring three back to ring zero. This
boundary is the only reason your
computer is secure. Like if you've ever
programmed in C, you might think you're
some kind of hardcore low-level
engineer. But when you use a function
like print in your C code, you may not
realize it's actually making a right
system call under the hood. On Linux,
there are around 400 different system
calls to make, and these are the actual
API of your computer. Everything else is
just a library built on top. Two of the
most important system calls are fork and
exec, which are used to create new
processes in the user space. But by the
time you actually see the desktop,
you'll have dozens or even hundreds of
running processes. And that's where
stage 8 comes in, the scheduler. But
wait a minute, your computer only has
eight CPU cores. So, how does it
actually manage hundreds of processes at
the same time? You can think of theuler
like an air traffic controller at a busy
airport. all the airplanes or processes
and the scheduler decides who gets to
land on the runway which is the CPU in
this case. Colonel developers have tried
many different architectures to deal
with this challenge. But modern Linux
now uses a technique called earliest
eligible virtual deadline first, which
sounds like a boss in Elden Ring, but it
uses a variety of rules to ensure that
every process gets its fair share of CPU
time. But then we run into another
problem. is some applications want to do
multiple things at once without the
overhead of multiple processes. And
that's where stage 9 comes in, threads.
A thread shares the same memory and file
descriptors, but a different stack in a
different program counter. And now
suddenly, one program can do two
different things in parallel. But it's
also like having a loaded gun pointed at
your foot. The threads share memory, and
writing to the same variable at the same
time can often produce race conditions.
Modern programming languages try to
prevent you from shooting yourself in
the foot like go's go routines or the
Rust borrow checker which refuses to
compile threaded code that could race.
The threads are awesome but two entirely
different applications can't just share
memory like that. So what do we do when
they need to communicate with each
other? Well that brings us to stage 10
IPC interprocess communication. Like
imagine I open up a terminal in Linux
and want to read a file with cat. That
provides me with some output. But now I
want to search for a specific term in
that output. The easiest solution is to
use a pipe which was invented in 1973
and is still undefeated. It allows us to
combine cat and GP which are two totally
separate processes. The operating system
creates a pipe so the output from one
becomes the input to another. No shared
memory just a stream of bytes flowing
between them. Pretty cool. And there are
other IPC techniques like sockets and
message cues. But the main idea is that
it allows two processes to communicate
safely. Congratulations, you now
understand how your operating system
works at a low level. But now it's time
to rage quit. Let's find out what
happens in stage 10 when we hit the
shutdown button. P1 sends a signal
called SIG term to every process, which
is a polite way of asking them to stop
what they're doing. A well- behaved
process will save their state and quit.
But then after a timeout, another signal
gets sent called sig kill. This is game
over and the file system will flush its
journals and unmount. Drivers release
their hardware. The colonel syncs memory
to disk. Interrupts are disabled and
finally the CPU comes to a halt. The
firmware cuts power and your screen goes
black. You're finally free to go outside
and touch some grass. Thanks for
watching and I will see you in the next

MIT OpenCourseWare

May 18, 2026

Watch Read Summary

PDF

Booting and Firmware

Privilege Rings (Kernel vs. User Space)

Virtual Memory and the MMU

File Systems and Inodes

Device Drivers and Interrupts

Process Management and System Calls

Scheduling and Threads

Interprocess Communication (IPC)

Shutdown Sequence

Takeaways

Frequently Asked Questions

Why does the kernel use privilege rings to separate kernel and user space?

How does virtual memory isolation prevent processes from accessing each other's memory?

Who is Fireship on YouTube?

Does this page include the full transcript of the video?

Helpful resources related to this video

Share This Summary

Embed This Summary