I’m writing this paper to show the big difference Microsoft Windows Vista is introducing in the boot process. In order for system administrators to support and maintain windows Vista, they should know a little about the boot process in order to be able to troubleshoot startup problems and possibly multi-operating system in the same box. This writing will show only headlines about this subject but it will definitely help you in being familiar with the boot process and the new standards Vista code is utilizing.
When you first boot you machine (turn it on), the machine’s BIOS will load to memory and perform some hardware checks and then will start searching for connected disks or media (i.e. you configure the BIOS to boot from bootable CD first).
If the Boot order in the BIOS is configured to boot first from disks, then a boot disk is chosen and the Master Boot Record “MBR” on the system (Active) partition is loaded.MBR then will continue from here to located operating systems and optionally displaying boot menu to the interactive user.
This was the case for long time and this sequence of boot process is known as PC BIOS standard boot sequence.
So, things are good so far, you turn on your machine and believe it or not, it really boots! So what’s new?
During the development of the first Intel-HP Itanuim system in mid 1990s .PC BIOS limitations were sees as clearly unacceptable for the large server platforms Itanuim was targeting. The initial effort to address these concerns was initially called Intel Boot Initiative and was later renamed to EFI (extensible Firmware Interface).
So now we have this new EFS Specification. The rest is boring, as EFS specification 1.02 was released by Intel on December 2000 and then released in mid 2002 as EFI 1.10.Now EFI Forum is responsible of this standard and the standard is sometimes named Unified EFI.
In summary, we have the old PC BIOS method or booting and now we have the new EFI method of booting which is more advance and allows for more flexibility. Believe it or not, Vista now supports this new EFI Specifications.
PC BIOS Boot method in Vista
First, when the computer is switched on, BIOS is loaded. Then the MBR of the boot disk, which can be a hard drive or external media, is accessed, followed by the boot sector of the drive or of relevant hard disk partition. For Windows Vista, the boot sector loads the Windows Boot Manager (Filename: Bootmgr.) which accesses the Boot Configuration Data store and uses the information to load the final stage, the Operating System.
So first step in the booting process is the BIOS which discover all connected media and disks and chooses the appreciate boot media or disk according to the boot order configuration configured on the BIOS. If the boot process is to start from a disk media, then it is the function of BIOS to search for bootable H.D .Once found , BIOS will handle the boot process to the H.D MBR.
Master Boot Record MBR
A Master Boot Record (MBR), or partition sector, is the 512-byteboot sector that is the first sector (“Sector 0”) of a partitioneddata storage device such as a hard disk.
Think of this half KB of data as the person who knows everything about the H.D and uses this information to handle the boot process. The MBR maintain a table that contains the partitions existing in this disk .In MBR maintains the Disk Signature.
Disk Signatures are a way for operating systems to differentiate different disks in case of RADI configuration for example. When you connect a secondary H.D to your machine, the windows will detect a new HD and will ask you to initialize this new H.D Initializing H.D involves stamping the H.D with a unique Signature.
As mentioned before, MBR contains Partition table (can have maximum of four entries, thus you can have maximum of four primary partitions, although you can configure the last primary partition as extended partition to hold embedded logical partitions).MBR then will look for the partition that is flagged as Active (system partition).
Windows Boot Manager and BCD
Once the Active Partition is located, the MBR invokes the Partition Boot Record (PBR) which then looks for Windows Boot Manager which then queries the Boot Configuration Data BCD. In Windows Vista, Windows Boot Manager and Boot configuration data are replacement of NTLDR.
So MBR looks for active partition and kicks of the Windows Boot Manager which stores information in something called BCD.
Boot Manager reads configuration from BCD and displays the boot menu to the user. Boot Configuration Data is a replacement of boot.ini and is stored on \boot\bcd on the system partition.
Boot Configuration Data may be altered using a command-line tool (bcdedit.exe) or by using Windows Management Instrumentation.
Boot Configuration Data contain the menu entries that are presented by the Windows Boot Manager, just as boot.ini contained the menu entries that were presented by NTLDR. These menu entries can include:
· Options to boot Windows Vista by invoking winload.exe.
· Options to resume Windows Vista from hibernation by invoking winresume.exe.
· Options to boot a prior version of Windows NT by invoking its NTLDR.
· Options to load and to execute a Volume Boot Record.
Boot Configuration Data allows for third party integration so anyone can implement tools like diagnostics or recovery options.
winload.exe is the operating system boot loader. It is invoked by the Windows Boot Manager in order to load the operating system kernel (ntoskrnl.exe) and (boot-class) device drivers, and is in that respect functionally equivalent to (the operating system loader functionality of) NTLDR in prior versions of Windows NT.
It is very interesting the way Vista boot process handles the digital signatures of the H.Ds connected to the box. In previous NT operating systems the integrity of the disk signature was in most situations not crucial for ntldr to initiate the Windows boot process.
With Vista on the other hand, if the signature has changed or can’t be found then the successor of ntldr, bootmgr, will halt before Windows is started with the error winload.exe….. is missing or corrupt. It is an inaccurate and misleading error message because winload.exe itself has not actually moved or changed. If I alter one digit of the signature then it’s a winload.exe error, if I change it back again then Vista boots as before.
Both ntldr and bootmgr have to first identify which hard drive they should look on. The ntldr does this with the aid of the boot.ini file, which lists the hard drives by number in the same order as the computer’s BIOS sees them. The ntldr consults the boot.ini for the number of the drive that it wants and then checks the BIOS to find the location of that drive. In Vista the BCD store does not list hard drives by number at all but rather by their unique disk signature. When bootmgr queries the BCD for the drive it wants it is told the disk signature of that drive, so it then scans the connected drives till it finds the one with that signature. If no match is found then bootmgr cannot continue to look for the Vista bootloader (winload.exe) and hence displays the error message that winload.exe……is missing or corrupt.
Note 1: Only nonversion-specific components are stored in the root of the active partition. This means that theoretically Windows Vista could be installed on a machine running some future Windows version with the same boot structure, and it would not break the boot process for that future version. With legacy Windows, installing an older Windows version last causes the newer version to fail on start-up. This is due to version-specific code improvements in Ntldr.
VISTA MBR Integrity
On systems that have BIOS firmware, Windows Vista and earlier versions of the Microsoft Windows® operating system install an MBR during setup of the operating system. For earlier versions of Windows, some system manufacturers provide additional tools and experiences by installing an OEM-specific MBR to “hook” the boot process. For example, an OEM-specific MBR might jump to an OEM-specific hidden partition that contains the manufacturer’s boot applications when the user presses a particular key during the BIOS phase of boot.
Microsoft recommends not replacing the MBR with any hardware specific one. BitLoacker for example uses some integrity check to validate the MBR hash values to make sure it is not changed from last reboot. Windows recovery tools can repair a H.D by replacing the MBR with a new one. To solve those issues, Vista supports the ability to define actions to perform in response to keyboard scan that is received during reboot.
· EFI Standard : http://en.wikipedia.org/wiki/Extensible_Firmware_Interface
· GPT Disk Format
· Boot Configuration Data