DARIEN GRAHAM-SMITH Reveales That What Happens Exactly When You Press The Power Button Of Your Computer.
Thanks to superfast SSDs, abundant RAM and progressive optimizations to the operating system itself, Windows starts up far more quickly than it used to. The startup process that used to entail a minute and a half of disk grinding now whizzes by in less than ten seconds. That doesn’t mean the process is simple. It’s a multi-step chain of technical procedures, and if any one of them goes wrong, you’ll be left staring at an error message or a blank screen – or possibly a blue one. If you’re to have any hope of recovering from a situation such as this, it’s a good idea to understand what’s going on in those frantic seconds after you press the power button and before the familiar Windows desktop appears. And even if – touch wood – you never need to fix a Windows installation that won’t boot, aren’t you curious?.
BIOS AND UEFI
When your PC first powers on (or reinitialises after a reboot), it’s the BIOS the motherboard’s own basic input/output system – that takes charge. These days, the term is slightly ambiguous: historically, BIOS is the name for a specific sort of firmware, which on modern PCs has been replaced by a more advanced system called the Unified Extensible Firmware Interface (UEFI). Still, UEFI provides a “basic input/output system” – it’s just less basic than its predecessor. So modern PCs are often described as having a “UEFI BIOS”, even though that’s arguably an oxymoron.Whatever sort of BIOS your computer has, it’s the code programmed it’s the code programmed onto this chip that carries out the very basic
BIOS AND UEFI
When your PC first powers on (or reinitialises after a reboot), it’s the BIOS the motherboard’s own basic input/output system – that takes charge. These days, the term is slightly ambiguous: historically, BIOS is the name for a specific sort of firmware, which on modern PCs has been replaced by a more advanced system called the Unified Extensible Firmware Interface (UEFI). Still, UEFI provides a “basic input/output system” – it’s just less basic than its predecessor. So modern PCs are often described as having a “UEFI BIOS”, even though that’s arguably an oxymoron.Whatever sort of BIOS your computer has, it’s the code programmed it’s the code programmed onto this chip that carries out the very basic
hardware checks when your computer switches on: if there’s no memory installed, for example,the BIOS will probably stop and show an error. Once the BIOS is happy that all major components are present and working, it will try to execute the code stored on the boot sector – that is, the very first sector – of one of your hard disks, as specified within its user settings.This is the first point at which the boot sequence is liable to trip up. If the disk
doesn’t appear to contain a suitable boot sector, you’ll either see a generic error message, such as “no operating system installed”, or just a blank screen. Often this simply means that the BIOS has found another volume – perhaps a USB flash drive or a DVD – and tried to boot from that instead of your system drive. If that isn’t the problem, perhaps check that your boot disk is definitely still powered and plugged into the motherboard.
If the boot sector on your hard disk has been accidentally erased or corrupted – perhaps if you’ve been trying to set up a dual-boot system – then all isn’t necessarily lost, as we’ll discuss below.
MBR VERSUS GPT
The boot sector of a hard disk contains a short snippet of code that tells the computer where on the disk it can find the code to load the operating system. Until a few years ago,the boot
sector code had to be short, because it literally occupied a single sector on the disk, representing 512 bytes of data. That not only included the code to launch the OS, but detailed exactly how the disk was partitioned. All of this was laid out in a standard format known as the “master boot record” (MBR): even disks that weren’t intended as boot devices would have an MBR describing how their data was arranged. (If the disk contained more than one partition then each would have its own boot sector, but the MBR would specifically be the sector at the start of the entire disk.)
The standard dates all the way back to 1983, and even today, all modern PCs will read a disk’s MBR to determine its “geometry”, and boot from it if the appropriate code is found. MBR has a few shortcomings, however. As a result of the limited data space available within the boot sector, a maximum of four partitions can be defined per disk. If you want to subdivide a drive further, you have to create an “extended partition” and set up “logical partitions” within it. It isn’t the end of the world, but it’s inelegant.A much bigger limitation is the fact that MBR uses a 32bit value to store the size of each partition – which means that no partition can be larger than 2TB in size.
This may not have been an urgent problem in 1983, when hard disk capacities were typically measured in tens of megabytes, but today it’s quite an inconvenience. The solution is a more modern disk format. The UEFI BIOS specification includes support for the GUID Partition Table (GPT) system, an arrangement that doesn’t require all that information to be crammed into a single sector. GPT disks can support up to 128 partitions, with disk capacities of up to 9.44 zettabytes (almost ten million terabytes). In case you’re wondering, GUID stands for “globally unique identifier” – a reference to the 128bit binary values that are used internally as partition references. Why might you need to know all this?
Because support for GPT disks isn’t universal. 32bit PCs running Windows Vista and later
can use GPT disks for data, but only 64bit systems can boot from a GPT volume. What’s
more, since GPT disks are a UEFI innovation, you can’t normally boot a GPT disk from an
oldschool BIOS. Systems with a UEFI BIOS almost invariably provide a “legacy” mode
that emulates the behaviour of a traditional BIOS: you might need to activate this mode
to use an older OS that doesn’t support UEFI. But equally, if you turn legacy mode on, you
might find that Windows suddenly refuses to boot from your GPT format system disk.
Needless to say, if this happens you won’t get a helpful error message – it’s one of those
problems that has to be diagnosed by trial and error.
SECURE BOOT
We mentioned above that the BIOS kicks off the boot process by executing the code in the boot sector. This isn’t always a good thing, because the BIOS doesn’t have any way of ensuring that the code will launch a legitimate operating system. If your boot code is tampered with, it can run anything at all. This loophole was exploited by many early computer viruses. Hackers wrote tiny installers that would fit into the boot sector of a floppy, which loaded malicious code into memory before launching the operating system.
More recently, we’ve seen “rootkit” malware that rewrites the boot sector of your hard disk with code that launches a hyper visor type framework. Windows is then started within this compromised environment; the malware has total control of the OS, and can conceal itself from conventional security tools. To close off this danger, UEFI introduces a feature called Secure Boot. When this feature is enabled, a UEFI BIOS will only run startup code that matches a cryptographic digital signature that’s been previously registered with the BIOS. If anything tampers with the contents of your boot sector, its signature won’t match and the
computer will simply refuse to start up.
This protects you against rootkits, but it has its downsides. Linux fans have complained that Secure Boot is an obstacle to those who want to install a fresh operating system, rather than using the preinstalled Windows OS. Most recent PCs will let you disable Secure Boot, or register a third party boot loader as safe, but this isn’t guaranteed. Microsoft’s guidelines for
laptops and desktops sold with Windows 10 stipulate that Secure Boot must be turned on by default, and it’s up to the manufacturer whether or not to let you customise its settings.
The good news is that even if Secure Boot is mandatory on your PC, you can still install Ubuntu, which uses a Microsoft-signed boot loader and should therefore work on any Windows 10 device. If your previously working PC throws up a Secure Boot violation and refuses to start,the first thing to check is, as usual, whether it’s trying to boot from the wrong device. If that doesn’t solve the problem, something may have modified your boot sector. Your first action should be to boot into a clean environment and check your hard disk for malware. There are plenty of free bootable USB images that can help here, includingAvira Rescue System(http://tinyurl.com/nqwf8uq), Bitdefender Rescue CD (http://tinyurl.com/p79qjsv) and Kaspersky Rescue Disk 10 (http://tinyurl.com/p3uv9g2)
THE BOOT MANAGER
So, the BIOS executes the boot sector, which in turn launches Windows, right? Not quite.
There’s one more step in the process: what the boot sector launches isn’t Windows itself, but another small program called the boot manager. The sole job of this program is to ensure that the correct Windows installation is launched with the correct parameters: if you’ve set up a multiboot system, the boot manager can present a menu from which you can choose which OS to launch. In Windows NT, XP and 2000, the boot manager role was handled by a program called NTLDR, which received its OS information from a plain text file called boot.ini. By default, both were hidden files that lived in the root directory of your C: drive.
If you wanted to check your boot configuration, or edit it to add extra options, you could simply edit boot.ini in Notepad (after tweaking its attributes to make it visible and editable). In Windows Vista and later, things are more complex. Now the information about where Windows is installed is kept in a binary file called the BCD store – short for Boot Configuration Data. It contains the same basic data as boot.ini, but if you want to view and edit its contents, you’ll need to use a special tool called BCDEdit.
You can see what your BCD store contains right now by opening a command prompt as an administrator – that bit’s important, as ordinary users aren’t allowed to access the BCD store – and entering “bcdedit” at the prompt. What you’ll probably see is a set of information about the Windows Boot Manager, including where it’s located and what language it’s localised for, followed by information about the boot loader – the code that actually, at last, loads Windows.
THE SYSTEM RESERVED PARTITION
Unlike the old boot.ini file, the boot manager files for recent versions of Windows aren’t normally located on your C: drive. The Windows installation process automatically creates a small “System Reserved” partition for them. This partition is also where the BitLocker encryption host lives, which is what makes it possible to start Windows when your entire system drive is encrypted. The System Reserved partition isn’t normally visible within Windows, since it doesn’t have a drive letter, but you can easily examine it by opening the Disk Management console, right-clicking on the “System Reserved” partition, selecting “Change Drive Letter and Paths…” and giving it a letter.
You can then open it in This PC and click around to see how it’s laid out. (To see everything, you’ll need to configure Windows Explorer to show hidden files and protected system files.) If you’re setting up a new PC and don’t want this extra partition hanging around, it’s possible to install Windows 10 in such away that the boot manager resides on your C: drive. You simply have to set up your target disk, prior to the installation, with a single partition that occupies its entire capacity, so that there’s no space for a separate boot partition. There isn’t much benefit to this, though – the System Reserved partition is only 350MB in size in recent editions of Windows (and a mere 100MB in Windows 7), and you’ll lose the ability to run BitLocker.
FINISHING THE BOOT PROCESS
If everything is configured as it should be, the boot manager should immediately hand over to the Windows boot loader – a file called winload.exe that normally lives in C:\Windows\System32. If this can’t be accessed, your computer may crash at this point, showing the error message “INACCESSIBLE_BOOT_DEVICE”. This could happen if you’ve repartitioned the disk since the BCD was set up, or if you’ve added or removed a hard disk. The easiest solution is to try connecting your disks in a different order (for example, try switching SATA ports) to see if you can recreate your original configuration.
If you don’t see that message, it’s likely that the Windows initialisation procedure has started successfully. Any error messages that pop up after this point aren’t strictly problems with the boot process, but rather to do with the configuration of the operating system itself. That doesn’t make them any less problematic, of course, but it gives you a clue where to start troubleshooting. You can skip worrying about the BIOS or the MBR, and try – for example – booting from the installation media to access Safe Mode or use Startup Repair.
Labels:
Tech News
Thanks for reading What Actually Happens When Windows Boots?. Please share...!
0 Comment for "What Actually Happens When Windows Boots?"