verify that the system components are present and functioning correctly
then identifies a boot device (partition) and passes control to the operating system’s boot loader process
for legacy BIOS:
3. firmware scans the disk identified as boot device
4. reads master boot record (MBR) in the first sector of disk
5. MBR locates the boot partition
- partition that has the OS
- MBR passes control to the boot sector
6. boot sector loads boot manager
- in Windows its bootmgr.exe
boot manager reads info from boot configuration data (BCD) file
identifies OS installed on the computer
Bootmgr and BCD are normally installed to hidden System Reserved partition
boot manager loads Windows boot loader winload.exe
stored in system root folder on boot partition
Winload loads the kernel ntoskrnl.exe, hardware abstraction layer hal.dll, and boot device drivers
control is passed to kernel which initializes and loads required processes
when complete, Winload waits for user authentication (log in)
for UEFI boot mode:
firmware runs POST
reads GPT on the boot device
GPT identifies EFI System Partition
contains the EFI boot manager and BCD
each Windows install has a subfolder under \EFI\Miscrosoft\ that contains a BCD and bootmgfw.efi
bootmgfw.efi reads BCD to identify whether to show boot menu and to find location of winload.efi
Windows boot loader loads kernel, which starts required processes and then waits for user auth