Windows Security

The boot process for a PC begins with a Power On Self Test (POST). The POST uses firmware code to check the status of key hardware components such as the Random Access Memory (RAM) and the Central Processing Unit (CPU) registers. After the POST, the machine starts the bootstrap loader to begin the Operating System (OS) boot process. From the early 1980s to mid 2010s, PCs used a Basic Input Output System (BIOS) and a boot drive partitioned with a Master Boot Record (MBR) to load the operating system. The Unified Extensible Firmware Interface (UEFI) was released in 2005 and superseded the legacy BIOS that most motherboards used. UEFI in conjunction with the Globally Unique Indentifier Partition Table (GPT), have mostly replaced the legacy BIOS/MBR system for booting PCs (as of 2022).

NeoSmart provides a good written explanation of the legacy boot process here.
Lowell Vanderpool provides an explanation of this process this video:


Key points:

• The first 512 byte sector (sector 0) of a boot drive holds the MBR
• On PCs, the final two bytes of the 512-byte MBR are called the boot signature
• The BIOS uses the boot signature to determine if the selected boot drive is bootable
• If a drive is bootable, the last two bytes of the MBR should be 0x55 0xAA
• The bootcode (usually the first 440 bytes of the MBR) contains executable code to load the boot sector of the active partition
• The boot sector contains instructions to load the boot file stored on the actual filesystem of the disk
• Windows XP's/Server 2003's boot loader is ntldr
• Vista, 7, 8, 10, and 11 use bootmgr
• Most Linux distributions use the GRand Unified Bootloader (GRUB) which is stored in the core.img file
• The maximum addressable storage space of an MBR partitioned disk is 2 TiB (2³² x 512 bytes)
• An MBR partitioned drive can have a maximum of 4 (primary) partitions