Join Martin Guidry for an in-depth discussion in this video Understanding the boot process, part of Windows 10 Administration.
- View Offline
- In this section, we're going to talk about the boot process in Windows 10. In Windows 10, we can think of the boot process as a three step process. The first step or group of steps is called Secure Boot, which then leads to Trusted Boot, which then leads to Early Launch Anti-Malware. We'll talk about each one of these in detail. The first step, Secure Boot, is handled by the Unified Extensible Firmware Interface, which is a standard implemented by your hardware.
So, Windows 10 is not actually involved in this. At this point in the boot process, the operating system hasn't started running yet. It's just the firmware on the motherboard that's running. UEFI verifies the signature of all firmware files that are loaded, and that makes it difficult or impossible for these files to be replaced without your authorization, which dramatically reduces the probability of introducing a virus or malware into the boot process, hence the name Secure Boot.
The security here is that it's going to great efforts to eliminate viruses and malware while booting. It does this by verifying the signature of the files. The last thing the Secure Boot process does, it places the bootloader of the OS into memory, and once that bootloader takes over, we move to the next step, which is called Trusted Boot. So, now this part is handled by Windows 10.
The boot process has been handed off from the firmware to the operating system, and now Windows 10 will handle everything going forward. First thing Trusted Boot does is load a kernel, and that Windows kernel is verified by a certificate. So, the same mindset as the verification in the previous slide. We want to verify that the files have not been tampered with, that no one has introduced a virus. After the Windows kernel is loaded, Trusted Boot will start to load Windows components, and as it's loading Windows components, it will take care to load Anti-Malware early in the launch sequence.
Microsoft calls this mindset Early Launch Anti-Malware. It tries to load an anti-malware program before any device driver is loaded. That way, if there was a virus or a rootkit inside one of the device drivers, the anti-malware software can catch it. So, by loading anti-malware software first, that allows all device drivers to be scanned. By default, in Windows 10, the anti-malware software is Windows Defender.
So, again, the process stars with Secure Boot, which is handled entirely by the firmware. Once the OS loader is in memory, that becomes the Trusted Boot step, handled by Windows. During that time, the kernel is loaded, then Windows components are loaded, and before any device driver is loaded, Microsoft starts the Early Launch Anti-Malware software.
Martin first reviews the various editions of both the desktop and mobile versions of Windows 10. This section covers the special features included with the Enterprise edition, and the hardware requirements for some of the new Windows 10 features. Martin also explains installing and updating drivers and configuring and optimizing the OS, including system properties and power options. Then it's a deep dive into Group Policy, including working with local groups, configuring preferences, and troubleshooting Group Policy. Martin also looks at Windows security—authentication and encryption—as well as the boot process, and concludes the course with a brief look at virtualization, networking, and backup and recovery.
- Understanding the different versions of Windows 10
- Installing and updating drivers
- Administering multitasking
- Working with Windows Group Policy
- Adding domain users and accounts to a Windows 10 PC
- Administering BitLocker and EFS
- Understanding the boot process
- Installing Client Hyper-V for Windows virtualization
- Managing Windows Firewall
- Backing up and restoring Windows 10
- Troubleshooting Windows 10