Windows 10 boot process

From Ever changing code
Revision as of 13:53, 13 May 2019 by Pio2pio (talk | contribs)
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Jump to navigation Jump to search

It starts from POST and ends up in loading the Windows OS Loader or the Kernel

Phase Boot Process BIOS UEFI
1 PreBoot MBR/PBR (Bootstrap Code) UEFI Firmware
2 Windows Boot Manager %SystemDrive%\bootmgr \EFI\Microsoft\Boot\bootmgfw.efi
3 Windows OS Loader %SystemRoot%\system32\winload.exe %SystemRoot%\system32\winload.efi
4 Windows NT OS Kernel %SystemRoot%\system32\ntoskrnl.exe


  1. PreBoot: POST loads firmware settings, checks for a valid disk system. If the computer has a valid MBR, i.e., Master Boot Record, the boot process moves further and loads Windows Boot Manager.
  2. Windows Boot Manager: determines if you have multiple OS installed on your computer. If yes, then it offers a menu with the names of the OSs. When you select the OS, it will load the right program, i.e., Winload.exe to boot you into the correct OS.
  3. Windows OS Loader: Like its name, WinLoad.exe loads important drivers to kick start the Windows Kernel. The kernel uses the drivers to talk to the hardware and do rest of the things required for the boot process to continue.
  4. Windows NT OS Kernel: This is the last stage which picks up the Registry settings, additional drivers, etc. Once that has been read, the control is taken by the system manager process. It loads up the UI, the rest of the hardware and software. That’s when you finally get to see your Windows 10 Login screen.


When you run Windows 10 on a computer that supports Unified Extensible Firmware Interface (UEFI), Trusted Boot protects your computer from the moment you power it on. When the computer starts, it first finds the operating system bootloader. Computers without Secured Boot simply run whatever bootloader is on the PC’s hard drive. When a computer equipped with UEFI starts, it first verifies that the firmware is digitally signed. If Secure Boot is enabled, the firmware examines the bootloader’s digital signature to verify that it is intact hasn’t been modified.