The boot sector, also known as the master boot record or MBR, is a small section of code and data that is located on the first sector of a hard disk drive. It contains critical information that allows the computer to load the operating system when powered on. Understanding where the boot sector is located and how it functions provides insight into the boot process and can assist with troubleshooting boot issues.
What is the Boot Sector?
The boot sector is typically the first 512 bytes of the hard drive. It consists of three main components:
- Boot loader code – This code loads and executes the remainder of the operating system startup process.
- Partition table – This table defines the partitions on the hard drive.
- Signature – Contains values to identify the sector as a valid boot sector.
When the computer first powers on, the BIOS loads and executes the boot sector code. This boot loader code determines which partition is active or bootable based on the partition table and then loads the boot files from that partition, which continues the startup process.
The key takeaway is that the boot sector acts as the initial entry point that launches the operating system. Its location at the very beginning of the hard drive is critical.
Boot Sector Location
As mentioned above, the boot sector is almost always located on the first sector of the hard disk. A sector is the smallest unit of storage on a hard drive, typically 512 bytes in size.
With 512 bytes per sector, the boot sector fits nicely into the first sector at the start of the drive. The reason it is placed here is so that when the BIOS first initializes during the boot process, it knows to load this sector into memory and execute the boot loader program stored within it.
The drive is divided into concentric circles called tracks, similar to the tracks on a CD or record album. The first track is the outermost edge of the disk. The first sector of the first track is where the boot sector is found.
This allows the read heads to immediately access the boot sector without having to move in or out, saving precious milliseconds during boot.
Cylinder-Head-Sector Addressing
Historically, hard drives utilized a technique called CHS addressing to organize and access sectors. CHS stands for cylinder, head, and sector.
In this scheme, the drive consists of a stack of platters rotating around a central spindle. The platters are divided into tracks, which form concentric circles around the spindle. Each track is assigned a cylinder number to identify it.
The head is the read/write mechanism that moves in and out to access different tracks. With multiple platters stacked, each track position forms a vertical column running through all the platters. This vertical column is called a cylinder.
Each surface of a platter has its own head assigned to read and write data. The number of heads corresponds to the number of platters in the drive.
Finally, each track is further divided into sectors. So a location on the hard drive can be specified using three coordinates – the cylinder, head and sector numbers.
The boot sector is identified using CHS addressing as cylinder 0, head 0, sector 1. This directly translates to track 0, head 0, sector 1, or the first sector on the outermost track.
Boot Sector Contents
The core components within the boot sector include:
Boot Loader Code
The first portion of the boot sector consists of 446 bytes of boot loader code. This is machine code executed by the CPU at startup to continue the boot process. Here are some key tasks performed by this boot loader code:
- Perform system initialization and hardware checks
- Locate the active partition
- Find the boot files on the active partition
- Load and execute the boot files
Different operating systems have their own boot loader code. For example, Windows operating systems use code called NTLDR or BootMgr.
Partition Table
The next portion is a 64 byte table describing the disk partitions. It contains 16 partition entries, each with 16 bytes of data about a partition. This includes whether it is bootable, the partition type, location, size and other attributes.
Signature
The last 2 bytes contain the boot sector signature. For DOS and Windows operating systems, this signature is 0xAA55. This acts as a validation check to ensure the sector is a valid boot sector.
Any other signatures would indicate some other type of sector rather than a boot sector. The BIOS checks these signature bytes before executing the boot loader program within the sector.
Boot Process Walkthrough
When a computer first boots up, the general sequence of events involving the boot sector is:
- BIOS initializes hardware and performs Power-On-Self-Test (POST)
- BIOS loads the boot sector from first hard disk sector into RAM
- BIOS checks the signature 0xAA55 to confirm it is a boot sector
- Control is transferred to boot loader code in the boot sector
- Boot loader locates active partition using partition table
- Boot sector code loads the boot files (e.g. bootmgr, NTLDR) from the active partition
- Execution continues with the boot files loading the operating system
This walkthrough illustrates how the boot sector acts as the initial step that starts the boot sequence. The BIOS hands off execution to the boot loader code contained in the boot sector, which then passes control to further downstream boot files to load the operating system.
Bootloaders
While the boot sector contains initial bootloader code, most operating systems use additional boot files stored in the active partition to continue the boot process.
Here are some common bootloaders used on PCs:
Windows NT/2000/XP Bootloader (NTLDR)
On older Windows versions like Windows NT, 2000 and XP, the key boot file that gets loaded from the active partition is NTLDR. This resides in the root of the system partition, typically C:\NTLDR.
NTLDR contains more sophisticated bootloader code to load the Windows operating system. The boot sector merely acts as the initial hand-off point to start the NTLDR boot sequence.
Windows Vista and 7 Bootmanager (Bootmgr)
Newer Windows versions starting with Windows Vista transitioned to using Bootmgr instead of NTLDR. This bootmanager is located at C:\Boot\Bootmgr on the system partition.
Bootmgr supports more advanced booting options like resuming from hibernation, multi-booting operating systems and using recovery tools during startup.
Linux Bootloader (GRUB)
On Linux systems, the commonly used bootloader is called GRUB (GRand Unified Bootloader). GRUB provides options to boot into different operating systems and kernels.
The first stage of GRUB is stored in the boot sector, while the next stages are stored in the /boot directory on the Linux root partition.
Master Boot Record (MBR)
The boot sector is sometimes referred to as the Master Boot Record or MBR. The terms are mostly interchangeable.
Master Boot Record signifies that it is the primary boot sector located on the first sector of the disk. Some key points about the MBR:
- Resides on first sector of first hard drive
- Contains initial bootloader code
- Has partition table describing disk partitions
- Maximum size of 512 bytes (one sector size)
- Includes signature 0xAA55 as last two bytes
The MBR plays the crucial role of facilitating the hand-off from the BIOS to the installed operating system at system startup.
Protective MBR
On newer systems using GUID Partition Table (GPT) for partitioning, there is still a protective MBR present. GPT partitioning stores more extensive partition metadata in other locations on the drive.
But for compatibility, the first sector still contains a simplified MBR. This protective MBR only has one entry pointing to the main GPT partitions. It allows BIOS and older operating systems to recognize a valid MBR on the disk even when using more advanced GPT partitioning.
Alternative Bootloaders
While the standard boot sector contains bootloader code and a partition table, other types of bootloaders can also be installed:
Volume Boot Record (VBR)
Partitions formatted with FAT or NTFS file systems also include a Volume Boot Record (VBR) stored in the first sector of the partition. The VBR contains bootloader code specific to that file system.
UEFI System Partition
On systems using UEFI firmware instead of BIOS, there is an EFI System Partition (ESP) with bootloader files for UEFI booting. This contains boot files like bootmgfw.efi and startup.nsh to handle UEFI boot.
Reserved boot loader sectors
Some bootloaders may copy bootloader files into reserved sectors at the start of the partition for convenience. For example, SysLinux places files like ldlinux.sys on the first few sectors of a partition.
Boot Record Backup
Since the boot sector and partition table are crucial for system startup, it is important to have backups in case they become corrupted or damaged.
The command line tool dd can be used to backup and restore the boot sector. For example:
# Backup dd if=/dev/sda of=MBR-backup bs=512 count=1 # Restore dd if=MBR-backup of=/dev/sda bs=446 count=1
This copies the first sector containing the MBR/boot sector to a backup file, and can restore it back if needed.
Some recovery tools like Testdisk can also repair or rebuild corrupt boot sectors and partition tables. Maintaining backups allows restoring MBR configuration and bootability if issues occur.
Boot Sector Infection
Since the boot sector loads automatically during system startup, it can sometimes be a target for malicious programs. A boot sector virus is malware that infects the master boot record and boot sector.
The infected bootloader code will run first before the operating system loads. This allows the virus to execute its malicious payload, and then typically hands off to the original bootloader so that startup proceeds as normal.
Some historical examples of boot sector viruses include:
- Michelangelo – Overwrote the master boot record
- Form – Infected the master boot record and partition table
- Stoned – Modified the master boot record while keeping a backup copy
- PolyPost – Infected the master boot record of floppy disks
Fortunately, modern antivirus and protections make boot sector viruses much rarer nowadays. But malware tools still exist that can overwrite the MBR, so administrators need to be aware of this vulnerability.
Conclusion
In summary, the boot sector resides on the very first sector of a hard drive in order to be immediately accessible during boot. This master boot record contains initial bootloader code, partition entries, and signature values to identify it as a valid boot sector.
Understanding the boot sequence and how the boot sector fits allows diagnosing and repairing boot issues. Backup copies of the MBR should also be maintained to prevent problems from a corrupted or infected master boot record.