Geoff Chappell - Software Analyst
A machine on which Windows Vista is installed may present a Windows Boot Manager menu in text mode at start up to offer a choice of operating systems or of configurations in which to start an operating system. When the current selection in this menu corresponds to an installation of Windows Vista, the menu advises that the F8 key may be pressed to “specify an advanced option for this choice”. Doing so calls up an Advanced Boot Options menu. There is also an Edit Boot Options menu, reachable by pressing F10, but Microsoft scarcely documents it.
The Edit Boot Options menu can also be made to persist for an operating system. Set the BCD element optionsedit to true in the corresponding osloader application object. Once done, whenever this object is selected from the Windows Boot Manager menu, the WINLOAD.EXE that runs for the selected operating system starts by presenting the Edit Boot Options menu.
It seems safe to say that Microsoft offers no formal documentation of the Edit Boot Options menu. For instance, a search of microsoft.com for pages containing both “edit boot options” and “F10” produces no matches (today, 25th May 2007). But neither is this new feature buried in the binary code: its existence is shown in more or less plain text, in the HTML resources embedded in the BOOTMGR and WINLOAD.EXE files.
Though users ordinarily interact with boot options as Boot Configuration Data (BCD) to be manipulated with the BCDEDIT.EXE tool, the Edit Boot Options menu works with boot options in the style of the old BOOT.INI switches, with additions for Windows Vista. BCD elements are understood only by boot applications such as BOOTMGR and WINLOAD, not by the kernel, which continues to work with command-line switches as if from a BOOT.INI file.
The Edit Boot Options menu indicates the selected boot entry by showing its friendly name (from the description element), the path to its loader (from the path element), and some identifiers for the boot device. Beneath this is an area in which options for the selected boot entry are reported and can be edited.
What the Edit Boot Options menu shows for the options is the string of simulated BOOT.INI switches that the loader will eventually convert to upper case and pass to the kernel. In many cases, one BCD element with one value translates to one simulated BOOT.INI switch. In some cases, translation of a BCD element depends on its combination with other BCD elements. Some of the translated boot options are not described by any bcdedit /? command and are highlighted yellow as this site’s usual indication of being undocumented.
BCD Element | Value | Additional Conditions | Representation in Edit Boot Options Menu |
---|---|---|---|
baudrate | num | debug is true and debugtype is Serial (0) |
/BAUDRATE=num |
bootdebug | true | /BOOTDEBUG | |
bootlog | true | /BOOTLOG | |
channel | num | debug is true and debugtype is 1394 (1) |
/CHANNEL=num |
clustermodeaddressing | num | /MAXPROCSPERCLUSTER=num | |
configaccesspolicy | DisallowMmConfig (1) | /CONFIGACCESSPOLICY=DISALLOWMMCONFIG | |
anything else | /CONFIGACCESSPOLICY=DEFAULT | ||
configflags | num | /CONFIGFLAG=num | |
debug | false | /NODEBUG | |
true | debugstart is AutoEnable
(1) and noumex is true |
/DEBUG=AUTOENABLE,NOUMEX | |
debugstart is AutoEnable (1) | /DEBUG=AUTOENABLE | ||
debugstart is Disable
(2) and noumex is true |
/DEBUG=DISABLE,NOUMEX | ||
debugstart is Disable (2) | /DEBUG=DISABLE | ||
noumex is true | /DEBUG=NOUMEX | ||
otherwise | /DEBUG | ||
debugport | num | debug is true and debugtype is Serial (0) |
/DEBUGPORT=COMnum |
debugtype | 1394 (1) | debug is true | /DEBUGPORT=1394 |
USB (2) | debug is true | /DEBUGPORT=USB | |
detecthal | true | /DETECTHAL | |
ems | true | /REDIRECT | |
exportascd | true | /RDEXPORTASCD | |
firstmegabytepolicy | UseAll (1) | /FIRSTMEGABYTEPOLICY=USEALL | |
UsePrivate (2) | /FIRSTMEGABYTEPOLICY=USEPRIVATE | ||
anything else | /FIRSTMEGABYTEPOLICY=USENONE | ||
hal | str | /HAL=str | |
halbreakpoint | true | /BREAK | |
increaseuserva | num | /USERVA=num | |
kernel | str | /KERNEL=str | |
keyringaddress | num | /FVEBOOT=num | |
loadoptions | options | options | |
maxproc | true | /MAXPROC | |
msi | ForceDisable (1) | /MSIPOLICY=FORCEDISABLE | |
anything else | /MSIPOLICY=DEFAULT | ||
nointegritychecks | true | /DISABLE_INTEGRITY_CHECKS | |
nolowmem | true | /NOLOWMEM | |
novesa | true | /NOVESA | |
numproc | num | /NUMPROC=num | |
nx | OptIn (0) | /NOEXECUTE=OPTIN | |
OptOut (1) | /NOEXECUTE=OPTOUT | ||
AlwaysOff (2) | /EXECUTE /NOEXECUTE=ALWAYSOFF | ||
AlwaysOn (3) | /NOEXECUTE=ALWAYSON | ||
onecpu | true | /ONECPU | |
oslnointegritychecks | true | /DISABLE_INTEGRITY_CHECKS | |
osltestsigning | true | /TESTSIGNING | |
pae | ForceEnable (1) | /PAE | |
ForceDisable (2) | /NOPAE | ||
pciexpress | ForceDisable (1) | /PCIEXPRESSPOLICY=FORCEDISABLE | |
anything else | /PCIEXPRESSPOLICY=DEFAULT | ||
perfmem | num | /PERFMEM=num | |
quietboot | true | /NOGUIBOOT /BOOTLOGO | |
removememory | num | /BURNMEMORY=num | |
restrictapiccluster | num | /MAXAPICCLUSTER=num | |
safeboot | Minimal (0) | safebootalternateshell is true | /SAFEBOOT:MINIMAL(ALTERNATESHELL) |
otherwise | /SAFEBOOT:MINIMAL | ||
Network (1) | /SAFEBOOT:NETWORK | ||
DsRepair (2) | /SAFEBOOT:DSREPAIR | ||
sos | true | /SOS | |
targetname | str | debug is true and debugtype is USB (2) |
/TARGETNAME=str |
testsigning | true | /TESTSIGNING | |
truncatememory | num | /MAXMEM=num | |
usefirmwarepcisettings | true | /PCILOCK | |
usephysicaldestination | true | /USEPHYSICALAPIC | |
vga | true | /BASEVIDEO | |
winpe | true | /MININT |
For all BCD elements that hold a boolean value, any non-zero value is interpreted as true. The integer value for firstmegabytepolicy, debugtype, configaccesspolicy and safeboot is interpreted modulo 32 bits. For debugtype, any value other than 0, 1 or 2 is an error.
The options string may also contain switches to describe a RAM disk, but their derivation is not so easily described and is presently beyond the scope of this article. The affected switches are:
Not all BCD elements are translated. Many don’t need to be, since they matter only to boot applications. Some that are translated, such as pae, do not matter to the kernel (or to any known HAL).
The Edit Boot Options menu shows the options as WINLOAD holds them in memory. Although they are loaded from the BCD store, there can have been changes already. Most notably, any nointegritychecks or oslnointegritychecks option in the BCD store will already have been removed from consideration and every occurrence of DISABLE_INTEGRITY_CHECKS in the value of the loadoptions option is overwritten by spaces unless it has something other than a space or forward slash immediately before or after. This is surely for the protection of users, who might otherwise get integrity checks disabled for session after session without ever realising, but the thoroughness of this defence means that /DISABLE_INTEGRITY_CHECKS never can appear in the Edit Boot Options menu except by being edited in, as discussed below.
The active options, presented as simulated BOOT.INI switches, may be removed or added to. Note however that some options may have been acted on already, so that an option that is changed through the Edit Boot Options menu need not work exactly as if it had been determined from the BCD store. Indeed, it need not work at all. For example, WINLOAD decides very early whether to enable the Physical Address Extension (PAE) feature and have 64-bit page table entries, and sticks with its decision regardless of any /PAE or /NOPAE that is added or removed at the menu.
Some of the BOOT.INI options in the edited string are translated back to BCD options for WINLOAD. Mostly, one BOOT.INI option translates to one BCD option, but a few are more complex. The whole string is set as the updated value of loadoptions. Some, perhaps even many, details remain to be worked out.
Edited Option | BCD Elements | Value |
---|---|---|
3GB | increaseuserva | num from USERVA=num; else 3072 |
BAUDRATE=num | baudrate | num |
BOOTDEBUG | bootdebug | true |
CHANNEL=num | channel | num |
CMDCONS | bpbstring | cmdcons |
CONFIGACCESSPOLICY=DEFAULT | configaccesspolicy | Default (0) |
CONFIGACCESSPOLICY=DISALLOWMMCONFIG | configaccesspolicy | DisallowMmConfig (1) |
DEBUG | debug | true |
DEBUGPORT=COMn | debugtype | Serial (0) |
debugport | n | |
DEBUGPORT=1394 | debugtype | 1394 (1) |
DEBUGPORT=USB | debugtype | USB (2) |
DETECTHAL | detecthal | true |
DISABLE_INTEGRITY_CHECKS | nointegritychecks | true |
EXECUTE | nx | AlwaysOff (2) |
HAL=str | hal | str |
KERNEL=str | kernel | str |
MAXMEM=num | truncatememory | num |
MSIPOLICY=DEFAULT | msi | Default (0) |
MSIPOLICY=FORCEDISABLE | msi | ForceDisable (1) |
NODEBUG | debug | false |
NOEXECUTE=ALWAYSOFF | nx | AlwaysOff (2) |
NOEXECUTE=ALWAYSON | nx | AlwaysOn (3) |
NOEXECUTE=OPTIN | nx | OptIn (0) |
NOEXECUTE=OPTOUT | nx | OptOut (1) |
NOEXECUTE | nx | OptIn (0) |
NOPAE | pae | ForceDisable (2) |
PAE | pae | ForceEnable (1) |
PCIEXPRESSPOLICY=DEFAULT | pciexpress | Default (0) |
PCIEXPRESSPOLICY=FORCEDISABLE | pciexpress | ForceDisable (1) |
REDIRECT=COMn | emsport | n |
bootems | true | |
ems | true | |
REDIRECTBAUDRATE=num | emsbaudrate | num |
ROLLBACK | bpbstring | undo |
TARGETNAME=str | targetname | str |
TESTSIGNING | testsigning | true |
TIMEOUT=num | timeout | num |
Text is case-insensitive. An option is considered present at its first occurrence only. Also, an option need not be preceded by a forward slash or even by white space.
In each of the following sets, only one member is accepted, in decreasing order of precedence:
The n placeholder (only in the DEBUGPORT and REDIRECT options) stands specifically for 1, 2, 3 or 4. The num placeholder stands for an uninterrupted sequence of decimal digits. An empty num is permitted, and evaluates as zero. In the MAXMEM option, num is rejected if it is not less than 2 to the power of 44. The str placeholder stands for any number of characters up to but not including the first space.
Where an equals sign is shown for the BAUDRATE option, any single character is in fact acceptable. Behaviour is undefined if BAUDRATE ends the input. Where an equals sign is shown for the DEBUGPORT options, any one or more characters are in fact acceptable. Behaviour is undefined if DEBUGPORT ends the input. The equals sign is required for the REDIRECT option, but it may be followed by any number, including zero, of characters before the first occurrence of COMn. If there is no such occurrence, the bootems and ems elements are added without emsport.