background image
Boot Manager
© 2015 Microsoft. All Rights Reserved
Page 12 of 21
This Security Policy is nonproprietary and may be reproduced only in its original entirety (without revision).
3 OperationalEnvironment
The operational environment for Boot Manager is the Windows 8.1 OEs running on the software and
hardware configurations listed in Section 1.3 Validated Platforms.
4 IntegrityChainofTrust
Boot Manager is the very start of the chain of trust. It cryptographically checks its own integrity during
its startup. It then cryptographically checks the integrity of the Windows OS Loader (Winload.exe) or
Windows OS Resume (Winresume.exe) before starting it.
5 PortsandInterfaces
5.1 ControlInputInterface
The Boot Manager Control Input Interface is the set of internal functions responsible for reading control
input. These input signals are read from various system locations and are not directly provided by the
operator. Examples of the internal function calls include:
BlBdDebuggerEnabled ­ Reads the system flag to determine if the boot debugger is enabled.
BlXmiRead ­ Reads the operator selection from the Boot Selection menu.
BlGetBootOptionBoolean ­ Reads control input from a protected area of the Boot Configuration
Data registry.
The GPC's keyboard can also be used as control input when it is necessary for an operator to provide a
response to a prompt for input or in response to an error indicator.
5.2 StatusOutputInterface
The Status Output Interface is the BlStatusPrint function that is responsible for displaying the integrity
verification errors to the screen. The Status Output Interface is also defined as the
BsdpWriteAtLogOffset responsible for writing the name of the corrupt driver to the bootlog.
5.3 DataOutputInterface
The Data Output Interface includes the following functions: Archx86TransferTo32BitApplicationAsm,
Archx86TransferTo64BitApplicationAsm, and Archpx64TransferTo64BitApplicationAsm. These functions
are responsible for transferring the execution from Boot Manager to the initial execution point of the
Windows OS Loader or Windows OS Resume. Data exits the module in the form of the initial instruction
address of Winload.exe or Winresume.exe.
5.4 DataInputInterface
The Data Input Interface includes the BlFileReadEx function. BlFileReadEx is responsible for reading the
binary data of unverified components from the computer hard drive.