Reboot

Last updated October 24, 2024

In computing, rebooting is the process by which a running computer system is restarted, either intentionally or unintentionally. Reboots can be either a cold reboot (alternatively known as a hard reboot) in which the power to the system is physically turned off and back on again (causing an initial boot of the machine); or a warm reboot (or soft reboot) in which the system restarts while still powered up. The term restart (as a system command) is used to refer to a reboot when the operating system closes all programs and finalizes all pending input and output operations before initiating a soft reboot.

Terminology

Etymology

Early electronic computers (like the IBM 1401) had no operating system and little internal memory. The input was often a stack of punch cards or via a Switch Register. On systems with cards, the computer was initiated by pressing a start button that performed a single command - "read a card". This first card then instructed the machine to read more cards that eventually loaded a user program. This process was likened to an old saying, "picking yourself up by the bootstraps", referring to a horseman who lifts himself off the ground by pulling on the straps of his boots. This set of initiating punch cards was called "bootstrap cards". Thus a cold start was called booting the computer up. If the computer crashed, it was rebooted. The boot reference carried over to all subsequent types of computers.

Cold versus warm reboot

For IBM PC compatible computers, a cold boot is a boot process in which the computer starts from a powerless state, in which the system performs a complete power-on self-test (POST).^[1]^[2]^[3]^[4] Both the operating system and third-party software can initiate a cold boot; the restart command in Windows 9x initiates a cold reboot, unless Shift key is held.^[1]^: 509

A warm boot is initiated by the BIOS, either as a result of the Control-Alt-Delete key combination^[1]^[2]^[3]^[4] or directly through BIOS interrupt INT 19h.^[5] It may not perform a complete POST - for example, it may skip the memory test - and may not perform a POST at all.^[1]^[2]^[4] Malware may prevent or subvert a warm boot by intercepting the Ctrl + Alt + Delete key combination and prevent it from reaching BIOS.^[6] The Windows NT family of operating systems also does the same and reserves the key combination for its own use.^[7]^[8]

The Linux family of operating systems supports an alternative to warm boot; the Linux kernel has optional support for kexec, a system call which transfers execution to a new kernel and skips hardware or firmware reset. The entire process occurs independently of the system firmware. The kernel being executed does not have to be a Linux kernel.^{[ citation needed ]}

Outside the domain of IBM PC compatible computers, the types of boot may not be as clear. According to Sue Loh of Windows CE Base Team, Windows CE devices support three types of boots: Warm, cold and clean. A warm boot discards program memory. A cold boot additionally discards storage memory (also known as the "object store"), while a clean boot erases all forms of memory storage from the device. However, since these areas do not exist on all Windows CE devices, users are only concerned with two forms of reboot: one that resets the volatile memory and one that wipes the device clean and restores factory settings. For example, for a Windows Mobile 5.0 device, the former is a cold boot and the latter is a clean boot.^[9]

Hard reboot

A hard reboot means that the system is not shut down in an orderly manner, skipping file system synchronisation and other activities that would occur on an orderly shutdown. This can be achieved by either applying a reset, by cycling power, by issuing the halt-q command in most Unix-like systems, or by triggering a kernel panic.

Hard reboots are used in the cold boot attack.

Restart

The term "restart" is used by the Microsoft Windows and Linux families of operating systems to denote an operating system-assisted reboot. In a restart, the operating system ensures that all pending I/O operations are gracefully ended before commencing a reboot.

Causes

Deliberate

Users may deliberately initiate a reboot. Rationale for such action may include:

Troubleshooting: Rebooting may be used by users, support staff or system administrators as a technique to work around bugs in software,^[10] for example memory leaks or processes that hog resources to the detriment of the overall system, or to terminate malware. While this approach does not address the root cause of the issue, resetting a system back to a good, known state may allow it to be used again for some period until the issue next occurs.
Switching operating systems: On a multi-boot system without a hypervisor, a reboot is required to switch between installed operating systems.
Offensive: As stated earlier, components lose power during a cold reboot; therefore, components such as RAM that require power lose the data they hold. However, in a cold boot attack, special configurations may allow for part of the system state, like a RAM disk, to be preserved through the reboot.^[11]

The means of performing a deliberate reboot also vary and may include:

Manual, hardware-based: A power switch or reset button can cause the system to reboot.^[2] Doing so, however, may cause the loss of all unsaved data.^[12]
Manual, software-based: Computer software and operating system can trigger a reboot as well; more specifically, Microsoft Windows operating systems are outfitted with a restart command that closes open programs and eliminates data loss due to reboot.^[1]^: 509
Automated: Software can be scheduled to run at a certain time and date; therefore, it is possible to schedule a reboot.^[13]

Power failure

Unexpected loss of power for any reason (including power outage, power supply failure or depletion of battery on a mobile device) forces the system user to perform a cold boot once the power is restored. Some BIOSes have an option to automatically boot the system after a power failure.^[14]^[15] An uninterruptible power supply (UPS), backup battery or redundant power supply can prevent such circumstances.

Random reboot

"Random reboot" is a non-technical term referring to an unintended (and often undesired) reboot following a system crash, whose root cause may not immediately be evident to the user. Such crashes may occur due to a multitude of software and hardware problems, such as triple faults. They are generally symptomatic of an error in ring 0 that is not trapped by an error handler in an operating system or a hardware-triggered non-maskable interrupt.

Systems may be configured to reboot automatically after a power failure, or a fatal system error or kernel panic. The method by which this is done varies depending on whether the reboot can be handled via software or must be handled at the firmware or hardware level. Operating systems in the Windows NT family (from Windows NT 3.1 through Windows 7) have an option to modify the behavior of the error handler so that a computer immediately restarts rather than displaying a Blue Screen of Death (BSOD) error message. This option is enabled by default in some editions.

Hibernation

The introduction of advanced power management allowed operating systems greater control of hardware power management features. With Advanced Configuration and Power Interface (ACPI), newer operating systems are able to manage different power states and thereby sleep and/or hibernate. While hibernation also involves turning a system off then subsequently back on again, the operating system does not start from scratch, thereby differentiating this process from rebooting.

Simulated reboot

A reboot may be simulated by software running on an operating system. For example: the Sysinternals BlueScreen utility, which is used for pranking; or some modes of the bsod XScreenSaver "hack", for entertainment (albeit possibly concerning at first glance). Malware may also simulate a reboot, and thereby deceive a computer user for some nefarious purpose.^[6]

Microsoft App-V sequencing tool captures all the file system operations of an installer in order to create a virtualized software package for users. As part of the sequencing process, it will detect when an installer requires a reboot, interrupt the triggered reboot, and instead simulate the required reboot by restarting services and loading/unloading libraries.^[16]

Windows deviations and labeling criticism

Windows 8 & 10 enable (by default) a hibernation-like "Fast Startup" (a.k.a. "Fast Boot") which can cause problems (including confusion) for users accustomed to turning off computers to (cold) reboot them.^[17]^[18]^[19]

Related Research Articles

In computing, BIOS is firmware used to provide runtime services for operating systems and programs and to perform hardware initialization during the booting process. The firmware comes pre-installed on the computer's motherboard.

In the context of an operating system, a device driver is a computer program that operates or controls a particular type of device that is attached to a computer or automaton. A driver provides a software interface to hardware devices, enabling operating systems and other computer programs to access hardware functions without needing to know precise details about the hardware being used.

<span class="mw-page-title-main">Booting</span> Process of starting a computer

In computing, booting is the process of starting a computer as initiated via hardware such as a button on the computer or by a software command. After it is switched on, a computer's central processing unit (CPU) has no software in its main memory, so some process must load software into memory before it can be executed. This may be done by hardware or firmware in the CPU, or by a separate processor in the computer system.

A kernel panic is a safety measure taken by an operating system's kernel upon detecting an internal fatal error in which either it is unable to safely recover or continuing to run the system would have a higher risk of major data loss. The term is largely specific to Unix and Unix-like systems. The equivalent on Microsoft Windows operating systems is a stop error, often called a "blue screen of death".

A rootkit is a collection of computer software, typically malicious, designed to enable access to a computer or an area of its software that is not otherwise allowed and often masks its existence or the existence of other software. The term rootkit is a compound of "root" and the word "kit". The term "rootkit" has negative connotations through its association with malware.

A live CD is a complete bootable computer installation including operating system which runs directly from a CD-ROM or similar storage device into a computer's memory, rather than loading from a hard disk drive. A live CD allows users to run an operating system for any purpose without installing it or making any changes to the computer's configuration. Live CDs can run on a computer without secondary storage, such as a hard disk drive, or with a corrupted hard disk drive or file system, allowing data recovery.

<span class="mw-page-title-main">Watchdog timer</span> Electronic timer used to detect and recover from computer malfunctions

A watchdog timer, sometimes called a computer operating properly timer, is an electronic or software timer that is used to detect and recover from computer malfunctions. Watchdog timers are widely used in computers to facilitate automatic correction of temporary hardware faults, and to prevent errant or malevolent software from disrupting system operation.

Unified Extensible Firmware Interface is a specification that defines an architecture for the platform firmware used for booting a computer's hardware and its interface for interaction with the operating system. Examples of firmware that implement the specification are AMI Aptio, Phoenix SecureCore, TianoCore EDK II, InsydeH2O.

The Advanced Host Controller Interface (AHCI) is a technical standard defined by Intel that specifies the register-level interface of Serial ATA (SATA) host controllers in a non-implementation-specific manner in its motherboard chipsets.

In Linux systems, initrd is a scheme for loading a temporary root file system into memory, to be used as part of the Linux startup process. initrd and initramfs refer to two different methods of achieving this. Both are commonly used to make preparations before the real root file system can be mounted.

Hibernation in computing is powering down a computer while retaining its state. When hibernation begins, the computer saves the contents of its random access memory (RAM) to a hard disk or other non-volatile storage. When the computer is turned on the RAM is restored and the computer is exactly as it was before entering hibernation. Hibernation was first implemented in 1992 and patented by Compaq Computer Corporation in Houston, Texas.

A machine check exception (MCE) is a type of computer error that occurs when a problem involving the computer's hardware is detected. With most mass-market personal computers, an MCE indicates faulty or misconfigured hardware.

In a computer or data transmission system, a reset clears any pending errors or events and brings a system to normal condition or an initial state, usually in a controlled manner. It is usually done in response to an error condition when it is impossible or undesirable for a processing activity to proceed and all error recovery mechanisms fail. A computer storage program would normally perform a "reset" if a command times out and error recovery schemes like retry or abort also fail.

The Linux booting process involves multiple stages and is in many ways similar to the BSD and other Unix-style boot processes, from which it derives. Although the Linux booting process depends very much on the computer architecture, those architectures share similar stages and software components, including system startup, bootloader execution, loading and startup of a Linux kernel image, and execution of various startup scripts and daemons. Those are grouped into 4 steps: system startup, bootloader stage, kernel stage, and init process. When a Linux system is powered up or reset, its processor will execute a specific firmware/program for system initialization, such as the power-on self-test, invoking the reset vector to start a program at a known address in flash/ROM, then load the bootloader into RAM for later execution. In IBM PC–compatible personal computers (PCs), this firmware/program is either a BIOS or a UEFI monitor, and is stored in the mainboard. In embedded Linux systems, this firmware/program is called boot ROM. After being loaded into RAM, the bootloader will execute to load the second-stage bootloader. The second-stage bootloader will load the kernel image into memory, decompress and initialize it, and then pass control to this kernel image. The second-stage bootloader also performs several operation on the system such as system hardware check, mounting the root device, loading the necessary kernel modules, etc. Finally, the first user-space process starts, and other high-level system initializations are performed.

In computer security, a cold boot attack is a type of side channel attack in which an attacker with physical access to a computer performs a memory dump of a computer's random-access memory (RAM) by performing a hard reset of the target machine. Typically, cold boot attacks are used for retrieving encryption keys from a running operating system for malicious or criminal investigative reasons. The attack relies on the data remanence property of DRAM and SRAM to retrieve memory contents that remain readable in the seconds to minutes following a power switch-off.

The blue screen of death is a critical error screen displayed by the Microsoft Windows operating systems. It indicates a system crash, in which the operating system reaches a critical condition where it can no longer operate safely.

In computing, a hang or freeze occurs when either a process or system ceases to respond to inputs. A typical example is when computer's graphical user interface no longer responds to the user typing on the keyboard or moving the mouse. The term covers a wide range of behaviors in both clients and servers, and is not limited to graphical user interface issues.

The kernel is a computer program at the core of a computer's operating system and generally has complete control over everything in the system. The kernel is also responsible for preventing and mitigating conflicts between different processes. It is the portion of the operating system code that is always resident in memory and facilitates interactions between hardware and software components. A full kernel controls all hardware resources via device drivers, arbitrates conflicts between processes concerning such resources, and optimizes the utilization of common resources e.g. CPU & cache usage, file systems, and network sockets. On most systems, the kernel is one of the first programs loaded on startup. It handles the rest of the startup as well as memory, peripherals, and input/output (I/O) requests from software, translating them into data-processing instructions for the central processing unit.

Control-Alt-Delete is a computer keyboard command on IBM PC compatible computers, invoked by pressing the Delete key while holding the Control and Alt keys: Ctrl+Alt+Delete. The function of the key combination differs depending on the context but it generally interrupts or facilitates interrupting a function. For instance, in pre-boot environment or in MS-DOS, Windows 3.0 and earlier versions of Windows or OS/2, the key combination reboots the computer. Starting with Windows 95, the key combination invokes a task manager or security related component that facilitates ending a Windows session or killing a frozen application.

TRESOR is a Linux kernel patch which provides encryption using only the CPU to defend against cold boot attacks on computer systems by performing encryption inside CPU registers rather than random-access memory (RAM). It is one of two proposed solutions for general-purpose computers. The other, called "frozen cache" uses the CPU cache instead. It was developed from its predecessor AESSE, presented at EuroSec 2010 and presented at USENIX Security 2011. The authors state that it allows RAM to be treated as untrusted from a security viewpoint without hindering the system.

References

1 2 3 4 5 Jones, James G.; Landes, Craig; Tittel, Ed (2002). A+ Exam Cram 2 (Exam Cram 220-221, Exam Cram 220-222). Que Publishing. pp. 379–380, 509. ISBN 9780789728678.
1 2 3 4 Cooper, Jim (2002). Using MS-DOS 6.22. Que Publishing. pp. 24, 960, 964. ISBN 9780789725738.
1 2 Tulloch, Mitch; Tulloch, Ingrid (2002). Microsoft Encyclopedia of Networking (2nd ed.). Microsoft Press. p. 172. ISBN 0-7356-1378-8.
1 2 3 Soper, Mark Edward (2004). Absolute Beginner's Guide to A+ Certification. Que Publishing. p. 188. ISBN 9780789730626.
↑ "Hardware Troubleshooting: Cold Booting Versus Warm Booting". Support. Microsoft. 7 July 2005. Archived from the original on 21 February 2015.
1 2 Grimes, Roger (1 June 2001). "2". Malicious Mobile Code: Virus Protection for Windows. O'Reilly Media. p. 50. ISBN 9781565926820.
↑ "Using CTRL+ALT+DEL key combination to open Windows Security opens Task Manager". Microsoft Support. Microsoft. 15 January 2006. Retrieved 19 January 2013.
↑ Osterman, Larry (24 January 2005). "Why is Control-Alt-Delete the secure attention sequence (SAS)?". Larry Osterman's WebLog. MSDN Blogs . Retrieved 15 March 2007.
↑ Loh, Sue (22 June 2005). "Boot Persistence Terminology". Windows CE Base Team Blog. Microsoft. Retrieved 3 March 2013.
↑ Debogue, Jean. "Did you reboot". WeDebugYou.
↑ Ken Freeze (28 October 1985), "Jram-3 Rivals Persyst Stretch In RAM Race of Add-On Boards", InfoWorld
↑ Shelly, Gary B.; Vermaat, Misty E. (2012). Enhanced Discovering Computers, Complete: Your Interactive Guide to the Digital World, 2013 Edition. Cengage Learning. p. 400. ISBN 9781133598312.
↑ Gary A. Donahue, Gary A. (2011). Network Warrior (2nd ed.). Sebastopol: O'Reilly Media. p. 698. ISBN 9781449309350.
↑ "AsRock 775i65G User Manual" (PDF). p. 32.
↑ "Supermicro C7Q67 User's Manual" (PDF). p. 69.^{[ permanent dead link ]}
↑ "Microsoft App-V 4.6 SP1 Sequencing Guide".
↑ Walter Glenn (3 March 2016). "The Pros and Cons of Windows 10's "Fast Startup" Mode". How-To Geek.
↑ Oliver Niehus (14 December 2012). "Windows 8: Fast Boot". MSDN - Oliver's Blog.
↑ "Distinguishing Fast Startup from Wake-from-Hibernation". Microsoft Hardware Dev Center. 15 December 2021.

This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.

[Jones,_Landes,_Tittel_(2002)-1] 1 2 3 4 5 Jones, James G.; Landes, Craig; Tittel, Ed (2002). A+ Exam Cram 2 (Exam Cram 220-221, Exam Cram 220-222). Que Publishing. pp. 379–380, 509. ISBN 9780789728678.

[Cooper_(2002)-2] 1 2 3 4 Cooper, Jim (2002). Using MS-DOS 6.22. Que Publishing. pp. 24, 960, 964. ISBN 9780789725738.

[Tulloch_(2002)-3] 1 2 Tulloch, Mitch; Tulloch, Ingrid (2002). Microsoft Encyclopedia of Networking (2nd ed.). Microsoft Press. p. 172. ISBN 0-7356-1378-8.

[Soper_(2004)-4] 1 2 3 Soper, Mark Edward (2004). Absolute Beginner's Guide to A+ Certification. Que Publishing. p. 188. ISBN 9780789730626.

[Microsoft_(2005)-5] "Hardware Troubleshooting: Cold Booting Versus Warm Booting". Support. Microsoft. 7 July 2005. Archived from the original on 21 February 2015.

[Grimes_(2001)-6] 1 2 Grimes, Roger (1 June 2001). "2". Malicious Mobile Code: Virus Protection for Windows. O'Reilly Media. p. 50. ISBN 9781565926820.

[7] "Using CTRL+ALT+DEL key combination to open Windows Security opens Task Manager". Microsoft Support. Microsoft. 15 January 2006. Retrieved 19 January 2013.

[8] Osterman, Larry (24 January 2005). "Why is Control-Alt-Delete the secure attention sequence (SAS)?". Larry Osterman's WebLog. MSDN Blogs . Retrieved 15 March 2007.

[9] Loh, Sue (22 June 2005). "Boot Persistence Terminology". Windows CE Base Team Blog. Microsoft. Retrieved 3 March 2013.

[10] Debogue, Jean. "Did you reboot". WeDebugYou.

[11] Ken Freeze (28 October 1985), "Jram-3 Rivals Persyst Stretch In RAM Race of Add-On Boards", InfoWorld

[Shelly,_Vermaat_(2012)-12] Shelly, Gary B.; Vermaat, Misty E. (2012). Enhanced Discovering Computers, Complete: Your Interactive Guide to the Digital World, 2013 Edition. Cengage Learning. p. 400. ISBN 9781133598312.

[13] Gary A. Donahue, Gary A. (2011). Network Warrior (2nd ed.). Sebastopol: O'Reilly Media. p. 698. ISBN 9781449309350.

[14] "AsRock 775i65G User Manual" (PDF). p. 32.

[15] "Supermicro C7Q67 User's Manual" (PDF). p. 69.^{[ permanent dead link ]}

[16] "Microsoft App-V 4.6 SP1 Sequencing Guide".

[17] Walter Glenn (3 March 2016). "The Pros and Cons of Windows 10's "Fast Startup" Mode". How-To Geek.

[18] Oliver Niehus (14 December 2012). "Windows 8: Fast Boot". MSDN - Oliver's Blog.

[19] "Distinguishing Fast Startup from Wake-from-Hibernation". Microsoft Hardware Dev Center. 15 December 2021.

[1]

[2]

[3]

[4]

[5]

[6]

[7]

[8]

[9]

[10]

[11]

[12]

[13]

[14]

[15]

[16]

[17]

[18]

[19]