How can an OS change the boot order?
On a machine that uses UEFI and GRUB to boot I've witnessed Windows decide to change the boot order. I thought boot order was only the business of me and my motherboard and simply non-existent in the eyes of a bootloader, an OS, and everything on up. How is an OS able and allowed to change this?
Questions regarding this behavior have been asked before.
Windows 8 changes boot order
This question is specifically asking "How is this possible?" rather than "Why does this happen?", "Should this happen?", or "Can I enable/disable this from happening?".
Well, the OS is what installs the bootloader in the first place, so clearly it has some control over it.
UEFI firmwares have an integrated boot manager, which stores the menu choices and other parameters as EFI variables such as Boot0001, BootOrder, BootNext.
They're stored in the same NVRAM as other firmware settings – in fact, many firmware settings are also exposed as EFI variables – and operating systems can read/write them by calling EFI code. (It's similar to calling the BIOS via old-style interrupts, except the UEFI interface is somewhat better-defined.)
# ls /sys/firmware/efi/efivars/Boot*
/sys/firmware/efi/efivars/Boot0003-8be4df61-93ca-11d2-aa0d-00e098032b8c
/sys/firmware/efi/efivars/Boot0004-8be4df61-93ca-11d2-aa0d-00e098032b8c
/sys/firmware/efi/efivars/Boot0005-8be4df61-93ca-11d2-aa0d-00e098032b8c
/sys/firmware/efi/efivars/Boot0006-8be4df61-93ca-11d2-aa0d-00e098032b8c
/sys/firmware/efi/efivars/BootCurrent-8be4df61-93ca-11d2-aa0d-00e098032b8c
/sys/firmware/efi/efivars/BootOrder-8be4df61-93ca-11d2-aa0d-00e098032b8c
# efibootmgr --verbose
BootCurrent: 0004
Timeout: 2 seconds
BootOrder: 0004,0003,0005,0006
Boot0003* Windows Boot Manager HD(1,GPT,785c8ca2-bb16-48fd-917b-19d69543338f,0x800,0x32000)/File(\EFI\Microsoft\Boot\bootmgfw.efi)
Boot0004* Linux Boot Manager HD(1,GPT,785c8ca2-bb16-48fd-917b-19d69543338f,0x800,0x32000)/File(\EFI\gummiboot\gummibootx64.efi)
Boot0005* Hard Drive BBS(HD,,0x0)P0: ST9640320AS .
Boot0006* CD/DVD Drive BBS(CDROM,,0x0)P1: SlimtypeDVD A DS8A5SH .
# efibootmgr --bootnext 0003
BootNext: 0003
BootCurrent: 0004
Timeout: 2 seconds
BootOrder: 0004,0003,0005,0006
...
# efivar --print --name 8be4df61-93ca-11d2-aa0d-00e098032b8c-Boot0004
GUID: 8be4df61-93ca-11d2-aa0d-00e098032b8c
Name: "Boot0004"
Attributes:
Non-Volatile
Boot Service Access
Runtime Service Access
Value:
00000000 01 00 00 00 72 00 4c 00 69 00 6e 00 75 00 78 00 |....r.L.i.n.u.x.|
00000010 20 00 42 00 6f 00 6f 00 74 00 20 00 4d 00 61 00 | .B.o.o.t. .M.a.|
00000020 6e 00 61 00 67 00 65 00 72 00 00 00 04 01 2a 00 |n.a.g.e.r.....*.|
00000030 01 00 00 00 00 08 00 00 00 00 00 00 00 20 03 00 |............. ..|
00000040 00 00 00 00 a2 8c 5c 78 16 bb fd 48 91 7b 19 d6 |......\x...H.{..|
00000050 95 43 33 8f 02 02 04 04 44 00 5c 00 45 00 46 00 |.C3.....D.\.E.F.|
00000060 49 00 5c 00 67 00 75 00 6d 00 6d 00 69 00 62 00 |I.\.g.u.m.m.i.b.|
00000070 6f 00 6f 00 74 00 5c 00 67 00 75 00 6d 00 6d 00 |o.o.t.\.g.u.m.m.|
00000080 69 00 62 00 6f 00 6f 00 74 00 78 00 36 00 34 00 |i.b.o.o.t.x.6.4.|
00000090 2e 00 65 00 66 00 69 00 00 00 7f ff 04 00 |..e.f.i....... |
# efivar --print --name 8be4df61-93ca-11d2-aa0d-00e098032b8c-BootNext
GUID: 8be4df61-93ca-11d2-aa0d-00e098032b8c
Name: "BootNext"
Attributes:
Non-Volatile
Boot Service Access
Runtime Service Access
Value:
00000000 03 00 |.. |
This list often contains both UEFI bootloaders and "BIOS compatibility mode" MBR disks.
On BIOS systems there is no direct access to this configuration. However, the OS can of course overwrite the existing boot sector with its own, and in fact almost always does because there's no configuration; e.g. installing Windows will always write the Windows boot sector.
Side note: The "EFI variables" aren't really specific to EFI – a similar technique also existed on ARC systems on which Windows NT was originally developed; the NTLDR bootloader and the "boot.ini" file used by Windows are in a way just emulation of what ARC would have provided natively.