BootSwitch - Best practice of Bootmanagement


Bootmanagers allow different Operating Systems being selected for start-up on the same Personal Computer. Unfortunately, none of these software-bound solutions, including fancy bootmenus in BIOS or UEFI, provide means of mutual access protection, and the OS that is running may always spy on or damage inactive partitions. Moreover, dependencies on the common boot mechanism give rise to serious operational and security issues.
Why not doing things right in Hardware! First we do clean installs onto physically separate harddisks that are each bootable. To start the OS of desire, we'd only connect the respective drive to the system while leaving the others 'offline'.
The proposed appliance enables selecting 1 out of 4 bootable harddisks in a Desktop-PC. Logic will not permit any switching within some active OS, and it supports an automated Power-On cycle of the Computer at whole. All being controlled by a single pushbutton, that may be the existing Power-Button as well.


Festplattenumschalter BootSwitch - Musteraufbau (Foto: jt)


Software
Bootmanagers

Hardcore-
Solution


BootSwitch

Pro's and Con's

Hardware-
details


Firmware

Assembly

Remarks

Download

Links

Index



Don't trust (boot)managers...

Bootmanagers allow different operating systems to be held on the same physical PC and to start them at will from a fancy menu. Great thing, especially for the geeks that like to play around with half a dozen of linux distros...

Pragmatic users would likely prefer some classic dual-boot setup, or just a few well-hung operating systems, being optimized for different aspects of digital life, e.g. one for "production", one for fun and multimedia tasks, one for hacking and cracking...
Sad enough that we still have to deal with proprietary stuff (Games, CAD, MS-Office...), that's being available only for a certain OS and showing poor performance in an emulator or virtual machine due to silly technical or licensing issues.
A bootmanager gives opportunity to fry an extra sausage for anyone, i.e. to install and run the required OS natively, thus get the best out of a given platform. Additionally, the bootmanagement provides a clear logic separation between the systems. This could be great help keeping control over our data and applications. At least in theory...

Installation- and Maintenance Risk

In the classic Single-boot configuration, the Master Boot Record is directly forwarding to the bootloader of a specific OS that's been installed on the first primary partition of the harddisk. This is quite a straightforward thing, and the MBR could be directly protected against unauthorized write attempts at BIOS-level by an option called "virus protection". Protected MBR means that bootsector-virii won't infiltrate the system.
Yet, for a Multi-boot-setup, the MBR had to be modified to start the bootmanager programme (instead of a certain OS-bootloader).
However, there are only a few hundreds of bytes available for machine code. This is way too small for so-called modern bootmanagers like GRUB. That is to say, in a Multi-boot environment, only the very initial stage of a multi-boot loader fits right into the MBR. The machine code in the MBR will then have to forward to the actual bootmanager that's showing the menu etc. Thus, the bootmanager is necessarily being located in some regular sectors on the disk that normally could not benefit from BIOS protection. Besides, the occupation of those other sectors could rise further issues in conjunction with other low-level drivers.
Installation of important components of the boot mechanism in regular locations on the disk, or even a designated partition, facilitates subsequent configuration changes. This is often depicted as a "great advantage" by the fanboys. Just thinking: If a user can do pervasive changes to the bootmanager and bootchain-related machine code from within a running system, malicious software could do either!!!
So, we introduced additional security risk with such bootmanager. It may not be a too paranoid scenario: sophisticated malware takes the opportunity and adds some "special features" to an existing bootmanager install. For example, a key-logger. It would be empowered then to copy password entries that are done even before any OS is actually running. This could provide means of a pre-boot attack on users with full-disk-encryption.
However, with today's Multi-boot installations, it is more likely that some day something went terribly wrong with data backups or configuration changes...
Beclouding the Multi-boot sky: "harmless" bootmanager-upgrade; wrong strategy of data backup; (re-)partitioning of HDDs; pickin' the wrong recovery-CD; accidental overwrite of important media sectors (killing drive-overlays or crypto drivers); virus attacks; re-installment of obsolete backups; accidental formatting of "free" partitions etc. etc. Dependencies on a common non-standard boot mechanism is indeed the main reason, why some OS still don't collude well in a Multi-boot environment.

Everyday's operational hazards

Whether we use a dedicated bootmanager or even the BIOS/UEFI-integrated boot menu; they all expect any optional boot media to be fully accessible from a hardware perspective at boot-decision-time.
After the user has chosen one OS, it will continue to boot from exactly ONE specified partition containing the bootloader and system files from the chosen Operating System. Now, what about the bootloaders and system files of the unwanted OS's? Of course they do not cease to exist. It's a matter of fact that this data and partitions will be fully accessible from any running system, especially if the whole stuff has been packed onto one and the same big harddisk. Considering this, one can never expect clean separation between the data of "active" and "inactive" operating systems.
Also, the default (mis)behaviour of some notorious OS is to include all drives and partitions that they find at startup. Confronted with an unknown partition type, it promptly suggests "formatting". We should stop the kibosh at first place. As we do not usually need access to "alien partitions", it would be better to write-protect or completely hide them from any explorer access. Yet, to have an option for data exchange, we may set up a separate partition (or even a network drive) with liberate access rights.
Illusive access protection: Since all the pretty stuff was located on the same physical drive (or even separate drives that cannot be switched off by hardware), all data on every media has to be considered permanently accessible. It all depends on the safety concept of the OS and the user's alertness to prevent access violations. As soon as the user is temporarily working with full administrator/root privileges, everything is possible... Moreover, some malware that exploits unknown vulnerabilities (or secret backdoors) of the OS does not even have to follow the rules of game. An advanced trojan or virus could possibly spy on or damage even such data that was supposedly "protected" by read-only or hidden partition.


Conclusions:


Top | Index


"Mission impassable"

So, we have seen, or knew it long ago: Software boot-managing is a nice gimmick - and major bullshit in terms of security.

But how do we get it right? In hardware, of course! Operating systems reside on a harddisk or other mass storage media, which are modular and hot-pluggable components with today's interface standards. Such HDD or SSD could be attached or detached from the mainframe by technical measures. So, the most consistent option of "boot management" is a physical switching of drives:

    With this method, we get a level of security, that is well above any gambling with access rights, partition hiding, sleep modes or even virtualization.

    A technical switching cannot be overcome by software. Attacks from a network, malicious software or installation disasters could only harm the current system on the selected disk. If he managed to completely crash one OS, the user has serenity to just start up one of his other fully functional installations and prepare rescue media or search the Web for helpful info.

    Full disk encryption (FDE) is quite unproblematic in a single-boot setup, and those hardware-switched boot disks are each organized as single-boot installations. In particular, all the sectors following the MBR are available in whole for low level drivers.

    Hard disk drives have become quite affordable. With only one OS per disk, we have option to choose comparably small disk capacities tailored for the certain scope of application. I.e. an Office-PC could run with comparably small conventional drives or SSDs. Smaller HDDs tend to be more energy-efficient, rugged and reliable than bigger ones. On the other hand, for the install of a Fun- or Gaming-OS we may directly choose some Terabytes packed platter that will then keep our most beloved Multimedia stuff.

    Independent, optimized, streamlined and clearly arranged OS installations help keeping control of your data and to perform tailored backup strategies. This is something slightly different to the usual windooze scrapheap where more and more ballast and incriminating material accumulates inevitably...


    Top | Index


    Bootmanager vs. Bootswitching

    Method
    Pro's Con's
    Software

    (Bootmanager)

    • Virtually easy to administer.
    • No additional cost (part of modern OS installation packages).
    • Flexibility in configuration.
    • Number of OS "unlimited".
    • Passing of Kernel-parameters.
    • Nicely displayed boot menu.
    • All OS may be packed onto one bigger HDD...
    • Data exchange partition on the same HDD.
    • Also applicable to Laptops/Netbooks etc.

    • OS change requires 3 steps:
      1. Power-On or Restart
      2. Menu choice
      3. Continue bootin'



    • No serious (physical) security.
    • Works best in "monoculture".
    • Installation sequence not free to choose, interdependencies must be considered.
    • Starting one OS depends on several software components in common use.
    • Re-install, re-partitioning or rescue missions always jeopardize the whole multi-boot environment and imply expert knowledge.
    • Partitioning tends to get messy.
    • Malware or Trojans may have full access on ALL involved OS's data.
    • Reasonable backup strategies suggest full disk backups. This can take much time and require a backup disk that is at least the same size as the Multi-boot-HDD in duty.
    • Headcrash or destroyed partition scheme annihilates whole multiboot-installation.
    Hardware

    (Switching
    harddisks)

    • Nearly the same as separate PCs.
    • No damage to the inactive (switched-off) system disks possible.
    • Surely independent Installation and maintenance of OS.
    • One System per disk = direct linkage between physical media (HDD) and a certain OS
    • Partitioning schemes kept simple. In most scenarios, the classic MBR with primary partitions will be sufficient.
    • Easy adding/removal of OS simply by exchange of HDDs.
    • Rescue/Repair missions only require standard tools and live disks of the respective system.
    • No intermediate halt before booting means that there is no attack vector at this stage.
    • Single OS remain bootable without boot switch.
    • Use of small, affordable, robust and energy efficient HDDs (SSDs).
    • No obstacles to encrypted OS.

    • THE "BOOTSWITCH 4.1" METHOD:
      ONE BUTTON OPERATION and safe connection whilst PC power off.

    • OS switch in 1 or 2 steps:
      0. Shutdown + Power-OFF
      1. Choice via button, automatic switching and Power-ON

    • Additional hardware and space requirements
      (only Desktop-PC)-
    • Shutdown and Power-Off required for every change and reboot of an OS.
    • One HDD per OS.
    • One SATA-port per HDD/SSD. (When data interface was not switched.)
    • "Hot" switching of HDD electronics could ne risky  (... not with BootSwitch method!)
    • Inter-OS Data exchange demands external or media or another internal and fixed HDD.
    • Probs with (U)EFI, TPM/TCPA possible.
      Theoretical attacks by way of a corrupted UEFI or video graphics-adapter imaginable.


    Top | Index


    Coldstart method

    To boot-up an Operating System on the PC platform (80x86), we will either need a reboot (warmstart), reset or coldstart.

    With "hard boot management", different HDDs carry different bootable OS and may be selectively connected to the mainboard. This is clearly a change in hardware configuration. Thus, the only reasonable approach for safe reboot is a coldstart.

    Before switching to another boot drive, we will have to shutdown and turn off the PC (normally "soft-off" or "S5" is sufficient).
    Then we connect the designated boot drive with the system hardware, then turn on the PC again. Since the BIOS surely recognizes a coldstart, it will do a deep check on the drive configuration (corresponding BIOS-option to 'AUTO') and subsequently boot from the new harddisk, if this has been determined by boot priority.

    Actually nothing new! Brave users performed this method years ago with more or less comfortable switching procedures...

    Just to mention, also the manual plugging of cables or high-quality mechanical switches were "good" methods of boot-switching at least from an electrical perspective ... with that special thrill! Premature disconnect when the system was not really shut-down, spoofed by a sleep mode, and other silly mistakes could severely damage the file systems of one or multiple harddisks. Every live switching of the power supply could have been the "final surge" for drive electronics that's not really hot-pluggable...!

    Those HDD-Racks are not really suitable for bootmanagement. Being designed for data drives at the first place, it is provided that hdd's may be removed or inserted even at runtime of the system. But it is plain to see this would be a no good idea at all with boot drives. Such drives should never be removed from the system until the respective OS they carry, has been shutdown completely. Yet, there is no technical barrier that will prevent us from doing such funny things. No chrome plated keylock prevents us from that...

    Only very few commercial Hard Drive Switches (or SATA-Switches) were primarily designed for the switching of boot drives. If there is a special mode for boot drives, switching should be impossible at PC-runtime. However, product descriptions are often misleading. Where the benefits of the "Hot-swap" feature are praised over and over, the product may be rather intended for data drives. We come to the disappointing conclusion, that even the most expensive HDD switch could be more dangerous than the cheapest handcrafted solution! Despite that shiny chrome keyswitch...


    Top | Index


    Project "BootSwitch"

    The proposed boot drive switch is designed to select 1 out of 4 hard disk drives to boot from. It only switches the power supply of the selected HDD. (With modern interface standards like SAS or SATA, it is okay to only switch the power supply, as this will be sufficient for an intelligent controller to safely add/remove a device to/from system configuration at least on BIOS level.)

    Most of the manual or semi-automated switching methods had the disadvantage that they do not reliably protect users from doing silly  mistakes, i.e. switching at runtime. Also the operation of many switches is comparably cumbersome...

    However, the proposed circuit was explicitly considered for use as a bootmanager. Switching should only commence when the PC was really powered off. Thus this BootSwitch circuit and its programming enforces the proven coldstart method.

    Oh, and my concept goes without chunky switches and LED gimmicks. It does not litter the PC front with trashy looking 80's style controls. BootSwitch is being operated in the most discreet way - by a single pushbutton. Even better, we could dual-use the existing "POWER" button for that purpose! Since the BootSwitch's logic not only controls the switching of hard disks, it can also restart the PC system with optimized timing.

    The selection of the desired boot disk is done by way of this veeeery complex input method:

    Once the PC is running, power button is assigned its usual functionality by passing-through of Button signals to the mainboard. This way we can still shutdown the PC or bring it to a suspend mode by pressing the Power-Button at runtime.

    Change of boot disks is only possible after switching off the computer. Some means of hardware and software make sure that an already connected drive cannot be dropped while the computer is running, even if the power supply of the bootswitch-logic was disturbed.

    Within warmstarts (initiated by clicking "Restart" or pressing the Reset button), then of course no switching operation will take place. Instead, the already-attached hard drive remains connected and the system will flawlessly reboot from the same drive. That is to say, the warmstart behavior is just the same as if the platform had permanently connected drives. (Nice feature with respect to "installation orgies" that require multiple restarts!)

    After shutdown and power-off, the BootSwitch's logic will return to Standby mode either. Now we are free to choose another bootdrive by pushing the button an number of times, and only few seconds later, the machine will restart and boot up from the selected drive automatically.

    Additionally, we have option to connect no drive at all. For this, we simply press the power button once more, than the number of switchable hard drives. BootSwitch will then initiate the PC power cycle only without energizing a hard drive. We can thus boot up some live system from CD or pendrive without changing BIOS-boot-priority and without running into any risk of unwanted access/alterations in the built-in system drives.

    The main logic and control tasks are performed by the AVR microcontroller ATtiny2313 [5]. See further annotations on programming and peripherals for further information on this reliable and robust application.


    Top | Index


    Circuit plan

    Schaltplan Festplattenumschalter "BootSwitch 4.1"
    BootSwitch 4.1,  circuit version since 12/2013 - only one relay stage and driver depicted.
    (Download provides this and other documents in higher graphics solution.)


    Top | Index


    Hardware details

    General Note: In this document, i will try to coherently use the term "standby" to refer to the technical standby state, which is equal to a "switched-off" computer, whoose power supply still delivers the standby voltage. (ACPI mode "S5"), while "Power-On" denotes the powered-on PC, where all regular voltages are provided and booting can of an operating system is imminent (ACPI mode "S0").


    Basic Principles: This boot drive switch is to connect the chosen hard drive to the PC system, even before the PC is powered-on again. What we get is the most gentle, most compatible procedure of changing a boot disk, since the inevitable power upsurge can not be harder as if the drive was permanently connected to the system, thus being supposedly within all standard limits. Thus, for the hard drive, power supply and BIOS the electrical and logic situation is exactly the same as with a "hard-wired" system, except from the fact that the drive may have been a different one at the time of an earlier power cycle.
    Now you may ask: Where does the electronics gets its power to interprete button events and energize some relay when the PC is not powered-up at this time? Extra power supply? Batteries being recharged at runtime?
    Even more simple! When an ATX power supply is turned "OFF", all the regular power rails are in fact switched off, except from a 5 volts of standby voltage. This 5 volts will remain available as long as the PSU is still being connected to a live mains.
    The 5VSB will usually feed some circuits that may be utilized to "wake-up" the system from standby state. These are namely the circuit for the power button, but also certain timers, keyboards, network cards, and possibly some other stuff.
    The 5VSB is often generated by a separate converter in the power supply, so its efficiency should be acceptable. According to the ATX specifications, the 5VSB are resilient to at least 1 Amps.
    So, the power supply of a small circuit add-on from 5VSB is no electric problem, but rather a mechanical challenge. Unfortunately the ATX standard does not provide us with a separate connector of 5VSB. Yet we can easily tap the voltage from the ATX mainboard connector. Alternatively the power could be tapped also from a PS/2 or internal USB port. (Refer to your mainboard's documentation!)


    Microcontroller: A boot disk switch must be aware of the actual state of the PC system to safely prevent any unappropriate switching at runtime. A clear distinction between "Power" and "Standby" can be maid from the existence or non existence of regular board voltages. In the "standby" state, the bootswitch will have to count button events and then engage connection of the chosen hard disk device. However, if the regular voltages are present then the PC is already in "Power-On" state and no further switching operation is to be allowed. Button pushes may be passed-through to the mainboard, so we can make use of ACPI functionality (shutdown or energy saving mode by power button).
    It occurs, that this basic functionality could have been implemented with some good old 4xxx or 74xx logic gates as well. Yet considering the "exceptional conditions" (real coldstarts, voltage drops or instability), it would have led to pretty much additional efforts in discrete logic.
    On the other hand, we can do all this (and much more) with a small microcontroller of today. I have chosen the ATtiny2313 for this application because of the very good long-term performance experience in other projects (e.g. LED Clock, CodeLock). As with most AVRs, the ATtiny2313 already has built-in features to ensure clean start and operating characteristics.


    Switching Relays: Connecting the desired HDD to the board power is done by regular (mono-stable) relays in this concept. Relays are energized before the board voltage rises up. By using relays, we evade from nonlinearity and voltage drop like with semiconductor-based switching methods. The contact set of a good relay behaves just like a good connector or a good mechanical switch.
    With the proposed relay type (contact capacity: 8A), the hard switching relays could handle several amps of initial current to even handle a massive 3.5 inch HDD.
    Switching relays of that kind are hardly to find with coil voltages of about 5V. Using a type 6-V-relay in a 5 volts appliance is not recommended. Considering additional voltage drop across the switching transistor and admissible undervoltage on the 5-V-rail, the actual voltage to energize the relay may indeed fall slightly below the specified minimum. This could rise critical/unsafe conditions and should be avoided .
    We can avoid this by using 12-V-relays. In a switched-on PC, the relay may be permanently hold by the regular 12-V rail. Voltage tolerances are much higher compared to the 5- or 6-V-types. Incidentally we get clear separation between logic and control circuit by use of a 12 V relay. But now another question arises: Where the hell do we get 12 volts from to energize our relay, when there is only 5-V-standby available in a PC? See the next section!


    Charge Pump: This special circuit, consisting of IC3 (MAX232), and some peripheral components, make use of the charge pump, inverter, internally generated switching frequency and both of the line-drivers to transform the supply voltage of approx. 5 V to a square-wave voltage of approx. +/-8V (@ 50 kHz). By the voltage doubler (C11, D2, D3) it will the electrolyte capacitor C12 (1000 F/25V) within a few seconds up to a max. voltage of about +16V. This load is fairly sufficient to energize even bigger relay types with coil voltage of 12 volts.
    The line drivers of the MAX232 are current-limited (short-circuit-proof). On one hand, this makes the circuit virtually "indestructable". However, it could not hold every relay for an unlimited time. After a few seconds the large relay type (Finder series 41) would drop-back at an unforeseen time because of insufficient holding current. It is better if the controller could deliberately initiate the shutdown after some well-defined holding time.
    The bypass of 5VSB over D1 makes it happen! After the initial charge of the capacitor was used up, the bypass prevents further voltage drop below approx. 4.7 V minus 0.6 V (voltage drop across the switching transistor), so we are always dealing with a minimum voltage that will be sufficient holding voltage for this relay type.
    It is now up to the BootSwitch firmware to fully control relays activation time. If the regular power does not appear, it will trip off the relay after approx. 5 seconds. That's a pretty big time window even for a manual start of the PC (by separate power button). By the way, the timeout provides a convenient functional testing.
    D1 to D4 must be Schottky diodes to minimize voltage drop. We've chosen the quite robust SR160 (60V/1A). Especially D1 and D4 are basically oversized, but it won't hurt to have some safety margin at this point, because these diodes separate circuit from PC board voltages.
    The charge pump approach has clear "environmental benefits" for the PC system. Other than step-up converters or those miniaturized inverter modules, no further RF interference is generated and in the load case, no current-peak spilling over to 5VSB, since the initial power to energize some relay will be delivered primarily by the charge capacitor. If the PC-PSU was sound, after some tenths of a second, the regular 12 V voltage takes over the entire coil current. Idle current of this MAX232 charge pump is only about some milliamps.
    This circuit design has been successfully tested with several specimen of MAX232N (industrial/standard). If ever possible, we should try to pick some chip from original manufacturers (i.e. Maxim or TI). NOT SUITABLE IN THIS DESIGN: MAX232A OR MAX232CPE.
    All electrolyte capacitors should be "105-deg"-types sein, that have better durability despite of hot operating conditions. As you can see on the Photo, we can also use unpolarized MKS film capacitors for C7-C11 (1F/63V). These won't degrade within a realistic period of time.


    Relay Drivers: The relay coils are energized by generously dimensioned NPN-switching transistors T1x (BC337-25). Resistor R8x (1k0) injects a base current of approx. 4 mA if the controller rises the respective PORTB to active HIGH. This is an appropriate overdrive factor for this transistor. The relay in the collector branch will respond quickly. For a short time, the coil current is about 50 mA (measured).
    At this time, the board voltages are still down, so the "switched" HDD won't experience any current pulse.
    Right after some 1/10 seconds, the PSU should come up with the regular 5 - and 12-V voltages for drive supply. Also the already energized relay is now fed by the 12V and coil current adjusts to around 40mA. Now T1x D5x and R9x provide a permanent base current from the 5-V-rail that is now independent from the microcontroller's state. The relay is safely "latched", since it cannot drop back as long as the regular voltages are sufficently stable. Only a complete shutdown (power-off) of the system will drop the relay.
    All current values have been dimensioned with generous safety margin. See datasheet to the BC337.


    Button-Input:  We may connect any simple pushbutton with normally-open contacs to the terminals X2 "BTN-IN" of the BootSwitch PCB. This button is the sole input device to choose a boot drive by "counting code". After the designated HDD has been connected to the PSU rails (which are yet dead), we would have about 5 seconds of time to manually restart the PC by pressing the regular "Power" Button in this "manual" setup. Otherwise, the relay will drop after this period of time.
    Why bother with TWO buttons?! We could simply make the existing Power-Button the input device for the BootSwitch! Simply pull its connector from the mainboard and plug it to X2-BTN-IN. (Power button is often identified by its black-white cable and a connector in 2.5-mm grid is sometimes labelled "PWR".) Now, who's gonna power-up the system via mainboard? This is enabled by the...


    Button-Output: After it has energized one HDD relay, the boot switch will provide a compatible Power-On-Signal for the PC mainboard at X3 "BTN-OUT". We may directly connect this output by means of any suitable two-wire cable with the now free connector on the mainboard. The optocoupler IC2 (PC817) delivers the potential free switching signal. This will circumvent possible issues with ground lead and unusual voltage levels. Of course, polarity must be observed, since the output of the coupler is a bipolar phototransistor.
    Instead of testing for the right polarity, we should simply try it out. There's nothing that gets damaged with wrong polarity and the chance that we correctly connect the plug on good luck, is something around 50 percent... (According to Murphy the plug at the first attempt is connected basically upside-down. No reason to calm ;-)
    For security reasons, the optocoupler IC2 is driven "low-active". The anode of the internal IR-LED is tied to the positive terminal of operating voltage, while its cathode leads to the port output PD5 by way of a current-limiting resistor. To activate the optocoupler, two conditions must be met: The portline PD5 must be configured as an output AND it must be pulled down to a logical Low. Resulting current for the transmit LED is about 15mA at R4 (220 Ohms). This is possible only within the respective subroutines of the programme. It can't happen "by accident".
    For instance, when hardware reset was applied to an AVR via /RESET pin, the controller turn all port lines to input and switch off all internal pull-ups (= high impedance) at the instant. No current could be sourced or sinked by the port either against GND or Vcc. Even if the Pull-up on the respective portline was still activated for any reason, no significant LED-current will occur with this circuit. In addition, there are programming measures in place to safely avoid uncontrolled activation of the optocoupler in case of a firmware hookup etc.


    Find datasheets for all important components here.



    Top | Index


    Firmware

    BootSwitch-Firmware has been written in genuine Assembler, again to achieve the necessary reliability and transparency. By the way, some of the most important features of this application would have been impossible in a so-called "high level" programming.


    Top | Index



    Software

    BootSwitch does not require any software support.


    Top | Index


    Making of...

    Circuit board: My layout was designed for unilateral PCB of about 100 x 75 mm (or 100 x 80 mm). The download provides you with an artwork of 300 and 600 dpi of pixels resolution.
    If we plan switch some very power consuming 3,5-inch HDDs, a reinforcement of the 5- and 12-volt paths may be considered. Alternatively, if available, one may choose base material with double copper laminate.
    Do not forget to wrap the 2 bridges under Relay Re1-3 and Re1-4 ! They are vital for the microcontroller to detect sufficient Relay-charge and regular board power.


    Relays: DIL-type low-profile 12V, 2 changeover, rated 8A (e.g. Finder 41.52.9-12V). For small drives, i.e. Notebook HDDs or SSDs, we may also use the 2-Amps-rated DIL relays (e.g. Finder 30.22.9-12V). My PCB is compatible to both relay pinouts.
    Relay contacts: Since the load circuit is being closed even before the regular board voltages rise up, the relay contact's wearout is quite minimized. Yet, there is no indication that the contact set could overduly oxidize or corrode in this application, since from the moment the PSU was reenergized, there will be well enough minimum in the load circuit, i.e. the operating current for the switched HDD. Let's have a look at the datasheet to the finder series 41 relay: The minimum load was specified to about 300 mW. Any conventional hard disk drive will have multiple of this power consumption. Even SSDs need more power these days. (Intel Series 330 SSDs: 600 mW idle, 850 mW access). That is to say: Don't worry about her wetting current.


    Power connectors: The power supply to be forwarded to a "switched" HDD is being fed into the BootSwitch on X4 which may be a standard Molex connector (male) for direct soldering.
    Molex 8981 (weiblich) Stromversorgungsstecker Laufwerke [Foto: jt]

    There is no detachable connectors intended for X5x the power terminals. Unlike commercial products, we should not resort to those small "floppy" connectors in a 2.54-mm-pitch, since they are in limited to a maximum current of about 1 Amps. This seems quite weakly dimensioned not only with "fat" 3.5 inch drives.
    Instead, we should customize suitable cable harness with Molex or SATA-power connectors that will be directly soldered to the PCB of the BootSwitch. See photo of the sample board! No additional and possible loose contacts.
    Refer to the Pin 1 indication on the standard connectors, the PCB (a small triangle) and the standard colours of the cables!


    Drillings:
    0,8 mm for most through-hole components; 1,0 mm for connectors X1-X3 and relays;
    1,2 - 1,5 mm for the power connectors; 3,0 mm for M3-mountings



    Top | Index


    Howto obtain 5VSB from ATX-PSU

    (1)   At the 20- or 24-pin ATX
    mainboard connector,
    find 5VSB - violet - pin 9
    and (any) GND - black - e.g. pin 7
    (2)   Strip both cables
    (with cable stripper adjusted to approx.1 mm)
    few centimeters above main connector.
    Solder branch cable.

    (3)    Isolate taps. Fix branch cable to the wiring harness.


    DON'T FORGET: MODIFICATIONS IN YOUR HARDWERE
    IS YOUR PREROGATIVE AT YOUR OWN RISK!


    Top | Index



    Testing

    Functionality of the new boot drive should be tested "on the dry" before connecting to a productive system.


    Top | Index



    Remarks

    Superiority of concept: The proposed BootSwitch connects the selected HDD to the power supply, while the PC system is in OFF state. In contrast, most commercial hard drive selectors only work with the regular Board voltages. These can switch at the earliest when the PC has already been powered ON and board voltages fully returned. The logic of such HDD-switches will have to wait some time until board voltages have stabilized to a sufficient level. This implies that the switching of relays or MOSFETs cannot take place "simultaneously" with Power-On, and there is always a certain delay of some hundredths (at best) to tenth of seconds to be expected. This results in a comparably high current peak at the moment the chosen HDD was connected to the PC's power supply. Well, modern drive electronics should have protective measures on board, but its a matter of fact that the better alternative would be to not impose such additional stress to HDDs.
    One would expect, that the so-called "professional" hard drive switches at least provide some means of additional capacitors on the voltage rails, to smoothen rising times at the moment of switching. Unfortunately, datasheets and photographs of commercialized products gave NO indication that such protective measures were in place.
    Of course, I have sent some enquiry to manufacturers and distributors regarding these and other technical questions. No reply!
    Instead of anwering my questions, one distributor even tried stretching a sales pitch... So much for "transparancy" and "classy service"...!


    Real cold starts: Fully disconnecting PC equipment from the power grid (switchable sockets) will save lots of energy and avoid risk of fire and damage by voltage surge. If the computer is then really OFF, there will of course be no standby voltage at all. No problem either for the BootSwitch. It does not depend on a permanent standby power supply. Circuit and programming can safely cope with real cold starts. Controller starts only after 5VSB have reasonably stabilized. After approx. 2 seconds the charge pump will provide enough  energy for the next switching operation, and the firmware won't initiate switching with unsufficient energy. If the machine starts directly after mains power was reconnected, this may be caused by a wrong BIOS setting called "AC Power on failure". This feature should be disabled, as we want the PC to stay in Standby mode when the mains power returns.


    Power consumption: With real coldstarts (power supply was primarily switched off the grid, all voltages were down), the circuit will draw a maximum current of only 60 mA for a short time to re-build charge voltage. This is far less than allowable from 5VSB specifications. Just seconds later the standby current of the circuit will stabilize down to 25 mA. In a switched state (PC is running and one relay is held), the current is only a a few milliamps more because of the portline that is activated by the micro. At the 12-volts-rail, we have further current consumption of about 40 mA per relay. That is to say: The whole hard drive switching appliance will consume about 0.13 Watts in PC-Standby and 0.6 Watts in the PC-Powered-on state.


    Conflicting Power-on-events: Several "Wake-up events" can be configuered from the BIOS to start up a PC, e.g. via keyboard, network or other interface. Of course the BootSwitch logic will immediately detect, that the PC has been powered-up, but of course it will NOT switch on any harddisk, since it was too late for the maximum safety switching method. So, the BIOS will eventually find no bootable media and show up some terrifying message such as "non-bootable disk" or similar. Don't panic! Just shutdown the PC-power by the power-button and then start a new run.


    UEFI BIOS: In theory, the BootSwitch should reasonably work with UEFI-BIOS and with other partitioning schemes, like "GPT", since it is not dependent on the logic organization of bootable media. On the other hand, there is no reason for private users to renounce MBR!
    In practice, those who have engaged with the fantastic Secure Boot feature in UEFI, are virtually pinned down to the latest microsuck products and only a few Linux distributions by grace of the industry. Booting up from USB flash drives, CDs, or external HDDs to swiftly run some rescue system or backup tool, becomes a pain in the ass. Moving with an existing hard drive to a newer PC platform - no way.
    Old-fashioned users, still running Brain 1.0, are increasingly annoyed. Quite justified. With that UEFI as an "independent small operating system" with the ability to establish network stacks on its own, to interfere with ongoing data transfers, to terrorize users with its support for TPM, DRM and all this crap, the user is no longer owner of his own machine! Seems, that UEFI is really nothing about "security" in favor of the user. It is just another shabby attempt to enslave users in the interest of monopolists, content-mafia, hardware manufacturers and certain agencies!
    How long will the majority of 08/15 users endure this degrading, humiliating shit? How long are we going to tolerate the cynical propaganda and technical obstacles of self-entitled "industry leaders"?
    For the time being, when buying PC hardware, it is strongly recommend to choose a classic BIOS (which is still available for many ITX and industrial mainboards) or with BIOS that can be run without compromise in compatibility mode. Another option might be to specifically search hardware platforms, that can be equipped with Coreboot.


    Daily experience - Update 07/2015: Basically, circuit and firmware never gave rise to disappointment. I am using this boot switch in a productive system as well as on several experimentation setups for more than a year now. No unexpected startup-events, no suspicious S.M.A.R.T. values so far. Further it appears, that my initial concerns about "wetting current" were overestimated. Having monitored the voltage at power terminals of HDDs and SSDs from the instant when PC power returns several times, it is plain to see, that the contact piles won't deteriorate noticeably. No instability, noise or ripple was ever showing up.


    Legal note: The "BootSwitch" Project (Hardware, Software and Firmware) is a free and open documented development of Julien Thomas. It has been released under the terms of Creative Commons - Attribution - Share-Alike. That is to say: You are free to use, modify and even commercialize this project, but please respect the terms and conditions of the CC licensing deed.


    Top | Index



    Download




    Links

    1. Wikipedia on Bootmanagers and stuff: http://en.wikipedia.org/wiki/Multi-booting

    2. SATA-Specs (rev 3), free download: http://www.lttconn.com/res/lttconn/pdres/201005/20100521170123066.pdf

    3. Wikipedia on PC power supplies: http://de.wikipedia.org/wiki/PC-Netzteil

    4. Datasheets:
      ATtiny2313 (ATMEL Corp.): http://ww1.microchip.com/downloads/en/DeviceDoc/Atmel-2543-AVR-ATtiny2313_Datasheet.pdf
      MAX232 (original manufacturer MAXIM): http://datasheets.maximintegrated.com/en/ds/MAX220-MAX249.pdf
      Standard-Photocoupler PC817: http://pdf.datasheetcatalog.net/datasheet/Sharp/mXruvuu.pdf
      Schottky-Diode SR160 (1A,60V): http://www.datasheetcatalog.com/datasheets_pdf/S/R/1/6/SR160.shtml
      NPN-switching transistor BC337: http://www.fairchildsemi.com/ds/BC/BC337.pdf
      Technical annotations to Finder relays: http://gfinder.findernet.com//assets/Series/357/S41DE.pdf

    5. Download Benchmark "CrystalDiskMark": http://www.chip.de/downloads/CrystalDiskMark-Portable_47831538.html

    6. J.Thomas: "Festplattenumschalter als Bootmanager", FUNKAMATEUR 09/2014, S. 948ff www.funkamateur.de


    Top | Index


    Last revision: 12/2014, 01/2015, 08/2015, 07/2017