| View previous topic :: View next topic |
| Author |
Message |
pste
Tux's lil' helper
Joined: 14 Dec 2004
Posts: 103
|
 Posted: Sat Feb 25, 2006 9:21 am Post subject: |
 |
|
Both the map trick and hide/unhide trick is well documented in the grub info pages (mainly under the section DOS/Windows) and for the map trick the GRUB guys state:
| Quote: |
grub> map (hd0) (hd1)
grub> map (hd1) (hd0)
This performs a "virtual" swap between your first and second hard
drive.
*Caution:* This is effective only if DOS (or Windows) uses BIOS to
access the swapped disks. If that OS uses a special driver for the
disks, this probably won't work. |
- which kind of support my argument about as much as possible trying to avoid tricks ... 
- and I do believe that XP is more probable of accessing drives directly (bypass BIOS) than the earlier MS os'es.
But, my experience is that hiding of partions works quite well (at least to make the different systems exist along each other - which I believe is the main issue), assuming that the GRUB mechanism uses the same partion table flags that my (old) partition magic program did. I will certainly try this myself pronto.. I've earlier successfully used Partition Magic's bootmanager to hide partitions and accomplishing having win98, winNT and winXP installed on the same hard drive all believeing that they are using the first active primary partition on the drive, -> all os'es had an individual C: partition and shared the other partitions... Grub partion hiding seems like a fairly easy and quite good security measure.
I think that the danger of having an (administratively priviliged) xp user (unhiding - I actually think this is possible to do in xp's disk manager...) and formatting the unknown (linux) partitions is the most difficult thing to avoid. Either you have to trust all your administratively priviliged users not to do this or you have to physically disconnect the drives when starting xp. Both the map trick and the strategy of using separate drives only alters the path of the different os'es files. Either way, if the system has the functionality to destroy another os (and most os'es do), the risk will always exist.
Frankly, this problem exists the other way around as well. I mean, your linux root user (you!) can easily format all the xp partitions as well, and how could you protect a xp system from that since linux is such a competent system?... That is, the only solution is to only give authority to users you can trust not to destroy the system. Obvious, isn't it? And besides, anyone can always use an old win98 boot disk (or a linux live cd) and format the entire drive, unless you are good at remembering to disable these boot features in BIOS and set a good password... Personally I think hiding partitions and thus making it necessary to take a deliberate extra step before you're able to destroy the system is a good thing. Making one system completely unable to destroy the other seems to me to be another ballgame.
Which leaves us with the issue about malicios software taking over xp and doing things. This is, as already said, quite a different issue than getting the systems to work properly alongside eachother... I mean, for system security, besides having strict control over users and their authorities you need to have a secure os and since we're writing in this forum we do think we need xp... well, sometimes you end up with only one solution left, you have to take some risks in life...
/pste |
|
| Back to top |
|
 |
Peowraaku
n00b
Joined: 15 Nov 2005
Posts: 12
|
| Posted: Mon Feb 27, 2006 10:57 pm Post subject: |
|
|
when I decided to install Gentoo on my main (windows) computer, I didn't want to trust Windows to not get pissed about GRUB being in the MBR. So, I installed GRUB to a floppy. You write your grub.conf just like in the Gentoo Install Docs, just at the end do this instead: http://www.gnu.org/software/grub/grub-faq.en.html#q4 Afterwards I flipped on the floppy's write protect, and whenever I want to boot linux I pop in the disk.
I'd think the same procedure would work on a USB flashdrive. If your BIOS can boot from one, that is.
That, in conjunction with Windows and Linux on seperate hard drives, would copmletely isolate the two operating systems, because even their bootloaders are seperated.
On my system, however, I bought a 200gb drive to replace my 80, partitioned it using linux fdisk so the first ~170gb is Windows, and the rest of the space I made all of my linux partitions on. Then I used Norton Ghost to copy my old hard drive to the new partition (being careful with Ghost settings so it didn't repartition my drive as 80gb!) Once that was done, I had my windows up and running. I then installed Gentoo and wrote the grub.conf to reference the partition Gentoo is on. I'm using Windows a lot more for games and such, so this setup works great for me. |
|
| Back to top |
|
|
albanard
Tux's lil' helper
Joined: 22 Nov 2003
Posts: 92
|
| Posted: Tue Feb 28, 2006 8:32 am Post subject: |
|
|
| Quote: | pste's post:*Caution:* This is effective only if DOS (or Windows) uses BIOS to
access the swapped disks. If that OS uses a special driver for the
disks, this probably won't work.
..
(unhiding - I actually think this is possible to do in xp's disk manager...) |
Does this mean an OS can get around the bios? I mean this in the original context of sundial's first post. If the actual bios could disable one hard disk before boot, could an OS later override that setting?
Al |
|
| Back to top |
|
|
pste
Tux's lil' helper
Joined: 14 Dec 2004
Posts: 103
|
| Posted: Tue Feb 28, 2006 5:54 pm Post subject: |
|
|
| albanard wrote: | | Quote: | pste's post:*Caution:* This is effective only if DOS (or Windows) uses BIOS to
access the swapped disks. If that OS uses a special driver for the
disks, this probably won't work.
..
(unhiding - I actually think this is possible to do in xp's disk manager...) |
Does this mean an OS can get around the bios? I mean this in the original context of sundial's first post. If the actual bios could disable one hard disk before boot, could an OS later override that setting?
Al |
Well, now we're into the section partially consisiting of speculations. I'm not 100% sure about this. But, I have a few observations that might clarify something...
First, I do believe that there are two ways for an os to access hardware in general and specifically hard drives. Either via some standardized set of BIOS instructions or *directly* via some other way (i.e. cpu/memory/chipset instructions). I rest this conlusion on (among other things) the following:
I have an old pentium-mmx computer configured as a file server equipped with four (ide) hard drives. BIOS does only detect the two smallest (and oldest) drives. That is, BIOS cannot low level format these drives and this leads to my conclusion that these drives aren't accessible at all through BIOS instructions. Simple os'es, like MS DOS, are due to this unable to use these drives.
However, the linux kernel detects the two newer drives inspite bios unability to do so and are perfectly capable of using them. I'm sure that if I for some odd reason should bother to install XP on this machine that the two newer drives would be accesible form there too.
The conclusion must then be that more advanced and capable os'es (hrrm, ok xp may sort under this label for now...) uses some other mechanism than the BIOS to access the hard drives!
Second, if the IDE channels are disabled in bios then even linux cannot access the drives. This is because such an entry in the BIOS is instead of having a jumper on the mother board and this is a totally different kind of BIOS action. This is a BIOS setting, not a BIOS provided functionality.
I doubt that sundial meant that grub (or any other boot tool) could disable this kind of bios access, but if it was possible than it would probably be a safe thing.
The caution in my other post referres to the fact that DOS (and earlier versions of windows) uses BIOS to access hardware, but has the possibility to use drivers to access hardware that the bios is unable to handle. That is, I might be able to make DOS access my two bigger drives if I managed to find some DOS-drivers for them...
As a summary: Yes, os'es do get around bios (limitations) by the use of hardware drivers. No, os'es cannot get around some (jumper like) settings. The latter is probably an unsafe statement since I bet that BIOS manufacturers could supply a software that could alter these settings and consequently it is theoretically possible for a boot manager to disable one ide channel but I don't think it's commonly available. And I certainly don't think that it's possible to disable one of two drives on the same channel this way. Did I manage to make myself totally impossible to understand with this...??  Or did I accidently answer your question albanard? 
/pste |
|
| Back to top |
|
|
albanard
Tux's lil' helper
Joined: 22 Nov 2003
Posts: 92
|
| Posted: Sat Mar 04, 2006 10:35 pm Post subject: |
|
|
| Quote: | | Did I manage to make myself totally impossible to understand with this...?? Or did I accidently answer your question albanard? |
No and Yes respectively  Strangely enough I understand you completely. Actually it was a very good explaination thanks. Good point about disabling the IDE channel affecting other hardware attached to that channel. Hadn't thought of that. I wonder if SATA has its own separate channel that can be tinkered with. I really know nothing about SATA so sorry if that sounds strange.
I think sundial was saying that you could save entire BIOS setting schemas and then choose between them at boot (i.e. the actual BIOS would prompt you to choose which saved schema to use, rather than any bootloader etc.). So if the bios has advanced enough settings to play with then that might be able to achieve it. I'd still love to hear of an example of those BIOSs (sundial?)so that I can go read the manual for one. I've had a look on the net but haven't been able to find one.
Al |
|
| Back to top |
|
|
albanard
Tux's lil' helper
Joined: 22 Nov 2003
Posts: 92
|
| Posted: Fri Apr 28, 2006 2:45 pm Post subject: Does EFI help |
|
|
| Does anyone know if EFI would help prevent operating systems access to other partitions, such as with the macbook pro? |
|
| Back to top |
|
|
huh_dude
Apprentice
Joined: 12 Aug 2005
Posts: 166
Location: Melbourne, Australia
|
| Posted: Wed May 03, 2006 8:11 pm Post subject: |
|
|
Sorry Albanard, I don't even know what EFI is.
Just noticed my post in this thread on page 1. One detail is not complete, I mentioned Grub installation is on the active partition, actually most newer BIOS allow the boot order of Primary and Secondary Master to be shuffled mine has room to drop the cdrom in front of those two as a 3rd device. Also Windows MUST be set as the active disk in the partition table, Grub dun care less, if Grub dun care less then Linux dun care either.
Grub gets 1st look at the system -no matter what- coz it lives at/in/between/under the 1st sector of memory read at boot. That is Low memory area. In a sense, the Linux boot partition where Grub is installed isn't really active it just gets looked at first, and Grub butts in as intended.
Secondly, because BIOS can set the order of Boot, Windows disk can go after Linux Disk (on the motherboard) it dun care as long as it is the Active Disk on the partition table. So: 1st boot device cdrom. 2nd HDD 1 (Secondary Master). 3rd HDD 0 (Primary Master). Grub's config then offers the boot selection, selecting Windows points Grub to the partition table's Active Disk root enabling Windows MBR read+execute for the XP bootstrap - voila. Windows takes over and Grub goes back to sleep.
Lastly, XP environment cannot see the Linux device. FDISK however can see and re-format unknown partition (Linux) but that is something unlikely to happen by accident. A recommendation is to save a copy System Profile (somewhere around Device Manager) and rename it Grub or something so the default can recover XP in any mishap. I forget why, but the Installation CD asks for a profile and the last one to be used when the OS gets a runny nose and won't boot is the one that halts launch until Windows is fixxed.
_________________
teh last part was important, setflags bit in...
#include <milk>
#include <iomanip>
int main()
{
const float large_mug=pourPot;
cin>> coffee | large_mug;
cout<<"Coffee"=coffee;
}
#make Coffee ..was zero, the program wouldn't work. |
|
| Back to top |
|
|
albanard
Tux's lil' helper
Joined: 22 Nov 2003
Posts: 92
|
| Posted: Thu May 04, 2006 6:04 pm Post subject: |
|
|
Thanks for the xtra info dude. EFI is a new standard that is coming out to replace BIOS. Its already used in some (most?) macintosh systems and I think new IBM compatible systems will start using it too. Not sure if any already do?
Anyway from the little that I've read about it, it seems to abstract dealing with hardware away from the operating system to allow for platform independant drivers to be created. How great would that be!! So I guess my queston in this regard would be if that stops something like windows having direct access to the hard disk, and only gives it access to a partition. I think EFI also does away with the whole concept of an MBR on the hard disk. Here is a link for more info on it if you're interested:
http://en.wikipedia.org/wiki/Extensible_Firmware_Interface |
|
| Back to top |
|
|
|
|
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum
|
|
Documentation, Tips & Tricks
