Re: Safe install

To: debian-laptop@lists.debian.org
Subject: Re: Safe install
From: Michael <codejodler@gmx.ch>
Date: Tue, 29 Sep 2009 23:10:08 +0200
Message-id: <[🔎] 20090929231008.2a8e4184@mirrors.kernel.org>
In-reply-to: <[🔎] 1254249417.5139.37.camel@linux-d59.Netz>
References: <[🔎] 21fe68dc0909260509k3bd1c99esb16bbb98b94bed7c@mail.gmail.com> <[🔎] 4ABE650D.2040602@clivemenzies.co.uk> <[🔎] 21fe68dc0909272325k9b1042u50fb83ad0e3854b6@mail.gmail.com> <[🔎] 4AC1E031.4080202@gmail.com> <[🔎] 21fe68dc0909290015m457342cofc4b28e0bc88d7ba@mail.gmail.com> <[🔎] 1254249417.5139.37.camel@linux-d59.Netz>

First of all, i've never tested it with Vista myself so i need to carefully restrict my statements to XP.

Both Windows and ThinkVantage have their own bootloader, and grub can boot that bootloader.
All you need is the chainloader command in grub.cfg (this is for grub2, but it's very similar for the legacy old grub).

In a Debian system, this file will be automaticly updated after every kernel install or update, and there need to be a 'safe' way to preserve custom entries. This is /etc/grub/grub.d/40_custom file.

For example, to insert grub boot entries for Windows XP on partition sda1 and Thinkvantage on sda2, you would put this into 40_custom:

!/bin/sh
exec tail -n +3 $0
# /etc/grub.d/40_custom:
menuentry "Chainloader sda1" {
set root=(hd0,1)
# insmod fat
# search --fs-uuid --set 0fa5641b-9105-4102-acf6-c68795e8bf62
chainloader +1
}

menuentry "ThinVantage sda2" {
set root=(hd0,2)
# search --fs-uuid --set 0fa5641b-9105-4102-acf6-c68795e8bf62
chainloader +1
}

Then run 'update-grub' (as root, or via sudo), it will update the 'real' config in /boot.

The fs-uuid directive should normally be not necessary, it is optional. The respective uuid of your specific partitions would be different of course. If you don't know what it's about just drop it :)

If you install grub into the MasterBootRecord (MBR) then of course the Windows code will be gone.
What you will see is that chainloading into Windows will launch the 'normal' Windows Boot menu.
However, stuff like hibernation and special boot keys will be affected.

Some 2 years ago a german guy on this list, Stefan Bellon, told me a way to boot into grub via the original Windows XP setup, which would preserve the original Masterbootrecord and thus keep Windows hibernation and blue Thinkvantage button working at startup (before any bootloader).

This works for XP, as far as i know Vista boots different, but probably can be setup in some analog way.

You would reinstall Windows MBR again (there should be some onboard M$ System Tool) and afterwards modify the Windows XP 'BOOT.INI' file to launch the grub code from the Windows harddisk.

You can copy that code in linux commandline with dd into a binary file, say 'bootgrub.bin' and put that on the Windows filesystem (just beneath the BOOT.INI). Since Linux has no good NTFS write support, you could for example put it on a memory stick for transfer, or use a Samba network or even just email.

An example BOOT.INI would look like that:

[boot loader]
timeout=30
default=C:\bootgrub.bin
[operating systems]
C:\bootgrub.bin="Linux Grub"
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP" /fastdetect
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP nogui" /fastdetect /bootlog /noguiboot /safeboot:network /sos

This setup was working with legacy grub, but i missed to prevent the package script from writing into the MBR when i mirgated to grub2. It didn't matter much to me, anyway, i think if the harddisk basically is ok, then i can launch ThinkVantage via grub quite as well, i just don't really need the button anymore. (And if the disk would not work, then also not ThinkVantage, so what. And there always are those pretty Recovery CDs). However, for this reason, i can't tell if it would work with grub2 exactly the same.

As a result, you will see the Windows boot menu, from where you can boot into Windows, or 'jump' to the linux grub bootmenu.

The used grub binary will read the grub.cfg configuration of the linux partition just as usual, and also that configuration will be kept updated via package managemant just as usual. However, you need to recognize that the bootgrub.bin code now is 'out of reach' for grub updates.

But, once it works, it works, so what. Most grub updates anyway would not modiy that bootcode anyway, especially with grub2 which is highly modular, and the modules are loaded dynamically from the linux /boot directory now. Most updates will go there, anyway.

If there would be a security fix just in that initial code, then you need to recreate the external binary file. But then, if you really need such a good security for your laptop, then you would do completely different things anyway, and in the end of that road it wouldn't matter how it gets booted, again, because the ultimate solution is to store any sensible information (like your complete home directory) on a small external encrypted device.

hth Micha

Reply to:

Follow-Ups:
- Re: Safe install
  - From: Robert Goley <ragoley@rdasys.com>

References:
- Safe install
  - From: Sayeh Ebrahimi <sayeh405@gmail.com>
- Re: Safe install
  - From: Clive Menzies <clive@clivemenzies.co.uk>
- Re: Safe install
  - From: Sayeh Ebrahimi <sayeh405@gmail.com>
- Re: Safe install
  - From: Aioanei Rares <debian.dev.list@gmail.com>
- Re: Safe install
  - From: Sayeh Ebrahimi <sayeh405@gmail.com>
- Re: Safe install
  - From: Dirk Linnerkamp <dirk_linnerkamp@vodafone.de>

Prev by Date: Re: Safe install
Next by Date: Re: Safe install
Previous by thread: Re: Safe install
Next by thread: Re: Safe install
Index(es):
- Date
- Thread