[SOLVED] Concerned about grub and its limitations.

edbarx · 11-06-2010, 02:53 PM

While updating my Debian (Squeeze) installation, grub-pc was updated but the upgrade complained that I was not using the MBR for the primary stage. It also warned me that only blocklists could be used on my system instead of the usual embedding.

What is wrong with grub-pc? Isn't it easy to mark core.img as unmovable, thereby preventing any accidental overwriting/displacement?

Before receiving this warning I always assumed that grub used some method to prevent its primary and secondary stages from being overwritten under normal conditions.

I am assuming disk formatting and partition moving and resizing as extraordinary disk operations as they normally don't occur with every session.

syg00 · 11-06-2010, 06:14 PM

Quote:

I always assumed that grub used some method to prevent its primary and secondary stages from being overwritten under normal conditions.

Bad assumption.
Legacy grub (grub1) did nothing to protect itself - it couldn't. Likewise grub2. Both include hard-coded pointers - it's just you are being warned about it now. Grub2 is probably more susceptible to problems, but I haven't seen any impact yet on several installations.

Pretend you never saw the warning, and you'll (hopefully) be no worse off than you have been in the past.

aus9 · 11-06-2010, 06:20 PM

hi

grub-legacy and grub2 are still in development but the difference is ....only grub2 is being further developed.

If you prefer grub-legacy you need to find a distro that does its own patches for whatever feature you need.

2) I think I understand your last line but do you do any moving or changing yourself?

3) Can you provide some details of how your system is setup?

eg

fdisk -l

and each format type that grub needs to see please

pls name your grub2 versions from your package manager

" I installed linux on /dev/sda2 ....dev/sda1 is my "c" partition and grub2 is in "boot" partition and I use image of it placed on C and modify boot.ini or whatever.

4) Can you paste your grub.cfg to

http://pastebin.com/

edbarx · 11-06-2010, 07:05 PM

I don't move files unnecessarily but fsck can do it without my knowledge.

Code:

root@edbarx-pc2:/home/edbarx# fdisk -l

Disk /dev/sda: 250.1 GB, 250059350016 bytes
255 heads, 63 sectors/track, 30401 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x1afd2e15

   Device Boot      Start         End      Blocks   Id  System
/dev/sda1               1        1567    12586896   27  Unknown
/dev/sda2   *        1568        1580      104422+   7  HPFS/NTFS
/dev/sda3            1581       14319   102326017+   7  HPFS/NTFS
/dev/sda4           14320       21078    54291637    5  Extended
/dev/sda5           14320       15594    10241406   83  Linux
/dev/sda6           15595       20693    40957686   83  Linux
/dev/sda7           20694       21075     3068383+  82  Linux swap / Solaris
/dev/sda8           21076       21078       24066   83  Linux

/dev/sda8 contains grub-legacy which has its primary stage installed to the MBR. This partition is completely independent as grub was manually installed by copying files, manual editing of menu.lst and by using the grub command.

/dev/sda5 contains / for Debian Squeeze. ext3
/dev/sda6 contains /home for Debian Squeeze ext3

Code:

root@edbarx-pc2:/home/edbarx# apt-cache policy grub-pc
grub-pc:                                                                                          
  Installed: 1.98+20100804-7                                                                      
  Candidate: 1.98+20100804-7                                                                      
  Version table:                                                                                  
 *** 1.98+20100804-7 0                                                                            
        500 http://ftp.fr.debian.org/debian/ squeeze/main i386 Packages                           
        100 /var/lib/dpkg/status

How the bootloaders are organised:

BIOS
|
|
grub-legacy /dev/sda8 (independent of all distros)
|
|--->grub-pc (Debian Squeeze)
|
|--->Windows 7

I have this complicated setup because I want to insolate distros from each other; I dont't want distros messing the kernel links of each other. You may say that I have only one distro but I wanted to have as much freedom as possible.

aus9 · 11-07-2010, 05:49 AM

well I am surprised that w7 hasn't attempted to redo your MBR thinking your current one is some kind of malware....heh heh.

Not forgetting some hardware makers put a hidden recovery partition on the hard drive to try the same trick because they don't trust that microsoft users know what they are doing so need a helping hand.

end of rant

good luck

edbarx · 11-07-2010, 07:56 AM

Quote:

Originally Posted by aus9

well I am surprised that w7 hasn't attempted to redo your MBR thinking your current one is some kind of malware....heh heh.

Not forgetting some hardware makers put a hidden recovery partition on the hard drive to try the same trick because they don't trust that microsoft users know what they are doing so need a helping hand.

end of rant

good luck

Well, before purchasing my laptop, I made it very clear to the vendor that I wanted Linux on it and that I was buying the laptop precisely for the reason of installing Linux on it. I also asked the vendor whether this violated the warranty and was told that software does not violate the warranty. Besides that, the vendor knows that I know what I am doing.

To be sincere, the new laptop (ACER ASPIRE 7715Z) made it difficult to install an OS other than Windows. But I happened to be wiser and found a way out of the labyrinth. In fact, I remember, windows booting with the MBR pointing at grub. I realised immediately that it was something that had to do with shooing potential Linux users away, but it takes quite a challenge to shoo me away.

Now, grub-legacy reigns supreme being housed in the MBR palace! The only glitch is that it doesn't clear the text after loading the kernel and that init subsequently overwrites the initial text without erasing it first! If there is a hack that I can apply to grub-legacy to erase text before init is loaded, I would be more than happy.

Thanks.

EDIT: to append more information

I have just used dd to make a handy backup of the MBR in case Window becomes envious reclaiming the first sector as its exclusive real estate! :lol:

Code:

root@edbarx-pc2:/home/edbarx# dd if=/dev/sda of=/home/edbarx/mbr.bak bs=512 count=1
1+0 records in
1+0 records out
512 bytes (512 B) copied, 4.2603e-05 s, 12.0 MB/s

aus9 · 11-08-2010, 02:48 AM

hi

thats not enough as you use extended partitions ok?

Personally I have 2 primary partitions setup for all-in-one partition for distro 1 and distro2...the third partiition is a shared swap and the last partition is huge and has my
virtualbox data files and partimage files

every so often the partimage files are also burnt to a dvdrw....but I use lxde so have smaller bloat

2) try

Code:

 sfdisk -d /dev/hda > /home/edbarx/part.sfd 

and to restore
sfdisk /dev/hda < /home/edbarx/part.sfd

http://linux.die.net/man/8/sfdisk

edbarx · 11-08-2010, 07:50 AM

Quote:

Originally Posted by aus9

thats not enough as you use extended partitions ok?

Why is it not enough?

aus9 · 11-09-2010, 03:49 AM

hi

ok well do this for me since you are keen to learn...all with root powers....my example is for a grub2 in mbr

Code:

dd if=/dev/sda bs=512 count=1 | strings


(my response)
1+0 records in
1+0 records out
512 bytes (512 B) copied, 1.7166e-05 s, 29.8 MB/s
GRUB
ZRr=
`|f	
\|f1
GRUB 
Geom
Hard Disk
Read
 Error

Now you tell me what data is going to be useful to tell what info is for any extended and logical partition?

hint....I don't have any but pretend ok?

2) now use root powers to backup your extended partition info from the commands you already know above

now run strings against it.....I don't have extended but yours is going to be

Code:

strings /home/edbarx/part.sfd

3) consider how tiny 512 bytes is....and that somepeople have lots of logical partitions

and finally the weakness of the system that is msdos table is...the info for next logical partition is known by the last logical partition .....read logical as meaning
sequential

4) finally....whats the point of backing up your data if we don't test it?

do a full backup to removeable media
copy of mbr
copy of sfdisk output

download a copy of testdisk unless a good live cd already has it

now wipe you mbr with root powers using a live cd

dd if=/dev/zero of=/dev/sda bs=512 count=1

now load restore your mbr and see if you can reboot?

(hint you can't restore all)

do not action any request to fsck but reboot live cd and restore mbr and sfdisk output

and see if you can reboot ok

good luck

ps as you have a full backup you should have a ok experience
otherwise you will won't believe any of my postings eh?

edbarx · 11-10-2010, 04:31 PM

I appreciate your patience to reply to my posts and I think I can now understand what you mean regarding logical partitions. To me they look like linked lists with each record containing two fields: one describing the current partition and the other is a pointer to the next partition. Each logical partition has four 16 byte partition records but only two are used. Since we are talking about a serial linked list, losing a record in the list, renders the successive records with no way of finding them.

So, the OS has to read the first record of the first logical partition from which it moves on to read the second, then the third, and so on. I am assuming that a sensible OS, remembers the placement of a particular logical partition to avoid having to inspect the preceding records to find it.

I don't know whether I am correct, but I think, if one can save the data together with the file permissions, one can easily restore a partition even in the case of a logical one. One may choose to use a primary partition, but that shouldn't make any difference as long as one edits /etc/fstab accordingly.

At the end, I very much appreciate your long reply, however at the moment, I lack time to risk experimenting with the MBR. I know logic states it must be safe, but in the real world, there is always a "you never know".

Thanks for your patience.

aus9 · 11-11-2010, 04:15 PM

hi

in that case rather than risk your data why not build a virtual machine such as with virtualbox and create at least 2 logical partitions then put an os on it then do the mbr and partiition backups.....wipe the mbr .....restore the mbr..........see if you can reboot .....then restore the logicals

I repeat.....it is safer to have a 4 primary partition system but to test out distros you then use virtual machines.

edbarx · 11-18-2010, 04:03 AM

You suggestion about restoring the MBR from a backup worked on another computer whose MBR was blown up by the Windows XP's installer. It restored everything not just the primary partitions.

I would like to add that backing up a logical partition should not be a problem. Moreover, restoring it should also be fine provided one does the necessary changes in fstab to account for any changes in the partition scheme.