Some Windows Apps Make GRUB 2 Unbootable

KwahAG writes "Colin Watson, one of the Ubuntu developers, published in his blog information about Windows applications making GRUB 2 unbootable. Users of dual-boot Windows/Linux installations may face the problem, which boils down to particular Windows applications (Colin does not name them, but users point at least to HP ProtectTools, PC Angel, Adobe Flexnet) blindly overwriting hard disk content between the MBR and the first partition destroying information already stored there, in this particular case — the 'core image' of GRUB 2 (GRand Unified Bootloader) making the system unbootable."

I thought nothing was supposed to be there

[guruevi]

... and that's the reason why BIOS 'virus protection' blocks access to that portion of the hard drive. Too bad that DRM breaks everything once again and too bad the mainstream of users isn't affected by it.

WTF is the "embedding area"?!

WTF is this "embedding area?" It sound like GRUB is misusing the disk geometry to find unused space and then getting upset that other programs do that too.

Googling for "embedding area" find that it's a term that GRUB 2 made up and that it's not really a part of anything. In fact, apparently this space doesn't even exist under EFI systems, and that this "embedding area" is an artifact from DOS.

So, basically, GRUB is misusing the disk to store information in a place it has no right to be touching, and then getting upset that other people make the same mistake. Genius.

Re:WTF is the "embedding area"?!

[vadim_t]

I wasn't imagining that I was forced to manually type out a list of blocks occupied by the file. But I was concerned by exactly what you say. Dear God, why do it like that?

It's the same thing LILO did, which is why most people use Grub now.

And the reason why is because the MBR is tiny, and has no room for code that reads say, ext4.

The MBR did the boot menu and loaded the boot sector from any given partition. That boot sector would do as you say. You don't need to "bet" - it's pretty much what I said :-).

The MBR has no menu. The basic stuff is "find active partition, load first sector, jump to it". With Grub it's more like "load code from embedding area, run it". Which contains enough to read things like ext4 to load the rest.

Really? So why does GRUB need any extra-partition space?

Because there's no room for filesystem reading code in the MBR. Especially not for reading all the formats Linux supports at once (what if you want to boot from FAT, ext3 and zfs?)

If you're thinking grub should load the code from some fixed space in the Linux partition, then every single FS would have to agree to reserve that space. Including the ones like JFS that come from elsewhere.

Why wouldn't you be able to retrieve the boot sector of an extended partition? Obviously some operating systems (Windows) will assume they're booting off a primary partition and break unless their boot sector is tweaked, but this isn't inevitable.

In my understanding, a partition having a boot sector is a DOS convention, that other filesystems don't necessarily follow. I think 512 bytes at the start may be mostly guaranteed, but again, you're not going to read things like reiserfs in that little space, so you're back to having the same problem.

Which is why it should load a second stage from a system or other partition.

It can't read it from "other partition" because if there is a filesystem there, it has to understand it, and 446 bytes is not enough.

If you mean a special, reserved partition, then that reduces the number of primary partitions for other purposes to 3, which creates compatibility issues. And if there are 4 primary ones already, you're screwed.

Resuming: the way x86 computers boot sucks, and boot loaders have to be written with those constraints in mind. The whole "embedding area" is a horrible hack, but the alternatives have significant issues as well.

Re:WTF is the "embedding area"?!

[thsths]

> Though adobe in this one looks like they deserve to be slapped around a bit, if the conjecture is accurate.

Adobe deserve to be slapped around a bit (and then a bit more). Period.

Otherwise I think the problem is (again) the BIOS. It only loads the 1st sector to boot, when 63 sectors (or 2048 with EFI) are reserved. Back in the old days you could just fit some FAT16 code in there to find the DOS image - but only at the expense of error handling. Nowadays you have to load the next stage from a fixed position - and the only position that is certainly fixed are the other 62 sectors. So they are the logical place for a boot loader.

You could add a boot partition, but with only 4 partitions available, that would use up a very limited resource. And I guess even if you put a boot partition into the first 63 sectors (which is now perfectly possible), Adobe would still overwrite it (and Windows would possibly freak out).

It is free for all region

[Technomancer]

While MBR has some function, the rest of sectors between MBR and the first partition was always a great area.
Many MBR viruses put their stuff there. Many stupid programs use it to store DRM data, so they can check whether they were copied to other computer
If GRUB is using this region too, it is equally stupid. There is no protocol for allocating this area and there is no guarantee that this data is not going to be overwritten by any other stupid program.
So nothing to see here, move aling, it is just Core Wars between stupid programs.
GRUB developers should have known better.

Another example of DRM fail

[Andorin]

From the article:

At least some occurrences of this are with software which writes a signature to the embedding area which hangs around even after uninstallation (even with one of those tools that tracks everything the installation process did and reverses it, I gather), so that you cannot uninstall and reinstall the application to defeat a trial period.

So once again DRM is fucking with peoples' abilities to use their computers. Except this particular bit of DRM doesn't just screw with Windows; it could potentially screw with every OS on your drive (or screw with your ability to access them, at any rate).

Yeah, it's not conventional DRM, but it's a form of DRM in that it restricts the user in some arbitrary way (and, I ought to add, breaks something else in the process... that too should be part of the definition of DRM).

Re:Solution:

[mysidia]

This is not a problem for the most important Linux systems which are not dual boot.

Most systems that are dual boot are workstations, not servers. Meaning the person who uses the system every day is most likely using Linux.

I think the solution is for the Linux installer to create Windows icons and a Start menu item group with two things.... A "boot Linux" icon (for launching loadlin)

And a "fix grub" icon, for fixing grub, no matter what some dastardly windows program has done to it.

Re:HP ProtectTools

[Joebert]

I'll just leave this here.
http://h30434.www3.hp.com/t5/Operating-systems-and-software/New-laptop-harddrive-non-OEM-Vista-disk/m-p/314927

Turbo Tax Did It First

[McD]

We've been down this road before. In 2003, Intuit's Turbo Tax (for tax year 2002) pulled the same stunt, indiscriminately overwriting sectors at the beginning of the disk (outside any partition) and trashing people's bootloaders.

All in the futile pursuit of DRM. That's reason enough for me to use Tax Cut, instead, every year since.

Nothing new

[eggman9713]

This has been a problem with older versions of Dreamweaver. As part of the copy protection, it would write data to the space between the MBR and the first partition. Steve Gibson talked about it on Security Now episode 132 (circa 2008) when discussing how this issue fubar'd TrueCrypt (unless you had a recovery CD) just after it came out with its whole-disk encryption ability.

Re:Move along

[Nimey]

Heh, funnily enough that's exactly what Windows 7 does. If you install it to an empty drive, it'll create two partitions - one small one (a couple hundred megs?) for the boot loader, and the rest for Windows itself.

Flexlm rant

[dbIII]

Flexlm is about as evil a piece of software I've ever seen. It only exists to punish the innocent that have actually paid for the licence and to fleece the software vendors that have paid for this bit of rubbish that is easier to circumvent than it is to use. Due to compatibility bugs I'm still running a fucking RedHat7.2 machine just to feed the other Centos5 machines a licence - so one machine doing nothing but burning electricity and handing out a licence. Running it in a VM would of course void the licence, as would one of the many simple workarounds to disable flexlm.
A later MS Windows version I had the misfortune to use had a Y2K bug in 2008! With an update our perpetual licences were marked as expired in 2000. It took two weeks to get a fix out of Macrovision.

Re:Solution:

[Alex+Belits]

Virtualization is the last refuge of a horrendously mis-engineered operating system.