From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from list by lists.gnu.org with archive (Exim 4.71) id 1hP5tE-0006QY-Hw for mharc-grub-devel@gnu.org; Fri, 10 May 2019 09:48:44 -0400 Received: from eggs.gnu.org ([209.51.188.92]:37464) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1hP5tC-0006NB-CT for grub-devel@gnu.org; Fri, 10 May 2019 09:48:43 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1hP5tA-00032I-Fv for grub-devel@gnu.org; Fri, 10 May 2019 09:48:42 -0400 Received: from mout.gmx.net ([212.227.17.21]:45491) by eggs.gnu.org with esmtps (TLS1.0:DHE_RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1hP5t8-00030f-Gt for grub-devel@gnu.org; Fri, 10 May 2019 09:48:40 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=gmx.net; s=badeba3b8450; t=1557496116; bh=46pExF8ZDTbnBrMLyb/jQXrcD8J8qqNgdMwr+cJ1iXE=; h=X-UI-Sender-Class:Date:From:To:Subject:References:In-Reply-To; b=FJ2yBdQZS4O7CPPt30PQTN+jr4UHargLWz8Ic3A64JzLFNZNfR4wZdU3T+DRaFlHr +hjLz9QhL7S0SPnuaQQQau5T4zeIj6srABvEKdozZRNZSQacqUbPJDGopHFyLyRuxb LLyrdwz3DbQddYhW7ENJha/odEvB44PdZqRlGkMk= X-UI-Sender-Class: 01bb95c1-4bf8-414a-932a-4f6e2808ef9c Received: from scdbackup.webframe.org ([79.222.46.132]) by mail.gmx.com (mrgmx105 [212.227.17.168]) with ESMTPSA (Nemesis) id 1Mlf4c-1gz93W2AIk-00incv for ; Fri, 10 May 2019 15:48:36 +0200 Date: Fri, 10 May 2019 15:46:56 +0200 From: "Thomas Schmitt" To: grub-devel@gnu.org Subject: Re: grub-mkrescue: Problem with MBR partition table at start of EFI partition Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: quoted-printable References: <20190510121242.zr46jx7fzd7i6goj@pelzflorian.localdomain> In-Reply-To: <20190510121242.zr46jx7fzd7i6goj@pelzflorian.localdomain> Message-Id: <13693678472684223855@scdbackup.webframe.org> X-Provags-ID: V03:K1:bTyMn9HGKv4GKdGrNukCWPf5RKk01wlheRlUrMsT8tm9QYdshGZ 1Bci3Q9aOHk/BoTqfD8JXk5qGKcug9wK7bXWJEomaAaiHNgSPXmK8/35EE3Sj4rq+DNmzgT nAAeJ8bVblDKCFF023qJ3HifMxk+v2XJ/1svS2TBlIXkIr5MVCD/fUn9ckuowQHIqSrpxOf 0/ubq2L+rlQuk+dq9eXQw== X-UI-Out-Filterresults: notjunk:1;V03:K0:jauVB+MJnws=:RMOm9HXu5+Z+4wZDMftnwo hZG7l7WeAfN3HdDZrhcy8qDeQzu2JtMNS6zEm2q0oN7WC0k4rO4f3y4m4mXeDqoSJzR/+uGBH yYhM+CbIO2xXnb2eNua6jMT8BbZdYkziKUTXrU9qeNwKEVRbETc5BZN2I1lc95wpoxpUIec7f BZO8PPfvtHAybVa15Vw1T8aKBXvnDDHptUZiPL8yeI0fBqf2C/N3ssNK9n5dve0yZ+98uK2uz 4Wcphpi4fpjNiMfPQseaDkoan0ks0P1qzOhdnFosA1Qm28nM16uOYjMWS4lHuL2Zkxf1hNAdG 1Pfd5XN1gt74yq+RH+8i9vPxulFSz6OgD3cgJfVZBOAM0IZ5tDMCfI8WQw4afIbrgCzxhf8nG B95kMszP1um1UNlHodjCz8D0rIAtbfjaQ0AfBexYNlKKz0lOd+DO1xNJb+5QX6kGdzrGO5Is3 pMj5KDRj1cPVi2iYtAKC5oT9HCt+2MIKmgClGPdG/T3G139NLQs6HbBs7afTFFSGO0f9tgQHb 2hyiZLGQfHyYaJH+TxiE2SK3aNWR3oTMoYtjm4Moi/plcHdZLi++JiMyVSYrB2EZ2wxWuf/PX bnXQ9kzxDD8UT9Y/C9OfLV4d56pLhDRa9eHa8huiRxRJu/etxfMz2FpnUVThDFKsjprtQ1vrJ sP7IuAIilJpsLisKn132EE88eOqNLs+3ubGIPCITtOiZ9+pNJ9gB3nepOSq/q1hyJ9Y3bVpWy D7dJUMb58nqs/PMA/CYanUEBex7g/KBgE/lJp8/CpQJUYWsivyFO2qQTi5x0tLaq/lVSz9aET m8n3rvedy3x2XARVEijfHKB7FRTZ5HSzGIVB8RKBr1olNTGuwWMRSgSdXc3hLYp99k5W93AGS JtYvhY9dh6MxU4Wb4U7v/bILCTcGcHd1OqixGmymeJYrYjcGSFqDLcMMOD+StZg1Q/bVjSnSr gwebb9j4vwQ== X-detected-operating-system: by eggs.gnu.org: GNU/Linux 2.2.x-3.x [generic] X-Received-From: 212.227.17.21 X-BeenThere: grub-devel@gnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: The development of GNU GRUB List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 10 May 2019 13:48:43 -0000 Hi, Florian Pelz wrote: > I would like to test but on this bootable German Windows 10 > 32-bit+64-bit USB install medium, the content is different. How would > I find the offset in the USB image (you call it offset 454) which I > should zero out to break Windows? That would be offset 454 in the EFI boot image: Start LBA field of MBR partition 1. You may learn the block address of the image from xorriso: xorriso -indev "$ISO" -report_el_torito plain 2>/dev/null \ | grep 'El Torito boot img : .* UEFI' should say something like El Torito boot img : 2 UEFI y none 0x0000 0x00 1 515 The last number 515 is the 2048-byte block address of the EFI image. (That's from the japanese ISO mentioned at debian-user.) If you write four zero bytes at byte 515 * 2048 + 454 =3D 1055174, then there is start LBA 0 in the slot of partition 1. This should trigger the stalled boot process of the Macbook. But maybe the other bytes from 446 to 461 hamper recognition as partition table entry. So more similar to the mformat image would be to zeroize bytes 446 to 509 to clear the partition table, and then to write to bytes 446 to 461 what we see as partition slot 1 in the grub-mkrescue EFI partition: 80 00 01 00 01 01 12 4f 00 00 00 00 40 0b 00 00 =2D-----------------------------------------------------------------------= - If you are at it, i'd like to see a confirmation that the ISO indeed boots via El Torito from USB stick. (Interesting for GRUB as background info.) Please in the end spoil El Torito by zeroizing the address of the Boot Catalog in the Boot Record at 2048-byte block 17 (decimal). Byte offset 71 to 74, little endian. The ISO hexdumped by Chris Murphy has 0x00000016 =3D 22 : 00008840 00 00 00 00 00 00 00 16 00 00 00 00 00 00 00 00 So dd if=3D/dev/zero bs=3D1 count=3D4 seek=3D34887 conv=3Dnotrunc of=3D"$IS= O" You will probably see error messages when inspecting by software. Like $ xorriso -indev "$ISO" -report_el_torito plain ... libisofs: WARNING : Wrong or damaged El-Torito Catalog. El-Torito info w= ill be ignored. Or a clueless assessment without checking the catalog signature: $ isoinfo -d -i "$ISO" ... El Torito VD version 1 found, boot catalog is in sector 0 ... Eltorito validation header: Hid 0 Arch 0 (x86) ID '' Key 0 0 Eltorito defaultboot header: Bootid 0 (not bootable) Boot media 0 (No Emulation Boot) Load segment 0 Sys type 0 Nsect 0 Bootoff 0 0 This is still less intrusive than trying to remove the Boot Record or to camouflage it as something else. If my theory is right, then EFI should not recognize the USB stick as a device with EFI partition any more. Have a nice day :) Thomas