Jump to content











- - - - -

Windows 10 boot files and MBR in a VHD?


  • Please log in to reply
13 replies to this topic

#1 Guest_AnonVendetta_*

Guest_AnonVendetta_*
  • Guests

Posted 29 May 2019 - 06:53 PM

So, I'm trying to come up with a solution to a particular issue. Windows 10 is currently booting in legacy/CSM compatibility mode on a Samsung SSD, with an MBR partition table. I would like to use BestCrypt Volume Encryption to encrypt Windows. And it works fine, that isn't the problem. But in legacy mode, BCVE installs boot code to the MBR of the drive. Entirely reasonable, how else do you expect to authenticate and get in? I can directly chainload the MBR of the drive with GRUB4DOS, as long as G4D is installed to the MBR of another drive. And I can make a copy of BCVE's MBR and tell G4D to chainload that file, then just authenticate and I'm in Windows.

 

BCVE has the option to move a volume's encryption key(s) to external storage, either a flash drive, ISO, or network boot. Which allows me to boot from an external device. With this setup, the presence of BCVE's MBR on an internal drive shouldnt be necessary. I posted the following topic in Jetico support forum:

 

https://www.smokey-s...?topic=354792.0

 

A company engineer confirmed that BCVE will enforce the presence of its' MBR on the drive, even you have have configured the software to otherwise boot from external media. You can overwrite BCVE MBR when not in Windows, but as soon as you are back in it will detect the change and restore its' boot code. Even with a MBR write-blocking driver like MBRFilter, it seems not possible to prevent BCVE from restoring its' code. And, even if you could, it will still nag on every boot about the MBR having been changed by an unknown program.

 

In my tests I did notice something that I overlooked before, see the following screenshot:

 

https://imgur.com/a/EzpxNSz

 

On the first disk (disk 0), it shows that the C drive is the Boot partition (because it's where the OS is), not marked as active, and contains no boot files. On the 2nd disk (disk 1), there is a System Reserved partition, which is marked as active, contains boot files, and is called the System partition by Windows. I did not create this partition setup, it just happened that when 10 was installed, it chose to place C drive onto disk 0 and System Reserved onto disk 1. I discovered it after the fact and decided it wasn't worth bothering with, since it wouldn't affect my ability to create new partitions, install new OSes, etc. Getting to the point, in this setup BCVE installs its' MBR code to disk 1 rather than disk 0. So, it doesn't necessarily care where the C drive lives, its' real concern is the location of the volume that contains boot files (System). And that in turn will determine what drive the MBR code is installed to.

 

However, this means that I still have to give BCVE control of the MBR of one drive or another (whatever it is), and I much prefer to be in control of what boot code my drives have. I may want G4D on disk 0, GRUB2 on disk 1, and Clover on disk 2.

 

So, I would like to try something new but am not sure how to proceed:

 

Windows 10 installed into a "real" partition on any drive (preferably disk 0 since it is the fastest SSD I have), I don't think it matters whether the partition is primary or logical

 

Create a small VHD disk, up to 1GB in size. Create a primary partition on that, mark it as active, and install default Windows 10 MBR code into sector 0 of that VHD. Then, find a way to chainload that entire VHD with GRUB4DOS. Once in Windows, I can install BCVE and try to encrypt, to see how BCVE reacts to System Reserved being in a VHD. If it works then it *SHOULD* install its' boot code into the VHD's MBR, which should be trivial to load with G4D. Then I can have whatever loader code I want on whatever drive I want, and BCVE can enforce its' MBR code onto a virtual disk that I don't care about, because its' only purpose will be to house BCVE's MBR and 10's boot files. As for the location of the VHD itself, it will be on a bigger unencrypted NTFS partition that will serve other purposes ( I could probably make it FAT32 so it could also be used for UEFI booting, but it would be quite large for that purpose).

 

I just need instructions on how to create this setup. Another concern will be, whether encrypted or not, will the VHD remain mounted after Windows is booted? It is, after all, where the boot files live, so I'm sure Windows will try to maintain access to it while the system is in operation. And Windows can natively mount a VHD without 3rd-party drivers, no issue. If everything works as expected, then hibernation should, as well as updates. With none of the negative side effects discussed in the 'Hack Bootmgr to boot Windows in BIOS to GPT' thread.

 

Another option is to do a UEFI on MBR setup, which I've tested, BCVE works fine in this setup once a few quirks are worked out. Install and boot encrypted Windows in UEFI, while booting other OSes in legacy mode.

 

Or, I could just do a standard UEFI on GPT, but I'm not a 'standard' type of guy. If I wanted to boot my OSes in the 'normal' way then there is no need for me to post on this forum, there are other places for that. BIOS on GPT would also work, but may wreak havoc if I intend to encrypt, I'm not sure how BCVE would react to such a setup, and prefer not to test that if it isn't necessary. Linux booted in legacy mode on GPT would present no real issues, I have done it and it works fine. It is always Windows being the wild card that throws a monkey wrench into the mix.

 

Thanks!



#2 Guest_AnonVendetta_*

Guest_AnonVendetta_*
  • Guests

Posted 07 June 2019 - 12:40 AM

With no answers so far, I decided to do more testing. I formatted a 1TB internal HDD with MBR. First partition is 16GB, active, NTFS, and empty. 2nd partition is an extended that spans the rest of the disk, with a logical NTFS partition in that takes up all of the extended.

I then formatted a 8GB USB flash drive as NTFS, marked as active. W10 Pro for Workstations is installed to the internal logical with imagex. Boot files installed to flash drive with bcdboot. I used bootice to install a Windows NT 6.x MBR to the flash drive. But it wouldn't boot, got a "this isn't a bootable disk". So I copied Grub4Dos files to flash drive root, and bootice to install grldr.mbr to flash drive MBR.

After that I booted from flash drive, it chainloads the installed 10 on the logical. Setup completes uneventfully. In disk management the FDD is shown as the System volume, and C drive as the Boot volume. Exactly what I expected.

After that, the real test:
I installed BestCrypt Volume, began crypting C drive. It doesnt mention the FDD at all, and installed BCVE's MBR to it without complaint. Booting from FDD brings up BCVE pass prompt, auth successful, Windows boots. BestCrypt doesn't complain about the MBR. Attempting to boot directly from the HDD's MBR gives no error, but nothing happens except a blinking cursor, indicating that BCVE didn't install a fallback MBR to the internal HDD.

Afterwards I resized the FDD partition down to 1GB, then used RMPrepUSB's drive to file function to make a raw image of the drive, up to the end of the last sector of the 1st partition. I then placed this file into the empty 16GB partition, copied GRUB4DOS files there as well, and installed grldr.mbr to HDD MBR. After that I used this in menu.lst:

http://reboot.pro/to...os/#entry137480

The VHD bit was changed to img. And bootmgr was changed to chainload the MBR of the img, since I can no longer chainload bootmgr directly to boot encrypted W10:

find --set-root /10ProWSBoot.img
map /10ProWSBoot.img (hd31)
chainloader (hd31)+1
rootnoverify (hd31)

G4D drops me into a shell prompt, trying to process the commands manually got errors like must specify number of heads, and another error I can't remember. In short, it doesn't work.

I had previously tried same approach as above, but installed W10's boot files into a small VHD, along with Windows NT6.x/G4D MBR to VHD's MBR. Trying to load that with G4D gave similar results, but with complaints about sectors instead of heads.

Boot files in a VHD is my preferred approach, instead of an FDD or a raw img, since Windows should hopefully map the partition directly once the transition from real mode to protected mode is finished. That is, of course, assuming that BestCrypt doesn't gripe about a VHD being the System volume, and if it doesn't insist on messing with my internal drive's MBRs.

Will I need a 3rd party driver to keep the VHD mounted after boot? Or will it be lost once protected mode transition happens? If so then my guess is that there will either be a boot error, or the system volume will simply be lost until reboot, resulting in nonfunctional hibernation, updates not installing, etc.

Thanks!

#3 Guest_AnonVendetta_*

Guest_AnonVendetta_*
  • Guests

Posted 08 June 2019 - 05:41 PM

In a 2nd reinstall and more testing, I've discovered that it isn't necessary to install G4D files to the flash drive, nor is it necessary to install G4D's MBR into flash drive MBR. To make it bootable, I just had to use bcdboot to install boot files, bootice to install Windows 6.x MBR to flash drive, and bootsect to install default Windows PBR code. After that, the flash drive is bootable without an external bootloader, and it chainloads the unencrypted W10 just fine. Encrypting with BestCrypt results in BCVE's MBR code installed onto flash drive, since it's where the System volume/boot files are located. From there just boot flash drive, enter password, I'm in. And with no boot code installed to the internal drive, noone can access the OS unless they have my flash drive and password. I also resized the System volume down to 512MB, which still leaves it with enough free space even if updates etc update the System volume.

But now I would like to either:

1. Make a raw image of the flash drive, place it on an unencrypted internal partition, then use G4D to chainload the image's MBR.

Or:

2.Find a way to convert the flash drive contents into VHD format, with MBR intact, then chainload the VHD's MBR with G4D.

There is still the issue of the System volume possibly disappearing after boot, or worse, a BSOD in the event that Windows can't map the raw image/VHD. Not sure if either of those will happen. In any event, I won't be locked out of Windows, since I have the flash drive as a failsafe booting method.

Just need some help with what to put in menu.lst. Thanks!

#4 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 09 June 2019 - 07:24 AM

About:
2 convert the raw image to VHD
 
A VHD (fixed type) is a RAW image with a single "CONECTIX" footer sector appended.
 
There are a number of tools capable of making this sector and thus of converting from RAW to VHD.
 
Easiest is Karyonix's one:
http://reboot.pro/to...images/?p=83781
 
But Clonedisk can also do it (among a number of other things):
 
No matter if you convert it or not, if you use grub4dos you are booting from a RAW image (i.e. non-native booting) and you will need a driver (Firadisk. Winvblock or - nowadays - SVBUS) in the OS, unless you use the grub4dos only for a temporary mapping and you manage to chainload from it the "normal" BOOTMGR/BCD with an entry for the VHD.
 
Whatever you are doing this cannot possibly work:
 

find --set-root /10ProWSBoot.img
map /10ProWSBoot.img (hd31)
chainloader (hd31)+1
rootnoverify (hd31)



The image needs anyway to be hooked after having been mapped, i.e.:
 

find --set-root /10ProWSBoot.img
map /10ProWSBoot.img (hd31)
map --hook
chainloader (hd31)+1
rootnoverify (hd31)


Not that the above will necessarily work, but at least it is in theory correct (the image is mapped to a device AND it is hooked).

AND, I wouldn't use (hd31), but rather (hd0) or (hd1) depending on your setup.

:duff:
Wonko
  • antonino61 likes this

#5 Guest_AnonVendetta_*

Guest_AnonVendetta_*
  • Guests

Posted 10 June 2019 - 10:36 AM

When I tried to get G4D to load a VHD it complained about sectors. And with an img, something about heads and some other message about sectors (different from the VHD warning though). Maybe the Connectix footer sector messes with it? I'm assuming it's safe to just ignore the warning? Or maybe, there is some command I can use in menu.lst to suppress the warnings (i.e. tell G4D to silently ignore them and proceed anyway)? Or, do I need to take action and address the cause of the warning so it doesnt appear again?

If not converting an img to VHD (starting clean, say, for VM tests), then what tool should be used to create the VHD? I think diskpart/Disk Management should be fine for this. And this way there is the added advantage of being able to create a VHD from W10 setup media, without 3rd party tools. I still think VHD is better than img for my purpose, since Windows natively understands and mounts VHDs.

Since Windows understands VHD, how is it non-native booting? MS supports VHD for booting, although it may depend on the Windows edition. I know that 10 Enterprise and 10 Pro for Workstations support VHD boot, not sure about lesser editions like Home. Although, when they say VHD boot is supported, they probably mean only for the C drive, not the System Reserved volume. I checked on some of their doc pages and couldnt find any references to System Reserved being in a VHD.

I dont mind using a driver to keep the VHD mounted after boot, as long as it has a digital signature. SVBus looks good. It seems it is possible to integrate the SVBus driver into an install.wim, as well as importing the needed Reg entries, so it would be a part of the OS even on a clean install, even better. Or would it be better to chainload the VHD with bootmgr/BCD? Currently bootmgr/BCD are inside the VHD, so not sure how that would work.

Would the SVBus-mounted VHD be seen as fixed, removable, or floppy. Fixed disk is ideal.

PDiddy's G4D help pages didnt mention map --hook in relation to images, so I didnt think to include it.

About what hd assignment to use, I currently have 3 fixed internal disks. So hd3 or higher sounds right. I think that G4D considers the disk its' MBR is on is disk 0, regardless of what is being loaded. Or does it only care about the location of grldr and menu.lst?

I've also been thinking on whether to use G4D's regular 16 sector MBR, or the 1 sector UMBR. But I cant find any info on how to install the UMBR and point it to menu.lst.

#6 antonino61

antonino61

    Gold Member

  • Advanced user
  • 1525 posts
  •  
    Italy

Posted 10 June 2019 - 11:08 AM

IMHO, all I think you need is a chat with wimb, the Flying Dutchman. With the help of the info-tech top brass of the community here, he managed to create a few pieces of software that lend themselves to what seems to be your purpose, which looks no different from everybody's. He is very considerate and not prone to theorizing or philosophizing that much. As I said, he is Dutch, so he is very pragmatic (the most useful thing for the most useful purpose). To cut a long story short, he made a vhd wimboot baker, with which u can bake as many wim+vhd as ur mass storage space will allow. For that matter, your point about the svbus driver being pre-embedded in the setup source would be without basis for want, as u can play around with these combos (which amount to less than 7gb together at most) indefinitely. As far as I am concerned, I do not know the exact stage in which svbus.sys entered the \windows\system32\drivers directory, as I do not know how many windows install sessions I have gone thru so far either (in so short a time and starting from no formal setup source at all). Of course u start from a wim but it could be an interim wim as well. Now I do not want to talk in his stead, so all I can suggest is that u contact him and he will considerately and pragmatically lead u thru the right path, I am sure. Long live wimb, the Flying Dutchman!

 

Ps.: not to mention wimcompress, but then again, he will tell u about it in more detail.



#7 Guest_AnonVendetta_*

Guest_AnonVendetta_*
  • Guests

Posted 10 June 2019 - 11:25 AM

@antonin61: No, thanks, I'm doing this my way. I have no intention of getting ppl involved in this topic, unless they post of their accord offering help. If Wimb wants to post then he will. I'm not really a friendly guy anyway, one on one interactions are my weakness, esp if I'm initiating.
  • antonino61 likes this

#8 antonino61

antonino61

    Gold Member

  • Advanced user
  • 1525 posts
  •  
    Italy

Posted 10 June 2019 - 11:27 AM

right u r



#9 Guest_AnonVendetta_*

Guest_AnonVendetta_*
  • Guests

Posted 10 June 2019 - 12:05 PM

@antonino61: I doubt this wimb guy is all that special, there are many here (me not being one) that have been here alot longer than him and contributed far more. You have some weird logic going on, just because someone is Dutch doesnt necessarily mean they are likely to be pragmatic, just like being American doesnt mean you fit the stereotype most of the world has of us (dumb/arrogant/stuck up/know-it-all, etc). And I dont need nor want someone to lead me by the hand and be my mentor. Which is basically what you suggested. I learn better by working alone, testing ideas on the fly, and interfacing with others when necessary but prefer to avoid it. My goal in any community is to sit back and absorb info, while making no significant contributions in return. If I ever do come up with anything that others here might find useful, I'm not likely to share it, due to Nuno's unreasonable policy that works posted here essentially become community property. I prefer to control my content, method of distribution, and where, ideally on a site I either own or control.

#10 antonino61

antonino61

    Gold Member

  • Advanced user
  • 1525 posts
  •  
    Italy

Posted 10 June 2019 - 01:10 PM

My dear vendetta,

I am not so ambitious as to afford to prefer to do things on my own. I do not even think it is that easy to have a very sound American stereotype. too variegated a nation to have one. btw, nothing wrong with stereotypes, it is what use one might make of them that is possibly questionable. anyway this wimb guy might be very young, but first try his software, I would suggest then we will have a chat again if u wish. no harm in trying, I woudl say. if you did, you would not bother racking your brains with menu.lst,. it is the software that would do it for u. after that, if u find some glitches, or anything that wants improving, that could be done by delving upon it, it is quicker and u would not have to start afresh. which would be against technological progress, but of course I would leave it up to u. it is a different way of looking at the world altogether, though.

nino



#11 antonino61

antonino61

    Gold Member

  • Advanced user
  • 1525 posts
  •  
    Italy

Posted 10 June 2019 - 01:10 PM

My dear vendetta,

I am not so ambitious as to afford to prefer to do things on my own. I do not even think it is that easy to have a very sound American stereotype. too variegated a nation to have one. btw, nothing wrong with stereotypes, it is what use one might make of them that is possibly questionable. anyway this wimb guy might be very young, but first try his software, I would suggest then we will have a chat again if u wish. no harm in trying, I woudl say. if you did, you would not bother racking your brains with menu.lst,. it is the software that would do it for u. after that, if u find some glitches, or anything that wants improving, that could be done by delving upon it, it is quicker and u would not have to start afresh. which would be against technological progress, but of course I would leave it up to u. it is a different way of looking at the world altogether, though.

nino



#12 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 16066 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 10 June 2019 - 01:13 PM

A warning is a warning (and not necessary an error).

 

Since (for all grub4dos knows) a static VHD is a RAW image, it will find  that its size has "excess sector(s)" where surely there is one sector (the appended "Conectix" footer) but often - it depends on how exactly the image has been partitioned - there may be more than one "excess" sectors and it will warn you.

You may safely ignore this warning.

 

The other message about heads sectors may (or may not) be relevant, again it depends on the image, its size, the exact way it is partitioned, etc. 

 

With no DETAILED report on the image and how it is partitioned AND of the EXACT messages grub4dos gives, there is no way to be more accurate.

 

About the difference between "native" Windows VHD booting and "non-native", please re-read the thread you already found, it has been written there (and all over the place):

http://reboot.pro/to...hd-in-grub4dos/

http://reboot.pro/to...b4dos/?p=137500

 

:duff:

Wonko



#13 Guest_AnonVendetta_*

Guest_AnonVendetta_*
  • Guests

Posted 10 June 2019 - 01:43 PM

@antonino61: NO, we will not have this convo again, PERIOD, end of discussion. You dont understand me at all, you seem to like the easiest and quickest way possible. I dont mind spending the extra time, it keeps me occupied, and from engaging in destructive activities, which I'm prone to do. Besides, I'm in it to learn and mess around with ideas. I dont want software to do the work all the time, I would rather have an understanding of the process. As I've said, if wimb wants to post then he will.

 

Which reminds me, you're nothing but a time waster. You join this topic offering no advice on how to achieve what I'm after, instead offering your own worthless opinion of how you think I should proceed. How about butting out instead?



#14 antonino61

antonino61

    Gold Member

  • Advanced user
  • 1525 posts
  •  
    Italy

Posted 10 June 2019 - 02:38 PM

Then again, right u r. Me I am not a time waster, I have learned a lot of things here; I am pretty much more of a stochastic Erasmist and Iconoclast  giving the world advice, but again, right u r.






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users