Jump to content











Photo
- - - - -

Add Grub4Dos to flash chip / boot ROM


  • Please log in to reply
35 replies to this topic

#1 supaJ

supaJ

    Member

  • Members
  • 51 posts
  •  
    Canada

Posted 19 June 2010 - 11:10 AM

It would be nice to be able to add grub4dos or some other bootloader to your NIC flash chip/bootrom - or even the MOBO's Bios. In that way you would have a secure bootloader which cannot be erased/modified when a new OS is loaded. Has anyone ever tried this before?

#2 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15400 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 19 June 2010 - 11:17 AM

It would be nice to be able to add grub4dos or some other bootloader to your NIC flash chip/bootrom - or even the MOBO's Bios. In that way you would have a secure bootloader which cannot be erased/modified when a new OS is loaded. Has anyone ever tried this before?

Yes. :cheers:

Though not with grub4dos AFAIK.

Some:
http://rayer.ic.cz/romos/romose.htm

http://www.plop.at/
http://www.plop.at/e...ger.html#plprom

Finding an usable eprom (in the common case where the NIC hasn't one but has the socket) may be tricky, some info:
http://tldp.org/HOWT...HOWTO/a628.html

:thumbup:
Wonko

#3 supaJ

supaJ

    Member

  • Members
  • 51 posts
  •  
    Canada

Posted 19 June 2010 - 12:50 PM

Yes. :thumbup:
Though not with grub4dos AFAIK.

Something is mentioned here and it involves grub4dos strip down to 64K - some of the modules were left out. Apparently this can be use on an NIC or Bios. It's a google chinese-english translated page and I'm unable to deduce much more from it.

#4 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15400 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 19 June 2010 - 01:03 PM

Hopefully tinybit, the post Author Bean or some of the other good Chinese guys around may be able to provide some more insight and a more recent version.

Judging from the date of the post the still downloadable:
http://grub4dos.sour...ub4dos/grub.bin
http://grub4dos.sour...ub4dos_test.bin
http://grub4dos.sour...b4dos/grub2.rar
should be mini-grub4dos 0.4.3-something


But it seems to me that the google translation is quite effective, the only problem may be a reduced set of capabilities when compared to current grub4dos releases.

Additional info:
http://www.wimsbios..../topic3469.html
(and yes I'm cheap :cheers:)

OT, but not much:
http://sites.google....site/pinczakko/


:thumbup:
Wonko

#5 Sha0

Sha0

    WinVBlock Dev

  • Developer
  • 1682 posts
  • Location:reboot.pro Forums
  • Interests:Booting
  •  
    Canada

Posted 19 June 2010 - 02:02 PM

You can embed GRUB4DOS into a gPXE/iPXE ROM (.rom) build. Such a build is suitable for burning onto NIC ROMs or incorporating into a BIOS image using some BIOS image compilation utility. As long as it fits!
$ cd gpxe/src/

$ make EMBEDDED_IMAGE=~/grub.exe bin/8086100f.rom
Where 8086100f can be replaced with another string of the form VVVVDDDD, where VVVV is the NIC's vendor's ID and DDDD is the device ID. The example above is for an Intel E1000 NIC that VMware can use.

[1] Burning gPXE into ROM
[2] Adding gPXE to BIOSes
[3] Adding gPXE to an AMI BIOS
[4] Adding a gPXE ROM image directly into a VMware virtual machine
[5] VirtualBox LAN boot ROM
[6] QEMU option ROM

#6 tinybit

tinybit

    Gold Member

  • Developer
  • 1173 posts
  •  
    China

Posted 20 June 2010 - 02:17 PM

This may be another choice: http://nufans.net/gr...-2010-06-20.zip

#7 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15400 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 20 June 2010 - 02:44 PM

This may be another choice: http://nufans.net/gr...-2010-06-20.zip


Nice! :unsure:

1. License:

This software, called WEE, is based on grub4dos, and licensed under GPLv2.
See COPYING.

2. Goal:

This software initially aims to install on the MBR track of the hard drive,
though also possible to write to ROM by someone who is interested.

WEE access disk sectors only using EBIOS(int13/AH=42h), and never using
CHS mode BIOS call(int13/AH=02h). So, if the BIOS does not support EBIOS
on a drive, then WEE will not be able to access that drive.

WEE supports FAT12/16/32, NTFS and ext2/3/4, and no other file systems are
supported.

WEE can boot up IO.SYS(Win9x), KERNEL.SYS(FreeDOS), VMLINUZ(Linux), NTLDR/
BOOTMGR(Windows), GRLDR(grub4dos). And GRUB.EXE(grub4dos) is also bootable
because it is of a valid Linux kernel format.

Any single sector boot record file(with 55 AA at offset 0x1FE) can boot
as well.

Besides, WEE can run 32-bit programs written for it.


Do I get it right that it is a sort of mini grub4dos that fits in the (1+62) first track?
Thus "getting rid" of both grldr and menu.lst?
:unsure:

:unsure:
Wonko

#8 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15400 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 20 June 2010 - 07:14 PM

Quick check performed:
wee63.mbr is the "compilation" of:
  • wee63start
  • pre_stage2
  • preset_menu_used

So simply doing:
copy /b wee63start+pre_stage2+preset_menu_used test.mbr
should create again it from the parts, BUT, the already assembled wee63.mbr has a number (actually 12) 00's padding between pre_stage2 and preset_menu_used.

Is this "needed"?

Or the last two bytes in pre_stage2 hex 1ACE act as a signature/separator and the subsequent 00's are ignored?

:unsure:
Wonko

#9 Icecube

Icecube

    Gold Member

  • Team Reboot
  • 1063 posts
  •  
    Belgium

Posted 20 June 2010 - 09:28 PM

Quick check performed:
wee63.mbr is the "compilation" of:

  • wee63start
  • pre_stage2
  • preset_menu_used

So simply doing:
copy /b wee63start+pre_stage2+preset_menu_used test.mbr
should create again it from the parts, BUT, the already assembled wee63.mbr has a number (actually 12) 00's padding between pre_stage2 and preset_menu_used.

This is how tinybit generates the wee63.mbr:
wee63.mbr: pre_stage2 wee63start

	-rm -f wee63.mbr

	echo -n -e "\000\000\000\000\000\000\000\000\000\000\000\000" | cat wee63start pre_stage2 - > wee63.mbr

	if [ -f ./preset_menu_used ]; then echo -n -e "\000" | cat ./preset_menu_used - >> wee63.mbr&#59;fi
It first removes the previous wee63.mbr:
-rm -f wee63.mbr
Then it adds "wee63start" and "pre_stage2" together, followed by 12 zeroes:
# The echo statement generates 12 zeros

# The dash '-' means "get content from standard input",

# which is the output of the echo command in this case.

# So "cat" pastes first 2 files together and then appends the 12 zeroes

echo -n -e "\000\000\000\000\000\000\000\000\000\000\000\000" | cat wee63start pre_stage2 - > wee63.mbr
If a file with the name "preset_menu_used" is found, append it to the end and add an additional zero:
if [ -f ./preset_menu_used ]; then echo -n -e "\000" | cat ./preset_menu_used - >> wee63.mbr&#59;fi

Is this "needed"?

Or the last two bytes in pre_stage2 hex 1ACE act as a signature/separator and the subsequent 00's are ignored?

The last part of wee63.mbr:

000078f0 ff ff ff ff 00 00 00 00 ff ff ff ff ff ff ff ff |................|
00007900 b0 02 1a ce 00 00 00 00 00 00 00 00 00 00 00 00 |................|
00007910 65 63 68 6f 20 77 65 65 65 65 65 65 65 65 65 65 |echo weeeeeeeeee|
00007920 65 65 65 65 65 3a 29 0a 0a 00 |eeeee:)...|
0000792a

Part of asm.S:

/* use builtin preset_menu */

/* set the starting address of the preset_menu */

#if defined(HAVE_USCORE_USCORE_BSS_START_SYMBOL)
movl $ABS(__bss_start), %esi
#elif defined(HAVE_USCORE_EDATA_SYMBOL)
movl $ABS(_edata), %esi
#elif defined(HAVE_EDATA_SYMBOL)
movl $ABS(edata), %esi
#else
#error no bss starting address
#endif

cld
addl $16, %esi /* skip 4 bytes of B0 02 1A CE */
/* skip 4 bytes of reserved */
/* skip 4 bytes of reserved */
/* skip 4 bytes of zeroes */

movl $0x400, %ecx /* move 4KB of the menu ... */
movl $0x800, %edi /* ... to 0x800 */
repz movsl

3:
movl $0x0800, EXT_C(preset_menu) /* use new menu at 0x800 */

So, the answer is yes.
The 12 zeroes are needed.

@tinybit
make doesn't work for me, unless I replace echo with /bin/echo.

#10 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15400 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 20 June 2010 - 10:11 PM

Thanks Icecube :unsure:

A rudimental batch:

N.B. this doesn't yet add the "final 00". Again would this be *needed*? :unsure:


Removed see two posts below.

:unsure:
Wonko

#11 tinybit

tinybit

    Gold Member

  • Developer
  • 1173 posts
  •  
    China

Posted 21 June 2010 - 04:39 AM

Of course the ending NULL is needed. This can avoid executing some unwanted commands(something like "rm -rf /" :unsure: ) by accident that could erase your whole disks.

#12 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15400 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 21 June 2010 - 08:11 AM

Of course the ending NULL is needed.

Good, rudimental batch updated:
REMOVED

buildWEE.cmd ALPHA 0.02 attached.

Warning: highly experimental! :unsure:

I have to disagree with this :unsure::

How to write wee63.mbr to the Master Boot Track of a hard disk?

First, read the Windows disk signature and partition information bytes
(72 bytes in total, from offset 0x01b8 to 0x01ff of the MBR sector), and
put them on the same range from offset 0x01b8 to 0x01ff of the beginning
sector of wee63.mbr.


As I see it, the signature is 4 bytes starting at 440/0x01B8 and the partition table is 64 bytes starting from 446/0x01BE.
I understand that getting the whole 72 bytes block (including the two unused bytes between signature and partition table) creates no problem whatsoever :unsure:, but just wanted to leave things as "kosher" as possible. :unsure:

This can avoid executing some unwanted commands(something like "rm -rf /" ;) ) by accident that could erase your whole disks.

JFYI :unsure::
Posted Image

;)


:unsure:
Wonko

Attached Files


  • Motasem likes this

#13 roytam1

roytam1

    Member

  • Developer
  • 99 posts
  •  
    Hong Kong

Posted 13 December 2010 - 04:13 AM

wee 2010-12-12 is released.
http://nufans.net/gr...-2010-12-12.zip

Changes:
- simple menu system is implemented.
- realmode_run function is implemented.

#14 roytam1

roytam1

    Member

  • Developer
  • 99 posts
  •  
    Hong Kong

Posted 17 December 2010 - 01:28 AM

wee 2010-12-17 is released.
http://nufans.net/gr...-2010-12-17.zip

Changes:
- with contiguous title line, only last title can be selectable. good to make notices on screen by using title command.
- [2010-12-16] fix corrupting interrupt vector table
- [2010-12-16] add rootnoverify command

#15 breaker

breaker

    Frequent Member

  • Advanced user
  • 112 posts
  •  
    United States

Posted 17 December 2010 - 06:17 AM

It would be nice to be able to add grub4dos or some other bootloader to your NIC flash chip/bootrom - or even the MOBO's Bios. In that way you would have a secure bootloader which cannot be erased/modified when a new OS is loaded. Has anyone ever tried this before?


There is coreboot,

coreboot (formerly known as LinuxBIOS) is a Free Software project aimed at replacing the proprietary BIOS (firmware) you can find in most of today's computers.


Payloads include: http://www.coreboot.org/Payloads

If you are lucky you have one of the 226 mainboards listed.

Kinda related OpenBIOS has some projects such as Open Firmware which can do stuff like boot Linux directly from BIOS without a boot loader.

http://www.openfirmw...ome_to_OpenBIOS

#16 Icecube

Icecube

    Gold Member

  • Team Reboot
  • 1063 posts
  •  
    Belgium

Posted 11 February 2011 - 01:50 PM

WEEsetup:
http://code.google.c.../downloads/list

wee Installer v1.1:
Usage:

weesetup [parameters] disk parameters:

-i wee63.mbr uses an external wee63.mbr.

-o outfile outfile new WEE63.MBR exported file to outfile.

-s wee script file to embed

-m mbrfile mbr from mbrfile obtain information (to be used with the argument-o).

-f force the installation.

-u update an installed Wee

-b backup the old mbr to the second sector (the default is not backed up, but the direct use of the built-in nt6mbr).



Some examples of use:



   1. Installed directly to the first hard disk:

      weesetup.exe (hd0) weesetup.exe (hd0)

   2. To install to the first hard drive and use a customised menu file menu:

      weesetup.exe -s menu.wee (hd0)

   3. Modify the default built-in menu used in wee63.mbr

      weesetup.exe -i wee63.mbr -o wee63.bin -s menu.wee
http://translate.google.com/translate?hl=en&sl=zh-CN&tl=en&u=http%3A%2F%2Fchenall.net%2Fpost%2Ftag%2Fgrub4dos%2F

#17 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15400 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 11 February 2011 - 02:13 PM

...and wee is updated also wee-2011-02-01.zip:
http://nufans.net/grub4dos/wee/

:)
Wonko

#18 tinybit

tinybit

    Gold Member

  • Developer
  • 1173 posts
  •  
    China

Posted 11 February 2011 - 04:25 PM

Just FYI, here are two recent important links about WEE. Sorry, both are in Chinese(you may use google translation).

1. WEE for ROM(downloadable wee63.bin ready-made by makerom):

http://bbs.wuyou.net...29&extra=page=2

2. mouse programming with WEE:

http://bbs.znpc.net/...=page=1&page=18

--------------------

EDIT: weemouse.com in http://nufans.net/grub4dos/wee/is a modified/simplified version of cutemouse. It runs both under DOS and under WEE.



#19 saddlejib

saddlejib

    Frequent Member

  • Advanced user
  • 270 posts
  •  
    United Kingdom

Posted 12 February 2011 - 12:35 AM

A little bit off subject: but as anyone thought of putting an eeprom (or whatever) hardware solution, between MB and drive HD/USB that intercepts calls from the MB int 13 etc to whats out there and returning what the MB/BIOS wants to hear??
i.e The real "Kansas Shuffle"
Just a question may be off the wall?
Sincerely.

Edited by saddlejib, 12 February 2011 - 12:37 AM.


#20 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15400 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 12 February 2011 - 08:48 AM

A little bit off subject: but as anyone thought of putting an eeprom (or whatever) hardware solution, between MB and drive HD/USB that intercepts calls from the MB int 13 etc to whats out there and returning what the MB/BIOS wants to hear??
i.e The real "Kansas Shuffle"
Just a question may be off the wall?
Sincerely.

Not that I know of, but that would be kind of "converter" (and I don't see how it could work, as an example with CHS limits if the BIOS asks for cylinders, and the max amount of space it has in his stack for calculation is 1024, there is no point in "replying it", say, 2145, it would be just "Another suffusion of yellow") , whilst using the BIOS extensions approach you can add routines to the BIOS.

:thumbup:
Wonko

#21 saddlejib

saddlejib

    Frequent Member

  • Advanced user
  • 270 posts
  •  
    United Kingdom

Posted 12 February 2011 - 09:51 AM

Have just read about aebios from one of your links Wonko.

This is something along the lines of the seed of a thought i had, which was

reading the forum most people seem to be trying to devise ways to get devices to boot by software methods (tricks) that sit between the various and sometimes ill written bios's and the storage devices

so i was thinking if any usb device can be booted even on a non native support computer courtesy the thread somewhere on here,
That perhaps a usb dongle could be used to act as some kind of interpreter whatever or extender to start the compter with software which allows the user to manipulate the way the bios sees the device you wish to boot

If that makes sense

#22 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15400 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 12 February 2011 - 10:19 AM

If that makes sense

Sure it makes sense ;), but by using a USB device, you add an additional layer of complexity.

We don't have (or don't have enough, or don't have clear enough, or don't have good enough) solutions using the much simpler (and "standard" or "almost standard") approach of BIOS extensions, so I find it unlikely that someone will be able any soon to BOTH create a working "interface with the USB" AND an adequate "payload".

In other words, BIOS extensions work like this:
BIOS->known BIOS extensions mechanism (standard code)-> (standard) simple protocol->payload

Floppy based thingies work like this:
BIOS->known BIOS Floppy accessing mechanism (standard code)-> (standard) simple protocol->payload

Your proposed approach:
BIOS-> crappy USB BIOS code->complex protocol->payload

Everything is possible :thumbup: , but usually simpler things are more likely. :cheers:

:)
Wonko

#23 saddlejib

saddlejib

    Frequent Member

  • Advanced user
  • 270 posts
  •  
    United Kingdom

Posted 12 February 2011 - 11:47 AM

Point taken , the simpler the more elegant the solution.
Next question maybe be stupid but if in g4d, dd can read sector and write command can well write could this not then be used to effectively hijack the mbr,reinterpret it obviously sensibly, then write to the relevant locations what you want?

#24 Wonko the Sane

Wonko the Sane

    The Finder

  • Advanced user
  • 15400 posts
  • Location:The Outside of the Asylum (gate is closed)
  •  
    Italy

Posted 12 February 2011 - 06:01 PM

Next question maybe be stupid but if in g4d, dd can read sector and write command can well write could this not then be used to effectively hijack the mbr,reinterpret it obviously sensibly, then write to the relevant locations what you want?

Sure it can, but since you used the verb "hijack", you may want to start a new thread as this seems to me not at all connected with "grub4dos on flash chip/boot rom".
Before starting the new thread, read this one:
http://reboot.pro/7138/
AND these ones:
http://reboot.pro/12094/
http://reboot.pro/12253/
http://reboot.pro/12350/
http://reboot.pro/12437/

:thumbup:

:cheers:
Wonko

#25 Icecube

Icecube

    Gold Member

  • Team Reboot
  • 1063 posts
  •  
    Belgium

Posted 13 February 2011 - 11:23 PM

It seems that WEE can also be installed from grub4dos itself:
http://translate.goo...6KXFd-aT7HHjVKA

The last development versions of Grub4dos support a BATCH-like scripting language.

Other interesting grub4dos features/scripts can be found at chenalls blog (which is in Chinese and google translate messes up the commands, so you need to view the original and translated page ;) ):
http://chenall.net/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users