HowTo on SafeBoot-ing a dual boot machine: (MasterBootRecords and Partition Tables)
SafeBoot and DualBoot
1. This is to document the workings of SafeBoot and how to add Ubuntu Linux as a second operating system to a Windows XP machine either before or after SafeBoot has encrypted the Windows partition. Some of the document is based on assumptions and surmising. On my machine, partition #2 will have Windows, and partition #3 will have Linux. I may have a few things not exactly correct in the boot up process, but the spirit of how it works is there. I have done this with both GutsyGibbon and HardyHeron Ubuntu Linux. Version of SafeBoot is 5.x.
2. When SafeBoot is installed on a machine for purposes of encrypting the Windows partition, SafeBoot copies the MasterBootRecord (MBR) including the partition table, the first 512 bytes of the hard disk, and puts it somewhere for safekeeping. My guess, it goes in the Windows partition under C:\ or C:\Windows.
(ToDo: If this was true, then I should be able to find this file. Find it. And what is its name? )
This MBR will be called “the original MBR” in this document, and will be loaded eventually.
SafeBoot lays down its MBR in the first 512 bytes of the disk with a current partition table. We will call this the “SafeBoot MBR”
3. When the machine boots, it runs through its BIOS POST routines then loads and runs the MBR, the “SafeBoot MBR”. Per the SafeBoot Documentation: “SafeBoot boot code then starts the transparent hard drive decryption process, and loads the ‘original MBR’ and executes it.”
4. If this ‘original MBR’ is a Windows MBR, then it will look at its attached PartitionTable, bytes 447-510, to see which of the 4 partition records is the bootable partition, then go searching in that partition for C:\NTLDR.exe, loads it and runs it. Then, NTLDR.exe loads C:\boot.ini and a user is given choices of operating systems to boot up (if there are 2 or more choices.). So on and so forth until Windows actually is loaded and running.
5. If this ‘original MBR’ is an Ubuntu Linux MBR, or GRUB MBR, then when it loads, it will look at its attached PartitionTable, bytes 447-510, to see which of the 4 partition records is the bootable partition, then go searching in that partition for files, such as stage2, in the /boot/grub directory, loads and runs it. Then stage2 loads menu.lst and displays a section of this to user to choose between 2 or more menu items. So on and so forth until Ubuntu Linux (or other choice) is running.
6. So let’s back up a bit. Let’s say Windows XP is installed on a machine and takes up the whole disk drive. Then say the IT department installs SafeBoot on it, then hands you the machine to install Linux on it. You put in the Ubuntu Linux LiveCD and run the install. Linux will see the partition and its size but will not identify it as a Windows partition(cause its encrypted) and therefore will not give you the slide rule to resize this partition. So you are done right there and will not be able to proceed.
7. But let’s say, the Linux installation was able to resize the Windows partition, and then create its 2 partitions by default: one for Linux and one for the swap space. Linux would be editing the MBR, the SafeBoot MBR by first overwriting the first 446 bytes with stage1 of GRUB and then updating the partition table with the 2 new partitions. Upon reboot of the machine, the GRUB MBR will load, and then load stage2 and the menu.lst and you will make a menu choice and Linux will load and run. Everything is fine in regards to Linux.
Now if you were to edit /boot/grub/menu.lst to add a Windows entry to make this machine dual boot able, with this entry:
title Microsoft Windows XP Professional
root (hd0,1)
savedefault
makeactive
chainloader +1
and then choose “Microsoft Windows XP Professional” when the GRUB menu is displayed, you will see an error message such as:
“ Error 13: Invalid or unsupported executable format”
This is because, that partition #2, the Windows partition as mentioned in the above, “root (hd0,1)”, is still encrypted, cause the SafeBoot MBR was clobbered by the Linux installation and therefore the SafeBoot hard drive decryption process was never run. So the stage2 GRUB was not able to find and load C:\NTLDR.exe. So you have a great Linux machine but the Windows partition in not bootable.
At this time, you would need to give your machine to the IT department to try and “recover” the MBR by laying down a SafeBoot MBR. I can not confirm this can result in success. In theory, it should be recoverable, but our IT department could not bring the Windows partition back to life, we started from scratch again, by reformatting disk and reinstalling Windows and SafeBoot.
8. Let’s start again, and do this a bit better. We will first have a machine with Windows on it, but be sure to have an empty partition for the eventual installation of Linux. Then say the IT department installs SafeBoot on it, then hands you the machine to install Linux on it. You put in the Linux LiveCD and run the install. Linux will see the partition and its size but will not identify it as a Windows partition(cause its encrypted) and therefore will not give you the slide rule to resize this partition. This is expected and OK. Luckily Linux sees the empty partition, and you can choose “Guided – use the largest continuous free space”. It will use the empty partition that we created in the beginning, for this very purpose.
9.
When we get to the final window where it is ready to install there is an “Advanced Button”. Keep the box checked off next to “Install boot loader”, but change the device from (hd0) [which represents /dev/sda and the MBR of the hard disk] to (hd0,2) [which represents partition #3 on hard disk #1].
After the Linux installation we have managed to have preserved the SafeBoot MBR, and we also have a GRUB MBR (in the first 512 bytes of partition #3) from which to leverage.
Copy this GRUB MBR to a file via this command in a Linux window:
sudo dd if=/dev/sda3 of=/tmp/mbr_sda3.bin bs=512 count=1
Copy mbr_sda3.bin to a memory stick or floppy for later use. (the name of the file is not significant.)
You may need to `sudo chmod 777 mbr_sda3.bin` in order to copy it.
So although this Linux installation did not clobber the SafeBoot MBR, it did edit the partition table with the 2 new partitions and this is a problem. It toggled the boot flag in the partition table to make partition#3 (Linux) the boot partition, and untoggled the boot flag for the Windows partition, partition #2.
If the partition table is left as is, when user reboots machine, the SafeBoot MBR will be loaded, the SafeBoot boot code starts the transparent hard drive decryption process, and tries to find and load the ‘original MBR’. But it can’t. It now goes to partition #3, the Linux partition, to try and find the ‘original MBR’ that it had saved off. The error that you will see on a black screen is:
Resetting hardware…
Starting operating system..
Error loading operating system.
So lets fix this either now after the Linux installation before we reboot, or after, using the LiveCD again, but we need to be able to run some commands.
`sudo cfdisk –P s` # will print out the MBR’s partition table. Note which partition is the default boot one.
`sudo cfdisk` # Will run a primitive console window: Arrow down to the Linux partition and hit “b” to toggle it from boot to none. Arrow down to the Windows partition and hit “b” to toggle it from none to boot. Hit “W” to write this out to the MBR. Hit “q” to quit.
Reboot. The SafeBoot logon will appear. After that, Windows will boot.
Copy mbr_sda3.bin from memory stick to C:\.
Then, edit C:\boot.ini file:
Start-->ControlPanel-->System-->Advanced-->Settings-->Edit
Ensure the option Time to display list of operating systems is ticked and select a delay time.
Add the following line:
c:\Windows\mbr_sda3.bin="Ubuntu Linux"
Reboot. The SafeBoot logon will appear. After that, user will get black screen with 2 choices: Windows or Linux to boot up. Choose Linux. The GRUB boot loader will then be run and load Linux kernel.
Now if you were to edit /boot/grub/menu.lst to add a Windows entry to make this machine dual boot able, with this entry:
title Microsoft Windows XP Professional
root (hd0,1)
savedefault
makeactive
chainloader +1
and then choose “Microsoft Windows XP Professional” when the GRUB menu is displayed, NTLDR.exe will be found and loaded by GRUB, cause the SafeBoot hard drive decryption process was run upon bootup with the preserved, unclobbered SafeBoot MBR.
Done.
10. Now lets change the order of installations.
Lets say, you already have a machine that is dual boot with both Windows and Linux. Windows was installed first, then Linux, choosing defaults. So the MBR is a GRUB MBR.
The IT department takes machine and installs SafeBoot on it, and encrypts the Windows partition.
SafeBoot saves off the GRUB MBR and installs its own MBR.
Everything will work with no further edits to anything.
Upon boot up, the SafeBoot MBR is loaded and runs the hard drive decryption process, then loads the ‘original MBR’ which is a GRUB MBR, and GRUB using the partition table that was saved off with it, will look in the bootable partition, partition #3 for the stage2 GRUB and so on and so forth.
The menu.lst, would already have had the lines in it by you from when Linux was originally installed:
title Microsoft Windows XP Professional
root (hd0,1)
savedefault
makeactive
chainloader +1
and Windows would boot up if this menu item was chosen, cause GRUB could find the NTLDR.exe since the SafeBoot hard drive decryption process was run upon bootup.
Done.
Re: HowTo on SafeBoot-ing a dual boot machine: (MasterBootRecords and Partition Table
Thank you for good guide.
I installed my linux without first reading about this SafeBoot thing. Though completely loosing my configuration. Tried to recover my SB MBR and couldn't.
Now, you also can see THIS to Start SafeBoot with GRUB.
Regards. Max.
Re: HowTo on SafeBoot-ing a dual boot machine: (MasterBootRecords and Partition Table
Sorry to dig up such an old post, but it's one of the few with knowledgeable posting about SafeBoot and applies to my situation.
Your 'HowTo' seems more like a 'what does or does not work', though. If I'm reading things right, your 'how to' basically says that the only way to dual boot with SafeBoot is to either have:
- a drive with windows and a free partition
- a drive with windows and linux already installed and then SafeBooted
Is this correct?
I don't know why my IT department would give me a machine in those conditions... they gave me a laptop with Windows on the whole drive and it's SafeBooted with v5.1 or so.
Is there any hope to make it dual boot?
Thanks!
John
Re: HowTo on SafeBoot-ing a dual boot machine: (MasterBootRecords and Partition Table
my case:
1. got the laptop with windows. no safe boot
2. installed ubuntu. dual boot OK.
3. the windows IT update thingy installed safe boot.
4. dual boot ok.
5. ubuntu upgrade it kernel and rerun grub-mkconfig
6. dual boot not ok. I can only boot into ubuntu
how to I restore the windows part? do grub keep a backup of the previous files?
Re: HowTo on SafeBoot-ing a dual boot machine: (MasterBootRecords and Partition Table
Eeeks.
Did you make a backup of your Win boot sector first? The key instructions above (for me) were to do this:
Code:
sudo dd if=/dev/sda1 of=/safe/location/mbr_sda1.bin bs=512 count=1
Then when I botched my safeboot a couple times, I was simply able to do the 'reverse' and execute:
Code:
sudo dd if=/safe/location/mbr_sda1.bin of=/dev/sda1 bs=512 count=1
This fixed things up. Without a backup of that initial safeboot sector, I think your not going to be able to get anywhere without a safeboot disk or someone in IT. There's just no way to restore it that I know of within your means. This is the kind of the point of safeboot -- if things get tampered with, you lose the data before you're able to fix it.
John
Re: HowTo on SafeBoot-ing a dual boot machine: (MasterBootRecords and Partition Table
Quote:
Originally Posted by
gmoore777
SafeBoot and DualBoot
10. Now lets change the order of installations.
Lets say, you already have a machine that is dual boot with both Windows and Linux. Windows was installed first, then Linux, choosing defaults. So the MBR is a GRUB MBR.
The IT department takes machine and installs SafeBoot on it, and encrypts the Windows partition.
SafeBoot saves off the GRUB MBR and installs its own MBR.
Everything will work with no further edits to anything.
Upon boot up, the SafeBoot MBR is loaded and runs the hard drive decryption process, then loads the ‘original MBR’ which is a GRUB MBR, and GRUB using the partition table that was saved off with it, will look in the bootable partition, partition #3 for the stage2 GRUB and so on and so forth.
The menu.lst, would already have had the lines in it by you from when Linux was originally installed:
title Microsoft Windows XP Professional
root (hd0,1)
savedefault
makeactive
chainloader +1
and Windows would boot up if this menu item was chosen, cause GRUB could find the NTLDR.exe since the SafeBoot hard drive decryption process was run upon bootup.
Done.
Okay, but supposing after SafeBoot is installed I install a kernel upgrade, change some of the options for menu.lst, or in some other way change GRUB. Will this blow away the SafeBoot MBR or cause SafeBoot to stop loading the 'original' GRUB MBR?
Would like to know, since I fiddle with my GRUB options quite a bit. Thanks.
Re: HowTo on SafeBoot-ing a dual boot machine: (MasterBootRecords and Partition Table
@1r3br4nd:
I'm pretty sure the answer is yes. You can use my method (right above your post) to make a backup of your MBR and try it, but as far as I've been able to tell from researching this with my own computer, SafeBoot encrypts the entire MBR, on which grub data resides. If you change it, SafeBoot becomes corrupt.
The only situation seems to be to get whatever you want there first, prior to activating SafeBoot and letting it do its thing.
Make sense?
Since I was using a work computer... I gave up, said screw it, and just installed Linux right over the top of everything. I gave up dual boot, but it was much better than running Linux from an 8gb flash drive...
Re: HowTo on SafeBoot-ing a dual boot machine: (MasterBootRecords and Partition Table
Thanks for your reply jwhendy.
I guess what I'll need to do before returning my laptop to the IT department for SafeBoot install is to back up GRUB and then set it to default to Windows with a wait-time of 0. Then, after I get the laptop back, I can back up the SafeBoot MBR, restore GRUB, have GRUB go to the SafeBoot MBR when Windows is needed, which will in turn call up the old GRUB MBR but it will be transparent because it will default to Windows with a wait-time of 0.
Of course this would be even cooler if I could configure GRUB to choose between Windows and *another* GRUB instance that lives on a different partition where I can edit it freely without damaging the SafeBoot MBR. Unfortunately, I don't know the commands to make GRUB load another GRUB. Does anybody?
Re: HowTo on SafeBoot-ing a dual boot machine: (MasterBootRecords and Partition Table
With safeboot can you boot an USB key or does it prevent that?
I installed grub2 to my USB key to boot ISOs but manually added an entry to boot my install in sdc7.
Boot most up2date Lucid kernel on sdc7
menuentry "Lucid on sdc7" {
set root=(hd1,7)
linux /vmlinuz root=/dev/sdc7 ro quiet splash
initrd /initrd.img
}
I also have a old grub partition with menu.lst chainbooting some other grub legacy installed in the partition boot sector. Grub2 does not like to be installed to a partition boot sector.
old grub entry Chain to MBR of sdc, I have done it with grub2 also:
title Ubuntu 9.10 Karmic 64 bit @ sdc
root (hd2)
chainloader +1
Re: HowTo on SafeBoot-ing a dual boot machine: (MasterBootRecords and Partition Table
@f1r3br4nd:
It's not clear what you're looking to do... have grub but have it go right into Windows? Are you just going to put your Linux partition as a boot option in the Windows bootloader, then? I've done both (default to Win, then have an option for either Win or Linux as well as default to Grub, then have an option for Win or Linux...).
In typical Linux distros during installation I've seen an option to install the bootloader to the root partition vs. to the MBR. I'm not familiar with that at all but am sure Ubuntu has documentation somewhere.
@oldfred:
Re. usb stick... YES!!! This is how I ran Linux on my work computer for some time. For a complete write up, see my wiki entry on the ZenWalk Wiki.
It seems you just want it to boot grub on the usb key and use that to boot into another partition on the actual HD? Not so sure about that.
If you actually run Linux from a USB key, do yourself a favor and get a good one. I bought a SanDisk Cruzer 8GB from Walmart for $20 and it was absolutely horrible. I spend $27 on Amazon for a OCZ Rally2 and it was phenomenally different. The key is in the write speeds. My OCZ was somewhere around 11-15MB/s compared to like 2MB/s for the SanDisk.
Hope that helps...