Post Reply 
Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
iPXE boot to Windows writing back to boot device
2014-03-12, 07:05 (This post was last modified: 2014-03-12 07:58 by mdevey.)
Post: #7
RE: iPXE boot to Windows writing back to boot device
(2014-03-11 14:22)mcb30 Wrote:  If you're happy hacking around in the wimboot code, then I would suggest trying to intercept (and ignore) writes to INT 13 drives other than the vdisk emulated drive: see the "Pass through command to underlying INT 13" section in emulate_int13(). Note that you can't just refuse to pass through all INT 13 calls, since some are not drive-number-specific.

It should be relatively straightforward to establish whether or not the write is coming via the INT 13 interface, and to block it if so.

Cheers, we confirmed the write wasn't coming from the INT 13 interface.

It's completely windows.

+1B8 (+440) is a 32bit disk signature.
"But once Windows has begun running, it will write a Disk Signature in the MBR. These four bytes from offsets 1B8h through 1BBh are called the Windows Disk Signature or NT Drive Serial Number"

Our work around is write a 'unique' label into the ipxe card MBR so Windows will leave us the hell alone... (and trusted image remains intact)

echo -n -e "iPXE" | dd of=unsigned.bin bs=1 seek=440 conv=notrunc
sign unsigned.bin

Apologies for wasting your time with a windows issue.

(2014-03-10 10:55)robinsmidsrod Wrote:  I think this might be Windows trying to write a disk signature to the device. If you try to make a manual syslinux boot device and allow windows to write the identifier and THEN add ipxe.lkrn then you might have something that doesn't change on each boot.

Got it in one. Pity I didn't pay attention...
Find all posts by this user
Quote this message in a reply
Post Reply 

Messages In This Thread
RE: iPXE boot to Windows writing back to boot device - mdevey - 2014-03-12 07:05

User(s) browsing this thread: 1 Guest(s)