UEFI itself understand FAT file systems. Apple systems add support for HFS+. Is there some registrar which registers GUID codes, which are understood by firmware?
From the UEFI user perspective file systems GUIDs has little sense. In UEFI everything is abstracted by protocols. So the GUID of the protocol makes more sense i.e. EFI_SIMPLE_FILE_SYSTEM_PROTOCOL (GUID). If a drive handle has this protocol attached it means UEFI has a PXE-driver that supports that file system. And it is transparent for the user. Apple simply provided a PXE-driver for HFS+.
You can create your file system format, write and provide a PXE-driver for your file system and UEFI will understand it and UEFI user can have access to the file system.
So going even further, you can write a PXE-driver that will provide EFI_SIMPLE_FILE_SYSTEM_PROTOCOL for the user but the actual storage would be on the cloud for example. But UEFI user will work with your device as if it would be a regular drive.
I believe the most correct answer to this question would be "not really".
One of the key points of GUIDs is that you can just pick one and use it. Clearly you want interoperating components to use the same GUID for the same thing, but that is left as an exercise for the user :)
In reality, whoever creates a filesystem they expect to use within a GPT context will pick a GUID, and everyone who wants to use that filesystem will need to add the correct handling for that GUID.
So, in effect, the wikipedia entry is as good a registrar as anywhere else.
Related
I searched for info about this but didn't find anything.
The idea is:
If I code a program in C, or any other languages, what else do I need to do for it to get recognized in BIOS and started by it as a DOS program or just a prompt program?
I got this idea after I booted an flash drive with windows using the ISO and Rufus, which put some code in the flash drive for the BIOS to recognize it and run, so I would like to do the same with a program of mine, for example.
Thanks in advance!
An interesting, but rather challenging exercise!
The BIOS will fetch a specific zone from the boot device, called a master boot record. In a "normal" situation with an OS and one or more partitions, the MBR will need to figure out where to find the OS, load that into memory, and pass control to it. At that time the regular boot sequence starts and somewhat later the OS will be running and be able to interact with you. More detail on the initial activities can be found here
Now, for educational purposes, this is not strictly necessary. You could write an MBR that just reads in a fixed part of the disk (the BIOS has functions that will allow you to read raw sectors off a disk, a disk can be considered as just a bunch of sectors each containing 512 bytes of information) and starts that code. You can find an open source MBR here and basically in any open source OS.
That was the "easy" part, because now you probably want to do something interesting. Unless you want to interact with each part of the hardware yourself, you will have to rely on the services provided by the BIOS to interact with keyboard, screen and disk. The traditionally best source about BIOS services is Ralf Brown's interrupt list.
One specific consideration: your C compiler comes with a standard library, and that library will need a specific OS for many of its operations (eg, to perform output to the screen, it will ask the operating system to perform that output, and the OS will typically use the BIOS or some direct access to the hardware to perform that task). So, in going the route explained above, you will also need to figure out a way to replace these services by some that use the BIOS and nothing more - ie, more or less rewrite the standard library.
In short, to arrive at something usable, you will be writing the essential parts of an operating system...
Actually BIOS is going to be dead in the next two years (INTEL will not support any BIOSes after this date) so you may want to learn UEFI standard. UEFI from v2.4 allows to write and add custom UEFI applications. (BTW the "traditional" BIOS settings on the UEFI computers is often implemented as a custom UEFI App).
I want to get information about the battery in C on linux. I don't want to read or parse any file! Is there any low-level interface to acpi/the kernel or any other module to get the information I want to have?
I already searched the web, but every question results in the answer "parse /proc/foo/bar". I really don't want to do this because I think, low-level interfaces won't change as fast as Files do.
best regards.
The /proc filesystem does not exist on a disk. Instead, the kernel creates it in memory. They are generated on-demand by the kernel when accessed. As such, your concerns are invalid -- the /proc files will change as quickly as the kernel becomes aware of changes.
Check this for more info about /proc file system.
In any case, I don't believe there's any alternative interface.
You might be looking for UPower: http://upower.freedesktop.org/
This is a common need for both desktop environments and mobile devices, so there have been many solutions over time. For example, one of the oldest ones was acpid, which is pretty much obsolete now.
While I'd recommend using a light-weight abstraction like UPower for code clarity reasons, the files in /proc and (to some extent) /sys are considered part of the Linux kernel ABI, which means that changing them is generally frowned upon.
I'm developing some software for data encryption in C. Here, I just want to ask whether there are any possibilities to make use of some techniques for anti data deletion "without relying much on specific OS API"? If your answer is that it is possible, I would be happy if you can to tell how and give me a lot of explanation. Otherwise, if it is impossible, you can give me the answer "It is impossible" without much explanation.
The reason why I do to ask is that, I anticipate if someday the attacker had already physical access to the machine, the anti-deletion by using dependent OS API will not work (for example, by using a very fast booting OS like Backtrack 5).
On Unix and its variants, the standard system call to remove a file is unlink(). To prevent data deletion, you would have to ensure that every call to that system call, anywhere in any program run by the system, does whatever alternative trickery you want. That is hard to do at the program level; you'd have to provide a modified C library, and you'd still find some people have worked their way around even that (they wrote some assembler, for example). So, you might do it by modifying the behaviour of the unlink() system call in the kernel, but that's hard and non-portable too.
On Windows, the same comment applies to unlink(), but the chances are high that there are a number of other interfaces that also provide a mechanism for deleting a file. The same arguments apply, but you'd have to trap more system calls, etc.
Finally, if you need any further nails in the coffin, the unlink() system call isn't the only way to destroy data. You can open a file and truncate it, and then close it. The file exists, but the data doesn't. You can open a file and modify it; the file exists, but the original data is lost.
So, I think you are in for a difficult time.
You asked in first a comment and then a revision to the question:
[If] the attacker had already physical access to the machine, the anti-deletion by using dependent OS API will not work (for example, by using a very fast booting OS like Backtrack 5).
I responded:
If the attacker can boot to a different OS, the game is over — you can't stop the other OS from deleting the files in your current OS.
Old and ugly the words may be, but they are fundamentally true. The OS is in charge of the raw hardware. If the attacker gets to choose what is in charge of the hardware, the attacker wins.
See also:
The Ten Immutable Laws of Software Security
Law #1: If a bad guy can persuade you to run his program on your computer, it's not your computer anymore
Law #2: If a bad guy can alter the operating system on your computer, it's not your computer anymore
Law #3: If a bad guy has unrestricted physical access to your computer, it's not your computer anymore
Law #4: If you allow a bad guy to upload programs to your website, it's not your website any more
Law #5: Weak passwords trump strong security
Law #6: A computer is only as secure as the administrator is trustworthy
Law #7: Encrypted data is only as secure as the decryption key
Law #8: An out of date virus scanner is only marginally better than no virus scanner at all
Law #9: Absolute anonymity isn't practical, in real life or on the Web
Law #10: Technology is not a panacea
The reason why I do to ask is that, I anticipate if someday the attacker had already physical access to the machine, the anti-deletion by using dependent OS API will not work (for example, by using a very fast booting OS like Backtrack 5).
Sorry, it an attacker can boot a different operating system there's nothing you can do, because any anti-deletion code you may have written won't be running.
This unless you manage to intercept and patch somehow the calls to the ATA/SCSI controller and insert this patch before the BIOS gives control to the OS, but I don't think that's even possible; on the other hand, physical access = root access, the attacker could as well grab a screwdriver, open the case, connect the disk to another computer and do whatever he wants with it.
Sorry, basically IO is operating system. It's the most important operating system's job to provide IO. And the C standard defines so little about it that it's gotta be different, especially when it comes to such an obscure thing as undeleting files.
You might find some library which hides the OS-specific things behind a nice API, but it's still OS dependent on how it performs that action.
I am wondering how the OS is reading/writing to the hard drive.
I would like as an exercise to implement a simple filesystem with no directories that can read and write files.
Where do I start?
Will C/C++ do the trick or do I have to go with a more low level approach?
Is it too much for one person to handle?
Take a look at FUSE: http://fuse.sourceforge.net/
This will allow you to write a filesystem without having to actually write a device driver. From there, I'd start with a single file. Basically create a file that's (for example) 100MB in length, then write your routines to read and write from that file.
Once you're happy with the results, then you can look into writing a device driver, and making your driver run against a physical disk.
The nice thing is you can use almost any language with FUSE, not just C/C++.
I found it quite easy to understand a simple filesystem while using the fat filesystem on the avr microcontroller.
http://elm-chan.org/fsw/ff/00index_e.html
Take look at the code you will figure out how fat works.
For learning the ideas of a file system it's not really necessary to use a disk i think. Just create an array of 512 byte byte-arrays. Just imagine this a your Harddisk an start to experiment a bit.
Also you may want to hava a look at some of the standard OS textbooks like http://codex.cs.yale.edu/avi/os-book/OS8/os8c/index.html
The answer to your first question, is that besides Fuse as someone else told you, you can also use Dokan that does the same for Windows, and from there is just a question of doing Reads and Writes to a physical partition (http://msdn.microsoft.com/en-us/library/aa363858%28v=vs.85%29.aspx (read particularly the section on Physical Disks and Volumes)).
Of course that in Linux or Unix besides using something like Fuse you only have to issue, a read or write call to the wanted device in /dev/xxx (if you are root), and in these terms the Unices are more friendly or more insecure depending on your point of view.
From there try to implement a simple filesystem like Fat, or something more exoteric like an tar filesystem, or even some simple filesystem based on Unix concepts like UFS or Minux, or just something that only logs the calls that are made and their arguments to a log file (and this will help you understand, the calls that are made to the filesystem driver during the regular use of your computer).
Now your second question (that is much more simple to answer), yes C/C++ will do the trick, since they are the lingua franca of system development, also a lot of your example code will be in C/C++ so you will at least read C/C++ in your development.
Now for your third question, yes, this is doable by one person, for example the ext filesystem (widely known in Linux world by it's successors as ext2 or ext3) was made by a single developer Theodore Ts'o, so don't think that these things aren't doable by a single person.
Now the final notes, remember that a real filesystem interacts with a lot of other subsystems in a regular kernel, for example, if you have a laptop and hibernate it the filesystem has to flush all changes made to the open files, if you have a pagefile on the partition or even if the pagefile has it's own filesystem, that will affect your filesystem, particularly the block sizes, since they will tend to be equal or powers of the page block size, because it's easy to just place a block from the filesystem on memory that by coincidence is equal to the page size (because that's just one transfer).
And also, security, since you will want to control the users and what files they read/write and that usually means that before opening a file, you will have to know what user is logged on, and what permissions he has for that file. And obviously without filesystem, users can't run any program or interact with the machine. Modern filesystem layers, also interact with the network subsystem due to the fact that there are network and distributed filesystems.
So if you want to go and learn about doing kernel filesystems, those are some of the things you will have to worry about (besides knowing a VFS interface)
P.S.: If you want to make Unix permissions work on Windows, you can use something like what MS uses for NFS on the server versions of windows (http://support.microsoft.com/kb/262965)
Hi I am trying to write a java applet that will get some hard ware info, mac address(which I have done), cpuid motherboard serial number and hard drive serial number. I know I need to use jna to do this. My question is, is there a way in c/c++ to get that information that is not platform dependent? Everything i have seen would work only on windows, and I need it to work on all platforms. I need this information so I can create a unique id of that computer. any help or a point in the right direction would be much appreciated.
My question is, is there a way in c/c++ to get that information that is not platform dependent?
Not possible. Heck, within the same PC market, querying e.g. BIOS version differs from one MB manufacturer/OEM to another. And that if the PC still has BIOS - not the newer EFI.
Sun/SPARCs are notable exception: their H/W has a relatively unique ID, provisioned mainly for inventorial purposes. It is not precisely unique (what brings up another point) as that might infer on privacy and Sun had no choice but to make sure it is not globally unique.
IOW unique identification of the hardware is illegal in many parts of the world, thus no reliable (least portable) method exists to achieve what you want.
I'd say binding to the MAC address should be already good enough. And that information is rather easy to access on pretty much all platforms. As long as your license check would be lenient enough for user to have sufficient time to receive new license key (in case of hardware replacement) there should be few problems.
There's a project called OSHI that aims to do that. It's looking for contributors to write the *nix implementatoin.