Re: Debian ISOs on USB stick
On 4/3/24 05:56, Thomas Schmitt wrote: Hi, i read from bytes 2085412 to 2085479: "Info rrmation Syste rm VolumeSYSTEM~" which is similar to the alterations of one of the USB sticks shown in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056998#35 The web knows about a Microsoft folder named "System Volume Information". https://answers.microsoft.com/en-us/windows/forum/all/system-volume-information-what-is-it-and-what-is/3bc81844-0baa-46bd-9949-4efb4678b677 "whenever I put my flash-drive or my micro sd adapter and sd card into my windows 8.1 something called "System Volume Information" is always getting added on." So did you perhaps show this USB stick to a running MS-Windows system ? Have a nice day :) Thomas It is possible the drive was inserted into a Windows computer. If and when I need a newer d-i, perhaps I will put the ISO onto a USB flash drive, conduct more experiments, and post the results. I apologize for blaming d-i for what might be Dell, Intel, BIOS/UEFI, Microsoft, and/or other bugs. David
Re: Debian ISOs on USB stick
Hi, i read from bytes 2085412 to 2085479: "Info rrmation Syste rm VolumeSYSTEM~" which is similar to the alterations of one of the USB sticks shown in https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056998#35 The web knows about a Microsoft folder named "System Volume Information". https://answers.microsoft.com/en-us/windows/forum/all/system-volume-information-what-is-it-and-what-is/3bc81844-0baa-46bd-9949-4efb4678b677 "whenever I put my flash-drive or my micro sd adapter and sd card into my windows 8.1 something called "System Volume Information" is always getting added on." So did you perhaps show this USB stick to a running MS-Windows system ? Have a nice day :) Thomas
Re: Debian ISOs on USB stick
Hi, David Christensen wrote: > # cmp --verbose debian-11.3.0-amd64-netinst.iso /dev/sdb I got my copy from https://get.debian.org/images/archive/11.3.0/amd64/iso-cd/debian-11.3.0-amd64-netinst.iso SHA256 matches: 7892981e1da216e79fb3a1536ce5ebab157afdd20048fe458f2ae34fbc26c19b In a further mail: > https://cdimage.debian.org/cdimage/archive/11.3.0/amd64/iso-cd/ Same SHA256 there. > 2083201 0 377 Byte counting of cmp is decimal and starts at 1. xorriso can search for files which have their data in a block range. 2083201 / 2048 = block 1017. Range size in this case is just 1 block: $ xorriso -indev debian-11.3.0-amd64-netinst.iso -find / -lba_range 1017 1 -exec report_lba -- ... Report layout: xt , Startlba , Blocks , Filesize , ISO image path File data lba: 0 , 1016 , 1296 , 2654208 , '/boot/grub/efi.img' So it's indeed occupied by the FAT filesystem image which contains the EFI-specific boot equipment. > 4719105 0 56 Byte 4719105 is in block 2304, i.e. still in /boot/grub/efi.img, which has bytes up to the end of block 2311. I guess the bytes with the 2xx numbers are the directory change and the 4xx numbers are content of new files. You could mount both ISOs (e.g. at /mnt/iso1 and /mnt/iso2) and then the two FAT image files (e.g. /mnt/iso1/boot/grub/efi.img and /mnt/iso2/boot/grub/efi.img) in order to learn which files have emerged or changed in the USB stick's mounted FAT filesystem. Maybe we find a new ESP groper additionaly to Lenovo and Microsoft. Usually they leave traces for which one can search in the web. Have a nice day :) Thomas
Re: Debian ISOs on USB stick, was: SOLVED
On 4/3/24 03:36, David Christensen wrote: On 4/3/24 00:30, Thomas Schmitt wrote: Hi, David Christensen wrote: It's a relatively simple experiment to confirm that a USB flash drive with d-i changes after the first boot. This could still be https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056998 where Lenovo BIOS and/or MS-Windows altered the USB stick. Same for finding which bytes change. I fail to find this particular info in Date: Tue, 2 Apr 2024 14:46:42 -0700 From: David Christensen Message-ID: If we have the exact ISO name (i.e. URL from where it stems) and the byte address of the alteration, xorriso can find the affected file, if any. In case of bug #1056998 it was the EFI partition image /boot/grub/efi.img. Mounting the altered and unaltered image files showed changes in the FAT filesystem which point to the culprits Lenovo and Microsoft. The other plausible way of altering the ISO image on the stick would be adding a new partition. The MBR partition table is part of the Debian ISO and thus part of the checksummed area. Even if all other alterations happen after the end of the checksummed ISO image, the changed partition table will cause the Debian checksum to become invalid. (I am not aware that Debian installer changes the table. If it does indeed then this might be worth a new bug discussion.) Have a nice day :) Thomas 2024-04-03 03:29:18 root@laalaa /samba/dpchrist/iso/debian/11.3.0 # cmp --verbose debian-11.3.0-amd64-netinst.iso /dev/sdb 2083201 0 377 2083202 0 377 2083203 0 377 2085249 0 377 2085250 0 377 2085251 0 377 2085409 0 102 2085410 0 40 2085412 0 111 2085414 0 156 2085416 0 146 2085418 0 157 2085420 0 17 2085422 0 162 2085423 0 162 2085425 0 155 2085427 0 141 2085429 0 164 2085431 0 151 2085433 0 157 2085437 0 156 2085441 0 1 2085442 0 123 2085444 0 171 2085446 0 163 2085448 0 164 2085450 0 145 2085452 0 17 2085454 0 162 2085455 0 155 2085457 0 40 2085459 0 126 2085461 0 157 2085463 0 154 2085465 0 165 2085469 0 155 2085471 0 145 2085473 0 123 2085474 0 131 2085475 0 123 2085476 0 124 2085477 0 105 2085478 0 115 2085479 0 176 2085480 0 61 2085481 0 40 2085482 0 40 2085483 0 40 2085484 0 26 2085486 0 167 2085487 0 174 2085488 0 277 2085489 0 235 2085490 0 124 2085491 0 235 2085492 0 124 2085495 0 175 2085496 0 277 2085497 0 235 2085498 0 124 2085500 0 5 4719105 0 56 4719106 0 40 4719107 0 40 4719108 0 40 4719109 0 40 4719110 0 40 4719111 0 40 4719112 0 40 4719113 0 40 4719114 0 40 4719115 0 40 4719116 0 20 4719118 0 167 4719119 0 174 4719120 0 277 4719121 0 235 4719122 0 124 4719123 0 235 4719124 0 124 4719127 0 175 4719128 0 277 4719129 0 235 4719130 0 124 4719132 0 5 4719137 0 56 4719138 0 56 4719139 0 40 4719140 0 40 4719141 0 40 4719142 0 40 4719143 0 40 4719144 0 40 4719145 0 40 4719146 0 40 4719147 0 40 4719148 0 20 4719150 0 167 4719151 0 174 4719152 0 277 4719153 0 235 4719154 0 124 4719155 0 235 4719156 0 124 4719159 0 175 4719160 0 277 4719161 0 235 4719162 0 124 4719169 0 102 4719170 0 107 4719172 0 165 4719174 0 151 4719176 0 144 4719180 0 17 4719182 0 377 4719183 0 377 4719184 0 377 4719185 0 377 4719186 0 377 4719187 0 377 4719188 0 377 4719189 0 377 4719190 0 377 4719191 0 377 4719192 0 377 4719193 0 377 4719194 0 377 4719197 0 377 4719198 0 377 4719199 0 377 4719200 0 377 4719201 0 1 4719202 0 111 4719204 0 156 4719206 0 144 4719208 0 145 4719210 0 170 4719212 0 17 4719214 0 377 4719215 0 145 4719217 0 162 4719219 0 126 4719221 0 157 4719223 0 154 4719225 0 165 4719229 0 155 4719231 0 145 4719233 0 111 4719234 0 116 4719235 0 104 4719236 0 105 4719237 0 130 4719238 0 105 4719239 0 176 4719240 0 61 4719241 0 40 4719242 0 40 4719243 0 40 4719244 0 40 4719246 0 171 4719247 0 174 4719248 0 277 4719249 0 235 4719250 0 124 4719251 0 235 4719252 0 124 4719255 0 175 4719256 0 277 4719257 0 235 4719258 0 124 4719259 0 1 4719260 0 5 4719261 0 114 4721153 0 173 4721155 0 71 4721157 0 101 4721159 0 65 4721161 0 104 4721163 0 101 4721165 0 106 4721167 0 65 4721169 0 67 4721171 0 55
Re: Debian ISOs on USB stick, was: SOLVED
On 4/3/24 00:30, Thomas Schmitt wrote: Hi, David Christensen wrote: It's a relatively simple experiment to confirm that a USB flash drive with d-i changes after the first boot. This could still be https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056998 where Lenovo BIOS and/or MS-Windows altered the USB stick. Same for finding which bytes change. I fail to find this particular info in Date: Tue, 2 Apr 2024 14:46:42 -0700 From: David Christensen Message-ID: If we have the exact ISO name (i.e. URL from where it stems) and the byte address of the alteration, xorriso can find the affected file, if any. In case of bug #1056998 it was the EFI partition image /boot/grub/efi.img. Mounting the altered and unaltered image files showed changes in the FAT filesystem which point to the culprits Lenovo and Microsoft. The other plausible way of altering the ISO image on the stick would be adding a new partition. The MBR partition table is part of the Debian ISO and thus part of the checksummed area. Even if all other alterations happen after the end of the checksummed ISO image, the changed partition table will cause the Debian checksum to become invalid. (I am not aware that Debian installer changes the table. If it does indeed then this might be worth a new bug discussion.) Have a nice day :) Thomas 2024-04-03 03:29:18 root@laalaa /samba/dpchrist/iso/debian/11.3.0 # cmp --verbose debian-11.3.0-amd64-netinst.iso /dev/sdb 2083201 0 377 2083202 0 377 2083203 0 377 2085249 0 377 2085250 0 377 2085251 0 377 2085409 0 102 2085410 0 40 2085412 0 111 2085414 0 156 2085416 0 146 2085418 0 157 2085420 0 17 2085422 0 162 2085423 0 162 2085425 0 155 2085427 0 141 2085429 0 164 2085431 0 151 2085433 0 157 2085437 0 156 2085441 0 1 2085442 0 123 2085444 0 171 2085446 0 163 2085448 0 164 2085450 0 145 2085452 0 17 2085454 0 162 2085455 0 155 2085457 0 40 2085459 0 126 2085461 0 157 2085463 0 154 2085465 0 165 2085469 0 155 2085471 0 145 2085473 0 123 2085474 0 131 2085475 0 123 2085476 0 124 2085477 0 105 2085478 0 115 2085479 0 176 2085480 0 61 2085481 0 40 2085482 0 40 2085483 0 40 2085484 0 26 2085486 0 167 2085487 0 174 2085488 0 277 2085489 0 235 2085490 0 124 2085491 0 235 2085492 0 124 2085495 0 175 2085496 0 277 2085497 0 235 2085498 0 124 2085500 0 5 4719105 0 56 4719106 0 40 4719107 0 40 4719108 0 40 4719109 0 40 4719110 0 40 4719111 0 40 4719112 0 40 4719113 0 40 4719114 0 40 4719115 0 40 4719116 0 20 4719118 0 167 4719119 0 174 4719120 0 277 4719121 0 235 4719122 0 124 4719123 0 235 4719124 0 124 4719127 0 175 4719128 0 277 4719129 0 235 4719130 0 124 4719132 0 5 4719137 0 56 4719138 0 56 4719139 0 40 4719140 0 40 4719141 0 40 4719142 0 40 4719143 0 40 4719144 0 40 4719145 0 40 4719146 0 40 4719147 0 40 4719148 0 20 4719150 0 167 4719151 0 174 4719152 0 277 4719153 0 235 4719154 0 124 4719155 0 235 4719156 0 124 4719159 0 175 4719160 0 277 4719161 0 235 4719162 0 124 4719169 0 102 4719170 0 107 4719172 0 165 4719174 0 151 4719176 0 144 4719180 0 17 4719182 0 377 4719183 0 377 4719184 0 377 4719185 0 377 4719186 0 377 4719187 0 377 4719188 0 377 4719189 0 377 4719190 0 377 4719191 0 377 4719192 0 377 4719193 0 377 4719194 0 377 4719197 0 377 4719198 0 377 4719199 0 377 4719200 0 377 4719201 0 1 4719202 0 111 4719204 0 156 4719206 0 144 4719208 0 145 4719210 0 170 4719212 0 17 4719214 0 377 4719215 0 145 4719217 0 162 4719219 0 126 4719221 0 157 4719223 0 154 4719225 0 165 4719229 0 155 4719231 0 145 4719233 0 111 4719234 0 116 4719235 0 104 4719236 0 105 4719237 0 130 4719238 0 105 4719239 0 176 4719240 0 61 4719241 0 40 4719242 0 40 4719243 0 40 4719244 0 40 4719246 0 171 4719247 0 174 4719248 0 277 4719249 0 235 4719250 0 124 4719251 0 235 4719252 0 124 4719255 0 175 4719256 0 277 4719257 0 235 4719258 0 124 4719259 0 1 4719260 0 5 4719261 0 114 4721153 0 173 4721155 0 71 4721157 0 101 4721159 0 65 4721161 0 104 4721163 0 101 4721165 0 106 4721167 0 65 4721169 0 67 4721171 0 55 4721173 0 71 4721175 0 102 4721177 0 63 4721179 0 61 4721181 0 55 4721183 0 64 4721185 0 71 4721187 0 62 4721189 0 105 4721191 0 55 4721193 0 102 4721195 0 66 4721197 0 105
Re: Debian ISOs on USB stick, was: SOLVED
On 4/2/24 08:56, Thomas Schmitt wrote: Hi, David Christensen wrote: the Debian installer modifies the contents of the USB flash drive when it runs. Do you mean inside the range of the ISO image or outside by creating a new partition ? songbird wrote: if it is an iso image copied to the USB stick it should not be modified if you haven't somehow told the installer to install the system to that USB stick (somehow). There are other parties which feel entitled to operate on the EFI System Partition of a USB stick. In https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056998 we found that Lenovo Thinkpad firmware created directories for storing an empty file named "/efi/Lenovo/BIOS/SelfHealing.fd" and that MS-Windows created a 12-byte file named "/System Volume Information/WPSettings.dat" when it had contact with the USB stick. i guess if you wanted to be really sure you could mount it read-only. I think it's the installer which mounts the ISO 9660 filesystem. Whatever, the Linux kernel has no regular means to alter an ISO 9660 filesystem. Neither kernel nor Debain installer will be so daring to operate with byte level commands on that filesystem. But the FAT filesystem in file /boot/grub/efi.img of the ISO 9660 filesystem in debian-12.*-amd64-netinst.iso is advertised by the partition table of the image and thus attracts vermin. Have a nice day :) Thomas Please see my reply to songbird. It's a relatively simple experiment to confirm that a USB flash drive with d-i changes after the first boot. Same for finding which bytes change. The challenge is figuring out what performed the change(s) and why. I assumed it was d-i, but no longer own 64-bit BIOS-only computers to confirm. David
