Can you really hide a GPT partition?

User discussion and information resource forum for BootIt Bare Metal and BootIt UEFI

Can you really hide a GPT partition?

Postby dnlathrop » Wed May 06, 2020 5:47 pm

A few threads have discussed this problem but I did not find an answer.

With BIU, I have installed two Linux OS with one root partition for each. Limit Primaries is not set. In Boot Edit, in the GPT Details window I marked each of their root partitions hidden to the other OS. The slot is locked for one; not locked for the other.

When I boot either OS, the root partition of the other OS is visible and can be mounted, its files read, modified, etc.

I would like to hide one OS partition from the other. By "hide" I mean prevent its files from being seen or accessed. It appears this is not possible with BIU, or did I do something wrong?
dnlathrop
 
Posts: 40
Joined: Sat Sep 01, 2012 3:21 pm

Re: Can you really hide a GPT partition?

Postby TeraByte Support » Thu May 07, 2020 9:19 am

You can confirm it's hidden by using a partinfo listing and checking the
GUID type of the partition. But if you have some distro or version of
a utility that ignores partition types and just tries things like
mounting on any type, then you can't stop it (we don't remove from the
table with GPT because there should be no reason too, and it makes it
easier for others to not have to worry about changing partitions).

Maybe we'll add an advanced option to take it out of gpt. I thought linux
mounting was tested when hidden, but can't remember the details or
distro used, don't have it handy to test right now.

On 5/6/2020 5:47 PM, dnlathrop wrote:
> A few threads have discussed this problem but I did not find an answer.
>
> With BIU, I have installed two Linux OS with one root partition for each. Limit Primaries is not set. In Boot Edit, in the GPT Details window I marked each of their root partitions hidden to the other OS. The slot is locked for one; not locked for the other.
>
> When I boot either OS, the root partition of the other OS is visible and can be mounted, its files read, modified, etc.
>
> I would like to hide one OS partition from the other. By "hide" I mean prevent its files from being seen or accessed. It appears this is not possible with BIU, or did I do something wrong?
>
>
TeraByte Support
 
Posts: 2968
Joined: Thu May 05, 2011 3:37 pm

Re: Can you really hide a GPT partition?

Postby dnlathrop » Thu May 07, 2020 10:11 am

TeraByte Support wrote:
> You can confirm it's hidden by using a partinfo listing and checking the
> GUID type of the partition.

I was not able to find what I needed to decipher the GUID type. Partinfo reported different types for the two root partitions (one not hidden and the other I marked to be hidden):
partition 1 = {0FC63DAF-8483-4772-8E79-3D69D8477DE4}
partition 3 = {6F422ADF-746F-7449-2048-696464656E2A}

Partition 3 is supposed to be hidden.

I am running Linux Mint. Everything I have tried (nemo, gparted, a file manger I wrote, mount) can see the "hidden" partition and mount it with no difficulty -- not even a warning it is somehow different. The hidden feature in BIU is ineffective.

I am puzzled why you concluded there should be no reason to remove from the table any partition marked to be hidden. I would think this situation demonstrates sufficient reason.

I would appreciate knowing what are your current thoughts on this. Do you think it likely you will change things to truly hide partitions? If not, it may be worth the effort to return to BIBM and legacy booting since I do not use Windows.
dnlathrop
 
Posts: 40
Joined: Sat Sep 01, 2012 3:21 pm

Re: Can you really hide a GPT partition?

Postby Brian K » Thu May 07, 2020 2:09 pm

dnlathrop,

For what it's worth, Hide does work with Windows OS. NTFS and FAT partitions can be hidden.
Brian K
 
Posts: 1810
Joined: Thu Aug 11, 2011 6:11 pm
Location: NSW, Australia

Re: Can you really hide a GPT partition?

Postby dnlathrop » Tue May 12, 2020 10:29 pm

Brian K wrote:
> dnlathrop,
>
> For what it's worth, Hide does work with Windows OS. NTFS and FAT
> partitions can be hidden.

Hi Brian,

Thanks for the reply. The feature is worth something to those who use Widows, which is the majority. For those who use something else, and I know you are one of them, it's woefully inadequate.

I guess TBU's silence in response to my question speaks volumes -- we should not hold our breath waiting for something to address this situation.

It is unfortunate. I migrated to UEFI because I thought it would be best to stay current with advancing technology. The migration was not as easy as I thought it would be. A lot of problems and complexity for no apparent benefit; educational but not worth the effort.
dnlathrop
 
Posts: 40
Joined: Sat Sep 01, 2012 3:21 pm

Re: Can you really hide a GPT partition?

Postby Brian K » Wed May 13, 2020 12:23 am

Hi dnlathrop,

Maybe I'm missing your point but if you don't mount a Linux partition it is as good as being hidden. Is that correct or not?

As you mentioned, a BootIt Hidden partition Type is {6F422ADF-746F-7449-2048-696464656E2A} and TeraByte Support said, "But if you have some distro or version of a utility that ignores partition types and just tries things like mounting on any type, then you can't stop it".
Brian K
 
Posts: 1810
Joined: Thu Aug 11, 2011 6:11 pm
Location: NSW, Australia

Re: Can you really hide a GPT partition?

Postby AGH1965 » Wed May 13, 2020 12:49 am

Brian K wrote:
> For what it's worth, Hide does work with Windows OS. NTFS and FAT
> partitions can be hidden.

Not really. Hidden NTFS and FAT partitions are clearly visible in Windows. The only thing you can't see is their contents.

For what it's worth: I would really appreciate BIU having true partition hiding, i.e. in the way BIBM did with partitions you left out of the MBR slots.
AGH1965
 
Posts: 80
Joined: Sat Jul 09, 2016 6:36 am
Location: Netherlands

Re: Can you really hide a GPT partition?

Postby tas3086 » Wed May 13, 2020 8:22 am

I would suggest that a completely hidden partition would not be easily viewed/encrypted by some intruder/hacking mechanism. Mountable partitions would be easily discover-able and subject to intrusion. Truly hidden adds an extra level of security. I'd vote for a more hidden option.

Nothing is perfect, as the total disk is accessable by everyone, so keep your backups offline.
tas3086
 
Posts: 276
Joined: Mon Mar 19, 2012 11:15 am

Re: Can you really hide a GPT partition?

Postby dnlathrop » Wed May 13, 2020 3:55 pm

Brian K wrote:
> Hi dnlathrop,
>
> Maybe I'm missing your point but if you don't mount a Linux partition it is
> as good as being hidden. Is that correct or not?

Hi Brian,

In my view, a partition that is visible but not mounted is not as secure from harm as a partition that is truly hidden in what would appear to be unallocated space.

By harm, I do not mean preventing destruction. It is true that in either of those situations the partition can be destroyed maliciously or inadvertently. What I mean by harm is its contents being accessed and even modified by an unauthorized user or program.

There is more than a little irony here. BIU provides facilities for setting up protection against unauthorized booting of an OS so if I wished I could prevent (or at least make more difficult) a user from booting an OS through BIU; however, I cannot prevent that user from mounting and accessing that OS partition from another OS he is allowed to boot.

In my particular case with a single-user machine, my concern is possible harm arising from an inadvertent (stupid) operation on my part or harm from spyware/malware as tas3086 suggested.

These are not high-probability events but the potential harm could be enormous.

EDIT: I had a thought after I posted this. There is a way to restrict access to a partition and that is to put an entry in the fstab file with restricted permissions that prevent mounting by an ordinary user. But it does seem more than a bit odd to define a partition in fstab that you want to keep hidden, and setting up a directory and mount point you don't want used.
dnlathrop
 
Posts: 40
Joined: Sat Sep 01, 2012 3:21 pm


Return to BootIt Collection