the Debian installer modifies the contents of the USB flash drive when
it runs.
if it is an iso image copied to the USB stick it should not
be modified if you haven't somehow told the installer to
install the system to that USB stick (somehow).
i guess if you wanted to be really sure you could mount it read-only.
On 4/3/24 00:30, Thomas Schmitt wrote:
Hi,
David Christensen wrote:
It's a relatively simple experiment to confirm that a USB flash drive
with
d-i changes after the first boot.
This could still be
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056998
where Lenovo BIOS and/or MS-Windows altered the USB stick.
Same for finding which bytes change.
I fail to find this particular info in
Date: Tue, 2 Apr 2024 14:46:42 -0700
From: David Christensen <dpchrist@holgerdanske.com>
Message-ID: <fbeae732-04c7-457d-911b-4686c2466ebd@holgerdanske.com>
If we have the exact ISO name (i.e. URL from where it stems) and the
byte address of the alteration, xorriso can find the affected file, if
any.
In case of bug #1056998 it was the EFI partition image
/boot/grub/efi.img.
Mounting the altered and unaltered image files showed changes in the
FAT filesystem which point to the culprits Lenovo and Microsoft.
The other plausible way of altering the ISO image on the stick would be
adding a new partition.
The MBR partition table is part of the Debian ISO and thus part of the
checksummed area. Even if all other alterations happen after the end
of the checksummed ISO image, the changed partition table will cause the
Debian checksum to become invalid.
(I am not aware that Debian installer changes the table. If it does
indeed
then this might be worth a new bug discussion.)
Have a nice day :)
Thomas
2024-04-03 03:29:18 root@laalaa /samba/dpchrist/iso/debian/11.3.0
# cmp --verbose debian-11.3.0-amd64-netinst.iso /dev/sdb
2083201 0 377
2083202 0 377
2083203 0 377
2085249 0 377
2085250 0 377
2085251 0 377
2085409 0 102
2085410 0 40
2085412 0 111
2085414 0 156
2085416 0 146
2085418 0 157
2085420 0 17
2085422 0 162
2085423 0 162
2085425 0 155
2085427 0 141
2085429 0 164
2085431 0 151
2085433 0 157
2085437 0 156
2085441 0 1
2085442 0 123
2085444 0 171
2085446 0 163
2085448 0 164
2085450 0 145
2085452 0 17
2085454 0 162
2085455 0 155
2085457 0 40
2085459 0 126
2085461 0 157
2085463 0 154
2085465 0 165
2085469 0 155
2085471 0 145
2085473 0 123
2085474 0 131
2085475 0 123
2085476 0 124
2085477 0 105
2085478 0 115
2085479 0 176
2085480 0 61
2085481 0 40
2085482 0 40
2085483 0 40
2085484 0 26
2085486 0 167
2085487 0 174
2085488 0 277
2085489 0 235
2085490 0 124
2085491 0 235
2085492 0 124
2085495 0 175
2085496 0 277
2085497 0 235
2085498 0 124
2085500 0 5
4719105 0 56
4719106 0 40
4719107 0 40
4719108 0 40
4719109 0 40
4719110 0 40
4719111 0 40
4719112 0 40
4719113 0 40
4719114 0 40
4719115 0 40
4719116 0 20
4719118 0 167
4719119 0 174
4719120 0 277
4719121 0 235
4719122 0 124
4719123 0 235
4719124 0 124
4719127 0 175
4719128 0 277
4719129 0 235
4719130 0 124
4719132 0 5
4719137 0 56
4719138 0 56
4719139 0 40
4719140 0 40
4719141 0 40
4719142 0 40
4719143 0 40
4719144 0 40
4719145 0 40
4719146 0 40
4719147 0 40
4719148 0 20
4719150 0 167
4719151 0 174
4719152 0 277
4719153 0 235
4719154 0 124
4719155 0 235
4719156 0 124
4719159 0 175
4719160 0 277
4719161 0 235
4719162 0 124
4719169 0 102
4719170 0 107
4719172 0 165
4719174 0 151
4719176 0 144
4719180 0 17
4719182 0 377
4719183 0 377
4719184 0 377
4719185 0 377
4719186 0 377
4719187 0 377
4719188 0 377
4719189 0 377
4719190 0 377
4719191 0 377
4719192 0 377
4719193 0 377
4719194 0 377
4719197 0 377
4719198 0 377
4719199 0 377
4719200 0 377
4719201 0 1
4719202 0 111
4719204 0 156
4719206 0 144
4719208 0 145
4719210 0 170
4719212 0 17
4719214 0 377
4719215 0 145
4719217 0 162
4719219 0 126
4719221 0 157
4719223 0 154
4719225 0 165
4719229 0 155
4719231 0 145
4719233 0 111
4719234 0 116
4719235 0 104
4719236 0 105
4719237 0 130
4719238 0 105
4719239 0 176
4719240 0 61
4719241 0 40
4719242 0 40
4719243 0 40
4719244 0 40
4719246 0 171
4719247 0 174
4719248 0 277
4719249 0 235
4719250 0 124
4719251 0 235
4719252 0 124
4719255 0 175
4719256 0 277
4719257 0 235
4719258 0 124
4719259 0 1
4719260 0 5
4719261 0 114
4721153 0 173
4721155 0 71
4721157 0 101
4721159 0 65
4721161 0 104
4721163 0 101
4721165 0 106
4721167 0 65
4721169 0 67
4721171 0 55
4721173 0 71
4721175 0 102
4721177 0 63
4721179 0 61
4721181 0 55
4721183 0 64
4721185 0 71
4721187 0 62
4721189 0 105
4721191 0 55
4721193 0 102
4721195 0 66
4721197 0 105
4721199 0 62
4721201 0 55
4721203 0 71
4721205 0 106
4721207 0 63
4721209 0 61
4721211 0 70
4721213 0 105
4721215 0 64
4721217 0 61
4721219 0 66
4721221 0 105
4721223 0 63
4721225 0 71
4721227 0 175
cmp: EOF on debian-11.3.0-amd64-netinst.iso after byte 396361728
2024-04-03 03:31:50 root@laalaa /samba/dpchrist/iso/debian/11.3.0
#
David
Hi,
David Christensen wrote:
the Debian installer modifies the contents of the USB flash drive when
it runs.
Do you mean inside the range of the ISO image or outside by creating a
new partition ?
songbird wrote:
if it is an iso image copied to the USB stick it should not
be modified if you haven't somehow told the installer to
install the system to that USB stick (somehow).
There are other parties which feel entitled to operate on the EFI System Partition of a USB stick.
In
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056998
we found that Lenovo Thinkpad firmware created directories for storing
an empty file named "/efi/Lenovo/BIOS/SelfHealing.fd" and that MS-Windows created a 12-byte file named "/System Volume Information/WPSettings.dat"
when it had contact with the USB stick.
i guess if you wanted to be really sure you could mount it read-only.
I think it's the installer which mounts the ISO 9660 filesystem.
Whatever, the Linux kernel has no regular means to alter an ISO 9660 filesystem. Neither kernel nor Debain installer will be so daring to
operate with byte level commands on that filesystem.
But the FAT filesystem in file /boot/grub/efi.img of the ISO 9660
filesystem in debian-12.*-amd64-netinst.iso is advertised by the partition table of the image and thus attracts vermin.
Have a nice day :)
Thomas
Hi,
David Christensen wrote:
It's a relatively simple experiment to confirm that a USB flash drive with >> d-i changes after the first boot.
This could still be
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1056998
where Lenovo BIOS and/or MS-Windows altered the USB stick.
Same for finding which bytes change.
I fail to find this particular info in
Date: Tue, 2 Apr 2024 14:46:42 -0700
From: David Christensen <dpchrist@holgerdanske.com>
Message-ID: <fbeae732-04c7-457d-911b-4686c2466ebd@holgerdanske.com>
If we have the exact ISO name (i.e. URL from where it stems) and the
byte address of the alteration, xorriso can find the affected file, if
any.
In case of bug #1056998 it was the EFI partition image /boot/grub/efi.img. Mounting the altered and unaltered image files showed changes in the
FAT filesystem which point to the culprits Lenovo and Microsoft.
The other plausible way of altering the ISO image on the stick would be adding a new partition.
The MBR partition table is part of the Debian ISO and thus part of the checksummed area. Even if all other alterations happen after the end
of the checksummed ISO image, the changed partition table will cause the Debian checksum to become invalid.
(I am not aware that Debian installer changes the table. If it does indeed then this might be worth a new bug discussion.)
Have a nice day :)
Thomas
It's a relatively simple experiment to confirm that a USB flash drive with d-i changes after the first boot.
Same for finding which bytes change.
| Sysop: | Keyop |
|---|---|
| Location: | Huddersfield, West Yorkshire, UK |
| Users: | 546 |
| Nodes: | 16 (2 / 14) |
| Uptime: | 148:03:50 |
| Calls: | 10,383 |
| Calls today: | 8 |
| Files: | 14,054 |
| D/L today: |
2 files (1,861K bytes) |
| Messages: | 6,417,737 |