[TriLUG] dual boot laptop loosing boot info
Joseph Mack NA3T
jmack at wm7d.net
Fri Dec 24 22:53:24 EST 2010
On Thu, 9 Dec 2010, Derek Linz wrote:
> What's the output of 'fdisk -l'? Is it the Windows
> partition that's first or the Linux?
x60:~# fdisk -l /dev/sda
Disk /dev/sda: 500.1 GB, 500107862016 bytes
255 heads, 63 sectors/track, 60801 cylinders
Units = cylinders of 16065 * 512 = 8225280 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x63e39c64
Device Boot Start End Blocks Id
/dev/sda1 * 132 3955 30716280 7 HPFS/NTFS winxp
/dev/sda2 18725 19999 10241437+ 83 Linux test partition
/dev/sda3 20000 21245 10008495 83 Linux /
Partition 3 does not end on cylinder boundary.
/dev/sda4 21246 60801 317733570 5 Extended
Partition 4 does not end on cylinder boundary.
/dev/sda5 21246 26226 40009851 83 Linux /usr
/dev/sda6 26227 60300 273699373+ 83 Linux /src
/dev/sda7 60301 60801 4024251 82 Linux swap
> And yeah I'm a fan of grub2, It's a lot more
> flexible...easy to configure if you want it to be ('sudo
> grub-mkconfig -o /boot/grub/grub.cfg')
sure but grub.cfg is a nightmare.
winxp is first.
Wheneven I lost the grub boot I could restore grub by
booting off a cdrom and reinstalling grub. That this worked
showed that the linux partitions and the partition table was
I later checked the winxp partition (which I don't use
much), I found winxp was hosed too (partition wouldn't
mount, bits in early part of partition were all changed).
Something was happening to the early blocks of the disk, but
after the partition table.
So I wrote a cron job to do an md5 on the 1st 63 blocks of
/dev/sda and the first 63 blocks of /dev/sda1 every hour.
I've only lost boot once since then (2 days later) and the
winxp partition was hosed about 2hrs before the boot sector
was lost (both happened in a single linux session without me
being aware of it till attempted to boot the next day). So
apparently there are two different writing events - one for
the boot area and one for the winxp partition
I then moved the winxp partition up by a Gig (which is where
it is now - as you can see from the fdisk -l table above),
to see if the process was writing at the beginning of the
partition or at block 64. It's been moved for just 2 weeks
now and nothing has happened to the winxp partition. It only
took 2 days for the winxp to get written over last time, so
I take it that the winxp problem has an interim fix.
I assume then that the problem code is writing early in the
disk and winxp cops it because it is straight after the boot
area. Why it's doing it to the 1st 63 blocks of winxp
separately to the boot area, I don't know.
rkhunter didn't find anything but combofix when run in winxp
kept finding a rootkit and then hanging.
When you install winxp on this thinkpad, to get the thinkpad
drivers (wifi, video, trackpad...), you do a multiple
interative process like Microsoft update but from Lenovo. I
don't remember if I got a BIOS update, but if you need one,
it comes then. I wasn't having any problems before I did
I wondered if I had a BIOS virus. I force reflashed the BIOS
with the same (latest) version and I haven't had any
problems since then (about a week). This is encouraging. I
thought of e-mailing you about it but didn't want to declare
success prematurely, so have sat on it.
The current theory then is that I had a BIOS virus, which
seems to be unusual.
If this cure sticks, I'll move winxp back down to block 64
Joseph Mack NA3T EME(B,D), FM05lw North Carolina
jmack (at) wm7d (dot) net - azimuthal equidistant map
generator at http://www.wm7d.net/azproj.shtml
Homepage http://www.austintek.com/ It's GNU/Linux!
More information about the TriLUG