# How to Modify the boot0 code ...



## masghari (Jan 6, 2010)

I need to make some minor changes to the boot0 code to prompt a password before anything else. I've made the changes in the boot\boot0.s file and used the "make install" command. But when I reboot the machine the old version of boot0 is executed. How can I make the modified boot0 be executed when the machine is rebooted? (Probably it's worth mentioning that I have a Win XP on drive C:\ and two data partitions for the Win XP (Drives D:\ and E:\) and the last part of my hard disk is allocated to FreeBSD)


----------



## crsd (Jan 6, 2010)

You'll need to actually install your modified /boot/boot0 using `# boot0cfg`


----------



## aragon (Jan 6, 2010)

And keep in mind that it has to fit in the size constraints of the MBR.  Last I looked there wasn't much space for any new code in boot0, so I'm guessing you had to remove functionality to get your password feature working?


----------



## zapher (Jan 6, 2010)

aragon said:
			
		

> And keep in mind that it has to fit in the size constraints of the MBR.  Last I looked there wasn't much space for any new code in boot0, so I'm guessing you had to remove functionality to get your password feature working?



Maybe he could throw in a JMP to another sector or something. And then JMP back. That would only require one more line.


----------



## Beastie (Jan 6, 2010)

zapher said:
			
		

> Maybe he could throw in a JMP to another sector or something. And then JMP back. That would only require one more line.


A jmp, plus a dozen more instructions to call int 0x13 to read the other sector(s). I'm not sure there's much free space in boot0 for even that, but I might be wrong.


----------



## SirDice (Jan 6, 2010)

masghari said:
			
		

> I need to make some minor changes to the boot0 code to prompt a password before anything else.


Why? If you want security encrypt your disks.


----------



## zapher (Jan 6, 2010)

Beastie said:
			
		

> A jmp, plus a dozen more instructions to call int 0x13 to read the other sector(s). I'm not sure there's much free space in boot0 for even that, but I might be wrong.



Well, my point was that all of his code could exist outside of boot0. Perhaps in sector 2 if he wasn't using BSDlabels etc.


----------



## Beastie (Jan 6, 2010)

zapher said:
			
		

> Well, my point was that all of his code could exist outside of boot0. Perhaps in sector 2 if he wasn't using BSDlabels etc.


I understood your point very well. What I'm saying is that you need int 0x13 code + a jmp *inside* boot0 to read the other sector and jump to its memory location, and there's not enough free space in boot0 for that. There's just enough space for the partition table.

Now maybe you're proposing he re-writes boot0 entirely, which is possible.
He could move most of the boot0 code to another location within the first track (e.g. sectors 2, 3 and 4) and add his password verification code there too. All boot0 would be doing then is reading the subsequent sectors, jump to their memory location and nothing else.


----------



## Beastie (Jan 6, 2010)

SirDice said:
			
		

> Why? If you want security encrypt your disks.


Maybe he only wants to deny access to the machine for non-computer-savvy users.


----------



## LateNiteTV (Jan 6, 2010)

cant you set a password in the bios?


----------



## SirDice (Jan 6, 2010)

Beastie said:
			
		

> Maybe he only wants to deny access to the machine for non-computer-savvy users.



Bios password as ^ mentions 

But even that won't stop a determent person (like me). Bios passwords are easily circumvented by resetting the bios. Same goes for a password on the bootsector. Stick in a boot cd/stick and you can access the data. 

If the OP is worried about not needing a password when booting to single user mode just change the console line in /etc/ttys from *secure* to *insecure*. If it's the OP's files then encryption is the only way to protect those.


----------



## zapher (Jan 6, 2010)

Beastie said:
			
		

> I understood your point very well. What I'm saying is that you need int 0x13 code + a jmp *inside* boot0 to read the other sector and jump to its memory location, and there's not enough free space in boot0 for that. There's just enough space for the partition table.
> 
> Now maybe you're proposing he re-writes boot0 entirely, which is possible.
> He could move most of the boot0 code to another location within the first track (e.g. sectors 2, 3 and 4) and add his password verification code there too. All boot0 would be doing then is reading the subsequent sectors, jump to their memory location and nothing else.



Well, not entirely. That would take a lot of effort to do. More like the latter you mentioned. Moving part of boot0 to sector 2 i.e.

But I agree with others, best option is to encrypt disks. Unless it's in, for example a cash register, and ppl don't have access to the disk or alternative boot-options.


----------



## masghari (Jan 7, 2010)

first of all I should thank everyone who have replied to this thread.
well, as most of you have guessed my ultimate goal is to prevent non authorized users to access the machine. I'm almost new to FreeBSD and don't know much about encrypting the disks. If you could give me some documents to read or even some hints I would really appreciate it.


----------



## SirDice (Jan 7, 2010)

masghari said:
			
		

> I'm almost new to FreeBSD and don't know much about encrypting the disks. If you could give me some documents to read or even some hints I would really appreciate it.


As always, the handbook contains a lot of information:

Handbook: 18.16 Encrypting Disk Partitions


----------

