Dear Colin, I've read with interest your reply and i gave a look at the grub code. You wrote an important assertion: "GRUB intentionally has no filesystem writing support". So, the writing operations that grub can do, only be sent to a pre-allocated memory regions of the disk different in any case from that allocated by the OS for the filesystem, where the user data are stored. This means that grub never can corrupt the user data. Please, can you confirm if this my conclusion is right ? Because is this the crucial question i need to solve. Thanks in advance. Best Regards. Vincenzo. Forensic Consultant Tribunale di Lecce Studio: Strada di Garibaldi - Contrada Paradisi 73010 Lequile (LE) cell: 339.7968555 skype: vincenzo.di_salvo ----Messaggio originale---- Da: cjwatson@ubuntu.com Data: 17-lug-2017 19.48 A: Ogg: Re: R: Re: CAN GRUB DO WRITING OPERATIONS ON ATTACHED DRIVES ? On Mon, Jul 17, 2017 at 07:21:49PM +0200, ingegneriaforense@alice.it wrote: > CAN GRUB IMPLICITLY WRITE TO A DRIVE ATTACHED TO A COMPUTER ? > > Implicitly means: without an explicit command from a user. Please stop SHOUTING; it's generally considered rather rude. GRUB intentionally has no general filesystem writing support. As far as I'm aware there are exactly four ways for it to send any write commands to disks: 1) The "save_env" command (grub-core/commands/loadenv.c) which writes key/value pairs to a small preallocated region of disk. This is used to communicate small amounts of information to the OS, such as whether the last request to boot a particular menu entry on only the next boot has been completed. 2) The "gptsync" command (grub-core/commands/gptsync.c), which does some MBR/GPT partition table mangling needed on some Apple models. 3) The similar "mactelbless" and "macppcbless" commands (grub-core/commands/macbless.c), which configure a file/directory on some Apple filesystems to be the 'blessed' boot image for that filesystem. 4) The "parttool" command (grub-core/commands/parttool.c, grub-core/parttool/), which can be used to make various modifications to MBR partition table entries. GRUB is scriptable, so it isn't possible to give a general answer to your question for all systems that might have custom configurations, but the default configuration files only use the "save_env" and "parttool" commands, the latter only in the case where a chainloadable operating system was detected on a disk using the MBR partition table format. In either case, it isn't going to write to a random USB device that's attached to a machine, although save_env might write to the device it believes holds /boot/grub/grubenv. The low-level disk handling code is in grub-core/disk/. -- Colin Watson [cjwatson@ubuntu.com] _______________________________________________ Grub-devel mailing list Grub-devel@gnu.org https://lists.gnu.org/mailman/listinfo/grub-devel