Grub dd?

Grub dd?

[Peter Xu]

Hi, Grub list,

I found there's no "dd" command for grub.  Is there a reason?

Asked because I think it could be really handy to be able to do that 
with grub.  For example, a simple use case is we can backup root 
partition somewhere on a backup disk before hand, then if the real root 
partition corrupted for some reason we can always dd it back within grub 
loader.  It could be helpful when it's non-trivial to attach a USB live 
image to the system so we can't initiate "dd" in a live Linux distro.

I'm actually thinking of some way to allow the root fs to be recovered 
from a "snapshot" by dd-ing from a backup block device before loading 
linux and everything, for every single time the system boots.  Then we 
guarantee every time we boot into the system we'll always see the same 
content for root fs.  Not sure whether that can be easily done with 
current grub.

Thanks,

-- 
Peter Xu

Re: Grub dd?

[Endres]

Hi,

could mean a possible security vulnerability. In case there are no other
boot devices available, as well as no custom kernel options allowed in
the boot line, dd still would offer to dump data from devices.

So, I am not sure if that is something that grub should be able to do.
At least I would recommend to add it as a "default-off" feature.

Cheers,
Endres

On 11/21/21 4:26 AM, Peter Xu wrote:
> Hi, Grub list,
> 
> I found there's no "dd" command for grub.  Is there a reason?
> 
> Asked because I think it could be really handy to be able to do that
> with grub.  For example, a simple use case is we can backup root
> partition somewhere on a backup disk before hand, then if the real root
> partition corrupted for some reason we can always dd it back within grub
> loader.  It could be helpful when it's non-trivial to attach a USB live
> image to the system so we can't initiate "dd" in a live Linux distro.
> 
> I'm actually thinking of some way to allow the root fs to be recovered
> from a "snapshot" by dd-ing from a backup block device before loading
> linux and everything, for every single time the system boots.  Then we
> guarantee every time we boot into the system we'll always see the same
> content for root fs.  Not sure whether that can be easily done with
> current grub.
> 
> Thanks,
> 

Re: Grub dd?

[Daniel Kiper]

On Sun, Nov 21, 2021 at 11:26:24AM +0800, Peter Xu wrote:
> Hi, Grub list,
>
> I found there's no "dd" command for grub.  Is there a reason?

In general the GRUB does not support disk writes except grubenv. Though
I think we could consider addition of dd command. However, as it was
pointed out in the other email it should be disabled at least on
platforms where lockdow/UEFI Secure Boot is enforced.

Daniel

Re: Grub dd?

[Peter Xu]

On 2021-11-26 1:39 a.m., Daniel Kiper wrote:
> On Sun, Nov 21, 2021 at 11:26:24AM +0800, Peter Xu wrote:
>> Hi, Grub list,
>>
>> I found there's no "dd" command for grub.  Is there a reason?
> 
> In general the GRUB does not support disk writes except grubenv. Though
> I think we could consider addition of dd command. However, as it was
> pointed out in the other email it should be disabled at least on
> platforms where lockdow/UEFI Secure Boot is enforced.

I see, thanks to both for the prompt response.  That makes sense, I'll 
think about it.

(Btw I think I missed the email from Endres for some reason, but I can 
see that in the archive)

-- 
Peter Xu