On Thu, May 30, 2019 at 11:07 AM CLOSE Dave Dave.Close@us.thalesgroup.com wrote:
Chris Murphy wrote:
Not sure what would corrupt it but there is competition for LBA 0, the MBR, in that there's a bootloader portion in the first ~440 bytes and then a partition table from that point until the 512th byte. So whenever something changes a partition or a boot flag (active bit) or bootloader jump code, there's a risk. This was such a well known problem it directly affected GPT. For one, don't use LBA 0. Two, make two copies in two totally different locations. Three, checksum everything. Four, give the bootloader its own home, no sharing.
Interesting advice but it leaves me without a course of action. How does one avoid using LBA 0? Doesn't the boot loader already have its own location?
It has multiple locations. One of which is the first 440 bytes of LBA 0.
We'd need to look at LBA 0 on a broken system to do an autopsy. Once it's fixed, the evidence of what stepped on it is wiped away.