How to prevent dual booted OSes from damaging each other?

security multi-boot

Solution 1:

After upvoting kotekzot's answer and jet's comment here is the ultimate solution: buy a plain-old front-rack. Sorry, since shopping recommendations are forbidden I won't suggest you a specific brand.

Simply mount the system disk in the rack and swap at necessity. Since these things are cheap, you should consider buying two twin racks, because every model requires you to mount the disk in its unique enclosure that can be extracted at any time. So if you have a single rack and two enclosures you can swap disks at any time. Obviously be aware that if there are any other disks mounted on your desktop the OS has full access (super user principle) to all of them.

To run Windows in a way that it cannot access Linux partitions even after being infected by the worst malware ever, an alternate would be virtualizing, but obviously you won't get direct access to video card and gaming performance.

Solution 2:

I have almost the same problem (Hackintosh + Windows). The solution I found was installing another disk controller. These can be cheap ($30) or expensive (real RAID / SAS card on PCIe bus).

To the point:

  1. Install Windows on its own disk. The motherboard SATA ports are good for this. (Leave the other controller plugged in.)
  2. After Windows has been installed, disable (or don't install the driver) for the controller. Better: both. If the Windows kernel can't access the controller, it will not access the drive in there. This is much safer than disabling the disk in Windows.
  3. Remove the Windows disk. (Against accidental deletion when installing other OSes.)
  4. Install the other OS (Linux or whatever) on a disk on the controller. As *nix systems will not destroy other fs/disks on their own, no need to do anything here.
  5. Plug the Windows disk back in (same motherboard port you took it out of).
  6. Configure Grub to dual-boot.

In this configuration, you can access the Windows installation from *nix system, but Windows can't access anything that's on the controller.

That should be all.

Solution 3:

the kernel will always have raw access to the disk controllers and so to the disks.
And so be able to damage the other OS by destroying partitions.
While some disabling in the bios might hide the disks from the OS (this was possible on old ATA controllers but i doubt this is possible on SATA).

so the short answer is no it is not possible on the level you want.

Solution 4:

if you have easy physical access to the hardware, unplugging the data cables from the HDDs you don't wish to be accessible would be the simplest and most reliable solution. I am not aware of any virtualisation products that would suit your needs, and disabling a drive in the bootloader doesn't guarantee it will be unavailable to the OS. You could try disabling them in BIOS, but again, no guarantees it will stick.

Solution 5:

I was just reading about something like this.

The key statement from that article:

If you have multiple operating systems installed on your machine, each one thinks that it has control of your computer.

Don't put your Windows partition into /etc/fstab and format your Linux partitions with a file format Windows can't read (any extN will do). That should take care of the most common things that could go wrong.

If something on either installation is able to accidentally mess with your partition data, then you're using your system incorrectly.

Related

Angular ui router - Redirection doesn't work at all
Using Custom WCF Body Deserialization without changing URI Template Deserialization
How to handle "matching query does not exist" when getting an object
Best Strategy or tools for migrating from VB6 to .NET/.NET Core [closed]
Select from a table variable
When I try to create a channel using Hyperledger Fabric, the request fails
Django Static Files results in 404
Returning 'c_str' from a function
Validate email with a regex in jQuery
Why doesn't my simple pytorch network work on GPU device?
Why jQuery cannot trigger native click on an anchor tag?
Projecting the ARKit face tracking 3D mesh to 2D image coordinates