Kaspersky
Solved

Rescue disk KRD 2018 persistence only works on Removable USB drives

  • 4 September 2019
  • 12 replies
  • 163 views

The 'Create persistent volume' start menu script creates a \data\krd.bs file when booting from a USB hard disk, but persistence does not work when you reboot and there is no \livemnt\backstore or \livemnt\boot. It works OK only if the USB drive is a Removable type of USB drive.

This means we cannot have persistence when using multiboot USB hard disks, USB Corsair GTX flash drive or USB Silverstone M.2 drive enclosures, etc,
icon

Best answer by Andrey Kirzhemanov 4 September 2019, 12:16

Try to add kernel argument:

code:
backstore=alldev
View original

12 replies

Badge
Hi, @SteveSi!

Thank you for your report! Can you provide more details:
1) As far as i understand 'Create persistent volume' script create persistent volume, but it isn't used after reboot, isn't it?
2) How did you create multiboot USB hard disk with KRD2018?
Yes - the krd.bs is not found on booting.
I just made a .imgPTN file using Easy2Boot.
https://rmprepusb.blogspot.com/2014/04/adding-kaspersky-rescue-iso-to.html
I am the developer of Easy2Boot.
Badge
Try to add kernel argument:

code:
backstore=alldev
Thanks, that works.

I have a problem with UEFI booting though...

re. UEFI booting, the latest ISO has \boot\EFI folder with
\EFI\boot\bootx64.efi 2019-08-08
\EFI\boot\krd_grub.efi 2019-08-08

'Something goes wrong with config (hd0,msdos1)/boot/grub/grub.cfg'

but if I add \EFI\boot\grubx64.efi and bootx64.efi from an Ubuntu ISO it works OK.
Any ideas?
P.S. I can just see the initial error message 'unknown filesystem' before the 'Something goes wrong..' error message.
I think maybe FAT32 (standard UEFI filesystem format) is not supported by UEFI boot files?
Badge
'Something goes wrong with config (hd0,msdos1)/boot/grub/grub.cfg'

but if I add \EFI\boot\grubx64.efi from an Ubuntu ISO it works OK.
Any ideas?


Is Secure Boot is active on this UEFI machine? Did you change this grub.cfg?

P.S. I can just see the initial error message 'unknown filesystem' before the 'Something goes wrong..' error message.
I think maybe FAT32 (standard UEFI filesystem format) is not supported by UEFI boot files?


Provide screenshot with this errors, please.



This is just before the 'Something goes wrong...' message appears.
Not Secure Boot.
Happens under VirtualBox booting from FAT32 USB drive and real system.
USB drive was not made using dd but by MBR partition + FAT32 volume.
Standard grub2 Ubuntu boot files work fine.
grub.cfg was not modified - it still has commented out lines as in latest ISO.

code:
set default=0
set timeout=10
set answer=0
clear
#echo -n "Press ESC to load Kaspersky Rescue Disk... "
#if sleep --verbose --interruptible ${timeout} ; then
# set timeout=0
# set default=0
# source /boot/grub/cfg/en.cfg
# source /boot/grub/${grub_cpu}-${grub_platform}/cfg/boot_from_hard.cfg
#else
source /boot/grub/cfg/lang_menu.cfg
#fi
Badge
Thank you for screenshot!

So, "error: unknown filesystem." is known situation and grub tries to find files (see next line). And accoridnig to:
code:
'Something goes wrong with config (hd0,msdos1)/boot/grub/grub.cfg'


config was found. But there were line:
code:
Check signature state is enforce


says that grub validating all accessing files by signature (you can see *.sig files near all other files). If you modified one of config or module then signature verification will be failed (this mode is active only for UEFI x86-64 mode). So, all grub config/module modifications are inaccessible now (even if Secure Boot is off due to we can't check state of Secure boot from grub configs). Grub from Ubuntu don't enable signature verification mode (they use unoffictial patches to prevent loading unsigned modules on Secure Boot).
OK - If I use all original files from the ISO then it UEFI-boots,

but if I modify kav_menu.cfg to add backstore=alldev then it will not boot.
I can select English and press ENTER but nothing happens.
If I restore original kav_menu.cfg then it boots (but no persistence).
So how can I have persistence with a USB hard disk on UEFI-boot?
Badge
Now you can add this parameter only manually.

We have plans to use this unofficial grub patches too (grub in Gentoo doen't have them by default). But i don't know when next patch will be released.
OK - why not add alldev code to menu - will it do any harm?
Thank you for your help. Much appreciated.
Badge
OK - why not add alldev code to menu - will it do any harm?

Without patches in enforce state grub verifier all accesses files (configs, pictures, modules and etc). We add signature enforcing to block vulnerability with any grub patches.

Reply / Ответить