Keith C. Perry on 9 Oct 2016 08:15:59 -0700

[Date Prev] [Date Next] [Thread Prev] [Thread Next] [Date Index] [Thread Index]

Re: [PLUG] Summary Re: Read only USB drive

"Software tricks might be an interesting. Did you mean host-side, or
tweaking the USB drive boot sector bits?  I’d be most interested in
the latter, it is an area I know very little of."

To expand on this a bit, yes, these would be a device tweaks.  The two methods I have seen are:

1) Adjusting the file partition blocks to be greater than the device blocks

This was my best interpretation of what I was seeing.  There may be a proper name for the technique.

For example, you could write a 4Gb filesystem to a 6Gb partition on an 8Gb device.  Once everything is set, you change the partition size from 6Gb to  9Gb.  This results in an error on a write or any file system modification.  I'm pretty sure you have to do this with a expert tool like sfdisk or equivalent because anything else will naturally generate errors during sanity checks.  I haven't encountered this method in awhile and I've only personally fixed the problem to restore write access to a USB stick.

2) Writing ISOs to USB (i.e. Hybrid disks et al)

This more updated method occurs by the nature of ISO images can be detected on USB media on modern BIOSs.  It seems that the USB device boot type just looks at the device header information instead to assuming it because of the type of USB device selected .  Specifically, the ISO image should identify as a closed session orange book (cd-rom) media so that the core file system is read only.  I used to re-author Slax CD's for Linux router builds and this was a way to make sure that file system would never be critically modified as well as be a way to bring up another router on any properly equipped device with just a boot CD (Slax also could boot to RAM so the CD's lived in their bays so I knew where they were at all times).

I say "core" file system because Slax used aufs and I think now overlayfs which is the preferred method.  Either gives you the benefit of having some run-time write access to the file system in the way you mentioned above for metadata.  I don't remember if I ever burned a re-auth'd Slax disk to a USB stick so I'm not sure if it would work but I don't see why not.

These days my experience with read-only USB drives is in re-authoring distro installs onto a single flash drive so I don't have to burn and carry a bunch of disks.  Plus its increasingly likely for desktop and server systems to not have optical drives so I was carrying both anyway.  USB devices are getting pretty big for cheap (I have a 256Gb unit from Microcenter and it was less than $75) so have a locked USB system is becoming an attractive idea.

Hope this helps.

~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~ ~
Keith C. Perry, MS E.E.
Owner, DAO Technologies LLC
(O) +1.215.525.4165 x2033
(M) +1.215.432.5167

From: "George Zipperlen" <>
Sent: Friday, October 7, 2016 11:40:42 PM
Subject: [PLUG] Summary Re:  Read only USB drive

Thanks to all who replied, please excuse the portmanteau reply with
lost Reference threading, I subscribe to the Digest. I’ll try to make
up for that by top^H^H^Hinterleaved posting a summary of the

I asked:
I'm looking for an in-hardware method to make a USB drive read-only. Either with a built in switch, or, via a small, inexpensive, USB 'sleeve' sitting  between the drive and the USB port.

Use case (1): A larger equivalent to CD-ROM or DVD Write Once Read Many, for archival backup.

Use case (2): bootable USB sticks

Use case (3): A way to safely distribute data, even their own (!) to an end user who might inadvertently trash something, or be using an OS which messes with any file system attached to a USB port.

Mark Bergman:

Thank you! I now know the keywords ‘in-line USB write-blocker’

This is a (medium $$) version of the hardware ’sleeve’ I was looking
for.  Cheaper than the full blown forensic kits that I found, but
still a bit pricey to distribute with a $25 128gb USB stick.

Keith C. Perry:
Interesting request...  I've only ever done with by user various software tricks.  I would like to see such an animal too.

Software tricks might be an interesting. Did you mean host-side, or
tweaking the USB drive boot sector bits?  I’d be most interested in
the latter, it is an area I know very little of.

Jason Plum:
I can't speak to recommendations, but some examples follow:

Nice.  This also gives me the key-words ‘Flash Drive with Physical
Write Protect switch’ and ‘Write Protection Flash Drive’. I’d been
searching for ‘read-only’.

Jason Plum:
You could, possibly, use a USB SD card reader, and use the physical lock switch on an SD card, though it might not perform they way you need (boot, etc).

Other folks also suggested this. Thanks, I didn’t think of SD cards.
Very nice for the “Don’t need it any more, re-use the media use case”.
Very portable, with *much* smaller physical footprint than DVDs.

I should have also added, in use cases (1: archive) and (3: data
distribution), that I want to avoid juggling multi-volume CD/DVD sets
when data is more than 1, 2, 4, 8gb. Which, I believe, is also roughly
the capacity of SD cards.

JP Vossen:
This probably does not answer all your use cases, and perhaps others on the list can shed more light, but I have found that the so-called "hybrid" ISOs I've "burned" to USB via dd are read only. The USB stick itself is not but the file system on the stick *is* and while you can reformat the stick to make it writeable again or just dd a new ISO over top of it, I've not found a way to write one used in that way. I should note I haven't tried either, I've just accidentally reminded myself of the fact when I've booted one then tried to update something.

See: examples

Thank you!  I will read these links and do some experiments. I think
hybrid-iso will solve the ‘accidental’ user write problem, and
reasonable cases of OS-crash, or power outage.

Hybrid-iso should also solve mild cases of OSes merrily writing meta
data and directory thumb-nail files.

I think it will solve the extreme OS case. The OS(es) in question just
love to go hog wild on NTFS partitions.

Real life screw up on my part: I attached a large Win7 USB backup to a
WinXP machine. It immediately started thrashing, and eventually
crashed while (I guess) frantically searching for DRM media.
Fortunately, we still had the running Win7 box, and other backups.

john boris:
If you used an SD card you can render it read only by breaking the slide lock off or gluing it (carefully using super glue)
But a quick search on You Tube will show you how to get past that

Reminds me of floppy disks. The trick was very good for preventing
accidental write (my use case), but not for security use cases.

Philip Rushik:
USB uses the same 2 pins for read and write, so any tool that goes in
between the USB drive and the computer machine needs to have some
annoying smarts in it, which will probably make it fragile and/or
[ trimmed ]
[1] -



and Rich Mingin:

Cool. Not for the current use case, but I will keep it in mind.

Rich Mingin:
For OP, easiest way would be to find one of those older USB keys with a hardware RW/RO switch. I have a few still, if you can't find any. Mine are 1GB, do you need larger?

These would be perfect for use case (2: bootable).  The ones I
remember were on the order of 100mb, an hour of MP3 music.

An aside on search engines: I thoroughly agree with JP Vossen and
Christopher Barry.

I use DuckDuckGo by default for my every-day searches. I turn off
AdBlock for them. I like that DDG doesn’t remember my search history.
Not only for privacy issues, but because Google’s ‘clever’ tailoring
of search results based on history is *not* what I want, purely in
terms of doing research on the net.  I wouldn’t want a library catalog
or journal index that re-arranged itself all the time…

I like that DuckDuckGo is a meta-search-engine, like the late lamented

I’ve only used Bing a few times, similar issues to Google’s.

I need GoogleGroups (I *really* miss DejaNews), G-Images, and,
sometimes, G-Books and G-Scholar. I have huge problems with Google,
Elsevier, Springer, et al, but that’s another rant.

I find StartPage nice, but slow. I resort to Google-with-cookies-off
when want filtering by date range (while they still support it), and a
result count (while…)  I think StartPage also can return a count, but
I couldn’t find it just now.

DuckDuckGo’s date range is only crude recent bounds, not something
like ‘between 2005 and 2012’.  DuckDuckGO does not support a result

I get their point, but I’m looking for an order-of-magnitude count,
and the ability to compare the result count on similar searches:
   About 3,160,000 results (0.41 seconds)
   About 28,800,000 results (0.36 seconds)

I’d also like real regular expressions, SQL-like searches, and the
’NEAR’ operator which Google no longer supports.

DuckDuckGo does have an extensibility Framework/API for their Instant
Answers that might work for this. But it’s part of the _javascript_
ecosystem, and I’m a C, Perl, Python, SQL, kinda guy. I don’t have the
time to take on another project and another language at the moment.

I could also do my own Python web crawler, but I don’t really have the
resources, and it would be blocked, ASAP

George Zipperlen
Formerly a sysadmin, recently, officially
old enough to be a Curmudgeon

Philadelphia Linux Users Group         --
Announcements -
General Discussion  --
Philadelphia Linux Users Group         --
Announcements -
General Discussion  --