Sysresccd Partitioning and Partitions attributes

Partition identifiers
Each partition of your disk has an identifier. It's written in the partition table which is in the MBR if it's a disk based on the standard msdos partition table. This is just a number which says which sort of partition it is. You can get the list of all the possible partition identifiers that can be used in an msdos partition table by typing "L" in fdisk under linux:
Command (m for help): L 0 1 2 3 4 5 6 7 8 9 a b c e f 10 11 12 14 16 17 18 1b 1c 1e Empty 24 FAT12 39 XENIX root 3c XENIX usr 40 FAT16 <32M 41 Extended 42 FAT16 4d HPFS/NTFS 4e AIX 4f AIX bootable 50 OS/2 Boot Manag 51 W95 FAT32 52 W95 FAT32 (LBA) 53 W95 FAT16 (LBA) 54 W95 Ext'd (LBA) 55 OPUS 56 Hidden FAT12 5c Compaq diagnost 61 Hidden FAT16 <3 63 Hidden FAT16 64 Hidden HPFS/NTF 65 AST SmartSleep 70 Hidden W95 FAT3 75 Hidden W95 FAT3 80 Hidden W95 FAT1 NEC DOS 81 Plan 9 82 PartitionMagic 83 Venix 80286 84 PPC PReP Boot 85 SFS 86 QNX4.x 87 QNX4.x 2nd part 88 QNX4.x 3rd part 8e OnTrack DM 93 OnTrack DM6 Aux 94 CP/M 9f OnTrack DM6 Aux a0 OnTrackDM6 a5 EZ-Drive a6 Golden Bow a7 Priam Edisk a8 SpeedStor a9 GNU HURD or Sys ab Novell Netware af Novell Netware b7 DiskSecure Mult b8 PC/IX bb Old Minix be Minix / old Lin bf Linux swap / So c1 Linux c4 OS/2 hidden C: c6 Linux extended c7 NTFS volume set da NTFS volume set db Linux plaintext de Linux LVM df Amoeba e1 Amoeba BBT e3 BSD/OS e4 IBM Thinkpad hi eb FreeBSD ee OpenBSD ef NeXTSTEP f0 Darwin UFS f1 NetBSD f4 Darwin boot f2 HFS / HFS+ fb BSDI fs fc BSDI swap fd Boot Wizard hid fe Solaris boot ff Solaris DRDOS/sec (FATDRDOS/sec (FATDRDOS/sec (FATSyrinx Non-FS data CP/M / CTOS / . Dell Utility BootIt DOS access DOS R/O SpeedStor BeOS fs GPT EFI (FAT-12/16/ Linux/PA-RISC b SpeedStor SpeedStor DOS secondary VMware VMFS VMware VMKCORE Linux raid auto LANstep BBT

When you look at this table, you can see that there are 256 possible identifiers. In general, they are written in hexadecimal because it allows representing 256 different combinations with only two characters. The partition identifier is supposed to be consistent with the contents of the partition, but it's not always correct. It's perfectly possible to install Linux on a partition having its identifier set to 7 which is normally used for NTFS partitions. It's more important to use the right identifier if you want to install Windows. It may refuse to boot if you use the wrong identifier for the partition. Anyway it should be correct if you use a high-level partitioning tool such as parted. This identifier is also very important if it's an extended partition (types 5 and f). If you want to change the identifier of a partition you have to use fdisk, and press "T" in the menu. It corresponds to change a partition's system id Here are the most important identifiers:

7: Normal NTFS (visible Windows partition) 17: Hidden NTFS (hidden Windows partition)

82: Linux swap (linux partition for swap) 83: Linux data (linux partition for data) 8e: Linux LVM (linux partition for LVM) 5: Extended partition (contains logical partitions) f: Extended LBA partition (contains logical partitions)

Example of a typical partition table

Here is an example of a disk where both Linux and Windows are installed. This is the way it looks in fdisk for linux:
Device Boot /dev/sda1 /dev/sda2 * /dev/sda3 /dev/sda5 /dev/sda6 /dev/sda7 Start 1 32 250 250 317 426 End 32 249 783 316 426 783 Blocks 250000 1750000 4289355 538146 879698+ 2871478 Id 83 7 f 83 7 17 System Linux HPFS/NTFS W95 Ext'd (LBA) Linux HPFS/NTFS Hidden HPFS/NTFS

Here is how the same partition table is printed by another tool: GNU Parted
Number 1 2 3 5 6 7 Start 512B 256MB 2048MB 2048MB 2599MB 3500MB End 256MB 2048MB 6440MB 2599MB 3500MB 6440MB Size 256MB 1792MB 4392MB 551MB 901MB 2940MB Type primary primary extended logical logical logical Filesystem ext3 ntfs ext3 ntfs ntfs Flags boot lba hidden

Partition flags
Each partition may also have other attributes, also know as flags:

One partition of the disk may be marked as active/bootable FAT/NTFS may be marked as hidden or visible

The bootable/active flag

The first flag is called either bootable or active. Only one partition of the disk may have this flag. This flag is used to mark the partition that contains the operating system that should be booted when the computer starts using that disk. When the computer starts, the boot code of the MBR is executed. By default the MBR contains the conventional MBR code, which is used to automatically start the operating system which is installed on the partition marked as active. This is the typical situation of a computer when Microsoft Operating-Systems are installed. Other boot managers can be installed in the MBR boot code, such as Grub which is used to start Linux or Windows (or any other Operating-System). These boot managers tend to ignore the bootable/active flag since they have their own representation of the installed systems. You can also install more than one version of Windows on your disk if you have multiple primary partitions. This bootable/active flag can be used to choose which one you want to boot.
The hidden flag

Partitions may be either visible or hidden. In reality the Operating-System can always see the partition of the disk and it can decide to ignore the partitions which are marked as hidden. You can hide a partition if you don't want this partition to be visible under Windows. It can be used to hide data, or to be sure they won't be accidentally removed. You can clear this flag at any time using a partitioning tool such as Parted or fdisk. In reality there is no such flag in the partition table. FAT and NTFS partitions have multiple identifiers so there is one identifier for a visible NTFS partition, and another identifier is used for hidden NTFS partitions. Linux partition don't have such a hidden identifier but that's not a real problem since it's possible to simply not mount a partition if you don't want its contents to be visible.

Disks and partition names

Linux and Windows have different naming conventions for disks and partitions. Here is a description of how disk names are set under Linux:

SCSI and SATA disks are named /dev/sda (first disk), /dev/sdb (second disk), /dev/sdc, ... IDE/PATA disks names used to be /dev/hda (first disk), /dev/hdb (second disk), ... but can also be called sda, sdb, ... RAID arrays use other names such as /dev/cciss/c0d0p1 (HP SmartArray raid controllers)

With traditional msdos/bios partition table numbers 1 to 4 are reserved for primary partitions (an extended partition is a primary partition), and numbers from 5 are used for logical

partitions. Thus there can be a /dev/sda5 (first logical partition inside the extended partition) even if there is no partition called /dev/sda4:
/dev/sda1 is the first primary partition of the disk called /dev/sda /dev/sda2 is the second primary partition of the disk called /dev/sda /dev/sda5 is the first logical partition of the disk called /dev/sda /dev/sda6 is the second logical partition of the disk called /dev/sda

If you are using the GPT disk layout then there is no need for extended partitions, because there can be more than 4 primary partitions. Then partitions are based on normal numbering starting at 1. You can look at the file called /proc/partitions under Linux to see your disks and partitions:
% cat /proc/partitions major minor #blocks 8 0 6291456 8 1 250000 8 2 1750000 8 3 1 8 5 538146 8 6 879698 8 7 2871478 name sda sda1 sda2 sda3 sda5 sda6 sda7

If it's installed you can also use fsarchiver to show the list of partitions with more details:
% fsarchiver probe [=====DEVICE=====] [/dev/sda1 ] [/dev/sda2 ] [/dev/sda5 ] [/dev/sda6 ] [/dev/sda7 ] simple [==FILESYS==] [ext3 ] [ntfs ] [ext3 ] [ntfs ] [ntfs ] [=====LABEL=====] [boot ] [windows-xp ] [linux-data ] [windows-data ] [backups ] [====SIZE====] [ 244.14 MB] [ 1.67 GB] [ 525.53 MB] [ 859.08 MB] [ 2.74 GB] [MAJ] [ 8] [ 8] [ 8] [ 8] [ 8] [MIN] [ 1] [ 2] [ 5] [ 6] [ 7]

Hidden partitions tips

Introduction
Many a time we come into contact with hidden partitions. This write-up gives a brief description of how they work in general. I hide and unhide partitions regularly and believe it can be a useful tool to a Linux user. Certainly knowing how it works and able to detect them would be helpful in any fault diagnostic. Some usages of hidden partitions are given at the end.

How can a partition be hidden?

Every hard disk partition is defined by a partition table of 16 bytes long. Four positions, with a total of 64 bytes, are available in the first sector which is always read if the hard disk has been nominated for booting. These four positions are commonly referred to as the four primaries. Within each primary partition the information kept are: - offset--- (bytes)-- Description -- 0 ------ 1 ----- Boot Indicator (80h = active) -(1 - 3)--- 3 ----- Starting CHS values -- 4 ------ 1 ----- Partition-type Descriptor -(5 - 7)--- 3 -----Ending CHS values -(8 -11)-- 4 ----- Starting Sector -(12-15)-- 4 ----- Partition Size (in sectors

The 5th bytes of a partition table describes the partition ID. The first important point to note is a partition cannot be hidden physically. It is just not recognised by the operating system because its partition ID has been tampered with. The partition ID is just one byte in the partition table. An operating reads this byte, thereby discovers the filing system type and then able to employ the appropriate algorithm to read its content. Changing the partition ID does not alter the partition interior. A modern operating system is clever enough to report errors if the partition ID is found inconsistent with a partition it is asked to mount, so it is reasonably safe to edit the partition ID as long as you use the change for a specific purpose. The tools to edit the partition ID is available in fdisk, cfdisk, sfdisk, Grub and Lilo. Linux officially supports the hidden partitions because they are listed inside the partition types of fdisk, cfdisk and sfdisk.

The commonly observed PC standard on hidden partitions

I have noticed in the early Dos systems a practice already existed for altering the partition ID so that it could not recognised by the operating system with which the partition was originally created. The practice seems to be a commonly observed PC standard involving advancing the partition ID hexadecimal number systematically by 16 steps.

A partition ID is usually specified in hexadecimal in Linux and so the advancement is equivalent of advancing 1 step in the 2nd alphanumeric character since in hexadecimal the first alphanumeric character stores 16 combinations of 0 to 9, then A to F. This advancement is also equivalent to toggling the 5th bit in binary number of the partition ID. A binary number of 1111 is 15 or F in hexadecimal. By toggling the 5th bit we get 11111 in binary and 1F in hexadecimal. Therefore with the partition ID in hexadecimal by advancing the second alphanumeric character by 1 can make the partition magically disappear in the eye of its parent operating system. Here is a list of the commonly used partitions, hide and unhide < bit position>-----ID------Partition type-----------0 0 0 0 0 1 1 1 --- 7 ---- ntfs 0 0 0 1 0 1 1 1 --- 17 --- ntfs (hidden) 1 0 0 0 0 0 1 1 --- 83 --- native Linux 1 0 0 1 0 0 1 1 --- 93 --- native Linux (hidden) 0 0 0 0 0 1 1 0 --- 6 ---- fat16 0 0 0 1 0 1 1 0 --- 16 --- fat16 (hidden) 0 0 0 0 1 1 0 0 --- c ---- fat32 (LBA) 0 0 0 1 1 1 0 0 --- 1c --- fat32 (LBA) (hidden) 1 0 1 0 0 1 0 1 --- a5 --- BSD 1 0 1 1 0 1 0 1 --- b5 --- BSD (hidden) 1 0 1 1 1 1 1 1 --- bf --- Solaris 1 0 1 0 1 1 1 1 --- af --- Solaris (hidden) 0 0 0 0 0 1 0 1 --- 5 ---- Dos extended partition 0 0 0 1 0 1 0 1 --- 15 --- Dos extended partition (hidden) 1 0 0 0 0 1 0 1 --- 85 --- Linux extended partition 1 0 0 1 0 1 0 1 --- 95 --- Linux extended partition (hidden) As always there is an exception to the rule. The Solaris partition is unhide with ID "bf" and hiding it make it into "af". Therefore to hide a Solaris partition in Grub the "unhide" instruction has to be used to toggle its 5th bit from "1" to "0". The above hidden partitions, as far as I am aware, are supported by all the major PC operating systems and nobody uses another convention. You can find them listed in fdisk, cfdisk and sfdisk. With these programs a user hide the partition by altering the partition ID. Interestingly both the Linux boot loader Grub and Lilo also hides or unhides a partition simply by toggling the 5th bit of binary number of the partition ID. Use of hidden partitions

From what I have seen to make a partition hidden is to prevent an operating system from reading it. On the face of it there isnt much application at all apart from the secrecy or security reason. Most of the applications are with booting the MS systems as Linux seldom needs such a facility. The following applications are what I have found hidden partitions useful for. (1) To boot several MS systems in the same hard disk A user can install a MS system, then hide the first one, proceed to install the next system, hide the second and so on until all the four primary partitions are filled. He/she can boot any one by unhiding it. As a MS system treats hidden partitions as foreign and so only the unhidden system is booted, if it is marked active, to the C drive same as it was originally installed. This is the most common method of installing several Dos and Windows together in one hard disk. (2) To manipulate the extended partition as one entity This is a rare application and I havent seen it done when I tried it. I believe it has a potential for Linux. The current SCSI/Sata/IDE/USB disk family allows a maximum of 11 logical partitions inside an extended partition. By hiding the extended partition the entire set of all logical partitions will disappear and the extended partition will be regarded as an unknown primary partition by the operating system. Therefore this unknown primary partition, with a possible maximum 11 logical partitions inside, can be moved to another position bodily by programs like Gparted or migrated to other disk by the command dd, all as one unit. At the new location the partition can be unhidden to given back the full set of logical partitions. Personally I found this application quite useful. (3) To increase the number of logical partitions permitted in a hard disk As an extended partition can be hidden to become an unknown primary partition a user can proceed to create a second extended partition without breaching the PC standard of permitting only one extended partition in a hard disk. Thus another set of 1 logical partition inside, hide the second extended partition can be created. The procedure is repeated until all four primaries are used up. Thus theoretically a maximum of 44 logical partitions can be created in a hard disk with 11 available for operation at any one time if it is unhidden. A SCSI/SATA/IDE/USB hard disk can have 16 device names; 1 for the whole disk sda, 4 for the primaries sda1 to sda4 and 11 logical partitions of sda5 to sda15. Since both Grub and Lilo can hide and unhide partitions so the boot loader is the logical choice to control the availability of the logical partitions. (4) To prevent partition table corruption by installing operating systems potentially incompatible with each other A Unix-like system of BSD or Solaris uses one partition for installation but subdivides it to BSD-subparts or sub-slices. This works satisfactorily in the presence of only primary partitions. However if an extended partition is introduced Linux could complain because the logical partitions must be continuously linked. BSD/Solaris partitions appear to be extended partitions to Linux because of the subdivisions inside. One way to get over this problem is to hide the unwanted partitions when booting any of these systems.

Conclusions
Once the mechanism of a hidden partition is understood a Linux user then realises it is only a simple matter of just altering the ID to the partition by the terminal program fdisk/cfdisk/sfdisk. Equally he/she can be hide or unhide the partition by either Grub or Lilo.