0

Is there a way to prevent a Windows 10/11 system to access/modify/delete data from a secondary linux drive?

I understand I can encrypt the linux drive, but wouldn't the windows system be still able to see the drive, and a potential malware or ransomware can still destroy the data on it, right?

I would like to use 2 nvme drives for this on a modern platform, something like x570 or z690.

I think this would be an easily solvable problem if I used a sata ssd for the linux system, because then I could easily disconnect it when I'm using windows, but I really like the snappiness of an nvme under linux.

Anyone thinking about virtualising windows under linux, I tried it, and hated it - even with real hardware passed through I wasn't getting the full performance.

Mr. D.
  • 1
  • 1
  • 2
    You might be able to put the drive "offline" in Windows, but unless you physically disconnect it there is nothing stopping some malicious/helpful program in Windows from just enabling it and writing to it. – user Jan 21 '22 at 19:12
  • Or you could cover the write enable tab. – user10489 Jan 22 '22 at 00:21

1 Answers1

0

There is approximately no risk of Windows malware targeting a drive that, so far as Windows can tell, might not even be formatted (there exist Windows drivers for Linux file systems, but none of them are included by default). However, there isn't any way, short of disabling or physically removing the drive, to prevent Windows from seeing it's presence and being potentially able to interact with it.

Disabling it might actually be your best bet, if you're willing to put the time in every time you switch OSes. High-end motherboards such as the ones you're considering generally support disabling individual drives in firmware. It'll add a fair number of clicks and a considerable amount of time every time you want to switch from Linux to Windows or vice-versa, but it's an option that probably doesn't break anything but that Windows can't override.

CBHacking
  • 40,303
  • 3
  • 74
  • 98
  • I can confirm that on my asrock x570 board there isn't an option like that for nvme drives, only for sata. For the z690, I don't own one yet. – Mr. D. Jan 22 '22 at 12:20
  • Oh dear, that's unfortunate. My MSI x570 board lets me disable the M.2 slots individually. It might be under PCIe control (since that's what NVMe actually is)? – CBHacking Jan 22 '22 at 22:49
  • I have checked all the settings, and there isn't any that disables the nvme drives. Wouldn't setting a password for the linux drive in BIOS prevent windows from doing anything with the drive? – Mr. D. Jan 23 '22 at 19:56