3
QUESTION: What makes a Partition Table recognizable and valid to an operating system? (Linux specifically) ?
Optional Background Info: I thought there was some sort of "signature" that defines a valid Partition Table and if the signature is not found then Linux (or any OS) would just not report partitions?
I'm using a hex editor to inspect seemingly random data (fresh random wipe or encryption of a full drive) and something about it keeps making the drive be recognized as having partitions (sometimes 2, 3 or 4 random sized partitions after it's been wiped or encrypted).
I've inspected bytes 446 through 509 (where the partition table is supposed to be stored; using an index starting from 0) and can't seem to figure out what would make Linux think the partitions are valid --- it's just random data and would have thought it is statistically improbable for a partition to be defined by randomized data written to the MBR.
I've also used GParted partition manager software for Linux to see if it recognizes the partitions and it does not. However, another software and Linux itself does recognize these "partitions". Note: The partitions are of invalid size and don't add up correctly to equal the size of the physical drive and seem to be of random size.
Ken, thanks for your response. So according to this: http://en.wikipedia.org/wiki/Master_boot_record#Sector_layout The "Boot Signature" is 55h AAh in byte positions 510 and 511 (indexed starting at 0). So, what you've said makes sense to indicate whether there is valid boot code to execute. Your mention of the OS trying to interpret the partition table itself regardless of it making sense pretty much coincides with what I was guessing; I'm now on a quest to figure out what Linux specifically is keying off of to think my drive has partitions. Accepting your answer - thank you!
– Mikeweb49 – 2012-12-28T07:24:02.557