GPT or GUID Partition Table is a modern partitioning scheme that came into use after MBR ( Master Boot Record ) which was used since the early 1980s. It offers numerous benefits over MBR and is now being used explicitly in every computer system.
But before getting a deep dive into this partitioning scheme we will have to understand why these partitioning schemes are used.
What Do GPT and MBR Do?
GPT and MBR are two different ways of storing data in a partition table. You can also call them partition schemes ( like me π ). These are the first sectors of any computer hard disk.
They tell the computer how the hard disk is partitioned and how to load the Operating system.
But GPT has MBR support for old systems that rely on MBR and doesn’t understand GPT at all ββ
Learn more about MBR: What is MBR, itβs Working and Hacking !!
History of GPT
MBR (Master Boot Record) used to be the default partitioning layout for storage devices. However, as technology developed and the demand for greater storage capacities increased, Letβs just say MBR had to go away.
It only permitted four primary partitions and had a 2-terabyte maximum partition size. GPT (GUID Partition Table), which addresses these issues, was introduced.
GPT had a number of benefits over MBR. It permitted substantially more partitions and offered greater partition sizes of up to 9.4 zettabytes (up to 128).
Additionally, GPT offered higher data integrity, increased data redundancy, compatibility with both traditional BIOS, and many more.
Advantages of using GPT
You already know that GPT was a successor of MBR so it had to come up with multiple features that MBR did had like
- Supports more partitions per drive ( 128 partitions )
- Increased volume per partition ( 9.4 zettabytes )
- Have Protective MBR
- Support for drives larger than one billion terabytes. π€―
- Compatible with UEFI and BIOS Legacy
Additional features of GPT
In addition to these GPT also offer some great additional features that solved many data storage problems.
Data Redundancy
Redundancy and greater dependability are provided by GPT, which includes a backup of the partition table at the disk’s end. By using the backup to restore the partition information if the primary partition table is corrupted or damaged, the risk of data loss is decreased.
Improved Data Integrity
The integrity of the partition table is checked by GPT using cyclic redundancy check (CRC) values. This aids in error detection and prevention, assuring the accuracy and consistency of the partition information.
Enhanced Security
To validate and preserve partition information, GPT enables the use of cryptographic hashing algorithms like SHA-256. This feature strengthens the system’s overall security by preventing unauthorized changes to the partition table.
Structure of GPT
Below you can see the GUID partition Scheme structure.
In case you are getting a head Ace seeing the above structure you can see the simple one below. π
Simple Structure of GPT ( GUID Partition Scheme )
| Protective MBR |
| GPT Header |
| Partition Entry Array |
Actual Partition 1,2,3,4 ….. 128 |
| Backup Partition Entry Array |
| Backup GPT Header |
1. Protective MBR
It is a safety feature that safeguards the newer GPT (GUID Partition Table) disks from accidental modifications by older systems. Reserves a small space at the start of the disk, Protective MBR preventing older systems from interfering with the GPT partitioning information. This ensures the integrity of the GPT disk when used with legacy systems.
2. GPT Header
The header provides essential information about the disk and partitions. It includes details such as the disk’s unique GUID, the location and size of the partition entry array, and a CRC32 checksum for integrity validation.
You can say that the GPT header tells that the disk is formatted in the GPT partition scheme. It includes details of
the 3rd sector of the GPT, Partition Entry Array ( eg. start and end address of partitions, no of partitions, etc ).
3. Partition Entry Array
Simply put it includes the details of individual partitions. For example, you have three partitions named par1, par2, and par3. The partition Entry array will contain information like the name of the partition, size of each partition, Start and End location of each partition, etc.
4. Actual Partition
This is the area of the hard disk that contains your actual partition. This means this area contains the actual data you wrote to each of your partitions.
5. Backup Header and Array
GPT includes a backup of the Header and Entry Array to maintain the safety and security of your data in case of any data loss or corruption of the original Header and Array.
Hacking into GPT
Till now we know what GPT is, and how we implemented it in our modern computers and replaced MBR. Now it’s time to get serious. MBR was vulnerable to many hacking technics like Malware programs, boot code injections, etc.
So it’s important to know if GPT is secure enough to protect us from these mind-boggling hacking techniques
Is GPT vulnerable to Boot sector Viruses?
Boot sector viruses infect the boot sector of a storage device, but GPT does not have a boot sector and is not vulnerable to these viruses.’
Bootkits and Malware Attacks on GPT
GPTs use logical block addressing (LBA) in place of the historical cylinder-head-sector (CHS) addressing. The protective MBR is stored at LBA 0, and the GPT header is at LBA 1.
The GPT header has the address to the partition table itself, located at a logical block address (LBA) specified in the header.
Due to Logical Block Addressing, no bootstrap, and the new way of storing the boot configs, There is no Boot Sector in GPT. Instead, GPT has an EFI system partition ( ESP ), it contains a bootloader but you can’t access it normally making it much more secure. That is why GPT is very much none vulnerable to Bootkits and Malware programs that might inject malicious code into a boot sector of a hard disk.
Attention ββ I said that GPT is very much none vulnerable to Bootkits and malware because…
Everything is 100% secure until someone finds a way to brakes into it !!
