___________

T O R E S EARCH A N D I N V E S TIGATE
MODER N P ARTITIO N T A B LE S
V E R S U S LEGACY METHODS

1
Contents

1 Introduction

2 Master Boot record (MBR)

2.1 Advantages
2.2 Disadvantages
2.3 MBR Security implications
2.3.1 Partition Count
2.3.2 Redundancy Problem

3 GUID Partition Table (GPT)

3.1 Advantages
3.2 Disadvantages
3.3 GPT Security Implications
3.3.1 Secure Boot
3.3.2 Data Integrity
3.3.3 UEFI support

4 Comparison of the Technical Similarities and Differences of MBR and GPT

4.1 Creating Partition On MBR
4.2 Creating Partition On GPT

5 Analyzing and comparing Both Partition Style

6 Windows 10/11 Boot process more Secure using GPT compared to MBR

7 Conclusion

1 INTRODUCTION
This course report is the result of a study performed in the module "Fundamental of security
Technology" on the topic of researching, comparing, and investigating the Modern partition
tables versus legacy methods. As the title suggests, this report is an introduction to Partitioning
which takes place on a computer Hard disk. Firstly, you can see a small explanation on

2
Partitioning, partition table, and Bootstrapping. The main concept of this technical report is to
demonstrate practical experiment based on two different types which are Master boot record
(MBR) and GUID partition table (GPT). More to that you will see the architecture, advantages,
disadvantages, analysing and comparing both partition Methods.

Partitioning:
Partitioning means splitting one physical hard drive or SSD into several different logical drives
or volumes that your operating system will treat as, if they were separate physical drives, each
volume on a partitioned disk has its own drive letter you know like c or d folder structure and
can also be formatted even with different file systems without affecting your other partitions.
Partitioning allows you some functionality like setting up a hidden partition with no volume letter
assigned, which is mainly used for recovery purposes. In case any files or data gets deleted
you can recover from that hidden partition disk.

What is a Partition?
Partitions are nothing but creating multiple storage division in a hard disk of computer. Basically,
there can be one or more primary and extended partitions. They are used for a variety of
purposes, the most obvious being the usage of several operating systems during the boot
process. Multiple operating systems are frequently placed on separate partitions because they
may have the same file structure or even files that can lead to conflicts or because they have
another file system.

Partition Table:
A Partition table refers to the 64-byte data structure that holds all hard disk partition details. In
general, dividing the disk into numerous partitions allows for alternative file systems to be
utilized on each segment. The partition table identifies the kind and location of each partition
on the disk. The computer uses one of these partitions, labelled as an active partition, to carry
on the booting process.

Bootstrapping:
A bootstrap process is one in which an easy and basic procedure is utilized to help in the loading
of a larger and more necessary computer program. It is an object of code that runs that is in
charge of loading the operating system into computer memory. The Bootstrap code location
oversees locating the active partition by scanning the partition table and grabbing the first sector
inside this active partition. After scanning the active partition, a copy of the boot sector is put
into memory to begin directing the booting process.

3
 2 MASTER BOOT RECORD (MBR):
MBR is a small piece of code that's located at the very beginning of your hard drive it's only
512 bytes in size exactly one sector of space the MBR is divided into three main parts. The first
446 bytes of the MBR are reserved for the bootloader code which is responsible for loading the
operating system into memory and starting its execution partition table. The next 64 bytes of
the MBR are reserved for the partition table which describes the location of the individual
partitions. The last part is reserved for booth signature, which is two-byte value that indicate

MBR Structure
that the MBR is valid and can be used to boot the system for valid MBR (it has a value of
0x55AA)

2.1 Advantages:
i. MBR is widely supported by a wide range of operating systems as well as older hardware
platforms.
ii. MBR is suitable with both BIOS and UEFI-based computers, and it is a legacy type
partitioning system.
iii. Another good part of MBR is it also works on older versions of Windows, DOS and few
more operating systems.

iv. It allows one primary partition to be specified as active, which is used to boot the operating
system. Well, this simple way is very advantageous in situations where specific boot
configurations are required, which is also easy to understand and manage [1].

4
 2.2 Disadvantages:
i. It can only have Limited partition count to 4 and also limited disk size up to 2 terabytes
(TB).

ii. Basically, MBR does not have any security features built-in, which can be vulnerable to
malware attacks.

iii. In MBR the procedure gets a bit complicated for the user who is not familiar with this MBR
partitioning. And its technique can be difficult to handle large partitions.

2.3 MBR Security Implications:

2.3.1 Partition Count:

MBR is restricted in the number of partitions that it can support due to these restrictions.
Utilizing extended partitions and logical partitions within those extended partitions is a standard
method for getting around this constraint. Nevertheless, this adds complexity, which increases
the potential for security issues. For instance, the management of many partitions might raise
the likelihood of incorrect setups or security flaws [2].

2.3.2 Redundancy Problem:

The partition table does not receive any redundancy or checksum support from the MBR. It is
possible for the master boot record (MBR) or the partition table to become corrupt, which can
result in the loss of data or a violation of the integrity of the system. It is possible for malicious
software or hardware failures to attack the MBR, which will result in the system being unable
to start.

3 GUID Partition Table (GPT):

Basically, GUID Partition Table was developed to replace BIOS and is a component of UEFI
(Unified Extensible Firmware Interface), an interface specification that governs exchange
between firmware and operating systems during the boot process. The construction of GUID
partition table is broken down into four sections. The foremost first position is the protective
MBR. Secondary comes the GPT header and its table. Then comes the partitions entries which
are created on the storage space. The last one is secondary GPT which is also a mirrored
sequence of the partition entries for backup purposes.

5
 GPT Structure

3.1 Advantages:

i. The disk sizes in GUID partition Table supports more than 2 terabytes(TB).

ii. For SSDs and large hard drives with high-capacity storage devices GPT are the perfect one
to use.

iii. It is also compatible with modern UEFI systems.

iv. There can be up to 128 partitions which GPT supports on a single disk.

v. GUID Partition Table saves several copies of the partition table across the disc, which
improves data integrity. Whenever the original copy becomes corrupted, the system may
rely on all of the other copies, lowering the chance of data loss.
vi. In GPT the security features are better than MBR and also supports to secure
boot with the help of UEFI (Unified Extensible firmware Interface).

vii. One of the major benefits of GPT is it supports all types of new modern operating systems,
which have an standard partitioning scheme.

3.2 Disadvantages:

i. By this Method of partitioning, it does not fully support the older systems.

ii.It is more complex to understand as compared to MBR.

iii. In GPT, Data recovery cannot be done with every tool. It requires some
specialized tools for data recovery from a disk.

6
As a Comparison of GPT and MBR on the criteria of advantages and
disadvantages, GUID partition table has more advantages over Master boot
record especially in the terms of bigger disk support, more security features such
as secure boot, recovering data, better data integrity and easy partitioning way.
But the overall decision between GPT and MBR should be selected on the
system’s particular needs, requirement, and complexity of disk configuration.

3.3 GPT Security Implications:

3.3.1 Secure Boot:

GPT is frequently utilized in conjunction with UEFI firmware because of Secure Boot's
support. Secure Boot helps to reduce the likelihood of malicious software being installed
during the boot process by ensuring that only bootloaders and operating system components
that have been digitally signed and verified are loaded [3].

3.3.2 Data Integrity:

Due to the presence of redundancy and checksums in the partition table, GPT provides
superior protection for the data. This assists in detecting and recovering from corruption
brought on by a variety of sources, such as malicious software, hardware defects, and human
mistakes.
3.3.3 UEFI Support:

UEFI firmware, which is frequently used in conjunction with GPT, offers supplementary safety
functions like Secure Boot, support for TPM (Trusted Platform Module), and more complex

7
hardware-based safeguards. These enhancements strengthen the system's defenses against
assaults that occur at boot time.

4 Comparison of the Technical similarities and Differences of

MBR and GPT:
In this part we will be demonstrating a practical experiment by creating Two different partitions,
extracting partition table and analyzing based on both Master Boot Record (MBR) and GUID
Partition Table (GPT).

4.1 Creating partition on MBR:

To create two different partitions on MBR, I will be using a USB Drive of 16GB.
The first partition will be formatted with NTFS (file system) and named with my First name which
is “Suhail” by using sector size of 8k.
The second partition will be formatted with exFAT (file system) and named with my last name
“Javeed” by using sector size of 64k.

The partition’s will have same size of my student id’s last 3 digits.

My ID = w20281449 - so it is 449 or 450Mb

But rounding off and closer ending which 450, will be the size of those both partitions in
Megabytes (Mb). The below picture will show the details of created partitions,

Once the partitioning is completed, to save and extract the MBR configuration, I will be using
dd command in a Linux platform.

# dd if=/dev/sdb of=sdb bs=512 count=1.

(Here the created partition is at the location of “sdb1” and “sdb2”)

8
After configurations are done, partition table will be created accordingly. You can see the Table in the
below picture.

9
This the MBR partition table that I retrieved from the experiment.

MBR Partition – Overview:

So firstly, the partition table is searched for any available partitions or to check where the exact partition
1 and 2 is in that table. Using Hex, the location of partitions 1 and 2, I created is shown and marked in
the below figure;

(Hex - 0 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 )

Partition 1: 00 20 21 00 07 7e 05 39 00 08 00 00 00 10 0e 00

Partition 2: 00 7e 06 39 07 db 29 72 00 18 0e 00 00 10 0e 00

10
Partition 3: ……. empty……

Partition 4: ……. empty……

Partition 1

Partition 2

The Partition Table:

The MBR table contains 4 entries with a 64-byte structure. (Also you can see in the above figures) Each
partition will be 16-bytes.

As I have created both the partition with same size but with different file system (NTFS and exFat) So
taking our both partition 1 and 2 as example, we will have an brief overview (to have a knowledge about
each byte information) on the byte range and its description in the below table;

From MBR Partition table:

Contents byte range or Relative offsets Description
(partition 1,
partition 2)
Boot Indicator 0 -Indicating inactive partition
(00 for inactive, 80 for active)
(00)
(00)

11
 Starting CHS values 1-3 It shows the starting sector of
the partition in Cylinder Head
(20 21 00 ) Sector values.

(7e 06 39 )
Partition Type 4 -It shows the partition type or
(file system) ID. Value (07) indicates to NTFS
(07) file system.
(07)
-Even for exFat the value is
same (07).
Ending CHS values 5-7 Represent the ending sector of
the partition in Cylinder head
(7e 05 39) sector.

(db 29 72 )
Starting sector 8 – 11 It indicated the starting sector
of active partition.
(00 08 00 00)

(00 18 0e 00)
Partition Size 12 - 15 It shows the partition
size(450mb) in sectors in HEX
(00 10 0e 00) for both partitions.

(00 10 0e 00)

Converting Partition size from HEX to Decimal:

As I already mentioned above, I created both partition size of 450mb. And, the byte range (00 10 0e 00)
is the same. So, the calculations part is done the same for Partition 1 and partition 2 together.

From the above table as we know the byte range from 12 – 15 is the partition size.
In Hex it is;
00 10 0e 00 - This is in Little endian format.
Once we convert to Big endian 00 10 0e 00 becomes 00 0e 10 00.

So converting this 00 0e 10 00 to decimal,

value = 160 * 0 + 161 * 0 + 162 * 0 + 163 * 1 + 164 * 14 + 165 * 0 + 166 * 0 + 167 * 0

12
 = 0 + 0 + 0 + 4096 + 917504 + 0 + 0 + 0
= 921600 sectors.

Value in bytes = 921600 * 512

= 471859200 bytes.

To show the exact size of the partition in Mb, =

471859200 ÷ 1024 = 460800gb.
= 460800 ÷ 1024

=450Mb.

4.2 Creating partition on GPT:

To create two different partitions on GPT, I will be using a USB Drive of 16GB.

So from converting the USB drive from MBR to GPT partition style, I did this by writing following
command in Command prompt of windows as shown in the below figure,

13
The first partition will be formatted with NTFS (file system) and named with my First name which
is “Suhail” by using sector size of 8k.

The second partition will be formatted with exFAT (file system) and named with my last name
“Javeed” by using sector size of 64k.

The partition’s will have same size of my student id’s last 3 digits.

My ID = w20281449 - so it is 449 or 450Mb

But rounding off and closer ending which 450, will be the size of those both partitions in
Megabytes (Mb).

The below picture will show the details of created partitions and the partition style which is
GUID partition Table(GPT).

14
Once the partitioning is completed, to save and extract the MBR configuration, I will be using
dd command in a Linux platform.

# dd if=/dev/sdb of=sdb bs=512 count=1.

(Here the created partition is at the location of “sdb1” and “sdb2”)

15
After configurations are done, partition table will be created accordingly. You can see the Table in the
below picture.

5 Analyzing and comparing both partition style:

16
By demonstrating both the partition style (MBR – GPT) examples and analyzing it I would say
that GPT has better features, advantages etc. compared to MBR in few many ways. The Main
thing I like about GPT is its backup partition sector, even incase of data loss it can be recovered
[4].

Also, an Overall Simple comparison about both the Disk Style is explained by flow diagram
below,

17
6 Windows 10/11 boot Process more Secure Using GPT
compared to MBR:

The GPT system provides several security features to Windows 10/11 operating systems as
compared to MBR. It enables a more secure and robust boot process. We discuss some of the
points here:

1. The GPT system is one of the key parts of the UEFI systems with some advanced
features. The secure boot failure feature is provided by the UEFI firmware, that ensures
only authenticated boot loaders can be used for the boot process.

2. The GPT system provides protection against boot sector viruses like partition table and
backup GPT. The MBR system does not provide such features. Therefore, new
operating systems are more inclined towards the GPT system.

3. Large data storage is one of the demanding requirements these days. The GPT can
provide this facility to support large disk sizes, therefore windows 10/11 are equipped
with GPT system.

4. It provides protection against accidental data overwriting.

5. It is more compatible with modern hardware as well.

6. GPT partitions are aligned on 1MB boundaries by default.

7 CONCLUSION:

In this task, we perform comparative analysis of MBR and GPT partitioning methods. We discussed
advantages and disadvantages of both partitioning methods and highlighted some security
implications of these methods. Moreover, we performed some practical work by creating partitions

18
 on 16 GB USB memory sticks with MBR and GPT methods. We created two partitions with each
method, first partition is with 8K sector size, second partition with 64K sector size. Moreover, we
formatted these created partitions by exFAT and NTFS systems. In the last, we also discussed why
the GPT method is being used in advanced operating systems like Windows 10/11. There are some
important features in GPT method that make it more reliable and secure than the MBR method.

References:
[1] s. mugerwa, "dignited," 04 06 2023. [Online]. Available: https://www.dignited.com/27977/difference-gptvs-
mbr-uefi-vs-bios/. [Accessed 04 11 2023].

[2] R. Awati, "Whatis.com," 7 08 2021. [Online]. Available:

https://www.techtarget.com/whatis/definition/Master-Boot-Record-MBR. [Accessed 04 11 2023].

[3] B. Lutkevich, "TechTarget," 11 06 2020. [Online]. Available:

https://www.techtarget.com/searchenterpriseai/definition/GPT-3. [Accessed 04 11 2023].

[4] B. Nauta, "Bootloaders-an introduction," https://www.researchgate.net/profile/Barry-Nauta/publication,

2008.

19
20