The following GUID is being used in the Wolf Mountain Group, Inc. Forensic
File System (FFS) for GPT intel EFI partitions. Since there is no central
registry for EFI GUID's it is posted here for referece for folks who may
run accross it on Windows Vista, 2003, and 2008 systems running FFS on
Windows that may be using dual boot with Linux or vmware:
#define PARTITION_FFS_GUID \
EFI_GUID( 0xBEEFCAFE, 0xFEED, 0x0000, \
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01)
Patches to efi.h and efi.c in /fs/partitions will be posted after July 2,
2008 to http://www.wolfmountaingroup.org.
Jeff
On Mon, Jun 23, 2008 at 01:22:26PM -0600, [email protected] wrote:
>
> The following GUID is being used in the Wolf Mountain Group, Inc. Forensic
> File System (FFS) for GPT intel EFI partitions. Since there is no central
> registry for EFI GUID's it is posted here for referece for folks who may
> run accross it on Windows Vista, 2003, and 2008 systems running FFS on
> Windows that may be using dual boot with Linux or vmware:
>
> #define PARTITION_FFS_GUID \
> EFI_GUID( 0xBEEFCAFE, 0xFEED, 0x0000, \
> 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01)
>
>
> Patches to efi.h and efi.c in /fs/partitions will be posted after July 2,
> 2008 to http://www.wolfmountaingroup.org.
So how many 'FFS' filesystems does that make now? Why not ForenFS or
something more unique?
--
Len Sorensen
> On Mon, Jun 23, 2008 at 01:22:26PM -0600, [email protected]
> wrote:
>>
>> The following GUID is being used in the Wolf Mountain Group, Inc.
>> Forensic
>> File System (FFS) for GPT intel EFI partitions. Since there is no
>> central
>> registry for EFI GUID's it is posted here for referece for folks who may
>> run accross it on Windows Vista, 2003, and 2008 systems running FFS on
>> Windows that may be using dual boot with Linux or vmware:
>>
>> #define PARTITION_ForenFS_GUID \
>> EFI_GUID( 0xBEEFCAFE, 0xFEED, 0x0000, \
>> 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01)
>>
>>
>> Patches to efi.h and efi.c in /fs/partitions will be posted after July
>> 2,
>> 2008 to http://www.wolfmountaingroup.org.
>
> So how many 'FFS' filesystems does that make now? Why not ForenFS or
> something more unique?
Done. I will leave the GUID numbers the same in the parted sources and
change the name to "ForenFS" in the source tree and efi.[ch]
Jeff
>
> --
> Len Sorensen
>
[email protected] wrote:
> The following GUID is being used in the Wolf Mountain Group, Inc. Forensic
> File System (FFS) for GPT intel EFI partitions. Since there is no central
> registry for EFI GUID's it is posted here for referece for folks who may
> run accross it on Windows Vista, 2003, and 2008 systems running FFS on
> Windows that may be using dual boot with Linux or vmware:
>
> #define PARTITION_FFS_GUID \
> EFI_GUID( 0xBEEFCAFE, 0xFEED, 0x0000, \
> 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01)
>
You would have vastly less probability of accidental collision if you
generated a proper random GUID, for example:
: tazenda 118 ; uuidgen -r
33ae8a9c-441e-4d97-93a3-8561388ce905
-hpa
>> [email protected] wrote:
>>> The following GUID is being used in the Wolf Mountain Group, Inc.
>>> Forensic
>>> File System (FFS) for GPT intel EFI partitions. Since there is no
>>> central
>>> registry for EFI GUID's it is posted here for referece for folks who
>>> may
>>> run accross it on Windows Vista, 2003, and 2008 systems running FFS on
>>> Windows that may be using dual boot with Linux or vmware:
>>>
>>> #define PARTITION_FFS_GUID \
>>> EFI_GUID( 0xBEEFCAFE, 0xFEED, 0x0000, \
>>> 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x01)
>>>
>>
>> You would have vastly less probability of accidental collision if you
>> generated a proper random GUID, for example:
>>
>> : tazenda 118 ; uuidgen -r
>> 33ae8a9c-441e-4d97-93a3-8561388ce905
>>
>> -hpa
>
Thanks. Good advice. What we really need is someone to maintain a
central registry for UUID generation for EFI and GPT based ID's. Since
drives are getting bigger and bigger, GPT is probably going to be the
standard 5 years from now, so sooner is better than later. I will
regenerate a new UUID using these tools and update the software.
Thanks for the help.
:-)
Jeff
>
>
>
The following GUID is being used in the Wolf Mountain Group, Inc.
Forensic File System (FFS) for GPT intel EFI partitions. Since there is no
central registry for EFI GUID's it is posted here for referece for folks
who may run across it on Windows Vista, 2003, and 2008 systems running
ForenFS on Windows that may be using dual boot with Linux or vmware:
#define PARTITION_FORENFS_GUID \
EFI_GUID(0x83968a41, 0x5fe6, 0x4f9e, \
0x91, 0x11, 0x52, 0xcf, 0x82, 0x8c, 0x51, 0x0a)
As per Peter Anvin's suggestion, uuidgen -r was used to regenerate the
uuid value for the Forensic Filesystem and I have updated the Windows code
base to reflect this change. As per Lennart Sorensen's suggestion, the
FS name has been changed to "ForenFS" to avoid yet another driver named
"ffs".
The following patches, utilities, etc. are being posted to support Linux
accessing these partitions under EFI GPT.
ftp://ftp.wolfmountaingroup.org/pub/parted/parted-1.8.8-forenfs-06-30-08.patch
ftp://ftp.wolfmountaingroup.org/pub/parted/parted-1.8.8-forenfs.tar.gz
ftp://ftp.wolfmountaingroup.org/pub/parted/parted-1.8.8.tar.gz
EFI GPT changes to Linux to detect these partitions are in the attached patch
ftp://ftp.wolfmountaingroup.org/pub/forenfs/forenfs-2.6.18-el5-06-30-08.patch
Jeffrey Vernon Merkey