3

I am distributing some VHD files that I would like the receiver to be able to mount and view the contents of, however I would like the checksum of the VHD file to remain the same after the receiver mounts it and views its contents.

However, by default (at least in Windows, which is the OS that I need a solution for mainly), mounting a VHD through explorer will mount it as writable and the checksum of the VHD will be changed by the mounting procedure.

Marking the VHD file itself as read-only in explorer properties is just a file metadata flag and will not preserve through an online download so this doesn't help.

Using diskpart to set the attributes of the VHD disk when it is mounted with disk attributes set readonly does not persist between unmounting and remounting the VHD.

Is there any other way to make the VHD permanently read only, perhaps some way to make a read-only mark within the VHD file itself that all standard VHD mounting tools will detect and abide by?

mwfearnley
  • 7,172
  • 5
  • 26
  • 38
Tristan
  • 33
  • 4
  • Please edit the question to limit it to a specific problem with enough detail to identify an adequate answer. – Community Jun 03 '23 at 12:40
  • A VHD fileis a virtual machine. You have probably have to encrypt it. – John Jun 03 '23 at 12:45
  • 2
    @John: A VHD file is not a virtual machine. They _can_ contain a virtual machine, but they can just as well be used to contain any other generic disk image, like how Windows lets you create a blank VHD and just use it to store files. (They even use it for the new "Dev Drive" in Win11.) It's the Windows equivalent of the DMG files that macOS apps are distributed in. – u1686_grawity Jun 03 '23 at 12:50

1 Answers1

2

You shouldn't use VHD for this. For a read-only image simply use ISO. Windows already has built-in capability to mount ISO files for a long time

There are many ways to convert a folder to ISO so just burn the VHD's content to ISO file and distribute it

It was claimed that an IMG file can also be used for disc images although I don't know exactly which IMG format is supported and there's no official documentation about that either

Modern Windows also supports other image formats like WIM and FFU. I think they can also be used

When creating a WIM file you can use /CheckIntegrity so that Windows detects issues with the files when mounting. So you can convert the VHD to a WIM easily with a command, for example

Dism /Capture-Image /ImageFile:C:\data\my.wim /CaptureDir:C:\vhd\mounted\path /Name:MyData

You can also use the /Split-Image option to make a read-only image although it won't be a single file

For WIM, this command splits an existing .wim file into multiple read-only split .swm files.

In older Windows you can also use imagex /split to achieve the same

For FFU similarly there's also the /Split-FFU option for a multiple-part read-only image

Anyway if you really want to use a VHD file you can mark each partition in the VHD image read-only. This won't ensure that the signature of the VHD won't change but each volume's content should be basically unchanged

  1. Switch off "automount" by running mountvol.exe /N
  2. Connect disk to Windows (do not mount the disk)
  3. Run diskpart
    1. Enter list volume
    2. Enter select volume X (where X is the correct volume number from the previous command)
    3. Enter att vol set readonly
    4. Enter detail vol and ensure the read-only bit is set

How to make a partition on external storage read-only? And revert to normal?

This works with native Windows filesystems like NTFS or ReFS only

An alternate solution is to create read-only UDF partitions in the VHD image. The UDF formatter in Windows is very limited so you should use a 3rd party solution. For example with mkudffs you can specify --media-type=cd or --media-type=dvd to mark the FS as read-only. Despite being a universal filesystem, making a truly universal UDF on a non-optical medium is tricky so check this for a better script to format UDF

phuclv
  • 26,555
  • 15
  • 113
  • 235
  • Thanks for the answer. Using diskutil to mark the volume of the VHD as readonly seems to persist between unmounts and remounts and the hash of the VHD does not seem to be changing between mounts either. You mention "This won't ensure that the signature of the VHD won't change". Do you have an example where another part of the disk aside from the volume contents would be written to (e.g. GPT header, partition entry) (which would change the hash), even if all I am doing is mounting, viewing and dismounting the disk, or is your statement one of "better safe than sorry"? – Tristan Jun 04 '23 at 17:57
  • I don't know what metadata is written in a VHD, but for example if it logs last opened/closed time then the file will be changed. Besides the VHD image is still writable so one can enlarge it which will change the hash. Users can even subsequently create more partitions inside the VHD image – phuclv Jun 05 '23 at 03:21
  • For my purposes where all I want is the hash not to change when the user treats the file in a read only manner (i.e. Not specifically choosing to change disk attributes on the file or making new partitions, etc.), your solution seems to work. For anyone else reading this question in the future: if you know any situation or reason that a VHD utility (such as the Windows one) would modify the VHD when the volumes are marked as read only, and when the VHD is just being mounted and traversed, please feel free to leave a comment or an answer to help others that are searching for this in the future. – Tristan Jun 07 '23 at 14:07