6

I am distributing some VHD files that I would like the receiver to be able to mount and view the contents of, however I would like the checksum of the VHD file to remain the same after the receiver mounts it and views its contents.

However, by default (at least in Windows, which is the OS that I need a solution for mainly), mounting a VHD through explorer will mount it as writable and the checksum of the VHD will be changed by the mounting procedure.

Marking the VHD file itself as read-only in explorer properties is just a file metadata flag and will not preserve through an online download so this doesn't help.

Using diskpart to set the attributes of the VHD disk when it is mounted with disk attributes set readonly does not persist between unmounting and remounting the VHD.

Is there any other way to make the VHD permanently read only, perhaps some way to make a read-only mark within the VHD file itself that all standard VHD mounting tools will detect and abide by?

mwfearnley
  • 7,889
Tristan
  • 63

1 Answers1

4

You shouldn't use VHD for this. For a read-only image simply use ISO. Windows already has built-in capability to mount ISO files for a long time

There are many ways to convert a folder to ISO so just burn the VHD's content to ISO file and distribute it

It was claimed that an IMG file can also be used for disc images although I don't know exactly which IMG format is supported and there's no official documentation about that either

Modern Windows also supports other image formats like WIM and FFU. I think they can also be used. For details you can checkout What is the most efficient, native way to image a Windows partition?

When creating a WIM file you can use /CheckIntegrity so that Windows detects issues with the files when mounting. So you can convert the VHD to a WIM easily with a command, for example

Dism /Capture-Image /ImageFile:C:\data\my.wim /CaptureDir:C:\vhd\mounted\path /Name:MyData

You can also use the /Split-Image option to make a read-only image although it won't be a single file

For WIM, this command splits an existing .wim file into multiple read-only split .swm files.

In older Windows you can also use imagex /split to achieve the same

For FFU similarly there's also the /Split-FFU option for a multiple-part read-only image

Anyway if you really want to use a VHD file you can mark each partition in the VHD image read-only. This won't ensure that the signature of the VHD won't change but each volume's content should be basically unchanged

  1. Switch off "automount" by running mountvol.exe /N
  2. Connect disk to Windows (do not mount the disk)
  3. Run diskpart
    1. Enter list volume
    2. Enter select volume X (where X is the correct volume number from the previous command)
    3. Enter att vol set readonly
    4. Enter detail vol and ensure the read-only bit is set

How to make a partition on external storage read-only? And revert to normal?

This works with native Windows filesystems like NTFS or ReFS only

An alternate solution is to create read-only UDF partitions in the VHD image. The UDF formatter in Windows is very limited so you should use a 3rd party solution. For example with mkudffs you can specify --media-type=cd or --media-type=dvd to mark the FS as read-only. Despite being a universal filesystem, making a truly universal UDF on a non-optical medium is tricky so check this for a better script to format UDF

phuclv
  • 30,396
  • 15
  • 136
  • 260