Very serious kernel+Intel SPI driver bug...

[BigEasy]

Another one Year of Linux Desktop almost ended. This time together with the firmware/hardware damages.

[CoffeeFiend]

I've steered clear of Lenovo products after it was discovered many of their products were coming prepackaged with known Malware. I almost bought a Lenovo laptop yesterday with the mindset that the Malware wouldn't be an issue since I would be installing Mint. Now, after reading this thread, I think I will continue to steer clear of their products.

[Appoloin]

It now appears this bug/feature might be limited to the Insyde BIOS. If Lenovo can handle this situation right, they could make themselves look like the good guys who got screwed by the nasty supplier. Mistakes happen it's what you do afterwards that matters.

This bug/feature must be affecting other manufacturers as well.

[Bolle1961]

Ubuntu 17.10, a bleeding edge Rolling Release(= not stable LTS)

Ubuntu 17.10 is NOT a rolling release

[michael louwe]

It now appears this bug/feature might be limited to the Insyde BIOS. If Lenovo can handle this situation right, they could make themselves look like the good guys who got screwed by the nasty supplier. Mistakes happen it's what you do afterwards that matters.

This bug/feature must be affecting other manufacturers as well.

.
Canonical has issued a bug fix to the Linux kernel for Ubuntu 17.10 and released a new ISO file for it. But those already affected will still end up with bricked computers. So, the blame lies mainly with the Linux kernel developers, and not the OEMs or Linux distro developers or the users.

It is quite common knowledge among software developers that new kernels can corrupt the BIOS SPI Flash chip of UEFI computers to make it permanently write-protected. ... https://electronics.stackexchange.com/q ... ion-called

[raketti]

Thanks for the info, so basically I'm left with the settings I now have in my BIOS. The odd thing is that I haven't been using Ubuntu, so I'm guessing at some point a kernel verision was patched with the bug included and wrecked havoc in my BIOS - just a guess.

[Appoloin]

Thanks for the info, so basically I'm left with the settings I now have in my BIOS. The odd thing is that I haven't been using Ubuntu, so I'm guessing at some point a kernel verision was patched with the bug included and wrecked havoc in my BIOS - just a guess.

This is new (high risk) code in the 4.13 kernel I doubt it was backported. This problem appears to be limited to the Insyde bios so if you have this bios and 4.13 kernel your affected.

I wonder if there was a Windows version of this driver planned.

[now3by]

Topic name need to be changed because this is not a Lenovo firmware problem this is a Linux kernel / SPI driver problem.

I bet it will not take long until this will become a malware problem in next year.

[thx-1138]

Topic name need to be changed because this is not a Lenovo firmware problem this is a Linux kernel / SPI driver problem.

Done...

[Appoloin]

I bet it will not take long until this will become a malware problem in next year.

Looks like Lenovo agrees with you

copied from launchpad

Code: Select all

The readme for Thinkpad S440 BIOS mentioned by @Tommy is rather interesting:

[Important Fix]
- Security Fix: Intel TA201708-001 for SPI Write status command.
- Add Back Flash Prevention flag for PSIRT-TA-201708-001.

[BigEasy]

Topic name need to be changed because this is not a Lenovo firmware problem this is a Linux kernel / SPI driver problem.

It is not kernel problem. No chip, containing firmware, should be damaged to unrecoverable state from software side. It is clear as hell.

[now3by]

Flash chip it is not damaged at all, it is set in write protected mode by flipping a bit by OS - sw/code.

If you have a external programmer that can program this model of flash memory you can unsolder the flash and set that byte off, then solder back and you solved the problem. The same thing can be done with the sw if you can access SPI and send the right command.

The problem is if laptop manufacturer does not support Linux and sw it is on windows or you can't boot USB/CD then you have to solve this problem or pay for the fix, this is not even covered by warranty.

[BigEasy]

Flash chip it is not damaged at all, it is set in write protected mode by flipping a bit by OS - sw/code.

All you said is: chip, contained firmware, was damaged outside by external software. Chip set in protected mode by software without a way to recover by software. Chip damaged, Karl, because only way to recower is to sold it out then throw out to trash, reprogram new one and sold in back! Last millenium every motherboard has a jumper to reset BIOS to default.

[raketti]

This is new (high risk) code in the 4.13 kernel I doubt it was backported. This problem appears to be limited to the Insyde bios so if you have this bios and 4.13 kernel your affected.

Well, can't remember which kernels I tried back then, the newest I could find from the update manager's list. If I'm not mistaken Mint 18.n. uses Ubuntu 16.04. packages, where 4.13. is available. So could be that I installed that.

[Appoloin]

this is not even covered by warranty.

I'm not sure about that, Lenovo are issuing BIOS updates that mention this bug. They are acknowledge there's bug in their hardware and are fixing it. They can't charge a customer to fix a hardware fault the computer came out of the factory with.

Lenovo, Intel, Insyde should count themselves lucky only relatively small number of systems have been affected, imagine the damage to their reputations and profits if this had been a Windows update.

[now3by]

Lenovo and other play safe now because it is quick, cheaper and easy for them to add in BIOS a routine check that flip this rw/ro bit off/on and release a BIOS update but I doubt they will say that it is a production fault, maybe Intel will even compensate them in a form or other to solve this quick like with AMT update mess.

If you flash your BIOS and operation it is not successfully by any reason you will be out of warranty.
If you mod your BIOS firmware or AMT firmware and brick the board by any reason you will be out of warranty.
In the end it is up to customer support if will cover or not this as a warranty but if they refuse, it will be extremely hard for you to prove in court that this is not your fault because this problem appeared on Linux and it is a unsupported OS for that hw.

Important is to solve this issue quick for supported OS.

[Appoloin]

Topic name need to be changed because this is not a Lenovo firmware problem this is a Linux kernel / SPI driver problem.

It is not kernel problem. No chip, containing firmware, should be damaged to unrecoverable state from software side. It is clear as hell.

There's two bugs here, the first is with Insyde bios's write protection and other is with Lenovo system's inability to recover from a bios corruption. The former is a implementation fault and the latter is a design fault.

[Appoloin]

Important is to solve this issue quick for supported OS.

You forgot to mention quietly. This situation makes everyone involved look bad.

[mr_raider]

Do not really understand why Canonical Inc need to come out with new Ubuntu versions every 6 months which are free of costs. Are they too free with their time.? I think releasing new Ubuntu versions every 2 years should be good enough since the Linux kernels can be upgraded in situ.

Ditto. In my humble point of view, they could instead come up with 1 sole intermediate release, say after 16 months, clearly label it BETA in capital letters & meant for testers, before the eventually final release comes out...

Ubuntu's non LTS releases are beta releases. That is common knowledge IMHO.

[michael louwe]

https://bugs.launchpad.net/ubuntu/+sour ... mments=all

.
Looks like the BIOS corruption in affected computers can be fixed by installing the latest Linux kernel 4.14.8 or .9 ...
https://askubuntu.com/questions/984043/ ... stallation