bit-tech.net

Linux acquitted in Samsung laptop UEFI deaths

Linux acquitted in Samsung laptop UEFI deaths

A flaw in Samsung's UEFI implementation, which kills the system if Linux is booted, appears to be exploitable under Windows - acquitting Linux as the culprit.

A bug in the BIOS of selected Samsung laptops which can lead to the device becoming unusable has been found to be exploitable under Windows, acquitting Linux as the culprit.

The flaw was first spotted late last month, when a Samsung laptop owner managed to brick two units in a row simply by booting the open-source Linux operating system on them. Indications pointed to a fault in a specific kernel module within Linux, based on code provided by Samsung itself, which was somehow corrupting the UEFI firmware and thus destroying the device until the firmware was re-flashed using factory equipment.

Originally, it had been thought that the flaw was exclusive to Linux, and could be avoided simply by using an alternative operating system, disabling UEFI or preventing the Samsung laptop kernel module from loading.

That is, until it was discovered that the same bug could be triggered in Windows.

Linux developer Matthew Garrett has posted an updated analysis of the flaw, which includes the news that the UEFI bug can be triggered from within Windows as well as Linux. 'I bricked a Samsung laptop today. Unlike most of the reported cases of Samsung laptops refusing to boot, I never booted Linux on it - all experimentation was performed under Windows,' wrote Garrett. 'It seems that the bug we've been seeing is simultaneously simpler in some ways and more complicated in others than we'd previously realised.'

Garrett's experimentation has narrowed the flaw down to overflowing the UEFI variable storage space, which results in the corruption on Linux when the Samsung kernel module created a crash log for writing to UEFI. The same can be achieved on Windows, Garrett explains, using custom code to write 36 random variables to the same UEFI storage area - causing the same crash, and bricking the laptop.

'This is pretty obviously a firmware bug. Writing UEFI variables is expressly permitted by the specification, and there should never be a situation in which an OS can fill the variable store in such a way that the firmware refuses to boot the system,' Garrett explained. 'We've seen similar bugs in Intel's reference code in the past, but they were all fixed early last year.'

The flaw, then, is more serious than first thought. Microsoft's Windows 8 certification requirements include that there is at least 64KB of storage space available in the UEFI - and with Garrett's sample code triggering the flaw at just 36KB of data written, and the Linux error log at a mere 10KB, there's no guarantee that the flaw can't be triggered just by general use of Windows itself.

'For now the safest thing to do is not to use UEFI on any Samsung laptops,' warned Garrett. 'Unfortunately, if you're using Windows, that'll require you to reinstall it from scratch.'

8 Comments

Discuss in the forums Reply
mi1ez 11th February 2013, 11:55 Quote
Ouch!
mi1ez 11th February 2013, 12:13 Quote
For Samsung I should add... This could hit them hard.
cave_diver 11th February 2013, 15:47 Quote
The CHANCES that this could happen are disgustingly small ... and no one could have predicted it, it just seems that a lot of very unlucky and very unlikely ducklings have all lined up ....

I was going to have a rant about anyone who comes out with "this should have been tested for" .. but all credit to samsung for actively trying to track this down.

And yes, this could hurt ...
fdbh96 11th February 2013, 16:03 Quote
I think there's a slight difference between bricking a laptop just by installing an OS and going out of your way to try to brick it. Its hardly Samsung's fault either, they don't recommend Linux and I doubt they recommend people try to brick their laptops either.
faugusztin 11th February 2013, 16:20 Quote
Quote:
Originally Posted by fdbh96
Its hardly Samsung's fault either, they don't recommend Linux and I doubt they recommend people try to brick their laptops either.

Did you bother to read the article ? Laptop can be bricked by any application which uses the specific UEFI functionality. Can you guarantee that it won't happen with some random application ?

What you say is like if a DVD burner would burn only disk less than 3GB, and if you tried to burn a bigger ISO then it would brick itself. Hey, it burns 2GB disks just right, it is your fault trying to burn a 4.7GB DVD.
Gareth Halfacree 11th February 2013, 16:21 Quote
Quote:
Originally Posted by fdbh96
Its hardly Samsung's fault either, they don't recommend Linux and I doubt they recommend people try to brick their laptops either.
I disagree: Samsung's laptops are Windows 8 certified; Windows 8 certification requires that you be able to write at least 64K to the UEFI variable storage; Samsung laptops die when you write <64K to the UEFI variable storage; therefore Samsung failed to test their laptops according to Microsoft's Windows 8 certification requirements.

The most telling part of Garrett's analysis comes in the news that the same problem - UEFI dying when <64K of variable storage was filled - can be found in early versions of Intel's reference implementation. The inference here being, of course, that Samsung has just snagged an early version of Intel's reference implementation, stuck it in its laptops and considered the job done - failing to spot the later fix from Intel.
Corky42 11th February 2013, 17:21 Quote
Quote:
Originally Posted by cave_diver
The CHANCES that this could happen are disgustingly small ... and no one could have predicted it, it just seems that a lot of very unlucky and very unlikely ducklings have all lined up ....

I was going to have a rant about anyone who comes out with "this should have been tested for" .. but all credit to samsung for actively trying to track this down.

And yes, this could hurt ...

If you call every user of Linux unlucky because of a fault with Samsung laptops they probably wouldn't agree.

I must be missing something in the article as i cant see the part where it says Samsung tracked down the problem, perhaps you care to point it out to me.
mdshann 11th February 2013, 19:23 Quote
Quote:
Originally Posted by Corky42
Quote:
Originally Posted by cave_diver
The CHANCES that this could happen are disgustingly small ... and no one could have predicted it, it just seems that a lot of very unlucky and very unlikely ducklings have all lined up ....

I was going to have a rant about anyone who comes out with "this should have been tested for" .. but all credit to samsung for actively trying to track this down.

And yes, this could hurt ...

If you call every user of Linux unlucky because of a fault with Samsung laptops they probably wouldn't agree.

I must be missing something in the article as i cant see the part where it says Samsung tracked down the problem, perhaps you care to point it out to me.

That's because Samsung didn't track down the problem. A Linux developer named Matthew Garret did. What's interesting to note is that not only does booting Ubuntu brick these devices, showing that they didn't test the 3rd largest desktop operating system on their device at all, it also shows that they didn't properly test to be sure they passed Windows 8 Certification. At the very least they will have to release a firmware fix.

There may even be some issues with Microsoft, as Samsung is labelling these machines as Windows 8 Compatible when they are in fact not fully compatible. It's like the Vista Capable vs Vista Ready fiasco lol
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums