Samsung Laptop Bug Is Not Linux Specific

First time accepted submitter YurB writes "Matthew Garrett, a Linux kernel developer who was investigating the recent Linux-on-Samsung-in-UEFI-mode problem, has bricked a Samsung laptop using a test userspace program in Windows. The most fascinating part of the story is on what is actually causing the firmware boot failure: 'Unfortunately, it turns out that some Samsung laptops will fail to boot if too much of the [UEFI] variable storage space is used. We don't know what "too much" is yet, but writing a bunch of variables from Windows is enough to trigger it. I put some sample code here — it writes out 36 variables each containing a kilobyte of random data. I ran this as an administrator under Windows and then rebooted the system. It never came back.'"

memo to hardware producers

[RichMan]

Embrace Linux as an additional test suite for your hardware.

Re:memo to hardware producers

Add that script to the payload malware usually carries, and spread it around, a few thousands bricks later, the negative publicity is sure to kill this whole UEFI thing, or at least force the hardware makers to include linux in their testing.

Re:memo to hardware producers

[msauve]

"a portion of this UEFI space is being used to keep a non-volatile copy"

The UEFI doesn't require the use of battery backed RAM ("the implementation of variable storage is not defined in this specification, variables must be persistent in most cases."), so such use can be expected end up making all the EEPROM based ones fail at some point. Doing frequent updates to EEPROMs isn't a good idea.

Re:memo to hardware producers

[marcello_dl]

"Embrace linux" requires not much of an effort. That's why PC that were made before linux got popular happily run it.
"Don't throttle linux" fits more the situation, IMHO.

Re:memo to hardware producers

You probably didn't get the parent comment. If someone can brick a laptop using a simple hack within Windows, then Samsung (at least) better prepare their stock because it's gonna be an RMA nightmare very soon. And that's probably good for the anti-UEFI side

Re:memo to hardware producers

[xaxa]

Except these days malware is used more for profit (e.g. botnet construction) than random mayhem, and to do that you need to keep the host you just pwned alive.

Perhaps put it in as a failure mode if the bot can't contact its server. That might dissuade the police from disabling the command server.

Re:memo to hardware producers

It's because UEFI was designed to be a DRM-based operating system that sits on your hardware and underneath your actual operating system (Linux/Windows).

Have you ever actually looked at the fucking UEFI spec. It's a hideous nightmarish festival of complexity - the vast majority of which serves no purpose OTHER THAN TO seal the hardware for DRM purposes.

The whole boot process, from a technical point of view, would have benefited from simplicity (indeed, Microsoft used to say "we don't need no stinking BIOS" - this was pre-DRM relevation circa 1999 by Billy Gates).

UEFI ignored all that because its goal isn't simplicity and reliability. It's control and DRM.

Re:Unlimited Supply of Laptops?

[mjg59]

30-day hassle-free return policy.

OS boot entries are in NV storage

[AdamRosas]

So installing too many operating system will result in a brick, Windows in particular uses a lot of NV storage for it's boot entry, be careful when using BCDEDIT.exe...

Free Laptops?

These guys are intentionally trying to brick their laptops? I understand what they're trying to do, but don't they care about their money going down the drain, or are they getting free laptops from Samsung somehow?

Re:Extortionist Heaven

[Deliveranc3]

Just guessing from experience with Koreans, but... chances are they followed Microsoft or Intel specifications properly. Other companies probably just copied a binary and use it as a black box.

Re:Does windows crash if it has 0 temp space or 0

[GigaplexNZ]

That's often a case of running out of desktop heap rather than handles.