Slashdot Mirror

← Back to Stories (view on slashdot.org)

Matthew Garrett Has a Fix To Prevent Bricked UEFI Linux Laptops

Posted by timothy on from the and-it-can-be-yours-for-free dept.

hypnosec writes "UEFI guru Matthew Garrett, who cleared the Linux kernel in Samsung laptop bricking issues, has come to rescue beleaguered users by offering a survival guide enabling them to avoid similar issues. According to Garrett, storage space constraints in UEFI storage variables is the reason Samsung laptops end up bricking themselves. Garrett said that if the storage space utilized by the UEFI firmware is more than 50 percent full, the laptop will refuse to start and ends up being bricked. To prevent this from happening, he has provided a Kernel patch."

49 of 74 comments (clear)

  1. more than 50 per cent full = fail is bad by Joe_Dragon · · Score: 5, Insightful

    more than 50 per cent full = fail is bad and Samsung needs to come out with a bios update to fix that.

    1. Re:more than 50 per cent full = fail is bad by SuricouRaven · · Score: 3, Interesting

      Something like this should never have gotten through testing. Samsung must have tested using only a single OS or a closely related family (ie, Windows) - and that is no way to test if a piece of code is going to behave under all circumstances.

    2. Re:more than 50 per cent full = fail is bad by broken_chaos · · Score: 4, Insightful

      They didn't even test the UEFI nvram (not a partition) filling up. If they had, they would have seen that, oh, wow, it bricks the laptop entirely.

    3. Re:more than 50 per cent full = fail is bad by Goaway · · Score: 3, Funny

      Remember, if Apple hasn't done anything wrong, you can take something somebody else did, and pretend they did it even worse! That's how evil Apple is!

    4. Re:more than 50 per cent full = fail is bad by Goaway · · Score: 2

      I can't help but notice a complete and utter lack of anything resembling facts in your post.

    5. Re:more than 50 per cent full = fail is bad by ais523 · · Score: 4, Informative

      The same bug can brick Samsung laptops on Windows too. It's just that it was noticed on Linux first.

      --
      (1)DOCOMEFROM!2~.2'~#1WHILE:1<-"'?.1$.2'~'"':1/.1$.2'~#0"$#65535'"$"'"'&.1$.2'~'#0$#65535'"$#0'~#32767$#1"
    6. Re:more than 50 per cent full = fail is bad by Impy+the+Impiuos+Imp · · Score: 2

      We've put error logging in our products, and had an upper limit on how much data it could write, then started a circular buffer, then beat the hell out of it to make sure it ran fine.

      So, too, for basically any data storage. This was just sloppy on somebody's part.

      --
      (-1: Post disagrees with my already-settled worldview) is not a valid mod option.
    7. Re:more than 50 per cent full = fail is bad by fuzzyfuzzyfungus · · Score: 4, Insightful

      It was probably very well intentioned - to avoid the UEFI partition becoming full and causing errors.

      Are you not seeing the insanity of avoiding errors caused by being 100% full by bricking the device at 50% full?

      More broadly, for what possible reason would Samsung handle UEFI storage in such a fucked-up way? How many decades now have we had computers with some sort of mass-storage device that had to be treated sanely?

    8. Re:more than 50 per cent full = fail is bad by fuzzyfuzzyfungus · · Score: 1

      Something like this should never have gotten through testing. Samsung must have tested using only a single OS or a closely related family (ie, Windows) - and that is no way to test if a piece of code is going to behave under all circumstances.

      Something like this should never have gotten through design. "Oh, I'm sure nothing will actually try to store nearly as much data in the nonvolatile storage region as the system offers to store, it'll be fine!" is Not a valid plan. Obviously, any finite storage device cannot fulfill arbitrary storage demands; but that's why you have a graceful way of saying 'sorry, no more space', rather than silently accepting the attempt and then falling over dead.

    9. Re:more than 50 per cent full = fail is bad by ilsaloving · · Score: 1

      Unfortunately you've already got +5 insightful so I can't mod you +1 funny. Unless you weren't trying to be funny, in which case I'd mod you +1 ironic.

      (Hint to people who don't get it: UEFI is a replacement to BIOS. There's no such thing as a 'BIOS' with UEFI.)

    10. Re:more than 50 per cent full = fail is bad by davester666 · · Score: 2

      You obviously aren't working on a product that is sold with no margin.

      --
      Sleep your way to a whiter smile...date a dentist!
    11. Re:more than 50 per cent full = fail is bad by Chrisq · · Score: 1

      Remember, if Apple hasn't done anything wrong, you can take something somebody else did, and pretend they did it even worse! That's how evil Apple is!

      How dare Apple flame my comments like that!

    12. Re:more than 50 per cent full = fail is bad by Hal_Porter · · Score: 1

      Get back in the cattle truck, Apple apologist!

      --
      echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
    13. Re:more than 50 per cent full = fail is bad by ZiggyM · · Score: 2

      There is probably a good reason for not allowing more than 50% full. For example assuming the firmware never gets larger than 50%, you have the other 50% as guaranteed space to write the new firmware version. Simply patching firmware is dangerous because of a power failure leaving you in the middle of the patch. Instead, you write the entire new version on the other 50% and then jump to the new firmware without possibility of partial writes. Of course, the bricking part is not the best way to handle it.

  2. That's great, but can they be fixed once bricked? by John+Hasler · · Score: 2

    n/t

    --
    Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
  3. Re:problem fixed? by cheater512 · · Score: 3, Informative

    No the bricked laptops are still bricked. This just stops more laptops from falling to the same bug.

  4. Re:Bad Unified Extensible Firmware Interface...or? by Sir_Sri · · Score: 4, Interesting

    ---The UEF Interface seems to work just fine with Win OS and iOS. How is that a bios problem?

    Samsungs implementation of UEFI is the problem, not the UEFI specification. No, it's not a 'bios' problem, UEFI replaced bios, but Samsung seems to have done something odd in their implementation of UEFI.

    "---Gee wonder why the great mass migration to Linux hasn't happened?

    Well sure, that has always been an issue. Linux apparently isn't important enough for companies to bother testing for it, which means it only works with contrived hacks, which means no one uses it, which means companies don't think it's important enough to bother testing for it.

  5. If it's bricked... by Anonymous Coward · · Score: 2, Interesting

    Just sue on the small claims court.

    You pay like 35 pounds to issue the legal challenge, and you almost automatically win because the problem is due to a defective product.

    Samsung on the other hand will have to show as represented by some lawyer, and has to pay everything.

    If it doesn't show, they will get a decision by default, which is almost the same...

    Why do you think companies do replace items like that instead of flatly refusing?

    Because they can't afford the bad publicity and the continuously court auditions.

    Besides, don't even try to do a class action... is way more fun to have the company to run amok between 1000 court rooms almost at the same time...

    BTW i'm not a lawyer and this is not legal advise. :)

    1. Re:If it's bricked... by Nemyst · · Score: 1

      Most companies don't ever bother showing up to small claims. Unless the item you're claiming a replacement/repair on is really, really expensive, it's usually more cost-effective for them to get the default decision and pay up than to get a representative in court.

      They largely do this because few people go through the hassle of using small claims court in the first place. It's a bit more complicated than just paying a nominal fee, though that depends on your country's laws, but it's usually worth it.

  6. No...Bad Unified Extensible Firmware Interface by tuppe666 · · Score: 4, Informative

    The UEF Interface seems to work just fine with Win OS and iOS. How is that a bios problem?

    http://www.pcworld.com/article/2027819/not-just-linux-windows-can-brick-samsung-laptops-too.html No bad on Windows too.

    Please don't quote other peoples comments as fact, I suggest you check out the reply to it.

    As for the Mass Migration to Linux, that happened with Android, which is set to become the most installed OS this year.

    1. Re:No...Bad Unified Extensible Firmware Interface by Anonymous Coward · · Score: 1, Insightful

      As for the Mass Migration to Linux, that happened with Android, which is set to become the most installed OS this year.

      No. You're making the classic zealot's mistake of moving the goalposts to a different game. The "Great Mass Migration to Linux" was referring to desktop and laptops PCs, not phones, tables, or other hardware. Also note that while Android runs on the Linux kernel, it doesn't readily run GNU/Linux software.

    2. Re:No...Bad Unified Extensible Firmware Interface by recoiledsnake · · Score: 1

      As for the Mass Migration to Linux, that happened with Android, which is set to become the most installed OS this year.

      That means it must be time to remove the anti-trust restrictions on Microsoft and Windows, right?

      --
      This space for rent.
  7. Re:When you go Linux.... by Cito · · Score: 4, Informative

    You can sometimes on many "bricked" devices like linksys router bricks after borking a dd-wrt install
    and on the samsung laptops as well by playing with the jtag

    http://en.wikipedia.org/wiki/Joint_Test_Action_Group

    most stuff has jtag support and in some cases you can use the jtag header to unbrick a device.

    I've unbricked an old WRT54GL after a screwup I did on an older dd-wrt install few years ago using jtag.

    it's not something a normal user would be able to do or have confidence in doing, so yea in most cases the normal user will never unbrick.

  8. Re:Bad Unified Extensible Firmware Interface...or? by fluffy99 · · Score: 4, Informative

    It's been demonstrated that this bug can be elicited from Windows as well. And Windows expects to be able to write even more info than Linux was. Linux was just the first to expose the problem by trying to use UEFI variables to hold kernel panic info (Apple does something similar). IT didn't help that the UEFI driver itself caused the kernel panic, after which the kernel writes some debug log info to the UEFI to support later postmortem analysis.

  9. KISS by gmuslera · · Score: 2

    The fix is in the wrong place. Is basically broken hardware, something that run as root/admin (intended or not) could brick them at any time. Is a problem just waiting to happen, avoiding them is the right solution.

    1. Re:KISS by John+Hasler · · Score: 1

      > The fix is in the wrong place.

      Yes, of course, but only Samsung can put it in the right place. At least this is a workaround for people who already made the mistake of buying one of these pieces of junk.

      --
      Warning: this article may contain humor, sarcasm, parody, and perhaps even irony. Read at your own risk.
    2. Re:KISS by F.Ultra · · Score: 1

      Not for people owning the hardware that want to be able to use it without the risk of bricking it until Samsung comes out with a fixed UEFI (if they ever do).

    3. Re:KISS by sjames · · Score: 2

      It's more accurately a work-around. It's certainly in the wrong place and ultimately not "the right thing", but has the advantage that it doesn't depend on a potentially unwilling or unable party to at least get it to not brick. As such, it may be 'the best we can do without Samsung' and as such, it's useful.

      It also adds a bit of shame factor. See that Samsung? Some guy sitting in his office can make your hardware work better (with Linux) than your own engineers. How sad is that?!

      If that doesn't make someone at Samsung beet red in the face and desperate to release a properly corrective patch, they deserve to lose in the market.

    4. Re:KISS by ArsenneLupin · · Score: 1

      These devices came out less than 2 years ago. So they are all still under warranty. Brick them, bring them back to the shop, get a refund, and buy a non-broken device instead.

    5. Re:KISS by ArsenneLupin · · Score: 1

      Why do they keep the hardware? Simply get them exchanged for non-broken hardware.

    6. Re:KISS by ArsenneLupin · · Score: 1

      If that doesn't make someone at Samsung beet red in the face and desperate to release a properly corrective patch, they deserve to lose in the market.

      Maybe it does, but that still doesn't mean that a fix will be coming. It's not as if developing the fix was expensive, but you've got to consider all the overhead: meetings, heavy testing procedures, etc.

    7. Re:KISS by sjames · · Score: 1

      Meetings perhaps, but clearly there's not much in the way of testing procedures if a big ugly bug like that got out. Even if there is a lot of testing and this was an anomaly, what';s the patch going to do, double dog brick the laptop?

    8. Re:KISS by ArsenneLupin · · Score: 1
      The purpose of these test procedures is not to find bugs (they didn't find this bricking issue afterwards), but it's to delay fixes, if ever a bug is found.

      Case in point: a large Luxembourgish bank encountered such an issue in their homebanking product (login impossible with some of the Luxtrust smartcard products). The broken version was put online beginning of June 2012 and customers were complaining already within days afterwards. Before the end of Une, it was known (by customers) what the problem was (literally, a single typo in a config file), and that the upstream provider (Luxtrust) had a fix. Yet, the bank still refused to roll out a fix. There excuse was "we'd have to redo our expensive test suite again, and we don't have any budget for that". To this day, the issue is still unfixed. Way to reward people who paid 50€ out of their own pocket for an extra-secure smartcard...

    9. Re:KISS by F.Ultra · · Score: 1

      Probably because they are unaware of the problem. Better to have a "temporary" fix in the kernel so that _that_ day these people tries to install Linux they don't get bricked devices. Not every one follows the tech news you now.

  10. It depends on the cpu and the manufacturing.... by Anonymous Coward · · Score: 3, Interesting

    procedure. Some ARM chips have bootstrap code that will talk to a usb device (i.e. looks like a serial port, sort of), and there is a program that lets you load the initial software no matter what's in flash. That usb port might just be a header or a bunch of pads on the cpu.

    With other devices you have to go into a jtag port, (i.e. a header or perhaps just solder pads) load a tiny program into ram, and use THAT to program the flash.

    If they build them with empty flash, there has to be a way to do the initial load. If they build them with programmed flash, it might not be possible without unsoldering the flash chip(s) or something like that.

  11. Why do people trust Samsung software? by Anonymous Coward · · Score: 1

    Seriously. Anything they can write code for will be buggy, insecure and crap.

  12. Re:That's great, but can they be fixed once bricke by LordLucless · · Score: 2, Insightful

    If they can, they weren't bricked in the first place. That's what "bricked" means.

    --
    Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face
  13. Re:A host file would have prevented the damage by myowntrueself · · Score: 1

    You have got way too much time on your hands.

    --
    In the free world the media isn't government run; the government is media run.
  14. English for Slashdot editors by wonkey_monkey · · Score: 3, Funny

    According to Garrett, storage space constraints in UEFI storage variables is the reason Samsung laptops end up bricking themselves.

    Is? Is?

    --
    systemd is Roko's Basilisk.
    1. Re:English for Slashdot editors by formfeed · · Score: 1

      According to Garrett, storage space constraints in UEFI storage variables is the reason Samsung laptops end up bricking themselves.

      Is? Is?

      I think your one of them Gramer-Nazi's who is always wanting to correct other people's posting.
      Just sit on you're hands for one's!

  15. Re:When you go Linux.... by LordLimecat · · Score: 1

    I never knew that thats what JTAG stood for. Sounds much cooler than "debugging interface", more like its a team of crack hackers who spend their friday nights chilling with the DevGru (Seal Team 6) guys.

  16. Re:Bad Unified Extensible Firmware Interface...or? by denbesten · · Score: 1

    ---The UEF Interface seems to work just fine with Win OS and iOS. How is that a bios problem?

    Perhaps a car analogy will help. Imagine there is a bridge that semi trucks hit when they try to go under, but a cars and pickups do not. Without more facts, one can't really say if the problem is that the trucks are too tall or the bridge is too short. In this case, they investigated and discovered the bridge was built shorter than the bridge building rules require. The short-term fix is to post "no semi" signs and use less-tall trucks to get to the other side. The proper fix is to jack up the bridge.

    The patch announced today is the "less-tall truck".

  17. Re:When you go Linux.... by Hal_Porter · · Score: 2

    The name is a contrast to the Divided Test Action Group, which collapsed because of internecine squabbling that led to layoffs, punch ups in the parking lot and eventually drive by shootings.

    Brian Damage, their former CTO, is currently serving fourteen life sentences in a SuperMax prison for a flame thrower revenge attack on the Floor 6.

    --
    echo -e 'global _start\n _start:\n mov eax, 2\n int 80h\n jmp _start' > a.asm; nasm a.asm -f elf; ld a.o -o a;
  18. Life imitates art by Kiwikwi · · Score: 2

    Are you not seeing the insanity of avoiding errors caused by being 100% full by bricking the device at 50% full?

    Reactor explosion timer destroyed. Reactor Explosion Uncertainty Emergency Preemption Protocol activated. This facility will self-destruct in two minutes.

  19. Re:That's great, but can they be fixed once bricke by serviscope_minor · · Score: 1

    If they can, they weren't bricked in the first place. That's what "bricked" means.

    Yay! Can we get into an argument as to what bricked means?

    I have a friend with a reflow station, so I can replace busted chips. So *your* hardware isn't *truly* bricked. Etc.

    --
    SJW n. One who posts facts.
  20. Re:Bad Unified Extensible Firmware Interface...or? by Jesus_666 · · Score: 1

    Oh, golly. Samsung didn't fully understand the tech they're working with and implemented it in a braindead way that enters an embarassing failure mode almost immediately after hitting the market. Between this and /dev/exynos-mem I think I'll stop trusting Samsung with anything involving firmware for the time being...

    --
    USE HOT GRITS WITH STATUE OF NATALIE PORTMAN (NAKED AND PETRIFIED)
  21. Re:Bad Unified Extensible Firmware Interface...or? by ArsenneLupin · · Score: 2

    No, the problem is that on the approach to the bridge is a sign "height limitation 3m", but actually the bridge has only 1.5m clearance. Cars still pass, but even the tiniest lorry will bump into it.

  22. Re:What happened to Open Firmware? by BitZtream · · Score: 1

    OpenBoot, like BIOS, was replaced by EFI years ago. The PC windows world is JUST now picking up on the EFI bandwagon that everyone else has been on for years.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  23. Re:That's great, but can they be fixed once bricke by LordLucless · · Score: 1

    Yay! Can we get into an argument as to what bricked means?

    Yay! Let's make it a relative term. I've got a friend who's an idiot. For him, hitting the off switch "bricks" the phone, cause he can't figure out how to fix it from that state.

    --
    Just because you're paranoid doesn't mean there isn't an invisible demon about to eat your face