Samsung Laptop Bug Is Not Linux Specific 215
First time accepted submitter YurB writes "Matthew Garrett, a Linux kernel developer who was investigating the recent Linux-on-Samsung-in-UEFI-mode problem, has bricked a Samsung laptop using a test userspace program in Windows. The most fascinating part of the story is on what is actually causing the firmware boot failure: 'Unfortunately, it turns out that some Samsung laptops will fail to boot if too much of the [UEFI] variable storage space is used. We don't know what "too much" is yet, but writing a bunch of variables from Windows is enough to trigger it. I put some sample code here — it writes out 36 variables each containing a kilobyte of random data. I ran this as an administrator under Windows and then rebooted the system. It never came back.'"
memo to hardware producers (Score:5, Interesting)
Embrace Linux as an additional test suite for your hardware.
Re:memo to hardware producers (Score:5, Interesting)
Add that script to the payload malware usually carries, and spread it around, a few thousands bricks later, the negative publicity is sure to kill this whole UEFI thing, or at least force the hardware makers to include linux in their testing.
Re:Unlimited Supply of Laptops? (Score:5, Interesting)
30-day hassle-free return policy.
OS boot entries are in NV storage (Score:4, Interesting)
Free Laptops? (Score:1, Interesting)
These guys are intentionally trying to brick their laptops? I understand what they're trying to do, but don't they care about their money going down the drain, or are they getting free laptops from Samsung somehow?
Re:memo to hardware producers (Score:5, Interesting)
The UEFI doesn't require the use of battery backed RAM ("the implementation of variable storage is not defined in this specification, variables must be persistent in most cases."), so such use can be expected end up making all the EEPROM based ones fail at some point. Doing frequent updates to EEPROMs isn't a good idea.
Re:memo to hardware producers (Score:4, Interesting)
"Embrace linux" requires not much of an effort. That's why PC that were made before linux got popular happily run it.
"Don't throttle linux" fits more the situation, IMHO.
Re:memo to hardware producers (Score:5, Interesting)
You probably didn't get the parent comment. If someone can brick a laptop using a simple hack within Windows, then Samsung (at least) better prepare their stock because it's gonna be an RMA nightmare very soon. And that's probably good for the anti-UEFI side
Re:Extortionist Heaven (Score:4, Interesting)
Re:memo to hardware producers (Score:5, Interesting)
Except these days malware is used more for profit (e.g. botnet construction) than random mayhem, and to do that you need to keep the host you just pwned alive.
Perhaps put it in as a failure mode if the bot can't contact its server. That might dissuade the police from disabling the command server.
Re:Does windows crash if it has 0 temp space or 0 (Score:4, Interesting)
Re:memo to hardware producers (Score:2, Interesting)
It's because UEFI was designed to be a DRM-based operating system that sits on your hardware and underneath your actual operating system (Linux/Windows).
Have you ever actually looked at the fucking UEFI spec. It's a hideous nightmarish festival of complexity - the vast majority of which serves no purpose OTHER THAN TO seal the hardware for DRM purposes.
The whole boot process, from a technical point of view, would have benefited from simplicity (indeed, Microsoft used to say "we don't need no stinking BIOS" - this was pre-DRM relevation circa 1999 by Billy Gates).
UEFI ignored all that because its goal isn't simplicity and reliability. It's control and DRM.