corrupted BIOS due to Intel SPI bug in kernel

Bug #1734147 reported by tobia antoniolli on 2017-11-23
824
This bug affects 136 people
Affects Status Importance Assigned to Milestone
Linux
Unknown
Unknown
linux (Ubuntu)
Critical
Unassigned
Artful
Critical
Unassigned
linux-hwe-edge (Ubuntu)
Xenial
Critical
Unassigned
linux-oem (Ubuntu)
Xenial
Critical
Unassigned

Bug Description

An update to linux kernel on Ubuntu 17.10 that enabled the Intel SPI drivers results in a serial flash that is read only in Intel Broadwell and Haswell machines with serial flashes with SPI_NOR_HAS_LOCK set.

Symptoms:
 * BIOS settings cannot be saved
 * USB Boot impossible
 * EFI entries read-only.

---

Fix: The issue was fixed in kernel version 4.13.0-21 by configuring the kernel so it is not compiled with Intel SPI support. But previous affected machines still suffered from a broken BIOS.

Repair: If you still can boot into Ubuntu, you can recover your BIOS with the following steps:

1. Boot into Ubuntu
2. Download http://people.canonical.com/~ypwong/lp1734147/linux-image-4.15.0-041500rc6-generic_4.15.0-041500rc6.201712312330+20170103+1_amd64.deb
3. Install the downloaded package:
  $ sudo dpkg -i linux-image-4.15.0-041500rc6-generic_4.15.0-041500rc6.201712312330+20170103+1_amd64.deb
4. Make sure the kernel is installed without any error. Once installed, reboot.
5. At grub, choose the newly installed kernel. You can choose the "recovery" mode.
6. Reboot and go to BIOS settings to confirm your BIOS has been recovered.
7. In case your BIOS is not recovered, reboot to the new kernel, then reboot *once again* to the new kernel, do not enter BIOS settings before the reboot. After the second reboot, check BIOS.
8. If your BIOS issue remains, download another kernel from http://people.canonical.com/~ypwong/lp1734147/linux-image-4.15.0-041500rc6-generic_4.15.0-041500rc6.201712312330+clear+debug_amd64.deb, and use dpkg to install it, then repeat steps 4 to 6.

After your BIOS is fixed, the kernel packages you just installed are no longer needed, you can remove it by running 'sudo dpkg -r linux-image-4.15.0-041500rc6-generic'.

The patch used to build the linux v4.15 kernel in step 8 can be found at https://goo.gl/xUKJFR.

---

Test Case: Fix has been verified by our HWE team on affected hardware.

Regression Potential: Minimal, it's unlikely anyone is actually doing anything which requires this driver.

---

Affected Machines:

Lenovo B40-70
Lenovo B50-70
Lenovo B50-80
Lenovo Flex-3
Lenovo Flex-10
Lenovo G40-30
Lenovo G50-30
Lenovo G50-70
Lenovo G50-80
Lenovo S20-30
Lenovo U31-70
Lenovo Y50-70
Lenovo Y70-70
Lenovo Yoga Thinkpad (20C0)
Lenovo Yoga 2 11" - 20332
Lenovo Yoga 3 11"
Lenovo Z50-70
Lenovo Z51-70
Lenovo ideapad 100-15IBY

Acer Aspire E5-771G
Acer Aspire ES1-111M-C1LE (fixed following your new instruction (thank you))
Acer TravelMate B113
Acer Swift SF314-52 (Fixed by 4.14.9)
Toshiba Satellite S55T-B5233
Toshiba Satellite L50-B-1R7
Toshiba Satellite S50-B-13G
Dell Inspiron 15-3531
Mediacom Smartbook 14 Ultra M-SB14UC
Acer Aspire E3-111-C0UM
HP 14-r012la

---

Affected serial flash devices by manufacturer part number, JEDEC ID (SPI_NOR_HAS_LOCK set in drivers/mtd/spi-nor/spi-nor.c)
/* ESMT */
   f25l32pa, 0x8c2016
   f25l32qa, 0x8c4116
   f25l64qa, 0x8c4117
/* GigaDevice */
   gd25q16, 0xc84015
   gd25q32, 0xc84016
   gd25lq32, 0xc86016
   gd25q64, 0xc84017
   gd25lq64c, 0xc86017
   gd25q128, 0xc84018
   gd25q256, 0xc84019
/* Winbond */
   w25q16dw, 0xef6015
   w25q32dw, 0xef6016
   w25q64dw, 0xef6017
   w25q128fw, 0xef6018

---

Original Description:

Basically on Lenovo Y50-70 after installing Ubuntu 17.10, many users reported a corrupted BIOS.

It's not possible to save new settings in BIOS anymore and after rebooting, the system starts with the old settings.

Moreover (and most important) USB booting is not possible anymore since USB is not recognized. It's very serious, since our machines do not have a CDROM.

Lenovo forums at the moment are full of topics regading this issue.

Thank you!!

tobia antoniolli (tob79) on 2017-11-23
information type: Private Security → Public
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in grub2 (Ubuntu):
status: New → Confirmed
britgreek (britgreek) wrote :

The problem also affects Lenovo G40-30. I have just installed Ubuntu 17.10 in legacy mode (dual boot with Windows 10) and the boot from USB option is gone. Very serious issue, as there is no way to format our hard drives and reinstall an OS. There was no reference in the documentation for such a serious problem that would alter/corrupt our bios.

bruno (bruno-js-carvalho123) wrote :

I have the same problem with Lenovo U31-70. Since I upgraded to Ubuntu 17.10 i'm unable to save any changes made to the bios.

tobia antoniolli (tob79) on 2017-11-24
summary: - Ubuntu 17.10 corrupting BIOS - Lenovo Y50-70
+ Ubuntu 17.10 corrupting BIOS - many LENOVO laptops models

I have the same problem - Lenovo Y50-70 - I took my laptop to a professional repair shop and they could not fix it.

Toninetto (toninetto) wrote :

I've had the same problem. After trying different solutions, I had to remove the bios chip with hot air, read the content with a usb programmer, and flash a new chip. So now i can remove the secure boot and saving on exit...
I know this is an extreme solution, but I hope I can help someone find a simpler solution.

davvvidko (jannnas) wrote :

Same problem with Lenovo G50-70

Cannot boot from USB/CD rom

I dont know how we can get this repaired.

tobia antoniolli (tob79) on 2017-11-25
description: updated
Tautedorus (tautedorus) wrote :

I can also confirm this. I use the Lenovo Z50-70 laptop and I have encountered this problem. After installing Ubuntu 17.10 (and other remixes of it) and reinstalling it again, the UEFI BIOS does not save any changes except the date and time. I could not reset the UEFI BIOS settings because it did not save any changes and the CMOS battery is soldered, unfortunately. What is even worse, the UEFI BIOS does not boot any bootable media. I tried booting DVDs, USB sticks and other HDDs with no luck. The only thing that the boot menu shows is the old installation partition name and nothing else. Before that happened I used Manjaro distribution which did not have such problems even after reinstalling it multiple times. By the way, the solution to this problem was the a motherboard replacement... Two times.

The only way to boot bootable devices is to install and properly configure rEFInd: https://forums.lenovo.com/t5/forums/v3_1/forumtopicpage/board-id/ll04_en/thread-id/154203/page/2. That does not solve the UEFI BIOS corruption problem. It is just a workaround.

Maybe it is a defective Lenovo UEFI BIOS (two motherboard replacements proved that it could be defective "by design"). However, as I mentioned before, other distributions had not caused any of these problems before.

Marcin Ciosek (marcin-p-ciosek) wrote :

This is not Ubuntu bug.
I've created the workaround description (user marcin78 here) and as you can clearly see, it refers to my Antergos installation being the last one writing BIOS.
I think (I'm not system expert) that this can be related to the way the kernel update scripts (modules rebuild or mkinird or any other) is handling the process. It could be that other system users don't do so many BIOS rewrites (Windows is updated in a different way) and this problem is not affecting most of PC users. Although there are reports also from Windows installations.
So far the fix is replacing the chip. Far beyond most of our skills and definitely won't come cheap from Lenovo service.
Hope the rEFInd tip can serve you for now.
Marcin

britgreek (britgreek) wrote :

Actually, this MUST be a Ubuntu / Linux bug, as the current Ubuntu 17.10 rendered our Lenovo laptops useless in the long run, without any documentation or warning that the installation would affect the BIOS. This is a very serious issue, both legally and ethically and I think that we should demand an immediate fix. No OS should have anything to do with the modification of the BIOS without the consent of the owner. What will happen if we need to format our hard drives? How will we be able to install the OS that we want? i am not happy with any workaround. I want my computer to function as it did when I purchased it, in terms of its bios settings and booting from USB is an essential feature. What remains to be explained is the reason why it only affects Lenovo hardware and not any other brand.

sultan tell (sultantell) wrote :

Same problem with lenovo Z50-70

britgreek (britgreek) wrote :

Just found a bios update, but it fails to install. I am trying to run the exe from Lenovo website on Windows 10. The laptop just restarts without performing the update.

tobia antoniolli (tob79) on 2017-11-26
description: updated
tobia antoniolli (tob79) wrote :

I am not sure devs are working/have been informed, we need to directly involve them since this is a MAJOR issue as perfectly explained by britgreek on post #9.
Does anybody know how to speed up things here?

britgreek (britgreek) wrote :

@tobia antoniolli

I think Lenovo does not support Linux as an OS, therefore, they will claim that it is not their fault. On Lenovo forums, similar issues with similar BIOS symptoms have been reported since 2016, without any support. On the other hand, I do not see how Ubuntu devs can actually revert the current situation, as Ubuntu theoretically has no access to the BIOS or its code.

In my case, these laptops are used in a private school, and now I am left stranded with machines that do not function as they should.

Lukas Bockstaller (boggy) wrote :

Lenovo Yoga Thinkpad (20C0) is also affected.

tobia antoniolli (tob79) wrote :

@britgreek

I agree with you, Lenovo has nothing to do with this issue, however I think it's Ubuntu devs responsability to take a look and try to fix this issue, since Ubuntu 17.10 has corrupted our bios. Our machines here (different models) reported this issue only after installing Ubuntu 17.10 and if you browse this forum, you would see that many others reported Ubuntu corrupting the BIOS, something that is extremely serious.

description: updated
britgreek (britgreek) wrote :

Update: I contacted Lenovo Greece today, and they said they they had never heard of the problem, despite the posts in Lenovo's forums (some of which date back to 2016), and they suggested that in such cases, a change of motherboard may be the only solution to fix the issue. So, the situation is getting even worse. They also mentioned that Lenovo does not officially support Linux.

reece callister (reecespuffs) wrote :

this is also affecting my bios on the lenovo ideapad 100 15iby however usb booting is still possible.
the troubleshooting steps i have taken are.
1) used lenovo's bios update utility from the drivers site of my bios
  https://download.lenovo.com/consumer/mobiles/cccn21ww.exe (direct link)
2)replaced CMOS battery
3)reached out to the staff of lenovo forums and support staff for help and it stumped them
4)tried different OS's (i had ubuntu 17.10 but win server 2016 killed the grub loader (unrelated))
   i tried win server 2016 & win8.1 (the modded version windows 9)
all these were in vein as its still not saving (btw the reason i need server 2016 is to host RDweb applications which you need intel virtualisation on which is how i found this issue)
if anyone has any solution to this pls email me at <email address hidden> or reply to this

reece callister (reecespuffs) wrote :

I DID NOT MEAN TO DO THAT THERE IS NO FIX ATM PLZ CHANGE THAT BACK

Changed in grub2 (Ubuntu):
status: Confirmed → Fix Released
reece callister (reecespuffs) wrote :

sorry im new to this forum

tobia antoniolli (tob79) on 2017-11-27
Changed in grub2 (Ubuntu):
status: Fix Released → Confirmed
reece callister (reecespuffs) wrote :

thank you

Alexis Rico (sferadev) wrote :

This is unacceptable, right now my Lenovo G50-80 is a brick.

USB Boot does not work.
DVD Boot does not work.
BIOS Boot menu doesn't autodetect changes on the hard drive EFI paths.

And during an update grub stopped working, it reported a syscall error of I/O and on reboot I couldn't start the computer anymore. I would normally boot a live cd and boot-repair but guess what UEFI USB Boot does not work and Legacy capabilities won't work either.

And reprogramming the BIOS chip is not a viable solution by the way...

1 comments hidden view all 538 comments
Andy (andyskull-619) wrote :

Just wanted to join in and say that I am also affected by this, the exact same way as everyone else. I updated to ubuntu 17.10 and my bios died.
Like others, I also changed the CMOS battery etc. It was not a battery problem.

I followed user Marcin Ciosek's work around that he posted on the lenovo forums and was able to fix my installation. But the bios is ofcourse still bricked.
I've never experienced this before, I thought it not possible for an OS to brick a bios chip. If anyone knows how exactly this happened let us know.

tobia antoniolli (tob79) wrote :

Hi guys, just to let you know that I sent an email directly to Ubuntu Devs (<email address hidden>)

Probably I won't get a reply from them, but I am trying to get their attention.

tobia antoniolli (tob79) wrote :

I also sent an email to Canonical LTD (legal department) explaining the issue and threatening to take legal action on them. As per my previous post, I am trying to get their attention. I'll keep you informed.

Dimitri John Ledkov (xnox) wrote :

Are the machines dual installed with Windows 10?
Has there been a recent upgrade to Fall Creators Update? Note that many Lenovo machines fail to boot or boot to black screen after such an update. Such an upgrade affects subsequent boots to both win10 and ubuntu.
Can you get into one-key recovery mode?
Can you get to the boot options menu?
Can you get to the bios settings menu?
Can you configure boot entries in the bios settings to boot from the /EFI/BOOTX64.EFI? SHIM? UBUNTU/GRUB2.EFI?
Have you applied all the Lenovo bios/firmware upgrades?

To this point, I am not yet convinced that there is a bug in Ubuntu that causes this.

For one thing, the issue is far too confused here on this report for me to make sense of what is going on. The included links to Lenovo forums do not appear to me as bugs in Ubuntu.

What exactly is the problem?
What settings are changed in the BIOS and appear to not be saved?
Can your system boot into Ubuntu?
If not, what last appears on screen?
If yes, then what does 'sudo efibootmgr -v' report?

Failing to change things in the BIOS does not sound to me like anything that Ubuntu could have caused; but it also seems like there might be confusion as to how booting works on these systems. When systems are booting in UEFI mode, you can't simply add files here and there on the system and expect things to work -- this is why you have named entries in the firmware (the "BIOS") such as "ubuntu": there is some configuration involved, which can be done using 'efibootmgr' on Linux.

If you can't change time/date in firmware, or any other option that is not boot related, you need to consult Lenovo. There is nothing I can do about those. If you are having issues changing boot entries in firmware, it's possible that it is simply not supported -- the firmware might not allow you to set the ordering; and to disable UEFI you may need to first disable Secure Boot. The best is again to consult Lenovo for help and describe exactly what you want to do. They know how their firmware is supposed to work; and what is and is not possible to do.

Please also try using F12 or Fn-F12 (whatever the key combination is on that particular hardware. I have Lenovo hardware here, but none of the affected systems) to get to the Boot Selection Menu and see if then you can boot to USB or to Windows (if it's still installed) from that menu.

Please avoid using rEFInd if possible, as I cannot provide support for its use. It is known to change settings incorrectly; and that can cause issues on upgrade. The fewer extra changes on a system once it stops working is always better to figure out what is wrong.

Changed in grub2 (Ubuntu):
status: Confirmed → Incomplete
importance: Undecided → High
bruno (bruno-js-carvalho123) wrote :

I dont have a dual boot system, i just have ubuntu 17.10 and since the upgrade (17.04 to 17.10) im unable to save changes made to the bios such as boot order, secure boot, intel virtualization, etc.

I can boot into Ubuntu and the output of 'sudo efibootmgr -v' is:

BootCurrent: 0000
Timeout: 0 seconds
BootOrder: 0000,2003,2001,2002
Boot0000* ubuntu HD(1,GPT,ef50adca-c79c-4471-8c88-4a641917c23d,0x800,0x100000)/File(\EFI\ubuntu\shimx64.efi)
Boot0001* EFI Network 0 for IPv4 (1C-39-47-18-3F-55) PciRoot(0x0)/Pci(0x1c,0x2)/Pci(0x0,0x0)/MAC(1c3947183f55,0)/IPv4(0.0.0.0:0<->0.0.0.0:0,0,0)RC
Boot0002* EFI Network 0 for IPv6 (1C-39-47-18-3F-55) PciRoot(0x0)/Pci(0x1c,0x2)/Pci(0x0,0x0)/MAC(1c3947183f55,0)/IPv6([::]:<->[::]:,0,0)RC
Boot2001* EFI USB Device RC
Boot2002* EFI DVD/CDROM RC
Boot2003* EFI Network RC

My machine is a Lenovo U31-70.

tobia antoniolli (tob79) wrote :

@Mathieu Trudel-Lapierre (cyphermox)
@Dimitri John Ledkov (xnox)

Hi, thank you for having a look.

To be more clear about this issue:

I had Linux Mint before switching to Ubuntu 17.10 few days ago - no dual boot, just Ubuntu

I can access BIOS (either via f12 or one-key recover mode)

I can change all BIOS settings, but the issue is that when rebooting, the BIOS keeps the old settings so the machine keeps rebooting in safe-mode. Thus usb is not recognized.

https://ibb.co/fHntcm (bios, boot menu)

before installing Ubuntu 17.10, USB was present as third option under the sub-section Legacy.
Now it's not recognized.

I hope this make things clearer.

The USB option is not present obviously even when pressing f12 at startup (for selecting the boot source) https://ibb.co/msfziR

Ubuntu 17.10 is working properly for me, and within Ubuntu USB ports work properly.

Let us know if you need more details, thanks

tobia antoniolli (tob79) wrote :

If I run 'sudo efibootmgr -v'
the message is: EFI variables are not supported on this system.

Alexis Rico (sferadev) wrote :

@Mathieu Trudel-Lapierre (cyphermox)
@Dimitri John Ledkov (xnox)

My Lenovo G50-80 was running a Ubuntu 17.10 with no dualboot. The BIOS didn't allow me to change ANY of the options and USB/DVD boot did not work for a few weeks or maybe months (I don't check BIOS every day).

Also it seems that grub failed when doing an apt upgrade (gave me a syscall error I/O) and the laptop turned itself into a brick because the "ubuntu"EFI entry also stopped working.

Right now I've set up a PXE server and I'm trying to install Windows 10 over LAN. If I can get it to boot, I'll try to apply the latest BIOS patch (only available for install through Windows) and see if everything goes back to normal.

Alexis Rico (sferadev) wrote :

Status update: Attempt to install Windows over PXE won't work.

The BIOS is really derped. The error of Windows Installer is: "Windows could not update the computer's boot configuration. Installation cannot proceed.".

I'm out of ideas...

reece callister (reecespuffs) wrote :

wow idk who stuffed it up but they stuffed up bad
i guess im lucky i can boot from usb and optical drive i just can change my bios settings
(lenovo ideapad 100 15iby)

reece callister (reecespuffs) wrote :

cant*

Steve Langasek (vorlon) wrote :

Bruno's efibootmgr output from comment #29 shows the same damaged boot entry syntax that has previously been seen on Acer laptops.

https://bugs.launchpad.net/ubuntu/+source/efibootmgr/+bug/1437797/comments/5

To my knowledge this is not compliant with the EFI spec.

Did Lenovo recently switch firmware vendors on this product line?

@tobia; contact Lenovo support. If USB does not show up, it's not an Ubuntu issue. Your USB system may be failing, or the USB key is not recognized (which would make it not show up as a boot option). You might want to try with a different USB key. Was 'ubuntu' listed before under UEFI? You should also not change the boot settings unless you know what you are doing, as doing so can obviously keep your system from booting correctly. If things are being reset at boot (presumably after a few seconds of delay at a blank screen), then you might be dealing with a bad firmware; you should contact Lenovo for help to upgrade or revert the last firmware update.

@Alexis Rico (sferadev); I suspect your hard drive is failing, or you are dealing with a bad firmware. GRUB would not cause this. What options are you trying to change in BIOS? What happens exactly when you try it? Is there an error, does it allow you to save, but then you get a blank screen for a while, and the system "reboots" again?

@bruno; as above: what happens? What settings do you try to change? What happens exactly when you do? What precise steps do you take?

In general, if you are unable to save setting changes in BIOS, you *need* to contact Lenovo support, especially if at "reboot" you see a blank screen for a while before anything happens. This may mean the firmware is confused, and its safety mechanisms will attempt to recover by settings back to their defaults.

bruno (bruno-js-carvalho123) wrote :

@Mathieu Trudel-Lapierre (cyphermox)

My problem is very much like @tobia described, I make some changes in the bios (like disabling secure boot or enabling legacy mode) press Save and exit then the computer reboots and bios settings go back to default.
I guess that the reason why @tobia doesn't see the USB drive listed in the boot options is because he cant disable secure boot.

And I dont see any blank screen, the boot process seems pretty normal.

@Steve Langasek (vorlon)

Im sorry i dont really know what lenovo is doing. As far as I know I didnt do any bios upgrades.

Alexis Rico (sferadev) wrote :

@Mathieu Trudel-Lapierre Yes, I have two issues:

1) BIOS Doesn't work fine. Same problem as @bruno USB Boot doesn't work, DVD boot doesn't work and saving bios settings are lost of exit and save. No white screen just the changes don't persist across reboots.

2) The hard drive failed leaving system non-bootable.

Today I've also tried installing the OS on a new drive and a different computer, booting through PXE to a Ubuntu Live CD and trying to insert a new entry for the new os through efibootmgr.

So far I've learnt that efibootmgr is unable to create a new entry as it errors No such File. And deleting the old EFI entries seems to work but when rebooting to bios the old EFI entries are still there.

On Tue, Nov 28, 2017 at 08:57:08PM -0000, Alexis Rico wrote:
> @Mathieu Trudel-Lapierre Yes, I have two issues:

> 1) BIOS Doesn't work fine. Same problem as @bruno USB Boot doesn't work,
> DVD boot doesn't work and saving bios settings are lost of exit and
> save. No white screen just the changes don't persist across reboots.

> 2) The hard drive failed leaving system non-bootable.

> Today I've also tried installing the OS on a new drive and a different
> computer, booting through PXE to a Ubuntu Live CD and trying to insert a
> new entry for the new os through efibootmgr.

> So far I've learnt that efibootmgr is unable to create a new entry as it
> errors No such File. And deleting the old EFI entries seems to work but
> when rebooting to bios the old EFI entries are still there.

All of this appears to point to a firmware implementation that does not
conform to the EFI standard. If Ubuntu is doing something "wrong" here, it
is very difficult to discern what it is.

In the past, we have seen problems with the Linux kernel filling up the
firmware's available nvram space and as a result causing boot problems.
This could be another instance of that problem, but that doesn't seem to fit
with the idea of efibootmgr successfully allowing boot entries to be
deleted.

Steve Langasek (vorlon) on 2017-11-29
affects: grub2 (Ubuntu) → linux (Ubuntu)
Changed in linux (Ubuntu):
status: Incomplete → New
Changed in linux (Ubuntu):
status: New → Incomplete
tags: added: artful
tobia antoniolli (tob79) on 2017-11-29
tags: added: apport-collected wayland-session
description: updated
description: updated
Changed in linux (Ubuntu):
status: Incomplete → Confirmed
tobia antoniolli (tob79) on 2017-12-01
description: updated
description: updated
Changed in linux (Ubuntu):
importance: High → Critical
Changed in linux (Ubuntu Artful):
importance: Undecided → Critical
status: New → Confirmed
tags: added: kernel-key
description: updated
description: updated
description: updated
Pouria Maleki (pouria1) on 2017-12-11
description: updated
Tasos (tkatsoulas1) on 2017-12-11
description: updated
description: updated
kevh (kevhennessey) on 2017-12-12
description: updated
MAX KOVALENKO (hawo0451) on 2017-12-14
description: updated
description: updated
description: updated
Steve Langasek (vorlon) on 2017-12-15
description: updated
description: updated
description: updated
description: updated
MAX KOVALENKO (hawo0451) on 2017-12-18
description: updated
Rushabh Shah (rmshah99) on 2017-12-18
description: updated
Seth Forshee (sforshee) on 2017-12-18
description: updated
description: updated
Changed in linux (Ubuntu Artful):
status: Confirmed → Fix Committed
Changed in linux-hwe-edge (Ubuntu Artful):
status: New → Invalid
Changed in linux-oem (Ubuntu Artful):
status: New → Invalid
Changed in linux (Ubuntu Xenial):
status: New → Invalid
Changed in linux-hwe-edge (Ubuntu Xenial):
status: New → Fix Committed
Changed in linux-oem (Ubuntu Xenial):
status: New → Fix Committed
Changed in linux-hwe-edge (Ubuntu):
status: New → Confirmed
Changed in linux-oem (Ubuntu):
status: New → Confirmed
tags: added: verification-needed-artful
nic00 (nic00) on 2017-12-19
tags: added: verification-failed-artful
removed: verification-needed-artful
tags: added: verification-done-artful
removed: verification-failed-artful
Artur (radium88) on 2017-12-20
description: updated
Jeremy Keiper (jkeiper) on 2017-12-20
description: updated
Changed in linux (Ubuntu Artful):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Paul Sladen (sladen) on 2017-12-20
description: updated
Paul Sladen (sladen) on 2017-12-20
description: updated
allen (krell) on 2017-12-20
description: updated
allen (krell) on 2017-12-21
description: updated
Steve Langasek (vorlon) on 2017-12-21
description: updated
Elena (itzuki87) on 2017-12-21
description: updated
Changed in linux-hwe-edge (Ubuntu Xenial):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
Changed in linux-oem (Ubuntu Xenial):
status: Fix Committed → Fix Released
status: Fix Committed → Fix Released
description: updated
description: updated
oussama saghiri (osm1) on 2017-12-22
description: updated
description: updated
description: updated
description: updated
allen (krell) on 2017-12-23
description: updated
description: updated
description: updated
Alexis Rico (sferadev) on 2017-12-27
description: updated
no longer affects: linux (Ubuntu Xenial)
no longer affects: linux-hwe-edge (Ubuntu)
no longer affects: linux-hwe-edge (Ubuntu Artful)
affects: linux (openSUSE) → ubuntu-translations
no longer affects: ubuntu-translations
no longer affects: linux-oem (Ubuntu)
no longer affects: linux-oem (Ubuntu Artful)
Changed in linux-hwe-edge (Ubuntu Xenial):
importance: Undecided → Critical
Changed in linux-oem (Ubuntu Xenial):
importance: Undecided → Critical
allen (krell) on 2017-12-29
description: updated
description: updated
Juan Felipe (hacktt) on 2017-12-31
description: updated
Seb (seb-y) on 2018-01-01
Changed in linux (Ubuntu Artful):
assignee: nobody → Seb (seb-y)
assignee: Seb (seb-y) → nobody
description: updated
description: updated
description: updated
Changed in linux (Ubuntu):
assignee: nobody → ramdas chormale (ramdaschormale)
Derek Ashby (delsubuntu) on 2018-01-02
Changed in linux (Ubuntu Artful):
assignee: nobody → Derek Ashby (delsubuntu)
Changed in linux (Ubuntu Artful):
assignee: Derek Ashby (delsubuntu) → nobody
Changed in linux (Ubuntu):
assignee: ramdas chormale (ramdaschormale) → nobody
description: updated
description: updated
tags: added: patch
tags: removed: kernel-key
description: updated
description: updated
description: updated
Walter Lapchynski (wxl) on 2018-01-03
summary: - Ubuntu 17.10 corrupting BIOS - many LENOVO laptops models
+ corrupted BIOS due to Intel SPI bug in kernel
Walter Lapchynski (wxl) on 2018-01-03
description: updated
allen (krell) on 2018-01-04
description: updated
description: updated
Changed in linux (Ubuntu):
status: Confirmed → Fix Released
Steve Langasek (vorlon) on 2018-01-06
Changed in linux (Ubuntu):
status: Fix Released → Fix Committed
458 comments hidden view all 538 comments
Eric (eric34garrigues) wrote :

Thanks Mika, Farid, Logan, Daniele, Anthony, Vivien, Volkmar, Fabio, Kevh, Danny!
But with my configuration I can not install the kernel without errors.
I put back to read my previous message #485

Acer ES1-111-C1ZM
System Bios version V1.13
InsydeH20 Setup Utility

Ubuntu 16.04.03LTS / 32bits / Openbox
kernel 4.4.0.104

I did as indicated #294 the manipulation ukuu to the kernel 4.14.09.
And I have install 4.15.0-041500rc6 with errors (i686?).
I suppose i can't do the installation manipulation of 4.15 if I do not have an amd64 system.

After a lot of tests with other older kernels, without progress, deadlock.
Always not boot device choice, new hard drive not detected, etc..
Does anyone have an idea to work around this problem?

That's why I'm asking for some help. Thanks again.

This is what I typically do when I compile a custom kernel on a new
machine. You need development tools like git, gcc, gmake etc. but I
guess many distros have most of that stuff already installed. I did not
try these so there might be typos and something could be missing.

These steps should help to recover a system where there is some Linux
distro (not necessarily Ubuntu).

  1. Get the latest kernel tree

    $ git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
    $ cd linux

  2. Checkout the v4.15-rc7 branch

    $ git checkout -b spi-nor-recover v4.15-rc7

  3. Save and apply the patch from https://goo.gl/xUKJFR (this is the
     same patch that is linked in the bug description)

    $ git am 0001-Clear-both-SR-and-CR-explicitly-and-also-add-debug-m.patch

  4. Configure the kernel so that it takes only those modules that you
     have currently loaded

    $ make localmodconfig

  5. You may need to enable MTD subsystem, SPI-NOR and the intel-spi
     driver so run

    $ make nconfig

     Then select following from the config

       Device Drivers --->
         <*> Memory Technology Device (MTD) support --->
           <M> SPI-NOR device support --->
             <M> Intel PCH/PCU SPI flash platform driver

     Then press F9 and to save .config and exit nconfig.

  6. Build the kernel image and modules

    $ make -j8

  7. Once it is properly built without any errors you can install it
     along with the modules

    $ sudo make modules_install
    $ sudo make install

Once the custom kernel is installed, you can reboot to this new kernel
and it should clear the CMP bit from the serial flash status register.
It logs something like below to your dmesg:

[ 19.724288] intel-spi intel-spi: wrote SSFSTS_CTL=0x0045020c
[ 19.724301] intel-spi intel-spi: wrote FDATA(0)=00 00
[ 19.724304] intel-spi intel-spi: wrote SSFSTS_CTL=0x0041360c
[ 19.736538] intel-spi intel-spi: wrote SSFSTS_CTL=0x0040520c
[ 19.736542] intel-spi intel-spi: Both SR/CR cleared

Then when you reboot, the BIOS should be able to save settings again and
you can boot back to your distro kernel.

After this you can remove the custom kernel from /boot and modules from
/lib/modules.

Download full text (6.6 KiB)

Thank you Mika!
I will try to apply these instructions and give the return.
Not this evening, but i mpatient . Eric

----- Mail original -----

De: "Mika Westerberg" <email address hidden>
À: "cagole plus" <email address hidden>
Envoyé: Lundi 8 Janvier 2018 21:44:16
Objet: [Bug 1734147] Re: corrupted BIOS due to Intel SPI bug in kernel

This is what I typically do when I compile a custom kernel on a new
machine. You need development tools like git, gcc, gmake etc. but I
guess many distros have most of that stuff already installed. I did not
try these so there might be typos and something could be missing.

These steps should help to recover a system where there is some Linux
distro (not necessarily Ubuntu).

1. Get the latest kernel tree

$ git clone git://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git
$ cd linux

2. Checkout the v4.15-rc7 branch

$ git checkout -b spi-nor-recover v4.15-rc7

3. Save and apply the patch from https://goo.gl/xUKJFR (this is the
same patch that is linked in the bug description)

$ git am 0001-Clear-both-SR-and-CR-explicitly-and-also-add-debug-m.patch

4. Configure the kernel so that it takes only those modules that you
have currently loaded

$ make localmodconfig

5. You may need to enable MTD subsystem, SPI-NOR and the intel-spi
driver so run

$ make nconfig

Then select following from the config

Device Drivers --->
<*> Memory Technology Device (MTD) support --->
<M> SPI-NOR device support --->
<M> Intel PCH/PCU SPI flash platform driver

Then press F9 and to save .config and exit nconfig.

6. Build the kernel image and modules

$ make -j8

7. Once it is properly built without any errors you can install it
along with the modules

$ sudo make modules_install
$ sudo make install

Once the custom kernel is installed, you can reboot to this new kernel
and it should clear the CMP bit from the serial flash status register.
It logs something like below to your dmesg:

[ 19.724288] intel-spi intel-spi: wrote SSFSTS_CTL=0x0045020c
[ 19.724301] intel-spi intel-spi: wrote FDATA(0)=00 00
[ 19.724304] intel-spi intel-spi: wrote SSFSTS_CTL=0x0041360c
[ 19.736538] intel-spi intel-spi: wrote SSFSTS_CTL=0x0040520c
[ 19.736542] intel-spi intel-spi: Both SR/CR cleared

Then when you reboot, the BIOS should be able to save settings again and
you can boot back to your distro kernel.

After this you can remove the custom kernel from /boot and modules from
/lib/modules.

--
You received this bug notification because you are subscribed to the bug
report.
https://bugs.launchpad.net/bugs/1734147

Title:
corrupted BIOS due to Intel SPI bug in kernel

Status in Linux:
Unknown
Status in linux package in Ubuntu:
Fix Committed
Status in linux-hwe-edge source package in Xenial:
Fix Released
Status in linux-oem source package in Xenial:
Fix Released
Status in linux source package in Artful:
Fix Released

Bug description:
An update to linux kernel on Ubuntu 17.10 that enabled the Intel SPI
drivers results in a serial flash that is read only in Intel Broadwell
and Haswell machines with serial flashes with SPI_NOR_HAS_LOCK set.

Symptoms:
* BIOS settings c...

Read more...

Daniele Bianchin (dbianchi) wrote :

#500

I'm currently running Kali Linux which has a custom kernel and the lastest version is 4.14.0-kali1-amd64. I think installing linux generic kernel will brick it...

I'm a bit late to the party but I am happy to report that at least my Lenovo Yoga 720 is not affected. I installed Ubuntu 17.10 on a new Yoga days before this hit the news. Got me a bit nervous. But the Yoga's bios is OK, it reports being manufactured by Lenovo so I guess it is not the kind of chip that is getting locked by the drivers.
And all features of the Yoga 720 works out of the box with Ubuntu 17.10, except the fingerprint identification and automatic screen orientation. So I can recommend the combination.

Anthony Wong (anthonywong) wrote :

@Eric (eric34garrigues) #499
Can you give the kernel at https://goo.gl/hRm1Fa a try? It is compiled for 32-bit, it is untested but should work.

farid (henna) wrote :

Acer E3-111-290X
only boot from cd drive and only ubuntu cd 17.10
can install ubuntu 17.10 but after finishing install and reboot list only cd drive

sudo efibootmgr -v

BootCurrent: 0000
Timeout: 0 seconds
BootOrder: 2001,2002,2003
Boot0000* USB CDROM: TSSTcorpCDDVDW SE-208DB PciRoot(0x0)/Pci(0x14,0x0)/USB(1,0)/USB(2,0)/CDROM(1,0xafd5c,0x1200)RC
Boot2001* EFI USB Device RC
Boot2002* EFI DVD/CDROM RC

Repair method 1 didn't work repaire method 2 failed :
sudo dpkg -i linux-image-4.15.0-041500rc6-generic_4.15.0-041500rc6.201712312330+clear+debug_amd64.deb
Selecting previously unselected package linux-image-4.15.0-041500rc6-generic.
(Reading database ... 145537 files and directories currently installed.)
Preparing to unpack linux-image-4.15.0-041500rc6-generic_4.15.0-041500rc6.201712312330+clear+debug_amd64.deb ...
Done.
Unpacking linux-image-4.15.0-041500rc6-generic (4.15.0-041500rc6.201712312330+clear+debug) ...
Setting up linux-image-4.15.0-041500rc6-generic (4.15.0-041500rc6.201712312330+clear+debug) ...
Running depmod.
update-initramfs is disabled since running on read-only media
The link /initrd.img is a dangling linkto /boot/initrd.img-4.13.0-16-generic
The link /vmlinuz is a dangling linkto /boot/vmlinuz-4.13.0-16-generic
Examining /etc/kernel/postinst.d.
run-parts: executing /etc/kernel/postinst.d/apt-auto-removal 4.15.0-041500rc6-generic /boot/vmlinuz-4.15.0-041500rc6-generic
run-parts: executing /etc/kernel/postinst.d/initramfs-tools 4.15.0-041500rc6-generic /boot/vmlinuz-4.15.0-041500rc6-generic
update-initramfs is disabled since running on read-only media
run-parts: executing /etc/kernel/postinst.d/unattended-upgrades 4.15.0-041500rc6-generic /boot/vmlinuz-4.15.0-041500rc6-generic
run-parts: executing /etc/kernel/postinst.d/update-notifier 4.15.0-041500rc6-generic /boot/vmlinuz-4.15.0-041500rc6-generic
run-parts: executing /etc/kernel/postinst.d/zz-update-grub 4.15.0-041500rc6-generic /boot/vmlinuz-4.15.0-041500rc6-generic

"update-initramfs is disabled since running on read-only media"

yes i can only boot from cd any suggestion would be great-full

Download full text (4.5 KiB)

@Mika

After seeing the logs in your post I checked the logs on my Lenovo Yoga (20C0) for similar entries as yours:
[ 19.724288] intel-spi intel-spi: wrote SSFSTS_CTL=0x0045020c
[ 19.724301] intel-spi intel-spi: wrote FDATA(0)=00 00
[ 19.724304] intel-spi intel-spi: wrote SSFSTS_CTL=0x0041360c
[ 19.736538] intel-spi intel-spi: wrote SSFSTS_CTL=0x0040520c
[ 19.736542] intel-spi intel-spi: Both SR/CR cleared

My logs do not show anything link this. Could it be, that the fix dows not work for the 20C0? Any ideas on this?

[ 18.936164] calling intel_spi_platform_driver_init+0x0/0x1000 [intel_spi_platform] @ 571
[ 18.936215] intel-spi intel-spi: BFPREG=0x0bff0800
[ 18.936218] intel-spi intel-spi: HSFSTS_CTL=0x0004e008
[ 18.936219] intel-spi intel-spi: -> Locked
[ 18.936221] intel-spi intel-spi: FADDR=0x00ae86ec
[ 18.936222] intel-spi intel-spi: DLOCK=0x00000000
[ 18.936224] intel-spi intel-spi: FDATA(0)=0x00000083
[ 18.936226] intel-spi intel-spi: FDATA(1)=0x00000000
[ 18.936228] intel-spi intel-spi: FDATA(2)=0x00000000
[ 18.936230] intel-spi intel-spi: FDATA(3)=0x00000000
[ 18.936232] intel-spi intel-spi: FDATA(4)=0x00000000
[ 18.936233] intel-spi intel-spi: FDATA(5)=0x00000000
[ 18.936235] intel-spi intel-spi: FDATA(6)=0x00000000
[ 18.936237] intel-spi intel-spi: FDATA(7)=0x00000000
[ 18.936239] intel-spi intel-spi: FDATA(8)=0x00000000
[ 18.936241] intel-spi intel-spi: FDATA(9)=0x00000000
[ 18.936242] intel-spi intel-spi: FDATA(10)=0x00000000
[ 18.936244] intel-spi intel-spi: FDATA(11)=0x00000000
[ 18.936246] intel-spi intel-spi: FDATA(12)=0x00000000
[ 18.936248] intel-spi intel-spi: FDATA(13)=0x00000000
[ 18.936250] intel-spi intel-spi: FDATA(14)=0x00000000
[ 18.936252] intel-spi intel-spi: FDATA(15)=0x00000000
[ 18.936254] intel-spi intel-spi: FRACC=0x00004a4b
[ 18.936256] intel-spi intel-spi: FREG(0)=0x00000000
[ 18.936257] intel-spi intel-spi: FREG(1)=0x0bff0800
[ 18.936260] intel-spi intel-spi: FREG(2)=0x07ff0001
[ 18.936262] intel-spi intel-spi: FREG(3)=0x00007fff
[ 18.936263] intel-spi intel-spi: FREG(4)=0x00007fff
[ 18.936265] intel-spi intel-spi: PR(0)=0x00000000
[ 18.936267] intel-spi intel-spi: PR(1)=0x8bff0b30
[ 18.936269] intel-spi intel-spi: PR(2)=0x8acf0aa1
[ 18.936271] intel-spi intel-spi: PR(3)=0x8aa00aa0
[ 18.936273] intel-spi intel-spi: PR(4)=0x8a9f0800
[ 18.936274] intel-spi intel-spi: SSFSTS_CTL=0xf94010c0
[ 18.936276] intel-spi intel-spi: PREOP_OPTYPE=0xfe400606
[ 18.936278] intel-spi intel-spi: OPMENU0=0x0135059f
[ 18.936280] intel-spi intel-spi: OPMENU1=0x20d80203
[ 18.936282] intel-spi intel-spi: LVSCC=0x80802025
[ 18.936283] intel-spi intel-spi: UVSCC=0x80002025
[ 18.936284] intel-spi intel-spi: Protected regions:
[ 18.936287] intel-spi intel-spi: 01 base: 0x00b30000 limit: 0x00bfffff [W.]
[ 18.936290] intel-spi intel-spi: 02 base: 0x00aa1000 limit: 0x00acffff [W.]
[ 18.936292] intel-spi intel-spi: 03 base: 0x00aa0000 limit: 0x00aa0fff [W.]
[ 18.936294] intel-spi intel-spi: 04 base: 0x00800000 limit: 0x00a9ffff [W.]
[ 18.936295] intel-spi intel-spi: Flash regions:
[ 18.936297] intel-spi intel-spi: 00 disabled
[ 18.936299]...

Read more...

description: updated
Launchpad Janitor (janitor) wrote :
Download full text (14.0 KiB)

This bug was fixed in the package linux - 4.13.0-25.29

---------------
linux (4.13.0-25.29) artful; urgency=low

  * linux: 4.13.0-25.29 -proposed tracker (LP: #1741955)

  * CVE-2017-5754
    - Revert "UBUNTU: [Config] updateconfigs to enable PTI"
    - [Config] Enable PTI with UNWINDER_FRAME_POINTER

linux (4.13.0-24.28) artful; urgency=low

  * linux: 4.13.0-24.28 -proposed tracker (LP: #1741745)

  * CVE-2017-5754
    - x86/cpu, x86/pti: Do not enable PTI on AMD processors

linux (4.13.0-23.27) artful; urgency=low

  * linux: 4.13.0-23.27 -proposed tracker (LP: #1741556)

  [ Kleber Sacilotto de Souza ]
  * CVE-2017-5754
    - x86/mm: Add the 'nopcid' boot option to turn off PCID
    - x86/mm: Enable CR4.PCIDE on supported systems
    - x86/mm: Document how CR4.PCIDE restore works
    - x86/entry/64: Refactor IRQ stacks and make them NMI-safe
    - x86/entry/64: Initialize the top of the IRQ stack before switching stacks
    - x86/entry/64: Add unwind hint annotations
    - xen/x86: Remove SME feature in PV guests
    - x86/xen/64: Rearrange the SYSCALL entries
    - irq: Make the irqentry text section unconditional
    - x86/xen/64: Fix the reported SS and CS in SYSCALL
    - x86/paravirt/xen: Remove xen_patch()
    - x86/traps: Simplify pagefault tracing logic
    - x86/idt: Unify gate_struct handling for 32/64-bit kernels
    - x86/asm: Replace access to desc_struct:a/b fields
    - x86/xen: Get rid of paravirt op adjust_exception_frame
    - x86/paravirt: Remove no longer used paravirt functions
    - x86/entry: Fix idtentry unwind hint
    - x86/mm/64: Initialize CR4.PCIDE early
    - objtool: Add ORC unwind table generation
    - objtool, x86: Add facility for asm code to provide unwind hints
    - x86/unwind: Add the ORC unwinder
    - x86/kconfig: Consolidate unwinders into multiple choice selection
    - objtool: Upgrade libelf-devel warning to error for CONFIG_ORC_UNWINDER
    - x86/ldt/64: Refresh DS and ES when modify_ldt changes an entry
    - x86/mm: Give each mm TLB flush generation a unique ID
    - x86/mm: Track the TLB's tlb_gen and update the flushing algorithm
    - x86/mm: Rework lazy TLB mode and TLB freshness tracking
    - x86/mm: Implement PCID based optimization: try to preserve old TLB entries
      using PCID
    - x86/mm: Factor out CR3-building code
    - x86/mm/64: Stop using CR3.PCID == 0 in ASID-aware code
    - x86/mm: Flush more aggressively in lazy TLB mode
    - Revert "x86/mm: Stop calling leave_mm() in idle code"
    - kprobes/x86: Set up frame pointer in kprobe trampoline
    - x86/tracing: Introduce a static key for exception tracing
    - x86/boot: Add early cmdline parsing for options with arguments
    - mm, x86/mm: Fix performance regression in get_user_pages_fast()
    - x86/asm: Remove unnecessary \n\t in front of CC_SET() from asm templates
    - objtool: Don't report end of section error after an empty unwind hint
    - x86/head: Remove confusing comment
    - x86/head: Remove unused 'bad_address' code
    - x86/head: Fix head ELF function annotations
    - x86/boot: Annotate verify_cpu() as a callable function
    - x86/xen: Fix xen head ELF annotations
    - x86/xen: Add unwind hint anno...

Changed in linux (Ubuntu):
status: Fix Committed → Fix Released
Eric (eric34garrigues) wrote :

#504
@Eric (eric34garrigues) #499
Can you give the kernel at https://goo.gl/hRm1Fa a try? It is compiled for 32-bit, it is untested but should work.

Thanks Anthony Wong, the Acer ES1-111-C17M is unlocked!
I installed the kernel of the link above, restarted 2 times and finally it works.
Thank you again for giving me the solution! Happy!

#506

Christian, I think you got the patch properly applied but based on the output your serial flash is "s25fl064k". Looking at the table in drivers/mtd/spi-nor/spi-nor.c:

{ "s25fl064k", INFO(0xef4017, 0, 64 * 1024, 128, SECT_4K) }

So this flash chip does not have SPI_NOR_HAS_LOCK and thus should not suffer from
this issue at all - no status register write is ever done to that chip.

Are you sure your BIOS is affected?

#509

At least my BIOS is read only. I can't change a single setting without it reverting on next boot.
It just says "Configuration changed - restarting system." and I have the old settings again. :-(

When using the patched kernel, that message is gone and I can edit and save BIOS changes over reboot. As soon as I use the unpatched kernel. I am back on the symptom above.

#510

That's really weird because in your system both patched and unpatched kernels are doing exactly the same thing (read JEDEC ID, nothing more).

Apicultor (apicultor) wrote :

@Christian, if by "unpatched" you mean the original kernel which caused the problem, then you're again triggering the issue -- so run the patched kernel as directed to fix the issue, then do not run the original kernel again otherwise the issue will again recur.

#512

But for the serial flash chip Christian has, the original kernel does nothing as well (except read the JEDEC ID) so this issue cannot happen.

Paul Sladen (sladen) wrote :

Christian: looking back and your reply in #478, it would appear that you're on Mint, not Ubuntu. It is likely the case that Mint is still shipping the buggy kernel(s).

We can see in #478: "When installing the Kernels provided above, I can again do changes in BIOS and they stay over reboot. However as soon as I revert back to 4.13.0-21 Kernel, the Problem is back."

...Which is exactly what would be expected.

The solution is, after unlocking the flash, do not run a buggy that will relock it.

#514

No, this is not the same issue at all. The original "buggy" off-by-one write never took place because the flash chip does not have that SPI_NOR_HAS_LOCK bit set in the first place (and it was not there in v4.13 either). So this is something else.

Christian, do you have Windows there? If yes, can you boot to Windows several times and in-between check if the BIOS can save settings or not (don't boot to Linux at all during that time).

Actually I think I know what is going on. I think the "unpatched" kernel might miss commit d9018976cdb6 ("mfd: lpc_ich: Do not touch SPI-NOR write protection bit on Haswell/Broadwell") and in that case the BIOS resets to defaults each boot.

#511, 512, 513

I switched to 4.13.0-21, which was stated to have fixed the problem and should be safe as in multiple posts above (e.g. #350, #484, ...).
I cannot say, if mint need to do something as well, but it comes right off the ubuntu repos (see below).

linux-image-4.13.0-21-generic:
  Installiert: 4.13.0-21.24~16.04.1
  Installationskandidat: 4.13.0-21.24~16.04.1
  Versionstabelle:
 *** 4.13.0-21.24~16.04.1 500
        500 http://ftp.fau.de/ubuntu xenial-updates/main amd64 Packages
        500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
        100 /var/lib/dpkg/status

#515
Sadly I have Windows only in a VM. What are you looking for? Can I get information otherwise?

4.13.0-26 is just available for me, will install it, try that, try the fix again and see what happens, then report back

#516, #517

no change in 4.13.0-26. as soon as I booted once, BIOS is back to ro.

If the commit d9018976cdb6 is missing, what to do?

#518

Hmm, you already compiled and booted the v4.15-rc7 kernel using my instructions, right? It should have that fix so booting that kernel should keep your BIOS working. You can remove the custom patch by running command "git reset --hard HEAD^". Then you can rebuild and install it.

#519
no, I did not compile the kernel yet. So far only used the one provided in the fix description.

As for repairing -like with the fix kernel- this won't help, right? It would just be an option to go away from the repository kernels and compile my own one until the commit is included in the repository kernel?

CD (cademir) wrote :

Apologies in advance for asking, as I know this isn't the ideal place to ask.

I'm having the same problem with Knoppix, at least as far as symptoms are concerned. I'd hoped that using Ubuntu could fix it, but Knoppix is now the only thing that will boot from USB. I have one of the affected models (Lenovo) and the fine people at the Knoppix forums have decided to not approve my topic in any help areas over there...so I thought I might try here where people are more helpful.

Anyone have any ideas? Thanks for your time. N00b here.

Anthony Wong (anthonywong) wrote :

kernel 4.13.0-21 and up has already disabled the intel spi kernel module, whether the kernel has commit d9018976cdb6 should not matter (unless you are building your own kernel using ubuntu 4.13 kernel source with intel-spi enabled).

Bas (spc-kersten) wrote :
Download full text (3.2 KiB)

Ever since I installed Ubuntu 17.10 bete on my Lenovo Thinkpad S540, there was a message on boot and reboot "Configuration changed - restart" and the laptop would reboot. I was still able to boot from USB though and even updated the BIOS from USB. But that didn't solve the problem. Also the latest kernel update did not solve problem.

After following the steps described in this post http://dailylinuxuser.com/2018/01/how-to-fix-your-bios-after-installing-ubuntu-17-10-on-a-lenovo-laptop.html this problem has been solved.

1.Boot into Ubuntu

2.Open a web browser and type the following into the address bar: http://people.canonical.com/~ypwong/lp1734147/linux-image-4.15.0-041500rc6-generic_4.15.0-041500rc6.201712312330+20170103+1_amd64.deb

3.Open a terminal window (press ctrl, alt and T at the same time) or click on activities and type term into the search bar and click the icon that appears.

4.Go to the downloads folder by typing the following command cd ~/Downloads

5.Type the following command to install the package: sudo dpkg -i linux-image-4.15.0-041500rc6-generic_4.15.0-041500rc6.201712312330+20170103+1_amd64.deb

6.If the command completes without error reboot your computer and choose the new kernel. To get the grub menu to appear try pressing and holding the shift key before the Ubuntu logo appears. If the Ubuntu logo appears reboot again and press the escape key before the Ubuntu logo appears. From the grub menu choose the version of Ubuntu with the highest Kernel number. (which should be 4.15.0)

7.Reboot your computer and open your BIOS settings and check to see if you can boot from USB and save BIOS changes. If you can boot from USB and change BIOS settings then you have successfully repaired your computer and you can skip to the last point.

8.If this hasn’t worked reboot your computer and choose the new kernel. Reboot your computer again and choose the new kernel. Now reboot your computer and check your BIOS settings. If your BIOS can be amended and you can boot from USB then you have successfully repaired your computer and you can skip to the last point.

9.Still not working? Don’t panic, open a web browser and type the following into the address bar:
http://people.canonical.com/~ypwong/lp1734147/linux-image-4.15.0-041500rc6-generic_4.15.0-041500rc6.201712312330+clear+debug_amd64.deb

10.Open a terminal window (press CTRL, ALT and T or click activities, type Term into the search bar and click the icon)

11.Go to the downloads folder by typing the following command cd ~/Downloads

12.Type the following command to install the package: sudo dpkg -i http://people.canonical.com/~ypwong/lp1734147/linux-image-4.15.0-041500rc6-generic_4.15.0-041500rc6.201712312330+clear+debug_amd64.deb

13.Wait for the package to install and if it is successful reboot your computer and press either the shift or escape key to bring up the grub menu and choose the new kernel that has appeared.

14.After Ubuntu loads reboot your computer and enter the BIOS settings. If you can change the settings and save them and you can boot from a USB drive then the issue is fixed.

15.Finally remove the packages you installed by typing the following command in a termin...

Read more...

#520, #522

Actually it matters if commit d9018976cdb6 is missing with this particular BIOS/system because every time you boot the system, the BIOS resets to default when it finds BCR register is changed. This is different issue than the CMP=1 issue most of the users have reported. This one also is not permanent so everything is fine as long as you don't touch that BCR register. In this case you either need to always boot to a kernel where that fix (d9018976cdb6) is included or blacklist lpc_ich.ko. Ubuntu v4.14.x kernels have that fix included so you might want to take one of them or build your own.

Anthony Wong (anthonywong) wrote :

Looks like we need to cherry-pick it to 4.13 after all.
Christian, do you mind opening a new bug for your issue? We should continue the discussion and fix over there.

#524, #525
Created Bug #1742696
"Commit d9018976cdb6 missing in Kernels <4.14.x preventing lasting fix of Intel SPI bug"

Let's continue discussion over there

Erik Snelleman (cobol-b) wrote :

Hi guys, everyone speaks about ubuntu 17.10 in combination with a Lenovo laptop.
I have Lenovo thinkpad E530 and use Xubuntu which is also affected.
USB devices cannot be used to install a new system.
Keyboard and mousepad dont work (internally also USB devices I guess).
External keyboard and mouse dont work.

So als Ubuntu derivatives have the same issue.
Xubuntu can still be downloaded. In some cases you see a warning when you want to download it but it is not blocked. And now my laptop is dead as well. Thank you :-((

Steve Langasek (vorlon) wrote :

#524, #525

I am a little unclear about all of the cases where this bug will manifest (under what circumstances will the BCR register be changed? Why does "resetting to default" result in a locked BIOS?). However, my understanding is that this second bug should *not* result in a user being locked out of their BIOS *unless* they've first been impacted by the intel-spi bug, and therefore, while it's important to cherry-pick d9018976cdb6 into the artful kernel, this should not impact users who booting 4.13.0-21.24 or later as the first artful kernel they have booted.

Thus, I believe this does not impact the Ubuntu 17.10 respin currently in progress, and we can release those images with the kernel they already have.

#528

Keep in mind that there are two *separate* issues:

1. Bug off-by-one bug in intel-spi driver that causes CMP bit to accidentally set to 1. This results BIOS
   being read-only. The bug was fixed by 9d63f17661e2 ("spi-nor: intel-spi: Fix broken software sequencing
   codes") in september.

2. Some Lenovo Thinkpad Yoga BIOSes reset to default settings if their BCR register is touched. This BCR
   handling is in a different driver (drivers/mfd/lpc_ich.c). This issue has been fixed by commit
   d9018976cdb6 ("mfd: lpc_ich: Do not touch SPI-NOR write protection bit on Haswell/Broadwell") in july.

So in order to have a kernel that is free from both issues, you need to disable the intel-spi driver (for reasons being that it is not supposed to be enabled for normal users anyway) and then cherry-pick commit d9018976cdb6 to make sure the other issue does not happen.

farid (henna) wrote :

Ubuntu 17.10.1 (Artful Aardvark)

http://releases.ubuntu.com/17.10.1/

Ads20000 (ads20000) wrote :

Sorry if this question has already been dealt with (in which case, may be nice to have it in the bug description) but has there been an update released which automatically fixes the issue for people affected? I'm sure there are many who wouldn't realize that their BIOS is broken for a while (or have already realized) and then wouldn't know to come here to find a fix...

Danny (sofialobo) wrote :

hi.
i don't know if this question has been answered but here it goes.
my laptop suffers with the intel-spi problem cant save bios settings, cant boot by any form.
at the time i only could boot to ubuntu (i had dual boot with win10) and i used one key recovery and i recovered windows but made boot impossible to ubuntu cause it erased grub so i deleted ubuntu partition. one day i wanted to install again ubuntu and i couldnt it was when i noticed that i couldnt made any changes in bios.
so please help me how can i fix this issue from windows? lenovo didnt put another bios update on their website.my computer is Lenovo IdeaPad G50-80

serj.kzv (serj.kzv) wrote :

Reply to Juan Felipe ( #435 ) and to all who have HP laptops.
I've read that Juan Felipe got solution but anyway.

Try to create "BIOS Recovery USB Flash Disk" not manually but through Windows operation system GUI installer. Following sentence not about current (U)EFI problem, It's about BIOS updating. I had the same error message about BIOS verification on my old HP 635 laptop when I tried to update BIOS with manually created BIOS recovery USB Flash Disk (not on my current HP 15-ac159ur).

Hugo Alex (hugoq-9) wrote :

I was able to unlock the BIOS in my Acer Aspire ES1-512-C89Y.

I had to take out the laptop HDD and connect it to my desktop. I then installed 16.04 LTS 64-bit (because I had the 32-bit version of 17.10), put the HDD back into the laptop and performed the steps presented in the first post.

After a couple of reboots BIOS was saving the settings.

I can confirm that the steps in the bug description, helped me to solve the BIOS issue. I finally was able to replace my old small SSD for a brand new 500GB. I am very very happy.

Thank you so much, specially to Mika Westerberg for his efforts and all the help and dedication. And to Anthony Wong from Canonical for keeping his cool and reassuring people that we will get this issue solved.
It has been a very stressful month since I discovered it and was fearing I have a bricked laptop, but I can confirm today that it´s now fixed.

Forgot to add, the laptop it is a Lenovo u31-70 with the Insyde BIOS

Paul (sabret00the) wrote :

Just to clarify, the fixed kernel got released via both software update and ISO right? I'm asking because if that's the case, my issue still persists.

Steve Langasek (vorlon) wrote :

On Mon, Jan 15, 2018 at 06:56:05PM -0000, Paul wrote:
> Just to clarify, the fixed kernel got released via both software update
> and ISO right?

Yes, it did.

> I'm asking because if that's the case, my issue still persists.

Per the discussion, booting a fixed kernel does not resolve the problem if
your BIOS is already locked. Have you followed the recovery instructions in
the bug description?

Displaying first 40 and last 40 comments. View all 538 comments or add a comment.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers

Remote bug watches

Bug watches keep track of this bug in other bug trackers.