FS#51943 - [linux] "Warning!!! Boot script table modified!!! Please contact your vendor."

Attached to Project: Arch Linux
Opened by PrzSoc (pso) - Thursday, 24 November 2016, 08:18 GMT
Last edited by Eli Schwartz (eschwartz) - Monday, 29 January 2018, 16:55 GMT
Task Type Bug Report
Category Kernel
Status Closed
Assigned To Tobias Powalowski (tpowa)
Architecture x86_64
Severity Critical
Priority Normal
Reported Version
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 1
Private No

Details

Description:
Suspending the laptop into ram on second attempt cousing hard reset (cold boot) with message from uefi firmwre : Warning!!! Boot script table modified!!! Please contact your vendor."

Arch linux installed on Lenovo G50-45 (AMD A6 6310 APU with R4 Beema/Mullins)
Booting in UEFI mode (but trying boot in Legacy with UEFI couse the same reaction - cold boot on second attempt to suspend).

I tried many Linux disrtibutions with kernels below 3.16 and above. Probem occurs if you try to use kernel from 3.17 up to current -> 4.8.10.

Now I'am using 3.16lts from AUR and suspend to ram works.

Problem was posted on Arch Linux Forum : https://bbs.archlinux.org/viewtopic.php?id=218645 and is affecting not only Lenovo laptops as you may think) : https://bugs.launchpad.net/ubuntu/+source/pm-utils/+bug/1528735
Sometimes other laptops just hangs or there is no message from UEFI firmware - just cold boot.

From information fouded in internet it is related to security fix issue of S3 mode : https://support.lenovo.com/br/en/product_security/s3_boot_protect

Vulnerability Note VU#976132 http://www.kb.cert.org/vuls/id/976132
UEFI implementations do not properly secure the EFI S3 Resume Boot Path boot script.

From dmidecode:
BIOS Information
Vendor: LENOVO
Version: A2CN40WW(V2.08)
Release Date: 08/21/2015


Additional info:
* package version(s)
* config and/or log files etc.

Since kernel is suspended there are no logs in journalctl.

Steps to reproduce:

Install Arch Linux with kernel above 3.16 on Lenovo G50-45 (or other Laptop affected by bios S3 secury issue fix) and suspend to ram twice in a row.
This task depends upon

Closed by  Eli Schwartz (eschwartz)
Monday, 29 January 2018, 16:55 GMT
Reason for closing:  Fixed
Additional comments about closing:  linux 4.10.10-1
Comment by Doug Newgard (Scimmia) - Thursday, 01 December 2016, 15:53 GMT
Have you taken this upstream? There's not much we can do about upstream kernel issues.
Comment by PrzSoc (pso) - Thursday, 01 December 2016, 19:46 GMT
According to your suggestion I've put it upstream.
Thanks for clarifying that.

Here is the link:
https://bugzilla.kernel.org/show_bug.cgi?id=189431
Comment by PrzSoc (pso) - Monday, 30 January 2017, 11:10 GMT
There is a progress on this matter.
The patch has been committed and is waiting for a review to put it upstream by linux devs.
I have tested it and it is working properly.
https://patchwork.kernel.org/patch/9517999/
Comment by PrzSoc (pso) - Friday, 17 March 2017, 09:24 GMT
The code fix was merged in 4.11rc1 ( https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=cbc00c1310d34139a63946482b40a6b261a03fb9 ), and, I think, it will be included in 4.11, unless GKH will backport it to previous releases.
Comment by PrzSoc (pso) - Friday, 14 April 2017, 18:38 GMT
GKH has added this patch to stable kernels 4.9.22 and 4.10.10, so when Arch will start to use it in the core tree we could mark this bug report as "resolved/closed".
Thanks,
Przemek.
Comment by loqs (loqs) - Friday, 19 January 2018, 22:45 GMT

Loading...