Ubuntu 17.10 pulled: Linux OS knackers laptop BIOSes, Intel kernel driver fingered

Free as in thank God I'm not paying for this

Updated Canonical has halted downloads of Ubuntu Linux 17.10, aka Artful Aardvark, from its website after punters complained installing the open-source OS on laptops knackered the machines.

Specifically, the desktop flavor of Artful Aardvark, released in October, has been temporarily pulled – the server builds and other editions remain available. A corrected version of 17.10 for desktops is due to be released soon.

"The download of Ubuntu 17.10 is currently discouraged due to an issue on certain Lenovo laptops," the Linux distro maker noted this week on its desktop download page. "Once fixed this download will be enabled again."

Installing 17.10 on Lenovo Yoga and IdeaPad laptops prevents the motherboard's BIOS from saving its settings, and while the computer will hopefully continue to start up, it potentially stops the machine from booting via USB.

The cockup mainly affects Lenovo computers, although other systems may also fall foul: selected Acer, HP, Toshiba and Dell hardware are said to be hit, too.

A fault report on Canonical's bug tracker tells it all – apparently, Artful Aardvark's Linux kernel includes an Intel SPI driver that was not ready for release:

Many users are reporting issues with BIOS corruption with 17.10. This seems to stem from enabling the intel-spi-* drivers in the kernel, which don't appear to be ready for use on end-user machines."

Intel did not respond to our request for comment. The bug report – which includes a list of known vulnerable hardware – continued:

Basically, on Lenovo Y50-70 after installing Ubuntu 17.10, many users reported a corrupted BIOS.

It's not possible to save new settings in BIOS anymore and after rebooting, the system starts with the old settings. Moreover (and most important) USB booting is not possible anymore since USB is not recognized. It's very serious, since our machines do not have a CDROM.

Lenovo forums at the moment are full of topics regarding this issue.

Intel's SPI driver is a piece of kernel-level software that allows the operating system to access and rewrite the firmware's flash storage on the motherboard via a serial communication interface.

Seemingly, a gremlin within this code causes the firmware's data to become write protected, triggering further failures. This could be caused by the OS accidentally flipping the wrong hardware control register bit, or hitting a bug in the BIOS. The Ubuntu team is still investigating the issue with Lenovo.

We're told Canonical will remove the SPI driver from its kernel, and rerelease Artful Aardvark. The driver is not normally built nor included in the standard default Linux kernel, from what we can tell: its documentation warns you to stay away from it "unless you know what you are doing. Overwriting the SPI flash may render the system unbootable."

If your BIOS is already affected by this blunder, you may have to replace the firmware's flash memory chip – or the whole motherboard – if reseting the BIOS or this suggested workaround, or some other remedy, do not resolve the matter.

Essentially, you have to remove the motherboard firmware's write protection, one way or another, in order to restore control of the BIOS. We'll let you know as soon as we can any confirmed steps to rescue BIOS-locked machines.

"We have been made aware that a few users have experienced this and we are talking to Lenovo about it," a spokesperson for Canonical told The Register on Wednesday.

Meanwhile, folks with knackered systems aren't, as you can imagine, happy.

"I removed the battery and BIOS battery. Then pressed the power button. BIOS settings stay the same and I still cannot change them," one Lenovo laptop owner complained in the manufacturer's support forum.

This wouldn't be the first time a bad Ubuntu update has caused havoc for Linux users. Earlier this year, an upgrade caused the DNS resolver on some machines to go haywire.

Least the Linux fanbois think we're picking on them, it should also be noted that Apple and Microsoft have caused their own headaches for users with bad software releases recently.

A stunning security lapse in High Sierra left many Macs open to intrusion, while the October edition of Windows' Patch Tuesday gave some machines recurring Blue Screens of Death. ®

Updated to add

A spokesperson for Intel has been in touch to say the chipmaker is aware of the BIOS cockup triggered by installing Ubuntu Linux 17.10. "We’re actively working with Ubuntu to ensure the issue is corrected," she said. "This is a unique issue based on non-Intel recommended changes made to the BIOS configurations by Ubuntu."

Other stories you might like

  • Stolen university credentials up for sale by Russian crooks, FBI warns
    Forget dark-web souks, thousands of these are already being traded on public bazaars

    Russian crooks are selling network credentials and virtual private network access for a "multitude" of US universities and colleges on criminal marketplaces, according to the FBI.

    According to a warning issued on Thursday, these stolen credentials sell for thousands of dollars on both dark web and public internet forums, and could lead to subsequent cyberattacks against individual employees or the schools themselves.

    "The exposure of usernames and passwords can lead to brute force credential stuffing computer network attacks, whereby attackers attempt logins across various internet sites or exploit them for subsequent cyber attacks as criminal actors take advantage of users recycling the same credentials across multiple accounts, internet sites, and services," the Feds' alert [PDF] said.

    Continue reading
  • Big Tech loves talking up privacy – while trying to kill privacy legislation
    Study claims Amazon, Apple, Google, Meta, Microsoft work to derail data rules

    Amazon, Apple, Google, Meta, and Microsoft often support privacy in public statements, but behind the scenes they've been working through some common organizations to weaken or kill privacy legislation in US states.

    That's according to a report this week from news non-profit The Markup, which said the corporations hire lobbyists from the same few groups and law firms to defang or drown state privacy bills.

    The report examined 31 states when state legislatures were considering privacy legislation and identified 445 lobbyists and lobbying firms working on behalf of Amazon, Apple, Google, Meta, and Microsoft, along with industry groups like TechNet and the State Privacy and Security Coalition.

    Continue reading
  • SEC probes Musk for not properly disclosing Twitter stake
    Meanwhile, social network's board rejects resignation of one its directors

    America's financial watchdog is investigating whether Elon Musk adequately disclosed his purchase of Twitter shares last month, just as his bid to take over the social media company hangs in the balance. 

    A letter [PDF] from the SEC addressed to the tech billionaire said he "[did] not appear" to have filed the proper form detailing his 9.2 percent stake in Twitter "required 10 days from the date of acquisition," and asked him to provide more information. Musk's shares made him one of Twitter's largest shareholders. The letter is dated April 4, and was shared this week by the regulator.

    Musk quickly moved to try and buy the whole company outright in a deal initially worth over $44 billion. Musk sold a chunk of his shares in Tesla worth $8.4 billion and bagged another $7.14 billion from investors to help finance the $21 billion he promised to put forward for the deal. The remaining $25.5 billion bill was secured via debt financing by Morgan Stanley, Bank of America, Barclays, and others. But the takeover is not going smoothly.

    Continue reading

Biting the hand that feeds IT © 1998–2022