Canonical pulls Ubuntu 17.10 over UEFI corruption issue

December 20, 2017 // 11:28 a.m.

Tags: #bios #firmware #flaw #uefi

Canonical has pulled downloads for its Ubuntu 17.10 Linux distribution following reports that it can trigger a bug in the UEFI firmware of selected Lenovo, Acer, and Toshiba laptops, corrupting the BIOS and disabling the ability to boot from USB Drives.

The Unified Extensible Firmware Interface (UEFI) specification brought a wealth of improvements to the outdated IBM Basic Input Output System (BIOS) standard, from support for high-security boot scenarios through to the ability to use network devices for remote access within the UEFI itself. New features, however, bring new bugs, and back in 2013 Linux was blamed for bricking Samsung laptops by corrupting data in their UEFIs. While it turned out that the flaw could be triggered from other operating systems, it would appear history is repeating itself following reports of laptops from Lenovo, Acer, and Toshiba failing with UEFI corruption when running the latest Ubuntu 17.10 Linux distribution.

Detailed in a bug report on Canonical's Launchpad platform, the issue is serious: Installing Ubuntu 17.10 on selected Lenovo, Acer, and Toshiba laptops can cause corruption in the UEFI firmware which presents itself as an inability to make any changes post-corruption. In serious news for systems without a built-in optical drive, the corruption also disables the ability to boot from a USB storage device.

Tracked down to the Intel Serial Peripheral Interface (SPI) kernel module, prevention is straightforward: Disabling the intel-spi-* kernel driver family prevents the corruption without any other apparent impact on the system. For those who have already had their UEFI firmwares corrupted, however, there appears to be no easy fix yet available.

While the flaw was initially thought to be found exclusively on Lenovo laptops - including but not limited to the Lenovo B40, B50, G40, G60, S20, U31, Y50, Yoga ThinkPad, Z50, Z51, and IdeaPad 100 families - users responding to the bug report have also confirmed the same or similar issue affecting selected models of Acer and Toshiba laptops. The problem is widespread enough that Canonical has opted to hide the download link for Ubuntu 17.10, released back in October, from public view until a fix is available - or, as Canonical has it, 'the download of Ubuntu 17.10 is currently discouraged.'

Those running older versions of the Ubuntu Linux distribution, including current Long Term Support release 16.04.3, are not affected.


Discuss this in the forums

QUICK COMMENT

SUBSCRIBE TO OUR NEWSLETTER

WEEK IN REVIEW

TOP STORIES

SUGGESTED FOR YOU