Support in other languages: 
Reply
Serial Port
rkagan
Posts: 31
Registered: ‎10-17-2009
Location: Moscow RU
0
Accepted Solution

s10-2: no NX bit

I'm fighting with a strange issue:

Atom N280 supports a feature known as NX bit (or XD - eXecute Disable in Intel speak). This feature allows protecting certain RAM pages from executing code stored in them, and are an important part of the OS security mechanisms.

However, my CPU doesn't report this feature as supported (through CPUID instruction level 0x80000001).

I was suspecting a BIOS bug, and reported the issue to Lenovo IdeaPad support channel. However, after about 4 weeks of communication, they were unable to reproduce the problem in their test lab, claiming that NX bit worked correctly in all OSes they tried (DOS, Windows, Linux).

They assumed a problem with the mainboard, and suggested getting the notebook to a service center.

Before I do, I'd like to check if I'm really unique with this problem.

Can anybody with a similar computer please spend a bit of his time and bandwidth and check if his system reports NX bit as supported?

This can be done with e.g. one of

* CPU-Z: http://www.cpuid.com/cpuz.php

* chkcpu: http://web.inter.nl.net/hcc/J.Steunebrink/chkcpu.htm

For the record, my system is S10-2, model no. 20027, BIOS 1ACN21WW (but the problem was there with 20 and 14 too).

TIA

Serial Port
rkagan
Posts: 31
Registered: ‎10-17-2009
Location: Moscow RU
0

Re: s10-2: no NX bit

Here's what I get from chkcpu:

 

 

# chkcpu32.exe /v
CPU Identification utility v2.05 (c) 1997-2009 Jan Steunebrink ────────────────────────────────────────────────────────────────────────────── CPU Vendor and Model: Intel Atom 230/N270/Z500/Z510/Z515/Z520-Z550 C0-step Internal CPU speed : 1662.5 MHz System CPU count : 1 Physical CPU(s), 1 Core(s) per CPU, 1 Thread(s) CPU-ID Vendor string: GenuineIntel CPU-ID Name string : Intel(R) Atom(TM) CPU N280 @ 1.66GHz CPU-ID Signature : 0106C2 CPU Features : Floating-Point Unit on chip : Yes Time Stamp Counter : Yes Enhanced SpeedStep Technology: Yes Hyper-Threading Technology : Yes Execute Disable protection : No 64-bit support : No Virtualization Technology : No Instr set extensions: MMX, SSE, SSE2, SSE3, SSSE3 Size of L1 cache : 32 KB Integrated L2 cache : 512 KB Integrated L3 cache : None

 

 

# chkcpu32.exe /d



 CPU Identification utility v2.05                 (c) 1997-2009 Jan Steunebrink

 ──────────────────────────────────────────────────────────────────────────────

                                 Debug Mode!

 Windows version     : 5.1.2600  ; 

 Basetimer frequency : 3579545 Hz



     CPUID Level:       EAX:           EBX:           ECX:           EDX:

       00000000       0000000A       756E6547       6C65746E       49656E69

       00000001       000106C2       00020800       0040C39D       BFE9FBFF

       00000002       4FBA5901       0E3080C0       00000000       00000000

       00000003       00000000       00000000       00000000       00000000

       00000004       00004121       0140003F       0000003F       00000001

       00000004       00004122       01C0003F       0000003F       00000001

       00000004       00004143       01C0003F       000003FF       00000001

       00000005       00000040       00000040       00000003       00020220

       00000006       00000001       00000002       00000001       00000000



       80000000       80000008       00000000       00000000       00000000

       80000001       00000000       00000000       00000001       00000000

       80000002       20202020       20202020       746E4920       52286C65

       80000003       74412029       54286D6F       4320294D       4E205550

       80000004       20303832       20402020       36362E31       007A4847

       80000005       00000000       00000000       00000000       00000000

       80000006       00000000       00000000       02008040       00000000

       80000007       00000000       00000000       00000000       00000000

       80000008       00002020       00000000       00000000       00000000

 

 

 

Serial Port
rkagan
Posts: 31
Registered: ‎10-17-2009
Location: Moscow RU
0

Re: s10-2: no NX bit

Another weirdness is that after suspend/resume cycle  one of the CPUs re-gains NX support (at least in Linux):

 

before the first suspend:

 

# grep flags /proc/cpuinfo
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est tm2 ssse3 xtpr pdcm lahf_lm
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est tm2 ssse3 xtpr pdcm lahf_lm

 

 

after at least one suspend/resume:

 

# grep flags /proc/cpuinfo
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est tm2 ssse3 xtpr pdcm lahf_lm
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est tm2 ssse3 xtpr pdcm lahf_lm

 

 

Note the presense of "nx" in the flags of the second CPU.

 

The same result is reported by a simple utility I wrote, doing CPUID instruction and interpreting the result.  Run in a cycle for many iterations, before the first suspend it always reports no support for NX bit; after a suspend/resume it reports NX bit as supported in about a half of iterations (obviously depending on which CPU the utility is scheduled on).

Serial Port
rkagan
Posts: 31
Registered: ‎10-17-2009
Location: Moscow RU
0

Re: s10-2: no NX bit

OK I've managed to sort it out.

 

The InsydeH2O BIOS used in S10-2 has a lot of settings but very few of them are made visible to the user.

 

NX bit is one of the settings that are not, and it always stays at its default OFF.

 

However, if you know the offset of this setting in the variable block of the setup, you can override it with the help of the DOS utility for InsydeH2O BIOS flashing. That's what I did and I have it working now.

 

I can post the details if anybody's interested.  Meanwhile I'll try to convince my local Lenovo support contact that this needs to be implemented in the official BIOS, because this is a serious security feature.

 

[ Well, most users probably won't profit from it, because WinXP in the default configuration doesn't use PAE, and thus NX bit is ignored. However, I don't see any reason why the more advanced users shouldn't be able to access this functionality. ]

Punch Card
DizM
Posts: 11
Registered: ‎11-13-2009
Location: Ru
0

Re: s10-2: no NX bit

[ Edited ]

CPU Identification utility v2.06 (c) 1997-2009 Jan Steunebrink ────────────────────────────────────────────────────────────────────────────── CPU Vendor and Model: Intel Atom 230/N270/N280/Z500-Z550 C0-step

Internal CPU speed : 1596.0 MHz

System CPU count : 1 Physical CPU(s), 1 Core(s) per CPU, 2 Thread(s)

CPU-ID Vendor string: GenuineIntel

CPU-ID Name string : Intel(R) Atom(TM) CPU N270 @ 1.60GHz

CPU-ID Signature : ******

CPU Features : Floating-Point Unit on chip : Yes

Time Stamp Counter : Yes Enhanced SpeedStep Technology: Yes

Hyper-Threading Technology : Yes

Execute Disable protection : No

64-bit support : No

Virtualization Technology : No

Instr set extensions: MMX, SSE, SSE2, SSE3, SSSE3

Size of L1 cache : 32 KB

Integrated L2 cache : 512 KB

Integrated L3 cache : None

___________________________________________

..

I do not know much about it. Please share your successful experiences. What could be a threat fo what can damage the BIOS?


rkagan wrote:

OK I've managed to sort it out.

 

The InsydeH2O BIOS used in S10-2 has

 

I can post the details if anybody's interested.  Meanwhile I'll try to convince my local Lenovo support contact that this needs to be implemented in the official BIOS, because this is a serious security feature


Serial Port
rkagan
Posts: 31
Registered: ‎10-17-2009
Location: Moscow RU
0

Re: s10-2: no NX bit

Thanks for sharing the chkcpu data, this is another confirmation that the problem is in the BIOS and common for all S10-2.


DizM wrote:

What could be a threat fo what can damage the BIOS?


This is not about possible damage to BIOS, it's a protection measure against malicious software (viruses in particular) which operating systems may implement using this processor feature. That said, I guess the users of preinstalled WinXP won't benefit from it because it doesn't make use of this feature.
Punch Card
DizM
Posts: 11
Registered: ‎11-13-2009
Location: Ru
0

Re: s10-2: no NX bit

Ok.
I read your next story.

:smileyhappy:


Have found this CPU properties: "Enhanced Halt State (C1E) - Supported, Disabled"
Why so? Possible to restore justice? Repair this bug.

..

P.S.

Your way to the editing table VSS & re-flashing original BIOS mod file?

Serial Port
rkagan
Posts: 31
Registered: ‎10-17-2009
Location: Moscow RU
0

Re: s10-2: no NX bit

[ Edited ]

DizM wrote:

Have found this CPU properties: "Enhanced Halt State (C1E) - Supported, Disabled"


Umm, where?... I didn't post anything related to that, did I?


Your way to the editing table VSS & re-flashing original BIOS mod file?


I used flashit.exe from a BIOS update for Acer AOD250. It has /rb (read variable binary) and /wb (write variable binary) switches. First you do

flashit Setup /rb:setup.bin

to extract the variable block, then do a binary edit on it (knowing the offset of the particular setting you want to change), then write it back with

flashit Setup /wb:setup.new

Big fat warning: the utility dumps a file of a bigger size than the variable block actually is (I've seen 512 and 1536 bytes depending on the flashit version, while the variable block is 279 bytes). When I tried to write back the original size I screwed up the BIOS (that's why I had to learn how to resurrect it :smileyhappy:) . Only when I truncated the file to the actual size the setting modification was successful.

Serial Port
rkagan
Posts: 31
Registered: ‎10-17-2009
Location: Moscow RU
0

Re: s10-2: no NX bit


DizM wrote:

Have found this CPU properties: "Enhanced Halt State (C1E) - Supported, Disabled"
Why so? Possible to restore justice? Repair this bug.


I just took another look.

Intel Atom N200 series processors used in S10-2 do not support C1E.

Check yourself the datasheets.

Serial Port
rkagan
Posts: 31
Registered: ‎10-17-2009
Location: Moscow RU
0

Re: s10-2: no NX bit

Lenovo finally acknowledged the problem and issued a BIOS update (v.24) with the fix.