IdeaPad S series Netbooks

Reply
Topic Options
rkagan
Active Member
rkagan
Posts: 31
Registered: 10-17-2009
Location: Moscow RU
0

s10-2: no NX bit

Options

11-11-2009 01:41 AM

I'm fighting with a strange issue:

Atom N280 supports a feature known as NX bit (or XD - eXecute Disable in Intel speak). This feature allows protecting certain RAM pages from executing code stored in them, and are an important part of the OS security mechanisms.

However, my CPU doesn't report this feature as supported (through CPUID instruction level 0x80000001).

I was suspecting a BIOS bug, and reported the issue to Lenovo IdeaPad support channel. However, after about 4 weeks of communication, they were unable to reproduce the problem in their test lab, claiming that NX bit worked correctly in all OSes they tried (DOS, Windows, Linux).

They assumed a problem with the mainboard, and suggested getting the notebook to a service center.

Before I do, I'd like to check if I'm really unique with this problem.

Can anybody with a similar computer please spend a bit of his time and bandwidth and check if his system reports NX bit as supported?

This can be done with e.g. one of

* CPU-Z: http://www.cpuid.com/cpuz.php

* chkcpu: http://web.inter.nl.net/hcc/J.Steunebrink/chkcpu.htm

For the record, my system is S10-2, model no. 20027, BIOS 1ACN21WW (but the problem was there with 20 and 14 too).

TIA

Message 1 of 11 (1,608 Views)
 
Reply
rkagan
Active Member
rkagan
Posts: 31
Registered: 10-17-2009
Location: Moscow RU
0

Re: s10-2: no NX bit

Options

11-11-2009 01:57 AM

Here's what I get from chkcpu:

 

 

# chkcpu32.exe /v

 CPU Identification utility v2.05                 (c) 1997-2009 Jan Steunebrink

 ──────────────────────────────────────────────────────────────────────────────

 CPU Vendor and Model: Intel Atom 230/N270/Z500/Z510/Z515/Z520-Z550 C0-step

 Internal CPU speed  : 1662.5 MHz

 System CPU count    : 1 Physical CPU(s), 1 Core(s) per CPU, 1 Thread(s)

 CPU-ID Vendor string: GenuineIntel

 CPU-ID Name string  : Intel(R) Atom(TM) CPU N280   @ 1.66GHz

 CPU-ID Signature    : 0106C2

 CPU Features        : Floating-Point Unit on chip  : Yes

                       Time Stamp Counter           : Yes

                       Enhanced SpeedStep Technology: Yes

                       Hyper-Threading Technology   : Yes

                       Execute Disable protection   : No

                       64-bit support               : No

                       Virtualization Technology    : No

 Instr set extensions: MMX, SSE, SSE2, SSE3, SSSE3

 Size of L1 cache    : 32 KB

 Integrated L2 cache : 512 KB

 Integrated L3 cache : None

 

 

# chkcpu32.exe /d



 CPU Identification utility v2.05                 (c) 1997-2009 Jan Steunebrink

 ──────────────────────────────────────────────────────────────────────────────

                                 Debug Mode!

 Windows version     : 5.1.2600  ; 

 Basetimer frequency : 3579545 Hz



     CPUID Level:       EAX:           EBX:           ECX:           EDX:

       00000000       0000000A       756E6547       6C65746E       49656E69

       00000001       000106C2       00020800       0040C39D       BFE9FBFF

       00000002       4FBA5901       0E3080C0       00000000       00000000

       00000003       00000000       00000000       00000000       00000000

       00000004       00004121       0140003F       0000003F       00000001

       00000004       00004122       01C0003F       0000003F       00000001

       00000004       00004143       01C0003F       000003FF       00000001

       00000005       00000040       00000040       00000003       00020220

       00000006       00000001       00000002       00000001       00000000



       80000000       80000008       00000000       00000000       00000000

       80000001       00000000       00000000       00000001       00000000

       80000002       20202020       20202020       746E4920       52286C65

       80000003       74412029       54286D6F       4320294D       4E205550

       80000004       20303832       20402020       36362E31       007A4847

       80000005       00000000       00000000       00000000       00000000

       80000006       00000000       00000000       02008040       00000000

       80000007       00000000       00000000       00000000       00000000

       80000008       00002020       00000000       00000000       00000000

 

 

 

Message 2 of 11 (1,605 Views)
 
Reply
rkagan
Active Member
rkagan
Posts: 31
Registered: 10-17-2009
Location: Moscow RU
0

Re: s10-2: no NX bit

Options

11-11-2009 02:07 AM

Another weirdness is that after suspend/resume cycle  one of the CPUs re-gains NX support (at least in Linux):

 

before the first suspend:

 

# grep flags /proc/cpuinfo
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est tm2 ssse3 xtpr pdcm lahf_lm
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est tm2 ssse3 xtpr pdcm lahf_lm

 

 

after at least one suspend/resume:

 

# grep flags /proc/cpuinfo
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est tm2 ssse3 xtpr pdcm lahf_lm
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe nx constant_tsc arch_perfmon pebs bts pni dtes64 monitor ds_cpl est tm2 ssse3 xtpr pdcm lahf_lm

 

 

Note the presense of "nx" in the flags of the second CPU.

 

The same result is reported by a simple utility I wrote, doing CPUID instruction and interpreting the result.  Run in a cycle for many iterations, before the first suspend it always reports no support for NX bit; after a suspend/resume it reports NX bit as supported in about a half of iterations (obviously depending on which CPU the utility is scheduled on).

Message 3 of 11 (1,602 Views)
 
Reply
rkagan
Active Member
rkagan
Posts: 31
Registered: 10-17-2009
Location: Moscow RU
0

Re: s10-2: no NX bit

Options

11-18-2009 01:56 PM

OK I've managed to sort it out.

 

The InsydeH2O BIOS used in S10-2 has a lot of settings but very few of them are made visible to the user.

 

NX bit is one of the settings that are not, and it always stays at its default OFF.

 

However, if you know the offset of this setting in the variable block of the setup, you can override it with the help of the DOS utility for InsydeH2O BIOS flashing. That's what I did and I have it working now.

 

I can post the details if anybody's interested.  Meanwhile I'll try to convince my local Lenovo support contact that this needs to be implemented in the official BIOS, because this is a serious security feature.

 

[ Well, most users probably won't profit from it, because WinXP in the default configuration doesn't use PAE, and thus NX bit is ignored. However, I don't see any reason why the more advanced users shouldn't be able to access this functionality. ]

Message 4 of 11 (1,475 Views)
 
Reply
DizM
Active Member
DizM
Posts: 11
Registered: 11-13-2009
Location: Ru
0

Re: s10-2: no NX bit

[ Edited ]
Options

11-21-2009 04:23 AM - last edited on 11-21-2009 04:41 AM

CPU Identification utility v2.06 (c) 1997-2009 Jan Steunebrink ────────────────────────────────────────────────────────────────────────────── CPU Vendor and Model: Intel Atom 230/N270/N280/Z500-Z550 C0-step

Internal CPU speed : 1596.0 MHz

System CPU count : 1 Physical CPU(s), 1 Core(s) per CPU, 2 Thread(s)

CPU-ID Vendor string: GenuineIntel

CPU-ID Name string : Intel(R) Atom(TM) CPU N270 @ 1.60GHz

CPU-ID Signature : ******

CPU Features : Floating-Point Unit on chip : Yes

Time Stamp Counter : Yes Enhanced SpeedStep Technology: Yes

Hyper-Threading Technology : Yes

Execute Disable protection : No

64-bit support : No

Virtualization Technology : No

Instr set extensions: MMX, SSE, SSE2, SSE3, SSSE3

Size of L1 cache : 32 KB

Integrated L2 cache : 512 KB

Integrated L3 cache : None

___________________________________________

..

I do not know much about it. Please share your successful experiences. What could be a threat fo what can damage the BIOS?

rkagan wrote:

OK I've managed to sort it out.

 

The InsydeH2O BIOS used in S10-2 has

 

I can post the details if anybody's interested.  Meanwhile I'll try to convince my local Lenovo support contact that this needs to be implemented in the official BIOS, because this is a serious security feature

Message 5 of 11 (1,369 Views)
 
Reply
rkagan
Active Member
rkagan
Posts: 31
Registered: 10-17-2009
Location: Moscow RU
0

Re: s10-2: no NX bit

Options

11-21-2009 09:10 AM

Thanks for sharing the chkcpu data, this is another confirmation that the problem is in the BIOS and common for all S10-2.

DizM wrote:

What could be a threat fo what can damage the BIOS?

This is not about possible damage to BIOS, it's a protection measure against malicious software (viruses in particular) which operating systems may implement using this processor feature. That said, I guess the users of preinstalled WinXP won't benefit from it because it doesn't make use of this feature.
Message 6 of 11 (1,354 Views)
 
Reply
DizM
Active Member
DizM
Posts: 11
Registered: 11-13-2009
Location: Ru
0

Re: s10-2: no NX bit

Options

11-22-2009 01:48 AM

Ok.
I read your next story.

:smileyhappy:


Have found this CPU properties: "Enhanced Halt State (C1E) - Supported, Disabled"
Why so? Possible to restore justice? Repair this bug.

..

P.S.

Your way to the editing table VSS & re-flashing original BIOS mod file?

Message 7 of 11 (1,319 Views)
 
Reply
rkagan
Active Member
rkagan
Posts: 31
Registered: 10-17-2009
Location: Moscow RU
0

Re: s10-2: no NX bit

[ Edited ]
Options

11-24-2009 02:26 PM - last edited on 11-24-2009 11:48 PM

DizM wrote:

Have found this CPU properties: "Enhanced Halt State (C1E) - Supported, Disabled"

Umm, where?... I didn't post anything related to that, did I?

Your way to the editing table VSS & re-flashing original BIOS mod file?

I used flashit.exe from a BIOS update for Acer AOD250. It has /rb (read variable binary) and /wb (write variable binary) switches. First you do

flashit Setup /rb:setup.bin

to extract the variable block, then do a binary edit on it (knowing the offset of the particular setting you want to change), then write it back with

flashit Setup /wb:setup.new

Big fat warning: the utility dumps a file of a bigger size than the variable block actually is (I've seen 512 and 1536 bytes depending on the flashit version, while the variable block is 279 bytes). When I tried to write back the original size I screwed up the BIOS (that's why I had to learn how to resurrect it :smileyhappy:) . Only when I truncated the file to the actual size the setting modification was successful.

Message 8 of 11 (1,230 Views)
 
Reply
rkagan
Active Member
rkagan
Posts: 31
Registered: 10-17-2009
Location: Moscow RU
0

Re: s10-2: no NX bit

Options

11-24-2009 11:41 PM

DizM wrote:

Have found this CPU properties: "Enhanced Halt State (C1E) - Supported, Disabled"
Why so? Possible to restore justice? Repair this bug.

I just took another look.

Intel Atom N200 series processors used in S10-2 do not support C1E.

Check yourself the datasheets.

Message 9 of 11 (1,209 Views)
 
Reply
rkagan
Active Member
rkagan
Posts: 31
Registered: 10-17-2009
Location: Moscow RU
0

Re: s10-2: no NX bit

Options

02-09-2010 03:26 PM

Lenovo finally acknowledged the problem and issued a BIOS update (v.24) with the fix.

 

 

Message 10 of 11 (500 Views)
 
Reply