Willy

@Kypetzl

he/him

one more cute disaster… it’s hard here in paradise

Medium

medium.com/@kypetzl

Bluesky

bsky.app/profile/kypetzl.bsky.social

Neocities

kypetzl.neocities.org/

Willy @Kypetzl4/10/2023, 1:49 AM

gravis again @cathoderaydude

gravis again @cathoderaydude4/9/2023, 11:23 PM

Hell Never Ends On x86: The Hyperspace Story, Continued, Sort Of

When researching Phoenix Hyperspace for my highly upsetting post on the subject, it was hard to avoid news articles proclaiming that it had been sold off by Phoenix (when they gave up wholesale on their idea of making anything other than BIOSes) and bought up by HP. However, that's where the trail ended; attempts to find out what, if anything, HP had done with it proved fruitless. That is, until two days ago.

#gravis-longposts #phoenix hyperspace posting #instant-on-linuxposting

Gay Eminem on 9/11 @DecayWTF4/10/2023, 1:27 AM

Holy Shit

So this is only kind of related to Gravis' post but there's a couple of fun threads to pull here:

System Management Mode

To explain this level of absolute fuckery I have to explain about protection rings. You might have heard that x86 CPUs have a few different "modes", real mode, protected mode and long mode. These are the three different main running states of the CPU:

Real mode: The CPU is basically pretending to be an 8086. 16-bit addressing, segmented memory. To this very day you can launch DOS on a CPU in real mode, as long as the BIOS/UEFI will let you boot it.
Protected mode: Introduced with the 80286 and then introduced in way that actually works in any useful way in the 80386. Supports virtual memory (pretty critical for "real" multitasking by allowing memory to be remapped in different layouts and set up so that programs can address a lot more memory than the 1 megabyte supported in real mode) and a bunch of other features that were standard on timesharing mainframe systems in the 60s and 70s. Also supports protection rings.
Long mode: Similar to protected mode but with 64-bit addressing (not really but that's not incredibly important) and a bunch of more or less useless backward-compatibility features turned off.

Protection rings are one of the big features of protected mode and what the mode is partly named for. The x86 CPU supports four rings, 0-3, from highest privilege to lowest. Code running at a lower-numbered ring can access memory at an equal or higher protection level, whereas if code at a higher-numberer ring tries to access memory with a lower protection level, an interrupt is generated to let the OS decide what should happen. This architecture is derived from the Multics operating system, which implemented eight(!) protection rings in software, and the later Honeywell 6180 which implemented them in hardware to support Multics.

In practice, every x86 OS only uses ring 0 for the operating system and device drivers and ring 3 for user programs. OS/2 used ring 2 as well, for some programs with extra privileges, but there's no one still running OS/2 except for about a million ATMs.

System management mode is sometimes colloquially described as "ring -2". What the fuck?

As Gravis describes, SMM is a "higher privilege level" than ring 0, but that's not exactly true, the code runs in ring 0, but it's triggered by a set of interrupts the operating system can't intercept or block, so, in practice, SMM can and does take over your machine at any time and the OS can't affect anything that it does except by jumping into SMM on purpose.

If this seems bad, you're right! It is! It's a huge security problem! Any bugs in firmware SMM code can't be patched over by the operating system or prevented in any way, so it has been and continues to be a vector for a semi-infinite number of exploits including a bunch of NSA's famous rootkits.

Even better? There's a ring -3. It's called the Intel Management Engine; AMD's version is the AMD Platform Security Processor. These are different (and more fucked up and evil) than SMM because they basically act as a front-end processor, again derived from old mainframe technology, which is to say it's a whole other computer that does things like boot the main computer. The ME/PSP is also running all the time, even when the computer is "off" as long as it has power, and can highjack any of the major functions of the machine. This is used for things like wake-on-LAN and a bunch of other enterprise computing functionality you don't need or care about, and has also been a vector for effectively unblockable exploits! Cool!

To round this out, "ring -1" is used to refer to a VM hypervisor, which is probably not fucked up and evil as long as you put it there on purpose.

UEFI Graphics Output Protocol

Gravis points out that there's no graphics acceleration in UEFI, which is almost true. It's usually true. The full explanation is much goofier:

The UEFI GOP, in fact, has a specific hook for 2D acceleration, the Blt() function. This allows you to specify a source buffer, a target buffer, a source rectangle and a target rectangle. It's a bitblt primitive! It's the basic building block of all 2D video acceleration! Except... It doesn't support blend modes or masking, all it can do is write pixels to the screen exactly as represented, meaning there's no useful way to use this to implement sprite graphics, layers, etc. Not only that, but most graphics cards don't implement it in a useful way so the performance is dogshit. It's like it was designed expressly to be almost useful enough to make people waste a lot of time trying to use it and then give up.

You must log in to comment.

in reply to @cathoderaydude's post:

Just Another Apocryphal Mess @apocryphalmess4/9/2023, 11:48 PM

at the hardware company I last worked for, I spent some time working on getting the open source version of memtest working as an EFI executable inside the ESP (EFI System Partition). this turned out to not be terribly difficult because the standard build process compiles an .efi file as part of it, which is just a straight-up EFI executable that requires no further modification. the tricky part was 1) making sure various boot menus and loaders etc could find it, and 2) setting up tooling to let us update the executable in the ESP from within the regular OS

I left the company before I got things working to a point where the People Who Make Decisions could decide to push the thing out or not, but one of these days I may go back to it as a personal project since being able to install memtest on a PCI and then boot to it without writing it to a USB stick first is a huge deal for people who troubleshoot hardware. (yes, Windows has a memory testing tool built in but it’s kind of garbo)

UEFI is fucking crazy in terms of what you can do with it. sadly, the people most interested in doing stuff with it these days are either the sort of desperate corporate mooks you talked about, or malware authors

Nire Bryce @NireBryce4/9/2023, 11:54 PM

I haven't tried the windows bootloader, but I know it's possible to straight up dd the memtest iso to a partition and then add it as a menu option to GRUB and you can just boot that.

it's not EFI magic, but if you aren't looking for that, it's an option

Just Another Apocryphal Mess @apocryphalmess4/10/2023, 12:10 AM

well the ideal solution, IMO, was to put the memtest EFI executable in the ESP (at something along the lines of /EFI/memtest/memtest.efi) and then point to it from two places:

as an entry in the firmware’s EFI boot table, which is accessible through bcfg inside the UEFI shell, by using the efibootmgr command under Linux, and other methods
as a set of menu definition files on the ESP at /loader/entries/ so bootloaders like systemd-boot or GRUB can find it in addition to Linux, Windows, etc

this allowed for multiple methods to get to it, so if something Broke Real Bad it was hopefully still accessible. this was something I was working on in my spare time as an actual tech support guy for the company as a way to save me and my coworkers some hassle with teaching customers to burn USB sticks from an ISO file, so making it as transparent and as a fault-resistant as possible was important

Nire Bryce @NireBryce4/10/2023, 3:36 AM

yeah, that seems useful for that application

Nire Bryce @NireBryce4/9/2023, 11:53 PM

so this makes me think about a largely unrelated thing:

HP, Dell, Lenovo, etc see themselves as Full Stack Hardware Companies.

And I speculate that they see non-fleet laptops and desktops as diversification, but in reality it means you have to do some ruthless competition with laptop-only manufacturers that are now popping up the last 5 years. Apple made the jump already -- most of it's desktops are laptop boards, or at least laptop components. (Non-upgradability being a motive is for another thread)

and it also means you need to keep current on the gaming trends, and what normal people are hyped about with technology, to sell them.

Whereas I bet they'd do a lot better if they ceded that ground and became the "Need 10+ laptops Keyed Alike? We've got you."

We sort of saw this when thin clients took off, but they never replaced Consumer Desktops, for obvious reasons (People don't have a terminal server etc).

I wonder what happens when they realize they're the Mozilla of laptops, separate and competing not for innovation, but because if any of them fail there's going to be a duopoly

Keiya the Cyber-Kitty @keiya4/10/2023, 6:50 PM

One correction: There already is a duopoly in browsers. You're using either Firefox or Chrome - Microsoft gave up a while back and Edge is just a Chrome shell now.

(Technically Apple ships their own thing, but Safari doesn't actually compete in any meaningful sense because it's locked to Apple hardware and Apple hardware is locked to it.)

Nire Bryce @NireBryce4/10/2023, 7:13 PM

yes, but instead of two browsers there are four companies, which would reduce to a duopoly, as the browsers are the example they're trending towards.

sapphire @arkflash4/9/2023, 11:54 PM

i take your point about motherboards doing nothing but i want to note that there is 1 thing that they could do to differentiate themselves - diagnostics. the motherboard manufacturer already has to bodge a dozen different microprocessors (and sensors that contain microprocessors) and write (or reuse) firmware for all of them. they're in the perfect position to present the fine details of the machine to both the OS once booted and the user pre-boot. i just had to diagnose why a machine wasn't booting and all they allotted to this task was 4 fucking LEDs! and they only did that because the chipset probably has dedicated IO for them, because every other board with the same chipset has the same LEDs (don't worry, each vendor makes up a marketing name for them so you can't correlate problems across boards). higher-end boards have a whole 2-digit 7-segment display with borderline useless codes.

the high-grade stuff that Actually Needs To Work boots a full ass separate computer, the BMC, to monitor this stuff. this is stupid for other reasons, mostly that there's now a secret, second linux running on the box that can be compromised and Doesn't Fucking Work. ironically, i think Phoenix mostly writes the software for BMCs these days because as you've noted BIOS is kinda a solved problem. boards with BMCs are completely out of the reach of consumers though, workstation boards that support it like this one from ASUS cost as much as an entire computer (because that's what is is, partly).

even if someone sold a consumer-grade board with good pre- and post-boot diagnostics i'm not sure it would ever get much reach outside of enthusiasts. but it would be nice.

Nire Bryce @NireBryce4/9/2023, 11:56 PM

let me pay an extra 30$ for a motherboard with the development test points left on the board

sapphire @arkflash4/10/2023, 12:09 AM

god yes please

Irenes (many)@ireneista4/10/2023, 7:39 PM

that would be lovely

Nire Bryce @NireBryce4/10/2023, 9:32 PM

jtag pigtail just hanging off the board... they know they want it. also gamers would eat it up because they could display even more numbers

gravis again @cathoderaydude4/10/2023, 12:05 AM

yeah no argument - it's universally like this:

BUSINESS: there's nothing we can do to improve this thing! nothing!!!!

ENTHUSIASTS: well, you could add $nearly_free_feature

BUSINESS: [for next ten years] THERE'S NOTHING WE CAN ADD!!!! NOTHING!!!!! COME ON GUYS KEEP COMING UP WITH FAKE IMPROVEMENTS TO BAMBOOZLE PEOPLE BECAUSE THERE'S ABSOLUTELY NOTH

Just Another Apocryphal Mess @apocryphalmess4/10/2023, 12:14 AM

I’ve found those two-character POST code LEDs to be reasonably useful, and certainly better than nothing at all. and yet motherboard manufacturers are leaving them off everything except the $500 models because that’s still like a fucking $1 they can save on each unit

invertigo hayfever @the-doomed-posts-of-muteKi4/10/2023, 12:34 AM

The HP Z440 has the wondrous feature of a completely proprietary power supply and motherboard connection, but I wish every prebuilt system had as elegant a system for connection management and peripheral placement as it does. Plus, server boards always have a nice amount of PCI lanes, though the decommissioned systems are obviously at a lower PCI spec.

sapphire @arkflash4/10/2023, 1:13 AM

i'm not super familiar with that particular setup, are you referring to the layout of the case connectors relative to where they need to go in the case?

invertigo hayfever @the-doomed-posts-of-muteKi4/10/2023, 4:33 AM

Yeah. It's practically toolless -- all you have to do to, say, replace a hard drive is pull out the side board, pull out the tray, and stick a new one in.

sapphire @arkflash4/10/2023, 4:47 AM

ah yea, that sounds like rack server hardware? sounds amazing to have on in a desktop system and makes perfect sense for a Business Computer where a corporate IT department probably wants to just slap some stuff in and out and get the machine back up again.

invertigo hayfever @the-doomed-posts-of-muteKi4/10/2023, 5:42 AM

Yeah. Like this sort of workstation design is, IMO, the most logical direction to go for a home server setup. Sure those little synology cubes are nice (I have one from my parents here) and they're compact but they tend to be pretty comparable in price to a decommissioned workstation, and aren't quite as flexible.

Nire Bryce @NireBryce4/10/2023, 9:35 PM

what i really want is a case with conduit power routing because it would cost almost nothing and save 90% of cable management issues. give me an edge connector where the PSU would be and a pigtail for the mobo power, though ideally board manufacturers would do it instead so we wouldn't need the pigtail

it's 2023 why am i routing slightly too short molex cables all the way across the board

♿︎｜Asriel // Azi｜Θ∆｜🏳️‍⚧️@MisutaaAsriel4/10/2023, 12:49 PM

I've said it before but PC motherboards need their "OBD".

Cars have computers. And every car sold today has access to something called the OBD, or On-Board Diagnostics. This system is a standardized digital protocol that lets technicians connect a separate computer unit which can then read diagnostic codes, troubleshoot issues, etc. from the on-board system in the vehicle.

Instead of fussing with nonstandard diagnostic codes, LEDs and segmented displays, beep codes, and the likes; just provide a port on the board that anyone can hook up a reader of their choice, or hell, even a raspberry pi with the right software, to receive detailed diagnostic information from the firmware. Manufacturers could even sell their own readers with their own flavors of features if they wanted. Hell, throw in a couple "OEM" pins into the standard to let mobo makers get funky with these, push their readers which can do diagnostics plus.

The average consumer wouldn't even care, as they never look at the LEDs anyways. The hobbyist crowd would probably eat this up for breakfast, as suddenly they'd be able to use one tool to troubleshoot any supported motherboard, or maybe even build their own with some cheap parts.

Manufacturers wouldn't have to waste money on developing pre-boot diagnostics utilities and instead could offload reporting to this protocol, saving them a buck on board development and on board components (since it'd basically be a port and some traces; no LEDs, displays, etc. to fuss with.)

Ecter B.@ecter4/14/2023, 10:58 AM

I think aiming at hobbyists and such power users is just deemed too risky from an investment perspective.

Hobbyists and power users are usually more educated on technical details and do way more research before buying a part for their use, they're harder to trick into impulse buying. And they're not buying in bulk. Unless you can build a hype for a new "revolutionary product" that a big enough swarm of hobbyists would buy, it would never beat investment into "executive" crowd.

Executive crowd doing bulk purchases of new hardware for thousands of employees per company at once. That's where return on investment lies, not in a thousand or so geeks worldwide getting excited about the actually innovative feature that cost more to engineer than a line of "business laptops" barely different from anything else on the market.

♿︎｜Asriel // Azi｜Θ∆｜🏳️‍⚧️@MisutaaAsriel4/14/2023, 3:33 PM

Executive crowd doing bulk purchases of new hardware for thousands of employees per company at once. That's where return on investment lies

I think the idea of a "PC-ODB" would fit nicely into that niche, as IT departments I'm sure would more than enjoy having access to a singular device which could be connected to any one of their boards for diagnostics.

Make the problem cheap, then sell the solution. An IT department isn't going to build a diagnostics reader from a raspberry pi. They'll buy in bulk the "proper" units, enough to ensure they can swap to another if one breaks, and to have enough for however many technicians and employees need them.

They'd basically be inventing a new product category.

Ecter B.@ecter4/14/2023, 7:01 PM

I'm not gonna argue there - tbh i'd rather start wishing someone will make it happen at some point. It's just difficult, not impossible, so fingers crossed.

gull *Plus!*@gull4/10/2023, 12:11 AM

"HP writes an EFI email/calendar application with special bodges for Outlook compatibility, pulls open and abuses an unacknowledged level of access built into the hardware ages ago to beat Windows to the punch and claw out a fucking calendar into the windows boot screen just to maks their little netbook marginally more appealing to business guys who only ever use Outlook" is not what i expected to learn about today but exactly the kind of thing i was hoping for

Gourd @gourdcaptain4/10/2023, 12:17 AM

Every motherboard I've ever bought has made me regret it down the line in one way or another (starting with the first PC I ever built, an ASRock Sandy Bridge that on shutdown if the USB drivers weren't messed with would have some kind of bizarre power backflow that turned the machine back on again). These are at least interesting dysfunctions instead of "why did they install a tiny GPU fan that dies after a month and emits rattling noises that can be heard across my apartment" or "UEFI doesn't work with any OS but the first one installed". :(

Eh, I'm sure they have those faults too.

hellojed @hellojed4/10/2023, 1:03 AM

Gigabyte was putting gun shaped heatsinks on their motherboards for a while which was really funny

Binary @binary4/10/2023, 1:47 AM

This was a journey, holy shit.

Plum @plumpan4/10/2023, 2:08 AM

https://gekk.info/articles/images/quickweb/daystarter-3.jpg

I can't tell if this is a REAL slide or a crafty sarcastic post. I fear it is likely real, despite the overuse of the word "innovation".

gull *Plus!*@gull4/10/2023, 3:25 AM

woah... i feel so innovated upon

Nire Bryce @NireBryce4/11/2023, 12:52 AM

oh no that's real, that's just how the 2008-2012 era was for this tier of hardware manufacturer. terminal cases of business brain

@lexi4/10/2023, 3:23 AM

i sometimes think i overengineer too much but hats off. this is completely insane

Vikxin @vikxin4/10/2023, 6:04 AM

I thought the EFI Outlook clone was already a security nightmare, but uhhh...as soon as I saw the letters "SMM" I was floored. What the actual fuck...

God I'm so glad shit like that is dead and buried.

Richard Barrell @0x2ba22e114/10/2023, 10:06 AM

So, thinking about the fact that most of these laptops come with a load of "value add" software pre bundled with Windows and it's absolutely terrible, RAM wasting garbage of no utility to anyone anywhere.

I do find it very strange that nobody seems to have ever tried making that bundled software good instead of bad.

Diana @dmw4/10/2023, 6:08 PM

At that point you're just competing with software vendors, right? You either have to license it from those same software vendors to maybe make your PC look better if slightly more expensive ("it comes with MS Office 2007!") or write your own competing software, which will probably be crap.

Nire Bryce @NireBryce4/10/2023, 9:40 PM

you're often paid to include most of the bundled software, by the companies, when it isn't homebuilt stuff like Lenovo Vantage. they're not installing macafee because they care, it's because its like a sponsorship

Caffeinated Otter @caffeinatedOtter4/10/2023, 5:59 PM

"HP bought it, but then seemingly junked all the demon-haunted helltech" you mean I made this popcorn for nothing?

"System Management Mode" sickos_yesssss

dime??@dimethylhydra4/10/2023, 6:48 PM

what asus board came with the nuclear launch drive bay? i couldnt find anything that looked like that online but it sounds amazing

Tom Forsyth @tomforsyth4/11/2023, 12:41 AM

Each of your posts is more horrifying than the last.

Wobblegong @wobblegong4/11/2023, 3:11 AM

I barely speak computers well enough to follow along but thank you, kind stranger, because the screams of the damned ripple off the page well enough for me to follow the curse payload just fine.

I am extremely inclined to agree (for psychology/having-met-humans-before reasons) with your The One Stupid Lever You Can Pull reasoning.

Sol_HSA @sol-hsa4/14/2023, 11:30 AM

Couple notes:

I think we're down to something like Ring -3 by now. Possibly more.
Microwave ovens are a great analogy to the whole differentiation thing; the optimal form was invented decades ago, so the only way to differentiate in the market is to make things worse.

@vmp4/23/2023, 7:53 PM

I believe Ron Minnich said it, SMM is fully explained by the desire to run DOS 1.0 (e.g. on a laptop). DOS 1.0 doesn't know how to measure temperature or control fans, put some code in SMM to do it. DOS 1.0 doesn't know USB keyboards, trap keyboard I/O port access to SMM and emulate it there. DOS 1.0 doesn't know USB storage, trap disk access to SMM and emulate that. DOS 1.0 doesn't know about volume buttons... SMM. etc. etc.

astrid 🦋@astr6/20/2023, 9:02 AM

How feasible would it be to dump the SMM-level firmware from this? Now I'm deadly curious whether there's some kind of fun 0day in the JPEG loader or something. Getting ring -2 code execution on a decade-old shittop would be hilarious.