[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Bug#1056998: cdrom: Installation media changes after booting it



Hi,

Ram Reddy wrote:
> I tested the installer on one of my laptops, and found that its contents
> didn't change.

Good to know that the software in the ISO still works from read-only DVDs.

> On the Lenovo Legion 7i Gen 5*, Lenovo Thinkpad X1 Carbon Gen 2*, Lenovo
> Thinkpad X1 Carbon Gen 5 Intel*, and one Lenovo Thinkpad E14 Gen 5 all
> showed the corruption error. 
> However, on the Lenovo Yoga C740 and a different Lenovo Thinkpad E14 Gen 5
> Intel showed no corruption issues. 

This seems to indicate that the firmware has a stake in the problem ...

> Both the Thinkpad E14 Gen 5s had the same specifications and type number,
> differing only in that the one with corruption of the installer has 24GB of
> memory (16GB installed in the slot, 8GB soldered) and the other only has 8GB
> soldered. They both have the same BIOS version, R2AET32W(1.07).

... but the trigger would have to be very subtle.

> This seems to be really interesting because the corruption only happened on
> certain computers, and it would stay that way on repeated attempts.

I ponder how to distinguish a change made by the firmware itself from a
change made by the software in the ISO image.

> Again, the
> ones that had corruption all had it at the same location. (byte 2303211,
> line 21165) 

Maybe we can learn more by comparing the files /boot/grub/efi.img of the
original ISO and of an altered USB stick.

Mount both and copy out the files, or use dd to extract them from the
partition interval that is marked in the ISO (ask by: fdisk -l).
With debian-12.2.0-amd64-netinst.iso that would be

  iso=debian-12.2.0-amd64-netinst.iso

or (with the approriate letter instead of "X")

  iso=/dev/sdX

and then

  dd bs=512 if="$iso" of="$iso".esp skip=4476 count=18976

Both images will have about 9.5 MiB of size. I would be interested in
seeing the altered one, as i can extract the original on my own.
So if you have a way to upload the altered EFI partition image to a
publicly accessible place i would be happy to investigate it.

Much smaller and thus more bugreport-friendly would be a binary diff.
You would need something more detailed than plain cmp. cmp -l gives the
differing byte values one by line (i.e. lengthy if many bytes differ).
I made an own willful alteration (subtracting 4476 * 512 from 2303211 yields
the new problem byte address 11499):

  cp debian-12.2.0-amd64-netinst.iso.esp debian-12.2.0-amd64-netinst.iso.esp.altered
  echo ABCDE | dd conv=notrunc of=debian-12.2.0-amd64-netinst.iso.esp.altered bs=1 seek=11499 count=5

Then

  cmp -l debian-12.2.0-amd64-netinst.iso.esp debian-12.2.0-amd64-netinst.iso.esp.altered

yields

  11500   0 101
  11501   0 102
  11502   0 103
  11503   0 104
  11504   0 105

(Odd enough: Addresses are decimal starting at 1, not at 0. Values are
octal.)

Less useful is cmp -b:

  debian-12.2.0-amd64-netinst.iso.esp debian-12.2.0-amd64-netinst.iso.esp.altered differ: byte 11500, line 278 is   0 ^@ 101 A

(Only the "A" is from my change. There seem to be pairs of octal value and
character meaning.)

I have my own unpublished differ for analyzing ISO entrails. So only the
big battleship "diffoscope" comes to my mind as public binary differ.
Probably there are leaner programs for that job.


Have a nice day :)

Thomas


Reply to: