Bug#1056998: cdrom: Installation media changes after booting it
Hi,
Ram Reddy wrote:
> https://drive.google.com/file/d/1Zd6iufVRsfIu-qzC-tJx4FEvCOESOz4_/view?usp=sharing
I downloaded the tarball and compared the original FAT filesystem with the
various modified filesystem images.
--------------------------------------------------------------------------
In Legion7iG5-*_modified.esp the suspect lost its ID card at the crime
scene:
At byte 39072 (0x98a0) the changes go from 0-bytes to the text "LENOVO".
At byte 9711680 (0x943040) i see a change from 0-bytes to "BIOS".
Diffing the result of "find" on the mounted unmodified.esp filesystem and
Legion7iG5-*_modified.esp shows that a new branch of directoriies with a
new file is in each of the modified filesystems:
> ./efi/Lenovo
> ./efi/Lenovo/BIOS
> ./efi/Lenovo/BIOS/SelfHealing.fd
The file is empty.
--------------------------------------------------------------------------
In ThinkpadX1CarbonG5-0_modified.esp there is no company name to see in
the changed bytes. I see UTF-16 strings "mation", "System", and
"Volum\000me". ASCII texts "SYSTEM~1", "WPSETT~1DAT". The latter might
possibly be "WPSettings.dat", which causes questions in the internet.
Most plausible seems an answer in the course of
https://answers.microsoft.com/en-us/insider/forum/all/whats-wpsettingsdat-generated-by/e11bca97-8c76-4662-8897-774ea3d5691a
"The WPSettings.dat file is generated by the Storage Service (StorSvc).
It seems that WPSettings.dat means the data files of Windows Phone's
Store Settings saved on the drives, [...]"
Diffing the result of "find" on the mounted unmodified.esp filesystem and
ThinkpadX1CarbonG5-0_modified.esp shows that a new directory with a new
file is in the modified filesystem:
./System Volume Information
./System Volume Information/WPSettings.dat
The file has 12 bytes of binary salad:
Hex: 0c 00 00 00 2e 42 6b 82 5d 88 0e c5
Char: . B k ]
Dec: 12 0 0 0 46 66 107 130 93 136 14 197
--------------------------------------------------------------------------
While it makes some sense to me that Lenovo Legion BIOS adds some Lenovo
stuff to the EFI System Partition, i really wonder why Lenovo Thinkpad
BIOS adds a Microsoft directory and file.
Whatever, i'd say that the software in the ISO and especially Debian
Installer are not suspicious to create directories with such names.
Have a nice day :)
Thomas
Reply to: