Acer Aspire E15 and its firmware problemsI got a "newish" laptop, an Acer As - Pastebin.com

5 min read Original article ↗

  1. Acer Aspire E15 and its firmware problems

  3. I got a "newish" laptop, an Acer Aspire E15. This is my first PC with a UEFI firmware.

  5. The SETUP program has two boot mode options: "UEFI" and "Legacy". The computer was set to the UEFI option when I got it. It has some version of Windows installed (probably 8 or 10), but the installation is completely broken and it does not work. I was going to wipe the hard drive contents anyway.

  7. With UEFI mode enabled the "secure boot" functionality was always enabled and it was no possible to disable it. The first thing I did was to set the firmware to the "Legacy" mode, which I assume means the traditional IBM PC compatible BIOS mode that boots from a boot sector. The SETUP program immediately showed me a message: "Microsoft recommends executing Windows 8 and and the version above under UEFI boot mode to enjoy the full features."

  9. I found out that by pressing F12 while the computer was POSTing a boot device menu appears. Then I tried to boot my own operating system ST-DOS from a USB stick before installing Linux. It did not boot. The firmware only showed me a message "No bootable device -- insert boot disk and press any key". Strange. My bootloader is in a standard boot sector that ends with the boot sector signature 55AA, and to this day it has worked on every computer that I have tested it on.

  11. I switched the firmware back to UEFI mode and found out that the "secure boot" functionality can be disabled after setting a supervisor password. In my opinion that would not be a very good design, if the so-called "secure boot" really was a security feature: Disabling the "secure boot" is possible without knowing the password because the initial state is that the password is clear, but enabling the "secure boot" again is impossible without knowing the password. When the password is set, it is impossible to get to the SETUP program without that password. It is very easy to completely lock yourself out from the SETUP program and brick the system.

  13. Clearing the supervisor password also returns the "secure boot" option to enabled state.

  15. The "secure boot" keys cannot be modified by the user - the firmware always only trusts EFI binaries that are signed by Microsoft. I also noticed that when the firmware is in "UEFI" mode, it can only boot from the local hard drive. All other options than Microsoft's boot manager, that happens to be found in the pre-installed EFI partition, just disappear from the boot menu that is accessible by pressing F12. So the UEFI mode is useless anyway.

  17. I switched the firmware back to the "Legacy" mode and tried booting iPXE from a USB stick. To my surprise it booted. It means that iPXE did something differently than my bootloader. I investigated iPXE's boot sector in a hex editor. The image has an msdos-style partitioning ( https://stanislavs.org/helppc/disk_partition_table.html ) with one partition. I tried changing the "boot indicator" byte for all partitions to 00 and tried booting it again. It still booted and iPXE's boot code showed a message that there is no bootable partition (as it should). Then I changed the beginning and end of the partition so that it does not make any sense. No difference, still boots.

  19. Then I tried to set the "boot indicator" byte of the only partition to a randomn value, which happened to be 0x56. After doing that the firmware did not even try to boot the disk anymore. The "No bootable device" message was back. Conclusion: For some reason the firmware of this computer checks the presence of an msdos-style partitioning in the bootable disk. It does it by making sure that the "boot indicator" byte of every partition struct is either 80 (bootable) or 00 (non-bootable). The firmware does not transfer the control to the user's boot code if that check fails.

  21. The official BIOS specification from IBM states that the firmware only checks that the boot sector signature (bytes 55 and AA) are found at the end of the first sector, and if they are, the contents of the sector are loaded to memory address 7C00. The control is then transferred to the boot sector code by jumping to address 0:7C00. The firmware should not care about partitioning at all. The msdos-style partitioning is used by Microsoft's operating systems and not all operating system support it - it is only one of the infinitely many possible ways to implement partitioning. Many different operating systems use different partitioning schemes or don't use partitioning at all. It means that the firmware of this laptop is seriously buggy and boot locked to operating systems that use Microsoft's partitioning scheme. It also means that this computer cannot probably boot most diagnostic tools at all.

  23. Because the msdos-style partitioning scheme does not support (with 512 byte sectors) hard disks that are larger than 2 TB, it also means that with these Acers non-Windows users cannot use hard disks larger than two terabytes.

  25. I have some earlier experiences of UEFI computers and it has always been extremely hard to get them to boot anything else than their pre-installed Windows version.