Linux Workaround: Use M.2 NVMe Drive in Old Motherboard Unable to Support Boot?

Zarathustra[H]

Zarathustra[H]

Extremely [H]
Joined
Oct 29, 2000
Messages
38,819
Hey all,

So I am putting together a system with spare parts I have in my parts bin. I have an M.2 NVMe SSD, an older CPU and motherboard that does not support booting from an NVMe drive and a hard drive. I also have a cheap M.2 PCIe adapter card.

I'm trying to think of a good workaround to make this work.

The problem is that the motherboard is not aware of NVMe drives, and the M.2 drive does not have an old fashioned bootrom, so the bios would not be able to boot off of Ubuntu installed on the NVMe drive

It struck me, that once the kernel is loaded, the NVMe drivers should be loaded and the drive should be visible to the OS, which makes me wonder, would this work?

What if I create a small dedicated /boot partition on the hard drive, install grub to the boot sector of the hard drive, but create my / partition on the M.2 drive?

I'm thinking like this:

Hard Drive: (Grub on MBR)
- /boot partition (~512MB)
- Storage Partition (rest of drive)

M.2 Drive:
- Swap partition (8GB)
- / partition (remainder of drive)

This way the BIOS is initializing the boot using the spinning hard drive, the kernel is loaded off of the /boot partition, and once it is loaded it should be able to see the / partition on the M.2 drive.

Would this work? Or does Grub need to be able to see the / partition before the kernel (and its NVMe drivers) loads?

I'd appreciate any thoughts on this.
 
I do this on my dual Xeon system with Intel 5520 chipset based PC, running an m.2 SSD as my boot drive and it works great.

However I used one of the two m.2 SSD's known to support legacy boot so I didn't need to do any more than simply plug the drive and adapter into a pcie slot and turn the machine on. If you can find either a Kingston HyperX SSD or a Samsung 950 Pro you're good to go, I got my HyperX off Ebay brand new.

VWEOcKoh.jpg


Here's a link of someone who's done what you're talking about under Windows:

https://audiocricket.com/2016/12/31/booting-samsung-sm961-on-asus-p6t-se-mainboard/
 
Mazzspeed said:
I do this on my dual Xeon system with Intel 5520 chipset based PC, running an m.2 SSD as my boot drive and it works great.

However I used one of the two m.2 SSD's known to support legacy boot so I didn't need to do any more than simply plug the drive and adapter into a pcie slot and turn the machine on. If you can find either a Kingston HyperX SSD or a Samsung 950 Pro.

View attachment 99608
Click to expand...

Thanks.,

I'll have to look into that.

I've also read that there are ways to hack the bios of older motherboards, inserting the NVMe modules into them and reflashing them.

Sounds risky. I'd hate to brick my motherboard. I don't even know if I could get Asus to re-flash it for me anymore given that it is 7 years old :p
 
Zarathustra[H] said:
Thanks.,

I'll have to look into that.

I've also read that there are ways to hack the bios of older motherboards, inserting the NVMe modules into them and reflashing them.

Sounds risky. I'd hate to brick my motherboard. I don't even know if I could get Asus to re-flash it for me anymore given that it is 7 years old :p
Click to expand...

I've read that also. I was going to try all the methods you mentioned as I had the card but no m.2 drive and finding m.2 drives with legacy boot support is getting harder, but when I found the Kingston HyperX on Ebay for a fair price I simply jumped at the opportunity and I've been very impressed. Another trick is to use an LSI 9211-8i 8x and flash it to IT mode for SATA 3 that's probably faster than native. You'll see my system also has such a card installed. ;)
 
Zarathustra[H] said:
Thanks.,

I'll have to look into that.

I've also read that there are ways to hack the bios of older motherboards, inserting the NVMe modules into them and reflashing them.

Sounds risky. I'd hate to brick my motherboard. I don't even know if I could get Asus to re-flash it for me anymore given that it is 7 years old :p
Click to expand...
I've made a custom BIOS and flashed it. Been running in my main PC for months without issue. It's not too difficult. I did mine to get the newest Intel microcode on there in order to fix the spectre and meltdown vulnerabilities from that level. I have an Asus too. Did you already find relevant instructions to adding that code to the BIOS and flashing it?
 
FNtastic said:
I've made a custom BIOS and flashed it. Been running in my main PC for months without issue. It's not too difficult. I did mine to get the newest Intel microcode on there in order to fix the spectre and meltdown vulnerabilities from that level. I have an Asus too. Did you already find relevant instructions to adding that code to the BIOS and flashing it?
Click to expand...

I'd also be very interested in seeing how you do this.. :)
 
Both Spectre and Meltdown attacks require local code to be run so for a home user the patches bring only reduced performance on desktop...
 
B00nie said:
Both Spectre and Meltdown attacks require local code to be run so for a home user the patches bring only reduced performance on desktop...
Click to expand...

You could technically have code inside a malicious ad banner execute on your machine and use this exploit to escalate priveleges.

Most browsers run stuff inside a sandbox, but the nature of Spectre and Meltdown I'd that they can break out of those.

Google seems to have very poor control of what they distributed in their ad network
 
Zarathustra[H] said:
You could technically have code inside a malicious ad banner execute on your machine and use this exploit to escalate priveleges.

Most browsers run stuff inside a sandbox, but the nature of Spectre and Meltdown I'd that they can break out of those.

Google seems to have very poor control of what they distributed in their ad network
Click to expand...
Which is why I block ads and scripts as a rule of thumb in addition to not browse with Windows to which the vast majority of attacks are targeted against. Basically you have to be owned already once to get owned by Spectre/Meltdown.
 
I've mentioned it before. I applied both the Spectre and Meltdown patches under my Linux install and my PC benchmarked a whisker 'faster'. :D
 
Mazzspeed said:
I've mentioned it before. I applied both the Spectre and Meltdown patches under my Linux install and my PC benchmarked a whisker 'faster'. :D
Click to expand...

But you shouldn't have to do this.

Linux by design uses a microcode instance stored in the distribution, right?

My package manager updates the microcode for me all the time....
 
B00nie said:
Which is why I block ads and scripts as a rule of thumb in addition to not browse with Windows to which the vast majority of attacks are targeted against. Basically you have to be owned already once to get owned by Spectre/Meltdown.
Click to expand...

Not really it is possible to get in with injected java.... and that doesn't have to come from ads. I will grant you that its not the easiest in... and under Linux I wouldn't really be to concerned about turning most of those mitigations off, for a personal not on a public domian machine.

In honesty... I use;
"pti=off spectre_v2=off l1tf=off nospec_store_bypass_disable no_stf_barrier"
in my grub boot params.

Having said that I would never run a windows machine without the patches... just to many pieces of software doing their own thing to be that trusting.

Its virtulized systems that are the most at risk in regards to all the speculation attacks. Which does mostly mean larger servers ect. I have no doubt that end user speculative attacks are already targeting windows right now. The skuttlebutt on Meltdown and Specter only leading to leaked data at random is sort of untrue. It is true that when it was first discovered that was basically what you could do with it. However since it has been discovered people have found ways of getting those unprivaliged cache memory addresses to do more interesting things. If you can get the CPU to run your code, you can get the CPU to speculate specific math that jumps, and can be used to let the rest of your code in. Its like squeezing a grease man into a vent... letting them wiggle their way out and unlock the front door for you.
 
Zarathustra[H] said:
But you shouldn't have to do this.

Linux by design uses a microcode instance stored in the distribution, right?

My package manager updates the microcode for me all the time....
Click to expand...

https://wiki.archlinux.org/index.php/microcode

Yes for the most part microcode is not something you should have to worry about as a Linux user. Every major distro pushes major microcode fixes. So unless you are using something very very niche you should be safe. (even then the kernel guys are updating microcode for Power) ARM and RISCV don't use microcode per say but they have security patches that operate in a sort of same way that deal with low level microops. Only chips I could imagine needing custom microcode outside of that sent to Linus would perhaps be sparc. So unless you are IRL a Fujitsu engineer with some crazy custom SPARC running machine in your basement... you shouldn't have to worry much about microcode.

Its detailed in the arch microcode wiki but I'll put it here as well;
dmesg | grep microcode
This will list your operating microcode version. You can always check what is reported with what is current for your CPU.

Intel microcode as of Aug 8 2018
https://www.intel.com/content/dam/www/public/us/en/documents/sa00115-microcode-update-guidance.pdf

You'll see something like this reported by dmesg;
CPU0 microcode updated early to revision 0x96, date = 2018-05-18
You can then ensure 0x96 is the newest microcode.
 
Last edited:
Zarathustra[H] said:
But you shouldn't have to do this.

Linux by design uses a microcode instance stored in the distribution, right?

My package manager updates the microcode for me all the time....
Click to expand...

Stored in the kernel, the particular kernel I was running didn't contain the microcode fixes.
 
ChadD said:
Not really it is possible to get in with injected java.... and that doesn't have to come from ads. I will grant you that its not the easiest in... and under Linux I wouldn't really be to concerned about turning most of those mitigations off, for a personal not on a public domian machine.

In honesty... I use;
"pti=off spectre_v2=off l1tf=off nospec_store_bypass_disable no_stf_barrier"
in my grub boot params.

Having said that I would never run a windows machine without the patches... just to many pieces of software doing their own thing to be that trusting.

Its virtulized systems that are the most at risk in regards to all the speculation attacks. Which does mostly mean larger servers ect. I have no doubt that end user speculative attacks are already targeting windows right now. The skuttlebutt on Meltdown and Specter only leading to leaked data at random is sort of untrue. It is true that when it was first discovered that was basically what you could do with it. However since it has been discovered people have found ways of getting those unprivaliged cache memory addresses to do more interesting things. If you can get the CPU to run your code, you can get the CPU to speculate specific math that jumps, and can be used to let the rest of your code in. Its like squeezing a grease man into a vent... letting them wiggle their way out and unlock the front door for you.
Click to expand...

Yes, the biggest thraat is to virtual hosting companies that let customers run their own OS. FYI script block totally disables java and javascript running from the browser, no injections possible. Of course many websites look broken without them but I enable only what I absolutely need and I use a throwaway virtual machine for porn and security related research.
 
  • Like
Reactions: ChadD
like this
B00nie said:
Yes, the biggest thraat is to virtual hosting companies that let customers run their own OS. FYI script block totally disables java and javascript running from the browser, no injections possible. Of course many websites look broken without them but I enable only what I absolutely need and I use a throwaway virtual machine for porn and security related research.
Click to expand...

There is some honesty. lol
 
B00nie said:
Yes, the biggest thraat is to virtual hosting companies that let customers run their own OS. FYI script block totally disables java and javascript running from the browser, no injections possible. Of course many websites look broken without them but I enable only what I absolutely need and I use a throwaway virtual machine for porn and security related research.
Click to expand...

Theoretically using Spectre and/or Meltdown any bad actors on those sites could escape your throwaway VM.

I wonder how likely it is scripts would be designed to do this. Probably not on porn sites, but on security research sites where it may be expected visitors would take this type of precaution, they might.
 
Zarathustra[H] said:
Theoretically using Spectre and/or Meltdown any bad actors on those sites could escape your throwaway VM.

I wonder how likely it is scripts would be designed to do this. Probably not on porn sites, but on security research sites where it may be expected visitors would take this type of precaution, they might.
Click to expand...

They would have to recognize they're in a VM first, then knowingly break out of it. A random internet attack will never do that - they'll target the host OS if anything. Also the chances of running into a linux attack is extremely low.

If I was a Pentagon security specialist with national secrets on my computer - yeah I might be worried that someone is going to actively hack me. But I'm not.
 
If you run untrusted code in a VM and don't have ECC memory, you have lost anyway.

https://fahrplan.events.ccc.de/congress/2016/Fahrplan/events/8022.html

And yes, the attack works from a browser in a VM visiting a malicious website and running its JavaScript code.
Flip Feng Shui makes cross-VM Rowhammer attacks precise, fast and reliable. As an example, Flip Feng Shui compromises the OpenSSH server of a victim VM in less than 10 minutes in 84% of the cases.
Click to expand...
 
B00nie
Rowhammer is a hardware design defect. You cannot patch it. The only defense is ECC memory, or (in case of that particular Flip Feng Shui attack) disabling memory deduplication.
 
chithanh said:
B00nie
Rowhammer is a hardware design defect. You cannot patch it. The only defense is ECC memory, or (in case of that particular Flip Feng Shui attack) disabling memory deduplication.
Click to expand...
A net based attack requires a 500Mbps connection to work, most home users are safe from them. Also javascript based attacks are a non issue since I block scripts and ads by default.
 
B00nie said:
A net based attack requires a 500Mbps connection to work, most home users are safe from them. Also javascript based attacks are a non issue since I block scripts and ads by default.
Click to expand...
I was talking about virtual machines that run potentially untrusted code. If you have JavaScript disabled and never run random programs that you downloaded from the Internet (not even in a VM) then you are of course safe. Rowhammer is just a method such code can use for privilege escalation/VM escape.
 
You must log in or register to reply here.
Back
Top