gekk.info « articles
When researching Phoenix Hyperspace for my highly upsetting article on the subject, it was hard to avoid news articles proclaiming that it had been sold off by Phoenix (when they gave up wholesale on their idea of making anything other than BIOSes) and bought up by HP. However, that's where the trail ended; attempts to find out what, if anything, HP had done with it proved fruitless. That is, until two days ago.
When researching an only tangentially related subject (the Dell Latitude Z600, which runs a completely different instant-on linux) I stumbled across a mention of HP QuickWeb, described as another fast-booting Linux distro. Digging into this, I uncovered quite a shocking amount of information I had managed to miss before, on account of there being no standardized terminology for any of this stuff.
The discovery process on all of this happened so quickly that I don't really want to drag it out the way I did in the previous article. Once I knew the terminology, it took me maybe six hours to make it from beginning to end. The journey is less important than the destination in this leg of the story, so let me just summarize much of it, broken up into Important Data Nodes:
HP did in fact buy Hyperspace in late 2009 - but they didn't do anything with it right away.
Prior to the acquisition, they already had an instant-on Linux - one based on Splashtop, under the name QuickWeb.
It's amazing that I missed this, because they sold it across their whole range for several years. Netbooks (Mini 210), consumer machines (Envy 13/14), business (Probook 4730s, 4530s, 4430s), executive (Elitebook 8540w, 8440p) - and these are just some examples. There were many more. I was able to walk into RePC the day after I learned about this and walk out with two machines that support it, that's how common it was.
Laptops with QuickWeb support have a little button with a globe icon that boots QuickWeb instead of your normal OS. Note that not all HPs with globe buttons can do it; on some, that button just opens a web browser within Windows. There is no way to tell which is which. For instance, the Elitebook 8460 and 8470 look exactly identical, but only the former supports QuickWeb.
A couple years after the acquisition (AFAICT) HP finally decided to do something with Hyperspace: They quietly replaced the existing QuickWeb with one based on Hyperspace, with no fanfare or announcement of any kind. I can find no information linking the two - the only way I was able to prove this was by downloading two revisions of QuickWeb, extracting them, and finding strings for Splashtop in one and Hyperspace in the other.
As with the other Hyperspace (and Splashtop) implementations I showed in previous articles, the actual OS is completly uninteresting. In fact, it doesn't even have the unholy host filesystem access feature, or the office suite, or the ability to save files at all. It's simply a web browser, Skype, an email client, and some news and stonks widgets.
Additionally, HP did not base their implementation on Hyperspace Hybrid or Dual. It's the very basic version: a fast-boot Linux that dual-boots with Windows.
It is not, however, a conventional MBR-type dual-boot setup, nor is it using Phoenix's wacky hidden BEER partition table nonsense. Instead, the OS is simply stored as files on a FAT32 partition called HP_TOOLS; it's not even hidden, the user can see it in Windows.
Since this era of HP laptop had early UEFI, and UEFI can read FAT32, they used custom firmware code to just look for a partition with that specific name, then it finds "HP_TOOLS\QuickWeb\QuickWeb.efi" and boot it. EFI is a big step in making the PC more boring (good meaning)
Okay, let's have some pictures.
This is the "globe" button. As noted, it doesn't mean a machine definitely has QuickWeb.
This is Quickweb - specifically, a version I haven't yet been able to locate. This is from an old blog post. It's obviously Splashtop-based, since it's clearly branded in the screenshot, but it seems to be much closer to the original offering, with a widget based "desktop" and a number of bundled apps including Skype, chat, email, music and a photo viewer. I found a couple other screenshots that make it clear that the latter two apps are still the terrible Adobe Flash crap that they were selling in 2009.
I have seen references in HPs docs to QuickWeb version numbers, but no clear rubric. I suspect that this version is "QuickWeb 1," the next one is "QuickWeb 2", and the Hyperspace version is "QuickWeb 3."
The above is what I suspect was "QuickWeb 2." It says version 1, but who knows whose numbering scheme that is. It's still Splashtop-based, but HP has removed the branding. I was able to install it on a machine (EliteBook 8440p,) but it seems to have absolutely no features other than a web browser - this is the sole UI. It appears to be a huge downgrade, reason unknown.
This is the Hyperspace version, which I think is "QuickWeb 3." Functionally, it's a middle ground; it has Skype and email, plus these widgets (which, again, still work; I connected to wifi and both the CNN and BBC headline widgets populated.) Otherwise, it is still very barebones, not much better than "QuickWeb 1" from the looks of things.
As noted, there is nothing worth discussing about the OSes themselves. It's mostly just fascinating that Hyperspace continued to have a life at all, and kind of a disappointment that HP's vision of its future didn't include any of its advanced implementations, and in fact didn't even include the office suite or anything that made it more interesting than Splashtop.
Anyway, let's get into the new shit.
While investigating QuickWeb, I began finding mentions of something called QuickLook. At first, it wasn't clear if this was two names for the same thing, but it became apparent that QuickLook was a distinct product, because I learned that certain models (e.g. EliteBook 8440p) had another separate button for launching it.
Let me reiterate: Certain HP laptops have three power buttons that launch different OSes. That slaps all on it's own.
But what is Quicklook?
It's not an "OS." It's a program. Literally - it turns out to be "HP_TOOLS\QuickLook\QuickLook.efi", a standalone EFI application. Normally you only see those in the form of OS bootloaders, BIOS config utilities, or maybe a very limited motherboard/laptop vendor recovery or firmware flashing tool. But EFI apps are just binaries, and EFI is a limited "OS" that provides a set of libraries, so you can conceivably write many complex programs to run inside of it.
HP decided to write Outlook.
QuickLook is an email and calendar app that you can launch directly instead of booting a normal OS. I need to stress that, as far as I can tell, this is not Linux, this is not DOS, this is not anything. This is a bespoke standalone program, written in C (there are .c files mentioned all throughout the .EFI, which is just a Windows-format .EXE with a different name.) It leverages EFI's basic mouse/keyboard/graphics APIs, like "Absolute Pointer Protocol" and "Graphics Output Protocol."
To reiterate, because I need to know you understand: HP wrote an email/calendar client completely from scratch that runs inside your system's BIOS.
When you press the QuickLook button (the left blue icon above; the right is QuickWeb), the machine powers on, POSTs, and then hard code in the EFI firmware checks for an attached hard drive with a partition called HP_TOOLS, then boots straight into Quicklook\QuickLook.EFI, and then that is what is running on your machine. Not Windows, not Linux. Your PC is natively running QuickLook.
So, how does it handle networking, SMTP/IMAP, and all the complexities of Outlook, without actually being Outlook? How does it read and write to your .OST database on your main NTFS partition without risking corruption? Well, naturally, it doesn't. This is another filthy hack.
When you install QuickLook, it installs a plugin for Outlook (only supported on 2003 and 2007) which periodically, at a configurable interval, copies the entire contents of your inbox and calendar to an XML file in HP_TOOLS. If you send an email or edit a calendar event from QuickLook, it just writes it to an XML file, and when you boot into Windows again, the Outlook plugin reads it and replicates those actions within the real user DB.
What I said was a lie: HP didn't reimplement Outlook at all. They wrote a generic email and calendar app, then wrote an Outlook connector for it.
This has implications.
When I first started Quicklook, it complained that there was no user data, and I had to install the Outlook plugin to fix that. But at this point, you may be wondering: if it's not actually touching the Outlook data file, then why do we even need Outlook, or Windows at all? The answer, as far as I know, is that you don't - and HP doesn't even claim that you do.
HP provides a document explaining how QuickLook works, which includes instructions on how to build the HP_TOOLS partition manually and populate it with the needed files. There is no claim that you must set this up using their official installer.
I haven't tried yet, but I can't think of a reason you couldn't do this from Linux, by simply making the partition and copying the files over. They aren't "blessed." There are no secret MBR entries. EFI is modern software, not a taped together pile of shit based on code from 1983 that only barely understands x64 and thinks it's booting from a floppy drive or a cassette port. It knows what AHCI is! It can just read the fucking filesystem! It doesn't need a hand up from some absurd preboot bodgery. This whole thing is just a bunch of files.
In addition, the data files are not complex:
There is nothing stopping you from writing your own script that reads a mail file from anything else - Thunderbird, or pine - and produces these files. QuickLook shouldn't care.
Not, of course, that you'd WANT to use QuickLook. It doesn't boot that much faster than a modern OS on an SSD. Nowadays, it's utterly pointless, and additionally, it runs like shit.
While UEFI is "an operating system" for many intents and purposes... it's not a very good one. Its APIs are very limited and unoptimized, and that's probably why the UI updates at maybe 10fps. The mouse cursor doesn't even move smoothly. It really looks and feels like crap, and that's most likely because HP's devs had to write their own widget set, there's no 2D graphics acceleration, no multithreading, and the API may not even allow access to the framebuffer except through extremely crude, unoptimized full-screen updates.
Think of how the BIOS config on your motherboard from 2012 performed, then imagine trying to use that as an operating system. Oof. So just like Splashtop and Hyperspace, it's pointless, but it is neat - though sadly not as neat as the absurd ACPI horseshit from the last article.
However, I had not yet reached the end of my discoveries.
I was able to install QuickLook and QuickWeb on the machines I bought by simply downloading them from HP's driver site. Bless them, sort of. But while trying to find a specific version for a particular machine, I saw a link to a download for something called "HP DayStarter." The description was... concerning.
The HP DayStarter displays Microsoft Outlook calendar information and custom messages while Windows loads on supported notebook models with supported operating systems.
My reaction was "I'm sorry. What," and it kinda still is.
I found this screenshot:
Daystarter purports to show you your calendar while Windows is booting. And, okay, so what - they're just replacing the bootsplash image, like we all did on Windows 98 and XP when we were 13.
No. It steps through your week as it boots. And you can hit keyboard shortcuts to pause or clear it. This is a program that runs while Windows boots.
I don't... really... need to explain that this isn't possible. As-written: no, this isn't a thing, this can't be done, and I don't just mean "it's hard and messy," I mean this should not be possible.
I am no systems programmer (nor have I passed the bar) but I know a little bit. The moment any Windows based on NT begins booting, the system is in protected mode. As the name suggests, this is a security feature, to prevent programs from doing things that endanger the reliability of the system.
As soon as the Windows kernel begins executing, it has total dominion over the PC. Nothing else is allowed to run - nothing else can run. The CPU is executing only the Windows kernel code. If anything else attempts to write to system memory - such as the VGA framebuffer - without the kernel's permission, it would result in a hardware-level exception, which the kernel would trap and discard.
I'm overstating the point however. It doesn't matter that something else couldn't touch system memory, because there's just simply no way to execute other code. At this point in the boot process, your computer is like a MOS 6502 from 1979. It's a Turing machine. Each byte of machine code from the Windows kernel is executed in order, it does exactly what Microsoft coded it to do, and then the instruction pointer either advances or jumps to another location that the Windows kernel chooses.
There are no cracks into which to get your fingers. It's like asking "what if my hand passed through this brick wall, how would we handle that scenario?" It's not going to happen because it's logically impossible.
So I installed QuickLook and rebooted the laptop.
Holy fucking hell. They really did it, the madmen. But how. Fucking how did they do this, when it should be physically impossible?
The first answer that comes to mind is "they hacked the OS", but A) it would instantly get reverted by Microsoft SFC, B) it would instantly break as soon as you installed any OS patches, and C) nah. Just nah. HP did not write a program that binary-patches NTOSKRNL.COM. That isn't even on the table.
But... what else is left? What could they possibly have done to accomplish this?
If you can believe this: It's worse than Hyperspace Dual.
We don't have full documentation on how this works, but we have enough to assemble a working theory.
What we do know is that the Quicklook plugin for outlook creates a DayStarter folder on HP_TOOLS, and whenever a sync occurs, it reads your calendar and spits out 7 JPEG files. For instance:
This is one of the files it generated. These, again, are simply files in the FAT32 filesystem.
When you enable HP Daystarter (it's a setting in the BIOS setup), I believe that there is a piece of hard code in the firmware that activates. In other words, this is not an EFI application being loaded off the HDD like QuickWeb and QuickLook. There's no "Daystarter.efi", and that makes sense - if you booted into that, you wouldn't be booting Windows.
Maybe it's chainloading into Windows? Well, this machine shipped with Windows 7, which didn't even get UEFI support until very late in its lifespan. It was almost certainly shipped in UEFI-CSM mode (aka BIOS mode,) and that's how it's working on my specimen. So they wouldn't be able to launch an EFI app, then chainload into a BIOS app - at least, all the universal bootloaders I've tried claim that this is impossible, and I'm sure if that wasn't the case they would be willing to do it.
The theory partly suggested by mxshift (who isn't on here, but we chat on discord and they do x86 firmware programming) is that Daystarter gets loaded by HP's EFI (i assume before it goes to CSM mode) and traps a certain interrupt or IO access. As Windows is starting, it keeps updating the VGA framebuffer to move the progress bar. Daystarter traps that event, throws it away, and instead writes its own content to the framebuffer. It also uses this opportunity to check the keyboard buffer for an F4 or F3, so it can take user input.
But wait - how is that code running? Windows is in protected mode at this point, what would be allowed to supersede it?
Per the slide reproduced above: Daystarter runs from goddamn System Management Mode.
I had never heard of SMM before today. Apparently this was introduced on the 386SL CPU (supposedly, to implement software-based thermal management features) and operates with a privilege level even higher than ring 0 (where the Windows kernel lives) with access to do virtually anything. It's a well-guarded feature, apparently, but hey - HP writes their own firmware. They can do whatever the hell they want.
So Daystarter is - naturally! - a horrifying abuse of a hardware feature not intended for this at all. I'm told SMM has been leveraged before for many things it wasn't intended for, such as the implementation of USB legacy keyboard support, but this feels like it's just not justified.
Because, let's be real here: This is absurd! This is all so fucking absurd!
I have this long running theory about computer hardware manufacturers: They're miserable, and terrified.
I have written many times, from different angles, about what I think capitalism sees in Technology as a whole. The basic loop has been the same for over a century:
Invent a thing
Convince a group of people (hopefully "everyone") that it will make them happier
Make lots of profit by selling people your vacuum cleaner
MARKET SATURATION! Everyone has a vacuum and nobody needs a new one.
Invent a new vacuum with a stronger motor OR a quieter motor OR a longer hose OR a better beater OR lighter weight
Make lots of profit by selling people your new vacuum; they throw out their old one.
Now look at PCs, from the perspective of a vendor like HP or Dell:
Assemble a thing out of parts you had nothing to do with: an Intel CPU and chipset, Realtek audio, nVidia GPU, and so on
Convince a group of people that yours is the cheapest or most reliable
Make lots of profit by selling people the exact same thing your competition has
This is a much tougher row to hoe. The whole latter part of the loop is missing. How does Dell convince you that their machine has a new greeble, a new button, a new lever? They can't. It's impossible for them to add one, the PC doesn't work that way. The basic motherboard has to be wired up exactly the same way in every single machine in the world; all functions beyond basic CPU, memory and boot have to be provided by standardized components - USB, PCIe, or m.2. They have to work the same as all others of their type.
This means that Dell can't sell you a machine with a feature that isn't just a PCIe card or a USB device. Sure, maybe they could invent a device that uses those interfaces and refuse to sell it through any other channels except with their PCs - but I challenge you to come up with such a device that A) would be so compelling that it would make someone buy a Dell just to have it, and B) wouldn't be cloned as a generic product a week later. It's impossible.
It's even worse for motherboard vendors. All these companies are is turnkeys. They take the Intel socket of the month, Intel chipset of the month, and whichever other jellybean parts are current and glue them together. Is it easy? Probably not, but nobody cares.
Yeah, people have always had opinions. They'd say "all Gigabyte boards are trash" - it's patent nonsense, and we all know it. People used Gigabyte or Abit or ECS boards for years with no real trouble. Sometimes a bad chipset came out, like the nForce, but that wasn't the board mfgr's fault. The only thing they ever really fucked up was the capacitor situation, and you better BELIEVE the vendors all rode THAT shit when it was finally acknowledged as a real problem. There were (and I think still are) motherboard boxes with MASSIVE wordart text proclaiming JAPANESE POLYMER CAPS as the highest-billed feature.
Because, yeah - what the hell else can a motherboard vendor offer? They aren't allowed to do anything! Their board HAS to work exactly the same as all others or it's useless trash. And how could they add any functionality anyway? They're essentially selling you the middle of a machine. All the parts you bolt on see it as a black box that's supposed to work a very specific way. It's logically impossible for anything the motherboard does to affect how the computer works; it's simply a junction box.
In the mid 2000s, Abit and ASUS and MSI were going batshit. They couldn't figure out what to do - the market for DIY PCs was huge, probably even moreso than now, but the only levers they had access to pull were thermal management and overclocking - so you better believe they rode it as hard as they can. That's when we started getting these grotesque, screen-filling overclocking apps with gallons of Graphic Design dumped on them; huge virtual gauges trying to turn "adjusting a voltage rail by .01V" into Some Matrix Shit.
It's also when Asus sold at least one board with a complete 5.25" front drive bay panel dedicated to resetting your CMOS settings.
Yeah, I know, I know. Overclockers did need to do that a lot. But that's not why ASUS made such a big deal out of it. It was this great big army-green panel with caution stripes and a molly cover over the switch. Asus was so fucking pumped that they finally got to expose the one actual function their board had. Motherboards can't have buttons! This was the only one that could ever exist, and for 15 years it only got pressed once every five years. Asus were beside themselves that they finally got to have a feature.
I saw CMOS reset switches dressed up in so many ways, because that's all they had. And when EFI came along and gave motherboard vendors something, anything at all to customize, they ate it up. Every single motherboard has a completely different (and uniquely unnavigable) CMOS setup because, again, this is the only lever they can pull.
So, comparing to the situation in question:
Imagine being a product designer at HP, in the very weird year of 2010, and having some fucking VP storm in and go "We have to deliver Features for Executives. We're selling $1500 notebooks to them, but Dell has exactly the same set of ins and outs as us. We need Features."
You just stare at the guy, and slowly go, "We're... a motherboard. That's all we are, Bob. We can't have features. Everything that happens once the computer is on is inside Windows, and we aren't allowed to touch it."
And Bob tells you you're fucking fired, and turns to the next person and says the same thing. He repeats this until someone blurts out the dumbest idea anyone's ever had, and Bob goes "That's it, make that."
What do executives do on their computers? Outlook. It's the only program they run. It's why you can't sell them anything - what, more RAM? Outlook runs fine in two gigs, even now, especially then. More CPU power? Same answer. A GPU? To do what? And that's all a computer manufacturer can do - stick in more jellybean parts that someone else made.
How do you make a computer somehow better at Outlook? The answer is that you can't, it's impossible. Windows controls the whole machine and Microsoft controls Outlook, HP can't stick their fingers in and somehow enhance the Outlook experience. So, they touched the only thing that Microsoft didn't control: The pre-boot experience.
Does it make sense to write a whole separate OS, just so an executive doesn't have to wait an extra 30 seconds to see their email? Of course not. This was also 2011, and SSDs existed. It would have cost less to just bundle an SSD, and would have worked better. Sleep and hibernate were also pretty functional by then. It would have been, and almost certainly was, faster to just put your machine to sleep and wake it up normally. But no, we need a feature. So HP wrote one of the only standalone EFI applications in existence.
And then they were out of ideas. Quasi-Outlook can now load in 15 seconds! Uh. Now what? What's left to attack?
Well... what if they are intending to get into Windows? We can't speed that up (on a 5400rpm spinning disk that our absolutely oblivious cost-reduction specialists forced us to include) - so what if we were able to at least display their calendar 15 seconds sooner?
Was this worth it? Worth inventing completely new forms of software, worth injecting code into the fucking thermal management layer that overrides parts of the Windows boot sequence and risks corrupting main RAM and rendering the machine unusable, all for a fucking 15 second speedup? Of course not. But it's the only lever they could pull, and it's better than getting fired because your position, and your business, and the company you work for, have been redundant for a decade.
Other articles in this series:
List of Articles