AMD Ryzen PRO 6860Z powered Lenovo Z13 notebook with Microsoft Pluton co-processor can't boot Linux operating systems
Phoronix reports that AMD powered ThinkPad Z13 laptop featuring Ryzen 6000 PRO Zen3+ series has problem booting Linux operating systems. This has been discovered by Matthew Garrett who shared the news on his website.
This laptop is equipped with Lenovo exclusive AMD Ryzen PRO 6860Z processor with built-in Microsoft Pluton security co-processors. This is a dedicated chip that is supposed to increase security for Windows systems by verifying UEFI certificate keys. The problem is that it only trusts Microsoft's key, not any 3rd party UEFI keys that are used by various Linux distributions.
This essentially means that Lenovo ThinkPad Z13 simply cannot run any Linux system. This laptop ships with Windows 11 by default and while there is no mention of Linux support anywhere, one could also argue that nowhere does it say it cannot boot Linux (and yes we have checked various official specs and press releases).
(Score: 5, Touché) by HiThere on Monday July 11 2022, @02:55AM (5 children)
It's not a non-story if you'd been thinking of buying one.
(Score: 2) by drussell on Monday July 11 2022, @12:34PM (4 children)
In what way?
You thought you would not be able to use Linux on a Z13?
That isn't true. It works fine. Even with Secure Boot enabled.
(Score: 2) by HiThere on Monday July 11 2022, @01:08PM (3 children)
I don't like having to fight with my system to get it to work. If they have it set up so that I need to jump through extra hoops, I'll look elsewhere.
(Score: 3, Insightful) by drussell on Monday July 11 2022, @01:19PM (2 children)
Just buy the model pre-loaded with Linux then, if you don't want to "jump through the hoops" of installing it yourself.
It will have the 3rd-party certs enabled out-of the box and some sort of Linux distro pre-installed.
(Score: 2) by Gaaark on Monday July 11 2022, @09:26PM (1 child)
The problem is if someone is interested in getting into linux, it's just one more step they have to go through where the "Oh, God, will something go wrong?" factor will crop up and make them hesitate.
Let's say they bought the computer with Windows, but now want to try linux as well:
Try explaining something to someone, remotely, how to get into their bios ("try Tab...maybe F3... errrmmm, how about...."), then get them to where they change the mode and then how to save those changes. It's scary enough for them just doing a partitioning of the hard drive, especially if they don't want to lose their existing data.
MS has forced unnecessary things onto OEM's to try to make a piece of shit operating system not so big a piece of shit. MS says they love linux and open source... I call shenanigans!
--- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
(Score: 3, Touché) by drussell on Tuesday July 12 2022, @12:54AM
You'll take the time to explain to "that someone" how to go into the BIOS to enable "Boot from USB," yet not explain how to "Enable 3rd-party Secure Boot" while they're in there?!
That's where you choose to draw the line on helpfulness for a noob?!
You think someone should blindly try re-partitioning their hard disk without knowing at least how to go into the BIOS and "Enable 3rd-party CA for Secure Boot?" Really?!
It seems you're now just being disingenuous...
Did you even bother to read the linked Lenovo instructions at:
I don't see how Lenovo could make it any more clear for a noob.
Sure, even other guy, like this bloke that works at Dell doesn't like the default being "disabled" and apparently advocated otherwise, ie:
...but like it or not, it is now a Microsoft requirement for "secure pre-loaded Windows." You're going to see this everywhere.
It's not Lenovo or Dell to blame here, they're at least sometimes, somewhat trying for sane defaults, yet as long as the option is there IN the BIOS by default, I suppose I really don't have a problem with this particular variety of Microsoft shenanigans. For example, it's not nearly as bad as full-on "Restricted Boot", and they do have at least a bit of an argument for trying to secure the boot process somehow given the number of easy rogue exploits, though I do HIGHLY disagree with their particular choice of methods.
Like it or not, you're going to have to expect this going forward, but why not save the wrath for manufacturers who actually don't allow you to boot anything other than Windows? Why single out this model of Lenovo? For clickbait?!