Phoronix reports that AMD powered ThinkPad Z13 laptop featuring Ryzen 6000 PRO Zen3+ series has problem booting Linux operating systems. This has been discovered by Matthew Garrett who shared the news on his website.
This laptop is equipped with Lenovo exclusive AMD Ryzen PRO 6860Z processor with built-in Microsoft Pluton security co-processors. This is a dedicated chip that is supposed to increase security for Windows systems by verifying UEFI certificate keys. The problem is that it only trusts Microsoft's key, not any 3rd party UEFI keys that are used by various Linux distributions.
This essentially means that Lenovo ThinkPad Z13 simply cannot run any Linux system. This laptop ships with Windows 11 by default and while there is no mention of Linux support anywhere, one could also argue that nowhere does it say it cannot boot Linux (and yes we have checked various official specs and press releases).
(Score: 5, Interesting) by drussell on Monday July 11 2022, @12:26PM
It isn't just "these" laptops, though.
ANY and ALL PC models from any manufacturer that are sold now with Windows pre-installed which wish to have the "Secured-core PCs" certification will have the 3rd party certs disabled when shipped.
As long as the option is there to disable the restriction, I don't see what the problem is.
The certs are already loaded on the machine. If you want to boot to Linux, you need to disable the silly Microsoft Windows-only "security seal" but as long as the option is actually there to do that, the certs required to secure-boot Linux or other OSs, what's the issue?
Sure, if you work for a bank or something and they supply you a laptop for which they won't give you access to the UEFI password to disable it, you won't be able to even boot Linux from a USB stick but that is the whole point of the bank you work for locking down their computer. Why would that be an issue?