Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday July 11, @12:43AM   Printer-friendly
from the ought-to-give-Windows-the-boot dept.

AMD Ryzen PRO 6860Z powered Lenovo Z13 notebook with Microsoft Pluton co-processor can't boot Linux operating systems

Phoronix reports that AMD powered ThinkPad Z13 laptop featuring Ryzen 6000 PRO Zen3+ series has problem booting Linux operating systems. This has been discovered by Matthew Garrett who shared the news on his website.

This laptop is equipped with Lenovo exclusive AMD Ryzen PRO 6860Z processor with built-in Microsoft Pluton security co-processors. This is a dedicated chip that is supposed to increase security for Windows systems by verifying UEFI certificate keys. The problem is that it only trusts Microsoft's key, not any 3rd party UEFI keys that are used by various Linux distributions.

This essentially means that Lenovo ThinkPad Z13 simply cannot run any Linux system. This laptop ships with Windows 11 by default and while there is no mention of Linux support anywhere, one could also argue that nowhere does it say it cannot boot Linux (and yes we have checked various official specs and press releases).


Original Submission

 
This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 5, Interesting) by drussell on Monday July 11, @12:26PM

    by drussell (2678) Subscriber Badge on Monday July 11, @12:26PM (#1259742) Journal

    I only agree to a point. It's not as big of a story as if Linux couldn't be installed on these laptops. But it's still a story.

    It isn't just "these" laptops, though.

    ANY and ALL PC models from any manufacturer that are sold now with Windows pre-installed which wish to have the "Secured-core PCs" certification will have the 3rd party certs disabled when shipped.

    As long as the option is there to disable the restriction, I don't see what the problem is.

    The certs are already loaded on the machine. If you want to boot to Linux, you need to disable the silly Microsoft Windows-only "security seal" but as long as the option is actually there to do that, the certs required to secure-boot Linux or other OSs, what's the issue?

    Sure, if you work for a bank or something and they supply you a laptop for which they won't give you access to the UEFI password to disable it, you won't be able to even boot Linux from a USB stick but that is the whole point of the bank you work for locking down their computer. Why would that be an issue?

    Starting Score:    1  point
    Moderation   +3  
       Interesting=3, Total=3
    Extra 'Interesting' Modifier   0  
    Karma-Bonus Modifier   +1  

    Total Score:   5