Stories
Slash Boxes
Comments

SoylentNews is people

posted by janrinok on Monday July 11, @12:43AM   Printer-friendly
from the ought-to-give-Windows-the-boot dept.

AMD Ryzen PRO 6860Z powered Lenovo Z13 notebook with Microsoft Pluton co-processor can't boot Linux operating systems

Phoronix reports that AMD powered ThinkPad Z13 laptop featuring Ryzen 6000 PRO Zen3+ series has problem booting Linux operating systems. This has been discovered by Matthew Garrett who shared the news on his website.

This laptop is equipped with Lenovo exclusive AMD Ryzen PRO 6860Z processor with built-in Microsoft Pluton security co-processors. This is a dedicated chip that is supposed to increase security for Windows systems by verifying UEFI certificate keys. The problem is that it only trusts Microsoft's key, not any 3rd party UEFI keys that are used by various Linux distributions.

This essentially means that Lenovo ThinkPad Z13 simply cannot run any Linux system. This laptop ships with Windows 11 by default and while there is no mention of Linux support anywhere, one could also argue that nowhere does it say it cannot boot Linux (and yes we have checked various official specs and press releases).


Original Submission

 
This discussion was created by janrinok (52) for logged-in users only, but now has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by drussell on Monday July 11, @12:34PM (4 children)

    by drussell (2678) Subscriber Badge on Monday July 11, @12:34PM (#1259744) Journal

    In what way?

    You thought you would not be able to use Linux on a Z13?

    That isn't true. It works fine. Even with Secure Boot enabled.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by HiThere on Monday July 11, @01:08PM (3 children)

    by HiThere (866) on Monday July 11, @01:08PM (#1259755) Journal

    I don't like having to fight with my system to get it to work. If they have it set up so that I need to jump through extra hoops, I'll look elsewhere.

    --
    Javascript is what you use to allow unknown third parties to run software you have no idea about on your computer.
    • (Score: 3, Insightful) by drussell on Monday July 11, @01:19PM (2 children)

      by drussell (2678) Subscriber Badge on Monday July 11, @01:19PM (#1259761) Journal

      Just buy the model pre-loaded with Linux then, if you don't want to "jump through the hoops" of installing it yourself.

      It will have the 3rd-party certs enabled out-of the box and some sort of Linux distro pre-installed.

      • (Score: 2) by Gaaark on Monday July 11, @09:26PM (1 child)

        by Gaaark (41) Subscriber Badge on Monday July 11, @09:26PM (#1259920) Journal

        The problem is if someone is interested in getting into linux, it's just one more step they have to go through where the "Oh, God, will something go wrong?" factor will crop up and make them hesitate.

        Let's say they bought the computer with Windows, but now want to try linux as well:

        Try explaining something to someone, remotely, how to get into their bios ("try Tab...maybe F3... errrmmm, how about...."), then get them to where they change the mode and then how to save those changes. It's scary enough for them just doing a partitioning of the hard drive, especially if they don't want to lose their existing data.

        MS has forced unnecessary things onto OEM's to try to make a piece of shit operating system not so big a piece of shit. MS says they love linux and open source... I call shenanigans!

        --
        --- Please remind me if I haven't been civil to you: I'm channeling MDC. ---Gaaark 2.0 ---
        • (Score: 3, Touché) by drussell on Tuesday July 12, @12:54AM

          by drussell (2678) Subscriber Badge on Tuesday July 12, @12:54AM (#1259984) Journal

          Oh, sure...

          You'll take the time to explain to "that someone" how to go into the BIOS to enable "Boot from USB," yet not explain how to "Enable 3rd-party Secure Boot" while they're in there?!

          That's where you choose to draw the line on helpfulness for a noob?!

          You think someone should blindly try re-partitioning their hard disk without knowing at least how to go into the BIOS and "Enable 3rd-party CA for Secure Boot?" Really?!

          It seems you're now just being disingenuous...

          Try explaining something to someone, remotely, how to get into their bios ("try Tab...maybe F3... errrmmm, how about...."), then get them to where they change the mode and then how to save those changes.

          Did you even bother to read the linked Lenovo instructions at:

          https://download.lenovo.com/pccbbs/mobiles_pdf/Enable_Secure_Boot_for_Linux_Secured-core_PCs.pdf [lenovo.com]

          I don't see how Lenovo could make it any more clear for a noob.

          Sure, even other guy, like this bloke that works at Dell doesn't like the default being "disabled" and apparently advocated otherwise, ie:

          Just as a counter-example, we advocated very strongly to keep the 3rd party UEFI CA in our default DB for all configs to support customer flexibility. You'll have to figure out who else was in the room for these conversations for yourself... #iwork4dell

          ...but like it or not, it is now a Microsoft requirement for "secure pre-loaded Windows." You're going to see this everywhere.

          It's not Lenovo or Dell to blame here, they're at least sometimes, somewhat trying for sane defaults, yet as long as the option is there IN the BIOS by default, I suppose I really don't have a problem with this particular variety of Microsoft shenanigans. For example, it's not nearly as bad as full-on "Restricted Boot", and they do have at least a bit of an argument for trying to secure the boot process somehow given the number of easy rogue exploits, though I do HIGHLY disagree with their particular choice of methods.

          Like it or not, you're going to have to expect this going forward, but why not save the wrath for manufacturers who actually don't allow you to boot anything other than Windows? Why single out this model of Lenovo? For clickbait?!