Phoronix reports that AMD powered ThinkPad Z13 laptop featuring Ryzen 6000 PRO Zen3+ series has problem booting Linux operating systems. This has been discovered by Matthew Garrett who shared the news on his website.
This laptop is equipped with Lenovo exclusive AMD Ryzen PRO 6860Z processor with built-in Microsoft Pluton security co-processors. This is a dedicated chip that is supposed to increase security for Windows systems by verifying UEFI certificate keys. The problem is that it only trusts Microsoft's key, not any 3rd party UEFI keys that are used by various Linux distributions.
This essentially means that Lenovo ThinkPad Z13 simply cannot run any Linux system. This laptop ships with Windows 11 by default and while there is no mention of Linux support anywhere, one could also argue that nowhere does it say it cannot boot Linux (and yes we have checked various official specs and press releases).
(Score: 3, Touché) by drussell on Tuesday July 12 2022, @12:54AM
Oh, sure...
You'll take the time to explain to "that someone" how to go into the BIOS to enable "Boot from USB," yet not explain how to "Enable 3rd-party Secure Boot" while they're in there?!
That's where you choose to draw the line on helpfulness for a noob?!
You think someone should blindly try re-partitioning their hard disk without knowing at least how to go into the BIOS and "Enable 3rd-party CA for Secure Boot?" Really?!
It seems you're now just being disingenuous...
Did you even bother to read the linked Lenovo instructions at:
https://download.lenovo.com/pccbbs/mobiles_pdf/Enable_Secure_Boot_for_Linux_Secured-core_PCs.pdf [lenovo.com]
I don't see how Lenovo could make it any more clear for a noob.
Sure, even other guy, like this bloke that works at Dell doesn't like the default being "disabled" and apparently advocated otherwise, ie:
...but like it or not, it is now a Microsoft requirement for "secure pre-loaded Windows." You're going to see this everywhere.
It's not Lenovo or Dell to blame here, they're at least sometimes, somewhat trying for sane defaults, yet as long as the option is there IN the BIOS by default, I suppose I really don't have a problem with this particular variety of Microsoft shenanigans. For example, it's not nearly as bad as full-on "Restricted Boot", and they do have at least a bit of an argument for trying to secure the boot process somehow given the number of easy rogue exploits, though I do HIGHLY disagree with their particular choice of methods.
Like it or not, you're going to have to expect this going forward, but why not save the wrath for manufacturers who actually don't allow you to boot anything other than Windows? Why single out this model of Lenovo? For clickbait?!