Slashdot Mirror
Lenovo UEFI Bug Only Likes Windows and RHEL
New submitter Nagilum23 writes "It looks like Lenovo only knows of Windows and RHEL where their Thinkcentre M92p desktop is concerned. While investigating UEFI boot issues, Matthew Garrett found the PC's firmware actually checks the descriptive string for the operating system, and will prevent unlisted operating systems from booting. Garrett writes, 'Every UEFI boot entry has a descriptive string. This is used by the firmware when it's presenting a menu to users - instead of "Hard drive 0" and "USB drive 3", the firmware can list "Windows Boot Manager" and "Fedora Linux". There's no reason at all for the firmware to be parsing these strings. ... there is a function that compares the descriptive string against "Windows Boot Manager" and appears to return an error if it doesn't match. What's stranger is that it also checks for "Red Hat Enterprise Linux" and lets that one work as well. ... This is, obviously, bizarre. A vendor appears to have actually written additional code to check whether an OS claims to be Windows before it'll let it boot. Someone then presumably tested booting RHEL on it and discovered that it didn't work. Rather than take out that check, they then addded another check to let RHEL boot as well."
Note that this isn't a SecureBoot issue. Lenovo is aware of the problem and looking into it.
Momma always said stupid is as stupid does
... my guess would be VERY. No problem here for haxors. For the rest of us, just don't buy this crap.
[uses gas chromatograph to detect type of gasoline in tank]
"We're sorry, but you have not used manufacturer-approved fuel. Car can not be started."
I guess what we need is the equivalent of spoofing the "user-agent" string for booting operating systems now? Silliness.
You keep using that word. I don't think it means what you think it means.
It's not a bug if it's by design, and this is clearly intended behavior.
As a user of Lenovo desktops and laptops for the last 20 years, I haven't had a single problem like this before. I reckon it's a cock up or an outsourcing fail (they probably outsource their firmware). As for the fix, that's just being stupid.
Never ascribe to malice what can be explained by Microsoft getting desperate.
I don't see how you can consider this a "bug"? You don't just "accidentally test a string for a specific value". This is clearly intentional operation, not a bug.
I work for the Department of Redundancy Department.
That's a great idea. Someone who wrote a virus to boot before the OS would never think to tell UEFI that it was the Windows Boot Manager. /s
The truth is that all men having power ought to be mistrusted. James Madison
it's ok.
let MS kill the PC.
there will always be other new hardware.
RHEL may have been used in manufacturing test.
I used to like IBM and Lenovo computers. But his offends me.
Lenovo limits your OS choice. Obviously there is a reason...and the likely one is that the OS choices they steer you towards are the ones that have the handy back doors installed for remote monitoring. Isn't that what you would do if you needed to monitor users?
Perhaps Lenovo wishes to find out how much of a consumer backlash they'll get when they bring in Secure Boot? If only a tiny fraction of users notice this OS-locker, then they can be reasonably sure that Secure Boot will be accepted with equal ease.
if it must frob for strings, let's all just agree to put "grub" in there.
Looking into it my arse. You have to write code to check this, and there is no good reason at all to check it.
UEFI is pretty much a case of fixing what isn't broken, yet with any software project its bound to have bugs in the first few iterations.
And, oh boy does it. name brand motherboards that brick when flashed, systems that don't power off correctly, systems that take minutes to post, the usual issues with incorrect ACPI table entries, the list goes on.
Basically, its replacing one fairly stable code base, that the motherboard vendors often got wrong, with a completely new untested one that is 10x as complicated. You do the math.
Linus had another rant about it recently called "The abomination called EFI".
BTW: Gigabyte has a number of traditional motherboards that can boot GPT partitions, effectively removing the _ONE_ useful new feature in EFI.
Because I'm lazy, I'll just copy and paste a comment I made in another thread about TPM
Ever since TPM was created, we're always just a few bits and bytes away from having it leveraged against us, by them.
And by "us" I mean "the computer users."
By "them" I mean "the hardware manufacturers and software/media companies."
Example: The newest motherboards don't *need* the ability to disable trusted boot. Heck, it'd have been easier to not include it!
We're more or less at the mercy of a small number of companies and their design decisions.
I recently found out, while looking at new laptops, that Lenovo & HP like to put whitelists of wireless cards into the BIOS.
Someone hacked the BIOS and other cards will work, but for whatever reason, Lenovo/HP doesn't want you to use a storebought card.
[Fuck Beta]
o0t!
As despicable as this is, on the other hand, it sort of implies that RHEL is certified to work with this machine.
Y'all are just a bunch of socialists. OooOOOoo! It's so cool to "share" Well that gravy train is pulling into the station, once and for all, comrade. RedHat may not be a good capitalist company like Microsoft, but at least they make you pay for their operating system. Yes sir, by gawd. It's great to see that some true-blue Amurican hardware companies are doing their patriotic duty to save American jobs in Redmond and... where is that they write that Linux thing again? Oh..., wait.
Manufacturers shouldn't be able to tell the users of their hardware what software can be used on their hardware.
I agree with you that they shouldn't be able to. But in the real world, manufacturers of computing devices for home use have been getting away with walled gardening since 1986 when the NES and Atari 7800 came out.
So, it is broken by design. Designed to fail.
They don't advertise miniPCI slots as available on the system. They advertise 802.11 B/G/N and Bluetooth 3.0 + EDR and or/WiDi support.
They simply have included wireless functionality that happens to use miniPCI slots rather than being soldered to the main board.
The fact that you can pull the system apart, and insert a different card in there isn't an advertised end user feature, and they clearly don't support it on their low end hardware to keep support costs (and thus unit costs) down.
They only use a miniPCI Card in there so that they can offer different models with the same mainbaord and different capabilities, and so that they can swap out a bad card if they get a machine in for repair. It's not an advertised end user feature.
Gone full retard.
Why, yes it is a SecureBoot issue.
CAPTCHA = misspell
Hell, I just bought a new VAIO laptop and upgraded from Windows 8 to Windows 8 Pro and I couldn't get it to boot in UEFI mode!!! Thank goodness for the Legacy mode or I would have been SOL.
As seen here,
http://www.csis.pace.edu/~bergin/patterns/ppoop.html
This whole issue could have been avoided if the developers didn't use the "Hacker Solution", but instead... well, read the paper.
Always fighting for the users.
Can PLoP Boot Manager work around this?
http://www.plop.at/en/bootmanager/index.html
That's what you get when you issue contracts to the lowest bidder. I'm personally aware of several instances just like this. One of my favorites was when a former employer elected to contract out the work for a database migration (same data, different table layout, with extra fields populated with default data). After several weeks of status updates indicating all was on track, the contractor demoed and delivered the finished product. Supposed due to contract conditions, engineering wasn't given access to the final product before the payment check was cut. We were horrified... What they'd done was a manual search and replace for the db version string and hacked up the test harness so it would output data that looked like a correctly completed query. We had our old db, with a new version and a crafted test harness used to simulate the final result.
Although IBM spun off their PC business to Lenovo a few years ago, IBM still almost exclusively buys Lenovo PCs for internal use. What are the 2 operating system images that IBM employees can choose to have installed on their PCs? MS Windows and Red Hat Enterprise Linux.
I had a very similar problem with an MSI motherboard, ANY boot entry that was not "Windows Boot Manager" would be removed from the firmware boot manager. I could boot Linux if I named the boot entry "Windows Boot Manager" after countless emails to tech support and patching the firmware myself MSI finally accepted it was a defect and fixed it. I believe the root cause of the problem was a bug in a function in the firmware boot manager that would remove stale UEFI boot entries (removable's, USB, DVD, etc) the bug would remove ALL the entries, SO they fixed it by using a string compare against "Windows Boot Manager" and the boot entry description, problem solved.
If the designers at Lenovo MEANT for a particular bizarre outcome, then that's bad design.
If they MEANT any UEFI bootloader with a trusted signature to boot, but they wrote the design documents incorrectly and the programmers did what they were told or the design document wasn't clear and the coders had the freedom to do what they did without violating the design documents, then that's a design bug.
If the programmers were told to do things one way but they deliberately did it another way without clearing it with the designers or management, that's a meatware coding bug. If management cleared it without clearing it with the designers, that's a meatware management bug.
On the other hand, if the coders did something like
#if TRUE
#else
#endif
and they simply forgot to go back and change TRUE to FALSE, that's a code bug and probably a project-management bug as well.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
You can walk into the nearest Walmart and play with a couple of the latest and cheapest Android tablets.
Until Apple sues Android to death.
Besides, why the requirement? I haven't used a "showroom" for my computer purchases since my very, very first one, way back when.
Let me guess: all your computers are desktop computers, whose keyboards are replaceable. Without a showroom, I have no means to compare the feel of an input device to my hands. I recently bought a Bluetooth keyboard for my Nexus 7 tablet. When I discovered that its space bar was so short that my right thumb didn't reach it, I had to make an extra bus trip to the post office and pay to ship it back. See more about the disadvantages of the lack of a showroom.
Isn't this what Microsoft announced they wanted in the first place? It's too convenient to call it a "bug".
All of the above can be determined by reading tec h specs, or customer reviews
Which leaves what remedy once someone decides that after having tried to use the product, he disagrees with the reviews?
And now, a good tablet with keyboard can be cheaper than the cheapest laptops.
With "a good tablet with keyboard" that is "cheaper than the cheapest laptops", can I show more than one application's window at once? Can I even install a firewall or hosts file without having to use an exploit to gain access to unsupported administrative tools (commonly called "rooting")? I'd be interested to see what entry-level tablet with keyboard you recommend.
You can blame MicroFAIL (Microsoft) for all this incompability nonsense with UEFI. They are the ones who pushed it hard and used it to gain leverage against competing OS's. I also think restrictions like this are just the beginning of the end of the PC as we know it. As much as I despise tablets it looks like the future for PCs will be touchscreen-based harware running either proprietary or open source Operating Systems.