Slashdot Mirror
Lenovo Denies Claims It Plotted With Microsoft To Block Linux Installs (theregister.co.uk)
Reader kruug writes: Several users noted certain new Lenovo machines' SSDs are locked in a RAID mode, with AHCI removed from the BIOS. Windows is able to see the SSD while in RAID mode due to a proprietary driver, but the SSD is hidden from Linux installations -- for which such a driver is unavailable. Speaking to The Register today, a Lenovo spokesperson claimed the Chinese giant "does not intentionally block customers using other operating systems on its devices and is fully committed to providing Linux certifications and installation guidance on a wide range of products."
Complaints on Lenovo's forums suggest that users have been unable to install GNU/Linux operating systems on models from the Yoga 900S to the Ideapad 710S, with one 19-page thread going into detail about the BIOS issue and users' attempts to work around it.
Complaints on Lenovo's forums suggest that users have been unable to install GNU/Linux operating systems on models from the Yoga 900S to the Ideapad 710S, with one 19-page thread going into detail about the BIOS issue and users' attempts to work around it.
Here's the link to the actual story in case anyone was interested in reading it: http://www.theregister.co.uk/2...
manishs reporting live from the scene
I'm in the market for a new laptop, so I'll skip all of the Lenovos, and will pass that along to all of my clients. Thanks!
Politics; n. : A religion whereby man is god.
If you want to install Linux and a manufacturer doesn't support it, buy different hardware. I like OS X but I can't install that on most PC hardware, either. Not can I easily install Linux on devices like my iPhone 7, even though there would be value in doing so. Simply put, if you want to install Linux on a device and the manufacturer makes hardware that is unsupported or a configuration that makes installing Linux difficult, buy something else.
Often a minority group thinks it is being persecuted against because the majority doesn't go out of its way to make the minority welcomed.
I expect Lenovo wasn't really actively stopping Linux however they weren't actively trying to make something that Linux will work on either. They were making sure it would work for Windows though.
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
This is software modems all over again...
Comment removed based on user account deletion
Don't worry, the driver will be released along with GNU Hurd.
Define Linux? Seriously? Its the fucking kernel, that is Linux, the rest of the OS is GNU utilites.
Of course they didn't conspire to block Linux installs - it was all about providing security to the user, by preventing anyone from attacking the BIOS and the operating system. The fact that this includes the user, and prevents them from "attacking" the operating system by replacing it, is entirely unintentional - or so they'd have you believe.
Sarcasm aside, there is a lot of security-related motivation in attempts to lock down the BIOS, UEFI, etc. The problem is that much of this also has consequences, and we clearly can't rely on companies to simply keep our best interests at heart on their own - but that should come as a surprise to no one here.
"Now, please let me load Linux onto any Chromebook. That's what I really want."
Ok you can have Linux on your Chromebook, in fact you already do (ChromeOS uses the Linux kernel).
As explained in the slashdot story from 3.5 hours ago ...
A reddit poster offered this, in his link Lenovo says the dev team is working on it:
""[–]0xFFFFFF 89 points 7 hours ago*
Levono is aware of the issue and fixing it: https://forums.lenovo.com/t5/L...
It is on hackernews, where people are being rational and theorizing that this is not microsofts fault. More like best-buy rep doesn't know what he talks about and the SSD doesn't have support drivers in linux kernal.. Or lenova messed up their bios implementation.
Luckily we have the reddit witchhunt in full force, so we can make uninformed rants!
Note: Every single previous similar scenario about linux being locked out has not been microsofts fault, which is why people are sceptical that this is the case this time..
I also have a Signature Edition laptop, it runs linux fine..""
https://www.reddit.com/r/linux...
The Lenovo link has an official post saying:
"Re: Yoga 900-13ISK2 - BIOS update for setting RAID mode for missing hard drive on linux install Options
07-27-2016 10:04 AM
Thank you for confirming it is still not possible to install Linux on Yoga 900-13ISK2 systems.
This issue has been escalated to the Development team. I am unable to offer a timeframe for fix at this stage in the investigation. With previous cases, BIOS fixes have been delivered anywhere from several weeks to several months.
I will post again when I have more information on the investigation."
https://forums.lenovo.com/t5/L...
Not sure what to think of this. But in all honesty this is an issue because of the PC always being a good fit for other operating systems. Many people duel boot a Linux flavor along with Windows. Using Linux for certain tasks and Windows when they have too. Sounds like Microsoft is trying to do to a Signature PC what Chromebook's do. That is make it very hard to install anything but the native OS on the device. It does make this suspicious that Lenovo is the only company affected so far by this? Dell, HP Acer all sell notebooks on Microsoft's store as Signature PC's. Wonder if the Surface line has this same limitation? I have never heard anyone say this affects them?
This doesn't fit with the reply (from levono i assume) that the guy in the first story on /. said he got:
When he complained that he was unable to install Linux, the answer he got was: "This system has a Signature Edition of Windows 10 Home installed. It is locked per our agreement with Microsoft."
When he complained that he was unable to install Linux, the answer he got was: "This system has a Signature Edition of Windows 10 Home installed. It is locked per our agreement with Microsoft."
Define Linux? Seriously? Its the fucking kernel, that is Linux, the rest of the OS is GNU utilites.
Not according to Linus Torvalds, linux.com, the IEEE, etc... They all refer to both the kernel and the complete operating system as "Linux", the context of the discussion making it perfectly clear what it is that they are referring to. The operating system is named after the kernel and thereby they share the name.
The "rest of" Linux is far more then GNU utilities.
Missed a step somewhere. Turn off the RAID or change out the 2.5 disk. What is so hard with that? If you wanted to put linux on something, choosing Lenovo with Windows 10 was your first mistake. Secondly, there is no "RAID Lock in". All raid devices can be undone. GParted can remove this I believe. You're first fallacy was thinking that linux would work on lenovo out of the box. But sure, you tried to install Ubuntu so obviously you're a linux noob.
I applaud tour efforts. Now I don't have to worry about Linux hackers trying to access my data with their live CDs.
Now, please let me load Linux onto any Chromebook. That's what I really want.
That is what I did when I wanted a Linux laptop, repurposed a Chromebook.
Why? Because Windows laptops are well know to have Linux compatibility problems. There is no existing reasonable expectation of Linux compatibility for laptops as there is for desktops. Laptop compatibility is still a Linux wish list item. Buyers still have to do their homework.
I'll agree with you on proprietary RAID, but not on PCIE SSD. That's one of a few fairly standard choices to either move beyond the speed of SATA or just shrink the interface and hardware.
Precisely - is its interface worse than KDE or Gnome or LXDE or XFCE or LXQT or Razor-qt or any of the myriad DEs out there?
Wow. We're going to start to use that weird mental gyration again? When will you learn that Android is not Linux. They use the same kernel, yes but they don't offer the same functionality. When are you people going to get with the program and not sound like some Fandroids or It n00bs?
There's a world of difference and if you can't see that then I guess you probably don't know much about Linux and all it entails.
There are companies like Think Penguin and System 76 that are native GNU/Linux, which I find heartening. I was excited when Toshiba made laptops pre-loaded with Opensolaris not too long ago. Big companies will experiment once in a while, but it is the smaller companies that really cater to the needs of those who truly 'think different'. My personal contention is that these companies, as cool as they are, only use Intel CPU's and I would like native GNU/Linux or other distro's on an AMD machine. To be fair, AMD is not working very hard to make this happen. ATI/Radeon is a no-go if you are using a libre distro like Trisquel or expect a struggle if you use Slackware. (Though Debian distros are a lot easier.) Nouveau makes Nvidea easier. If you don't care or are not particular about your CPU, go with system 76 or think penguin or other indie computer manufacturers. I have ongoing dialogues with larger manufacturers and to them, the demographics of native Linux machines or even bothering to worry whether you can install your favorite distro is still beneath the radar to them. They don't care if you never once booted into a Windows environment yet still paid the Windows tax. To them, sales numbers trump all other considerations. I am glad people are giving Lenovo a hard time, but if you can, support companies who give a damn.
Never attribute to malice that which is better explained by stupidity, or it could always be malicious stupidity. What, you thought you had to be clever to be malicious?
Lenovo is total crap
aaaaaaa
If they haven't fixed this within the week, I'm going to consider this malicious intent. If they do, I'll consider it sloppy QA.
In either case Lenovo have lost considerable reputation in my eyes...and this isn't the first time they've walked the edge between malice and incompetence, so they were already sliding down. I doubt that I'll recommend them to anyone for any purpose after this, but new stories are always popping up, and this isn't yet egregious enough that I'm sure I'll remember them as "always avoid".
The reason for "within the week", is that by then my opinions will have set, and I'll have my attention off this story. It gets pretty hard to change my mind after that, and currently I'm leaning towards malicious.
P.S.: While I'm only talking for myself, I don't delude myself that my thoughts and opinions are unique. So for Lenovo time *is* of the essence. If I don't become convinced that they weren't malicious this story will tack on the addendum "and then they lie about it".
I think we've pushed this "anyone can grow up to be president" thing too far.
Which is wrong, it's not locked, that's just an incompetent person making up an excuse for a problem they don't understand. The real answer is it's configured to require RAID drivers that Ubuntu's install CD doesn't support yet.
What's stopping you?
Many chromebooks can have a seasbios legacy boot mode installed without risk at all.
Check this out, for instance.
https://johnlewis.ie/custom-ch...
I am posting this from a Celes right now.
Failing that, you could try Crouton:
https://www.linux.com/learn/ho...
The main issue with booting real linux on a chromebook is the use of the SPI bus instead of a legacy PCI bus. This makes for serious issues with getting SDCard slots, keyboards, and mice running.
Linux can fix that by adding better support for SPI based devices in mainline, but clearly it is google's fault. (rolls eyes)
Rather than wasting time working around the "problem" that should not be a problem, return the Lenovo shit and buy something from HP, Dell or Apple instead.
I have a Yoga 2 Pro, pretty pleased with it. I had an X230, a T410 and another lenovo before that, all fairly decent. OTOH the more recent thinkpads seem crap (boss says if you pick up his X240 wrong it freezes, another colleague had several problems with his).
What's up? All gone downhill in the name of weight and cost savings as far as I can see.
Former flash memory industry worker here. Flash does not work that way. Write Enable is attached to whatever logic circuitry is there - to be asserted following the sequence of address/data write cycles from the CPU or controller to the flash. Write Enable is a dynamic signal tied to the controlling circuitry and logic - it's not something connected to a switch that can be turned on or off by the system's owner.
What you are thinking about is something called Write Protect - which locks a flash, but this can't be a standard solution, b'cos no 2 vendors implement it the same way. Some lock the entire flash i.e. the entire BIOS. Some lock the entire top few sectors and/or bottom few sectors. Some allow the user to select which sectors are to be locked when Write Protect is asserted. Yet, some flash have no Write Protect pins at all. Motherboard vendors - meaning the Asusteks, Gigabytes, Quantas, Compals, Arimas, et al are always cutting deals w/ the likes of flash vendors for the cheapest flash out there, and their designers are required to have interchangeable parts so that they can pit their suppliers in a price pissing contest w/ each other. Since WP# varies, result is the designers would deliberately either make WP# a no-connect, or tie it high to make sure it's permanently disabled. Thereby defeating your solution.
The whole history of BIOS started w/ it first being on PROM/EPROMs. But then, as motherboards became more advanced and in-system re-programmability became necessary, flash memory started replacing them. Usually, it would lock the 'boot blocks' of the flash - meaning either the top few or bottom few sectors, depending on where the boot code of the OS was supposed to reside. However, the rest of the flash was still exposed and vulnerable to being corrupted, which is why the UEFI and the Core Boot conventions were developed.
The real solution to this whole boot thing is the respective projects - be it GRUB or Linux or BSD - coming out w/ a comprehensive solution to UEFI. I know that FreeBSD has come some way in that, but still doesn't allow it such that I can set UEFI protection while still booting from an USB drive (which is how TrueOS wants to distribute the OS). That would help a lot more than playing footsie w/ the default settings of the PC.
So Lenovo didn't want to out of their way to support a minor market segment. So what? They aren't selling to Linux users, if you don't like it, take your business elsewhere. Pretty sure the missing AHCI option was likely an oversight. If enough people want to run Linux, Lenovo will add back AHCI support or Linux/Lenovo will role out a driver.
I personally love Lenovo hardware. It's always been rock solid for me. Since I'm not a moron, I never keep the installed OS, so I don't have to deal with their crapware. Same goes with any other pre-installed laptop from anyone. Just a couple months ago I bought a Lenovo Y700-17ISK gaming laptop. I absolutely love it, and it is easy to work on (first thing I did was upgrade the hard drive size). Works fine with Linux. Right now I'm duel booting Qubes OS and Windows 10.
Lenovo: We 100% support linux on this laptop! You can install Bash and Ubuntu libs on Windows 10 just fine!!!!!!!!!!!!1
Android is not Linux, but what about ChromeOS?
If the issue was only that Linux lacked drivers for their SSD configuration that wouldn't be a problem (even though a bit of a dick move from their side). The problem is that there was BIOS setting to change the configuration from RAID to AHCI, but this setting was locked down. The person had to go through some pretty heroic lengths to unlock it.
Not having a Linux driver? That's explainable by stupidity.
Not having a legacy compatibility mode? Could have been explained by stupidity if it were the case.
Having a legacy compatibility mode, but making it inaccessible without a soldering iron? That's just malice.
And frankly, if the company is even considering locking down the BIOS like this, it shows that they have a very weird idea about who owns the damn laptop, and they're never getting my money.
entropy happens
Most people who run Linux seem to do it, at least in part, because of things like privacy and security. It's odd that anybody so concerned would choose to run it on a device designed and built by a subsidiary of the communist Chinese army. If your'e gonna run that hardware, why on Earth would you not just go all-in on insecurity and run Windows????
you don't know the whole story.
lenovo is many companies. their business laptop division is nothing like the 'yoga crap' that they sell consumers with crapware.
You mean the Thinkpad line that they acquired from IBM ? Yes, that one is an entirely different kind of beast.
- The good thing is that they are very easy to repair. (In addition to being very sturdy)
Whereas with some other constructors you can find two laptops that have the same official name, but different internals, to the point that their customer service actually asks you to give part of the serial number instead (HP, I'm looking at you...)
With Thinkpads, it's actually the opposite: plenty of different models share common parts (e.g.: the keyboard is usually the same across lots of models).
- The bad thing is all the BIOS / Firmware weirdness. Older laptops I've seen didn't have a full BIOS Setup. Only a couple of basic stuff could be change from the setup. Most of the settings where handled by DOS tools (like settings IO Ports and IRQs).
And the whole black/white list fiascos date back from IBM time - they "had to protect their business", i.e.: make sure you could only buy mini-PCI cards from their (expensive) shop, instead of any compatible after-market 3rd party part.
the spyware and phone home stuff does not tend to exist on the business level lappies. business guys would not put up with that
One of the main reason is that upon buying new equipment, the IT department of most business tends to reinstall a whole new OS from scratch (usually combined with all the necessary crypto-layers, remote-access tools, etc.) ..unless you manage to get it running on the "Intel ME" (The "lights-out" management engine from Intel : a separate low-power core that runs a small webserver that enables the IT department to do remote management on any corporate workstation or laptop, even when the main CPU is shut down, as long as the device is connected some how to the corporate network) or "IPMI" (the industry standard for the same functionnality used by anyone else beside Intel).
So trying to pre-install any crap on a business laptop is futile...
This firmware is currently NOT open, and can't be installed by anyone. It only comes together with the BIOS/EFI upgrades.
And researchers has already found tons of vulnerabilities in these firmwares. To the point that you don't actually need a real backdoor/spyware to spy on users, you just need to abuse one of the multiple exploit in the wild.
Current best practice :
- for servers : keep the management on a separate private network.
- for laptops : just kill the function, and ask the user to physically bring the laptop whenever you have maintenance to do. The remote access isn't worth the security risk.
"Sufficiently advanced satire is indistinguishable from reality." - [Tips: 1DrYakQDKCQ6y52z6QbnkxHXAocMZJE61o ]
No malice needed. All you need to do is have somebody test that setting, find it doesn't work, ask "Hey, is this supposed to be like this?" and get the answer "Oh yeah, don't change that setting" and then decide to lock it down, because they figured it wasn't worth the problem of somebody trying to change it and breaking things.
Android is Linux; it is not GNU/Linux.
Neither Android nor ChromOS are Linux, they are their own operating systems hosted by the Linux kernel. The Linux kernel hosts many things, embedded applications in devices and appliances all the way up to operating systems like the preceding.
In order to run the Linux operating system on a ChromeBook you have to disable firmware/boot security and "replace" the ChromOS with the Linux OS.
For example, Kaspersky make a handy rescue disk that you can burn to CD or install on a USB drive for performing offline scans of computers. If these Lenovo computers have crippled access to their SSD drives (intentionally or otherwise) then these tools won't be able to see the SSD and disinfect the computer.
You also have tools like GPARTED for repartitioning disks, DBAN for erasing disks prior to disposal, and I suspect there are a range of other useful rescue and recovery tools that rely on Linux as well.
By not allowing people to use these tools, it's likely that problems that could otherwise be fixed will only be repairable by doing full system erases and rebuilds, or returning the laptop to Lenovo for repair.
The fact that these computers don't run Linux on a 24x7 basis isn't the issue - its that when you need to boot them of Linux (installer, libe install, or revovery tools) the ability is not there.
I doubt it's a deliberate decision by Lenovo - however it does indicate that whatever design and manufacturing criteria they have for their products is not particularly well thought out, and doesn't speak well for the quality and utility of their other products.
"Android is not Linux"
AINL
I can only pronounce this as "ANAL".
Love it.
Also no stupidity nor malice if the Linux driver would have caused the schedule to slip. The Linux driver can wait for the next firmware update. The Windows laptop cannot wait for the Linux driver. So there are sound business reasons for Linux users to have to wait.
Riiiight. considering the only people who would EVER use/change that setting would be those who KNEW what it meant and was going to install a "Non-Microsoft approved" OS on the laptop. You forget how fucking evil Microsoft is. I wouldn't buy their consumer shit because of their previous spyware shenanigans, but this is not "just something that happened." It was calculated. And preventing a setting from being changed that WOULD make the Laptop work with Linux is NOT an accident. Period.
If it looks like a duck and quacks like a duck, it must be a duck. Lenovo and Microsoft most definitely colluded.
>> today, a Lenovo spokesperson claimed the Chinese giant "does not intentionally block customers using other operating systems on its devices and is fully committed to providing Linux certifications and installation guidance on a wide range of products."
Thats great. I'm sure that Lenovo are right now working hard to rush a new unlocked version of the BIOS out that fixes all the issues.
When he complained that he was unable to install Linux, the answer he got was: "This system has a Signature Edition of Windows 10 Home installed. It is locked per our agreement with Microsoft."
And who exactly gave this answer? I think you'll find if you look here that the response was on a Best Buy forum by an unnamed "Lenovo Product Expert" and you're taking this as gospel?
You don't think you might be jumping the gun a bit? Especially when the actual problem is that Linux does not have a driver for the system's RAID controller?
For the love of humanity, please don't buy Lenovo. Their laptop keyboard F1-F12 keys, the highlight the function feature instead of the the F number because people never use the F # keys. Fuck you Lenovo.
I see you've never talked to a customer service person before so let me give you a quick primer:
a) they don't know what they are talking about.
b) they don't know what you're talking about.
c) they will say anything that sounds fancy to say that their product should work an you're using it wrong.
Now the other answer we got from higher up is that Lenovo is working on a BIOS update have given a time frame from a couple of weeks to a few months. But really all of this is beside the point since the reason the laptop can't run Linux has nothing to do with Lenovo, a BIOS setting, or anything, but rather that Intel haven't provided an easy working driver for their chipset to work in FakeRAID under Linux. This goes years back. Just look at the multi-page how-tos and screw arounds that people have used to get it working.
If Intel provided proper drivers then Linux would run regardless of the BIOS setting.
Having a legacy compatibility mode, but making it inaccessible without a soldering iron? That's just malice.
The other story had a link explaining the most likely cause of this was to force Windows to only use an Intel driver rather than allowing it to use AHCI, something which apparently has caused battery life issues on this chipset.
I'm inclined to believe this was done with good intentions but someone stupid enough to consider that the legacy option exists for a reason.
That's the answer, doesn't make it true. I've had many instances of being told many conflicting things, enough that I can't quote one response and consider it final.
What happened to critical thinking, or at least considering alternatives?
Taking a fact that matches your beliefs, yet is not actually true, is literally the whole problem of the current USA election cycle. And you are part of the problem, regardless of your country of citizenship.
In addition, sibling post is correct about customer service repeating talking points, frequently without understanding. Same problem.
Stop being the problem.
In the last two weeks Netflix has made access on a Linux or BSD computer unusually difficult. They now mandate SilverLight, a Microsoft product, to be used to view content. I hope there are lawyers or users with deep pockets willing to get involved. Compulsory use of a Microsoft product should not be allowed.
http://www.askvg.com/how-to-change-sata-hard-disk-mode-from-ide-to-ahci-raid-in-bios-after-installing-windows/
This doesn't make any sense. This was a BIOS setting, Windows wouldn't be able to change it even it if wanted to.
And AHCI causing battery life issues, really? This standard is old, and widely used. It is extremely unlikely that the chipset would be made just to work with RAID and AHCI remain untested. Most likely they just took some chipset that had been working with AHCI for years and added RAID support. I'll believe your claims about battery life if I see a benchmark.
entropy happens
About a decade ago when IBM owned them they opted to write their code to nuke FreeBSD. Claimed that was an accident VS the ties of IBM to the Linux community.
You have never done support I see. Hint: you are so fucking wrong - people do things they have no fucking idea what it'll do with their system just because they are "so good" with computers. Low level formatting because (insert reason) and then complain their system doesn't load? Forcing an expansion card or memory stick into some place it shouldn't go? Flashing a new BIOS that is intended for another motherboard (requires forcing the process as checksums etc. doesn't match)?
Users do stupid things all the time, locking down options are a good way to reduce support costs.
With Microsoft getting into devices, it's dubious and often illegal
practices of the last decades will happen all over again.
HardCore this time...
I see you've never had a job in any company large enough to have a legal department.
No matter how little you know what you are talking about, you NEVER say anything that could implicate the company (or a customer or supplier) in anything - illegal or otherwise, without first having it cleared by legal department AND you boss.
Claiming that "we are colluding with a partner to break the law" on a public web site - if you're telling the truth, you're likely out of a job, but if you made it up, start calling some expensive lawyers.
The person had to go through some pretty heroic lengths http://imgur.com/a/ox4Ey to unlock it.
Now THAT was hacking. This is the EXACT definition of hacking. Thank you for linking that.
"Someone needs to talk to the tree of liberty about its ghoulish drinking problem." by ohnocitizen
There's a HUGE difference between:
(a) buying a computer and then discovering that the NSA is snooping on data packets flowing across the web between systems made by all vendors
and
(b) buying a computer from a division of a totalitarian one-party-rule government's military which may well have spying and back-doors engineered right into it at the factory
If you do not get the difference, then I hope you have nothing to do with security for ANYBODY's data, including your own.
This doesn't make any sense. This was a BIOS setting, Windows wouldn't be able to change it even it if wanted to.
My point exactly. The BIOS setting forces Windows to not load it's AHCI driver. In other news if you tried to do a vanilla install of Windows 10 on this laptop it will also fail to detect the SSD. This all comes down to attempting to force a host to use Intel's RAID driver which happens to not exist for Linux.
And AHCI causing battery life issues, really? This standard is old, and widely used.
Since when has the age of a standard had anything to do with the out-of-the-box driver working for it flawlessly with full functionality, and likewise the ability for a vendor to produce a 100% bug free chipset, especially considering that many of these options are likely "value added".
Most likely they just took some chipset that had been working with AHCI for years and added RAID support
Again, an Intel problem. This is their integrated chipset we're talking about.
No, this is not your point exactly, it is exactly the opposite. If the BIOS was set to RAID Windows would simply fail to load. It wouldn't search through the BIOS to see whether there existed a AHCI setting and then flip it. Making the setting inaccessible only fucks the user, it doesn't change anything else.
entropy happens
To me, the fact that they have not publicly refuted the statement from service agent means that it is probably correct and they are just trying to sweep it under the carpet...
http://imgur.com/a/ox4Ey
Clearly, it is not a driver issue, it's a locked bios issue. The original customer support was correct and higher up levono exes are now lying to the press.
Except that being a signature series laptop has zero to do with linux and there's plenty out there that run it just fine.
Err it IS a driver issue. The RAID driver isn't present in Linux. No more no less. The fact that Lenovo's BIOS doesn't expose AHCI has nothing to do with Linux not running on hardware that doesn't have a driver for it. Reports are there were reasons to disable it as well due to buggy AHCI support in Windows.