Lenovo UEFI Bug Only Likes Windows and RHEL 162
New submitter Nagilum23 writes "It looks like Lenovo only knows of Windows and RHEL where their Thinkcentre M92p desktop is concerned. While investigating UEFI boot issues, Matthew Garrett found the PC's firmware actually checks the descriptive string for the operating system, and will prevent unlisted operating systems from booting. Garrett writes, 'Every UEFI boot entry has a descriptive string. This is used by the firmware when it's presenting a menu to users - instead of "Hard drive 0" and "USB drive 3", the firmware can list "Windows Boot Manager" and "Fedora Linux". There's no reason at all for the firmware to be parsing these strings. ... there is a function that compares the descriptive string against "Windows Boot Manager" and appears to return an error if it doesn't match. What's stranger is that it also checks for "Red Hat Enterprise Linux" and lets that one work as well. ... This is, obviously, bizarre. A vendor appears to have actually written additional code to check whether an OS claims to be Windows before it'll let it boot. Someone then presumably tested booting RHEL on it and discovered that it didn't work. Rather than take out that check, they then addded another check to let RHEL boot as well."
Note that this isn't a SecureBoot issue. Lenovo is aware of the problem and looking into it.
How easy is it to spoof the string? (Score:2, Insightful)
... my guess would be VERY. No problem here for haxors. For the rest of us, just don't buy this crap.
Bug? (Score:5, Insightful)
You keep using that word. I don't think it means what you think it means.
It's not a bug if it's by design, and this is clearly intended behavior.
are you serious? (Score:5, Insightful)
I don't see how you can consider this a "bug"? You don't just "accidentally test a string for a specific value". This is clearly intentional operation, not a bug.
Re:Bug? (Score:2, Insightful)
The apple has fallen quite far from the tree (Score:3, Insightful)
I used to like IBM and Lenovo computers. But his offends me.
Re:are you serious? (Score:5, Insightful)
Bug is probably the wrong term here. I think "hilariously bad design decision" is a more apt description. Clearly someone didn't think this all the way through.
fixing what isn't broken (Score:5, Insightful)
UEFI is pretty much a case of fixing what isn't broken, yet with any software project its bound to have bugs in the first few iterations.
And, oh boy does it. name brand motherboards that brick when flashed, systems that don't power off correctly, systems that take minutes to post, the usual issues with incorrect ACPI table entries, the list goes on.
Basically, its replacing one fairly stable code base, that the motherboard vendors often got wrong, with a completely new untested one that is 10x as complicated. You do the math.
Linus had another rant about it recently called "The abomination called EFI".
BTW: Gigabyte has a number of traditional motherboards that can boot GPT partitions, effectively removing the _ONE_ useful new feature in EFI.
Re:That's just great (Score:2, Insightful)
Re:are you serious? (Score:3, Insightful)
Man, if you only knew what ships out there...
Re:TPM is the worst (Score:5, Insightful)
It's not a mystery, but it is inappropriate. Drives me nuts when companies pull this. If I buy your PC, I expect it to work and support all the standards you claim it does. That includes attaching other hardware that adheres to the same standards. I appreciate that there's a dicey issue in there of determining who is at fault when something doesn't work, but that doesn't justify artificially forcing a bunch of hardware not to work. When you do that, YOU are the problem by definition, as you are the party causing it not to work.
Re:TPM is the worst (Score:4, Insightful)
... whatever reason, Lenovo/HP doesn't want you to use a storebought card.
Warranty and support. There isn't any real mystery there..unless you are a dimwit. Are you a dimwit?
YEA! Like how GM and Ford have locked-out the ability to replace the factory-approved air filter with a K&N, because they don't want to "warranty and support" the aftermarket parts!
Stupid prick.
Re:That's just great (Score:4, Insightful)
The fact that the UEFI code even bothers to interrogate that string for anything other than displaying it to the user tells you that the manufacturer doesn't care about, and doesn't test, anything but Windows to the point they will hard-core their machines to only run Windows. They don't care about UEFI at all, or secure booting, or anything - just that it works when they run Windows.
Makes you kinda wonder who would ultimately be behind putting such an unnecessary and counter-productive decision into a machine's BIOS really.
And people don't believe me when I tell them that OEMs will chomp at the bit to lock people out of other OSs with secure boot when MS finally flips the switch. They already care about nothing but Windows.
Simple Explanation (Score:1, Insightful)
Re:Bug? (Score:4, Insightful)
Never attribute to malice that which can adequately be attributed to stupidity.
I guess you haven't seen enough of Microsoft's actions, who are doing their utmost to disprove Hanlon's razor.