Become a fan of Slashdot on Facebook

 


Forgot your password?
Close
typodupeerror
×
Operating Systems Linux

Lenovo UEFI Bug Only Likes Windows and RHEL 162

Posted by Soulskill from the you-didn't-think-this-through dept.
New submitter Nagilum23 writes "It looks like Lenovo only knows of Windows and RHEL where their Thinkcentre M92p desktop is concerned. While investigating UEFI boot issues, Matthew Garrett found the PC's firmware actually checks the descriptive string for the operating system, and will prevent unlisted operating systems from booting. Garrett writes, 'Every UEFI boot entry has a descriptive string. This is used by the firmware when it's presenting a menu to users - instead of "Hard drive 0" and "USB drive 3", the firmware can list "Windows Boot Manager" and "Fedora Linux". There's no reason at all for the firmware to be parsing these strings. ... there is a function that compares the descriptive string against "Windows Boot Manager" and appears to return an error if it doesn't match. What's stranger is that it also checks for "Red Hat Enterprise Linux" and lets that one work as well. ... This is, obviously, bizarre. A vendor appears to have actually written additional code to check whether an OS claims to be Windows before it'll let it boot. Someone then presumably tested booting RHEL on it and discovered that it didn't work. Rather than take out that check, they then addded another check to let RHEL boot as well." Note that this isn't a SecureBoot issue. Lenovo is aware of the problem and looking into it.
This discussion has been archived. No new comments can be posted.

Lenovo UEFI Bug Only Likes Windows and RHEL More

Lenovo UEFI Bug Only Likes Windows and RHEL

Comments Filter:

  • How easy is it to spoof the string? (Score:2, Insightful)

    by Anonymous Coward on Friday November 16, 2012 @10:35AM (#42000981)

    ... my guess would be VERY. No problem here for haxors. For the rest of us, just don't buy this crap.

  • Bug? (Score:5, Insightful)

    by Anonymous Coward on Friday November 16, 2012 @10:36AM (#42000995)

    You keep using that word. I don't think it means what you think it means.

    It's not a bug if it's by design, and this is clearly intended behavior.

  • are you serious? (Score:5, Insightful)

    by v1 ( 525388 ) on Friday November 16, 2012 @10:38AM (#42001021) Homepage Journal

    I don't see how you can consider this a "bug"? You don't just "accidentally test a string for a specific value". This is clearly intentional operation, not a bug.

  • Re:Bug? (Score:2, Insightful)

    by Samantha Wright ( 1324923 ) on Friday November 16, 2012 @10:41AM (#42001041) Homepage Journal
    It's funny, because isn't this exactly the list of companies that have bought into SecureBoot? Maybe it's just a beta implementation. Guess it's not so secure if it can be spoofed this easily though.

  • The apple has fallen quite far from the tree (Score:3, Insightful)

    by Anonymous Coward on Friday November 16, 2012 @10:44AM (#42001063)

    I used to like IBM and Lenovo computers. But his offends me.

  • Re:are you serious? (Score:5, Insightful)

    by rsmith-mac ( 639075 ) on Friday November 16, 2012 @10:51AM (#42001119)

    Bug is probably the wrong term here. I think "hilariously bad design decision" is a more apt description. Clearly someone didn't think this all the way through.

  • fixing what isn't broken (Score:5, Insightful)

    by bored ( 40072 ) on Friday November 16, 2012 @10:54AM (#42001147)

    UEFI is pretty much a case of fixing what isn't broken, yet with any software project its bound to have bugs in the first few iterations.

    And, oh boy does it. name brand motherboards that brick when flashed, systems that don't power off correctly, systems that take minutes to post, the usual issues with incorrect ACPI table entries, the list goes on.

    Basically, its replacing one fairly stable code base, that the motherboard vendors often got wrong, with a completely new untested one that is 10x as complicated. You do the math.

    Linus had another rant about it recently called "The abomination called EFI".

    BTW: Gigabyte has a number of traditional motherboards that can boot GPT partitions, effectively removing the _ONE_ useful new feature in EFI.

  • Re:That's just great (Score:2, Insightful)

    by Attila Dimedici ( 1036002 ) on Friday November 16, 2012 @11:06AM (#42001269)
    I agree that the BIOS writers were stupid for doing this. I also agree that there was no good reason for the firmware to be parsing these strings, although I have to disagree with the summary. There are many reasons for the firmware to be parsing these strings. They are all bad reasons from the perspective of anybody but Microsoft (and even there, probably not once someone thinks the whole thing through), nevertheless there are many reasons to do this. I am quite sure that at least one person intended to claim that it was done as an additional security feature above and beyond the basic UEFI specs.

  • Re:are you serious? (Score:3, Insightful)

    by tibit ( 1762298 ) on Friday November 16, 2012 @11:21AM (#42001405)

    Man, if you only knew what ships out there...

  • Re:TPM is the worst (Score:5, Insightful)

    by SecurityGuy ( 217807 ) on Friday November 16, 2012 @11:22AM (#42001411)

    It's not a mystery, but it is inappropriate. Drives me nuts when companies pull this. If I buy your PC, I expect it to work and support all the standards you claim it does. That includes attaching other hardware that adheres to the same standards. I appreciate that there's a dicey issue in there of determining who is at fault when something doesn't work, but that doesn't justify artificially forcing a bunch of hardware not to work. When you do that, YOU are the problem by definition, as you are the party causing it not to work.

  • Re:TPM is the worst (Score:4, Insightful)

    by CanHasDIY ( 1672858 ) on Friday November 16, 2012 @11:26AM (#42001465) Homepage Journal

    ... whatever reason, Lenovo/HP doesn't want you to use a storebought card.

    Warranty and support. There isn't any real mystery there..unless you are a dimwit. Are you a dimwit?

    YEA! Like how GM and Ford have locked-out the ability to replace the factory-approved air filter with a K&N, because they don't want to "warranty and support" the aftermarket parts!







    Stupid prick.

  • Re:That's just great (Score:4, Insightful)

    by Hatta ( 162192 ) on Friday November 16, 2012 @12:29PM (#42002319) Journal

    The fact that the UEFI code even bothers to interrogate that string for anything other than displaying it to the user tells you that the manufacturer doesn't care about, and doesn't test, anything but Windows to the point they will hard-core their machines to only run Windows. They don't care about UEFI at all, or secure booting, or anything - just that it works when they run Windows.

    Makes you kinda wonder who would ultimately be behind putting such an unnecessary and counter-productive decision into a machine's BIOS really.

    And people don't believe me when I tell them that OEMs will chomp at the bit to lock people out of other OSs with secure boot when MS finally flips the switch. They already care about nothing but Windows.

  • Simple Explanation (Score:1, Insightful)

    by vtTom ( 591066 ) on Friday November 16, 2012 @03:06PM (#42004009)
    Although IBM spun off their PC business to Lenovo a few years ago, IBM still almost exclusively buys Lenovo PCs for internal use. What are the 2 operating system images that IBM employees can choose to have installed on their PCs? MS Windows and Red Hat Enterprise Linux.

  • Re:Bug? (Score:4, Insightful)

    by KiloByte ( 825081 ) on Friday November 16, 2012 @04:52PM (#42005633)

    Never attribute to malice that which can adequately be attributed to stupidity.

    I guess you haven't seen enough of Microsoft's actions, who are doing their utmost to disprove Hanlon's razor.

Slashdot Top Deals

Work without a vision is slavery, Vision without work is a pipe dream, But vision with work is the hope of the world.

Close