The new Lenovo ThinkPad Z13 is a 13.3 inch mobile workstation-class laptop with support for up to a 2880 x 1800 pixel OLED display, up to an AMD Ryzen 7 Pro 6860Z processor, and up to 32GB of RAM and 1TB of storage.

It’s also one of the first laptops to feature a Microsoft Pluton security co-processor and, as prominent Linux developer Matthew Garrett discovered, it ships with the UEFI configured to prevent you from booting anything other than Windows.

Lenovo ThinkPad Z13

It’s actually pretty simple to flip a switch in the UEFI settings so that you can boot alternate operating systems, but it shows just how much control Microsoft has over the software you can run on computers that ship with Windows pre-installed.

It’s been more than a decade since Microsoft first began insisting that PC vendors enable Secure Boot on PCs that ship with Windows. While the move initially had some folks expressing concern that this would make it virtually impossible to boot Linux or other non-Microsoft operating systems on those computers, the issue has largely been moot, since most major Linux distributions make use of Microsoft’s support for 3rd-party UEFI certificates.

What’s unusual is that Lenovo’s new laptops with Ryzen 6000 series processors and Pluton security co-processors disable that functionality by default. At least there’s still a way to turn it back on… for now.

Here’s a roundup of recent tech news from around the web:

Keep up on the latest headlines by following Liliputing on Twitter and Facebook and follow @LinuxSmartphone on Twitter and Facebook for the latest news on open source mobile phones.

Support Liliputing

Liliputing's primary sources of revenue are advertising and affiliate links (if you click the "Shop" button at the top of the page and buy something on Amazon, for example, we'll get a small commission).

But there are several ways you can support the site directly even if you're using an ad blocker* and hate online shopping.

Contribute to our Patreon campaign


Contribute via PayPal

* If you are using an ad blocker like uBlock Origin and seeing a pop-up message at the bottom of the screen, we have a guide that may help you disable it.

Subscribe to Liliputing via Email

Enter your email address to subscribe to this blog and receive notifications of new posts by email.

Join 9,507 other subscribers

5 replies on “Lilbits: Booting Linux on some Lenovo laptops requires an extra step, Macintosh Pi, and fanless Jasper Lake mini PCs”

  1. This is definitely really bad new for Linux fans, but I have to say, the writing was on the wall. It was obvious that this was going to catch up to us.

    The workaround that Linux distros have been using for Secure Boot is that they have a license from Microsoft to ensure that the booting process for the OS is signed, but it never solved the issue of all software running within that OS being unsigned.

    I’ll be avoiding all laptops with this new ridiculous Microsoft Pluton chip.

    1. TL;DR: there’s more that probably also ought to be boycotted, and boycotting Microsoft is hard.
      I’d love to and in my personal life I have, but good luck convincing your employer to do that. There’s often some piece of software essential to the business that won’t run right on anything else. There’s often some security requirement flowed down from the customer that no one knows how to comply with any other way. Some businesses can make do with using only web applications running on some servers somewhere, but even they’ll have an easier time keeping employee’s client machines under control with ChromeOS, and chromebooks are worse by any metric about telemetry and letting you install whatever OS you want.
      I hope you also refuse to buy cell phones that you can’t put a custom OS on either, since phones are even worse but can touch even more sensitive personal data.
      Then there’s the difficulty in getting laptops without windows or chromeOS on them. There’s a few, but I’ve never seen any with, for example, a 360 degree hinge.
      And you have to remember, that Microsoft is a social engineering company, so unless you go out of your way to disable as much telemetry and annoyances as Windows will let you, even pirating it is worth something to them.

Comments are closed.