The new Lenovo ThinkPad Z13 is a 13.3 inch mobile workstation-class laptop with support for up to a 2880 x 1800 pixel OLED display, up to an AMD Ryzen 7 Pro 6860Z processor, and up to 32GB of RAM and 1TB of storage.
It’s also one of the first laptops to feature a Microsoft Pluton security co-processor and, as prominent Linux developer Matthew Garrett discovered, it ships with the UEFI configured to prevent you from booting anything other than Windows.
It’s actually pretty simple to flip a switch in the UEFI settings so that you can boot alternate operating systems, but it shows just how much control Microsoft has over the software you can run on computers that ship with Windows pre-installed.
It’s been more than a decade since Microsoft first began insisting that PC vendors enable Secure Boot on PCs that ship with Windows. While the move initially had some folks expressing concern that this would make it virtually impossible to boot Linux or other non-Microsoft operating systems on those computers, the issue has largely been moot, since most major Linux distributions make use of Microsoft’s support for 3rd-party UEFI certificates.
What’s unusual is that Lenovo’s new laptops with Ryzen 6000 series processors and Pluton security co-processors disable that functionality by default. At least there’s still a way to turn it back on… for now.
Here’s a roundup of recent tech news from around the web:
Lenovo laptops with Microsoft Pluton security co-processors (ie, model with Ryzen 6000 chips) have 3rd-party UEFI certificates disabled by default, which means you need to change a Secure Boot setting before you can boot a Linux distro. https://t.co/5mu8IcY5ri pic.twitter.com/GzcZMPReHh
— Liliputing (@liliputingnews) July 8, 2022
Review of two fanless mini PCs with 6W Intel Jasper Lake processors, the ECS Liva Z3 and Zotac ZBOX CI331. @anandtech finds the processors’ performance per watt impressive, but the thermal features of these systems underwhelming. https://t.co/Ka89RBUlrh
— Liliputing (@liliputingnews) July 8, 2022
Banana Pi BPI-LEAF-S3 is an $8 board with a 240 MHz Espressif ESP32-S3 dual-core processor, 512KB RAM, 8MB flash storage, 2MB SPRAM, a USB -C port, 2 x 22-pin headers, and WiFi 4 + BT 5.0. https://t.co/NI1cOzl4Ff
— Liliputing (@liliputingnews) July 8, 2022
Using the GPD Win Max 2 mini gaming laptop with an external GPU to turn it into a full-fledged gaming PC capable of handling games at 1440p resolution with high graphics settings when you’re tethered to a desktop graphics dock. https://t.co/kLrXvZ71Tj
— Liliputing (@liliputingnews) July 8, 2022
MacintoshPi lets you run Mac OS 7, 8, or 9 emulators in full-screen mode on a Raspberry Pi via a series of scripts that install on top of Raspberry Pi OS Lite. There’s also a Commore64/128/Pet emulator built in. https://t.co/qpzWvNsk0t
— Liliputing (@liliputingnews) July 8, 2022
Keep up on the latest headlines by following Liliputing on Twitter and Facebook and follow @LinuxSmartphone on Twitter and Facebook for the latest news on open source mobile phones.
This is definitely really bad new for Linux fans, but I have to say, the writing was on the wall. It was obvious that this was going to catch up to us.
The workaround that Linux distros have been using for Secure Boot is that they have a license from Microsoft to ensure that the booting process for the OS is signed, but it never solved the issue of all software running within that OS being unsigned.
I’ll be avoiding all laptops with this new ridiculous Microsoft Pluton chip.
Microsoft isn’t done until Linux won’t run?
MacintoshPI? Now I’ve got to try this
Boycott MS.
TL;DR: there’s more that probably also ought to be boycotted, and boycotting Microsoft is hard.
I’d love to and in my personal life I have, but good luck convincing your employer to do that. There’s often some piece of software essential to the business that won’t run right on anything else. There’s often some security requirement flowed down from the customer that no one knows how to comply with any other way. Some businesses can make do with using only web applications running on some servers somewhere, but even they’ll have an easier time keeping employee’s client machines under control with ChromeOS, and chromebooks are worse by any metric about telemetry and letting you install whatever OS you want.
I hope you also refuse to buy cell phones that you can’t put a custom OS on either, since phones are even worse but can touch even more sensitive personal data.
Then there’s the difficulty in getting laptops without windows or chromeOS on them. There’s a few, but I’ve never seen any with, for example, a 360 degree hinge.
And you have to remember, that Microsoft is a social engineering company, so unless you go out of your way to disable as much telemetry and annoyances as Windows will let you, even pirating it is worth something to them.