Matthew Garrett, which slipped Microsoft restricted-boot into GNU/Linux, is making noise about Lenovo locking GNU/Linux out of a laptop after accusing me of “spewing nonsense” for taking action against them for far worse.
In 2016, I took to Reddit and the news media after buying a Lenovo Yoga 900-ISK2 laptop. I bought it because I read a blog post praising how well it ran GNU/Linux after you wiped the godawful Windows 10 OS from it.
Unfortunately, what I didn’t know is that Lenovo did a mid-cycle refresh in late 2016 because the original Intel HD 520 graphics chip was a real slug and could barely run a HiDPI display at its native resolution, thus requiring them to replace it mid-year with a Iris 540, which was roughly 40% faster.
(And even then, it was nothing to write home about. Maybe some games from 2012 running in 720p worked, but asking for more than that from it was too much. I shudder to think what the 520 was like!)
As part of this “upgrade”, Lenovo also refreshed their UEFI firmware, and in the process they put the disk storage controller into a secret undocumented mode that Linux couldn’t use, making it appear as though there was no Solid State Drive in the laptop.
The code to enable AHCI mode was there, but Lenovo also wrote new code to reset it to the secret storage controller mode on every reboot even if you reset it from UEFI shell.
Someone on Lenovo Forums (from which Lenovo banned me 9 different times to try to shut me up) hooked up an external flasher and showed that the option to persistently set AHCI mode was still there and could be re-enabled, but you couldn’t do it with the official firmware flasher program because the firmware wouldn’t allow unsigned images to be flashed if it was running and could prevent it.
Eventually, Lenovo and Matthew Garrett attacked me in public and the pro-Microsoft media ran with it. Lenovo also put out some idiotic article about how their laptop had a 360 degree hinge that was designed for Windows 10 and wouldn’t work with “Linux”, only it did work fine in GNOME, and better than Windows.
(Windows often didn’t bring up the on screen keyboard, because it could only respond and do that with the very few built-in apps that were tablet-mode compatible, such as Edge.)
Mr. Garrett took a different approach than Lenovo to attack me, implying that I was hysterical and that they locked GNU/Linux out “so the laptop would get good battery life”, except that wasn’t the case.
The laptop, new, ran for 4.5 hours from 100% to dead on Windows 10. It just had piss poor battery life on Windows 10. It was completely pathetic. Garrett doesn’t know what he was talking about. I don’t think he even had one of these things.
If you ran GNU/Linux and used powertop’s autotune as a system service, it ran for about 7 hours. Nearly twice as long. After some additional work on the Linux kernel, I think the system eventually was getting like 8-9 hours. So there was room for improvement in Linux at the time, but Windows battery life was a total disaster. Compared to Linux, with Windows you unplugged from the wall and ZIP…dead.
All along, Mr. Garrett has always come up with “reasons” why there is no “conspiracy”. It’s always just some “bug” or they “don’t care” if Linux works, it’s never anything malicious you know.
So this year, with Microsoft’s new Pluton “security” system, the Windows 11 requirements change again. Vendors are required to disable the “Microsoft 3rd Party UEFI CA” certificate, which is what Mr. Garrett’s jury-rigged “Secure” Boot implementation was relying on in order to work at all.
So now it doesn’t work anymore and he finally criticizes them, mildly.
Better late than never, I guess, but at this point there can be no misunderstanding about the direction Microsoft and their OEM crime partners are heading.
In 2016, I filed an antitrust complaint against Lenovo with the state government of Illinois, which opened an investigation. I believe I still have most of the documents about that. They entered into a settlement agreement with me in which they agreed to release “non-official” firmware that was “Linux-compatible” and arrange to knock it off on their future laptops, in exchange for me dropping my complaint.
Yet here we are in 2022, and I suppose they haven’t technically violated that agreement, however, as you can still run the firmware in a non-default configuration in two ways to get GNU/Linux to load on an affected system. Apparently, there’s an option to re-enable the 3rd party Microsoft key in the UEFI setup, or you can just go in there and turn Secure Boot to “Disabled”.
Linux boots either way on my Lenovo ThinkBook 15 ITL Gen2, which was Ubuntu certified (I am currently writing this in Fedora 36 and pleased as punch with the way my computer is operating.), but I turned off “Secure Boot”. There have been numerous issues with it, since it was designed by shitheads and implemented clumsily on GNU/Linux by another one who even got a Free Software Award for doing so, but when it is off you don’t run into any problems with it and you don’t have to figure out how to administer it and what to do when an OS fucks up something called a “dbx” that I don’t even want to read about.
The whole system sucks. It is over-designed and full of bugs, and even assuming the user had any meaningful and straightforward way of controlling it that was guaranteed to be there (they don’t), more points of failure can only cause more breakdowns in any system.
We’ve seen cases where people just left “Secure” Boot on because that’s what OEMs and people like Garrett recommend to do, and if they boot this OS or that OS in the wrong order, or load Windows, then their other operating systems can become quite unusable without going in there and resetting everything to factory settings and turning it off anyway.
“Secure” Boot is a disaster waiting for a time and place to happen if you leave it on and for most users, especially ones that use competently designed operating systems, it brings nothing good to the table.
I’m just crazy and want my computer to load what I tell it to.
And I’m not even the first one to notice Lenovo and their insane defaults, btw.
In 2012(?), Mr. Garrett himself blogged on whatever he was using back then that there was a Lenovo laptop that only booted if the boot manager was called “Windows” or “Red Hat Enterprise Linux”, and I don’t think they ever fixed that.
In a response to his Twitter complaint about the current Lenovo debacle, people have noted that some Lenovo laptops don’t make any sense at all. One guy says he bought a Carbon X1 Gen10 and found Secure Boot and Virtualization (needed for other alleged Windows 11 “security”) turned off by default.
My laptop’s Lenovo firmware setup program has typos and Engrish all over the place. Fedora hides the complaints about firmware bugs that get printed to the screen by the Linux kernel. Debian doesn’t.
There’s a couple things to note about Lenovo, Microsoft’s “OEM Partner of the Year”. They’re incompetent and they’re nasty.
On TechRights IRC recently, Roy Schestowitz says he got his wife a Lenovo laptop years back and it’s been beeping about overheating for several years now, but never seems to just go ahead and fail.
I had to disassemble the Yoga 900 ISK2 to replace the keyboard module and battery a couple of years ago due to missing keys and battery wear, but it still works.
I’m just playing it by ear at this point. I keep hoping someone will build a PC that doesn’t suck, but I may also have to consider that my next computer may very well not be a PC. It certainly won’t be a PC if I can’t remove Windows from it, which I don’t want and never asked for, and would have declined if I had the option to be billed separately and take it or leave it.
Every year, Windows loses about 2 more percentage points of the desktop/laptop market, sometimes level for a year or two and then drastically down.
Like all of a sudden with the Russian-Ukraine war or Coronavirus recession….if anything good comes out of the coming recession, maybe Windows will dip again and have a bad year….seems their most dire numbers are coming from Pornhub’s statistics, but I have no reason not to trust that.
The more people who quit using Windows, the more will learn that they don’t need it anyway, and won’t come back when times are better. It’s best that Microsoft dies or becomes mostly irrelevant sooner rather than later, so there will be less of a mess to clean up.
Locking the door may influence where people go, but not that they will leave. Maybe they’ll buy a Mac or a Chromebook. Maybe they’ll use GNU/Linux on those. Maybe they’ll finally just buy a cheap ARM laptop and use GNU/Linux on that. It doesn’t take a lot to run it well.
x86 PCs are real gas guzzlers when it comes to power.
They need a lot of power and a lot of performance just to keep traction when it comes to Windows because it wastes so much of what the hardware resources could otherwise be doing, with bloat and spyware.
Why would Microsoft care? It can just train you to spend thousands trying to overcome it.
Most people are shocked to learn that a cheap $199 Chromebook feels faster than a $1,200 Windows PC. They shouldn’t be.
It’s the same concept as a lighter car with a small turbocharged engine being faster than a big gas guzzler with an engine twice as big.
As for Matthew Garrett, I think maybe he fears being exposed as a liar.
All these years he said Microsoft had no intention of locking out “Linux” with “Secure” Boot, and now they move it all to a non-default configuration with toggles that will obviously be removed 3-5 years from now when legacy Microsoft products that need them go end of life.
In the default configuration, his Jury Rigged solution doesn’t work anymore.
Maybe he believed that he made things better by implementing it? I doubt it. I really do doubt it.
Just for giggles here’s Matthew Garrett in 2016 calling me a liar. (Archive so he doesn’t read this and scramble to delete it.)
Notice that he never mentions me, because he doesn’t like me. He considers himself to be in some sort of feud with me because I just don’t think he’s a very well balanced individual, honestly. But here’s the article he cited, and you can very clearly see it was me that Adrian Kingsley-Hughes cited, and specifically my post on Reddit.
(I was later banned from /r/linux after it was completely taken over by Microsoft trolls.)
Here’s some screenshots from the case I filed with the Attorney General of Illinois in 2016, which got their attention and finally got them to agree to solve it. I also got a letter from the Attorney General in hard copy that’s tucked away that includes the particulars of the settlement we reached with Lenovo. They didn’t admit wrongdoing, but agreed to fix the issue.
As you can see, other than Lenovo spelling Illinois wrong in their internal email system before reaching out to me, Lenovo did get contacted by the State of Illinois and it panicked them. Had they not fixed the system, the state may have opened an antitrust investigation, so they hurried up and did whatever they needed to behind-the-scenes to get permission from Microsoft to unlock the computer.
This is all evidence that Matthew Garrett is incorrect when he states that Lenovo simply bungled this because they didn’t care or that it had something to do with “power management” (LOL). Here we have Lenovo admitting in public that there was a Microsoft deal to lock the system, and then here we also have them e-mailing me asking if I’ve had time to look at their updated BIOS that unlocks the computer, so that I could talk to the State government again.
Six years later, we have Matthew Garrett on Twitter:
As you can see from Lenovo’s documentation, like I stated before, you can enable the Microsoft 3rd Party UEFI CA, but a better solution is to just toggle “Secure Boot” to “Off” and never worry about it again.
At least until Microsoft changes their minds again and it’s some other song and dance, or you really have no choice but to use Windows if that’s what it came with. Again, I give this like maybe 5 years before we’re there.
Lenovo claims there isn’t anything special about Microsoft Pluton, which is what they’re calling Microsoft’s latest pretend security.
(Windows is a security shithole where virtually all computer malware that exists resides.)
Maybe that’s true, maybe it’s not. What is clear is that the Free Software community needs to be ready for that day with credible alternatives that can run GNU/Linux because the days of buying cheap commodity PCs with Windows, going “Ughh, this again!” but at least being able to wipe the disk of it, are likely numbered.
For what it’s worth, I’d like to remind everyone that I was taking legal action six years ago to buy the Free Software community some time, and all I ever got in thanks for it was essentially slandered by people like Matthew Garrett, who deserves at least to have Richard Stallman step in and revoke his Free Software Award, and booted out of /r/linux by the cancel mob of Microsoft moles who are there pitching Microsoft’s Fake Linux system, WSL.
Again, I don’t know what happened with Garrett. He’s always been Microsoft’s huckleberry. I don’t know what happened to him this week.
BaronHK's Rants 
Pingback: Links 12/07/2022: Microsoft/Lenovo Against GNU/Linux, Network Security Toolkit (NST) Has New Release | Techrights
Pingback: Links 13/07/2022: Free Software in DoD | Techrights
Pingback: Antitrust Action Against Microsoft is Well Overdue | Techrights
Pingback: System76 Ditches UEFI Firmware Trash, Ships Coreboot Firmware on Linux Laptops. | BaronHK's Rants
Pingback: Microsoft, Tens of Thousands of Layoffs Later, Can’t Afford to Maintain Windows. Out Go the “Legacy” Components. | BaronHK's Rants
Pingback: Bad Lenovo UEFI Firmware Causes Nine Models to Freeze on Resume from Suspend. Delays Linux 6.6. | BaronHK's Rants