There's a collective of quixotic Mexican software developers and users that is quite active. I wonder why is it that FSF's philosophy with its exhortation to viciously defend freedom resonates so well in some parts of Mexico. It was those groups, which congregate on the Hackmitin[1], Hacklab Autónomo[2] and Rancho Electrónico[3] that helped Jacobo Nájera with his legal proceedings against Secure Boot.
I went a couple of times to the Hacklab. It's an interesting place. At the time, it looked like they were squatting in an abandoned building and they looked like Hollywood hacker stereotypes. If it weren't for the proliferation of hardware with Debian and Trisquel logos, their appearance make you would think these were just ordinary anarchist punks. In a way, that's what they are, except they are technoanarchist punks, and obviously not completely anarchist as they know how to work with the legal system. They were very left-leaning, distrustful of all corporations, completely aligned with FSF philosophy; radical, feminist, and fiercely protective of their rights.
I rather miss that scene. I haven't found quite something like it here in Canada.
I hope Nájera manages to get somewhere, but it seems like a hopeless fight against MSFT, the one that is really ensuring that installing the OS of your choice is impossible. The whole "security" thing is a sideshow; the real goal here with "Secure" Boot is to make it harder to install unlicensed copies of Windows.
> The whole "security" thing is a sideshow; the real goal here with "Secure" Boot is to make it harder to install unlicensed copies of Windows.
How does that make sense? The Lenovo laptop in question, like most non-Apple PCs sold in the West, came with a licensed copy of some version of Windows; and Microsoft's strategy lately has been to offer (almost coerce) free OS upgrades, apparently valuing users being up-to-date over the revenue it could gain from the meager fraction of users who'd pay for upgrades. So there's little reason for users to ever install pirated copies of Windows on such devices, or for Microsoft to care if they do (in order to downgrade or whatever).
In China and elsewhere the situation is different, but since the manufacturers are "in on" the piracy, there is no reason they'd enable any firmware features that could hinder users from installing pirated Windows; and even if a future version of Windows requires Secure Boot, that would just be patched out along with the activation checks. (That is, if China ever gets off Windows XP!)
> The whole "security" thing is a sideshow; the real goal here with "Secure" Boot is to make it harder to install unlicensed copies of Windows.
This is an utterly ridiculous conspiracy theory with zero connection to the reality.
Not only does Secure boot not affect someone trying to install a pirated copy of Windows, but it singlehandedly does more against malware than the entire AV industry ever.
If you can't disable "secure boot" - you should return that piece of lock-in trash and request a refund.
Lenovo are also infamous for refusing the refund the Windows tax (i.e. when you want refund the price of Windows that came with computer pre-installed, because you don't want to use it). Only taking them to court can help.
I’m not defending Lenovo, I think they broke the law here and should fix their UEFI firmware.
However, when you throw away your OEM windows, you’re essentially throwing away money.
There’re good laptops that come with Linux or FreeDos preinstalled.
They mostly targeted towards enterprise market (who get their Windows through volume licensing). But I find it’s a good thing: besides OS choice I usually get upgradability, reliability, and reasonable prices (IMO companies are better at tracking their expenses). For example, take a look at HP ProBook series: they are good, include wide range of specs, and if you want to, you can get one without Windows.
> However, when you throw away your OEM windows, you’re essentially throwing away money.
Can you actually get these *nix laptops for cheaper than their Windows equivalents? I personally consider Windows these days to be just one more piece of bloatware to remove, but I never got the impression that it added much to the bottom line cost.
Secure Boot is designed to prevent malware from tampering with the BIOS by verifying bootloader (and sometimes kernel-mode driver) signatures.
In this case, it looks like Lenovo either accidentally or intentionally borked the implementation of Secure Boot, because you are supposed to be able to turn it off when using non-Microsoft operating systems.
FWIW, I believe Fedora supports Secure Boot by signing a static bootloader ("shim") that loads GRUB after checking its signature[0].
Do they have another agreement with Microsoft which establishes a better price for Windows if Microsoft gets to be the OS gatekeeper (as seems to be the case)?
Google seems to turn up numerous people having no trouble disabling Secure Boot and installing Linux on that model computer. I wonder if the problem is confined to particular sub-models or particular revisions of the BIOS?
jordigh|9 years ago
I went a couple of times to the Hacklab. It's an interesting place. At the time, it looked like they were squatting in an abandoned building and they looked like Hollywood hacker stereotypes. If it weren't for the proliferation of hardware with Debian and Trisquel logos, their appearance make you would think these were just ordinary anarchist punks. In a way, that's what they are, except they are technoanarchist punks, and obviously not completely anarchist as they know how to work with the legal system. They were very left-leaning, distrustful of all corporations, completely aligned with FSF philosophy; radical, feminist, and fiercely protective of their rights.
I rather miss that scene. I haven't found quite something like it here in Canada.
I hope Nájera manages to get somewhere, but it seems like a hopeless fight against MSFT, the one that is really ensuring that installing the OS of your choice is impossible. The whole "security" thing is a sideshow; the real goal here with "Secure" Boot is to make it harder to install unlicensed copies of Windows.
---
[1] http://hackmitin.espora.org/
("mitin" in Spanish is from English "meeting" but has left-leaning political connotations such as protests and marches.)
[2] http://hacklab.espora.org/
[3] http://ranchoelectronico.org/
comex|9 years ago
How does that make sense? The Lenovo laptop in question, like most non-Apple PCs sold in the West, came with a licensed copy of some version of Windows; and Microsoft's strategy lately has been to offer (almost coerce) free OS upgrades, apparently valuing users being up-to-date over the revenue it could gain from the meager fraction of users who'd pay for upgrades. So there's little reason for users to ever install pirated copies of Windows on such devices, or for Microsoft to care if they do (in order to downgrade or whatever).
In China and elsewhere the situation is different, but since the manufacturers are "in on" the piracy, there is no reason they'd enable any firmware features that could hinder users from installing pirated Windows; and even if a future version of Windows requires Secure Boot, that would just be patched out along with the activation checks. (That is, if China ever gets off Windows XP!)
ryanlol|9 years ago
This is an utterly ridiculous conspiracy theory with zero connection to the reality.
Not only does Secure boot not affect someone trying to install a pirated copy of Windows, but it singlehandedly does more against malware than the entire AV industry ever.
shmerl|9 years ago
Lenovo are also infamous for refusing the refund the Windows tax (i.e. when you want refund the price of Windows that came with computer pre-installed, because you don't want to use it). Only taking them to court can help.
Const-me|9 years ago
However, when you throw away your OEM windows, you’re essentially throwing away money.
There’re good laptops that come with Linux or FreeDos preinstalled.
They mostly targeted towards enterprise market (who get their Windows through volume licensing). But I find it’s a good thing: besides OS choice I usually get upgradability, reliability, and reasonable prices (IMO companies are better at tracking their expenses). For example, take a look at HP ProBook series: they are good, include wide range of specs, and if you want to, you can get one without Windows.
jseliger|9 years ago
This is an excellent and underrated point: http://arstechnica.com/gadgets/2016/06/the-xps-13-de-dell-co....
x1798DE|9 years ago
Can you actually get these *nix laptops for cheaper than their Windows equivalents? I personally consider Windows these days to be just one more piece of bloatware to remove, but I never got the impression that it added much to the bottom line cost.
jlg23|9 years ago
JumpCrisscross|9 years ago
iancarroll|9 years ago
In this case, it looks like Lenovo either accidentally or intentionally borked the implementation of Secure Boot, because you are supposed to be able to turn it off when using non-Microsoft operating systems.
FWIW, I believe Fedora supports Secure Boot by signing a static bootloader ("shim") that loads GRUB after checking its signature[0].
[0] http://mjg59.dreamwidth.org/12368.html
geofffox|9 years ago
unknown|9 years ago
[deleted]
tzs|9 years ago
speeder|9 years ago
Since it also had other quirks (usb 3.0 port never worked) it might be a hardware defect interacting with the boot process.
kazinator|9 years ago