[personal profile] mjg59
A (well, now former) coworker let me know about a problem he was having with a Lenovo Thinkcentre M92p. It booted Fedora UEFI install media fine, but after an apparently successful installation refused to boot. UEFI installs on Windows worked perfectly. Secure Boot was quickly ruled out, but this could still have been a number of things. The most interesting observation was that the Fedora boot option didn't appear in the firmware boot menu at all, but Windows did. We spent a little while comparing the variable contents, gradually ruling out potential issues - Linux was writing an entry that had an extra 6 bytes in a structure, for instance[1], and a sufficiently paranoid firmware implementation may have been tripping up on that. Fixing that didn't help, though. Finally we tried just taking the Windows entry and changing the descriptive string. And it broke.

Every UEFI boot entry has a descriptive string. This is used by the firmware when it's presenting a menu to users - instead of "Hard drive 0" and "USB drive 3", the firmware can list "Windows Boot Manager" and "Fedora Linux". There's no reason at all for the firmware to be parsing these strings. But the evidence seemed pretty strong - given two identical boot entries, one saying "Windows Boot Manager" and one not, only the first would work. At this point I downloaded a copy of the firmware and started poking at it. Turns out that yes, actually, there is a function that compares the descriptive string against "Windows Boot Manager" and appears to return an error if it doesn't match. What's stranger is that it also checks for "Red Hat Enterprise Linux" and lets that one work as well.

This is, obviously, bizarre. A vendor appears to have actually written additional code to check whether an OS claims to be Windows before it'll let it boot. Someone then presumably tested booting RHEL on it and discovered that it didn't work. Rather than take out that check, they then addded another check to let RHEL boot as well. We haven't yet verified whether this is an absolute string match or whether a prefix of "Red Hat Enterprise Linux" is sufficient, and further examination of the code may reveal further workarounds. For now, if you want to run Fedora[2] on these systems you're probably best off changing the firmware to perform a legacy boot.

[1] src/include/efi.h: uint8_t padding[6]; /* Emperically needed */, says the efibootmgr source code. Unhelpful.
[2] Or Ubuntu, or Suse, or…

Re: Plan of action

Date: 2012-11-15 05:24 pm (UTC)
From: (Anonymous)
Many people will not be able to return their hardware if it does not
work with anything else than one operating system and the manufacturer
did not clearly state that; or a BIOS upgrade cripples all installed
OSes except for one. Legal counsel would be helpful, even if it just
consists of publicly given instructions. The BIOS upgrade case
potentially can be intentional damage to already purchased hardware,
or whatever the lawyers call that.

At least these were the thoughts that passed through my head when I was
choosing to buy some piece of dont-know-what with Win 8 logo,
and it also pushed me many years back to times when I was checking
if the hardware has linux drivers at all.

Re: Plan of action

Date: 2012-11-15 06:08 pm (UTC)
From: (Anonymous)
In the EU its easy - return it as unfit for the purpose for which it was sold - the firmware is buggy.

But above all and with all the UEFI secure boot sh*t - phone the company, email them make their tech support costs go up. Their margins are so low that if even a few of the people who can't get old Windows, Linux etc running on the box keeps phoning and complaining they'll make a loss on the product line.

driving up revenue

Date: 2012-11-15 09:43 pm (UTC)
From: (Anonymous)
Phoning a company to make their support cost go up might not work that well if they do not publish freecall numbers, which they usually don't. Instead, calling them actually makes them more money.

Re: driving up revenue

Date: 2012-11-17 08:42 am (UTC)
reddragdiva: (Default)
From: [personal profile] reddragdiva
The numbers that make them money always have a real geographic number behind them. And quite a few mobile plans include free landline calls anywhere in $COUNTRY.


Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at CoreOS. Member of the Free Software Foundation board of directors. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Page Summary

Expand Cut Tags

No cut tags