[personal profile] mjg59
A (well, now former) coworker let me know about a problem he was having with a Lenovo Thinkcentre M92p. It booted Fedora UEFI install media fine, but after an apparently successful installation refused to boot. UEFI installs on Windows worked perfectly. Secure Boot was quickly ruled out, but this could still have been a number of things. The most interesting observation was that the Fedora boot option didn't appear in the firmware boot menu at all, but Windows did. We spent a little while comparing the variable contents, gradually ruling out potential issues - Linux was writing an entry that had an extra 6 bytes in a structure, for instance[1], and a sufficiently paranoid firmware implementation may have been tripping up on that. Fixing that didn't help, though. Finally we tried just taking the Windows entry and changing the descriptive string. And it broke.

Every UEFI boot entry has a descriptive string. This is used by the firmware when it's presenting a menu to users - instead of "Hard drive 0" and "USB drive 3", the firmware can list "Windows Boot Manager" and "Fedora Linux". There's no reason at all for the firmware to be parsing these strings. But the evidence seemed pretty strong - given two identical boot entries, one saying "Windows Boot Manager" and one not, only the first would work. At this point I downloaded a copy of the firmware and started poking at it. Turns out that yes, actually, there is a function that compares the descriptive string against "Windows Boot Manager" and appears to return an error if it doesn't match. What's stranger is that it also checks for "Red Hat Enterprise Linux" and lets that one work as well.

This is, obviously, bizarre. A vendor appears to have actually written additional code to check whether an OS claims to be Windows before it'll let it boot. Someone then presumably tested booting RHEL on it and discovered that it didn't work. Rather than take out that check, they then addded another check to let RHEL boot as well. We haven't yet verified whether this is an absolute string match or whether a prefix of "Red Hat Enterprise Linux" is sufficient, and further examination of the code may reveal further workarounds. For now, if you want to run Fedora[2] on these systems you're probably best off changing the firmware to perform a legacy boot.

[1] src/include/efi.h: uint8_t padding[6]; /* Emperically needed */, says the efibootmgr source code. Unhelpful.
[2] Or Ubuntu, or Suse, or…
Page 1 of 3 << [1] [2] [3] >>

Plan of action

Date: 2012-11-15 07:06 am (UTC)
From: (Anonymous)
What option do we have, how can we address that as a community?

Date: 2012-11-15 07:14 am (UTC)
From: (Anonymous)
I'd wager it'd be more likely they wanted to check off a box and say RHEL was supported in the most obtuse, shortsighted way possible rather than a 'bug fix'.

Re: Plan of action

Date: 2012-11-15 07:29 am (UTC)
From: (Anonymous)
Maybe annnoying/DDoSing the sloppy vendor with all the different variations of things they broke with that helpful check (like, "I've tried these Linux distributions: [liiiist] and not a single one [but RHEL] worked after successful installation in UEFI mode while all of these work on an [HP/SONY/ASUS item]")...

That takes hardware and patience though, no use to cheat.

--
Michael Shigorin

Re: Plan of action

Date: 2012-11-15 10:31 am (UTC)
From: (Anonymous)
It looks like Lenovo have noticed, so perhaps they'll fix it.

Legacy boot not a solution

Date: 2012-11-15 10:56 am (UTC)
From: (Anonymous)
Many of us have UEFI machines with no legacy boot option at all. So the legacy boot workaround is not a solution. Fortunately, my Dell Alienware X51 added Fedora 17 to the boot menu fine. I got nowhere trying to test F18 however.

OMG

Date: 2012-11-15 11:28 am (UTC)
From: (Anonymous)
So the webdev that have been thrown out for breaking website with buggy and stupid useragent checks, are now doing UEFI dev, fan-ta-stic, the world is going to be beautiful… not.

Don't wait for Lenovo to fix this

Date: 2012-11-15 01:14 pm (UTC)
From: (Anonymous)
I wouldn't hold my breath waiting for Lenovo to fix this - I have a Thinkpad W520 which has a similar problem - I have to use legacy boot for it to work.

This problem has been discussed for at least the last year and several BIOS revisions haven't helped.

Here we go

Date: 2012-11-15 01:19 pm (UTC)
From: (Anonymous)
I understand your politeness in calling this a bug, like "oops, I hardcoded
the name >>Windows 8<< here and there in firmware, I wanted to ....".

Re: OMG

Date: 2012-11-15 03:13 pm (UTC)
From: (Anonymous)
this explains why parts of UEFI are implemented in php nowdays...

Re: Plan of action

Date: 2012-11-15 04:53 pm (UTC)
From: (Anonymous)
Yeah, that's not a solution.

Re: Plan of action

Date: 2012-11-15 05:24 pm (UTC)
From: (Anonymous)
Many people will not be able to return their hardware if it does not
work with anything else than one operating system and the manufacturer
did not clearly state that; or a BIOS upgrade cripples all installed
OSes except for one. Legal counsel would be helpful, even if it just
consists of publicly given instructions. The BIOS upgrade case
potentially can be intentional damage to already purchased hardware,
or whatever the lawyers call that.

At least these were the thoughts that passed through my head when I was
choosing to buy some piece of dont-know-what with Win 8 logo,
and it also pushed me many years back to times when I was checking
if the hardware has linux drivers at all.

Breach of MS guidelines?

Date: 2012-11-15 06:03 pm (UTC)
From: (Anonymous)
If this was a badged Win8 device, does this not breach MS's guidelines for the x86 platform allowing the suer to run any other OS?

I'm staggered that such behaviours is not a breach of the UEFI standard.

Re: Plan of action

Date: 2012-11-15 06:08 pm (UTC)
From: (Anonymous)
In the EU its easy - return it as unfit for the purpose for which it was sold - the firmware is buggy.

But above all and with all the UEFI secure boot sh*t - phone the company, email them make their tech support costs go up. Their margins are so low that if even a few of the people who can't get old Windows, Linux etc running on the box keeps phoning and complaining they'll make a loss on the product line.

Re: Breach of MS guidelines?

Date: 2012-11-15 06:24 pm (UTC)
From: (Anonymous)
Poor choice of words, apols.

I was thinking that because this prevent the user booting the OS of their choice (even after adding keys and what have you) then it would still be a breach. Guess that would require MS to take action, and I wouldn't expect that to happen any time soon.

I'm just dumbfounded that anyone would do that kind of string check in a place like this. Maybe to check for 0 chars. Maybe even to do a little alphanumeric sort. But "if (string!=magicLetterSequence) then { error }" Really?

Someone really needs a slap.

Really worrying if this kind of crap shows up in other firmware.

Error

Date: 2012-11-15 08:17 pm (UTC)
From: (Anonymous)
addded

Thx!

driving up revenue

Date: 2012-11-15 09:43 pm (UTC)
From: (Anonymous)
Phoning a company to make their support cost go up might not work that well if they do not publish freecall numbers, which they usually don't. Instead, calling them actually makes them more money.

database of badly behaving systems

Date: 2012-11-15 10:38 pm (UTC)
From: (Anonymous)
Do we plan on maintaining a database listing badly behaving systems like that one, so we can choose not to buy such a system?

Simple solution

Date: 2012-11-15 11:06 pm (UTC)
From: (Anonymous)
Why not just rename the Fedora entry to "Red Hat Enterprise Linux"?

Not sure why they added that boneheaded check though, is there perhaps a support contract that only supports Windows and RHEL?

Re: Simple solution

Date: 2012-11-16 01:04 am (UTC)
From: (Anonymous)
What a dumb, short‐term, near‐sighted solution.

Re: OMG

Date: 2012-11-16 02:01 am (UTC)
From: (Anonymous)
WHAT?!

Lenovo's not the only one

Date: 2012-11-16 02:57 am (UTC)
From: (Anonymous)
I encountered the same problem with an MSI A55M-P35 motherboard I purchased last year. Except AFAIK there was no exception for RHEL, it was "Windows Boot Manager" or bust. Thankfully the latest firmware fixes the bug.

Date: 2012-11-16 07:08 am (UTC)
From: (Anonymous)
Might this be a case of trying to enable certain quirks for Windows 8 without testing what happens for other EFI bootloaders?

Languages

Date: 2012-11-16 07:57 am (UTC)
From: (Anonymous)
Does Windows always use that same string no matter which language version you install? ie does a German user and a Chinese user also always have the text "Windows Boot Manager"? Presumably when only Windows is installed it is rare to see the string.

Confused

Date: 2012-11-16 08:07 am (UTC)
From: (Anonymous)
I just bought a lenovo k410 desktop. It looks like I have ami aptivo ufei. I was about to install arch linux. I am confused by what is said above. Is it possible for me to 'identify' the os as rhel and boot arch instead? If so can somebody provide more explicit instructions?

this stinks!
Page 1 of 3 << [1] [2] [3] >>

Profile

Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Nebula. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Page Summary

Expand Cut Tags

No cut tags