[personal profile] mjg59
Update: Patches to fix this have been posted

There's a story going round that Lenovo have signed an agreement with Microsoft that prevents installing free operating systems. This is sensationalist, untrue and distracts from a genuine problem.

The background is straightforward. Intel platforms allow the storage to be configured in two different ways - "standard" (normal AHCI on SATA systems, normal NVMe on NVMe systems) or "RAID". "RAID" mode is typically just changing the PCI IDs so that the normal drivers won't bind, ensuring that drivers that support the software RAID mode are used. Intel have not submitted any patches to Linux to support the "RAID" mode.

In this specific case, Lenovo's firmware defaults to "RAID" mode and doesn't allow you to change that. Since Linux has no support for the hardware when configured this way, you can't install Linux (distribution installers will boot, but won't find any storage device to install the OS to).

Why would Lenovo do this? I don't know for sure, but it's potentially related to something I've written about before - recent Intel hardware needs special setup for good power management. The storage driver that Microsoft ship doesn't do that setup. The Intel-provided driver does. "RAID" mode prevents the Microsoft driver from binding and forces the user to use the Intel driver, which means they get the correct power management configuration, battery life is better and the machine doesn't melt.

(Why not offer the option to disable it? A user who does would end up with a machine that doesn't boot, and if they managed to figure that out they'd have worse power management. That increases support costs. For a consumer device, why would you want to? The number of people buying these laptops to run anything other than Windows is miniscule)

Things are somewhat obfuscated due to a statement from a Lenovo rep:This system has a Signature Edition of Windows 10 Home installed. It is locked per our agreement with Microsoft. It's unclear what this is meant to mean. Microsoft could be insisting that Signature Edition systems ship in "RAID" mode in order to ensure that users get a good power management experience. Or it could be a misunderstanding regarding UEFI Secure Boot - Microsoft do require that Secure Boot be enabled on all Windows 10 systems, but (a) the user must be able to manage the key database and (b) there are several free operating systems that support UEFI Secure Boot and have appropriate signatures. Neither interpretation indicates that there's a deliberate attempt to prevent users from installing their choice of operating system.

The real problem here is that Intel do very little to ensure that free operating systems work well on their consumer hardware - we still have no information from Intel on how to configure systems to ensure good power management, we have no support for storage devices in "RAID" mode and we have no indication that this is going to get better in future. If Intel had provided that support, this issue would never have occurred. Rather than be angry at Lenovo, let's put pressure on Intel to provide support for their hardware.

Linux certainly does the wrong thing here.

Date: 2016-09-21 07:38 pm (UTC)
From: (Anonymous)
This is why when I build PCs I tend to use older hardware, e.g. the home server I just built is Haswell and not Skylake.

Bleeding edge hardware often takes a little time before the drivers in Linux are quality, especially when using enterprise distributions like CentOS.

For Linux laptops I always buy used, used means getting Linux to work on the model I choose is well documented.

easy answer

Date: 2016-09-22 02:37 am (UTC)
From: (Anonymous)
>Why should it be up to the user? Should the user be able to program every >memory timing option, even if by doing so they introduce occasional crashes? >Should they be able to set every thermal threshold, even if by doing so >they're reducing their hardware life expectancy? All hardware vendors >restrict the options available to users.

Of course, the user should be able to do all that. Whose machine is it, anyway?

Date: 2016-09-22 05:17 am (UTC)
From: (Anonymous)
The ugly part is this BIOS hack prevents you from reinstalling the microsoft windows.

So users are stuck with whatever lenovo decides to add, and in the past that has included a fair bit of not just crapware, but actually malware which leaves your system vulnerable from attack.

Date: 2016-09-23 12:51 am (UTC)
From: (Anonymous)
How does it prevent reinstallation?

Its not hard to add a disk driver from a second usb stick or bake it into the install media.

Date: 2016-09-23 02:05 am (UTC)
From: (Anonymous)
Should the user be able to program every memory timing option, even if by doing so they introduce occasional crashes? Should they be able to set every thermal threshold, even if by doing so they're reducing their hardware life expectancy?

Uh, yes?
"Hell yes", even?
It's the user's bloody machine. They have every right to smash it with a sledgehammer, should they desire.

Making a conscious decision to trade off a small amount of life expectancy for the ability to use it the way they want to during that life? Why would you even question that?

Date: 2016-09-23 07:24 am (UTC)
marahmarie: my initials (MM) (Default)
From: [personal profile] marahmarie
"Should they have to" would've been better than "Should they be able to" unless Mat's suddenly against the very thing he does all the time - taking things apart/changing settings himself.

As someone who believes in tinkering with whatever we like, my mouth sort of dropped open at whether or not we should be able to. The day we can't is the day I will smash the very items that keep me from doing so with a sledgehammer.

This post reeks of hypocrisy and inaccuracy - or at least a total lack of editing.
Edited (clarity - the thing this post needs so badly) Date: 2016-09-23 07:25 am (UTC)

Date: 2016-09-24 04:18 am (UTC)
marahmarie: my initials (MM) (Default)
From: [personal profile] marahmarie
Your reply is, at best, disingenuous. I mean, tell me you've never overclocked a CPU, or that you don't at least know how to. Yet you write:

Why should it be up to the user?

OK, so why not, if I paid for the damn thing?

Should the user be able to program every memory timing option, even if by doing so they introduce occasional crashes?

Oh, hell yes, if I paid for the damn thing.

Should they be able to set every thermal threshold, even if by doing so they're reducing their hardware life expectancy?

Yes! I paid for the damn thing, so if I void the warranty, that's on me; no one else's concern.

All hardware vendors restrict the options available to users.

Doesn't mean they should. I had an eMachines years ago I couldn't overclock to my endless frustration, since it had long been out of warranty by then. My problem should I want to, not anyone else's.

I normally defer to your opinion because you actually know more than I do about a lot of the topics you cover here, but this post's just squirrelly, between the unconfirmed statements you pulled from ZDNet and the sudden idea you seem to have that our tampering should be kept to a minimum on machines we bought and paid for ourselves.

I mean, you can't say to a roomful of tinkerers "should you be allowed to do so much tinkering" and expect it to go over well, because obviously it's not.
Edited (typos) Date: 2016-09-24 04:21 am (UTC)

Date: 2016-09-24 08:41 pm (UTC)
From: (Anonymous)
I think it's entirely reasonable for a manufacturer to not provide access to every tweakable setting on a device. It's highly likely that some of those settings, if set incorrectly, could result in the device failing before the warranty is up. Even if they can determine that the settings have been tampered with; they provide some kind of prompt for the user to acknowledge that they're going to void their warranty if the set certain options in BIOS and can then stop warranty claims based on this, it's going to cost the manufacturer to handle such claims. They'll also probably have to deal with the odd law suit from annoyed customers who have clicked through the prompt, badly tweaked their BIOS and killed their machine. This puts up costs for the manufacturer and as a result puts up cost for the end user as it will be past on as higher prices. This potentially makes their product less competitive and thus runs the risk of losing sales to their competitors.

You get to tweak the settings provided. That's (probably) how it was when you bought it (i.e. It assumes such changes haven't been added in a BIOS upgrade or something after you've bought it, not that many people actually apply those anyway...). If you don't like it such situations, maybe you need to do a bit more homework before buying a unit and possibly buy something else that does provide you the room to tweak as you see fit.

That is not to say that they may not have been a bit zealous on the locking down here, but it sounds like a quick hack was introduced to hide advanced functionality in the BIOS that they didn't deem necessary for their target audience (read: not tinkerers). Expecting a manufacturer who are in the market of producing reasonably priced consumer units to allow everything to be tweaked is rather naive.

Date: 2016-09-26 05:55 am (UTC)
marahmarie: my initials (MM) (Default)
From: [personal profile] marahmarie
If you're talking about my eMachines when you say, "You get to tweak the settings provided. [...] That is not to say that they may not have been a bit zealous on the locking down", "zealous" does not begin to describe it. You simply couldn't overclock it, period. Even the most advanced overclockers were forced to admit it. The machine was reliable enough (I ran it for 11 years, another person for two years before me; it would still run now if soldering bad capacitors was my thing, and it was a gift so I didn't get to choose how modifiable it was) if rather low-end, and it shipped underclocked for what it was actually capable of.

Expecting a manufacturer who are in the market of producing reasonably priced consumer units to allow everything to be tweaked is rather naive.

So only those who sink big money into more user-modifiable rigs or build-your-own Frankensteins should get to tinker more fully with them? This seems to fly counter to logic, as it seems you'd want the ability to destroy cheap crap to know how to do it right by the time you're working on better machines.

It seems to me if you're knowledgeable enough to mess with the clearly obscure settings discussed within the parameters of this post then it's on you if things go wrong, and that anyone knowledgeable enough to mess with such settings should accept that responsibility to begin with. I don't like all this "holding back what you can do for your own good" stuff, sorry.

If manufacturers were so worried about people bricking computers and the odd lawsuit or two (thousand) then why don't they print manuals and instructions and hold "hacking your own BIOS" classes on the regular and charge for them, too, after they make people sign away their rights forever, a la Windows 10 Insider Preview software? No one but the most devoted hackers would sign up, they could run the classes marathon style and everyone involved just might have a blast.

If they can't or won't take such steps to help the hands-on set then something's wrong because it's not like they're guarding state secrets inside those motherboards and CPUs (well, Intel might be, with their nifty little assortment of NSA-friendly backdoored silicon, but that's another story).
Edited (clarity) Date: 2016-09-26 06:00 am (UTC)

Powering the secret: secret powers

Date: 2016-09-23 01:17 pm (UTC)
From: (Anonymous)
> It's a hack to work around the fact that Intel won't tell anyone else how to make power management work properly on Intel platforms, including Microsoft.

Maybe Intel has something to hide (or not allowed to share) in this power management? Knowing it would allow people to not enable something that it's not supposed to be known by.. people? There is so much we can't trust in Intel.


Matthew Garrett

About Matthew

Power management, mobile and firmware developer on Linux. Security developer at Google. Ex-biologist. @mjg59 on Twitter. Content here should not be interpreted as the opinion of my employer.

Page Summary

Expand Cut Tags

No cut tags