I went a couple of times to the Hacklab. It's an interesting place. At the time, it looked like they were squatting in an abandoned building and they looked like Hollywood hacker stereotypes. If it weren't for the proliferation of hardware with Debian and Trisquel logos, their appearance make you would think these were just ordinary anarchist punks. In a way, that's what they are, except they are technoanarchist punks, and obviously not completely anarchist as they know how to work with the legal system. They were very left-leaning, distrustful of all corporations, completely aligned with FSF philosophy; radical, feminist, and fiercely protective of their rights.
I rather miss that scene. I haven't found quite something like it here in Canada.
I hope Nájera manages to get somewhere, but it seems like a hopeless fight against MSFT, the one that is really ensuring that installing the OS of your choice is impossible. The whole "security" thing is a sideshow; the real goal here with "Secure" Boot is to make it harder to install unlicensed copies of Windows.
---
[1] http://hackmitin.espora.org/
("mitin" in Spanish is from English "meeting" but has left-leaning political connotations such as protests and marches.)
How does that make sense? The Lenovo laptop in question, like most non-Apple PCs sold in the West, came with a licensed copy of some version of Windows; and Microsoft's strategy lately has been to offer (almost coerce) free OS upgrades, apparently valuing users being up-to-date over the revenue it could gain from the meager fraction of users who'd pay for upgrades. So there's little reason for users to ever install pirated copies of Windows on such devices, or for Microsoft to care if they do (in order to downgrade or whatever).
In China and elsewhere the situation is different, but since the manufacturers are "in on" the piracy, there is no reason they'd enable any firmware features that could hinder users from installing pirated Windows; and even if a future version of Windows requires Secure Boot, that would just be patched out along with the activation checks. (That is, if China ever gets off Windows XP!)
This is an utterly ridiculous conspiracy theory with zero connection to the reality.
Not only does Secure boot not affect someone trying to install a pirated copy of Windows, but it singlehandedly does more against malware than the entire AV industry ever.
Lenovo are also infamous for refusing the refund the Windows tax (i.e. when you want refund the price of Windows that came with computer pre-installed, because you don't want to use it). Only taking them to court can help.
However, when you throw away your OEM windows, you’re essentially throwing away money.
There’re good laptops that come with Linux or FreeDos preinstalled.
They mostly targeted towards enterprise market (who get their Windows through volume licensing). But I find it’s a good thing: besides OS choice I usually get upgradability, reliability, and reasonable prices (IMO companies are better at tracking their expenses). For example, take a look at HP ProBook series: they are good, include wide range of specs, and if you want to, you can get one without Windows.
This is an excellent and underrated point: http://arstechnica.com/gadgets/2016/06/the-xps-13-de-dell-co....
Can you actually get these *nix laptops for cheaper than their Windows equivalents? I personally consider Windows these days to be just one more piece of bloatware to remove, but I never got the impression that it added much to the bottom line cost.
And yes, models without Windows are typically cheaper, sometimes significantly.
Consider ProBook 450 G3 X0P36ES versus T6Q45ET. They both have i5-6200U, 4GB RAM, matte 15” FullHD, Intel GPU. The former has FreeDOS preinstalled and costs €540, the latter includes Windows 7 Professional and costs €750.
I bought then an ASUS n46vm with win8, hoping to remove it and install linux... never figured how to boot any os installer, even after disabling secureboot even memtest86 refused to boot.
Manufacturers pay the distributions to do hardware enablement if they think there is a customer for the OS on their hardware: alternative OS users are invisible if they buy Windows laptops. Every quarter when the distributions meet with the manufacturers the main topic of conversation is how many units shipped with their OS - this guides investment.
Furthermore, manufacturers are the main way that other parts of the ecosystem learn about demand for an OS. As a Linux distribution, if you can't get Intel to give support for a chipset then the main thing you do is phone up HP/Dell/Lenovo etc and get them to convince Intel for you. That's not going to happen if the manufacturer doesn't know that there are client side Linux users.
[0] I don't know about the hardware enablement story for alternatives like *BSD
In this case, it looks like Lenovo either accidentally or intentionally borked the implementation of Secure Boot, because you are supposed to be able to turn it off when using non-Microsoft operating systems.
FWIW, I believe Fedora supports Secure Boot by signing a static bootloader ("shim") that loads GRUB after checking its signature[0].
As your link mentions, that loader only loads signed kernels (with signed modules).
edit:
> designed to prevent malware
That's the official story. Anybody familiar with Microsoft's history knows they have been trying to lock down the wintel platform for a long time. Creating a "Trusted Computing" environment specifically for DRM purposes has been a goal since "Palladium".
I worked on Palladium from very early days in 2002 through renaming to NGSCB and the eventual shutdown/transition of the project to ship BitLocker in Vista
The team never saw DRM as being an interesting use case. Remember that the Darknet paper [1] was written by the Palladium architects and product manager. The team fully understood that DRM wasn't an effective use of a secure computing environment.
The scenarios that we were interested in were more like credential management, or being able to run remote sessions from a trusted space within an otherwise untrusted machine, etc.
Are you implying Microsoft encouraged Lenovo to disable the firmware toggle for Secure Boot? Even though it's only defective on one model of one manufacturer's computer, and literally any other computer (including the Surface x86 line) can toggle it?
I don't see why they would maliciously introduce Secure Boot and only sabotage it on a very small number of computers.
These manufacturers do primarily exist to make money for Microsoft. Their margins are stupidly low, sometimes even negative, and yet Microsoft always enjoys very, very healthy margins on Windows itself.
If the industry stopped racing to the bottom they'd be fine. Until then they need the Microsoft marketing money they get to survive.
Since it also had other quirks (usb 3.0 port never worked) it might be a hardware defect interacting with the boot process.
