I went a couple of times to the Hacklab. It's an interesting place. At the time, it looked like they were squatting in an abandoned building and they looked like Hollywood hacker stereotypes. If it weren't for the proliferation of hardware with Debian and Trisquel logos, their appearance make you would think these were just ordinary anarchist punks. In a way, that's what they are, except they are technoanarchist punks, and obviously not completely anarchist as they know how to work with the legal system. They were very left-leaning, distrustful of all corporations, completely aligned with FSF philosophy; radical, feminist, and fiercely protective of their rights.
I rather miss that scene. I haven't found quite something like it here in Canada.
I hope Nájera manages to get somewhere, but it seems like a hopeless fight against MSFT, the one that is really ensuring that installing the OS of your choice is impossible. The whole "security" thing is a sideshow; the real goal here with "Secure" Boot is to make it harder to install unlicensed copies of Windows.
---
[1] http://hackmitin.espora.org/
("mitin" in Spanish is from English "meeting" but has left-leaning political connotations such as protests and marches.)
How does that make sense? The Lenovo laptop in question, like most non-Apple PCs sold in the West, came with a licensed copy of some version of Windows; and Microsoft's strategy lately has been to offer (almost coerce) free OS upgrades, apparently valuing users being up-to-date over the revenue it could gain from the meager fraction of users who'd pay for upgrades. So there's little reason for users to ever install pirated copies of Windows on such devices, or for Microsoft to care if they do (in order to downgrade or whatever).
In China and elsewhere the situation is different, but since the manufacturers are "in on" the piracy, there is no reason they'd enable any firmware features that could hinder users from installing pirated Windows; and even if a future version of Windows requires Secure Boot, that would just be patched out along with the activation checks. (That is, if China ever gets off Windows XP!)
This is an utterly ridiculous conspiracy theory with zero connection to the reality.
Not only does Secure boot not affect someone trying to install a pirated copy of Windows, but it singlehandedly does more against malware than the entire AV industry ever.
Lenovo are also infamous for refusing the refund the Windows tax (i.e. when you want refund the price of Windows that came with computer pre-installed, because you don't want to use it). Only taking them to court can help.
However, when you throw away your OEM windows, you’re essentially throwing away money.
There’re good laptops that come with Linux or FreeDos preinstalled.
They mostly targeted towards enterprise market (who get their Windows through volume licensing). But I find it’s a good thing: besides OS choice I usually get upgradability, reliability, and reasonable prices (IMO companies are better at tracking their expenses). For example, take a look at HP ProBook series: they are good, include wide range of specs, and if you want to, you can get one without Windows.
This is an excellent and underrated point: http://arstechnica.com/gadgets/2016/06/the-xps-13-de-dell-co....
Can you actually get these *nix laptops for cheaper than their Windows equivalents? I personally consider Windows these days to be just one more piece of bloatware to remove, but I never got the impression that it added much to the bottom line cost.
And yes, models without Windows are typically cheaper, sometimes significantly.
Consider ProBook 450 G3 X0P36ES versus T6Q45ET. They both have i5-6200U, 4GB RAM, matte 15” FullHD, Intel GPU. The former has FreeDOS preinstalled and costs €540, the latter includes Windows 7 Professional and costs €750.
Manufacturers pay the distributions to do hardware enablement if they think there is a customer for the OS on their hardware: alternative OS users are invisible if they buy Windows laptops. Every quarter when the distributions meet with the manufacturers the main topic of conversation is how many units shipped with their OS - this guides investment.
Furthermore, manufacturers are the main way that other parts of the ecosystem learn about demand for an OS. As a Linux distribution, if you can't get Intel to give support for a chipset then the main thing you do is phone up HP/Dell/Lenovo etc and get them to convince Intel for you. That's not going to happen if the manufacturer doesn't know that there are client side Linux users.
[0] I don't know about the hardware enablement story for alternatives like *BSD
In this case, it looks like Lenovo either accidentally or intentionally borked the implementation of Secure Boot, because you are supposed to be able to turn it off when using non-Microsoft operating systems.
FWIW, I believe Fedora supports Secure Boot by signing a static bootloader ("shim") that loads GRUB after checking its signature[0].
As your link mentions, that loader only loads signed kernels (with signed modules).
edit:
> designed to prevent malware
That's the official story. Anybody familiar with Microsoft's history knows they have been trying to lock down the wintel platform for a long time. Creating a "Trusted Computing" environment specifically for DRM purposes has been a goal since "Palladium".
Since it also had other quirks (usb 3.0 port never worked) it might be a hardware defect interacting with the boot process.
