Some Lenovo laptops with AMD Rembrandt chips and Microsoft's Pluto security coprocessor are limited to Windows operating systems, according to reports.
The quirk was initially discovered by Linux security expert Matthew Garrett, who discovered that he was having difficulty booting Linux from a USB drive on a Lenovo Z13 ThinkPad mobile workstation.
Those affected use the AMD Ryzen 6000 chip and only allow Windows OS versions to boot by default.
Linux operating system for Lenovo laptops
It appears that the affected Lenovo laptops do not trust bootloaders that use third-party UEFI CA keys from Microsoft. When a non-Windows operating system is loaded on laptops that support Secure Boot and TPM, the previous operating system keys are erased.
Garrett explained on his blog (opens in a new tab) that this "means you won't be able to boot from external third-party devices connected via Thunderbolt."
He continues: “There is no security benefit to this. If you want security here, pay attention to the values measured in the TPM, and thanks to Microsoft's own specification for measurements made in PCR 7, going from booting Windows to booting something signed with the third-party signing key will change. measures and invalidate all sealed secrets. It's trivial to detect that. Distrusting the default third-party CA does not improve security, it only makes it harder for users to boot alternative operating systems.
For now, it appears to be possible to boot Linux on affected AMD-powered Lenovo laptops by disabling the UEFI BIOS restriction, but given the company's recent improvements to support the Linux operating system recently, the whole move seems somewhat counterproductive. if not confused.
This is unlikely to cause a problem for most users, who are happy with the default Windows operating system, but it may put off business users of much of Lenovo's lineup. That said, Tom's Hardware (opens in a new tab) notes that this hurdle doesn't directly apply to all laptops powered by Lenovo or Microsoft Pluto, which is great news for Linux enthusiasts.