mjg59 | More in the series of bizarre UEFI bugs

A (well, now former) coworker let me know about a problem he was having with a Lenovo Thinkcentre M92p. It booted Fedora UEFI install media fine, but after an apparently successful installation refused to boot. UEFI installs on Windows worked perfectly. Secure Boot was quickly ruled out, but this could still have been a number of things. The most interesting observation was that the Fedora boot option didn't appear in the firmware boot menu at all, but Windows did. We spent a little while comparing the variable contents, gradually ruling out potential issues - Linux was writing an entry that had an extra 6 bytes in a structure, for instance[1], and a sufficiently paranoid firmware implementation may have been tripping up on that. Fixing that didn't help, though. Finally we tried just taking the Windows entry and changing the descriptive string. And it broke.

Every UEFI boot entry has a descriptive string. This is used by the firmware when it's presenting a menu to users - instead of "Hard drive 0" and "USB drive 3", the firmware can list "Windows Boot Manager" and "Fedora Linux". There's no reason at all for the firmware to be parsing these strings. But the evidence seemed pretty strong - given two identical boot entries, one saying "Windows Boot Manager" and one not, only the first would work. At this point I downloaded a copy of the firmware and started poking at it. Turns out that yes, actually, there is a function that compares the descriptive string against "Windows Boot Manager" and appears to return an error if it doesn't match. What's stranger is that it also checks for "Red Hat Enterprise Linux" and lets that one work as well.

This is, obviously, bizarre. A vendor appears to have actually written additional code to check whether an OS claims to be Windows before it'll let it boot. Someone then presumably tested booting RHEL on it and discovered that it didn't work. Rather than take out that check, they then addded another check to let RHEL boot as well. We haven't yet verified whether this is an absolute string match or whether a prefix of "Red Hat Enterprise Linux" is sufficient, and further examination of the code may reveal further workarounds. For now, if you want to run Fedora[2] on these systems you're probably best off changing the firmware to perform a legacy boot.

[1] src/include/efi.h: uint8_t padding[6]; /* Emperically needed */, says the efibootmgr source code. Unhelpful.
[2] Or Ubuntu, or Suse, or…

Page 1 of 2 << [1] [2] >>

Flat | Top-Level Comments Only

From: (Anonymous)

What option do we have, how can we address that as a community?

From: (Anonymous)

Maybe annnoying/DDoSing the sloppy vendor with all the different variations of things they broke with that helpful check (like, "I've tried these Linux distributions: [liiiist] and not a single one [but RHEL] worked after successful installation in UEFI mode while all of these work on an [HP/SONY/ASUS item]")...

That takes hardware and patience though, no use to cheat.

--
Michael Shigorin

Re: Plan of action

From: (Anonymous) - Date: 2012-11-15 04:53 pm (UTC) - Expand

Re: Plan of action

From: (Anonymous) - Date: 2012-11-16 03:22 pm (UTC) - Expand

Re: Plan of action

From: (Anonymous) - Date: 2012-11-15 10:31 am (UTC) - Expand

Re: Plan of action

From: (Anonymous) - Date: 2012-11-15 05:24 pm (UTC) - Expand

Re: Plan of action

From: (Anonymous) - Date: 2012-11-15 06:08 pm (UTC) - Expand

driving up revenue

From: (Anonymous) - Date: 2012-11-15 09:43 pm (UTC) - Expand

Re: driving up revenue

From:

reddragdiva - Date: 2012-11-17 08:42 am (UTC) - Expand

Re: Plan of action

From: (Anonymous) - Date: 2013-02-24 10:16 pm (UTC) - Expand

From: (Anonymous)

I'd wager it'd be more likely they wanted to check off a box and say RHEL was supported in the most obtuse, shortsighted way possible rather than a 'bug fix'.

From: (Anonymous)

Many of us have UEFI machines with no legacy boot option at all. So the legacy boot workaround is not a solution. Fortunately, my Dell Alienware X51 added Fedora 17 to the boot menu fine. I got nowhere trying to test F18 however.

From: (Anonymous)

So the webdev that have been thrown out for breaking website with buggy and stupid useragent checks, are now doing UEFI dev, fan-ta-stic, the world is going to be beautiful… not.

From: (Anonymous)

this explains why parts of UEFI are implemented in php nowdays...

Re: OMG

From: (Anonymous) - Date: 2012-11-16 02:01 am (UTC) - Expand

From: (Anonymous)

I wouldn't hold my breath waiting for Lenovo to fix this - I have a Thinkpad W520 which has a similar problem - I have to use legacy boot for it to work.

This problem has been discussed for at least the last year and several BIOS revisions haven't helped.

From:

cxl [launchpad.net]

That's strange...my W520 doesn't have that problem (although it has a plethora of others). It couldn't care less about what I call the UEFI entries, be it "Fedora 18", "Windows Boot Manager", or "My Computer Always Breaks".

Could you post a link to the relevant websites/forums on the issue? Maybe I can help :)

Re: Don't wait for Lenovo to fix this

From: (Anonymous) - Date: 2013-02-01 11:42 pm (UTC) - Expand

From: (Anonymous)

I understand your politeness in calling this a bug, like "oops, I hardcoded
the name >>Windows 8<< here and there in firmware, I wanted to ....".

From: (Anonymous)

If this was a badged Win8 device, does this not breach MS's guidelines for the x86 platform allowing the suer to run any other OS?

I'm staggered that such behaviours is not a breach of the UEFI standard.

From:

mjg59

There's a UEFI specification, not a UEFI standard. What people do with that is up to them. As far as the Microsoft thing goes - there's some constraints on what vendors have to do with Secure Boot, but nothing that covers this.

Re: Breach of MS guidelines?

From: (Anonymous) - Date: 2012-11-15 06:24 pm (UTC) - Expand

Re: Breach of MS guidelines?

From: (Anonymous) - Date: 2012-11-16 11:07 am (UTC) - Expand

Re: Breach of MS guidelines?

From: (Anonymous) - Date: 2012-11-16 03:46 pm (UTC) - Expand

Re: Breach of MS guidelines?

From: (Anonymous) - Date: 2012-11-26 10:23 pm (UTC) - Expand

From: (Anonymous)

addded

Thx!

From: (Anonymous)

Do we plan on maintaining a database listing badly behaving systems like that one, so we can choose not to buy such a system?

From: (Anonymous)

Why not just rename the Fedora entry to "Red Hat Enterprise Linux"?

Not sure why they added that boneheaded check though, is there perhaps a support contract that only supports Windows and RHEL?

From: (Anonymous)

What a dumb, short‐term, near‐sighted solution.

From: (Anonymous)

I encountered the same problem with an MSI A55M-P35 motherboard I purchased last year. Except AFAIK there was no exception for RHEL, it was "Windows Boot Manager" or bust. Thankfully the latest firmware fixes the bug.

From: (Anonymous)

Might this be a case of trying to enable certain quirks for Windows 8 without testing what happens for other EFI bootloaders?

From:

mjg59

It looks like exactly the same code path is used for RHEL, so unless the quirks are intended to be shared...

From: (Anonymous)

Does Windows always use that same string no matter which language version you install? ie does a German user and a Chinese user also always have the text "Windows Boot Manager"? Presumably when only Windows is installed it is rare to see the string.

From:

mjg59

Good question. I don't know, but I'd assume it's the same in all languages.

Re: Languages

From:

cxl [launchpad.net] - Date: 2012-11-16 08:03 pm (UTC) - Expand

Re: Languages

From: (Anonymous) - Date: 2013-08-29 10:43 am (UTC) - Expand

From: (Anonymous)

I just bought a lenovo k410 desktop. It looks like I have ami aptivo ufei. I was about to install arch linux. I am confused by what is said above. Is it possible for me to 'identify' the os as rhel and boot arch instead? If so can somebody provide more explicit instructions?

this stinks!

From:

cxl [launchpad.net]

Absolutely :) Just run: sudo modprobe efivars sudo efibootmgr --create --loader '\path\to\arch's\bootloader.efi' --label "Red Hat Enterprise Linux" and that's it :) Just press F12 when booting and choose the appropriate entry.

From: (Anonymous)

BIOS programmers are used to this sort of "workarounds". This is a part of a DSDT table from my Dell Vostro 1310 :

http://pastebin.com/LkFMYP3J

Used to catch a lot of quirks for specific models in linux kernel dealing with these "If Windows do this - if anything else - who gives a #@$@#%! ..."

From: (Anonymous)

A lot of laptops have "secret" partitions, where they store either recovery images or things like that. My Dell laptop came with one that had a media player (DVD, CD, &c); if you pressed the "Media" button when the machine was off instead of the "power" button, it would boot into this partition rather than Windows.

Maybe the point of this is to hide these "secret" partitions so people don't try to boot them? And during development, it was easier to have a "whitelist" rather than a "blacklist", because the team that made the partition was different than the team that wrote the BIOS?

From: (Anonymous)

I have a Lenovo W520, and what seems to be happening is that the firmware will ONLY boot the file "/EFI/Boot/bootx64.efi" on the EFI System Partition. It doesn't seem to matter what description you give it, if you rename your .efi boot manager to that exact location and filename, and if the system is set to UEFI boot, it will boot that manager. I've installed rEFInd boot manager and Grub2 boot manager in that location (renaming the .efi files) and both work fine. From rEFInd you can easily boot Windows or Linux .efi files if you put them in the right places for rEFInd to find. The Grub2 was installed by Ubuntu 12.10, which is UEFI and SecureBoot aware. However, Lenovo's firmware didn't like the location Ubuntu had put the file, so it wouldn't boot. Renaming it /EFI/Boot/bootx64.efi works perfectly. Note you have to make sure the disk containing the EFI partition is higher in priority order than any other disk that might boot for it to work automatically.

I'm not saying a string check isn't happening, but the location listed above seems to override any string check.

From:

cxl [launchpad.net]

Did you add the efi file to the UEFI entries using efibootmgr. If you don't do that, the system will of course always boot "/EFI/Boot/bootx64.efi". As far as I know, no UEFI bios will search for "*.efi" files. You need to add them explicitly by running: sudo efibootmgr --create --loader '\EFI\whatever\grubx64.efi' --label 'My Installed OS'

From: (Anonymous)

There was a similar, but slightly different, diamond graphics card issue in the past. In short diamond thought that releasing programming information would lead to the loss of their uboat fleet in the north atlantic.

This resulted in a campaign of people buying new graphics card contacting their marketing people once and telling them that they were buying competing hardware due to diamond's refusal to support linux. Eventually this got the desired result and, if I remember correctly, diamond paid good money for their hardware to be well supported.

Maybe the same technique would work for Lenovo and others. I will either buy hardware which explicitly supports linux or build a box out of linux compatible bits. If I never buy a windows licence then it should be easy to avoid hardware which requires it :-)

From: (Anonymous)

I bought a HP printer because it did support Linux, and I wrote HP to tell them that that was one of the main reasons that I had bought their product. Let's hope that positive reinforcement works too! :-)

Best,
Pierre.

Re: Bullying h/w vendors and/or the opposite

From: (Anonymous) - Date: 2020-09-04 10:32 pm (UTC) - Expand

From:

https://www.google.com/accounts/o8/id?id=AItOawk2y7Dtgp-Qx3hq7GJI_X-deTulE8Evbp4

This issue looks like an innocent misfeature, but not all Lenovo's firmware quirks are.

They also have a WiFi/3G card whitelist that stops you using non-Lenovo cards. When pressed they'll claim that the FCC makes them do this. When you point out that (a) you don't live in the US and what the FCC says doesn't matter; and (b) they've never cited the actual regulation in question, they'll change their story to say that "regulators" around the world make them.

Oddly, those same regulations appear to also affect HP, but not Dell or Acer.

They don't disclose their hardware lockout on their web site, sales documentation, etc.

I wrote a bit of a rant about this when it bit me a while ago. On the upside they replaced my 3G card free of charge with a Lenovo one; on the flip side, they still haven't fixed their website and the new card doesn't work as well as my old one did.

They really shouldn't be able to sell machines as "Mobile Broadband Ready" when they mean "Lenovo Mobile Broadband Card ready (approved models only, machine will fail to POST with non-approved card installed)".

Blog post with details, quotes from Lenovo emails, quotes from sales chat, etc (http://blog.ringerc.id.au/2012/06/lenovo-sales-and-support-reps-dont-get.html).

I'm about to file an ACC compliant, as I've given them long enough. Anyone else bitten by this, please file consumer protection complaints in your respective countries.

From:

mjg59

From 8 years ago

From: (Anonymous)

Hello.

I bought laptop ASUS k55n, and when I try boot linux in UEFI mode system is freesing. Reset helps for reboot. Does anybody have this problem too?

From: (Anonymous)

I don't think Lenovo will react to many calls about Linux support by improving it. More likely they will identify Linux users as troublesome, and remove whatever support they have. The only way to affect them is for very large purchasers to make demands on them. The entry for RHEL is no doubt a ham-handed response to a requirement from a large customer.

From: (Anonymous)

Matthew,

Thanks for the well written article. It is unclear exactly why this was implemented as is, but we are aware of the concerns expressed here and are working on a BIOS update to address this.

Mark Hopkins,
Lenovo Services

From:

vennard.org.uk

A colleague of mine pointed me towards your blog a while ago and I've been reading it for a while - good work. Normally I don't comment, but this entry echoes an experience I've been having.

I run a F17 and Windows dual system, where F17 and Windows are on separate disks each with its own EFI partition. When I unplug the F17 disk and boot the system, then (on next shutdown) plug the disk back in, the BIOS "can't find" the EFI bootloader on that disk. It is there. I can put it back via the livecd and grub2-install, which crucially prods the BIOS to update its boot order.

Curiously, however, the same sequence applied to the Windows disk brings the Windows Boot Manager back. Which is just as well as I don't have a PE disk capable of running bcdboot or whatever incantation is needed for Windows (yet).

This sounds like a similar issue to what you're seeing. I'm going to dissect my BIOS tomorrow and see if I see strings.

From:

xtalviper

So yeah, I too have a Lenovo K410 and spent two days of hair pulling before I gave up. I'm confused on the whole UEFI thing. First off, after reading thru forum stuff, someone said to look at some directory to see if it was booting via UEFI or not, and because I didnt see that (can't remember exactly now, it was last week) I figured it wasn't. However no matter what I did, Windows 7 just boots, and Ubuntu, or rather the Grub menu, never shows up. Someone said something about the partition table being GPT instead of MSDOS, so I even did that, changed it and wiped the disk, creating new partitions, starting all over, installing Win 7 and then Ubuntu, but same damn problem.

Because I see no "legacy" over UEFI options in the BIOS menu, I see I can't do that. How would I go about making this work for Ubuntu? (12.10 to be precise.)

From: (Anonymous)

try this for the k410: go to bios>startup>enable csm>restart>access bios again>startup. you should be able to set it to legacy.

Re: Confused as well

From: (Anonymous) - Date: 2012-12-21 03:03 pm (UTC) - Expand

From: (Anonymous)

I have two Lenovos - a V470 and a W530; The V470 really coughed on Linux - have not even considered trying it yet on this new W530. What are you experiences with these two, anyone?

richard@thornton.net

From: (Anonymous)

I have a Lenovo Ideapad Z580. It came with Windows 8 (not required by me for any purpose whatsoever), and I dual-booted with Ubuntu Linux 12.04.2 LTS. Upon starting the laptop every morning, it just goes into a blank screen. There are some solutions, however, none of them permanent as yet. My line of action now, is to totally get rid of whatever Windows 8 has, partitions, etc, and do a clean install of Ubuntu 12.04.2. Unless some solution does come up. BTW, Lenovo support in India also stated that if anything other than Windows 8 is found on the laptop, the warranty is void. They also did not offer option to downgrade Windows 8 to Windows 7. M$ does not sell Windows 7 anymore to normal Indian consumers anymore.