
In Defense of Free Software: My Case Against Lenovo in Mexico - thingamarobert
https://globalvoices.org/2016/06/16/in-defense-of-free-software-my-case-against-lenovo-in-mexico/
======
jordigh
There's a collective of quixotic Mexican software developers and users that is
quite active. I wonder why is it that FSF's philosophy with its exhortation to
viciously defend freedom resonates so well in some parts of Mexico. It was
those groups, which congregate on the Hackmitin[1], Hacklab Autónomo[2] and
Rancho Electrónico[3] that helped Jacobo Nájera with his legal proceedings
against Secure Boot.

I went a couple of times to the Hacklab. It's an interesting place. At the
time, it looked like they were squatting in an abandoned building and they
looked like Hollywood hacker stereotypes. If it weren't for the proliferation
of hardware with Debian and Trisquel logos, their appearance make you would
think these were just ordinary anarchist punks. In a way, that's what they
are, except they are _techno_ anarchist punks, and obviously not completely
anarchist as they know how to work with the legal system. They were _very_
left-leaning, distrustful of all corporations, completely aligned with FSF
philosophy; radical, feminist, and fiercely protective of their rights.

I rather miss that scene. I haven't found quite something like it here in
Canada.

I hope Nájera manages to get somewhere, but it seems like a hopeless fight
against MSFT, the one that is really ensuring that installing the OS of your
choice is impossible. The whole "security" thing is a sideshow; the real goal
here with "Secure" Boot is to make it harder to install unlicensed copies of
Windows.

\---

[1] [http://hackmitin.espora.org/](http://hackmitin.espora.org/)

("mitin" in Spanish is from English "meeting" but has left-leaning political
connotations such as protests and marches.)

[2] [http://hacklab.espora.org/](http://hacklab.espora.org/)

[3] [http://ranchoelectronico.org/](http://ranchoelectronico.org/)

~~~
comex
> The whole "security" thing is a sideshow; the real goal here with "Secure"
> Boot is to make it harder to install unlicensed copies of Windows.

How does that make sense? The Lenovo laptop in question, like most non-Apple
PCs sold in the West, came with a licensed copy of some version of Windows;
and Microsoft's strategy lately has been to offer (almost coerce) free OS
upgrades, apparently valuing users being up-to-date over the revenue it could
gain from the meager fraction of users who'd pay for upgrades. So there's
little reason for users to ever install pirated copies of Windows on such
devices, or for Microsoft to care if they do (in order to downgrade or
whatever).

In China and elsewhere the situation is different, but since the manufacturers
are "in on" the piracy, there is no reason they'd enable any firmware features
that could hinder users from installing pirated Windows; and even if a future
version of Windows _requires_ Secure Boot, that would just be patched out
along with the activation checks. (That is, if China ever gets off Windows
XP!)

------
shmerl
If you can't disable "secure boot" \- you should return that piece of lock-in
trash and request a refund.

Lenovo are also infamous for refusing the refund the Windows tax (i.e. when
you want refund the price of Windows that came with computer pre-installed,
because you don't want to use it). Only taking them to court can help.

------
Const-me
I’m not defending Lenovo, I think they broke the law here and should fix their
UEFI firmware.

However, when you throw away your OEM windows, you’re essentially throwing
away money.

There’re good laptops that come with Linux or FreeDos preinstalled.

They mostly targeted towards enterprise market (who get their Windows through
volume licensing). But I find it’s a good thing: besides OS choice I usually
get upgradability, reliability, and reasonable prices (IMO companies are
better at tracking their expenses). For example, take a look at HP ProBook
series: they are good, include wide range of specs, and if you want to, you
can get one without Windows.

~~~
x1798DE
> However, when you throw away your OEM windows, you’re essentially throwing
> away money.

Can you actually get these *nix laptops for cheaper than their Windows
equivalents? I personally consider Windows these days to be just one more
piece of bloatware to remove, but I never got the impression that it added
much to the bottom line cost.

~~~
Const-me
Those aren’t exactly *nix laptops, those are enterprise-targeted laptops
without an OS.

And yes, models without Windows are typically cheaper, sometimes
significantly.

Consider ProBook 450 G3 X0P36ES versus T6Q45ET. They both have i5-6200U, 4GB
RAM, matte 15” FullHD, Intel GPU. The former has FreeDOS preinstalled and
costs €540, the latter includes Windows 7 Professional and costs €750.

~~~
speeder
I am from Brazil. When I was looking for a laptop in 2013, most non windows
laptops, even when compared to identical models that had windows, were usually
130usd more expensive...

I bought then an ASUS n46vm with win8, hoping to remove it and install
linux... never figured how to boot any os installer, even after disabling
secureboot even memtest86 refused to boot.

------
jlg23
I applaud the OP for pursuing this so far. I'd probably just have returned the
device, demanded my money back and bought something else.

------
JumpCrisscross
What is Lenovo's incentive for DRM'ing their bootloader?

~~~
iancarroll
Secure Boot is designed to prevent malware from tampering with the BIOS by
verifying bootloader (and sometimes kernel-mode driver) signatures.

In this case, it looks like Lenovo either accidentally or intentionally borked
the implementation of Secure Boot, because you are supposed to be able to turn
it off when using non-Microsoft operating systems.

FWIW, I believe Fedora supports Secure Boot by signing a static bootloader
("shim") that loads GRUB after checking its signature[0].

[0]
[http://mjg59.dreamwidth.org/12368.html](http://mjg59.dreamwidth.org/12368.html)

~~~
pdkl95
> loads GRUB

As your link mentions, that loader only loads signed kernels (with signed
modules).

edit:

> designed to prevent malware

That's the official story. Anybody familiar with Microsoft's history knows
they have been trying to lock down the wintel platform for a long time.
Creating a "Trusted Computing" environment specifically for DRM purposes has
been a goal since "Palladium".

~~~
pacaro
I thought twice about responding to this.

I worked on Palladium from very early days in 2002 through renaming to NGSCB
and the eventual shutdown/transition of the project to ship BitLocker in Vista

The team never saw DRM as being an interesting use case. Remember that the
Darknet paper [1] was written by the Palladium architects and product manager.
The team fully understood that DRM wasn't an effective use of a secure
computing environment.

The scenarios that we were interested in were more like credential management,
or being able to run remote sessions from a trusted space within an otherwise
untrusted machine, etc.

~~~
pdkl95
Interesting; I stand corrected. Thank you for responding!

------
tzs
Google seems to turn up numerous people having no trouble disabling Secure
Boot and installing Linux on that model computer. I wonder if the problem is
confined to particular sub-models or particular revisions of the BIOS?

~~~
speeder
I had a asus n46vm with the buggy behavior... but found noone else complaining
about it on Google.

Since it also had other quirks (usb 3.0 port never worked) it might be a
hardware defect interacting with the boot process.

------
kazinator
The appropriate course of action is to get a refund for the defective goods
and move on with your life.

