[rollcat]

From TFA:

> [...] the firmware defaults to not trusting bootloaders or drivers signed with the Microsoft 3rd Party UEFI CA key.

The whole point of secure boot was that there is a known set of "good actors" who are trusted by default, so that you can boot 1. Windows 2. common Linux distros - without any fuss, and 3. Any other system - with a few extra steps to prove you know what you're doing.

They've de-ranked the set #2 and threw it in the bag with #3, which doesn't really do much at all to improve security, but it does inconvenience and disincentivise the users from using a Linux distro on this hardware.

It's most likely an honest mistake, a sign of incompetence, or a dick move. Write them an angry letter and carry on.

[iso1631]

It's interesting as Thinkpads have always been a reliable laptop for linux users - I'm typing this on linux on a t470 (my previous t410 had given up the ghost), but I bought my first thinkpad back in 2000ish, with a pcmcia wireless card.

[letmeoknmmm]

Reliable Linux laptops in spite of Lenovo.

[dellIsBetter]

not

[Avamander]

> They've de-ranked the set #2 and threw it in the bag with #3, which doesn't really do much at all to improve security, but it does inconvenience and disincentivise the users from using a Linux distro on this hardware.

Well no, it's not Lenovo really, it's Microsoft and its Device Guard / Secured Core that has done so. You can disable that just as easily as you can boot from an USB stick.