Report that ThinkPad Z series can only boot Windows by default and cannot boot Linux

At the world's largest consumer electronics trade fair, CES 2022 , held in January 2022, Lenovo unveiled the ThinkPad Z series to commemorate the 30th anniversary of ThinkPad. Linux developer Matthew Garrett reports that the ThinkPad Z series only allowed Windows to boot, but Linux did not.

mjg59 | Lenovo shipping new laptops that only boot Windows by default
https://mjg59.dreamwidth.org/59931.html

ThinkPad is a series of notebook PCs for business that was originally released by IBM's PC division in 1992. The ThinkPad is a series in which IBM, a typewriter maker, was particular about the keyboard, which is the input interface, and featured a black body and a red pointing device. In 2004, IBM's PC division was acquired by Lenovo, and the ThinkPad brand was transferred to Lenovo as it was, but the series continues at the time of writing the article.

ThinkPad Z is a model commemorating the 30th anniversary of ThinkPad, and is positioned as a product for high-end users of the ThinkPad series. AMD Ryzen PRO 6000 series is adopted as CPU, and it has a built-in security processor compatible with Microsoft Pluton .

Mr. Garrett said that he purchased the ThinkPad Z13 Gen 1 equipped with a 13.3-inch liquid crystal display in order to investigate the implementation status of the security processor compatible with this Microsoft Pluton. However, when I tried to boot Linux installed on a USB memory, it seemed to fail for some reason.

After investigating the reason for the failure, it was found that the ThinkPad Z13 Gen 1 does not trust the boot loader or driver signed by 'Third Party UEFI Certification Authority (CA)' by default. This means that the default firmware configuration will not boot anything other than Windows. Also, it seems that it could not be booted from a third-party external peripheral device connected via Thunderbolt.

By default, Garrett says that running an OS boot loader signed by a third-party UEFI CA will change the value of the TPM's Platform Configuration Register (PCR) depending on the Windows Pluton specification, so the third-party UEFI CA will default. Pointed out that the boot loader would not load because it was considered an unreliable system. We are calling on Lenovo to fix the problem so that it can boot an alternative OS such as Linux by default.