Time for my copy-pasta on why no one should own CCP Lenovo products.
--
Seeing as how I recently spent the time digging up some of my sources and the logic behind my criticisms of Lenovo -- I thought I would post that in this thread.

---

[1] ThinkPad is Lenovo.

[2] Lenovo's HQ is Beijing China.

• [3] Lenovo has a history being shady AF
  
  [4] Remote installing Software via UEFI bypassing the OS and issues with [5] preinstalled viruses in some cases in the past.
  
  In no particular order:
• https://money.cnn.com/2015/02/19/tec...ish/index.html
• https://www.pcworld.com/article/3122...evildoing.html
• https://thehackernews.com/2015/09/le...top-virus.html
• https://yro.slashdot.org/story/17/09...perfish-adware
• https://thehackernews.com/2015/08/le...t-malware.html
• https://www.forbes.com/sites/thomasb...h=3a39cfc43877
• https://thehackernews.com/2015/08/le...t-malware.html
• https://www.tomsguide.com/us/how-to-...ews-21456.html
• https://www.bbc.com/news/technology-37431299

---

[6] The golden days of ThinkPad being IBM are long gone.

---

https://thehackernews.com/2015/08/le...t-malware.html

Two years ago Chinese firm Lenovo got banned from supplying equipment for networks of the intelligence and defense services various countries due to hacking and spying concerns.
Earlier this year, Lenovo was caught red-handed for selling laptops pre-installed with Superfish malware.
One of the most popular Chinese computer manufacturers 'Lenovo' has been caught once again using a hidden Windows feature to preinstall unwanted and unremovable rootkit software on certain Lenovo laptop and desktop systems it sells.
The feature is known as "Lenovo Service Engine" (LSE) – a piece of code presents into the firmware on the computer's motherboard.
If Windows is installed, the LSE automatically downloads and installs Lenovo's own software during boot time before the Microsoft operating system is launched, overwriting Windows operating system files.
More worrisome part of the feature is that it injects software that updates drivers, firmware, and other pre-installed apps onto Windows machine – even if you wiped the system clean.
So even if you uninstall or delete the Lenovo's own software programs, the LSE hidden in the firmware will automatically bring them back as soon as you power-on or reboot your machine.
Users at a number of online forums are criticizing Lenovo for this move and suspecting that the Chinese computer maker has installed a "bootkit" that survives a full system wipe-and-reinstall.
The issue was first discovered and reported by users back in May when using new Lenovo laptops but was widely reported Tuesday.

---

https://www.forbes.com/sites/thomasb...h=7924f0b03877

---

[7] NO Chinese Companies are independent from the CCP Government. They are required to be "Partners" and have a Comittee that pushes political & government interests
https://www.theguardian.com/world/20...erprise-huawei

The relationship between the party and private sector companies is, up to a point, flexible – certainly more so than with

---

[8] Companies in China are required to have a CCP Party Comittee that has a role in decision making
https://thediplomat.com/2019/12/poli...ty-committees/

A Party Committee is formed by a group of

---

[9] Orgizations in the West are independent organisms, orginizations in China are part of the CCP Government

https://www.theguardian.com/world/20...erprise-huawei

International governments have noted Xi’s interventionist instincts with alarm. When US officials were pressed in early 2019 to provide evidence that Huawei, the Chinese telecommunications giant, had facilitated spying on the US and its allies, they pointed out that Beijing had already made their case for them:

An announcement on a ThinkPad WMI BIOS interface turns into an episode of Alias. Honestly I would rather watch Jennifer Garner than read all of this security posturing.

Very few people in the world have any data worth taking anyway. All this posturing is simply another attempt to make one self-important.

99.999999% of most people's data are backups of photos from the last family vacation. If the CCP wants to look at millions of baby photos at the beach, so what?

Yes. Because the vbulletin filter is ass, and who knows how long if ever it will take Michael to unblock my post you can read my analysis here:

I think you're twisting the facts here a bit. The US, and any country for that matter, doesn't like having its critical infrastructure (5G, telephony) infiltrated by hostile foreign powers such as the Chinese government. It also doesn't like bugs equipped with microphones, cameras and modems being distributed among its own citizens, devices that it has absolutely no control over. That's an obvious security threat. You've discarded all these concerns to bash the US for making moves that protect its national security.

Do you mean Communism? You know, because its religious devotees are always committing genocide.

Great. Now if only Lenovo would allow me to configure good ThinkPad models again. They seem to only want to sell me crap currently.

Then how would you update the BIOS?

Besides most OS ignores most of the BIOS anyway once the OS is bootstrapped.

A whole load of garbage and sinophobia disguised as a 'public service announcement'.

Superfish is an American software product and was installed in many OEM computers, not just Lenovo's. The root certs were all signed by American CAs. So an Chinese company installing an American software product with American root CAs is in bed with the CPC for sending data to American servers managed by an American software company.

And while China codifies the cooperation of private companies with law enforcement in the law books, American intelligence just backdoor and take it while completely ignoring American law institutions and process.

And yet it's perfectly fine for the US to sell backdoored products all over the world and insist on American-backdoored products as a requisite for cooperation. It's also perfectly fine for the US government to make the ludicrous order that countries using Huawei gear that has not been proven to be backdoored will be blacklisted, but it reserves the right to retaliate against countries who refuse to use American equipment that have been exposed by Snowden as being compromised.

Not once has a Chinese critical infrastructure product been definitively and officially proven to be backdoored, while there are loads of actual real-world evidence of the Americans backdooring their products and planting them into foreign governments. If one Snowden isn't enough, perhaps the world should have a Snowden#2 moment to expose to the world just how morally bankrupt the US imperialism machine is.

Yes. Or IPMI controllers.

That's about the only upside of it, IMO.

You are correct in that very few people have anything worth stealing. But that does not mean that anyone - even those people with "nothing worth stealing" should be willfully careless or ignorant.

A brief example: while I know that I, myself, was not being targeted, a few years ago systems I maintained, and had responsibility for, suffered hundreds of daily attempts to break in (my sshd logs each morning made for interesting reading!) from a variety of locations. Those machines contained confidential information. Having them broken into would have been much more than a "so what?" moment. If those active on the Phoronix forums "posture" about security, given the technical nature of the site, I would take that to indicate that they may now, or have been in the past, in positions in which security concerns were part of their job.

But of course, bread and circuses. Enjoy your entertainment.

Well, other than the fact that modern BIOSes/UEFIs can be updated from a menu entry inside them, I will presume your question revolves around the idea of setting them read only. It's quite easy: you would manually adjust the jumper to permit writing to the BIOS when you want to update it, update it, and set the jumper back to read only. Actual settings could either be stored in a very small writable area (not ideal, but easier) or settings would be adjusted when the BIOS was writable. This means that people who want to have easy access to flashing their BIOS or changing settings can do so - while those who dislike the idea of potentially having a next-to-impossible-to-detect-or-remove virus getting in can be more circumspect.

That is a completely different matter, but it's still troublesome.

He probably means flashing it into a newer version. And even then, there are lots of methods available then and now.

Much further back, it was common for board vendors and computer vendors provide the BIOS update package and publish instructions on how to put the update package into a boot floppy.

Then, during the height of Windows' dominance of the mainstream desktop and laptop OS, vendors provided the upgrade package as an exe to be run within Windows. This was annoying, but there is a clear difference between upgrading the BIOS from within an OS and modifying the BIOS's settings from within an OS.

Now, we have options within the UEFI itself that allow for automatic download of the update package directly from the vendor's servers if the computer is connected to the internet at boot. And even then, it is common for vendors today to allow offline upgrading by provide the firmware update package with instructions on how to create a bootable USB.

While I support the idea of having better co-op between hardware manuf. / vendors and the FOSS/Linux world, I wonder if it is a good thing to expose all sorts of BIOS settings to the OS. I mean, UEFI is crap, we know, but there were cases where variables could be set from within the OS (according to UEFI specs) but then the machine bricked (and had no failsafe dafault fallback!).