It makes me sad to think that first a group of engineers spend time writings this complex system of checksums, partially encrypted firmware images, proprietary challenge-response handshake and communications with the battery so that another hacker must spend days to allow himself to make a fix as simple as replacing the battery in his own laptop. Is this because of fear? Money? Greed? All three? How much money does Lenovo make out of Lenovo batteries to make this all this extra complexity worth its salt in the first place? Consider that maintaining all that complexity is a recurring cost: it's not just writing the authentication scheme but making sure it works for each future firmware release.
I haven't let go of the 80's and I still think if you buy a car, phone, laptop, compact disc or a video disc, then it's yours because you paid for it in your own money. From that standpoint it's simply inexcusable for manufacturers to try to re-own parts of a device they've already sold to someone.
If a battery works with the laptop, it's guaranteed to be a tested compatible one. Quickly slapping up a counterfeit and selling it as a brand-name thing won't work.
A battery ua a critical device, prone to fires or blasts if made improperly. One such incident would significantly tarnish the brand. Thus the over-reaction.
I wish there wad an open spec for certified batteries, to allow for third-party fixes and replacements, though.
Agreed. As we've seen from. The USB typeC stuff, seriously screwing power cables and batteries is really bad.
If you put a crap SD card in a laptop it might be the wrong size. If you put a bad counterfit battery in and it explodes and permanently disfigures someone you've got a PR nightmare before people have figured out the real reason.
Especially today when a single tweet can spark that PR nightmare and social media sites will take a title and run with it without ever doing any fact checking.
If i were lenovo, i'd be doing the same exact thing, and i'm honestly surprised we don't see more of this stuff in things like cables, chargers, etc...
By applying this logic a computer manufacturer should not allow any non certified OS to run on their machines.
Writing this on a ThinkPad running Linux. If this comes true I will stop buying Lenovo products. Until today I continue buying ThinkPads because their Linux support is among the best - and for the trackpoint and a good keyboard. But I definitely do not like how they behave lately.
I am watching very closely for alternatives, every time I or any of people I know need to buy a new computer.
As soon as the brand security will become more important as the requirements of their customers I will jump off the brand. A brand without customers is not worth anything.
There was a thread[1] recently in which a Linux (specifically systemd) bug was capable of bricking motherboards. ACPI bugs can cause overheating, failure to enter sleep mode, etc. In a perfect world of open source firmware this wouldn't be an issue, but until then the cover-your-ass behavior makes sense.
Does the cost of replacing a few bricked machines outweigh the reputation cost? Probably not, but it's easy to understand the liability issues that arise from non certified OS's.
The way I see it the firmware has been implemented incorrectly - I don't think there's anything in the spec but shouldn't clearing all values == a reset to default, not a non-booting device?
> One such incident would significantly tarnish the brand.
Ahem, as if there were no reported cases of genuine Apple/Dell/HP/Sony/... batteries catching fire. Seems all those significantly tarnished brands are doing quite fine.
A user could put a Lo Pan Six Demon Bag battery in their laptop and then it bursts into flames. The user is going to complain that their Lenovo laptop burst into flames. Everyone else is going to parrot that statement because almost no one looks into anything anymore. Once someone does dig into it and find out that it was actually the shoddy Lo Pan battery, its too late. "Lenovo" and "third degree burns" has been plastered all over the Internet and good luck finding Lo Pan to hold him accountable.
Every news outlet that prints the article about a Lenovo laptop catching fire isn't going to check to see if that is a Lenovo battery in it.
And then the user will sue Lenovo because Lenovo didn't tell him he couldn't put a Lenovo battery in it. Even though that has nothing to do with it, it will still cost Lenovo possibly millions in legal defense costs, unless they opt to settle out of court, and anyone who doesn't bother to learn the truth will simply conclude that Lenovo laptops are dangerous because one caught on fire.
It's the same reason McDonald's coffee cups now say "Caution: Contents Hot" on them.
Even if they came through it unscathed, it still must've been a PR nightmare for them at the time. Sometimes things like that stick in the public mind, sometimes they don't. Sometimes the media can make these types of stories much bigger than they actually are, and sometimes the media ignores stories that ought to be much bigger.
You probably know people who are convinced MSG is bad for you, decades after the anti-MSG scare. The MSG scare could've been a tempest in a teapot that blew over immediately. Instead it lingers on decades later, more from the currents and tides of random crowd behavior than anything else. Ditto for scares surrounding pop rocks, vaccines, gluten, witchcraft, marijuana, fluoride, Dungeons and Dragons, Satanism, mind control via backmasking, UFOs, all sorts of things.
Lingering public perception is (very) loosely correlated with media perception, which is (very) loosely correlated with reality, and you can't predict which falsehoods will linger in the public imagination (snopes.com wouldn't have anything to write about otherwise!).
Apple iPhone chargers are not inherently unstable and only kept from bursting into flames while charging by the circuitry attached to them.
A lithium ion battery is prone to a runaway thermal reaction if you charge it or discharge it too fast or too far. [1][2] Circuitry in the charger and usually directly attached to the cells in the battery permanently break the circuit if the battery voltage or current exceeds a pre-set range.
This is not like the Keurig k-cup DRM where they are 'ensuring quality' by forcing usage of Keurig-only supplies. This is a life safety and brand protection issue that an improperly built battery can jeopardize both. The consequences are not a bad cup of coffee.
It makes me sad too. I've been through 4 thinkpads (x23,x60,x201i). They all work fine with 3rd party batteries although the more recent ones give a warning message. I think this is probably the end of buying Lenovo for me.
The option of replacing the cells in a genuine battery may be worth considering as an alternative to modifying the EC firmware, the advantage being is that you can choose your own high quality Li-Ion cells versus whatever you might happen to get in a replacement battery.
I suppose the whole "safety culture" around lithium cells in laptops has yet to change, but high-quality 18650 cells have been available on the open market for several years now, with all the accompanying products that use them (torches, vapes, power banks, etc.) The general public handling bare lion cells has increased significantly, whereas the amount of incidents related to cells catching fire etc. doesn't seem to have increased correspondingly. The majority seem to be from lipo "pouch cells" which are definitely far more fragile and less resistant to abuse. (They're also higher density = more energy to cause excitement when things go wrong, this is the type that's been causing the hoverboard fires.) 18650s are more robust and it's hard to cause a fire unless they're seriously abused (e.g. severe overcharge or physical damage.)
Given that you can buy empty power banks and add your own cells like this...
...it's odd that I haven't found similar battery cases for laptops. (Or maybe they do exist and I'm just using the wrong keywords. If they do, please say so; that seems like a great product to have.)
The general public handling bare lion cells has increased significantly, whereas the amount of incidents related to cells catching fire etc. doesn't seem to have increased correspondingly.
This may in part be due to certification and testing methodologies [0] for battery packs. The issue is that not all cells/battery packs go through this testing, so unless the batteries have been appropriately certified, there are restrictions on the handling and transportation of these batteries (for example non UN 38.3-rated cells are not allowed on planes [1]).
CE manufacturers test and certify the batteries in their products ([2], [3], [4] for example) which is why Amazon can ship them by air and passengers can carry them on planes. The issue is that 3rd party batteries may be uncertified and possibly unsafe. Lenovo doesn't want to take responsibility for an uncertified battery in one of their laptops downing an airliner [5] so they disallow the use of batteries they haven't certified. I doubt this is a nefarious scheme and more about potential liability.
(at my company we use lithium-ion battery packs for our field equipment and had to become very familiar with these issues when IATA promulgated their lithium/lithium-ion battery pack shipping rules a couple of years ago.
> The same Lenovo people are recommending everywhere?
Lenovo laptops used to be awesome. I'm typing this on a T410 and I'd still recommend an old Lenovo laptop for lots of purposes. I've heard mostly bad things about their newer offerings.
These are Thinkpads. I recently bought a non-Thinkpad Lenovo (y50-70 gaming laptop) and it's a piece of crap. The keyboard and touchpad are mediocre, fans are pretty loud under load, the numlock key has fallen off (!), and it sometimes just powers off for no reason. It costs 40% of what a comparable MacBook Pro would cost, but it is unfortuantely reflected in quality.
The new lenovo thinkpads are nearly as bad. I'm an x series user, the last model with a good keyboard for programming was the x220.
From the x230 onwards they have stupid chicklet keys, no visual representation of caps lock or numlock, bad trackpads, and 'modal' function keys - (visually represesented with LEDs of course). Abandoning traditional insert/delete/home/end/pgup/pgdn layout.
Superfish on thinkpads, this battery thing, this bios thing:
I really don't mind the keyboard on my X230. Then again, I don't see the point of caps lock or trackpads. The layout is a bit annoying when I switch back and forth to a T61, but that's due to the difference rather than inherent superiority. If the keyboard dies, I will obviously consider replacing it with an X220 keyboard but nothing makes me want to do that preemptively.
The plastic case seems a bit flimsy, but so far hasn't broken. And obviously having a shortscreen sucks, but I accepted that tradeoff for the LED backlight and better specs.
In no uncertain terms I absolutely detest the x230 keyboard. I am none too happy about the location of Insert on the x220.
It is like using a cheap acer/toshiba laptop from Argos. A common question I have using them is 'where have the HW UX geniuses decided to put this button I want to use?'.
Cheap laptops are fine by me, but that's not what I want from a thinkpad.
The fact that there is a difference at all is the inherent superiority, a standard layout that stood the test of time and changed for the sake of saving a few pennies.
The fact that you would consider replacing it if it dies with an x220 keyboard (thanks for the info I didn't know that was possible) shows that you do mind it to a small extent.
Also in addition to my prior whining about lenovo, their customer support and returns policy is nowhere near as good as IBM's was. A friend was sent the wrong laptop and after returning it & huge delays lenovo failed to source the correct laptop. He bought a dell.
Richard Sapper, the German industrial designer who orchestrated the look of the iconic laptop for IBM, died 83 years old. I'm blaming lenovo, he's probably spinning in his grave.
The keyboard is a very common complaint, so I just figured I'd throw in my two cents of not actually hating the chiclet-style keys. Because I was unsure before I bought it, and ended up not actually minding the different keycaps.
PgUp/PgDn are more my problem when switching back and forth to the T61, but I would probably fix that by remapping the T61. I don't see how Insert is that different between the two, but I'm not so picky with specific positioning because I don't "home row".
Don't worry, I'm also bitter about the erosion of Thinkpad - just not so much about the keyboard. The 1.75 inches of missing vertical screen real estate is a much bigger annoyance.
Not sure what you're asking but I have a Lenovo y40-80. Compared to a macbook its $1,200 cheaper and has better specs (except the non-4k display and battery). Not to say I'd rather not have a mac, if I could afford one I would've gotten a mac for sure.
Comparable in terms of specs. On paper, this machine looks almost as good as the discrete GPU MBP - the only major difference is worse battery life. In practice, it's worlds apart.
Seconded. I've owned several Lenovos since my beloved L520, and I probably won't be buying another.
The L520 was the last I've owned that I'd describe as excellent; the others have been disappointing in various ways, especially the L530 that just fell apart in a little over a year of the same level of use that my L520 handled without issue.
Considering the damage a 3rd party battery can potentially cause, I can see where Lenovo is coming from.
Of course there's also the aspect of securing margins on accessories, but there's also the aspect of making sure people's machines don't go up in flames or fail in ways that might trigger expensive repairs (which Lenovo will have to pay for if the device is still in warranty)
Lenovo would only have to cover the repair if you had the incidental damage coverage - last I checked, they're pretty sticky about not covering things that aren't manufacturer defect unless you have it.
As other people have said, fire or blast damage from the battery would be a sign, but they don't even necessarily have to prove it's from the battery to not cover it under warranty, just that it wasn't an inherent manufacturing defect.
They sometimes do, but then it's obvious that the laptop has been damaged by battery so the user would better show remnants of a genuine one before asking for warranty replacement.
This was the case with non-Apple iPhone chargers that damaged the iPhones. I've seen it on TV in France. I would reckon that it strengthened the Apple brand, because since then more users were afraid to buy non-Apple accessories. However it didn't make Apple move to change their interface to a standard USB like other vendors have.
Not batteries, but Apple has had problems with third party chargers in the past.
The initial reports often do not say whether a third party charger/accessory is used and just says things like "Chinese flight attendant electrocuted after picking up charging iPhone 5", which is not a good look for Apple.
Vendors shouldn't be liable for actions of users. And if they are doing this out of well-meant concern for user safety, I suppose this warning screen during bootup would suffice.
I would like to know if there are some actual regulations/litigations which forced them or if it's just another money grab like this SuperFish adware.
The problem is that, in a lot of cases, there's little QC on the third-party batteries, or even necessarily ways to validate the battery, since they're all just going to be using one of a handful of "copied" chips.
Then you get into fun with who's liable if a battery explodes - many of these vendors don't really have much concrete existence, and good luck with a "warranty".
Source: tried playing hard and fast with batteries a few times, including helping someone solder his own cells into a dead first-party battery.
Well, the big TrackPoint patents are going to be expiring before too long so maybe someone else will be able to make good laptops for use without the touch pad?
If you want a cheaper battery wouldn't it be simpler and safer to replace the cells in an old Lenovo battery than to buy one of these dubious copies? That way the charge electronics are all correct and you can also control that the cells are good quality. There are even places that will do that for you if you're worried about poor soldering or other issues with doing this kind of swap.
>wouldn't it be simpler and safer to replace the cells
Dunno about safe but I've bought maybe 5 unofficial replacement li ion batteries for thinkpads, 2 for the iphone and will probably get one for my macbook. It takes about 1 min - go on ebay click buy, arrives in the post. It's hard to get much simpler than that until this recent lock down stuff. I've had no problems except the cheap knock offs don't generally last quite as long as the originals did when new.
The monitoring circuits in some batteries will permanently disable them if the cells are disconnected, and need a special programmer to reset them the way they came from the factory.
Nice article, that was a really enjoyable read. But one of the things that stuck out to me was:
> The last four bytes of the EC firmware image clearly appeared to be a checksum, and there were some other locations that consistently varied as well. I guessed (correctly) that if I programmed an image with the wrong checksums the EC would fail to boot and I would have a brick on my hands, so trial and error was not a very good option.
I was under the impression that the checksum is validated before flashing? Isn't that the primary purpose of checksums in ROM images?
It's not possible to verify the checksum before flashing in this scheme. The EC is the only device that can calculate the checksum (1), and its RAM is probably smaller than its Flash. So there isn't enough RAM to receive the entire update, checksum, and then flash. It needs to stream to flash. So the checksum is either checked after flashing, after which it's too late to go back, or it's checked by the EC during boot, which is again too late.
There are better ways of doing this, but based on the article it seems the EC didn't implement them.
(1) We know this because the checksums are calculated on the decrypted image, and only the EC has the keys to decrypt the image.
Well this is very interesting- I had no idea there was a BMC-like embedded controller for laptops. There is a standard way to update the BMC firmware: "ipmitool hpm upgrade". Also sometimes the server will have a JTAG header or even a socket for the flash chip.
I haven't let go of the 80's and I still think if you buy a car, phone, laptop, compact disc or a video disc, then it's yours because you paid for it in your own money. From that standpoint it's simply inexcusable for manufacturers to try to re-own parts of a device they've already sold to someone.