Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Blocks Linux From Booting On New Hardware With T2 Security Chip (phoronix.com)

Posted by EditorDavid on from the walling-the-garden dept.

AmiMoJo writes: Apple's new-generation Macs come with a new so-called Apple T2 security chip that's supposed to provide a secure enclave co-processor responsible for powering a series of security features, including Touch ID. At the same time, this security chip enables the secure boot feature on Apple's computers, and by the looks of things, it's also responsible for a series of new restrictions that Linux users aren't going to like.

The issue seems to be that Apple has included security certificates for its own and Microsoft's operating systems (to allow running Windows via Bootcamp), but not for the certificate that was provided for systems such as Linux. Disabling Secure Boot can overcome this, but also disables access to the machine's internal storage, making installation of Linux impossible.

9 of 373 comments (clear)

  1. System76 by reanjr · · Score: 4, Informative

    Don't fight uphill battles. System76 sells laptops with Linux pre-installed and so do many other vendors.

    1. Re:System76 by Anonymous Coward · · Score: 5, Informative

      Don't fight uphill battles. System76 sells laptops with Linux pre-installed and so do many other vendors.

      And System76 neuters the Intel Management Engine, which is pretty awesome: https://blog.system76.com/post/168050597573/system76-me-firmware-updates-plan

  2. Re:Go figure, its Apple by Anonymous Coward · · Score: 2, Informative

    Mac OS is already loosely based on Unix

    To nitpick, if you mean UNIX, technically macOS is registered as UNIX 03.

    https://www.opengroup.org/open...

    I assume by "loosely based" you were probably referring to Linux, more appropriately the GNU tools and what not that it contains.

  3. Re:Linux on a new Mac — why? by TheFakeTimCook · · Score: 2, Informative

    A Mac running X11/Linux is the only (legal) way to develop and test macOS and X11/Linux versions of one application on one machine.

    TFA lies one all of its major "Grievances"

    Here's the Apple Knowledge Base article on the Boot Assistant Utility:

    https://support.apple.com/en-u...

    Note that there are TWO "parameters" that can be adjusted.

    1. "Boot Protection". Note that this can be turned COMPLETELY OFF. No "Linux Block" Here.

    2. Whether to allow Booting from External Media. This is to guard against "Evil Maid" attacks. Notice that it, TOO, has a setting to ALLOW booting from an external drive, USB stick, SD card, etc.

    So, don't want to mess around with the SSD on your T2 equipped (or other Intel) Mac. Simply stick that Linux Install on a fast EXTERNAL drive, and use Apple's BUILT- IN BOOTLOADER to dal- boot Linux (or whichever) alternative OS. Where's the "Linux Block" NOW???

    3. There is also Disk Utility. I am not sure if you can partition the internal SSD to support different Filesystems in separate Partitions; but I would imagine that, if so, the internal SSD could be partitioned to accommodate a Linux Install, and turning off Secure Boot checking would allow you to Dual-boot Linux using Apple's longstanding BUILT-IN BOOTLOADER.

    Ah, yes, you can still have multiple partitions, each with a separate Format. I don't think Ext4 was ever supported as an option; but FAT and ExFAT are (as is HFS+), in addition to APFS.

    https://support.apple.com/guid...

    Try as you Haters might, your bullshit "objections" simply can't withstand the FACTS.

    Apple is not Microsoft, thank $Deity...

    Oh, and don't forget what you can do with Parallels, VMWare, etc...

  4. Why do you want Linux on a Mac? by Solandri · · Score: 1, Informative

    OS X is a modified version of BSD Unix. Just pop up a terminal in OS X and you have a good old Unix shell.

  5. Re:Linux Subsystem for Windows by TheFakeTimCook · · Score: 2, Informative

    Meanwhile Windows 10 not only allows Linux in the same machine it now let's me run pretty much all of my Linux dev tools in Windows, without emulation, side by side my Windows apps in one windowed shell.

    And, also Meanwhile...

    TFS LIES!

    https://liliputing.com/2018/11...

    https://www.omgubuntu.co.uk/20...

    BTW, editors and Slashtards, I found these references in 0.5 secs. of Googling.

    Nice work, fucktards!

  6. Re: Annoying, but not a deal-breaker? by rl117 · · Score: 4, Informative

    Actually, they did. They did exactly this on their ARM systems with UEFI. They will do it on x86 when the opportunity arises. It's only the potential for bad publicity and complaints that have kept it open up to this point. I would not assume any good intentions on the part of Microsoft; they hold the keys to the kingdom here, and the hardware is only open due to their choice.

  7. No they don't! by thegarbz · · Score: 4, Informative

    Not sure if this should be considered fake news or ignorance. What Apple have done is no different that any other device shipped with Secure Boot enabled by default, and it is just as configurable.

    Simply boot into MacOS via recovery mode and from there you can use the Startup Security Utility to configure the boot requirements by selecting
    a) only MacOS to boot,
    b) any signed certificate such as Microsoft's UEFI certificate which is also used by some Linux SecureBoot systems, or
    c) disable the check completely.

    https://support.apple.com/en-u...

  8. Re:Linux on a new Mac — why? by omnichad · · Score: 3, Informative

    The latest update on the article points here:
    https://unix.stackexchange.com...

    Linux is simply blocked from even seeing the SSD hardware by the T2 chip.