Apple Blocks Linux From Booting On New Hardware With T2 Security Chip (phoronix.com)

← Back to Stories (view on slashdot.org)

Apple Blocks Linux From Booting On New Hardware With T2 Security Chip (phoronix.com)

Posted by EditorDavid on Saturday November 10, 2018 @07:34AM from the walling-the-garden dept.

AmiMoJo writes: Apple's new-generation Macs come with a new so-called Apple T2 security chip that's supposed to provide a secure enclave co-processor responsible for powering a series of security features, including Touch ID. At the same time, this security chip enables the secure boot feature on Apple's computers, and by the looks of things, it's also responsible for a series of new restrictions that Linux users aren't going to like.

The issue seems to be that Apple has included security certificates for its own and Microsoft's operating systems (to allow running Windows via Bootcamp), but not for the certificate that was provided for systems such as Linux. Disabling Secure Boot can overcome this, but also disables access to the machine's internal storage, making installation of Linux impossible.

4 of 373 comments (clear)

Min score:

Reason:

Sort:

System76 by reanjr · 2018-11-10 07:53 · Score: 4, Informative

Don't fight uphill battles. System76 sells laptops with Linux pre-installed and so do many other vendors.
1. Re:System76 by Anonymous Coward · 2018-11-10 08:27 · Score: 5, Informative
  
  Don't fight uphill battles. System76 sells laptops with Linux pre-installed and so do many other vendors.
  And System76 neuters the Intel Management Engine, which is pretty awesome: https://blog.system76.com/post/168050597573/system76-me-firmware-updates-plan
Re: Annoying, but not a deal-breaker? by rl117 · 2018-11-10 09:34 · Score: 4, Informative

Actually, they did. They did exactly this on their ARM systems with UEFI. They will do it on x86 when the opportunity arises. It's only the potential for bad publicity and complaints that have kept it open up to this point. I would not assume any good intentions on the part of Microsoft; they hold the keys to the kingdom here, and the hardware is only open due to their choice.
No they don't! by thegarbz · 2018-11-10 13:45 · Score: 4, Informative

Not sure if this should be considered fake news or ignorance. What Apple have done is no different that any other device shipped with Secure Boot enabled by default, and it is just as configurable.
Simply boot into MacOS via recovery mode and from there you can use the Startup Security Utility to configure the boot requirements by selecting
a) only MacOS to boot,
b) any signed certificate such as Microsoft's UEFI certificate which is also used by some Linux SecureBoot systems, or
c) disable the check completely.
https://support.apple.com/en-u...