Apple Blocks Linux From Booting On New Hardware With T2 Security Chip (phoronix.com)
AmiMoJo writes:
Apple's new-generation Macs come with a new so-called Apple T2 security chip that's supposed to provide a secure enclave co-processor responsible for powering a series of security features, including Touch ID. At the same time, this security chip enables the secure boot feature on Apple's computers, and by the looks of things, it's also responsible for a series of new restrictions that Linux users aren't going to like.
The issue seems to be that Apple has included security certificates for its own and Microsoft's operating systems (to allow running Windows via Bootcamp), but not for the certificate that was provided for systems such as Linux. Disabling Secure Boot can overcome this, but also disables access to the machine's internal storage, making installation of Linux impossible.
The issue seems to be that Apple has included security certificates for its own and Microsoft's operating systems (to allow running Windows via Bootcamp), but not for the certificate that was provided for systems such as Linux. Disabling Secure Boot can overcome this, but also disables access to the machine's internal storage, making installation of Linux impossible.
Meanwhile Windows 10 not only allows Linux in the same machine it now let's me run pretty much all of my Linux dev tools in Windows, without emulation, side by side my Windows apps in one windowed shell.
So your "5 years" has suddenly turned into a decade.
That's still not enough. My current machine is a thinkpad W510 which is comfortably getting on towards 9 years old. It's got 16G of RAM which is still more than most midrange laptops ship with and what many laptops still max out at. If it starts feeling a bit spare, then I'll upgrade it to the maximum which is now 32G with modern DIMMS. It's got plenty of SSD too.
I doubt this laptop will be ready for retirement in a year and a half, even without any additional upgrades.
You might argue that Lenovo don't support it any more. Sure, but unlike Apple, they went to some effort to let others do so; ubuntu was an officially supported OS for this machine, and it's built with quality, standard parts. I strongly suspect it would run Windows 10 fine too. They've essentially ensured it will be supported for a very, very long time.
SJW n. One who posts facts.
This has a double-edged sword though. The bad is when Apple stops supporting this machine, you can't just slap Ubuntu on it and continue using it, but you get to choose between keeping using an obsolete OS with security issues, going with Windows, or chucking the machine entirely.
I personally have tested this. At first, I set the security level to "none", booted Ubuntu, because I do a blkdiscard on the SSD to ensure that there is absolutely nothing on the drive before I install macOS. Lo and behold no drives, not via NVMe, not SATA.
I hope this is just an oversight. I would be surprised and extremely diappointed if Apple actually did not want Linux to run on their product by actively barring the UEFI shim needed to load RedHat, Ubuntu, and others.
As of now, using virtualization software is a solution, although Parallels is "meh" at best, VirtualBox has gotchas, so your best bet is VMWare Fusion Pro, which isn't cheap, but well worth it.