Apple Blocks Linux From Booting On New Hardware With T2 Security Chip

AmiMoJo writes: Apple's new-generation Macs come with a new so-called Apple T2 security chip that's supposed to provide a secure enclave co-processor responsible for powering a series of security features, including Touch ID. At the same time, this security chip enables the secure boot feature on Apple's computers, and by the looks of things, it's also responsible for a series of new restrictions that Linux users aren't going to like.

The issue seems to be that Apple has included security certificates for its own and Microsoft's operating systems (to allow running Windows via Bootcamp), but not for the certificate that was provided for systems such as Linux. Disabling Secure Boot can overcome this, but also disables access to the machine's internal storage, making installation of Linux impossible.

Re:System76

Don't fight uphill battles. System76 sells laptops with Linux pre-installed and so do many other vendors.

And System76 neuters the Intel Management Engine, which is pretty awesome: https://blog.system76.com/post/168050597573/system76-me-firmware-updates-plan

Re:Linux on a new Mac — why?

[Crash+Dummy+Redux]

When your Mac can no longer run the latest and greatest version of Mac OS, you can install Linux to keep using it after you get a new Mac. Now it can only be used as a paperweight.

Re:Linux on a new Mac — why?

[Kjella]

Seems like the most expensive way to get a Linux system. There have to be at least a dozen better choices for less money.

That's not really the point. If Apple is allowed to make x86 hardware that won't run Linux, I bet Microsoft will "align" their policy to allow it and do the same to their Surface line. Then the OEMs will follow. And then System76 and other niche players is your only choice. Considering they explicitly mention the Linux signing key this is not an accident, it's probably a trial balloon from Apple to see what happens if they ship Macs that don't run Linux ahead of a migration to ARM. Since Windows on ARM doesn't make much sense, they're setting up a play where the new Macs only runs Apple's OS and nothing else.

Remember the PC as an open platform is something of an historical accident based on the naivety of IBM. Microsoft introduced the lock down capability with Secure Boot, but couldn't go through with it due to public outcry. They did try to lock it down with WinRT, except it flopped. Apple did lock down the mobile side with iOS and would like to do it on Macs. It's only dual-booting Mac and Linux users who'd like the status quo preserved. Don't assume that it'll transfer to any new "class" of desktop and don't assume it won't happen. The desktop is ripe for a major cataclysm like what iPhone/Android did to the mobile market.

Denying a user's software freedom is unjust.

[jbn-o]

You're missing the point: Users deserve full control over their own computers. The user should decide what OSes they want to run. Treating users unethically by denying their software freedom is unjust. There are also ecological consequences others will no doubt get into which in the large affect us all. The amount of money spent on the computer is a very minor point at best.