Apple's New Hardware with the T2 Security Chip Will Currently Block Linux from Booting

Discussion in 'HardForum Tech News' started by Megalith, Nov 11, 2018.

  1. Megalith

    Megalith 24-bit/48kHz Staff Member

    Messages:
    13,004
    Joined:
    Aug 20, 2006
    Phoronix is reporting that Linux will not boot on any Apple device that utilizes the T2 security chip. Due to the lack of a certificate, only macOS and Windows 10 are supported at this time. Linux will not install even if the Security Boot functionality is disabled.

    Apple's T2 security chip being embedded into their newest products provides a secure enclave, APFS storage encryption, UEFI Secure Boot validation, Touch ID handling, a hardware microphone disconnect on lid close, and other security tasks. The T2 restricts the boot process quite a bit and verifies each step of the process using crypto keys signed by Apple.
     
  2. Probleminfected

    Probleminfected [H]ard|Gawd

    Messages:
    1,372
    Joined:
    Dec 20, 2013
  3. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,640
    Joined:
    Oct 29, 2000
    I'm bothered by this in principle, but it doesn't affect me as I was never going to buy Apple hardware anyway.

    IMHO, I think it should be illegal to lock boot loaders on any device. Once you buy a device it is yours, and you should have the freedom to rub whatever operating system or software on it you please.
     
    Monkey34, SvenBent, DrezKill and 9 others like this.
  4. velusip

    velusip [H]ard|Gawd

    Messages:
    1,577
    Joined:
    Jan 24, 2005
    The freedom to do as you wish is an important sentiment, but a sarcastic "good luck" is the reality. Don't buy into flawed designs in the first place. Just because we throw money at a product doesn't grant us any power to dictate how it should function. While locked bootloaders are annoying, it's been a common practice for a very long time -- especially in the video game console arena.
     
  5. jojo69

    jojo69 [H]ardForum Junkie

    Messages:
    10,401
    Joined:
    Sep 13, 2009
  6. PenGunn

    PenGunn Limp Gawd

    Messages:
    349
    Joined:
    May 30, 2013
    Who in their right mind would chose a modern Apple machine to put anything on, let alone Lunix the Good? So no problem here. ;)
     
  7. spintroniX

    spintroniX Gawd

    Messages:
    957
    Joined:
    Apr 7, 2009
    If you were into dual booting Linux/MacOS anyway, why wouldn't you just go the extra step and make a Hackintosh? I've thought about doing it just to get a feeling for how MacOS works; sure as hell not going to shell out a few grand just to tinker with an OS.
     
  8. Jagger100

    Jagger100 [H]ardness Supreme

    Messages:
    7,506
    Joined:
    Oct 31, 2004
    Do you think Wintel is far behind.
     
  9. PenGunn

    PenGunn Limp Gawd

    Messages:
    349
    Joined:
    May 30, 2013
    I put one together quite a while ago. As a longtime user of the Slackware Lunix Disturbation it was such a step down, and really a dog's breakfast of *nix and whatever the hell the rest is. It got deleted rather quickly.
     
    spintroniX likes this.
  10. Jagger100

    Jagger100 [H]ardness Supreme

    Messages:
    7,506
    Joined:
    Oct 31, 2004
    LOL.
     
    Red Falcon likes this.
  11. PenGunn

    PenGunn Limp Gawd

    Messages:
    349
    Joined:
    May 30, 2013
    No its just that Mac hardware is so crappy. I can build, and will soon, a nicer machine, for much less.
     
  12. vegeta535

    vegeta535 2[H]4U

    Messages:
    3,335
    Joined:
    Jul 19, 2013
    As far as I am concerned you should be able to do what ever you want want with the stuff you buy but it should void your warranty. No company should be responsible to repair/replace something you bricked. If they do cool but shouldn't be expected.
     
    SticKx911, auntjemima and velusip like this.
  13. BloodyIron

    BloodyIron 2[H]4U

    Messages:
    3,440
    Joined:
    Jul 11, 2005
    You know this is going to actually upset a whole lot of developers that run Ubuntu on Apple gear. Not joking, this is them shitting on their clients.
     
  14. ryamkajr

    ryamkajr n00b

    Messages:
    33
    Joined:
    May 17, 2010
    Actually it IS very much on Apple. They are taking the permission away.
     
  15. naib

    naib [H]ard|Gawd

    Messages:
    1,270
    Joined:
    Jul 26, 2013
    #1 if I buy something I expect to be able to use it
    #2 "modern" very quickly becomes old and people soon find the latest and greatest update of Windows/OSX locks them out of what they thought was decent hardware. They either shell out to keep the upgrade cycle alive OR re-purpose it. This is the area that linux is 2nd to none but we are now entering a era what what you buy isn't yours. It will be bypassed somehow but this is a dick move


    header.png
    1.png
    2.png
    3.png
    4.png

    http://theoatmeal.com/comics/apple
     
    defaultluser, tjmagneto, c3k and 7 others like this.
  16. PenGunn

    PenGunn Limp Gawd

    Messages:
    349
    Joined:
    May 30, 2013
    There is something fundamentally funny about running Ubuntu on a Mac. ;) "It just works". mWhahaha
     
  17. motomonkey

    motomonkey [H]ard|Gawd

    Messages:
    1,457
    Joined:
    Jan 17, 2009
    No, they are attempting to make the device more secure, does anyone really think Apple gives a shit if someone boots Linux or not?

    If Apple was attempting to lock down the platform, then Windows would not boot either. If the Linux community would pull it's head out of it's ass and pull the sled in one direction, they would have a security certificate that would allow Linux to boot with the T2 chip.
     
    DocNo likes this.
  18. steakman1971

    steakman1971 2[H]4U

    Messages:
    2,433
    Joined:
    Nov 22, 2005
    Apple could care less if their devices boot Linux. I'm going to theorize (aka make some numbers up) - but the majority of people that buy a Mac will have no interest in putting Linux on it in the first place.

    Should they have the right to do so? I think the answer is yes, it's your device once you buy it. If Apple stops supporting your device, perhaps a Linux distro will keep your hardware going.

    I use a Mac for work and have to say it is a great development platform. I use Parallels to run Windows 10 (Visual Studio plus other software I use for Windows). Xcode is a nice dev platform for iOS. Android Studio works find on Mac. I spend the a lot of my day with Terminal (shell).
    I also have Docker for my Linux needs (MySQL, PHP, etc).

    I would also argue that a Mac is an expensive option for a Linux device. There are cheaper options with similar spec'd hardware.
     
    GoldenTiger likes this.
  19. BloodyIron

    BloodyIron 2[H]4U

    Messages:
    3,440
    Joined:
    Jul 11, 2005
    Some people prefer the hardware and run what they want on it.

     
    Red Falcon likes this.
  20. DocNo

    DocNo Gawd

    Messages:
    654
    Joined:
    Apr 23, 2012
    Then don't buy Mac's but instead by the hardware that does so? What's so hard about that concept?

    If I only want to buy something that runs macOS, and Apple provides hardware that more securely runs macOS but won't let Linux run then who the fuck cares? It's not like the majority of people in this thread bitching about this were going to buy Mac's anyway, by their own admission.

    This is something about tech that I NEVER understand. Why is so threatening about someone doing something different than what you like that you have to ridicule or demand that a product (that you state you will never buy!) should be forced to support your whim anyway?

    What the hell? You don't like Mac's. Got it. Continue to not buy them. Apple certainly doesn't care.

    Not every company is a good company to buy from - well, not every customer is good customer either. The worst companies are those who think they can be all things to all people.

    If Apple sent out the goon squad to confiscate all non-Apple hardware then I might be able to see the fuss in this thread. But they don't. So just suck it up and accept that Apple doesn't give a flying fuck about your whims and buy from some other vendor that will be more than happy to cater to your whims. There certainly are enough other vendors out there who will be more than happy to do so.

    I thought diversity was our strength :rolleyes:
     
    GoldenTiger likes this.
  21. Red Falcon

    Red Falcon [H]ardForum Junkie

    Messages:
    10,023
    Joined:
    May 7, 2007
    Well, it is all x86-64 equipment anyways.
    Is there something that Apple hardware does (EFI vs UEFI?) that other x86-64 equipment does not?

    I'm legitimately asking, as all-in-one units like the iMac are pretty easy to come by that nearly all branches of GNU/Linux fully support.
    Apple has always had very locked down hardware, and this is just one step closer to them having a fully closed environment - makes me wonder if this is another preliminary step by Apple to shift their hardware (and user-base) away from x86-64 in order to migrate to ARM64 (frog in boiling pot technique).

    btw, I used to run Ubuntu 10.04LTS on my Apple PowerBook G4 back in 2010, so I can understand a bit where you are coming from. ;)
     
  22. Red Falcon

    Red Falcon [H]ardForum Junkie

    Messages:
    10,023
    Joined:
    May 7, 2007
    No shit, they have a T2 Security Chip, which does not answer the question I asked - you don't need to act like an asshole. :meh:
    I was legitimately asking BloodyIron what made Apple x86-64 based systems special compared to standard "PC" x86-64 systems.
     
  23. Red Falcon

    Red Falcon [H]ardForum Junkie

    Messages:
    10,023
    Joined:
    May 7, 2007
    The point of my question to BloodyIron was basically that if there is a difference that Linux devs needed on Apple hardware that they are unable to get from standard "PC" hardware, to what extent it would effect them.
    The "addition of the T2 Security Chip" does not answer my question, nor did it have anything to do with it, so I have no clue why you would post such an asinine response.
     
  24. Red Falcon

    Red Falcon [H]ardForum Junkie

    Messages:
    10,023
    Joined:
    May 7, 2007
    That is literally what the article, which I read, stated.
    That also does not answer the question I asked, and again, had anything to do with it.

    To respond to your statements, specifically, this is only being implemented in the newest Apple hardware, so users with existing Apple systems out there should have little to worry about with this.
    It is Apple's hardware, and they can do what they want with it, much like Sony, Microsoft, and Nintendo do with their hardware as well - you are right, there is little to nothing Linux devs can do about this other than attempt to bypass it, if possible, though that could void the warranty on such devices as well.

    This also officially makes all x86-64 based Apple systems proprietary PCs, much as the PC-98, original XBox, were and the PS4 and XBone are now.
    I really do believe this is one more step in Apple's plan to move forward with getting people away from x86-64 and more towards their own in-house ARM64 CPUs and systems - come 2020, we will know for sure.
     
  25. idiomatic

    idiomatic [H]Lite

    Messages:
    74
    Joined:
    Jan 12, 2018
    They shuffled all the pro users off a while ago, and were pretty blunt about it. Now its the linux and app developers turn.

    Apple doesn't want to be a PC company. They are a consumer electronics company.
     
  26. Zarathustra[H]

    Zarathustra[H] Official Forum Curmudgeon

    Messages:
    28,640
    Joined:
    Oct 29, 2000
    I'm fine if they don't cover failed third party software installs, as long as they aren't allowed to reject coverage for actual hardware failures because of it.

    They should have to prove that any failure they decline coverage for is not hardware related
     
    SvenBent likes this.
  27. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,708
    Joined:
    Feb 3, 2014
    Just run it in a VM.... Parallels does a fine job, this is not a Mac problem if a Linux distro wants their stuff to run on Mac they can go through Apple’s validation process and get their digital signing. This basically just Apples own UEFI v.2.
     
  28. SvenBent

    SvenBent 2[H]4U

    Messages:
    3,145
    Joined:
    Sep 13, 2008
    apple:
    how can we find another way to get money by providing more annoying product wit functionality removed..
    - lets removed the well working minijack
    - lets charge for os to be able to be installed
     
  29. SvenBent

    SvenBent 2[H]4U

    Messages:
    3,145
    Joined:
    Sep 13, 2008
    Uhis is bassically the "protection money" in a new way.
    "You have to pay for us to not interfere with your business that run perfect before we arrived"

    How hard is to give the customer an option to disable it?
     
  30. c3k

    c3k 2[H]4U

    Messages:
    2,101
    Joined:
    Sep 8, 2007
    What's with a T2 security chip?

    I was always told, unlike a PC, Apple products couldn't be hacked or infected.

    Or was that then?
     
  31. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,708
    Joined:
    Feb 3, 2014
    You mean like these instructions to disable it?
    https://support.apple.com/en-ca/HT208330
     
  32. BloodyIron

    BloodyIron 2[H]4U

    Messages:
    3,440
    Joined:
    Jul 11, 2005
    Where exactly did I demand something? I didn't demand anything, I simply said there are people that are going to be upset about this.

    For literally decades people have bought Apple laptops/etc and put Linux on it. They know there's no promise or guarantee of it working on there, but that's their choice.

    You're the one putting words in their mouths about "demanding" things...

     
  33. BloodyIron

    BloodyIron 2[H]4U

    Messages:
    3,440
    Joined:
    Jul 11, 2005
    Well, one of the most notable features is the advent of Thunderbolt 1/2/3 earlier than other systems, plus at times higher built quality from a chassis/component perspective vs alternative options on the market.

    It's not like they can't get similar systems elsewhere, but it can be at times down to preference (subjective), more than objective reasoning. (looks good? is lighter? etc)

     
    Red Falcon likes this.
  34. BloodyIron

    BloodyIron 2[H]4U

    Messages:
    3,440
    Joined:
    Jul 11, 2005
    Parallels is actually quite awesome, but that doesn't mean it's the same as bare metal.

     
  35. defaultluser

    defaultluser [H]ardForum Junkie

    Messages:
    12,623
    Joined:
    Jan 14, 2006
    A fork of Lennox

    It's pretty cool!
     
    NemesisX likes this.
  36. Nobu

    Nobu 2[H]4U

    Messages:
    3,279
    Joined:
    Jun 7, 2007
    I only have one issue with this, and it may not apply to you, but here goes...

    You are free to do with it whatever you want. Apple just makes it harder for you to do it (in this case, in the name of "security"). You wouldn't normally complain about a gate henge that had a cover plate to prevent tampering, because you know it was made that way to keep people from getting through the gate without opening the lock. If it prevented you from doing something you want, you'd get another gate/henge or you'd hack it.
     
  37. SvenBent

    SvenBent 2[H]4U

    Messages:
    3,145
    Joined:
    Sep 13, 2008
    Lakados likes this.
  38. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,708
    Joined:
    Feb 3, 2014
    The biggest issue is the T2 chips blocking of 3’rd party hardware forcing you to purchase authentic apple replacement parts essentially killing off most of the DIY Apple repairs and if a few years down the road Apple requires the T2 chip for the OS it would really shake up the Hackintosh community.
     
    SvenBent likes this.
  39. SvenBent

    SvenBent 2[H]4U

    Messages:
    3,145
    Joined:
    Sep 13, 2008
    So its not blocking Mac HW for not auth software
    It could potential block for Mac SW running and standard HW ?
     
    Lakados likes this.
  40. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,708
    Joined:
    Feb 3, 2014
    I am not sure yet on the specifics, but I am remote and I have a lot of Apple products running on my sites, I am remote so the nearest Apple authorized repair center is a LOOOOOONG way away and we don't use it so I do the repairs in house, so you bet I am following this closely, but here is a snipit from theVerge from an interview with iFixit.

    The T2 is “a guillotine that [Apple is] holding over” product owners, iFixit CEO Kyle Wiens told The Verge over email. That’s because it’s the key to locking down Mac products by only allowing select replacement parts into the machine when they’ve come from an authorized source — a process that the T2 chip now checks for during post-repair reboot. “It’s very possible the goal is to exert more control over who can perform repairs by limiting access to parts,” Wiens said. “This could be an attempt to grab more market share from the independent repair providers. Or it could be a threat to keep their authorized network in line. We just don’t know.”