YOU MIGHT WANT TO THINK TWICE before splurging on new Apple hardware as it's been revealed that the firm's T2 security chip is blocking Linux from booting on Mac devices.
Apple's latest Mac hardware, which includes a new MacBook Air and Mac Mini, comes with the firm's T2 chip embedded, which provides a secure enclave, APFS storage encryption, Touch ID handling, a hardware microphone disconnect on lid close, and other security features.
However, as reported by Phoronix, the chip also T2 restricts the boot process, and means is that Linux support on Mac hardware is now nonexistent.
By default, Windows isn't even bootable on Apple's latest hardware until enabling support for Windows via the Boot Camp Assistant on macOS.
"This will install the Windows Production CA 2011 certificate that is used to authenticate Microsoft bootloaders, but this doesn't setup the Microsoft-approved UEFI certificate that allows verification of code by Microsoft partners, including what is used for signing Linux distributions wishing to have UEFI SecureBoot support for Windows PC," Phoronix explains.
Even when the Secure Boot functionality has been disabled, the T2 chip is reportedly still blocking operating systems aside from macOS and Windows 10, the report adds.
Apple hasn't spoken out about its Linux hostility, but explains the move its official support documentation.
"By default, Mac computers supporting secure boot only trust content signed by Apple. However, in order to improve the security of Boot Camp installations, support for secure booting Windows is also provided. The UEFI firmware includes a copy of the Microsoft Windows Production CA 2011 certificate used to authenticate Microsoft bootloaders.
"Microsoft Corporation UEFI CA 2011, which would allow verification of code signed by Microsoft partners. This UEFI CA is commonly used to verify the authenticity of bootloaders for other operating systems such as Linux variants."
This essentially means that, until Apple decides to add this certificate or the T2 chip is otherwise cracked so it can be fully disabled or allowed to load arbitrary keys, it's impossible to boot Linux distributions on Apple's latest hardware. µ
'Glass Enterprise Edition 2' is coming, for some reason
Monetisation lures Google to cherry-pick from its sibling
Issue occurs after installing Google's latest security patch
On, er, 13 November and to a tiny percentage of users