56
Comments
  • 23
    Aaand of course it’s not true. If someone really want to pay for Mac just to install Linux on it, security features of T2 can be disabled which allows installation of third party OS.

    And anyway, Microsoft was first with that kind of „protection” ;)
  • 11
    @mlask man i was really worried for a second
  • 8
    @FrodoSwaggins "Fear not, random citizen! For you are safe!"
  • 5
    Actually it's not Apple's fault but linux's for not implementing the required interfaces for working with the chip it was already like that with secure boot (and some Linux distrib still don't boot with it enabled)
  • 3
    Glad I have no money for the new one with the T2 chip
  • 10
    The fun thing about secure boot is that the OS kernel/boot installed must match one of the keys installed.
    And because Linux bring as open as it is, can't keep those keys secret/secure.
    So the options you usually have is to disable secure boot or generate your own keys and insert them into UEFI. The problem being every single time you update the kernel, then you gotta remember to sign again or you won't boot.
    Happy times, not gonna happen.
  • 5
    @Hallelouia yeah but how much do you want to bet those interfaces are secrets traded behind closed doors?
  • 3
  • 3
    @FrodoSwaggins I know, the software piece that allow window to run on new Macs was probably provided by apple and they probably won't make one for Linux or it won't be accepted because it'll definitely be a proprietary blob.

    On a hardware and security standpoint the T2 chip is a good chip albeit completely proprietary.
  • 3
    @Hallelouia actually I think jespersh is right on this one. I’ve heard that argument made. Who would be the signing authority on the Linux kernel? Nobody really controls what source is built into it and what the shas are when it’s built. So you just disable secure boot. I guess you could sign it yourself...
  • 3
    @FrodoSwaggins yeah, it makes sense but how does it come that Ubuntu and Fedora can install on secure boot enabled machines? But then again, I had to enroll my own Machine Owner Key to have kernel modules for VirtualBox to work on my Fedora with secure boot enabled so ...
  • 1
    Also my point was that at first it wasn't supported and then it got so on the T2 chip matter, just wait and see.
  • 2
    @Hallelouia well, I guess but that definitely has to do with red hat and canonical signing with a secret key that users aren’t given
  • 0
    After further research it seems that apple doesn't provide keys or a way to generate secure keys for their T2 chips and disabling Secure Boot doesn't help.

    So ignore my original comment.

    On an other note if you dropped 1500+$ on a Mac device, drop 80 more on a parallels desktop license it will probably run Linux better than native, at least you won't have to fight with the propietary hardware. Sure you won't have peak performance but if you want to run Linux natively there are some nice constructors making Linux compatible machines, system76 and purism for example, there's also a German one but I don't remember their name and the website was fuck ugly.
  • 1
    damn...dodged a fuckin bullet
Your Job Suck?
Get a Better Job
Add Comment