Announcement

Collapse
No announcement yet.

Apple's New Hardware With The T2 Security Chip Will Currently Block Linux From Booting

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #31
    Originally posted by Marc Driftmeyer View Post

    Apple has no interest--nor does Microsoft--in catering to Linux on the consumer end of products. Both have their ecosystems for consumers and financially makes zero sense for them to cater to Linux consumers. Microsoft has extended Linux on servers for their cloud back end services to tie back into their Windows focused consumers and to a lesser extent Office for Mac.
    Of course not! Why would MS or Apple spend time courting OS users that have nothing to do with them? It is Apples focus on its own hardware and operating systems that makes for a price justification in people’s minds. That focus has resulted in a Apple haveing products on the market that nobody can match. Some like iPad and iPhone are years ahead of the competition where it counts.
    Most developers who can't afford a laptop for each platform, or whatnot really have no business model and equity to work as a full-time developer.
    Many developers do start out focused on one platform though. They may even stay on that platform for years. You highlight an important element here though -developers in business -something many Linux users don’t grasp. Developers in the MS and Apple worlds are often feeding themselves, putting a roof overhead and other wise functioning positively in their communities.
    Perhaps Michael could spare a piece of hardware seeing as he's gifted dozens of units per year? /s
    It’s too bad I don’t have the money to buy a donor machine for a Michael. Micheal via Phoronix is probably the best place to get honest testing done with good system comparisons. Phoronix is certain joy less biased than many places on the net.
    To think Apple would ever open up the T2 to the Linux community is myopic at best, and moronic at worst. Their entire UEFI, HEVC, etc., is tied to that chip and will be in every product moving forward.
    Of course they will not open up the T2 but that doesn’t mean a boot solution for Linux couldn’t be found. In any event I think people are too quick to dismiss the positives that T2 offers Apples systems. As you pointed out it has many functions that effectively puts T2 in a coprocessor role. It would be interesting to see how that impacts performance with operations that T2 can handle. For Apple having one HEVC hardware decoder to work with going forward must be a relief, there is now no need to adapt to all the different GPU hardware out there.

    While it it is likely a long shot, maybe impossible with current management at Apple, I can dream about Linux drivers for the T2 chip. Imagine accessing Siri from Linux as easily as done on Mac OS or having access to the HEVC decoder. While I know this is unlikely to happen it does have certain appeal.

    I can’t say I like every pricing move Apple has made, however with a bit of shopping at discounters and a focus on the right price points, the value equation really isn’t that bad with Apple Mini hardware. This even more so if you factor in T2 and other Apple innovations.

    Comment


    • #32
      Originally posted by Vistaus View Post

      You're right, so the following article is fake news then? https://www.omgubuntu.co.uk/2018/11/...ant-boot-linux
      That has absolutely zero to do with opening up T2. All that discuss is how to get around secure boot. None of the facilities or advantages of T2 would be available to Linux users.

      I think your response, like many others Apple related, shows a misunderstanding as to what T2 is doing on the Macs. While it manages the boot process it is also effectively a coprocessor handling many other cores, effectively off loading the main CPU. As far as I know none of those facilities is accessible from Linux thus a closed system. That does bring up an interesting question about how disk access works

      Comment


      • #33
        Originally posted by AsuMagic View Post
        And I thought Secure Boot was trash...
        In many computers Secure Boot can be easily disabled directly from BIOS, anyway.

        Really, why should Apple care about any Linux distribution. On a typical HP or Dell machine Ubuntu works fine.

        Comment


        • #34
          Originally posted by wizard69 View Post
          That has absolutely zero to do with opening up T2. All that discuss is how to get around secure boot. None of the facilities or advantages of T2 would be available to Linux users.
          Total Apple-fanboy BS, as usual. The T2 is a glorified EC (= Embedded Controller) that any laptop in the last decades has and uses to deal with basic stuff like power management, battery charging and operating other low-level stuff on the board without needing to wake up the main CPU and require some kind of OS and driver (and more importantly disclose hardware secrets).

          In this case it also has access to the TPM or is the TPM, and can do various annoying stuff like checking that all other components of the laptop are "paired" to the motherboard and refuse to use them if they are not (similar to what happens on newer iPhones), because fuck third party repair.
          This is only partially enabled because of obvious reasons, but there are strong indications that they will enable that once they feel ready.

          The T2 is only partially involved in this reported issue (it's just the key storage), which is basically a Secure Boot issue. The T2 is far too low-level to deal with reading files from a disk and checking signatures on its own.

          While it manages the boot process it is also effectively a coprocessor handling many other cores, effectively off loading the main CPU. As far as I know none of those facilities is accessible from Linux thus a closed system. That does bring up an interesting question about how disk access works
          Disk access works the same as with any other Intel system, at most the T2 is talking to the SSD controller to tell it the decryption key (which is a task done by the main CPU when booting in other systems), Apple can't make custom x86 hardware.

          Which also means that this T2 is running parallel to the Intel ME, and I quite frankly suspect that it is actually just a ME "application" or software module. As what it does is exactly what the ME is designed to do (and doing in more locked down systems).

          Comment


          • #35
            Update 2: It looks like even if disabling the Secure Boot functionality, the T2 chip is reportedly still blocking operating systems aside from macOS and Windows 10.
            Michael Larabel
            https://www.michaellarabel.com/

            Comment


            • #36
              Originally posted by RussianNeuroMancer View Post
              Sorry to disappoint, but both sources are a bust.

              The "Lenovo reference" lists for example "X260", however it has a fingerprint reader, and Lenovo didn't bother to release drivers for it. Their forum has a giant thread with 102k views.

              The "Ubuntu reference" has for example nice DELL 5495, however this device has a touchpad that claims to be a mouse, so don't expect any gestures, scroll, taps-to-click to work.

              Comment


              • #37
                Originally posted by onicsis View Post
                In many computers Secure Boot can be easily disabled directly from BIOS, anyway.

                Really, why should Apple care about any Linux distribution. On a typical HP or Dell machine Ubuntu works fine.
                That is a requirement of Microsoft certification for non-ARM systems:
                Enable/Disable Secure Boot. On non-ARM systems, it is required to implement the ability to disable Secure Boot via firmware setup. A physically present user must be allowed to disable Secure Boot via firmware setup without possession of PKpriv. A Windows Server may also disable Secure Boot remotely using a strongly authenticated (preferably public-key based) out-of-band management connection, such as to a baseboard management controller or service processor. Programmatic disabling of Secure Boot either during Boot Services or after exiting EFI Boot Services MUST NOT be possible. Disabling Secure Boot must not be possible on ARM systems.
                Adding custom keys is also mandatory for non-ARM.

                Comment


                • #38
                  Originally posted by starshipeleven View Post
                  Which also means that this T2 is running parallel to the Intel ME, and I quite frankly suspect that it is actually just a ME "application" or software module. As what it does is exactly what the ME is designed to do (and doing in more locked down systems).
                  lmao, ok

                  Comment


                  • #39
                    Originally posted by scottishduck View Post

                    lmao, ok
                    It would surely save a lot of costs, and Apple isn't locking shit down because of user security anyway.

                    Comment


                    • #40
                      Originally posted by Termy View Post
                      there might be different preferences regarding the OS, so that might be a reason to buy apple-hardware.
                      Buying these comically overpriced boxes to not use macOS makes no sense to me though ^^
                      Many companies buy Apple hardware for all their employees, at my previous job I got two Macbook Pro laptops over the years. I agree won't ever buy one myself, but I must confess tee hardware was the best build quality and it had the best touch-pad that I have ever used. Magsafe was amazing too (RIP). I loved a lot of things that macOS provided, like the ease of installing applications and amount of applications that supported the OS. I hated so much more things about macOS. I would consider using Apple hardware again if I did not have to pay for it, but not their software at lest not for work.

                      I am currently using a Dell Latitude 5495 w/ Ryzen 2500U which I am much more happy with (overall). The performance of my current laptop is multiple times better and the cost is between 1/2 and 1/3 less compared to a new Macbook Pro in my country.

                      PS: I would never use VirtualBox to run Linux as guest, even if someone held a gun next to my head! VMware Fusion was okay if you had enough RAM and extra cash.

                      Comment

                      Working...
                      X