Announcement

Collapse
No announcement yet.

Apple's New Hardware With The T2 Security Chip Will Currently Block Linux From Booting

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #51
    Originally posted by starshipeleven View Post
    That's a very weird concept of "gift" this person has (I know some people who are like him). If you gift me something you lose all control over it.

    (not shouting at you, it's a general rant at this type of behavior).
    It's not this bad. I offered him a last look before nuking the installation - he refused without even flinching.
    I just can't find the motivation to invest any more time into the machine - this will change only if I get a request from my wife.

    Comment


    • #52
      Originally posted by wizard69 View Post
      As for Mac OS it is in fact worth the little bit of extra one pays for it. I run Mac hardware at home and on a few systems at work, mostly Windows at work and a few Linux machines at home. It is safe to say Mac OS is light years ahead of Linux and Windows when it comes to stability and reliability. It is also better supported than either of those platforms.

      I say this with complete confidence but also acknowledge that Mac OS is only supported on limited hardware. Windows is by far the most I’ll behaved OS out there. Linux is pretty good relative to Windows, in my case we are talking the Fedora flavor. Even Fedora is held back by the state of gnome and decisions made there to stay with old development strategy’s. Apples greatest advantage in my mind is their ability to drive third party developers in the right direction. That really started with the advent of LLVM/CLang, the focus on APIs and now Swift. Making things easy (most of the time) for developers has lead to a lot of good quality software for the Mac OS and IOS platforms. Contrast this with Linux that can leave you with broken apps just about anytime after an update.
      Sorry, but in my humble opinion, your comment is "a little outdated". Ten years ago I would be fully agree with you, but today, I think that choosing between Windows, Mac o Linux is more a personal preference than a technical reason.

      The first years of Intel era were the best for Mac computers. In those days OS X (now macOS) was far better than Windows and GNU/Linux, but Windows did a big jump ahead with 7 and in 2009 GNU/Linux started a wonderful progression that put its quality to the same lever to its competitors and surpassing them in some areas.

      Apple decided to be a mobile company and the Mac platform was almost abandoned in this decade. Result? You can finds lots of benchmarks where the performance of GNU/Linux and Windows is better than macOS on the Mac hardware.

      The first time I used a Mac computer was in 2007 and I was impressed by the performance, the reliability and the integration, but in 2012 my opinion fully changed and I saw in OS X a "common" system with some special features that contribute nothing to improve the user experience.

      I didn't see an application broken since many years ago, but if you use the system through compilation, obviously you are at risk to have these kinds of problems. But if you use an Ubuntu system rarely you will have an application broken by the system.

      Talking about Swift, today the operating system market is open, so it's prefer to use a multiplatform technology (Qt, Electron... ) than other that lock you to a system. Yes, Swift gives you a powerful framework (with the tools) to make applications fully integrated with the macOS and iOS, but you probably need to develop again the same application from scratch because Swift is multiplatform, but I think it doesn't let you develop apps for Apple systems, Windows and GNU/Linux with the same code.

      Comment


      • #53
        Originally posted by Hi-Angel View Post
        Sorry to disappoint, but both sources are a bust.

        The "Lenovo reference" lists for example "X260", however it has a fingerprint reader, and Lenovo didn't bother to release drivers for it. Their forum has a giant thread with 102k views.

        The "Ubuntu reference" has for example nice DELL 5495, however this device has a touchpad that claims to be a mouse, so don't expect any gestures, scroll, taps-to-click to work.
        Thankfully this particular issue mentioned in "Certification notes" of Dell 5495, so customer can avoid such issues if he read about. And, anyway, every device that supposed to work with Windows 10 have bunch of own driver issues, that you can find only if you search about it on vendor's forums. Like, if I would read this before Dell 7285 purchase that would save me a lot of time.

        Comment


        • #54
          Originally posted by RussianNeuroMancer View Post
          Thankfully this particular issue mentioned in "Certification notes" of Dell 5495, so customer can avoid such issues if he read about.
          No, it's not. The notes are just saying that the touchpad doesn't support gestures with 3 fingers or more. Scroll in particular is a 2-finger gesture.

          Originally posted by RussianNeuroMancer View Post
          And, anyway, every device that supposed to work with Windows 10 have bunch of own driver issues, that you can find only if you search about it on vendor's forums. Like, if I would read this before Dell 7285 purchase that would save me a lot of time.
          Good point

          Comment


          • #55
            Originally posted by Hi-Angel View Post
            No, it's not. The notes are just saying that the touchpad doesn't support gestures with 3 fingers or more. Scroll in particular is a 2-finger gesture.

            I guess it work as advertised with specific version mentioned in certification notes, or maybe with any kernel from oem branch.

            Comment


            • #56
              Originally posted by wizard69 View Post

              I think you have been mis informed about Apple hardware. Not all of it is grossly overpriced even the Mac Mini has machines with rational price points. In the case of the Mini and the MBA you are getting bleeding edge hardware with the T2 acting effectively as a co processor. Shop carefully and you will not be paying for a highly overpriced machine.

              As for Mac OS it is in fact worth the little bit of extra one pays for it. I run Mac hardware at home and on a few systems at work, mostly Windows at work and a few Linux machines at home. It is safe to say Mac OS is light years ahead of Linux and Windows when it comes to stability and reliability. It is also better supported than either of those platforms.

              I say this with complete confidence but also acknowledge that Mac OS is only supported on limited hardware. Windows is by far the most I’ll behaved OS out there. Linux is pretty good relative to Windows, in my case we are talking the Fedora flavor. Even Fedora is held back by the state of gnome and decisions made there to stay with old development strategy’s. Apples greatest advantage in my mind is their ability to drive third party developers in the right direction. That really started with the advent of LLVM/CLang, the focus on APIs and now Swift. Making things easy (most of the time) for developers has lead to a lot of good quality software for the Mac OS and IOS platforms. Contrast this with Linux that can leave you with broken apps just about anytime after an update.

              By by the way I’m not saying Apple is perfect and that software hasn’t been broken after an update or two. However the problem is far less on Mac OS than any other platform. You generally have only one major system update a year and with a solid focus on API stability you are not impacted nearly as much as on Linux. When there are issues you are at times anyways warned by Apple that some apps will require updates. On Linux broken software is always a surprise after an update.
              This is not news.... The problem with Apple has never been their OS. It would be fantastic if we could all use their OS on our hardware of choice. The real problem with Apple has always been their hardware, it's always years behind and always shitty. Polished turd comes to mind.

              https://www.youtube.com/watch?v=AUaJ8pDlxi8

              Comment


              • #57
                Originally posted by Hi-Angel View Post
                The worst thing is that there's no way to debug this thing.
                There actually is a way to debug those kind of problems - a DTrace-based app called Instruments, you can get it for free with Xcode.

                Comment


                • #58
                  Originally posted by starshipeleven View Post
                  Disk encryption has nothing to do with this, the issue is that the bootloader can't trust Linux because you cannot add a key for it, unlike most other decent UEFI Secure Boot implementations.
                  The T2 chip does implement, along with the boot image verification causing problems here, a type of disc encryption that can't be broken by pilfering the encryption key. This is the same tech that has been causing some major headaches for law enforcement trying to access data on iPhones.

                  Nah, it's just another case of Apple being Apple.
                  Nah, it's just another case of Linux fanboys sperging out over Apple not catering to them.

                  Yeah, because the T2 isn't also used in their new laptops, and their laptops are shining beacons of "not overpriced".
                  At what point did I claim that Apple's laptops are competitively priced? Because neither did I claim that, the opposite was kind of implicit from how I talked about the new Mac Mini being overpriced.
                  "Why should I want to make anything up? Life's bad enough as it is without wanting to invent any more of it."

                  Comment


                  • #59
                    Originally posted by L_A_G View Post
                    The T2 chip does implement, along with the boot image verification causing problems here, a type of disc encryption
                    Which is 100% irrelevant to the case here, as I said.

                    that can't be broken by pilfering the encryption key.
                    More like the encryption key itself is stored in hardware and operated by hardware so it is harder to steal (but not impossible, especially if you don't secure the T2-SSD communication against replay attacks)

                    I really hope they aren't doing completely retarded shit like having the T2 pull the SSD controller reset pin down instead of actually sending it a key, because that's pretty easy to hack (cut the reset pin trace). And I say this as in most reports the SSD "disappears" so it's not even detected by the system (which is what happens if the SSD controller is locked in "reset" state). Most businness-grade drives refuse to execute commands if you are not authenticated, but don't disappear from the system. I mean it's not like disappearing is better, the attacker knows the SSD is still there.

                    This is the same tech that has been causing some major headaches for law enforcement trying to access data on iPhones.
                    Or any other device with a working TPM and self-encrypting drive anyway. This technology isn't really new or revolutionary. The big question is if they made it actually safe or if it is there just to lock down stuff for purely commercial reasons, Apple-style.

                    What makes me wonder this is that FBI still managed to extract data from iPhones when they sued Apple, they just had to pay some security company for the service.

                    With normal businness-grade hardware it would not have happened.

                    At what point did I claim that Apple's laptops are competitively priced?
                    At which point I claimed you had to do so?

                    I wanted to say that all this "doing us a favor" thing you said is kind of strange since T2 is used also in their laptops, and they are just as overpriced as the mac mini.

                    People won't stop buying Apple, it's a cult.

                    Comment


                    • #60
                      Originally posted by starshipeleven View Post
                      Which is 100% irrelevant to the case here, as I said.
                      Not really when Apple's security chips are supposed to be part of a full all-in-one security system with tamper-proof boot and full disc encryption.

                      More like the encryption key itself is stored in hardware and operated by hardware so it is harder to steal (but not impossible, especially if you don't secure the T2-SSD communication against replay attacks)
                      Considering how they haven't broken the iPhone's encryption scheme with a replay attack and this the same tech I doubt it'll work here. The only hack that I've seen working that didn't involve bugs in the OS involved de-soldering the NAND flash chips off the board, dumping their contents and setting up a pin brute force rig connected to those pads that rebooted the device with a restored copy of the chips' content every time it got to the limit for re-tries of the PIN code. I suspect this will probably work with the new Mac Mini too, but like with the iPhone, it'll be far from practical and probably also take longer as the unlock key is going to be a bit more complex than an array of 5 characters restricted to numbers.

                      ...
                      There shouldn't be any pin pulling as the T2 doesn't work with a separate SSD. The whole thing, T2, NAND and all, is literally right on the motherboard. Unlike Apple's recent laptops the new Mac Mini does use standard SO-DIMM sticks for RAM, but like the recent laptops the SSD is right on the motherboard.

                      Or any other device with a working TPM and self-encrypting drive anyway. This technology isn't really new or revolutionary. The big question is if they made it actually safe or if it is there just to lock down stuff for purely commercial reasons, Apple-style.
                      As I said, this is really just Apple implementing the same iPhone tech that has caused so many headaches to law enforcement trying to access devices. If that's anything to go by then this is a clear step up from what's been done before. You can go on about how this is nothing new, but as usual whenever Apple tries something that has already been done their solution is usually more involved and refined.

                      What makes me wonder this is that FBI still managed to extract data from iPhones when they sued Apple, they just had to pay some security company for the service.
                      When the government sued Apple they refused to create the protection nullifying "cancer" update and the case was dropped primarily because the FBI was contacted by the developer of the really involved hardware attack. This attack worked, but it was both slow and expensive meaning that any future use of it will be pretty heavily restricted. On computer drives where the encryption key is much more complex this will probably technically work, but like brute forcing AES with 256+ bit keys not actually be practical.

                      With normal businness-grade hardware it would not have happened.
                      With normal business grade hardware the attack would probably have to have been less involved than the one the FBI had to resort to in their effort to gain access to the San Bernadino terrorist's phone.

                      I wanted to say that all this "doing us a favor" thing you said is kind of strange since T2 is used also in their laptops, and they are just as overpriced as the mac mini.
                      It seems like you completely misunderstood my sarcasm there... Because the point was that the Mac Mini is expensive to the point of simply not being worth it. Except maybe if you're a pedophile, drug dealer, terrorist, spy or some other kind of person the government would want to see what you've got on your HDD.

                      People won't stop buying Apple, it's a cult.
                      Well your "REEE!!!! STOP LIKING WHAT I DON'T LIKE!!!1"-nonsense isn't exactly making the Linux user community look any better...
                      "Why should I want to make anything up? Life's bad enough as it is without wanting to invent any more of it."

                      Comment

                      Working...
                      X