14 DAY TRIAL // Apple’s new-generation Macs come with a new so-called Apple T2 Security Chip that’s supposed to provide a Secure Enclave co-processor responsible for powering a series of security features, including Touch ID.
At the same time, this security chip enables the secure boot feature on Apple’s computers, and by the looks of things, it’s also responsible for a series of new restrictions that Linux users aren’t going to like.
As reported by Phoronix, the T2 security chip blocks Linux from booting by default, with Apple only allowing macOS and Windows 10 to run on its devices.
“There is currently no trust provided for the Microsoft Corporation UEFI CA 2011, which would allow verification of code signed by Microsoft partners. This UEFI CA is commonly used to verify the authenticity of bootloaders for other operating systems such as Linux variants,” Apple explains in a technical support document detailing how the T2 chip works.
However, Apple does allow users to disable secure boot, which technically means that no additional checks would be performed at boot, basically opening the door to unsupported operating systems like Linux.
Disabling secure boot not making any difference
But as it turns out, disabling secure boot doesn’t seem to make a difference for some reason, possibly due to more restrictions implemented by Apple. This could also be tied to the lack of a certificate, though it goes without saying that turning off secure boot should also mean these checks are no longer performed.
“By default, Mac computers supporting secure boot only trust content signed by Apple. However, in order to improve the security of Boot Camp installations, support for secure booting Windows is also provided. The UEFI firmware includes a copy of the Microsoft Windows Production CA 2011 certificate used to authenticate Microsoft bootloaders,” Apple explains.
A support document published by Apple in late 2017 and updated recently with information relevant to the new devices provide instructions on how to disable secure boot.
Technically, it is possible to boot Linux on a new-generation Mac, but for some reason, this thing doesn’t work even after following Apple’s guidance.
We have reached out to the company to ask for more information on this and we’ll update the article if an answer is provided.