Apple blocking Linux installs on newest Macs with T2 chip

[Master Disaster]

3 hours ago, ZacoAttaco said:

I find that interesting, that wouldn't be an issue personally, I try and get as much use out of products as I can, so I'm not opposed to running older software but I'm sure many others need to have constant updates or support. I mean you can see why Apple wouldn't want to encourage this, it's funny they call it a 'security risk' though.

 

I can't help but wonder, wouldn't running Windows also allow users to potentially get more out of their devices? They'd also lose out on potential income their too so what incentive to Apple have to allow Windows installs?

That's exactly what I was thinking, Windows is arguably the most insecure but they're still 'allowing' it to be installed.

I'm sure if they could prevent Windows they probably would too but that would cause way to much backlash, gotta make sure the agenda doesn't cost them more than they will make out of it.

 

Also afaik it isn't really possible anyway, Windows has a Secure Boot certificate/key, Linux does not.

 

So correction, Linux actually does have a secure boot platform key so how and why are Apple doing this at all?

[Drak3]

19 minutes ago, firelighter487 said:

can you game using it?

Yup.

 

19 minutes ago, firelighter487 said:

did you run benchmarks to confirm that? 

Sorta. I benched it by playing actual games and using programs like photoshop and measured how long things took, FPS, and any meaningful lag.

[Master Delta Chief]

This T2-chip seems to be causing a bit of an outrage, which I can totally understand. However, the fact that it provides enhanced security for Macbook's or any other device that I am currently unaware of is something pretty nice to see. But, that doesn't mean it's going to be unbreakable. 

 

Regardless, it's a shame that Apple thinks Linux as a security threat which is quite ironic since both operating systems are based on Unix. I think this is pretty much solve able by either a firmware update or just giving the users the proper option of disabling it. 

16 hours ago, DrMacintosh said:

Ever heard of TimeMachine? Backup your data 

Of course backing up your data is something people should start focusing on a bit more, even if they may be incompetent. Perhaps a bit more public awareness? Though, I do believe that you should still have the ability to properly recover your data in the event your Macbook has been damaged in one form or another.

 

[79wjd]

 

1 hour ago, Master Delta Chief said:

Of course backing up your data is something people should start focusing on a bit more, even if they may be incompetent. Perhaps a bit more public awareness? Though, I do believe that you should still have the ability to properly recover your data in the event your Macbook has been damaged in one form or another.

 

Either you use hardware encryption and have a hard/impossible time recovering anything not backed up, or you don't use hardware encryption. It's a choice to use it.

[Drak3]

1 hour ago, Master Delta Chief said:

quite ironic since both operating systems are based on Unix.

Linux is based off of Unix in a very loose sense. It's designed to deliver the same result, without using any patented/proprietary software of the Unix kernal.

[Misanthrope]

I am pretty sure Linux people warned us this would happen when UEFI and Secure Boot was proposed like what, 12 years ago? Maybe a bit less but I distinctly recall every Linux user and dev raise the alarm, they just assumed that Microsoft would be doing this kind of stuff and probably not Apple but hey, here we are and Apple is now on a much stronger position than anybody expected back then so there's that to be fair.

[Canada EH]

20 hours ago, Blademaster91 said:

security risk

Apple is the risk!

[Jito463]

22 minutes ago, Misanthrope said:

they just assumed that Microsoft would be doing this kind of stuff and probably not Apple

Ironically, I believe MS actually requires that OEMs implement the ability to disable SB, due to their ongoing support for legacy software and hardware.

[BlueChinchillaEatingDorito]

18 hours ago, ScratchCat said:

A lot has gone and will continue to go wrong with every major OS, regardless of being open source or not.

When an OS is open sourced, it's impossible for the manufacturer to trust that OS because anyone could implement their own distribution by injecting their own code into it. Deepin for example is a beautiful Linux distribution and the number one reason in my opinion as to why adoption has been low, is because it is a Chinese Linux distribution. And it doesn't take much to see why some might have reservations against using a Chinese Linux distribution. 

 

Long story short, every OS will have problems. Yes, I agree with that. But what Secure Boot does is give manufacturers insurance that only OSes that are trustworthy can be loaded on their machines. That was its purpose and it's arguable whether or not its implementation on Windows based PCs actually did much. Apple just happened to be the first one to implement it in a way that is tougher than anyone else.

[Master Disaster]

3 hours ago, Jito463 said:

Ironically, I believe MS actually requires that OEMs implement the ability to disable SB, due to their ongoing support for legacy software and hardware.

Yep, Microsoft's policy is users must be able to disable Secure Boot for an OEM machine to achieve Windows 10 certification. The only exception is devices that run ARM based CPUs where secure boot must be enforced and non removable.

[mr moose]

Does this have anything to do with the repair debacle that needs to run service only software before the device would run?  because obviously if you repair a mac and install Linux you  totally don't need to run any service software.

[suicidalfranco]

from the company that managed to bug up root access

 

[ScratchCat]

4 hours ago, BlueChinchillaEatingDorito said:

When an OS is open sourced, it's impossible for the manufacturer to trust that OS because anyone could implement their own distribution by injecting their own code into it.

With open source OSes if the distribution is large enough to be considered an option by a manufacturer then the OS will have multiple people verifying each change to the code. Effectively it is possible for a manufacturer to trust the OS if the community working on it is sufficiently large that it would be infeasible to inject malicious code without someone raising an alarm.

 

Red Hat Linux is open source (see CentOS) yet companies still trust it enough to contain sensitive information and pay dearly for support contracts.

5 hours ago, BlueChinchillaEatingDorito said:

Long story short, every OS will have problems. Yes, I agree with that. But what Secure Boot does is give manufacturers insurance that only OSes that are trustworthy can be loaded on their machines. That was its purpose and it's arguable whether or not its implementation on Windows based PCs actually did much. Apple just happened to be the first one to implement it in a way that is tougher than anyone else.

The issue is not it is preventing the use of Sketchy Linux 9001 but completely ignoring the "Microsoft Corporation UEFI CA 2011" certificate which means even trustworthy distributions like Ubuntu or RHL could not be installed (as far as I can tell) and disabling Secure Boot disables the internal SSD:

Quote

However, even with secure boot disabled, people have encountered issues with the T2 chip. For example, it apparently blocks the unofficial operating system from certain motherboard functions – including the internal SSD. It's claimed the T2 hides the flash drive from non-approved OSes, a rather showstopping-limitation for anyone hoping to install Linux, BSD, and so on.

 

[Thaldor]

15 hours ago, BlueChinchillaEatingDorito said:

When an OS is open sourced, it's impossible for the manufacturer to trust that OS because anyone could implement their own distribution by injecting their own code into it. Deepin for example is a beautiful Linux distribution and the number one reason in my opinion as to why adoption has been low, is because it is a Chinese Linux distribution. And it doesn't take much to see why some might have reservations against using a Chinese Linux distribution. 

 

Long story short, every OS will have problems. Yes, I agree with that. But what Secure Boot does is give manufacturers insurance that only OSes that are trustworthy can be loaded on their machines. That was its purpose and it's arguable whether or not its implementation on Windows based PCs actually did much. Apple just happened to be the first one to implement it in a way that is tougher than anyone else.

Only reasons I can think why Apple would care what OS is run on their hardware are binding people to Apple ecosystem, they fear that people would call their support about why their own OS doesn't work and they can't answer "we don't support that OS" or that they actually are so incompetent that the protection of T2-chip is so weak that if run with suitable OS it would crack like a cookie.

 

If user wants to install "Linux Chienese botnet edition" and manages to brick their Macbook with it, Apple has zero requirments to give them any support on that part. That might actually read in their warranty papers quite clearly. People can be very stupid, but it takes someone extremely stupid to even try to install some shady OS distributions without knowing what they are doing while stil lhaving enough knowledge to do it and even then the amount of triers would be probably very marginal. So, only reasons are that Apple wants to restrict the users (which wouldn't really be anything new, now they just managed to raise it up few levels) or they actually fear that the T2-chip might be cracked. And I would think that if the T2-chip was that badly made we would have already heard about that.

[imreloadin]

At the end of the day this is just an issue of "You don't 'own' your device anymore"...

[Nowak]

On 11/7/2018 at 12:08 AM, BlueChinchillaEatingDorito said:

There's a lot that can go wrong with an Open Source OS. 

Such as?

Name something that can go wrong with an open source OS that doesn't happen with proprietary OSes.

[KuJoe]

2 minutes ago, Nowak said:

Such as?

Name something that can go wrong with an open source OS that doesn't happen with proprietary OSes.

1. Changing licenses and forcing the removal of packages/drivers that don't fall under the new license (Debian).
2. Devs removing software without warning with the reason of "we don't use it" (Arch Linux).
3. Devs no longer supporting the project and killing it (CrunchBang).
4. Getting acquired by a company that has a bad reputation in the open source community (RHEL). 

That's all I can think of off hand, I'm tired.

[ZacoAttaco]

7 hours ago, imreloadin said:

At the end of the day this is just an issue of "You don't 'own' your device anymore"...

It's arguably not even 'anymore', I'd say it's been this way for a while but only now are we seeing the behavior become even more predominant and our naivety run out.

[Terryv]

14 hours ago, Thaldor said:

If user wants to install "Linux Chienese botnet edition" and manages to brick their Macbook with it, Apple has zero requirments to give them any support on that part. That might actually read in their warranty papers quite clearly. People can be very stupid, but it takes someone extremely stupid to even try to install some shady OS distributions without knowing what they are doing while stil lhaving enough knowledge to do it and even then the amount of triers would be probably very marginal. So, only reasons are that Apple wants to restrict the users (which wouldn't really be anything new, now they just managed to raise it up few levels) or they actually fear that the T2-chip might be cracked. And I would think that if the T2-chip was that badly made we would have already heard about that.

You do realize, people have a right to do stupid things. A call to Apple support will just have them ready revert back to macOS if their Linux venture goes wrong.

 

Fear of the T2 getting cracked isn't a valid excuse. It could be disabled in hardware when macOS isn't present.

 

Apple has no business telling people what to do with their things. It's also not like they're messing about with macOS.

[suits]

On 11/6/2018 at 11:36 PM, DrMacintosh said:

Ever heard of TimeMachine? Backup your data 

This comment is literally why we hate Apple fanboys so much. "Your using your computer wrong, that's not the way Apple wants you to do it". Screw that. Should you buckup your data, sure, should you be able to recover it, hell yeah, Apple not allowing you to do what you want, when you want, with your computer that you bought is a problem. Especially when they have done it in the past and are removing features.

[LAwLz]

12 hours ago, KuJoe said:

• Changing licenses and forcing the removal of packages/drivers that don't fall under the new license (Debian).

Happens all the time with closed source software. For example Microsoft removed support for ReFS on Windows Pro and Enterprise, and made a new "Workstation Pro" SKU for it.

 

12 hours ago, KuJoe said:

• Devs removing software without warning with the reason of "we don't use it" (Arch Linux).

Not sure what you're referring to there specifically but again, happens with closed source OSes too. Support for OSes are dropped left and right.

For example Nvidia and AMD dropping support for 32bit OSes. Microsoft all of a sudden software-blocking updates for Windows 7 machines running on Zen or newer Intel processors. Steam, Chrome and some other software dropping support for older OSes like XP. SecuROM support all of a sudden being completely removed in Windows 10, and patches disabling it being issued to 7 and 8.

 

12 hours ago, KuJoe said:

• Devs no longer supporting the project and killing it (CrunchBang).

Are you really going to argue that all closed source programs ever released are still supported? Come on... That is absolutely not exclusive to open source.

 

12 hours ago, KuJoe said:

• Getting acquired by a company that has a bad reputation in the open source community (RHEL). 

Nothing inherently with being open source that enables that. It could happen to any company, regardless of whether or not their product is open source.

 

I also don't see how any of the things you mentioned are relevant to how the conversation started.

It started with someone saying Linux was a security risk, and that "there's a lot that can go wrong with an Open Source OS", which is a load of FUD.

[79wjd]

2 hours ago, suits said:

This comment is literally why we hate Apple fanboys so much. "Your using your computer wrong, that's not the way Apple wants you to do it". Screw that. Should you buckup your data, sure, should you be able to recover it, hell yeah, Apple not allowing you to do what you want, when you want, with your computer that you bought is a problem. Especially when they have done it in the past and are removing features.

Don't encrypt your data. Voila, recoverable.

 

Apple isn't forcing you to use encryption.

[KuJoe]

56 minutes ago, LAwLz said:

Happens all the time with closed source software. For example Microsoft removed support for ReFS on Windows Pro and Enterprise, and made a new "Workstation Pro" SKU for it.

Because of the licensing? That's weird.

56 minutes ago, LAwLz said:

Not sure what you're referring to there specifically but again, happens with closed source OSes too. Support for OSes are dropped left and right.

For example Nvidia and AMD dropping support for 32bit OSes. Microsoft all of a sudden software-blocking updates for Windows 7 machines running on Zen or newer Intel processors. Steam, Chrome and some other software dropping support for older OSes like XP. SecuROM support all of a sudden being completely removed in Windows 10, and patches disabling it being issued to 7 and 8.

Not exactly the same thing, those examples are for legitimate technical reasons, not because a developer at Microsoft decided the software was useless to them.

56 minutes ago, LAwLz said:

Are you really going to argue that all closed source programs ever released are still supported? Come on... That is absolutely not exclusive to open source.

That's not what I said at all.

56 minutes ago, LAwLz said:

Nothing inherently with being open source that enables that. It could happen to any company, regardless of whether or not their product is open source.

In the example I provided it's specific to open source. A closed source OS being acquired by a company who is anti-open source is not as big of an issue as an open source OS can being acquired by a company who is anti-open source. I was just giving an example.

56 minutes ago, LAwLz said:

I also don't see how any of the things you mentioned are relevant to how the conversation started.

It started with someone saying Linux was a security risk, and that "there's a lot that can go wrong with an Open Source OS", which is a load of FUD.

I'm just playing devil's advocate, had somebody said "there's a lot that can go wrong with a closed source OS" then there's plenty of examples also. My whole point was there is no perfect OS, but the best part is that there are so many OS options out there people can decide which one is best for them.

[suits]

1 hour ago, 79wjd said:

Don't encrypt your data. Voila, recoverable.

 

Apple isn't forcing you to use encryption.

That is incorrect the 2018 MacBook lineup cannot have any data recovered if the logic board fails. That's even if nothing is wrong with the storage, there are new articles on here a few months back talking about it. A professional company said they might be able to recover it, but as a non professional you are out of luck trying to do it on your own, right to repair is a law that Apple seems to not care about.

[LAwLz]

7 minutes ago, KuJoe said:

 Because of the licensing? That's weird.

Oh you were talking specifically about licensing? That changes all the time for closed source software. Hell, South Park even made an episode making fun of how often the licensing for iTunes changes. Just in Windows 10 alone the licensing agreement has changed like 5 times.

And yes, after Microsoft made the ReFS changes you had to buy a different Windows license to regain the functionality you had before.

There have also been "issues" with things like video codec licenses in Windows, hence the reason why Windows 10 no longer includes media center.

 

15 minutes ago, KuJoe said:

Not exactly the same thing, those examples are for legitimate technical reasons, not because a developer at Microsoft decided the software was useless to them.

Okay, let me get this straight. Are you saying that some developer decided to, without any technical reasons whatsoever, remove support for Arch Linux? I find that hard to believe. If it was just "we don't feel like spending time developing for it" then it is exactly the same reason as for example AMD and Nvidia dropping support for 32 bit OSes. There is no technical reason for why they can't keep developing those drivers. It's purely a matter of "we don't think enough users use them to be worth the time invested".

Also, software generally isn't tied to a specific distro in GNU/Linux. In order to make it compatible with other distros but not Arch, they would need to code it that way specifically.

 

22 minutes ago, KuJoe said:

That's not what I said at all.

Then please elaborate what you meant, because that's the way I interpreted it.

You said, when asked what can happen to OSS that can't happen to closed source software, that devs can stop supporting a project and kill it.

I interpret that as you saying closed source developers never stop supporting their software, which is of course ridiculous.

 

25 minutes ago, KuJoe said:

In the example I provided it's specific to open source. A closed source OS being acquired by a company who is anti-open source is not as big of an issue as an open source OS can being acquired by a company who is anti-open source. I was just giving an example.

I really don't understand your logic here.

That just means the OSS "falls" to the same level as closed source software. The question was what bad things can go wrong with OSS that can't go wrong with closed source. Saying that in some cases OSS projects becomes as "bad" as closed source is not a valid example of how closed source software is less of a security risk.

 

 

 

 

Also, like I said earlier, none of your example has anything to do with the original posts which spawned this conversation thread. Someone said that a lot of things can go wrong with an open source OS and that it therefore was a security risk to use. That's what started this conversation.

Here is a quick summary of how the conversation went.

 

Someone: Using Linux is a security risk.

Someone else: How?

A third person 3: It's open source, so there are more things that can go wrong.

Person 4: Such as?

You: The project can be acquired by a company that is not well liked.

 

You're having a completely different discussion that the person you replied to had.