Linked by Thom Holwerda on Mon 5th Nov 2018 23:10 UTC
Apple

People have found out that you can only install macOS and Windows 10 on Apple's new Macs equipped with the T2 security chip.

By default, Microsoft Windows isn't even bootable on the new Apple systems until enabling support for Windows via the Boot Camp Assistant macOS software. The Boot Camp Assistant will install the Windows Production CA 2011 certificate that is used to authenticate Microsoft bootloaders. But this doesn't setup the Microsoft-approved UEFI certificate that allows verification of code by Microsoft partners, including what is used for signing Linux distributions wishing to have UEFI SecureBoot support for Windows PCs.

Right now, there is no way to run Linux on the new Mac hardware. Even if you disable Secure Boot, you can still only install macOS and Windows 10 - not Linux. Luckily, Linux users don't have to rely on Macs for good hardware anymore - there are tons of Windows laptops out there that offer the same level of quality with better specifications at lower prices that run Linux just fine.

Order by: Score:
Comment by tidux
by tidux on Mon 5th Nov 2018 23:35 UTC
tidux
Member since:
2011-08-13

Well, that's just more evidence for me to stick with my trusty old X220 until we get laptops with HiDPI screens, Ryzen-or-later APUs, and full Linux support.

Reply Score: 2

Okay...
by Andersenep on Tue 6th Nov 2018 00:06 UTC
Andersenep
Member since:
2016-05-19

Is there seriously anyone out there that wants to pay the premium for Apple hardware and then slap Linux on it? Why on Earth would you do such a thing??? Would you pay for an iPhone and complain that you can't install some Android custom ROM or whatever too?

Edited 2018-11-06 00:09 UTC

Reply Score: 5

RE: Okay...
by iampivot on Tue 6th Nov 2018 00:40 UTC in reply to "Okay..."
iampivot Member since:
2005-08-09

True, nobody buys macbook pros for the hardware, only to get macos. Reluctantly, as the macbook pros are too slim these days, with no upgrade options.

Reply Score: 5

RE: Okay...
by Moochman on Tue 6th Nov 2018 00:44 UTC in reply to "Okay..."
Moochman Member since:
2005-07-06

Well, it used to be the case that MacBooks had some of the nicest hardware out there. I'm pretty sure I've seen a few developers using Macs with Linux over the years, although it certainly isn't common. Nowadays though if you're not buying it for macOS the only thing really going for it in comparison to a good ThinkPad or XPS is the resale value.

Edited 2018-11-06 00:44 UTC

Reply Score: 4

RE[2]: Okay...
by rener on Thu 8th Nov 2018 23:06 UTC in reply to "RE: Okay..."
rener Member since:
2006-02-27

Well, it used to be the case that MacBooks had some of the nicest hardware out there. I'm pretty sure I've seen a few developers using Macs with Linux over the years, although it certainly isn't common. Nowadays though if you're not buying it for macOS the only thing really going for it in comparison to a good ThinkPad or XPS is the resale value.


Nope, current Macs are usually outdated, overpriced, too thin, overheating crap without enough ports and options, nothing user upgrade or serviceable clusterf*ck. And I say this as someone who purchased PowerPC Macs in 2003 for pure use with Linux. I literally threw the macOS discs into the trash back in the day. Still have my G4 Cube, the G5, … my daily driver is a late-2013 15" rMBP where Apple was already hiding the iGPU from OtherOS' https://www.youtube.com/watch?v=OLIVqCFLv5Y and although my company (https://ExactCODE.com) is also seelling Mac software (ExactSCAN, OCRKit, Recompress, …) we currently do not buy any of the new Macs anymore. Nobody likes them, not the keyboard, not many other things. Even the latest macOS versions have more and more #peakbugs.

Thanks, but I started a YouTube channel and started to review ThinkPads, Dell XPS, and such Currently I like the ThinkPads most: I truly wonder why I was not using those for a decade already: https://www.youtube.com/watch?v=l_S_nlcKJh4 On top of this I find all the last years Xcode versions unusable. Total waste of time. Xcode 3 was such an awesome IDE. After that the UI became a huge un-navigateble clusterf*ck, too.

We already ported our software to Linux and Windows, and prepare to support more and more of our pro customers on the others OS'.

Edited 2018-11-08 23:07 UTC

Reply Score: 2

RE: Okay...
by Alfman on Tue 6th Nov 2018 02:22 UTC in reply to "Okay..."
Alfman Member since:
2011-01-28

Andersenep,

Is there seriously anyone out there that wants to pay the premium for Apple hardware and then slap Linux on it? Why on Earth would you do such a thing??? Would you pay for an iPhone and complain that you can't install some Android custom ROM or whatever too?


If I had one, I'd probably be interested in getting it dual booting. Lots of people at linux user groups do it. Whether you think it's worthwhile or not is a different matter, but it should be their prerogative to do with their computers as they see fit.

I worked on an SDR project for a company that issued macbooks exclusively to their devs, yet the software was being designed for a linux host because it would ultimately run on a linux server. So it was very useful for them to be able to boot/develop linux on the macbook. It's actually the same reason I own a windows laptop, yet dual boot into linux as needed.

Edited 2018-11-06 02:23 UTC

Reply Score: 6

RE[2]: Okay...
by Andersenep on Tue 6th Nov 2018 02:40 UTC in reply to "RE: Okay..."
Andersenep Member since:
2016-05-19

If I had one, I'd probably be interested in getting it dual booting. Lots of people at linux user groups do it. Whether you think it's worthwhile or not is a different matter, but it should be their prerogative to do with their computers as they see fit.


I have nothing against dual booting, but I don't see a ton of advantage to booting a Mac into Linux vs just running it in a VM. I am not telling anyone they shouldn't. I'm just asking why they would want to pay the Apple tax on hardware to run Linux...is there some advantage? It can't possibly be better hardware support...

I worked on an SDR project for a company that issued macbooks exclusively to their devs, yet the software was being designed for a linux host because it would ultimately run on a linux server.


I wish someone would issue me a MacBook....I get what you're saying about being able to have the right tool for the job, but I don't think it was Apple that failed you here...was that Linux server running on Apple hardware too?

So it was very useful for them to be able to boot/develop linux on the macbook. It's actually the same reason I own a windows laptop, yet dual boot into linux as needed.


Is there any reason Linux under a VM would not have worked for the job? I'm not asking as an Apple apologist or fanboy. I am a bit astounded that anyone would expect Apple of all companies to support multiple OS's on their hardware. This isn't some kind of new behavior from them. I'm amazed they ever offered Boot Camp. Try and run macOS on non-Apple hardware. It's possible (for now...T2 will take care of that), but it's a giant pain in the ass...even in a VM.

Edited 2018-11-06 02:51 UTC

Reply Score: 3

RE[3]: Okay...
by Alfman on Tue 6th Nov 2018 03:19 UTC in reply to "RE[2]: Okay..."
Alfman Member since:
2011-01-28

Andersenep,

I have nothing against dual booting, but I don't see a ton of advantage to booting a Mac into Linux vs just running it in a VM. I am not telling anyone they shouldn't. I'm just asking why they would want to pay the Apple tax on hardware to run Linux...is there some advantage? It can't possibly be better hardware support...


Let me clarify: SDR = software defined radio, which uses a device to capture RF signals using software to process radio spectrum in real time. I did try a VM, but it didn't work. The drivers we were writing were built for linux. Supporting macos might have been possible, but it would have been more work for something that was not even a goal of the project: running on a linux server.

Incidentally this is the same project I was referring to in another post of mine with gripes about MBP thermal overheat throttling:
http://www.osnews.com/thread?664630


I wish someone would issue me a MacBook....I get what you're saying about being able to have the right tool for the job, but I don't think it was Apple that failed you here...


I don't get what you are referring to "I don't think it was Apple that failed you here... "?

Anyways, I wasn't issued a MacBook, their in-house developers were, and they needed linux for the project. The only time I've ever been issued a laptop was for a project where their security procedures mandated it; it was a thinkpad. Not a bad machine as I recall.



Is there any reason Linux under a VM would not have worked for the job? I'm not asking as an Apple apologist or fanboy. I am a bit astounded that anyone would expect Apple of all companies to support multiple OS's on their hardware. This isn't some kind of new behavior from them. I'm amazed they ever offered Boot Camp.


Apple supports windows because they know that's a valuable selling point for some windows users, which makes up the lion's share of the market. Alas, linux has too little market share to interest apple (and many other hardware vendors) in supporting it.

It's not that linux users "expect" apple/manufactures to support linux, in reality it's the exact opposite, the linux community uses it's own resources to support hardware.

The problem with secure boot is that some restrictive implementations of it are designed to keep the owner outside the chain of trust such that the owner has no a say in what he's allowed to run on his own hardware. For x86, vendors have generally allowed to owners to turn it off, but if vendors were to change this policy (as they have with ARM) then it creates major obstacles for linux on those devices.

Edited 2018-11-06 03:24 UTC

Reply Score: 4

RE[4]: Okay...
by Andersenep on Tue 6th Nov 2018 03:57 UTC in reply to "RE[3]: Okay..."
Andersenep Member since:
2016-05-19

Let me clarify: SDR = software defined radio, which uses a device to capture RF signals using software to process radio spectrum in real time. I did try a VM, but it didn't work. The drivers we were writing were built for linux. Supporting macos might have been possible, but it would have been more work for something that was not even a goal of the project: running on a linux server.

Incidentally this is the same project I was referring to in another post of mine with gripes about MBP thermal overheat throttling:
http://www.osnews.com/thread?664630

I don't get what you are referring to "I don't think it was Apple that failed you here... "?


Issuing MacBooks to developers for a project that was meant for Linux was a failure on the part of whoever made that decision. Why would anyone pick MacBooks to support a Linux project? Apple has never, to the best of my knowledge, supported running Linux on their consumer hardware.

Anyways, I wasn't issued a MacBook, their in-house developers were, and they needed linux for the project.


That's the failure I was talking about: issuing MacBooks for a project that needed Linux.

The only time I've ever been issued a laptop was for a project where their security procedures mandated it; it was a thinkpad. Not a bad machine as I recall.


Nothing wrong with that.

Apple supports windows because they know that's a valuable selling point for some windows users, which makes up the lion's share of the market. Alas, linux has too little market share to interest apple (and many other hardware vendors) in supporting it.


I am not arguing against Boot Camp. I think it's kinda nice. But Apple doesn't support dual-booting to Android on iOS devices, and Android has a pretty big market share of their own. Nor do they allow running macOS in a VM on Windows, Linux, or anything else.

It's not that linux users "expect" apple/manufactures to support linux, in reality it's the exact opposite, the linux community uses it's own resources to support hardware.


Well, my first linux install was from 3.5" floppies back in about 1994. Hardware support has always been an issue. It's a lot better these days, but it's far from perfect.

The problem with secure boot is that some restrictive implementations of it are designed to keep the owner outside the chain of trust such that the owner has no a say in what he's allowed to run on his own hardware. For x86, vendors have generally allowed to owners to turn it off, but if vendors were to change this policy (as they have with ARM) then it creates major obstacles for linux.


As much as Linux has repeatedly failed to deliver on the desktop, it's pretty well dominant in servers. Picking and choosing hardware that will actually work on Linux is nothing new. Why should any hardware manufacturer support Linux?

Macs make up what, 7% or so of the PC consumer market overall? Something like that...Macs have always been a niche market and Apple has always loved restrictive terms. I am not yay for Apple or boo for Apple. I just think that anyone who expects to run a non-Apple sanctioned OS on an Apple product hasn't been paying attention for many, many years.

Reply Score: 2

RE[5]: Okay...
by woegjiub on Tue 6th Nov 2018 05:23 UTC in reply to "RE[4]: Okay..."
woegjiub Member since:
2008-11-25

Issuing MacBooks to developers for a project that was meant for Linux was a failure on the part of whoever made that decision. Why would anyone pick MacBooks to support a Linux project? Apple has never, to the best of my knowledge, supported running Linux on their consumer hardware.

This is routine for web developers.

Most of us use macOS for development and GNU+Linux for production.

We're a django shop and I'm the only dev not on macOS. Most rails and node shops are the same too.

TBH it's not an issue - docker means the software runs on GNU+Linux inside a local VM anyway.

Reply Score: 4

RE[5]: Okay...
by Alfman on Tue 6th Nov 2018 05:34 UTC in reply to "RE[4]: Okay..."
Alfman Member since:
2011-01-28

Andersenep,

Issuing MacBooks to developers for a project that was meant for Linux was a failure on the part of whoever made that decision. Why would anyone pick MacBooks to support a Linux project? Apple has never, to the best of my knowledge, supported running Linux on their consumer hardware.


What you are missing is that the same is true of most consumer PC hardware, the vast majority of hardware that linux supports was never supported by the manufacturers to run linux. It's sucks, but that's the way it is. The fact that it works as well as it does is a real testament to the progress that the linux community has made over the years allowing linux to run almost anywhere. So when you ask yourself what is a good hardware platform to run linux on (or BSDs/etc), it's not the software that came bundled with the hardware that matters at all, only the hardware matters. The fact that it runs macos is 100% irrelevant. Whether the manufacturer is lenovo, gateway, dell, apple, they're all x86 with proprietary bits that are broken until some linux distro developers take the time to support it. The fact that apple has so few SKUs is actually helpful.


That's the failure I was talking about: issuing MacBooks for a project that needed Linux.



Ironically you have it exactly backwards, apple's MBP was officially supported by ubuntu linux whereas my acer was not!

https://help.ubuntu.com/community/MacBookPro12-1/Wily

If anything you should commend the company for issuing a supported MBP laptop and criticize *me* for using an unsupported laptop ;)



In fact, the vast majority of desktop linux users are running on reprovisioned hardware that does not officially support linux. It may not be satisfactory in your view, but repurposing hardware remains the best/most affordable option for most of us.

Edited 2018-11-06 05:53 UTC

Reply Score: 3

RE[3]: Okay...
by tidux on Fri 9th Nov 2018 19:22 UTC in reply to "RE[2]: Okay..."
tidux Member since:
2011-08-13

> it can't possibly be better hardware support

Linux is in fact *significantly faster* than XNU/Darwin for development workloads. If your workflow is biased against farming those compute cycles off to a remote build server, then it might make sense.

Reply Score: 2

RE: Okay...
by gan17 on Tue 6th Nov 2018 03:02 UTC in reply to "Okay..."
gan17 Member since:
2008-06-03

Is there seriously anyone out there that wants to pay the premium for Apple hardware and then slap Linux on it? Why on Earth would you do such a thing???

Because Adobe, and that I simply don't like using Windows. I only use MacOS for Lightroom and Photoshop, and maybe some other basic stuff like managing my VPS and airdropping VPN configs to my iPhone.

The rest of the time, I'm on a a Linux VM (usually Debian). I just prefer the control. Even for regular web browsing, for example; Safari doesn't have anywhere near the same amount of privacy controls and plugins that Firefox has (Chrome is a non-option), and I don't really want to install the MacOS version of Firefox either (is that even being made these days? I haven't even botherd to check.), so I'd rather just fire up a lightweight Debian install with a tiling window manager inside a VM and do my web browsing from there.

I won't claim it's better, just easier for me to compartmentalize my tasks. Also just makes the base/host MacOS install feel "cleaner" and easier to maintain, since all my dirty "mucking about" stuff is done in the VM sessions.

I've never bothered with bootcamp or whatnot though.

Edited 2018-11-06 03:10 UTC

Reply Score: 2

RE[2]: Okay...
by Andersenep on Tue 6th Nov 2018 03:19 UTC in reply to "RE: Okay..."
Andersenep Member since:
2016-05-19

Because Adobe, and that I simply don't like using Windows. I only use MacOS for Lightroom and Photoshop, and maybe some other basic stuff like managing my VPS and airdropping VPN configs to my iPhone.

The rest of the time, I'm on a a Linux VM (usually Debian). I just prefer the control. Even for regular web browsing, for example; Safari doesn't have anywhere near the same amount of privacy controls and plugins that Firefox has (Chrome is a non-option), and I don't really want to install the MacOS version of Firefox either (is that even being made these days? I haven't even botherd to check.), so I'd rather just fire up a lightweight Debian install with a tiling window manager inside a VM and do my web browsing from there.

I won't claim it's better, just easier for me to compartmentalize my tasks. Also just makes the base/host MacOS install feel "cleaner" and easier to maintain, since all my dirty "mucking about" stuff is done in the VM sessions.

I've never bothered with bootcamp or whatnot though.


That was exactly my thought on the matter...Plenty of virtualization options to run Linux on macOS with whatever security benefits the T2/TPM/secure boot/whatever the kids are calling it these days...

Reply Score: 1

RE[3]: Okay...
by Alfman on Tue 6th Nov 2018 03:32 UTC in reply to "RE[2]: Okay..."
Alfman Member since:
2011-01-28

Andersenep,

That was exactly my thought on the matter...Plenty of virtualization options to run Linux on macOS with whatever security benefits the T2/TPM/secure boot/whatever the kids are calling it these days...


I'm a big fan of virtualization too, but it comes with a performance costs and in our case wasn't suitable for the linux driver development.

Maybe you'll say low level linux development shouldn't be done on a mac, but why exactly not and what else would you have used? Apple may pretend mac laptops are different, but it isn't all that different from any another vendor's laptop running commodity x86 chips with plenty of proprietary drivers. For better or worse, that describes most laptops including apple's, haha.

Edited 2018-11-06 03:35 UTC

Reply Score: 3

RE[4]: Okay...
by Andersenep on Tue 6th Nov 2018 04:04 UTC in reply to "RE[3]: Okay..."
Andersenep Member since:
2016-05-19

Maybe you'll say low level linux development shouldn't be done on a mac, but why exactly not and what else would you have used? Apple may pretend mac laptops are different, but it isn't all that different from any another vendor's laptop running commodity x86 chips with plenty of proprietary drivers. For better or worse, that describes most laptops including apple's, haha.


And Android phones/tablets aren't all that different from any other vendor's commodity ARM chips with plenty of proprietary drivers...Why can't I install stock Android or some "custom ROM" on my Kindle Fire? Or a million other scenarios...?

Edited 2018-11-06 04:06 UTC

Reply Score: 1

RE: Okay...
by kurkosdr on Tue 6th Nov 2018 12:05 UTC in reply to "Okay..."
kurkosdr Member since:
2011-04-11

Is there seriously anyone out there that wants to pay the premium for Apple hardware and then slap Linux on it? Why on Earth would you do such a thing??? Would you pay for an iPhone and complain that you can't install some Android custom ROM or whatever too?


The WiFi will at least work (Atheros).

Reply Score: 2

RE: Okay...
by laffer1 on Tue 6th Nov 2018 18:32 UTC in reply to "Okay..."
laffer1 Member since:
2007-11-09

The use case is when the Mac gets old. You can still throw a Linux or BSD on it and get more use out of it past when apple says it's EOL.

I also used to dual boot linux and mac os in college for homework assignments.

Reply Score: 1

RE[2]: Okay...
by ycarel on Tue 6th Nov 2018 20:33 UTC in reply to "RE: Okay..."
ycarel Member since:
2016-04-13

I think the use case of creating a much more secure platform far out weighs the very niche use case of using an old mac as a Linux laptop.

Reply Score: 2

RE[3]: Okay...
by laffer1 on Tue 6th Nov 2018 21:07 UTC in reply to "RE[2]: Okay..."
laffer1 Member since:
2007-11-09

You forget that the computer is the users and not apple's. If I want to disable secure boot, I should be able to. I realize some people are willing to give up their freedom to feel secure, but most of us want a happy medium.

Intel, Apple and Microsoft want walled gardens and locked down PCs. It may mean that open source has to look at risc v, arm, or even power systems in the future to be able to use our computers as we see fit.

Reply Score: 2

RE[3]: Okay...
by Alfman on Tue 6th Nov 2018 21:36 UTC in reply to "RE[2]: Okay..."
Alfman Member since:
2011-01-28

ycarel,

I think the use case of creating a much more secure platform far out weighs the very niche use case of using an old mac as a Linux laptop.


Except that the objection was never to adding security features, but rather with taking control away from the owners.

Adding locks to a house = good.
Giving the master keys to a 3rd party and forcing the owner to be dependent on the 3rd party for access to the house = bad.

Not only do you loose your rights as an owner, you also loose security by not being able to change the "passcode" for your own locks. This isn't hyperbolic conjecture, the risk of master keys getting into the wrong hands is real and it's already happened.

http://www.osnews.com/story/29342/Secure_Boot_snafu_Microsoft_leaks...

So I want to be crystal clear about this: when you hear people protesting things like secure boot, we're not protesting security features outright. We're protesting bad implementations of it that take owners out of the loop and implementations that don't allow us to replace the manufacturer's master keys with our own. In other contexts, the inability of owners to replace master keys would be considered a very bad security policy. Companies like apple shouldn't get a pass and we shouldn't be making excuses for them.



In short, having strong operational security doesn't mean prohibiting owners from running alternative operating systems. If it's being presented that way, then it's a misrepresentation at least, or an intentional anti-competitive mechanism at worst.

Edited 2018-11-06 21:49 UTC

Reply Score: 2

RE[4]: Okay...
by zima on Thu 8th Nov 2018 19:23 UTC in reply to "RE[3]: Okay..."
zima Member since:
2005-07-06

Except that the objection was never to adding security features, but rather with taking control away from the owners.

But can such security feature under discussion here can be even implemented while leaving users in control?
when you hear people protesting things like secure boot, we're not protesting security features outright. We're protesting bad implementations of it that take owners out of the loop and implementations that don't allow us to replace the manufacturer's master keys with our own

What would stop eg. malware rootkit from adding its own key? What user can do, malware can also ...at most just a matter of little social engineering.

Reply Score: 3

RE[5]: Okay...
by Alfman on Fri 9th Nov 2018 00:21 UTC in reply to "RE[4]: Okay..."
Alfman Member since:
2011-01-28

zima,

But can such security feature under discussion here can be even implemented while leaving users in control?


Yes, and it would be more secure than having users disable secure boot entirely, for example.

What would stop eg. malware rootkit from adding its own key? What user can do, malware can also ...at most just a matter of little social engineering.


I don't have a problem making it difficult for low tech users. But owners seeking to install alternative operating systems shouldn't be prohibited from configuring their system as they see fit. Our role as software engineers is to maximize informed consent, not to deny it.

Edited 2018-11-09 00:41 UTC

Reply Score: 2

RE[6]: Okay...
by rener on Fri 9th Nov 2018 15:06 UTC in reply to "RE[5]: Okay..."
rener Member since:
2006-02-27

zima,

I don't have a problem making it difficult for low tech users. But owners seeking to install alternative operating systems shouldn't be prohibited from configuring their system as they see fit. Our role as software engineers is to maximize informed consent, not to deny it.


yeah, or hiding the iGPU (or any other hardware component) between an undocumented "Hey, I'm macOS" EFI BIOS call: https://www.youtube.com/watch?v=OLIVqCFLv5Y

Reply Score: 1

RE[7]: Okay...
by Alfman on Fri 9th Nov 2018 18:09 UTC in reply to "RE[6]: Okay..."
Alfman Member since:
2011-01-28

rener,

yeah, or hiding the iGPU (or any other hardware component) between an undocumented "Hey, I'm macOS" EFI BIOS call: https://www.youtube.com/watch?v=OLIVqCFLv5Y


That's very informative, thanks.

You seem to review a ton of 1990's era technology on your youtube channel. Those are the kinds of machines I learned on, I am surprised people are still writing code for that stuff, haha. It makes me curious, did you buy that gear recently or did you have it already laying around somewhere?

I've thrown out a lot, but I've kept tons of ISA/PCI cards with the intention of dissolving the gold, but it never seems worthwhile, I'd prefer giving it a better home. I don't suppose you're in the NY/long island area? I've got a 3dfx voodoo card that'd probably go well with your collection. ;)

Reply Score: 2

RE[6]: Okay...
by zima on Sun 11th Nov 2018 12:13 UTC in reply to "RE[5]: Okay..."
zima Member since:
2005-07-06

Well seemingly eg. Android average users too often don't think much about disabling OS-level protections (which also isn't that straightforward) to install some game which doesn't want to pay Google 30% appstore fee (Fortnite was a recent example: http://www.osnews.com/story/30674/The_first_Android_Fortnite_Instal... ), or outright infected software from pirate sites... They will probably, too, follow similar instructions of adding keys of malware to have some freebie.

Reply Score: 2

RE[2]: Okay...
by tylerdurden on Tue 6th Nov 2018 20:36 UTC in reply to "RE: Okay..."
tylerdurden Member since:
2009-03-17

Yup.

Hopefully this nonsense has been bypassed by the time this type of hardware is becoming obsolete.

Still, real shitty move by apple.

Reply Score: 2

RE: Okay...
by IndigoJo on Tue 6th Nov 2018 22:29 UTC in reply to "Okay..."
IndigoJo Member since:
2005-07-06

One reason might be that you're doing cross-platform development and you need Linux to prepare binaries for Linux and to test your software on an X11 platform. I've got two Macs (a laptop and an iMac) and I dual boot them both with Linux for that reason. I also don't have space for another computer. But really, once you buy a computer, it no longer belongs to the manufacturer, it's yours. They have no right to dictate what software you can run on it.

Reply Score: 3

v Oh, and by the way...
by Andersenep on Tue 6th Nov 2018 00:28 UTC
RE: Oh, and by the way...
by Moochman on Tue 6th Nov 2018 00:44 UTC in reply to "Oh, and by the way..."
Moochman Member since:
2005-07-06

It says right at the bottom of the article, Update 2 - apparently that doesn't work either.

Edited 2018-11-06 00:45 UTC

Reply Score: 3

v RE[2]: Oh, and by the way...
by Andersenep on Tue 6th Nov 2018 02:25 UTC in reply to "RE: Oh, and by the way..."
RE: Oh, and by the way...
by Thom_Holwerda on Tue 6th Nov 2018 00:55 UTC in reply to "Oh, and by the way..."
Thom_Holwerda Member since:
2005-06-29

But don't let that get in the way of your Apple hate....


Disabling Secure Boot doesn't work. This is said so explicitly in both the linked Phoronix article as well as the link I added to the OSNews blurb.

Reply Score: 4

RE[2]: Oh, and by the way...
by Kondor337 on Tue 6th Nov 2018 09:31 UTC in reply to "RE: Oh, and by the way..."
Kondor337 Member since:
2006-09-16

This is simply wrong. I have a MBP with a T2 chip right before me, and it boots Linux just fine. You have to disable the T2 security, but you can do that, and then it works. Period.
(There are some problems, but they have everything to do with the Mac being new and drivers having to be updated and NOTHING with the T2 security chip. My older MBP had similar problems and it always took some time until the Linux kernel worked flawlessly on them.)
@Thom: You should really update your article, as it clearly is fake news.

Reply Score: 2

RE[2]: Oh, and by the way...
by jido on Tue 6th Nov 2018 11:25 UTC in reply to "RE: Oh, and by the way..."
jido Member since:
2006-03-06

If disabling it does not let you boot Linux then it is broken.

It should definitely allow you with "No Security" setting:

https://support.apple.com/en-us/HT208330

Reply Score: 3

RE: Oh, and by the way...
by Alfman on Tue 6th Nov 2018 02:35 UTC in reply to "Oh, and by the way..."
Alfman Member since:
2011-01-28

Andersenep,

Update: A reader has pointed out that it's possible to disable Secure Boot on T2-equipped devices making it possible to boot and install Linux distributions. To run Linux you must first access the Startup Security Utility and choose the 'No Security' option, here are the instructions on how to access to the utility:



You didn't post a link for this, but I found it here:
https://www.neowin.net/news/apple-t2-security-chip-removes-linux-sup...

It kind of contradicts the original article, so I don't know which is accurate. ;)

Update: According to Apple Support it may be possible to disable the Secure Boot security in full when booting to the Startup Security Utility in the macOS Recovery mode. This may allow Linux to then load on the device albeit without any boot security but by default / out-of-the-box the T2 chip will indeed prevent Linux distributions from booting.

Update 2: It looks like even if disabling the Secure Boot functionality, the T2 chip is reportedly still blocking operating systems aside from macOS and Windows 10.



But don't let that get in the way of your Apple hate....


To be fair, it's not "apple" hate per say, but rather a hatred of computer restrictions, which dictate what owners are allowed to do.

Reply Score: 3

v RE[2]: Oh, and by the way...
by Andersenep on Tue 6th Nov 2018 02:47 UTC in reply to "RE: Oh, and by the way..."
RE[3]: Oh, and by the way...
by Thom_Holwerda on Tue 6th Nov 2018 04:58 UTC in reply to "RE[2]: Oh, and by the way..."
Thom_Holwerda Member since:
2005-06-29

"You didn't post a link for this, but I found it here:
https://www.neowin.net/news/apple-t2-security-chip-removes-linux-sup...

It kind of contradicts the original article, so I don't know which is accurate. ;)


That was the original article linked from OSnews, not something I stumbled upon. Thom seems to have changed the link sometime after I posted that response.
"

I have done nothing of the sort. It’s always been a link to Phoronix.

Reply Score: 3

Link
by Moochman on Tue 6th Nov 2018 00:40 UTC
Moochman
Member since:
2005-07-06

The second link is a little off.. there's an extra "http://www.osnews.com/-%22" in the beginning

Reply Score: 2

Will we stand for this?
by Alfman on Tue 6th Nov 2018 01:57 UTC
Alfman
Member since:
2011-01-28

I keep saying it: if we won't fight for computer openness or if too many of us just take it for granted, we will loose our control over our computers. It's happening too slowly for most people to pay attention, but over time our computers have become much more restrictive for owner control. I find it disturbing that these powerful corporations are persistently chipping away our rights...and we just take it.

Throughout all of our secure boot debates on osnews, I really thought microsoft would be the first to permanently force secure boot restrictions on (x86) PCs. I really hadn't suspected it would be apple. I'd be furious if I was an apple user right now. Once apple tests the waters and finds that it can get away with restricting owner boot choices, microsoft may follow. As with all these restrictions on owner rights, once we allow them to be normalized, the reality is we're not going to get them back.

If we don't firmly condemn this now, we may ultimately end up with both apple and microsoft mandating hardware locks, which would render almost all new PCs vendor locked to them.

https://www.netmarketshare.com/operating-system-market-share.aspx


Every time I report on this, someone thinks I'm being too dramatic, yet every time events pass that move us closer in this direction; we're loosing ground. Look at the long term consequences if these things are allowed to go unchecked.

Edited 2018-11-06 02:02 UTC

Reply Score: 9

RE: Will we stand for this?
by Odwalla on Tue 6th Nov 2018 11:57 UTC in reply to "Will we stand for this?"
Odwalla Member since:
2006-02-01

I keep saying it: if we won't fight for computer openness or if too many of us just take it for granted, we will loose our control over our computers.


What do you do personally to fight for openness? You just posted quite a number of words about a possible negative outcome, but not a single word about what to do to prevent that outcome.

Reply Score: 2

RE[2]: Will we stand for this?
by Alfman on Tue 6th Nov 2018 15:48 UTC in reply to "RE: Will we stand for this?"
Alfman Member since:
2011-01-28

Odwalla,

What do you do personally to fight for openness? You just posted quite a number of words about a possible negative outcome, but not a single word about what to do to prevent that outcome.


Personally I do my best to use hardware and software that supports open computing while avoiding those that don't. I also encourage my clients to do the same. I know it's not much, my purchases alone won't change the tide, which is why I try to spread awareness and make a convincing case for others to do the same too. That's often what my posts are about...

http://www.osnews.com/thread?664018

It's tough to say how many people have consciously or unconsciously reevaluated their own purchasing decisions based on the grassroots arguments that we make for openness. Many people don't tend to relate to the "crazy Richard Stallman" types, but I think it's important to remind ourselves how closed vs open affects all of us and what we have to loose if we allow corporations to take control over our technology.

The irony is that many people are strongly politically predisposed against governments controlling their individual rights and freedoms, but remain completely ignorant to corporations doing the same thing. So I find it's important to raise awareness whenever I can.


If you have better ideas for engaging the community on openness, I'd love to hear them.

Edited 2018-11-06 15:50 UTC

Reply Score: 3

Similar headline soon
by Marc_S on Tue 6th Nov 2018 06:48 UTC
Marc_S
Member since:
2017-08-15

„Apple blocks Windows on new Macs with ARM chip.“

Reply Score: 0

Non-issue
by mlankton on Tue 6th Nov 2018 12:22 UTC
mlankton
Member since:
2009-06-11

I don't know why Apple would do this, but it's a non-issue regardless.

I use an iMac 27" and a Macbook Pro 15". There are a handful of Power Macs and Mac Pros in my past. From a user experience perspective, you can't beat macos. I wouldn't boot into linux on one of my macs. I have had VMWare on all of them though, and I can visit OPENSTEP, Rhapsody DR2 and linux whenever I feel like. The first two are nostalgia and the latter just to remind myself how much better linux is than it used to be as well as pretty much the same as it ever was.

If I was stuck with pc hardware I'd have linux installed. On a mac I just don't see the point. From a user's perspective it just does everything better. IMO.

Reply Score: 0

Comment by kurkosdr
by kurkosdr on Tue 6th Nov 2018 13:25 UTC
kurkosdr
Member since:
2011-04-11

BTW remember the days where not being able to have WiFi or 3D acceleration was considered bad? Now even running your OS of choice is a toss-up. This is a reminder of the freedom the "PC compatible" standard afforded us.

OffTopic: Which is why I can't understand the desire of the Linux people to move away from x86 and into ARM... Yeah sure, let's move away from whatever freedom the PC compatibles afford us and replace it with the nasty world of embedded systems that ARM lives in. Nope.

Edited 2018-11-06 13:28 UTC

Reply Score: 2

RE: Comment by kurkosdr
by Alfman on Tue 6th Nov 2018 16:02 UTC in reply to "Comment by kurkosdr"
Alfman Member since:
2011-01-28

kurkosdr,

OffTopic: Which is why I can't understand the desire of the Linux people to move away from x86 and into ARM... Yeah sure, let's move away from whatever freedom the PC compatibles afford us and replace it with the nasty world of embedded systems that ARM lives in. Nope.


I've been a proponent of more ARM computers running linux, but I hadn't thought about it this way before. That's an interesting argument.

I think the hope among us is that open ARM computing standards will improve, but based on where we are at now, consumer ARM devices tend to be far more restrictive.

Reply Score: 2

There Is A Part Still Not Understood...
by dionicio on Tue 6th Nov 2018 14:40 UTC
dionicio
Member since:
2006-07-12

Some authority is required at the bottom of the stack. Apple is fighting for being that one.

(UEFI next level)...

Stallman will love this. End of Irony.

Edited 2018-11-06 14:51 UTC

Reply Score: 1

dionicio Member since:
2006-07-12

On gray boxes is the mobo builder who is required. At big ones, like Lenovo, is Lenovo.

Rest is handled through the BIOS company, Now UEFI endorsing, if wanting to run Windows, follows through Windows.

Dark -sorry about the eufemism- haks to the BIOS get your way. But breaks UEFI signatures, so 64bit execution.

When 32bit computing trashed along with those mobos you keep for some personal reason you don't finish to understand, end of freedom way.

Using a security processor due to prevent hacks up the stack brick-ing UEFI, which being FIRMWARE, remains attack surface.

For Resourceful Agencies, like State ones, is candy game to read ROMWARE.

An elegant schema, dependant on some silicon key, somewhere over the security CPU.

When that silicon key found, time to replace silicon, which bring US, to the original way to fix bugs on computers ;)

Edited 2018-11-06 15:16 UTC

Reply Score: 1

duraaraa
Member since:
2012-03-31

There really isn't a Windows laptop or non-Apple laptop that even comes close in quality. On a Macbook Pro, they skimp on nothing. I'm typing this from a Thinkpad on Linux, but if you compare the feel of the trackpad, the sound quality, and all the little things, the Macbook Pro is just miles ahead in terms of fit and finish.

Reply Score: 0

Thom_Holwerda Member since:
2005-06-29

There really isn't a Windows laptop or non-Apple laptop that even comes close in quality. On a Macbook Pro, they skimp on nothing. I'm typing this from a Thinkpad on Linux, but if you compare the feel of the trackpad, the sound quality, and all the little things, the Macbook Pro is just miles ahead in terms of fit and finish.


It's not 2011 anymore.

Reply Score: 2

zima Member since:
2005-07-06

the sound quality

...and you performed some blind ABX tests, right?
Also, look how those MBPs do under load / how "well" they are engineered... http://www.osnews.com/permalink?664630 & http://www.osnews.com/permalink?664805

Reply Score: 3

tylerdurden Member since:
2009-03-17

Partying like its 2005, neat!

I'll grant you the trackpad in the macpro is still tops.

Reply Score: 2

There Is An Issue Of Principles Also...
by dionicio on Tue 6th Nov 2018 16:03 UTC
dionicio
Member since:
2006-07-12

At The Times of the Mechanical Computers, you could open the damn thing and see for yourself: No evil there.

Transiting to relays, bulbs and transistor, that remained true.

Evil leaked at the moment of Intelectual Property. (Rest of the World was deemed stupid, in principle).

Acrilics was poured on those transistor circuits.

Discrete devices effort was turned into an integrated effort. Selfdestruction was brought from intelligence into civil industries. Then scrambling. Then unashamed Codification.

Secrecy brings the necesity of Authority, of shared Intermediation, of two key authentication.

You are informed of what is inside of a Coca-Cola, and few perfumeur drinks more inocues that a Coca-Cola.

But that's it. An Inform. A dossieur. Few has the Huge resources to detail fetch, what's a Coca-Cola.

That's the very nature of Intellectual Property, Secrecy, Not Intellectualism, At all.

On being West Comm Tech of the Same Nature, and latter Comp Tech addended to it, subject, to the same limitations.

We individual users, unable to lift the lid, and fix the damn thing.

But Some Has To. And Here The Corral Schema Lives, and Predates.

As long as some SECRET sausage, some SECRET proccess, some secret Coding, Double Key Remain, That's the way of doing things.

I need of ASUS, Lenovo, Or Even Microsoft having access -throught the damn Comm ports at times- to fix my broken FIRM, WARE.

Reply Score: 1

dionicio Member since:
2006-07-12

Linux remains a very loable form of DIY computing. Of not having to pay -and pray- some Com, or worst, some Corp, to tweak something, enabling You, to finish, your job.

But as an Open Plattform, those days are long gone for our Communications Industry.

Wonder if the Computer Industry was -at some moment- out of The Cold War.

Reply Score: 1

dionicio Member since:
2006-07-12

{Hack some Linux to Use Your Windows Keys}

Reply Score: 1

kurkosdr Member since:
2011-04-11



Evil leaked at the moment of Intelectual Property. (Rest of the World was deemed stupid, in principle).
[...]
As long as some SECRET sausage, some SECRET proccess, some secret Coding, Double Key Remain, That's the way of doing things.


...aaand of course there is always the commie and his rant about intellectual property that everyone politely scrolls past by. Hint: Secret sauces create value, because they provide revenue to the company, which is the means to create more value.

In reality, proprietary computer systems used to be open (in the sense you could replace everything you didn't like with another implementation) since very recently.

Don't confuse open source with openness. Desktop Linux is open source, but it's not open in the sense you can't install VLC by going to the vendor's website and downloading an installable package, you have to go through the OS vendor's repo for that, and the OS vendor will rip out anything he doesn't approve (say libdvdcss). That's closed (yeah I know, it's not a "wallen garden" it's a "repo", of course it is).

Open-source never mattered. Openness used to matter, which was the reason for the success of PC compatibles and Microsoft Windows (where replacing the OS was a matter of running a CD and replacing everything you wanted inside the OS was a matter of downloading an exe from a third-party), but unfortunately, geeks who tend to care about such things are not the intended audience anymore. In fact, geeks tend to not spend money on ridiculously marked-up devices, which is why every company is changing their target audience to non-geeks (for example, Google shifting from Nexus to Pixel)

Edited 2018-11-06 20:47 UTC

Reply Score: 2

dionicio Member since:
2006-07-12

There's Risk, not Value, on ingesting secret recipes. You wish not, but We can safely that to all cultural spheres.

As far a commie as you from thinking. Won't ever touch your historic ignorance.

Edited 2018-11-07 16:05 UTC

Reply Score: 1

dionicio Member since:
2006-07-12

Google is pushing on Pixel on Social Responsability. Pixel makes easier to the ecosystem to get into updating philosophy.

And Yes, will negatively impact bottom line, in the near term.

Reply Score: 1

dionicio Member since:
2006-07-12

"Open-source never mattered."

Whatever you got from the past, down to your shoes, because open-source technology.

Say thanks to your ancesters vision.

And Closed-Source is commanded -by law- to open, once their patent privileges caducate.

You can then learn the damn thing, in naked detail, once no longer matter -competitively.

MS-DOS, second version, is somewhere around, serve at will.

Open-Source matters, and will stay so.

Reply Score: 1

To The Few...
by dionicio on Tue 6th Nov 2018 17:37 UTC
dionicio
Member since:
2006-07-12

...Among the very well respected intelligence community following this kind of blogs (and very young to remember): This thinking is very old,on making tears call to Population not to relent control of their technology to magicians, to witchy cauldrons, to messiahs.

My duty to inform You that any video, instructional, book, tip or trick placed at digital social media, becomes THEIR private property.

Thats why still respecting Stallman, and no more Sir Tim, allowances...

Reply Score: 1

RE: To The Few...
by dionicio on Tue 6th Nov 2018 19:55 UTC in reply to "To The Few..."
dionicio Member since:
2006-07-12

IT people born in the desktop metaphora. On Stallman's Emacs and upstream there's an axiomatically complete IT text universe. Able to live on VGA frame. Fully free and open stack.

Reply Score: 1

ycarel
Member since:
2016-04-13

I truly think that what Apple is doing is actually good.
The verification of the OS makes it much more dependable, because you know why much higher certainty than in the past that the base OS wasn't tampered with.
This is something I would love to have in any platform and is a good thing.
Windows should have exactly the same.
Of course that doing this restricts the usage, but that is fine. The user will just need to choose the right tool for what he needs.
Taking a sample from the world of cars. If you buy a car like a Ferarri, you know when you are buying it that you will not be able to drive it off road.
It will be awesome on the road, and much better than any SUV that can do both things.
Now if you need to go off road you have 2 options:
1. Buy another car for all use cases.
2. Buy the Ferarri and a car suitable for off roading and use them as required.

Now it would be nice if there would be a way to tell the computer to override the secure boot, but that means there is a great risk that someone with ill intentions will disable that for OSX too, and you will never know that you system was tampered with.

At the end of day Apple decided to concentrate on one use case:
Allowing to securely boot OSX & Windows.

If you have another use case you are not the intended user of their product, and that is fine.

I would be very happy if all Linux distributions would be able to implement that same mechanism of security of the base OS. That would be a goal to strive to and would improve the security of our data.

Reply Score: 0

phoudoin Member since:
2006-06-09

> Of course that doing this restricts the usage,
> but that is fine.
> The user will just need to choose
> the right tool for what he needs.

You miss the main point: it's not only an user, it's also the *owner*.

If an owner of a Ferrari *wants* to drive off-roads - spoiler alert! - he *can*.
Ferrari don't put a "security" device that lock their cars as soon as the owner try to use it in ways that aren't sanctified by the Ferrari.

Who are you to decide instead of an owner what he's allowed to do with his own stuffs, even if it sounds stupid or even dangerous for him?!

It's an attack on ownership rights, period.
Would you buy a house if the vendor will keep the master key for him and can change it without notice?
Sounds more like renting than buying to me, sorry.

If vendors want to keep control on theirs products, they should rent them, not sell them!

But, obvious, and thanks to more and more docile customers, vendors are succeeding to rent them at the sale price!

No wonder these marks becames the most profitable business...

Reply Score: 2

kurkosdr Member since:
2011-04-11

Ferrari don't put a "security" device that lock their cars as soon as the owner try to use it in ways that aren't sanctified by the Ferrari.


Ironically, cars are starting to get "monitoring" features that will put the car in limp mode if the ECU thinks the car is being operated in an extreme manner or if some maintenance has been skipped.

Edited 2018-11-07 13:15 UTC

Reply Score: 3

dionicio Member since:
2006-07-12

Ferrary needs to know you conduced out-roads.

On purely merchantile thinking.

Ferrary knows, actually.

And No, you are not allowed to tamper that digital agency. That Digital SPY. On penalty of guaranties.

Reply Score: 1

dionicio Member since:
2006-07-12

Windows has sort of the same, on RISC units, on my understanding. Also due to ownership of the bottom of the stack.

My especulation that, as long as any MS code up the stack non-caducating or lacking security updates, there is no legal fundation, for open alternatives asking keys to seating on top.

That is the smart and civilian way of gaining mind share, coders kind -ly.

On those devices reaching end of support, of course, "nobleza obliga" to handle the keys to the reigns of the legitimate owner.

A final UEIFI publication will do the trick. Of course, MS or Apple no longer responsible for the integrity of the boot proccess.

But there is wise on the move, on the planet, on our conscience, on the non-for-profit, useful for non-on-line private or open computing.

Reply Score: 1

Another reason to build a Hackintosh
by cmost on Tue 6th Nov 2018 22:09 UTC
cmost
Member since:
2006-07-16

This is ironic considering that one can easily build a Hackintosh computer with far better hardware specs than any Mac currently sold by Apple. I recently converted an HP Z800 dual 3.5 GHz Xeon system with 128 GB ECC RAM and dual Nvidia Quadro graphics cards into a Hackintosh running macOS Mojave at a cost of less than $1500.00.

Reply Score: 2

Looks like its fake news
by Tony Swash on Wed 7th Nov 2018 13:51 UTC
Tony Swash
Member since:
2009-08-22

Don’t Panic, You Can Boot Linux on Apple’s New Devices

https://www.omgubuntu.co.uk/2018/11/apple-t2-chip-cant-boot-linux

Reply Score: 1

RE: Looks like its fake news
by Alfman on Wed 7th Nov 2018 16:48 UTC in reply to "Looks like its fake news"
Alfman Member since:
2011-01-28

Tony Swash,

Don’t Panic, You Can Boot Linux on Apple’s New Devices


Yeah, the author at phoronix.com didn't have a complete grasp on what's going on with apple's secure boot.

However he did bring up apple's own document, which seems to imply that it's secure boot implementation isn't entirely to spec either. Enabling a certificate for UEFI secure boot is supposed to enable all the operating system bootloaders signed by that certificate. Per the specs, this would cover microsoft's partners signed by microsoft's key. However apple specifically says microsoft partners and linux in particular are not trusted. So it would seem they've rolled their own non-compliant bootloader validation scheme to exclude other alternatives from working with apple's secure boot implementation.

https://www.apple.com/mac/docs/Apple_T2_Security_Chip_Overview.pdf
Microsoft Windows boot
By default, Mac computers supporting secure boot only trust content signed
by Apple. However, in order to improve the security of Boot Camp installations,
support for secure booting Windows is also provided. The UEFI firmware
includes a copy of the Microsoft Windows Production CA 2011 certificate
used to authenticate Microsoft bootloaders.
NOTE: There is currently no trust provided for the the Microsoft Corporation
UEFI CA 2011, which would allow verification of code signed by Microsoft
partners. This UEFI CA is commonly used to verify the authenticity of
bootloaders for other operating systems such as Linux variants.
Support for secure boot of Windows isn’t enabled by default; instead, it is
enabled via Boot Camp Assistant (BCA). When a user runs BCA, Mac is
reconfigured to trust Microsoft first-party signed code during boot. After
BCA completes, if the system fails to pass the Apple first-party trust evaluation
during secure boot, the UEFI firmware attempts to evaluate the trust of the
object according to UEFI Secure Boot formatting. If this succeeds, it proceeds
and boots Windows. If not, it enters macOS Recovery and informs the user of
the trust evaluation failure.



At least it's good to know that secure boot can still be disabled for now. On the other hand, not allowing owners to install their own keys is still somewhat abusive in my opinion. "You are only allowed to use secure boot if you use our key" It would be rather disappointing for the industry to move down this path where manufacturers prohibit secure booting of alternative operating systems. Good for FBI hackers I suppose, but bad for security.

Edited 2018-11-07 16:51 UTC

Reply Score: 2

RE: Looks like its fake news
by dionicio on Wed 7th Nov 2018 17:42 UTC in reply to "Looks like its fake news"
dionicio Member since:
2006-07-12

"Compatibility" pack, mode. ;)

Reply Score: 1

Once Having a True Security CPU...
by dionicio on Wed 7th Nov 2018 17:52 UTC
dionicio
Member since:
2006-07-12

Security Chip on their own UEFI. An Up the stack, adittional UEFI kept clean by the first.

Thougth AMD was working on something like that, but no True Security CPU, it seems.

Reply Score: 1

Yogarine
Member since:
2012-05-28

Running Linux on a modern MacBook is a terrible experience in the first place.

Besides whether it's true or not that you can't run Linux distros on the MacBook, even if you could boot it you'd have to deal with bad power management, sub-par performance and missing drivers for most of Apple's custom chips and features.

I tried to run Ubuntu 18.04 on my 2017 MacBook Pro and the touchpad didn't even work out of the box. I had to compile custom drivers to get that working, and even then it was impossible to get sound working because the drivers don't exist (yet).

If you really need Linux for your work (and MacOS' BSD userland doesn't suffice) you're better of running it in a VM.

If you only need Linux' command line for you development environment there is also Docker. Alternatively you can also install Windows and use the Windows Subsystem for Linux.

Reply Score: 2