Language Selection

English French German Italian Portuguese Spanish

Blocking Linux From Booting

Filed under
Linux
Mac
  • Don’t Panic, You Can Boot Linux on Apple’s New Devices

    Does Apple stop Linux from booting on its newly refreshed Mac Mini PC or MacBookAir laptops?

    That’s the claim currently circling the web‘s collective drain. The posit is that the new T2 ‘secure enclave’ chip Apple has baked in to its new models prevents Linux from booting.

    But is this actually true?

    Kinda. The answer is both “yes, technically” and “no, not completely”.

  • Apple's New Hardware With The T2 Security Chip Will Currently Block Linux From Booting

    Apple's MacBook Pro laptops have become increasingly unfriendly with Linux in recent years while their Mac Mini computers have generally continued working out okay with most Linux distributions due to not having to worry about multiple GPUs, keyboards/touchpads, and other Apple hardware that often proves problematic with the Linux kernel. But now with the latest Mac Mini systems employing Apple's T2 security chip, they took are likely to crush any Linux dreams.

    At least until further notice, these new Apple systems sporting the T2 chip will not be able to boot Linux operating systems. Apple's T2 security chip being embedded into their newest products provides a secure enclave, APFS storage encryption, UEFI Secure Boot validation, Touch ID handling, a hardware microphone disconnect on lid close, and other security tasks. The T2 restricts the boot process quite a bit and verifies each step of the process using crypto keys signed by Apple.

"...Blocking Linux From Booting"

  • Apple’s T2 Security Chip Is Currently Blocking Linux From Booting

    Linux enthusiasts must be knowing that one can run Linux distributions on Apple’s older hardware, including the MacBook Air. The quality of Apple’s solid hardware had even prompted Linux creator Linus Torvalds to use MacBook Air to run Linux in the past.

    However, the newer lineup Apple hardware is becoming increasingly hostile towards Linux. With the latest T2 security chip, Apple’s latest Mac Mini is stopping Linux from booting, as reported by Phoronix. I guess it would be safe to assume similar results on other newer Apple hardware.

Thom Holwerda's Take

  • Apple blocks Linux on new Macs with T2 security chips

    Right now, there is no way to run Linux on the new Mac hardware. Even if you disable Secure Boot, you can still only install macOS and Windows 10 - not Linux. Luckily, Linux users don't have to rely on Macs for good hardware anymore - there are tons of Windows laptops out there that offer the same level of quality with better specifications at lower prices that run Linux just fine.

The update

  • Apple T2 Security Chip removes Linux support from some newer Macs [Update]

    A reader has pointed out that it's possible to disable Secure Boot on T2-equipped devices making it possible to boot and install Linux distributions. To run Linux you must first access the Startup Security Utility and choose the 'No Security' option, here are the instructions on how to access to the utility...

Booting Linux On New Apple Hardware

  • Booting Linux On New Apple Hardware

    I ran across articles that point to the fact that Apple (with new hardware) is making it difficult to boot into Linux. This would seem to be a perpetuation of Microsoft and Apple attempting to "elbow" Linux aside. Whether true or not, I do not know.

    My viewpoint is simply a reflection of reading passing headlines. I don't know whether Microsoft and Apple are actually attempting to frustrate the adoption of Linux as a mainstream operating system. If they weren't; my guess would be that both Microsoft and Apple would have been working with the Linux community to have a (universal) secure boot option that would work with virtually all operating systems.

Macs to Linux fans: Stop right there

  • Macs to Linux fans: Stop right there, Penguinista scum, that's not macOS

    The knickers of the Linux world have become ever so twisty over the last few days as Penguinistas fell foul of the security hardware in their pricey Apple hardware.

    Reports are coming in of Linux fans struggling to get their distribution of choice to install on the latest Cupertino cash cows with fingers pointed at the T2 chip.

    The T2 does all manner of things in the latest batch of Macs (including the new MacBook Air and Mac mini models announced last week) including dealing with the SSD, audio, and secure boot. And it is with the latter that problems appear to be occurring.

Linux could be banned on Apple’s new Macs

  • Linux could be banned on Apple’s new Macs

    Apple recently announced their new Macs with powerful chipsets and enhanced security. The security has been beefed up with an Apple T2 Security Chip that provides a strong and Secure Enclave co-processor that is mainly responsible for TouchID, APFS storage encryption, UEFI Secure Boot validation, Touch ID handling, a hardware microphone disconnect on lid close, and others. This same chip also enables the secure boot feature on most new Apple computers, which could be a huge block for most Linux installations.

    A report by Phoronix states that the T2 Chip has been blocking Linux from booting and only allows Apple MacOS and Microsoft Windows OS to work well.

You can’t run Linux on Apple’s 2018 Macs

No, Apple's not locking you out of Linux

  • No, Apple's not locking you out of Linux on Mac with the T2 chip

    Apple's T2 Security Chip provides a lot of great features for the vast majority of people, including secure boot, real-time AES 256-bit data encryption, and even Touch ID authentication for MacBook Air and MacBook Pro. For them, it's on by default and should just be left on by default.

    Because of that security, it's led some power-users to believe that Apple is locking down T2 machines, including those MacBooks as well as the iMac Pro and new Mac mini, so completely you will no longer be able to do things like boot into Linux.

    My understanding is that you can, in fact, boot into Linux if you really want to. You just need to disable secure boot on your Mac first.

Microsoft holds the keys

  • Linux could be banned on Apple’s new Macs

    A report by Phoronix states that the T2 Chip has been blocking Linux from booting and only allows Apple MacOS and Microsoft Windows OS to work well.

    Apple explains that there is currently no trust provided for the Microsoft Corporation UEFI CA 2011, which would allow verification of code signed by Microsoft partners. UEFI CA is commonly used to verify the authenticity of bootloaders for other operating systems such as Linux variants.

Apple's new bootloader won't let you install GNU/Linux

  • Apple's new bootloader won't let you install GNU/Linux

    Locking bootloaders with trusted computing is an important step towards protecting users from some of the most devastating malware attacks: by allowing the user to verify their computing environment, trusted computing can prevent compromises to operating systems and other low-level parts of their computer's operating environment.

    But as with every security measure, there's a difference between "secure for the user" and "secure against the user." Bootloader protection that doesn't allow an owner to decide which signatures they trust is security against the user: security that prevents the user from overriding the manufacturer, and so allows the manufacturer to lock the user in.

    Apple's latest bootloader protection, the controversial T2 chip, is a good example of this. The chip comes with a user-inaccessible root of trust that allows for the installation of Apple and Microsoft operating systems, but not GNU/Linux and other open and free alternatives.

What will Apple's T2 chip mean for the rest of us?

Apple Will Block Certain Third-Party Repairs

  • Apple’s T2 Security Chip Will Block Certain Third-Party Repairs, Users Might Have To Shell Significantly More For Repairs

    If you are a fan of Apple and a Gadget geek, you must be familiar with the T2 chip, which goes about as a co-processor in Apple’s devices and, is the key to a considerable lot of Apple’s freshest and most advanced features.

    Apple affirmed this is the situation for fixes including certain parts on more up to date Macs, similar to the rationale load up and Touch ID sensor, which is the first run through the organization has freely recognized the new fix necessities for T2 prepared Macs. In any case, Apple couldn’t give a rundown of fixes that required this or what gadgets were influenced. It additionally couldn’t state whether it started this convention with the iMac Pro’s presentation a year ago or if it’s another strategy organized as of late.

    The T2 is a customized component that performs different complex and essential functions such as preparing for Touch ID. It additionally stores the cryptographic keys important to boot the machines it keeps running on safely. According to Apple, the chip has new features, as well, for example, empowering the MacBook Pro to react to “Hello Siri” queries without expecting you to press a catch. It additionally keeps its workstation from being remotely worked on by programmers when the cover of the gadget is shut. Furthermore, the T2 chip is equipped for speaking with different segments with the end goal, to play out the simple most essential and advanced errands present day Macs are prepared to do.

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

More in Tux Machines

Forbes Says The Raspberry Pi Is Big Business

Not that it’s something the average Hackaday reader is unaware of, but the Raspberry Pi is a rather popular device. While we don’t have hard numbers to back it up (extra credit for anyone who wishes to crunch the numbers), it certainly seems a day doesn’t go by that there isn’t a Raspberry Pi story on the front page. But given that a small, cheap, relatively powerful, Linux computer was something the hacking community had dreamed of for years, it’s hardly surprising. [...] So where has the Pi been seen punching a clock? At Sony, for a start. The consumer electronics giant has been installing Pis in several of their factories to monitor various pieces of equipment. They record everything from temperature to vibration and send that to a centralized server using an in-house developed protocol. Some of the Pis are even equipped with cameras which feed into computer vision systems to keep an eye out for anything unusual. [Parmy] also describes how the Raspberry Pi is being used in Africa to monitor the level of trash inside of garbage bins and automatically dispatch a truck to come pick it up for collection. In Europe, they’re being used to monitor the health of fueling stations for hydrogen powered vehicles. All over the world, businesses are realizing they can build their own monitoring systems for as little as 1/10th the cost of turn-key systems; with managers occasionally paying for the diminutive Linux computers out of their own pocket. Read more

Graphics: NVIDIA, Nouveau and Vulkan

  • NVIDIA 418.49.04 Linux Driver Brings Host Query Reset & YCbCr Image Arrays
    NVIDIA has issued new Vulkan beta drivers leading up to the Game Developers Conference 2019 as well as this next week there being NVIDIA's GPU Technology Conference (GTC) nearby in California. The only publicly mentioned changes to this weekend's NVIDIA 418.49.04 Linux driver update (and 419.62 on the Windows side) is support for the VK_EXT_host_query_reset and VK_EXT_ycbcr_image_arrays extensions.
  • Nouveau NIR Support Lands In Mesa 19.1 Git
    It shouldn't come as any surprise, but landing today in Mesa 19.1 Git is the initial support for the Nouveau Gallium3D code to make use of the NIR intermediate representation as an alternative to Gallium's TGSI. The Nouveau NIR support is part of the lengthy effort by Red Hat developers on supporting this IR as part of their SPIR-V and compute upbringing. The NIR support is also a stepping stone towards a potential NVIDIA Vulkan driver in the future.
  • Vulkan 1.1.104 Brings Native HDR, Exclusive Fullscreen Extensions
    With the annual Game Developers' Conference (GDC) kicking off tomorrow in San Francisco, Khronos' Vulkan working group today released Vulkan 1.1.104 that comes with several noteworthy extensions. Vulkan 1.1.104 is the big update for GDC 2019 rather than say Vulkan 1.2, but it's quite a nice update as part of the working group's weekly/bi-weekly release regiment. In particular, Vulkan 1.1.104 is exciting for an AMD native HDR extension and also a full-screen exclusive extension.
  • Interested In FreeSync With The RADV Vulkan Driver? Testing Help Is Needed
    Since the long-awaited introduction of FreeSync support with the Linux 5.0 kernel, one of the missing elements has been this variable rate refresh support within the RADV Vulkan driver. When the FreeSync/VRR bits were merged into Linux 5.0, the RadeonSI Gallium3D support was quick to land for OpenGL games but RADV Vulkan support was not to be found. Of course, RADV is the unofficial Radeon open-source Vulkan driver not officially backed by AMD but is the more popular driver compared to their official AMDVLK driver or the official but closed driver in their Radeon Software PRO driver package (well, it's built from the same sources as AMDVLK but currently with their closed-source shader compiler rather than LLVM). So RADV support for FreeSync has been one of the features users have been quite curious about and eager to see.

New Screencasts: Xubuntu 18.04.2, Ubuntu MATE, and Rosa Fresh 11

9 Admirable Graphical File Managers

Being able to navigate your local filesystem is an important function of personal computing. File managers have come a long way since early directory editors like DIRED. While they aren’t cutting-edge technology, they are essential software to manage any computer. File management consists of creating, opening, renaming, moving / copying, deleting and searching for files. But file managers also frequently offer other functionality. In the field of desktop environments, there are two desktops that dominate the open source landscape: KDE and GNOME. They are smart, stable, and generally stay out of the way. These use the widget toolkits Qt and GTK respectively. And there are many excellent Qt and GTK file managers available. We covered the finest in our Qt File Managers Roundup and GTK File Managers Roundup. But with Linux, you’re never short of alternatives. There are many graphical non-Qt and non-Gtk file managers available. This article examines 9 such file managers. The quality is remarkably good. Read more