It’s kind of funny that Apple-land now gets to see the same uninformed hysteria that the PC world has been rolling its eyes at for the past decade or so. Every year like clockwork I see alarmist articles about how “SecureBoot/EFI/Windows/TPM/whatever is going to block installing Linux!” and it never happens. Just tune it out; eventually you realize it’s just a way to get clicks and boost your nerd cred on Linux-centered forums.
It's a justifiable concern, that somehow hardware companies will wall off high-end hardware from Linux because of the industry pressure behind ill-fated ventures like pervasive DRM and Windows piracy protection.
I'm glad that Apple still has the "fine, but it's your funeral" option that lets users do what they want. Secure by default, open if you want/need it.
> I think the goal of the T2 is to block Hackintosh and also to block hardware upgrades.
Although there's no way for us to really know, I don't really think that's their priority. Sounds more like a side-effect. Consumers capable of assembling, installing and updating a Hackintosh are probably less than 0.1% of the entire Apple user-base. They are peanuts, from a merely commercial point of view.
They also don't really need to prevent hardware upgrades with an enforcing chip. They are already preventing hardware upgrades by releasing hardware that physically cannot be upgraded. Just think about their laptops released in the last 5 years, with RAM blocks and SSDs soldered to the motherboard...
Adding to this - Apple manufactures new products with both upgradable hardware and T2 chips (well, product - the Mac Mini with the T2 chip and upgradable memory), and the long-awaited Mac Pro refresh will be an upgradable computer and presumably will have a Tx chip.
I think articles like this are good even though the solution might be assumed. Getting explicit clarification is what it's all about here. That clarification is that disabling SIP will allow non-signed OSs to boot.
21 comments
[ 3.3 ms ] story [ 53.4 ms ] threadhttps://support.apple.com/en-us/HT208330
I'm glad that Apple still has the "fine, but it's your funeral" option that lets users do what they want. Secure by default, open if you want/need it.
Apple chose to exclude that certificate.
Apple seems very aggressive about blocking 3rd party code from running on their hardware.
I think the goal of the T2 is to block Hackintosh and also to block hardware upgrades.
At some point Apple is going to lock this down. They have a history of doing so and giving them the benefit of the doubt is probably a bad call.
Although there's no way for us to really know, I don't really think that's their priority. Sounds more like a side-effect. Consumers capable of assembling, installing and updating a Hackintosh are probably less than 0.1% of the entire Apple user-base. They are peanuts, from a merely commercial point of view.
They also don't really need to prevent hardware upgrades with an enforcing chip. They are already preventing hardware upgrades by releasing hardware that physically cannot be upgraded. Just think about their laptops released in the last 5 years, with RAM blocks and SSDs soldered to the motherboard...
Apple lays out pretty well what the T2 chip does in their documentation.