Linux users have complained about experiencing issues when attempting to get their wanted distribution to install on the latest Mac machines. The reason for these troubles is believed to be the T2 chip.
More about the T2 Chip. What Does It Do?
According to Apple, the T2 chip includes a Secure Enclave coprocessor that provides the foundation for secure boot and encrypted storage capabilities. These capabilities include dealing with the SSD, audio, and secure boot, with issues reported to be stemming from the secure boot.
To further explain, Apple’s latest Mac hardware, including the latest MacBook Air and Mac Mini, comes with an embedded T2 chip, providing a secure enclave, APFS storage encryption, Touch ID handling, a hardware microphone disconnect on lid close, among other security-centered features.
As already mentioned, it has been reported that T2 restricts the boot process thus limiting the Linux support on Mac hardware. The issue is there even when the Secure Boot functionality is disabled, with the chip still blocking a range of operating systems, with the exception of macOS and Windows 10. It should be noted that Windows in general can’t be booted on Apple’s latest hardware, not until support for Windows via the Boot Camp Assistant on macOS is enabled.
By enabling it, the Windows Production CA 2011 certificate is installed. The certificate serves to authenticate Microsoft bootloaders, but this doesn’t setup the Microsoft-approved UEFI certificate that allows verification of code by Microsoft partners, including what is used for signing Linux distributions wishing to have UEFI SecureBoot support for Windows PC, experts explain.
Regarding Linux, Apple’s T2 documentation gives the following explanation:
There is currently no trust provided for the the Microsoft Corporation UEFI CA 2011, which would allow verification of code signed by Microsoft partners. This UEFI CA is commonly used to verify the authenticity of bootloaders for other operating systems such as Linux variants.
In other words, until Apple adds this certificate or the T2 chip is somehow cracked, it’s impossible to boot Linux distributions on Apple’s latest hardware.