Home > Cyber News > Apple’s T2 Chip Prevents Linux from Booting on Latest Mac Hardware

Apple’s T2 Chip Prevents Linux from Booting on Latest Mac Hardware

Linux users have complained about experiencing issues when attempting to get their wanted distribution to install on the latest Mac machines. The reason for these troubles is believed to be the T2 chip.

More about the T2 Chip. What Does It Do?

According to Apple, the T2 chip includes a Secure Enclave coprocessor that provides the foundation for secure boot and encrypted storage capabilities. These capabilities include dealing with the SSD, audio, and secure boot, with issues reported to be stemming from the secure boot.

To further explain, Apple’s latest Mac hardware, including the latest MacBook Air and Mac Mini, comes with an embedded T2 chip, providing a secure enclave, APFS storage encryption, Touch ID handling, a hardware microphone disconnect on lid close, among other security-centered features.

As already mentioned, it has been reported that T2 restricts the boot process thus limiting the Linux support on Mac hardware. The issue is there even when the Secure Boot functionality is disabled, with the chip still blocking a range of operating systems, with the exception of macOS and Windows 10. It should be noted that Windows in general can’t be booted on Apple’s latest hardware, not until support for Windows via the Boot Camp Assistant on macOS is enabled.

Related: [wplinkpreview url=”https://sensorstechforum.com/verified-microkernel-cure-all-linux-vulnerabilities/”]Verified Microkernel: the Cure for All Linux OS Vulnerabilities?

By enabling it, the Windows Production CA 2011 certificate is installed. The certificate serves to authenticate Microsoft bootloaders, but this doesn’t setup the Microsoft-approved UEFI certificate that allows verification of code by Microsoft partners, including what is used for signing Linux distributions wishing to have UEFI SecureBoot support for Windows PC, experts explain.

Regarding Linux, Apple’s T2 documentation gives the following explanation:

There is currently no trust provided for the the Microsoft Corporation UEFI CA 2011, which would allow verification of code signed by Microsoft partners. This UEFI CA is commonly used to verify the authenticity of bootloaders for other operating systems such as Linux variants.

In other words, until Apple adds this certificate or the T2 chip is somehow cracked, it’s impossible to boot Linux distributions on Apple’s latest hardware.

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the project started. A professional with 10+ years of experience in creating engaging content. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:

Leave a Comment

Your email address will not be published. Required fields are marked *

This website uses cookies to improve user experience. By using our website you consent to all cookies in accordance with our Privacy Policy.
I Agree