Apple's T2 Chip Prevents Linux from Booting on Latest Mac Hardware
CYBER NEWS

Apple’s T2 Chip Prevents Linux from Booting on Latest Mac Hardware

Linux users have complained about experiencing issues when attempting to get their wanted distribution to install on the latest Mac machines. The reason for these troubles is believed to be the T2 chip.




More about the T2 Chip. What Does It Do?

According to Apple, the T2 chip includes a Secure Enclave coprocessor that provides the foundation for secure boot and encrypted storage capabilities. These capabilities include dealing with the SSD, audio, and secure boot, with issues reported to be stemming from the secure boot.

To further explain, Apple’s latest Mac hardware, including the latest MacBook Air and Mac Mini, comes with an embedded T2 chip, providing a secure enclave, APFS storage encryption, Touch ID handling, a hardware microphone disconnect on lid close, among other security-centered features.

As already mentioned, it has been reported that T2 restricts the boot process thus limiting the Linux support on Mac hardware. The issue is there even when the Secure Boot functionality is disabled, with the chip still blocking a range of operating systems, with the exception of macOS and Windows 10. It should be noted that Windows in general can’t be booted on Apple’s latest hardware, not until support for Windows via the Boot Camp Assistant on macOS is enabled.

Related: Verified Microkernel: the Cure for All Linux OS Vulnerabilities?

By enabling it, the Windows Production CA 2011 certificate is installed. The certificate serves to authenticate Microsoft bootloaders, but this doesn’t setup the Microsoft-approved UEFI certificate that allows verification of code by Microsoft partners, including what is used for signing Linux distributions wishing to have UEFI SecureBoot support for Windows PC, experts explain.

Regarding Linux, Apple’s T2 documentation gives the following explanation:

There is currently no trust provided for the the Microsoft Corporation UEFI CA 2011, which would allow verification of code signed by Microsoft partners. This UEFI CA is commonly used to verify the authenticity of bootloaders for other operating systems such as Linux variants.

In other words, until Apple adds this certificate or the T2 chip is somehow cracked, it’s impossible to boot Linux distributions on Apple’s latest hardware.

Milena Dimitrova

Milena Dimitrova

An inspired writer and content manager who has been with SensorsTechForum since the beginning. Focused on user privacy and malware development, she strongly believes in a world where cybersecurity plays a central role. If common sense makes no sense, she will be there to take notes. Those notes may later turn into articles! Follow Milena @Milenyim

More Posts

Follow Me:
Twitter

Leave a Comment

Your email address will not be published. Required fields are marked *

Time limit is exhausted. Please reload CAPTCHA.

Share on Facebook Share
Loading...
Share on Twitter Tweet
Loading...
Share on Google Plus Share
Loading...
Share on Linkedin Share
Loading...
Share on Digg Share
Share on Reddit Share
Loading...
Share on Stumbleupon Share
Loading...