• Welcome to TechPowerUp Forums, Guest! Please check out our forum guidelines for info related to our community.

Linux Won't Boot on New MacBook Air: Apple's T2 Security Chip Prevents It

Joined
Sep 25, 2018
Messages
69 (1.33/day)
Likes
31
#1
The new MacBook Air with Retina display is overall a nice upgrade from the old versions of these laptops. There's one caveat, though: the new T2 chip that manages Touch ID's Secure Enclave, APFS storage encryption or UEFI Secure Boot validation will make it impossible to boot with a Linux distribution. Apple's T2 documentation (PDF) explicitly covers how the support for booting Linux is not available: the Microsoft Corporation UEFI CA 2011 certificate used also by Linux distributions isn't trusted at this moment, so the T2 chip will make it impossible to boot from Linux distributions. Only Windows is allowed to boot via Boot Camp at the moment.

Apple's Secure Boot support page shows how the new 'Startup Security Utility' can be used to disable Secure Boot, but some people have tried to boot Linux through this method and even with that change it's impossible to boot Linux. The problem extends to the rest of machines including the T2 Security Chip, like the Mac mini, the iMac Pro or the MacBook Pro 2018, for example. Apple hasn't made any comments on the issue.



View at TechPowerUp Main Site
 
Joined
Jul 16, 2014
Messages
2,600 (1.64/day)
Likes
1,319
Location
SE Michigan
System Name Dumbass
Processor AMD-9370BE @4.6
Motherboard ASUS SABERTOOTH 990FX R2.0 +SB950
Cooling CM Nepton 280L
Memory G.Skill Sniper 16gb DDR3 2400
Video Card(s) GreenTeam 1080 Gaming X 8GB
Storage C:\SSD (240GB), D:\Seagate (2TB), E:\Western Digital (1TB)
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Logitech G700s
Keyboard Logitech G910 Orion Spark
Software windows 10
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
#2
Apple's T2 documentation (PDF) explicitly covers how the support for booting Linux is not available: the Microsoft Corporation UEFI CA 2011 certificate used also by Linux distributions isn't trusted at this moment
I wonder how that got revoked. hmmm. :cool:
 
Joined
Sep 26, 2012
Messages
81 (0.04/day)
Likes
25
Processor AMD FX-9370
Motherboard ASUS Crosshair V Formula Z
Cooling Corsair H100i
Memory 16GB (2x 8192MB) G.Skill RipJawsX
Video Card(s) Asus Radeon R9 290 DirectCU II OC
Storage 240GB Crucial M500 & 2000GB Seagate Desktop HDD ST2000DM001
Display(s) Dell U2412m
Case Fractal Define XL R2
Power Supply 800 Watt Fractal Design Newton R3
Mouse Logitech G502
Keyboard Cherry MX-3.0 - Black Keys
Software Win 7 Pro
Benchmark Scores 7812 Points - 3D Mark Fire Strike
#3
Joined
Jul 16, 2014
Messages
2,600 (1.64/day)
Likes
1,319
Location
SE Michigan
System Name Dumbass
Processor AMD-9370BE @4.6
Motherboard ASUS SABERTOOTH 990FX R2.0 +SB950
Cooling CM Nepton 280L
Memory G.Skill Sniper 16gb DDR3 2400
Video Card(s) GreenTeam 1080 Gaming X 8GB
Storage C:\SSD (240GB), D:\Seagate (2TB), E:\Western Digital (1TB)
Display(s) 1x Nixeus NX_EDG27, 2x Dell S2440L (16:9)
Case Phanteks Enthoo Primo w/8 140mm SP Fans
Audio Device(s) onboard (realtek?) SPKRS:Logitech Z623 200w 2.1
Power Supply Corsair HX1000i
Mouse Logitech G700s
Keyboard Logitech G910 Orion Spark
Software windows 10
Benchmark Scores https://i.imgur.com/aoz3vWY.jpg?2
#4
I wonder how long it will be until they get sued again for anti-competitive due to this.
no its a certificate trust issue, if this becomes a permanent problem, than yes that could happen. It could be a minor oversight on Apple's part or intentional on m$'s part not re-certifying the trust. I think its fishy either way.
 
Joined
Jun 15, 2016
Messages
471 (0.53/day)
Likes
201
System Name My PC
Processor 4670K@4.4GHz
Motherboard Gryphon Z87
Cooling CM 212
Memory 2x8GB+2x4GB @2400GHz
Video Card(s) XFX Radeon RX 580 GTS Black Edition 1425MHz OC+, 8GB
Storage Intel 530 SSD 480GB + Intel 510 SSD 120GB + 2x500GB hdd raid 1
Display(s) HP envy 32 1440p
Case CM Mastercase 5
Audio Device(s) Sbz Zxr
Power Supply Antec 620W
Mouse G502
Keyboard G910
Software Win 10 pro
#5
Always some bull* with apple "computers" i wonder why? ;)
 
Joined
Sep 7, 2017
Messages
2,859 (6.57/day)
Likes
1,354
System Name Blackbox
Processor Intel i7-7820x
Motherboard SM C9X299-PG300
Cooling H100i
Memory 16GB 2666..tentatively
Video Card(s) Powercolor Vega 64
Storage 900p 280GB/Barracuda 10TB
Display(s) Viewsonic VX2457 + Samsung 4KTV/Freesync
Case Corsair C70
Power Supply AX860i
Software Win 10 Pro
#6
Not sure why anyone would want to run Linux on a Mac anyways. It already runs UNIX.. and lets you play Windows games at full speed to boot.
 
Joined
Oct 18, 2013
Messages
811 (0.44/day)
Likes
243
Location
If I knew, I'd tellz ya...
System Name The Big RED One
Processor i7-6700k, oc'd to 4.7 ghz
Motherboard Gigabyte G1 Gaming 7- Z170x
Cooling Corsair H110i-GT AIO + 3x Corsair AF140's + 4x AF140 (int/exh) + 2x CM120 (bottom int)
Memory 32GB Corsair Vengence Red RBG DDR4-3200 XMP 2x
Video Card(s) Zotac GTX 1060/6GB w/15% o/c
Storage 2x 960 Pro m.2 nvme, 1x Hitachi 2TB spinner for storage
Display(s) Samsung 32" & 24" LCD's @1920x1280 60hz
Case Thermaltake TT900 Super Tower w/custom paint and ExAF treatment
Audio Device(s) Onboard
Power Supply EVGA G2 SuperNova 850W Modular
Mouse Logitech MX5500 combo
Keyboard see above
Software Windows 10 pro 64 bit, with all the unnecessary background shiite turned OFF !
Benchmark Scores Quicker than flies on a dung pile
#7
hummm,,,,,, m$ not recertifying a trust certificate, surely nOt....

sounds kinda fruity to me, or at least another cleverly-designed marketing ploy created to keep their new machines in the headlines as long as possible :D

or, "T2", as in "Terminator 2", as in: all yinz linus users are belong to us, hehehe !
 
Joined
Jun 10, 2014
Messages
1,187 (0.73/day)
Likes
529
#8
Not sure why anyone would want to run Linux on a Mac anyways. It already runs UNIX.. and lets you play Windows games at full speed to boot.
Just because something is UNIX based, doesn't make it automatically good. Even Nintendo consoles run UNIX, that doesn't mean you can do whatever you want with them.

Installing Linux on Macs is primarily a developer thing. In the beginning Mac OS X was fairly decent, but over the years it have become more and more locked down, buggy and technically outdated. For a while many developers still bought Macs to install Linux for the build quality, but even that has degraded lately. These days vendors like Lenovo, Dell and HP offer better solutions, so you can keep your hard-earned cash away from Apple.
 
Joined
Sep 7, 2017
Messages
2,859 (6.57/day)
Likes
1,354
System Name Blackbox
Processor Intel i7-7820x
Motherboard SM C9X299-PG300
Cooling H100i
Memory 16GB 2666..tentatively
Video Card(s) Powercolor Vega 64
Storage 900p 280GB/Barracuda 10TB
Display(s) Viewsonic VX2457 + Samsung 4KTV/Freesync
Case Corsair C70
Power Supply AX860i
Software Win 10 Pro
#9
Just because something is UNIX based, doesn't make it automatically good. Even Nintendo consoles run UNIX, that doesn't mean you can do whatever you want with them.

Installing Linux on Macs is primarily a developer thing. In the beginning Mac OS X was fairly decent, but over the years it have become more and more locked down, buggy and technically outdated. For a while many developers still bought Macs to install Linux for the build quality, but even that has degraded lately. These days vendors like Lenovo, Dell and HP all offer better solutions, so you can keep your hard-earned cash away from Apple.
I don't think Nintendo has released much about their Switch OS. Do you mean PS4? Because it is based off of BSD Unix.

In any case, consoles are turnkey machines, with no *nix userland tools or interface for them to speak of. Mac OS is a certified UNIX, with all of the userland to boot (and ability to add more from premade Darwin packages or other ports). The only thing you wouldn't do is run a different windowing environment, but why would you want to? That's kind of my point earlier. It already has the base of Unix stuff shared across most *nix systems, and a better window environment to begin with (which has it's own Mac ports anyways, like Libre/GIMP/etc).
 
Joined
Jun 10, 2014
Messages
1,187 (0.73/day)
Likes
529
#10
I don't think Nintendo has released much about their Switch OS. Do you mean PS4? Because it is based off of BSD Unix.
Both Nintendo Switch and Wii is based on FreeBSD, just like PS4.

In any case, consoles are turnkey machines, with no *nix userland tools or interface for them to speak of. Mac OS is a certified UNIX, with all of the userland to boot (and ability to add more from premade Darwin packages or other ports). The only thing you wouldn't do is run a different windowing environment, but why would you want to? That's kind of my point earlier. It already has the base of Unix stuff shared across most *nix systems, and a better window environment to begin with (which has it's own Mac ports anyways, like Libre/GIMP/etc).
Apple is making it harder and harder to install what you want on Macs, like unsigned software. The bundled software is really not good enough, so most developers need at least a better terminal and git, probably their favorite text-editor or IDE, plus all the toolchains tied to whatever they're making. Apple is also deprecating various open standards and formats, including lately OpenGL. It's only a matter of time before more stuff stops working.

And then there is the GUI; every serious developer configure their OS over time to fit their workflow, and most developer's workflow also evolve over time. The possibilities and ease of customization in Linux is magnitudes over Windows and OS X. Switching desktop environment is of course one of those options; just among five of my colleges sitting closest to me I can find at least four different desktop environments on Linux, and each one made their choice based on convenience and workflow, not based on looks. It comes down to how people prefer to navigate between workspaces and windows, set up keyboard shortcuts etc. The possibilities to do this in Windows and OS X is very limited. Setting up a standard environment in Linux takes a few minutes, fresh Linux users usually starts out by using it like they are used to from Windows or OS X, but gradually starts to tweak it as they get accustomed to it. Then after years, going back feels like returning to the stone age, regardless of how "polished" some aspects of other OS' look. You need to use Linux for several years to fully understand this.
 

Wavetrex

New Member
Joined
Nov 1, 2018
Messages
5 (0.33/day)
Likes
0
Location
NL
#11
I wonder what happens if you carefully unsolder that chip off the motherboard?
 

Easy Rhino

Linux Advocate
Staff member
Joined
Nov 13, 2006
Messages
14,565 (3.32/day)
Likes
4,458
Location
Mid-Atlantic
System Name VHOST01 | Desktop
Processor i7 980x | i5 7500 Kaby Lake
Motherboard Gigabyte x58 Extreme | AsRock MicroATX Z170M Exteme4
Cooling Prolimatech Megahelams | Stock
Memory 6x4 GB @ 1333 | 2x 8G Gskill Aegis DDR4 2400
Video Card(s) Nvidia GT 210 | Nvidia GTX 970 FTW+
Storage 4x2 TB Enterprise RAID5 | Samsung nVME 512
Display(s) N/A | Dell 27" 1440p 8bit GSYNC
Case Lian Li ATX Mid Tower | Corsair Carbide 400C
Audio Device(s) NA | On Board
Power Supply SeaSonic 500W Gold | Seasonic SSR-650GD Flagship Prime Series 650W Gold
Mouse N/A | Logitech G900 Chaos Spectrum
Keyboard N/A | Code V2B
Software Centos 7 | Windows 10
#13
Gee, a security chip prevents unauthorized access to the walled garden. In other news, water is wet.
 
Joined
Sep 15, 2011
Messages
5,011 (1.91/day)
Likes
1,384
Processor Intel Core i7 3770k @ 4.3GHz
Motherboard Asus P8Z77-V LK
Memory 16GB(2x8) DDR3@2133MHz 1.5v Patriot
Video Card(s) MSI GeForce GTX 1080 GAMING X 8G
Storage 59.63GB Samsung SSD 830 + 465.76 GB Samsung SSD 840 EVO + 2TB Hitachi + 300GB Velociraptor HDD
Display(s) Acer Predator X34 3440x1440@100Hz G-Sync
Case NZXT PHANTOM410-BK
Audio Device(s) Creative X-Fi Titanium PCIe
Power Supply Corsair 850W
Mouse Anker
Software Win 10 Pro - 64bit
Benchmark Scores 30FPS in NFS:Rivals
#15
Well, if you buy any Apple product you deserve to be the prisoner of your own possession. ;)
 
Top