| ▲ | GeekyBear 5 hours ago |
| Apple designed a bootloader for Apple Silicon Macs that allows you to run an unsigned OS without degrading security when you boot into MacOS. This wasn't an accident. Macs have always allowed you to run another OS. iDevices have always had a locked bootloader. People shouldn't confuse the two. |
|
| ▲ | josephcsible a minute ago | parent | next [-] |
| They're different for now, but it's frog-boiling. Apple has been steadily adding more and more hoops to the process for Macs, and eventually they are going to end up as locked down as iPhones. |
|
| ▲ | hollow-moe 4 hours ago | parent | prev | next [-] |
| M series macs are weird tho, yes the bootloader allows it but absolutely no documentation on the hardware, drivers etc. Can't help but to think the goal of this wasn't to actually allow third-party OSes, but for development purposes(and ye they could hide the feature behind apple account with paid dev license) or anti-anti-trust measures à-la Google with Firefox: in front of a jury of normal people they can simply say "look there's these nerds making Asahi" the same way "look we're not a monopoly Firefox has .2% market share". |
| |
| ▲ | GeekyBear 3 hours ago | parent | next [-] | | > M series macs are weird More weird than the opaque Management Engines on Intel or AMD chips that can take full control of your system at any time that you have no control over? > Can't help but to think the goal of this wasn't to actually allow third-party OSes Apple has explicitly stated that allowing third party OSes is exactly the purpose of the new bootloader. | | |
| ▲ | Rohansi 3 hours ago | parent | next [-] | | I don't know about Intel ME but AMD PSP is basically the equivalent of Apple's Secure Enclave, so there's that. | | |
| ▲ | GeekyBear 2 hours ago | parent [-] | | You should probably do do some reading on the subject to gain a bit more understanding: > This puts [Apple Silicon Macs] somewhere between x86 PCs and a libre-first system like the Talos II in terms of freedom to replace firmware and boot components; while a number of blobs are required in order to boot the system, none of those have the ability to take over the OS or compromise it post-boot (unlike, say, Intel ME and AMD PSP on recent systems, or the DMA-capable chips on the LPC bus running opaque blobs that exist on even old ThinkPads). https://asahilinux.org/docs/platform/introduction/ The Secure Enclave is equivalent to a PC's TPM (a TPM is now required to run Windows) not any form of a management engine. |
| |
| ▲ | amiga386 3 hours ago | parent | prev | next [-] | | Yes, more weird than that. x86 PCs have fairly standardised boot and autoconfiguration (UEFI and ACPI). ARM based systems, including the Apple M series, don't. You just have to know what's there (device trees), and Apple isn't going to tell you. Hence why it's difficult to make another OS run on it, because you first need to find out what hardware's even there, and how to talk to it. It's initialised by Apple before iBoot runs, sure, but you don't even know what it is, so good luck writing a driver for it. The Intel ME / AMD PSP are creepy, and probably a security risk to the device owner, but they're not weird, you can run an OS without even knowing they're there, and they like it that way. | | |
| ▲ | GeekyBear 2 hours ago | parent [-] | | Asahi Linux already does use an open source UEFI implementation (U-Boot) to boot Linux. https://en.wikipedia.org/wiki/Das_U-Boot The Asahi installer will also allow you to install UEFI alone, in case you want to use UEFI to install some other OS. The hardware management engines in modern x86 chips are backdoors running at a higher privilege level than the installed OS's kernel. It's hard to see them as anything else. |
| |
| ▲ | well_ackshually 2 hours ago | parent | prev [-] | | >More weird than the opaque Management Engines on Intel or AMD chips that can take full control of your system at any time that you have no control over? Considering they're pretty much fully undocumented (officially, that is) and could contain any number of IME equivalents since we know that they already have independent processors like the secure enclave running its own OS: yeah, probably more weird. Just because Asahi did not find one doesn't mean it doesn't exist. |
| |
| ▲ | phire 3 hours ago | parent | prev | next [-] | | The design of the exposed mechanism is explicitly about booting unsigned versions of MacOS. There is zero support for booting anything else, but no enforcement that it must be MacOS. However, apple's justification for exposing this mechanism to users appears to explicitly include "booting linux" even if the mechanism has zero explicit support for booting linux. | |
| ▲ | benoau 3 hours ago | parent | prev [-] | | I think they are wary about macOS becoming a designated DMA gatekeeper, it would certainly be very close to the user and income thresholds. |
|
|
| ▲ | phire 4 hours ago | parent | prev | next [-] |
| And if Apple were going to change their mind and try to block linux, they would intentionally modify the bootloader to remove that functionality, not break the boot picker. |
|
| ▲ | nosioptar 4 hours ago | parent | prev [-] |
| If they allowed something similar on iphones, I'd switch to an iPhone the day an alternate os worked well enough for daily use. |
