Comment by dev_tty01
4 years ago
I agree that this is mostly a small number of engineers (with approval) being helpful. This has almost no bearing on Apple profit. The number of people who want to run Linux on an Apple Mac is very small compared to their other markets. The only tangible benefit to the company is that this may add a bit of goodwill and slightly reduce the volume of the vocal detractors.
As others have pointed out, it may also help if they are moving to add back bootcamp support for Windows (on ARM).
Apple has added better support for virtualization at the OS level in recent years and that handles the needs of most devs.
> I agree that this is mostly a small number of engineers (with approval) being helpful.
The M1 Macs have their security settings applied per partition instead of per computer.
If you set the bootloader to "permissive security policy", you can boot from a Linux partition without effecting the security of the system when you boot from the MacOS partition.
This is a big change over the way things have previously worked on iOS (where there is no option to unlock the bootloader) or the Mac. It probably wasn't a quick hack that a couple of guys stuck in when nobody was looking.
The fact that you can boot the M1 from a different OS (but you still need the internal SSD even if you boot from an external disk) is a corporate decision.
The fact that someone decided to provide support for a raw image instead of a Mach-O file could very well be the work of someone ar a much lower level.
I disagree with your assertion that the requirement for the internal SSD was a marketing decision (your word was "corporate", but that could mean anything). I think that it was probably a technical decision.
Likely there is a very small bit of bootstrap code stuffed into a ROM somewhere, and the only thing that bootstrap code enables it to read from some protected part of the onboard SSD, which then gives you the next round of bootstrap enabling you to read from other devices (e.g. all the code needed to power up and use the hardware needed to get to an external drive, and the code to read the partitions on said drive).
Someone made the decision that it would be better to use the bit of internal SSD (since it would "always" be there), that could be changed later, rather than hard-code this into comparatively expensive silicon. Unless your internal drive goes bad, it is a pretty good compromise. I seriously doubt that anyone in marketing cared about this.
2 replies →
Note there's also macOS-related reasons to use the different modes:
Reduced security mode is needed to boot into outdated macOS installs (specifically, I believe this is "outdated, insecure, at install-time"), along with loading kernel extensions (which aren't supported in full security mode on Apple Silicon).
Permissive security mode is needed to boot into macOS with a custom XNU kernel.
But yes, this is a significant change to iOS devices, but not to older macOS devices.
> But yes, this is a significant change to iOS devices, but not to older macOS devices.
Previously the Macs had their security settings applied per computer, not per partition.
Oh cool, I wasn't aware of that. I like that option a lot. It's nice to have access to both a walled garden and an open one.
> It probably wasn't a quick hack that a couple of guys stuck in when nobody was looking.
I mean, that's not what the parent comment said:
> I agree that this is mostly a small number of engineers (with approval) being helpful.
Here's some more details from someone who actually worked on this: https://twitter.com/XenoKovah/status/1339914714055368704
I don't disagree with what you're saying, but focusing on the number of people that want to run Linux on a Mac and the tangible short-term benefits misses the larger dynamics that could play out over time.
The bigger opportunity is expanding the footprint and flexibility of Apple Silicon in general. As a developer the new MacBook Pros performance characteristics were too juicy to ignore, the main pain points are virtualization and architecture shift. I'm not knowledgeable enough about the low level details to have a fully formed idea of impact of these pain points yet—maybe Apple Silicon and ARM support are equivalent in practice when it comes to development/deployment—but it certainly makes me feel more comfortable paying the Apple premium the more diverse and open the supported use cases are.
Maybe they want to ship Apple Silicon to server vendors?