Comment by paxys

On Android devices with AVB (so basically everything nowadays), once the bootloader is unlocked, so many things already either lock you out or degrade your service in various ways. For example, Netflix will downgrade you to 480p, Google Pay will stop working, many apps will just straight up disappear from the Play Store because SafetyNet will stop passing (especially on newer devices with hardware attestation), banking apps (most notably Cash App) will often stop working, many other third-party apps that don't even have anything to do with banking will still lock you out, etc.

On many Android devices, unlocking the boot loader at any point will also permanently erase the DRM keys, so you will never again be able to watch high resolution Netflix (or any other app that uses Widevine), even if you relocked the bootloader and your OS passed verified boot checks.

On a Mac, you don't need to "unlock the bootloader" to do anything. Trust is managed per operating system. As long as you initially can properly authenticate through physical presence, you totally can install additional operating systems with lower levels of trust and their existence won't prevent you from booting back into the trusted install and using protected experiences such as Apple Pay. Sure, if you want to modify that trusted install, and you downgrade its security level to implement this, then those trusted experiences will stop working (such as Apple Pay, iPhone Mirroring, and 4K Netflix in Safari, for instance), but you won't be rejected by entire swathes of the third-party app ecosystem and you also won't lose the ability to install a huge fraction of Mac apps (although iOS and iPadOS apps will stop working). You also won't necessarily be prevented from turning the security back up once you're done messing around, and gaining every one of those experiences back.

So sure, you can totally boil it down to "Apple still punishes you, only a bit less", but not only do they not even punish your entire machine the way Microsoft and Google do, but they even only punish the individual operating system that has the reduced security, don't punish it as much as Microsoft and Google do, and don't permanently lock things out just because the security has ever been reduced in the past.

Do keep in mind though, the comparison to Android is a bit unfair anyway because Apple's equivalent to the Android ecosystem is (roughly; excluding TV and whatever for brevity) iPhone and iPad, and those devices have never and almost certainly will never offer anything close to a bootloader unlock. I just had used it as an example of the all or nothing approach. Obviously Apple's iDevice ecosystem doesn't allow user tampering at all, not even with trusted experiences excluded.

Fun fact though: The Password category in System Settings will disappear over iPhone Mirroring to prevent the password from being changed remotely. Pretty cool.

To be fair, this is how homebrew for Apple devices has always worked. You've always had to effectively reverse engineer the platform in order to write privileged code. Although I get the argument that if Apple were explicitly trying to support alternative operating systems they probably could have done more to make it easy, really what they were doing with this was first and foremost enabling additional use cases for macOS, and then maybe silently doing it in a way that third parties would also be able to benefit from. The Asahi wiki does a bit of a better job of explaining this, but the suspicion is that Apple did this not necessarily to make it easier for alternative operating systems to exist but to prevent the Mac from needing to be jailbroken when alternative operating systems were bound to happen anyway.

To be fair, sleep/suspend has been a rather infamously difficult problem for Linux when it comes to devices that weren't designed to run Linux. I think the Macs with T2 chips were a bit weird anyway and I wonder if they had already been working on Apple Silicon Macs that far back and that's why the T2 became a thing?