← Back to context

Comment by amiga386

3 days ago

Yes, more weird than that. x86 PCs have fairly standardised boot and autoconfiguration (UEFI and ACPI). ARM based systems, including the Apple M series, don't. You just have to know what's there (device trees), and Apple isn't going to tell you. Hence why it's difficult to make another OS run on it, because you first need to find out what hardware's even there, and how to talk to it. It's initialised by Apple before iBoot runs, sure, but you don't even know what it is, so good luck writing a driver for it.

The Intel ME / AMD PSP are creepy, and probably a security risk to the device owner, but they're not weird, you can run an OS without even knowing they're there, and they like it that way.

8 comments

amiga386

Reply
GeekyBear  3 days ago

Asahi Linux already does use an open source UEFI implementation (U-Boot) to boot Linux.

https://en.wikipedia.org/wiki/Das_U-Boot

The Asahi installer will also allow you to install UEFI alone, in case you want to use UEFI to install some other OS.

The hardware management engines in modern x86 chips are backdoors running at a higher privilege level than the installed OS's kernel.

It's hard to see them as anything else.

  • okanat  3 days ago

    Apple's Secure Enclave and ARM's Truszone work the same way as Intel ME and AMD PSP. All of them have a separate specialized minimal OS running on a specially protected memory that cannot be accessed by the normal OS.

    Apple can lock your Mac just like other manufacturers can do via Intel ME. All of them are backdoors.

    • AKSF_Ackermann  3 days ago

      They don't. ME and PSP are separate cores with full memory and configuration bus access. TrustZone is nothing like this, it is a higher privilege level on the main cpu cores, more similar to SMM and used for pretty much the same purposes. Secure enclave is yet again nothing like any of the former and is similar to a TPM.

    • saagarjha  3 days ago

      Secure Enclave is a completely different core, I don't understand why you are conflating it with TrustZone

comex  3 days ago

It's true that UEFI and ACPI cover a lot of ground whose equivalent on Apple Silicon is undocumented. But note that Linux on x86 does still rely on lots of reverse-engineered drivers to talk to various devices - not necessarily on servers which are designed to run Linux, but very much so on desktops and (especially) laptops.

antonkochubey  3 days ago

>ARM based systems, including the Apple M series, don't.

You're thinking of old SBCs, most likely. ARM SystemReady devices (which is a requirement for Thunderbolt 4+ on ARM, so Macs are included) have +/- same level of auto-configuration and hardware resource discovery as x86 PCs.

  • mjg59  3 days ago

    > ARM SystemReady devices (which is a requirement for Thunderbolt 4+ on ARM, so Macs are included)

    Either this is untrue or misinterpreted - the SystemReady DeviceTree band (the only one Macs could possibly fit into, given they don't implement ACPI) still requires that devices implement EBBR, which requires that devices implement UEFI. Macs don't, and so are very much not SystemReady compliant.