Comment by drbawb

2 days ago

The Apple Platform Security[1] white paper describes the secure boot process for Apple silicon. The Mac boot process is significantly more configurable than the iOS boot process, and it allows operating in reduced security modes. (Including running locally signed operating systems.)

Apple knows how to build an iPhone: if they wanted to lock down a Mac they would have simply done that. There's something like nine pages detailing the differences. What word describes that other than "intentional" design? The fact that you can sign and boot a third party OS isn't an "accident" if it's documented, and there's no "exploit" because this is functionality the platform supports; anyone can do it with tools already present on the (Apple-signed) recovery OS.

They certainly don't provide great support for people wanting to develop [drivers for] these operating systems, but the platform was very clearly engineered to support booting them.

[1]: https://help.apple.com/pdf/security/en_US/apple-platform-sec...

I guess I'm missing something then. The Asahi blog says "Apple’s boot tooling will only work with what it considers to be a “valid” macOS installation inside an APFS container." Sounds very adversarial to "the ability to boot an arbitrary OS."

  • It basically just has to look like macOS in some trivial sense, it doesn't have to be macOS, there are no obstacles. The system is designed specifically to enable booting custom compiled kernels and former members of the Apple team have said booting other OSes was intentionally left open. The company just doesn't make any guarantees about that.

    • Where is it stated in official Apple communications that Apple laptops will always support other OSes like Linux?

      There you have it.

      If they don't guarantee it, then better not depend on it. Or waste your time on it.

      This also holds for members of the Asahi team. Unless they don't mind that a decade or so of their working life goes down the drain in one decision from Apple management or Apple lawyers.

      1 reply →

  • It’s the difference between “there’s no published standards other than the reference implementation for some of the API” and “there’s no published standards and extremely monolithic reference implementation design coupled to proprietary blobs and considerable effort spent on signing/boot chain authentication to prevent third party implementations”. Apple is currently the former.