I don't know the answer^, but how old is your current old Mac hardware? I don't know about the desktops, but Macbooks from 2016 are not well supported hardware-wise in Linux - things like no WiFi even. There was a good GitHub repo tracking it for up to I think the first touchbar Pro, and basically it was dismal then and only got worse (according to repo owner who consequently stopped bothering iirc).

So.. depending what you want to do on these older machines, my point is that this may be the least of your worries.

^(though I think it's fine, because it's the reverse that would be a problem? Bad news for 'hackintosh' if all supported versions of macOS can expect secure boot hardware, I think)

> I don't know about the desktops, but Macbooks from 2016 are not well supported hardware-wise in Linux

Which is unfortunate, because the 2015 models make great Linux machines.

The introduction of the T2 chip made proper Linux support much harder to achieve.

Until 2019 Apple sold 13 inch MBPs without the touchbar, and these models did not have a T2 chip. They are still miserable computers to run Linux on, although I think the original 2016 touchbar-less MBP performs better than all the rest, albeit (IIRC) no working audio, very poor suspend/resume functionality, and until pretty recently no keyboard/trackpad functionality.

Oh, and Apple's NVMe interface is non-compliant. This is widely reported as Apple locking Linux out with the T2 chip, but that's not really true. The T2 chip will by default prevent unsigned kernels from reading/writing to the SSD, but this can be disabled.

Even if it's disabled, the controller is not standards compliant, and Linux won't see the underlying block device. I saw some diffs floating around on github a few years ago that fixed it, but I don't think it was ever mainlined.

Basically, post-2016, Apple seems to have incorporated even more custom (and undocumented) hardware that running alternative OSes on them is basically impossible. Windows works because of the Apple-provided HAL + drivers for WinNT.

Even in Bootcamp Apple did not bother to expose all hardware to Windows . The touchpad is reported as a mouse with a scroll wheel, no option to enable hardware encryption or to use Touch ID to unlock.

Why would you expect Touch ID to work on a windows machine?

As far as I know it’s only available on Apple OSes.

Windows supports various bio-metric logins and provides rather generic API. Some manufacturers use that to provide login based on veins in a finger, not fingerprints. Apple could have implemented those API.

I have a MacBookPro15,2 (2019, with T2), on which I duel boot Arch Linux. It is perfectly usable. The hardware support is not great. In particular, resuming from suspend is very slow, and I haven't gotten the built-in mic to work. And getting the system to work did require using a patched Linux kernel installed from Github. So not easy, but possible.

Your claims about "dismal then and only got worse" are unfounded. The repository you refer to is still active. https://github.com/Dunedan/mbp-2016-linux If anything, activity has slowed down in these threads because it was figured out how to make it work.

Even among people who run Linux on these MacBooks, the general recommendation is to keep a macOS partition around for stability. Some of the value you get from any Apple computer is in the software. If you intend on instantly installing Linux or Windows as your only OS, this probably isn't the computer for you. But if you want to or have to use Linux sometimes, these T2-chip Macs can do it.

I was referring to the hardware support, not the (stellar) efforts of Dunedan and contributors!

Yes. There’s nothing preventing me from accessing the internal SSD.

> There was a good GitHub repo tracking it for up to I think the first touchbar Pro, and basically it was dismal then and only got worse (according to repo owner who consequently stopped bothering iirc).

As I'm said repo owner, let me chime in here quickly to shed some light on that.

I used a 13" MacBook Pro 2016 for 3 years with Debian as my sole machine for work. When ordering it back in 2016 I wasn't sure how difficult it'd be to get Linux properly working on it, as at that point it was only known that it's possible to boot Linux, but nobody had figured out even such basics like support for the integrated input devices or the NVMe SSD yet. However as I was using Linux on Macs since 2006 I figured it'd be somehow possible to get it to work for me.

Fortunately I wasn't the only one serious about running Linux these 2016+ MacBooks, as I have very limited knowledge of the required lowlevel programming skills. What I did was to provide and moderate a Github repository (https://github.com/Dunedan/mbp-2016-linux) as a central place to document and discuss of the status of hardware support for these MacBook Pros, some little patches and lots of feedback and bug reports. A big shoutout to all contributors who did an incredible job at reverse engineering, implementing and upstreaming drivers for various components! That's quite an achievement for such a complex device with no public hardware documentation at all!

After a while it turned out that support for certain components would be rather difficult to get working flawlessly. As an example, even at the end of the 3 years I used the MacBook Pro, I had to use an external adapter to be able to use WiFi. With that in mind I started to reconsider why I bought Apple products: I bought them because of their superior hardware quality. But if I'm not able to use the hardware as intended, what's the point of paying a premium for Apple products? And let's just not talk about the butterfly keyboard or the horrible thermal management. So when it came to replacing my MacBook Pro, I decided to go with a Lenovo Thinkpad X1 Carbon instead. It's not perfect, but I'm way happier now than I ever was with the MacBook Pro 2016, as the hardware just works.

As I don't own any 2016+ Apple device anymore, the help for further Linux support I can provide is limited, but I didn't stop bothering at all! I'm still actively managing said Github repository, but activity in general has significantly dropped there over time. Either the devices work well enough for other people now or they also replaced them with non-Apple hardware.

Yeah, I think you mean this repo: https://github.com/Dunedan/mbp-2016-linux

I bought a 2017 MBP hoping the situation would eventually improve but it never did, so I never got around to installing Linux. I'm expecting it'll be even worse for these M1 systems.

That's the one, thanks.

It is a shame, it's not something I ever really did (or not for long, for a period I do recall having Arch on my 2013 Air) but I like the idea - I like Apple's hardware, just not the software.

Oh Apple, why are you doing this, taking freedom from your customers. I don‘t want to use Windows, neither do I want to tinker with Ubuntu. But if you keep going that path, you are forcing your power users to think about migrating to platforms that respect users freedom to do whatever they want to do with their machines.

After two years of using an otherwise beautiful iPad Pro (along with my MBP) I came to realize that a crippled machine that is very limited in how I use a computer is not the future of computing I like. The device collects dust for quite some time as I prefer a computing environment where I use the terminal a lot, where I use my bash and Python scripts a lot to automate, where I use Emacs a lot to write tech docs, do my project planning, writing, automating workflows, and many more things that are not doable on a crippled (iPad)OS.

You keep going toward your vision of a computing platform where your customers are just consumers, not hackers and doers, and us hackers need to look for alternative platforms, most propably Linux.

> neither do I want to tinker with Ubuntu

You can get XPS Developer Edition, System76, Purism, or many other laptop brands (eg. any of these https://elementary.io/store/ with elementaryOS, whose DE should feel fairly familiar to a macOS user) with GNU preinstalled these days.

Although very slowly, this list of companies providing good Linux-ready laptops is growing.

I do wish someone would dare ship something high-end non-amd64 (e.g.: ARM). Kinda like what we're seeing from Apple.

First a high-end ARM chip would have to exist. The 8cx is pretty meh compared to the M1.

Even the M1 isn't appreciably better than an AMD chip, especially not an upcoming 5nm chip.

What's wrong with AMD?

That comment means amd64 (x86-64) CPUs not AMD (company) CPUs

Yes the iPad is "crippled" in that sense, but I find it's an excellent accessory to a computer. Not everything I do needs a terminal, my Python scripts, favorite text editor, and rapid multitasking. The iPad is a wonderful (albeit expensive) side device for lighter activities on the couch, in the kitchen, or on the go.

It doesn't need to be our only computing device to be appreciated, and not every computing device needs to be powerful.

What I am lamenting is the observation that the iPad OS seems to be Apples vision for how computers should work: Crippled, not much user control, just content-consuming devices with Apple controlling every aspect of it. That’s not a personal computer anymore, not a device where we have much control over it.

I'm perfectly happy with the division between "consumer machines" and "creative machines".

I obviously count myself among the people who needs and wants creator capabilities, but for my technologically challenged family and friends there's no reason to learn and manage all the complexities of a classic computer environment if they just want a point of access to youtube, netflix, spotify and social networks.

I still shiver remembering the times of browsers riddled with search bars, trojans and antivirus software slowing computers to a crawl and people who's "good with tech" being dragged to friends' houses to see what's wrong with the computer.

Same here. I can't stand macOS, the interface is terrible and it's an awful development environment.

But the iPad is an excellent companion, since I use that to scrible around, consume media, photo editing, keep my music sheets, and all that stuff that would suck on Linux.

>Oh Apple, why are you doing this, taking freedom from your customers

Because they can. Most other laptop manufacturers are producing garbage. Vaunted brands like Thinkpad and Dell are even failing to keep pace.

My wife's 2019 Dell XPS 13 is awful to use. The touchpad is horrendous, and I'm not buying Lenovo after the Superfish thing.

Apple has always be proprietary and always will. Apple II and Macintosh Plus days, they sold all their own peripherals.

I had a Dell XPS 13 1645 that had a great display, but everything else about it was awful.

Well, in reality, you can't be a purist or you'll end up with nothing. The Lenovo T480 is solid and has two batteries.

What? The Apple II was a fantastically open machine! It even came with the circuit schematic and ROM source code right in the manual! It had lots of slots and there was a massive third-party ecosystem. It was when Jobs got to design machines with the Apple III/Lisa/Mac that things closed up.

Even if you could turn off secure boot, Linux doesn't have drivers for Apple Silicon. Maybe in 2030 someone will port Linux to a jailbroken M1 Mac.

No Bootcamp for Apple Silicon Macs, you can't install any other Operating System on it. But you can run arm linux in a virtual machine.

So, a locked bootloader with someone else's public key as the only one trusted? Can you even call that a computer?

This exact issue is something Stallman[1] and others have talked about for a while now[2].

[1] https://www.gnu.org/philosophy/can-you-trust.en.html

[2] https://www.cl.cam.ac.uk/~rja14/tcpa-faq.html

I use a mac for work (and paid for by work) but refuse to spend my money on something I can't use the way I would like to use it. I think that these companies shouldn't be able to lock you out of you using your tractor/car/computer like everyone seems to be moving towards. It's a real shame. I understand if they want to void the warranty because a user blew away some critical firmware, but that's another ball of wax and it's on the user to suffer the consequences.

Agree wholeheartedly!

Void my warranty, boot with a scary splash screen, whatever, but don’t lock me out of the thing I ostensibly own. Or, maybe change the “buy” button to a “license to use” button in your store.

Well, certainly not a personal computer. :/

Apple no longer makes general-purpose computers. They only make pretty, locked-down, computerlike appliances.

The margins on general-purpose computers are simply too thin to sustain a $1T company.

Maybe, just maybe, it shouldn't be a $1T company? Maybe it should once again become a company that puts its customers and their experience before profits?

People are frustrated with technology lately. Even non-tech people. Apple has everything it would need to change that, but it decides to contribute to technology becoming ever more frustrating time and time again instead.

Agreed. But I can't think of an example of a company that ever voluntarily downsized. Downsizing usually happens because a new competitor arises that makes a product customers prefer. That's a very difficult proposition in the personal computer space.

If history is a lesson, any company that arises to compete with established players, gets acquired by them. And it's a shame no companies actually decline these acquisitions.

>no companies actually decline these acquisitions.

Not true. Yahoo made 2 separate offers to acquire Google, and an established social-media company offered to acquire Facebook (for a billion dollars IIRC).

The bootloader is not locked, why continuing to claim that over and over when Apple talked about it at WWDC?

Craig Federighi Said himself that they don’t boot other operating systems. Could you link the talk where they said it can run binaries not signed by Apple? The only thing I could find is where they still allow you to boot older versions which they don’t let you download anymore. To keep the actual mac experience.

It's because they don't want to support drivers for other OSes.

See this WWDC session: https://developer.apple.com/videos/play/wwdc2020/10686

and this manpage: https://pastebin.ubuntu.com/p/RwcT8stYMY/

Can’t find anything in both documents which allows booting of non Apple signed Software. The only thing I See there is something like SecureBoot on PCs, where Apple would need to sign your boot loader in order to be able to boot it.

--permissive-security is the setting that you want. You are then able to enroll hashes of unsigned kernels with kmutil.

Kmutil is only there to load kernel extensions? Or did that change with Big Sur?

It changed. You use kmutil create to create the artifacts and add the hash to the Secure Boot policy. (--help at https://pastebin.ubuntu.com/p/mN3Z2kfJWy/, no manpage)

TIL this has a man page

I haven’t watched anything. Are you saying you can boot another OS? Can you point me to where I can read or hear more about this?

It is no longer a Personal Computer. And it is a security disaster if you cannot control own hardware of your computer. It should be made illegal for Apple to operate like this. User MUST have full control of the computer. It is user right and should be human right. Then only reason I used Macs is their respecting ability to use any OS I want if I Want.

Looks like you can supply your own unsigned kernel to boot something else.

kmutil lets you do it apparently: https://pastebin.ubuntu.com/p/mN3Z2kfJWy/ and bputil lets you disable the signature checking of the kernel https://pastebin.ubuntu.com/p/RwcT8stYMY/

IIRC at WWC Apple said it would still be possible to boot unsigned OS, but it would show some kind of warning.

This is the best news I’ve heard all day, thank you!

I’m totally fine with a chromebook-style unsigned boot warning.

During WWDC they said you can't use any other operating System at boot time, only through virtual Machines.

Update: here a podcast with Craig Federighi on that matter https://youtu.be/Hg9F1Qjv3iU

Link with timestamp: https://youtu.be/Hg9F1Qjv3iU?t=3772

"we're not direct booting an alternate operating system, it's purely virtualization"

You can, they are just saying Bootcamp isn’t a thing.

Why not just support a company that doesn't do this crap?

I would happily.

Who else is making 8 core, 18 hour battery life laptops that have >200ppi displays and weigh <=1290g?

The choice is now performance xor privacy.

Because most people don’t care?

Why not legislate companies to not do this crap?

I'd be tempted to buy one if this ends up being the case

But what would you run on it? What OS besides macOS has support for running on Apple Silicon?

What's the meaningful difference from other ARM chips which would make this impossible?

Apple's not going to ship drivers for Linux, and it's a SoC. So someone needs to somehow write an open source driver for Apple's proprietary black box of a GPU.

I suspect very little will work at all if someone can get Linux to boot on one, and it will be a very lengthy endeavor to get things up to being usable.

Which ARM chip based device can run linux without the manufacturer's drivers?

The bootloader and GPU mostly.

The reality is that we can't answer this until we have some hands on.

It really depends on whether their secure boot architecture can be disabled (unlikely knowing apple), or allow adding ones own keys (unlikely). Bootcamp probably won't happen since windows does not support the architecture: they'll be pushing people to use VMs.

They might also provide some untrusted path to boot without it being able to access certain secure features. I wish they did this, but also won't keep my breath!

That said, the kernel itself needs to have support for the hardware architecture, and then drivers for all the new hardware they're pushing out. I don't expect this to be soon, though I'd definitely be willing to sponsor anyone willing to work on this.

> Bootcamp probably won't happen since windows does not support the architecture

Windows supports ARM and has for a while. But still probably Bootcamp's days are over, yeah.

It seems that Mac has now iPhone-based boot system.

https://www.reddit.com/r/MacOSBeta/comments/jn7wbf/heres_the...

The difference is that you can turn off checks on the Mac.

Probably something similar to their secure boot with their phone iBoot. https://www.theiphonewiki.com/wiki/IBoot_(Bootloader)

Take action: buy a Mac, and return it. If they want to know why, tell them¹.

Repeat for every new model.

¹ They will have to give you a full refund: it's your right as a consumer. Note that this may not work for companies.

Who downvoted your comment and why ? This is a good comment and good strategy to teach them a lesson. Without some efforts those companies would not recall moral values. Richard Stallman was warning us about this development long ago and he was right. Cripled hardware is useless for hacking mind.

Hey, wait a second. You seem to be implying that they'll just (irresponsibly) throw out machines returned for "other" reasons, but is that true?

I think the best case is they become refurbished, which means the motherboard is kept and the outside gets scrapped?

"How do we get these companies to stop behaving like this?"

"Vote with your wallet!"

<votes with wallet by doing as OP suggests above. Mind you, NOT buying is noise - buying and returning is signal>

"Not like that!!"

Buying and returning is just a petty, wasteful thing to do.

Dude they'll just sell them to someone else. It doesn't change anything, the material and resource cost has already been paid. Stop making this about something it absolutely is not.

Companies DO care when people return something, because that is pure signal. "I got it because I thought I would like it and I don't" is a much different signal than "I have no idea what you think because I never interacted with you". That is likely one of the most effective ways to make a company sit up and take notice, the return rate of a product is a key indicator of its success.

I really don't see that there's anything to disagree with there. Loving Apple, as you may, doesn't make the above point wrong.

Do you think Apple is just going to take the computer you touched, turn around, and sell it to another person? No, they’re going to take the whole thing apart, replace all the consumables and user-facing parts, the sell it as refurbished. And that’s the best case: they might have to strip it for parts or trash it depending on what it was that you bought.

This has nothing to do with a love of Apple or anything, and everything to do with “you’re abusing a program that they are going to either ban you from, or remove because you abused it too much”.

and degrating Personal Computer into machine under control of someone else, attacking rights of the person and stripping people from privacy completely is not a wasteful thing to do? I mean, it's a garbage by defintion and sure, it takes time for people to understand this, but this machine is useless by design for freedom respecting society, it's not a waste? it's a huge waste of resources I would say. Returning product doesn't add to this too much of waste, it simply tells what it is.

Dude, you’re arguing about control to the wrong person. Apple knows about this already and you returning a bunch of devices isn’t going to get them to change their policy.

I am not buying apple stuff for 5 years already, becasue I can't stand stupidity and their macbooks pro woould just cripple my abilities and mobility with those stupid dongles, unupgradable memory and idiotic touchbars.

The only reason I could bare some of their hw is becase I knew I can put Linux when I get enough of it, and now what?

I am not buying, sophisticated people are not buying and it doesn't help so in my perspective IF something is ever going to change their policy is returning products to SEND A MESSAGE. Other option is to wait untill some dumbo get it when it'll be too late, like it was when S.Jobs has to return to save them..

Or you sugest even more strong action then returning?

They’ll stop selling the device to you or accepting your returns. So you haven’t really done much.

Also, people who complain about downvotes usually attract more. I’d suggest not doing that. Claims that there are “no valid arguments” against your position rather than nobody wanting to deal with you are, well, absurd.

If many people will do that it's a different story. May be it's ok with you and you see no danger in their strategy but I see this issue as huge attack on freedom and rights, including right for privacy. History have many examples about how people protected their rights and freedom. Returning product is very light way to send a proper message.

Recently I see more and more perfectly valid comments to be downvoted and I do not like it. If this forum will become mob controlled with bullying then I see no reason why bright people would stay here. If one doesn't want ot deal with comment, usually one moves on, like I do. But if argument is perfectly valid and instead of answer I see one simply downvotes it is bullying as it appears.

So the e-waste stops the moment they stop selling us junk?

It is greatly reduced when you stop buying things and returning them so they need to refurbish it.

i personally prefer secure hardware at the expense of not being able to play around with other OSes - i am sure i am not alone

You can have both. Users should control the keys. Not an insurmountable problem.

I also prefer secure hardware, but I find macOS completely useless for work.

While I can appreciate that some see other-OSs as something of a curiosity, for many of us it's a big deal-breaker, and it's a shame Apple is not willing to provide their hardware to so many potential clients who simply don't want their software.

One advantage I could see would be lowering value for thieves, if it worked out like locked phones that cannot just be wiped and resold.

It means that you need to find a vulnerability in bootloader and exploit it to break free from Apple secure garden. Linux works on ARM for years, so I'm sure that it won't be impossible to port it over, but whether enthusiasts will do it or not is another question, as you would need to write drivers for proprietary GPU and storage to make it useful.

You can turn off secure boot.

You can, there’s a bputil command for it I believe.

Here's WWDC talk claiming that you can't: https://youtu.be/Hg9F1Qjv3iU?t=3772

I'm talking about ARM macs, not Intel ones.

That’s not really what I’d call a “WWDC talk”, but sure, it mentions that Apple won’t provide Boot Camp, and that they are running their OS demos using virtualization. I didn’t see a claim that they won’t let you reduce the boot security.

"We're not direct booting an alternate operating system, it's purely virtualization. Hypervisors can be very efficient, so the need to direct boot shouldn't really be a concern."

For me that quote means that they're not allowing booting any alternate operating system and they expect developers to use virtualization if other operating system is needed. I would be happy to be wrong about that.

I understood that as "we weren't booting something else in our demos, we were using virtualization" but not "we can't boot anything else". I am sure, however, that they would like you to use virtualization instead of direct booting.