Hacker News new | past | comments | ask | show | jobs | submit login
Craig Federighi confirms Apple Silicon Macs will not support booting other OS (reddit.com)
83 points by ytch on June 25, 2020 | hide | past | favorite | 97 comments

It is still possible to disable secure boot using csrutil. Apple has never officially supported booting Linux on a Mac.


See also https://developer.apple.com/videos/play/wwdc2020/10686/ 19:00

If you read the replies, that only loosens secure boot enough to allow downgrading to older Apple-signed versions of their OS. It doesn't let you run unsigned code.

If you only use the GUI then yes, but csrutil allows you to disable it even further.


So we are moving back into a locked boot loader state of the world.

While I understand there are advantages to what Apple is doing, I worry that we will soon see lockdowns to what apps you can run on your computer. As an Apple fanboy for at least 20 years, that makes me sad.

I hold the relatively new opinion that being a fanboy, of any company, is no longer a tenable position. There are no good guys, there are no bad guys, they're just corporations.

All we can do is evaluate every new program, every new hardware, and every company policy on its own merits and demerits.

I hold the relatively new opinion that being a fanboy, of any company, is no longer a tenable position. There are no good guys, there are no bad guys, they're just corporations.

This has been on my mind a lot recently. Of course, I knew this. But the grip of corporations on our daily live has increased a lot now that software is eating the world. So the effects are more profound.

It has also enforced my belief that it is only worth investing significant mental energy and free time in non-profit, free software communities. While they are not perfect, their interests are typically much more aligned with our own. And in the worst case, the source code, hardware designs, etc. are always available to pass the baton.

I’ve been flipping through some of the old computer magazines from the 1990s available on the Internet Archive.

- CD-ROM Today: https://archive.org/details/CDROMToday/mode/2up

- MacFormat: https://archive.org/details/Macformat44S/mode/2up

- MacAddict: https://archive.org/details/MacAddict-009-199705/mode/2up

My conclusion is that being a fanboy was never really a tenable position, it’s just that back in the 1990s, you had to spend something like $2,500 just to own a nice computer.

Being a fanboy may just be a default position - a representation of justifying purchases - but the realization is new for me. It took watching companies I previously championed (Blizzard, Apple, CDPR, Google) make insane yet intentional miss-steps.

Or more - if you wanted new things like CD-ROM drives, good quality sound, etc. you were often well north of $3k - and when you adjust for inflation that’s like a $4500+ system today.

Bill Machrone, the long-term editor of PC Magazine, coined something that came to be known as Machrone's Law: "The computer you want always costs $5,000." Over time, that $5K system got more and more tricked out to the point where you had to really start working to get to that price point maybe 10-15 years ago.

Apple has been pretty consistent with where their priorities are. Simple, controlled and high margin. They hope you as a user aligns with those but they have enough money and iPhone sales not to care - you will buy one if you need everything integrated and have to make money developing iOS and Mac store apps.

If I had money I would buy Apple stock - they got it down good strategy wise.

The snidest part of this is to rip off BSD for years and give nowt back to those that want to run BSD outside their walled garden.

Money does not justify evil.

Other than years of patches, clang/LLVM, and WebKit? Apple is far from perfect but the odds are good that you’re using a browser which uses or was compiled with open source they’ve supported.

WebKit was based off of KHTML, which is LGPL, and thus Apple is forced to make its modified source available or violate the terms of the LGPL.

This is not wrong but misses the point: they poured a huge amount of engineering time turning a browser engine which had previously been well behind the major players into a major competitor. I used Konqueror on Linux back in the day and if you'd said that in two decades most web users would be using a KHTML-derivative it would have sounded absurd.

I also used Konqueror back in the day, and remember KHTML as being smaller and faster than Gecko. I don't really find it absurd when they've picked up arbitrary bits of *BSD cruft and let them age for a decade.

CUPS would have made the point better.

If any BSD developers still work at Apple it would be interesting to know how they feel about it.

The bootloader is not locked. Here Apple is only talking about official support.

Secure Boot can and will continue to be disable-able through csrutil.

Never become a fan of companies, politicians, celebrities, religious leaders and pretty much anyone in a position to influence masses. They very much want you to, because the more you become a fan, the pinker your glasses become. Little by little you stop defending their decisions and start defending your decision of following them.

> I worry that we will soon see lockdowns to what apps you can run on your computer.

Soon? Phones are already like this, MacOs you have to flip a setting to get things off store. Windows has been flirting with the idea.

MacOs you have to flip a setting to get things off store.

This is false, until recently you could just run any signed application without changing settings. Currently any application that is signed and notarized.

(IIRC this only applies when the quarantined bit is set.)

So apple stills controls the entire system if you don't disable that checkbox. This is completely anti-user.

I'm willing to accept more flexibility in my phone because of how I perceive it.

My computer has always been a bicycle for the mind. My phone is an assistive device that I use to look at cat photos while waiting in a line.

I could not care a rat's ass if I have to replace my cat addiction with taking a paper book along with me. I do very much care for a platform where authors of myriad free/open source software can continue to create.

Even if you believed Apple was unquestionably good, they're subject to obey the orders of the various governments they do business under in a much stronger way than the practical free speech of a planet's worth of assorted developers and hackers is.

> I worry that we will soon see lockdowns to what apps you can run on your computer.

This is clearly the trajectory macOS is taking, given their move to block unapproved software behind a security setting and the enforcement of notarization. If you don't pay the Apple tax of $99/year, your software is a second-class citizen on macOS.

Sorry but what are the advantages? For Apple maybe, not for the user.

I salute Apple for building Windows-proof computers.

I am not so thrilled by them building Linux-proof ones.

He's not wrong about virtualization. I use Linux constantly at home and at work. I can't remember the last time I used a computer that booted into Linux.

Yeah, as long as there's solid virtualization support I'm not too fussed.

I've only ever booted true linux on devices made for the purpose--dedicated hardware. Really any other time it's in a virtual machine. Especially because VMware Fusion is so performant that I don't feel much penalty at all for being in a virtualized environment.

As long as the new Macs have similar virtualization performance, I really don't care. If I really wanted dual booting I wouldn't be buying a Mac.

I suspect most of the people throwing a fit about this don't even own Mac hardware.

I use docker lot on the Mac when I need a Linux environment but, overall, the Mac side is a functional Unix environment, so I'm quite happy with it.

I would, however, welcome the ability to boot Linux for when Apple decides it's time to sunset the model.

What happens when the Macbook goes EoL? The same that has happened with iPhones and iPads - useless pieces of hardware that can't be used anymore?

I guess we'll know in ... 7 years time? I don't think there are any Macs younger than that which aren't able to run 10.15 for example.

Direct link to the statement: https://youtu.be/Hg9F1Qjv3iU?t=3772

"The need to direct boot shouldn't really be a concern", says the same man who said that the lack of expansion slots on the trashcan Mac Pro 2013 shouldn't really be a concern because you have a lot of Thunderbolt ports.

Does Apple "support" booting any OS other than Windows today? I mean, Boot Camp is an official Apple product, so they "support" that.

not officially support, but there still ways to install Linux on Intel Mac.

But according to Craig Federighi in the video, Apple will not allow (or will ban) booting to other OS on Apple Silicon Macs.

Maybe we need to find a bootrom bug to install linux in the future like iPhone.

I think you might be reading too much into what's a tiny snippet of video - he's asked about Boot Camp and says something like "we're not direct booting an alternate operating system".

It seems a stretch to hear that as "Apple will not allow (or will ban) booting to other OS". I hear it as "there is no Apple software for booting other OSes on ARM".

It remains to be seen whether Apple will take advantage of this change to introduce some tighter, secure boot type controls that might impact the ability to boot other OSes. I can see that happening, but more as a side-effect rather than an insidious plan to mess with all 0.003% (or whatever) of their user base that currently dual boots Linux.

It's not a stretch. It's modus operandi. You cannot even install software on their phones.

Secure Boot can be turned off on Arm macs, not the problem. As a part of checkra1n, we have the pongoOS bootloader which can boot Linux on jailbroken phones. I'll port that over to Arm macs don't worry.

In WWDC talks they hand said you can run whatever software you want.

Apple treats phones differently from Macs.

I guess in some way it’s sad, in another way it’s a feature that really not many Mac users are asking for.

I read somewhere that boot camp usage is down to something like 2% of Mac users. In the early days of boot camp it was in the double digits. A lot of the people who “switched to Mac” used it as a safety net in case their apps weren’t on the Mac.

In 2020, third party application support for macOS is so much more comprehensive that booting into another operating system doesn’t really make sense. Even though it’s possible, the Mac is really a terrible machine for other operating systems. Aside from Windows being a mediocre experience it’s already very difficult to run Linux.

Apple’s business model in a way predates Microsoft’s disruptive strategy of selling operating system licenses to compatible OEMs. In my understanding of computing history, the earliest computers around the Apple II era largely had each computer manufacturer writing their own operating system software. Apple seems to just happen to be the only company that survived that particular business model.

Even 13 years ago when I made the move to OSX and Macs I was comfortable with the somewhat closed nature of Apple's platforms. I made an informed choice about what I was giving up and I have continued to make informed choices about what I have progressively given up over the years.

Because Apple mostly made really good computers this was an acceptable tradeoff.

Fast fordward to 2020, and I dread that my ageing Macbook Pro (2015-2016?) is going to kick the bucket because newer Macbooks have compromised hardware. If it kicks the bucket I have to make a choice. Do I stay on OSX or am I going to start migrating everything off OSX. (I have half a dozen Macs - iMacs, Mac Minis, Macbooks etc)

Apple no longer make laptops that you can buy without any thought. You have to wait and see what problems this iteration will have. And how much pain others go through to get them fixed. And while I used to own a Mac Pro and am definitively in the segment of users that looks for high power options, I would never risk buying a Mac Pro today. I simply can't afford to pay that kind of money and not know if it will cost me a fortune to fix if it breaks -- or if it will be fixed at all.

This in itself isn't a big dramatic change for me. I'm not happy about it, but I only run OSX anyway. It doesn't change anything for me. But it is another notch on the ratchet. And there have been numerous notches in the last decade. Slowly making the walls around the garden higher and higher, while the rent has been going up and the quality has been going down.

If Apple doesn't make a quality product and a product they will stand by and support unquestioningly when it fails, I think at least I will find myself where I was 13 years ago. With Windows as the platform for running applications, Linux to do software development and PC hardware to do it on.

Apple will have to nail the next MacBook Pro or I think developers will start leaving.

A year ago I had very similar concerns, but now I'm a happy user of a 16" Macbook Pro. Yes, the silly touchbar is still there, but with a hardware Escape key I can tolerate it. Is there anything else lacking for you from a 16" model?

I'm mostly concerned with their durability and fixability. We used to have no problems with Macbooks until some years ago. Keyboard, screen, battery etc. Fortunately no burned SMCs so far (which is essentially a death-sentence since Apple will do their best to turn replacement of a $2 part into an opportunity to sell you a new Mac)

A couple of batteries died for no apparent reason on machines newer than 6 months, I think one screen failure was due to bad thermal design (hot airstream vs connector), we've had keyboards crapping out and the fans tend to be on constantly when running workloads that are more than "mostly idling".

Even though the batteries are glued down, we stared doing those repairs ourselves. But anything that requires an inventory of dubiously sourced parts tends to mean a bad, time-consuming and expensive repair job at some authorized shop - and most of the time they don't actually repair stuff; they chuck the board in the bin, put in a new one and make you pay for it.

How do you cope with the thermal throttling? Or do you run light loads?

Why would you attempt to repair them when Apple will do it for free?

Apple doesn't actually repair anything. Apple outsources this to shops with wildly varying qualifications. Often incurring unnecessary cost. And no, they wouldn't repair them for free.

Anything that breaks within the warranty period Apple fixes for free, and often even outside the warranty period. I, like many others, have had an Apple genius waive a repair charge out of warranty if the device should not have failed.

And whether your claim of their outsourcing is true or not, Apple is still on the hook for warranty on the repairs. I highly doubt it’s common.

Lastly Apple has by far the highest customer satisfaction in the industry in a good part because of how they handle repairs.

I think you might want to look into that. A good place to start is Louis Rossman's Youtube channel (he fixes Macbooks for a living and a recurring feature on his channel is how Apple and other companies do "repairs"). https://www.youtube.com/user/rossmanngroup

How many Macbooks, iPads and iPhones have you sent off for repair?

> will not support booting other OS

... "without voiding the warranty", anyway. Where there's a will, there's a way.

I expect that running alternate OSs on an ARM Mac to be about as easy as they are on an iOS device. Which is to say... not easy. Apple has been working to close holes in the secure boot for many years.

The question of course is... why bother? I kind of get it as far as the laptops go, because of the hardware design. Though I think that gap has closed considerably in recent years and you can get a decent laptop that runs Windows or Linux. Though in the Linux case, support for features like suspend / resume and such tend to be spotty.

For desktop hardware, I don't see the value proposition for running an alternate OS.

Ultimately it's the users device and the user will do what they want with it. Locking bootloaders is just security theatre.

if someone wants to run Linux/otherOS on their computer, they should be allowed to do so.

It’s not just security theater: ask how many people will use Linux intentionally versus how many will be compromised by malware which uses the same technique for persistence?

You might be able to do something like encrypting the macOS partitions with a key which won’t be given to a non-trusted boot path but that’s a lot of work and new security risk for something which almost nobody will use since most people are buying Macs for the software and very few people have needs which can’t be satisfied by running Linux under the built-in hypervisor.

Suspend and resume has been stable for 10 years on linux.

There is a clear value proposition for taking an old mac and installing Linux. No value for Apple, they want you to landfill the laptop and buy a new one.

They don't want you to landfill it, they want to buy it back for half-market-value so they can resell it or reuse parts and metals. With cheap repairs you'd get your MBP fixed for $300 instead of sell it back to Apple for $300. With upgradability you'd max out ram and storage and get additional years out of a computer that maybe only shipped with 128gb of storage and 8gb of ram because you didn't have a spare $2000 for soldered upgrades on day zero. It all just pushes and guides you back to Apple to return the machine you quasi-leased for a slight discount on the next.

Quasi-leased? My Macs have always lasted far longer than my Windows PCs, if that’s a lease it’s the lowest cost one ever.

If you're looking at pre-2016 hardware sure, we can look back and see this stuff still ticking along very nicely and setting new expectations on longevity. Anything since is stuck with soldered storage and whatever ram unless you upgrade the entire machine. Anything with a butterfly keyboard is dependent on a free keyboard replacement program that ends soon for the earliest models. OLED degrades over time so there's a TBD lifespan on touch bar screens. The iMacs and Mac Pro might last forever on the hardware side, but if Apple only needs two years to transition to their own hardware they'll have no software support long before the hardware is useless. None of this is going to last like the previous generation.

> Suspend and resume has been stable for 10 years on linux.

I should have been more clear. What I meant was that buying a mainstream laptop with Windows pre-installed, and then putting Linux on it. In that case, things like suspend / resume may or may not work.

Sure, one of those rare Linux-specific laptops (System 76, Dell, etc.) will see dramatically better hardware support.

Not on Macs it hasn't. On the late 2013 it definitely didn't work. Along with a bunch of other things. Extremely unstable Linux machine. I assume all Mac laptops are the same. Except for the last three years. Can't even install Linux on those afaik.

I think 95% of people running an alternate OS on a Mac computer are doing it for dual booting Windows and video games.

It's going to be hard to have good Linux support.

Even current Intel MacBooks are full of glitches and things that don't work due to custom T2 chips. In the future, I expect this to be more of a problem as Apple continues pushing custom chips. This makes a lot of sense for them as they can develop significant advantages by controlling their architecture, like e.g. Commodore did with Amiga.

In contrast, early Intel MacBooks were fantastically open. For example, the MacBook 2,1 is one of the few machines to be able to run Libreboot. The MacBook Air Late 2012 was run by many people as a daily driver, including Linus, as it was a pure Intel machine. Silent and simple, everything was supported.

It’s already been confirmed that kernel extensions will work on the ARM macs. From there it seems straightforward to get a basic Linux loader going.

The biggest obstacle for those is a ton of work for drivers. Arm macs also don't use UEFI but iBoot + DeviceTree, however we provide a bridge bootloader as a part of checkra1n (pongoOS) that can be loaded after iBoot, and it boots Linux on an iPhone just fine. :-)

I hope that someone in the linux space is able to take over as the default hardware-and-software-together provider.

System76 seems like the most likely candidate I am aware of. If anyone there is reading, I would be happy to subscribe to a yearly PopOS update to keep it improving as an Open Source OS built for your specific hardware.

I wish they would give a clear picture on virtualization performance if they’re not going to support dual booting. If Linux and Windows virtualization are not at least on par with their 2019/20 models, these things are dead in the water for me as dev machines.

There's no reason to believe that Windows will run in a VM on a Mac with Apple silicon anyway. I don't believe (correct me if I'm wrong) that Apple has said anything about Rosetta 2 emulation applying to an entire VM. I have to believe that would be dog slow in any case.

And lacking that, standard x86 Windows isn't going to run. And even if there were a version of Windows which worked--by no means a given even if there's an Arm version for the Surface--none of the standard Windows apps would run. So I'm not sure what use running Windows on a Mac is doing to be to anyone in that case.

In the same interview, Craig said they run virtualized ARM Linux. It’s virtualization, not emulation, so x86 won’t run indeed.

Thank you for confirming. That was my assumption. There's certainly no lack of Arm Linux versions. In fact, the new supercomputer at the top of the TOP500 list uses Arm chips and runs a supported Linux (RHEL).

As I understand it, Apple have specifically said that Rosetta 2 emulation will not support VMs at all.


There are a few things in the section "What Can't Be Translated?", including

Virtual Machine apps that virtualize x86_64 computer platforms

I understand that VirtualBox has a "software emulation" mode (on x86 host and guest) where it doesn't use any hardware virtualization features, and instead runs the guest OS with some sort of JIT that rewrites any hardware access to VM calls. Maybe that would work in Rosetta?

It's time to move on from Apple as a consumer. This was my biggest fear.

Although I have no interest in running Linux on an ARM iMac today, I'll likely be interested in running Linux on an ARM iMac in 5 or 6 years when the OS deprecates the hardware support. Currently running Ubuntu on several iMacs as 'extra' computers.

The keynote showed them running Linux under Parallels, although that was a version of Linux compiled natively for ARM (which would seem to be preferable to running it with Intel emulation, speedwise).

VMWare has also strongly hinted that their stuff will work on ARM-based Macs.

"Not supported by Apple" doesn't necessarily mean "can't be done".

So, this is the real reason of the switch to arm "apple proprietary" cpus.

- First step, only Os X is able to run and the machine and apple control all the layers of the "stupid buyers" hardware to ensure TPM and signed bootloader/os.

- When no OS alternative, they can complete the current evolution to force using signed/notarized third party applications.

- Once everyone will already submit their binaries for apple validation, they could suddenly force users to use the Mac App Store. And prevent any installation outside of it. (As always, officially it will be for security and convenience of users...)

- Then, they will have the same level of control of your computer as they have on the iPad and iPhone.

- Then, you will have no right anymore on your own computer...

That is the dream of Apple and Microsoft for a few years. Hopefully this strategy failed for Microsoft and their AppStore, but in their case they did not have control over the hardware!

Honestly, this seems like an incredibly sensationalised take. The word “support” here probably doesn’t mean what you think it means.

With Boot Camp, Apple produced an installation wizard and an entire fleet of drivers to make Windows work acceptably on a Mac. They spent man-hours working on and testing Windows on their hardware. That was them “supporting” Windows.

So far, there is nothing that suggests that the bootloader will be locked or that it’ll be in any way impossible. It’s more about the fact that Apple just won’t help you do it, much in the way that booting Linux on a Mac works today but it isn’t a “supported” Boot Camp platform.

Ah ah, I think that you understand what you would like to understand! I agree that there can be a doubt in the meaning of his words, but Apple past and corporate strategy can show you very clearly what is their strategic goal.

But we can take the bet here and I will come back here to tell you that I was right in 1 or 2 years.

You won’t be. There is no strategy here and no advantage to them doing what you claim, whereas there obviously has been with iOS.

There is literally no evidence at all to support your assertion.

So, this is the real reason of the switch to arm "apple proprietary" cpus.

No, it may be a side-effect. (1) the real reason is that they are not dependent on Intel for their product schedules anymore; (2) they can use the custom silicon that they are already shipping on iOS devices (e.g. the Neural Engine); (3) investments in their silicon pay off across more products; and (4) all of their hardware will be on the same architecture.

They do not care about hobbyist niches of people that run hackintoshes or run Linux on the Mac. These niches are so small that it does not effect their bottom line.

(Doesn't mean that closed platforms don't suck.)

I feel pretty much like you do on this. Linux on Macs only even comes up so much here because HN is a technical community that is already predisposed, but it’s definitely not why the average person buys a Mac for. It’s certainly not enough for Apple to pay attention to or spend money on.

What percentage of Mac users do you suppose have ever used the Terminal app? I'm guessing double digits but low double digits.

I’d probably guess about the same although I really have no evidence for that guess. Very likely if you’re a developer, not so much otherwise (ignoring the odd website that tells you to copy-paste-this-thing to do/fix whatever).

>ignoring the odd website that tells you to copy-paste-this-thing to do/fix whatever

Yeah. I was thinking that if the number were a lot higher than I'm guessing, that would be the reason.

Shame. I have installed Linux Mint on my MB Air and it does works quite well. It boots very quickly and even fails to come back from sleep no less infrequently than High Sierra itself.

And soon the industry follows. How long until we cannot get a laptop that runs Linux? Before you down vote, at least let that sink in a minute.

There was a lot of speculation that Microsoft's push for secure boot would be used to lock out Linux on PCs. That never happened, dont know why vendors would start now.

There is no danger of that happening whatsoever. Even Dell have committed to Linux support and PINE have started manufacturing Linux-first laptops.

So that implies no support for VMWare ESXi on ARM macs, too, I guess?

Given that the only Macs to have ever made it onto the VMware HCL are a couple of older models of Mac mini, and ESXi isn’t even available on ARM at this stage, I wouldn’t hold your breath.

Well, for what it's worth, the last supported Mac Mini is 8,1, which is late 2018 model, only replaced by 2020 with the same CPU. But other than that, yeah, not holding my breath.

I'll be surprised if Apple Silicon macs allows sudo commands

Of course they will. Apple have already said that they will preserve the UNIXy userspace as a first-class citizen, it’ll just be on a different architecture.

This feels like all the same mistakes Apple made the first time they kicked Jobs out. They just don't know how to manage success.

You mean it costs more and isn’t stable? They’re spending tons of money on software which never ships?

This is a niche feature which a very small percentage of users use even now: AAA gamers usually don’t buy Macs and most of the Windows-only software which people have doesn’t run on ARM anyway — and given how good cloud services are now you’d have to ask how many sales are going to be lost by someone who needs bare-metal Windows or Linux but won’t buy a PC.

Yes to the first two. Quality decline has been an ongoing issue. With regards to lost sales, there are many professional genres which use software that simply won't run on Macs, architecture is one of them which also has a high crossover with designers. Many use dualboot so they can run the cad software which only runs on windows when the need to.

This is awesome news. Every architect I know uses Macs with dual boot since cad software isn't supported by Macs. Now they won't bother with the MacBook at all. Given how Orwellian Apple has become, I'm excited for their downfall.

You'll love how Orwellian this page is ;)


Lol, it's not just about data privacy. Right to repair, right to deliver apps without a 30% fee to my business, right to payment method I prefer, like cryptocurrencies. Right to run whatever software/os on hardware I purchased. These rights have already been eroded on iOS apps, you will see it erode further when these platforms are merged.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact