In one of the older threads someone asked whether you'd eventually be able to run Linux on this, and someone responded that this would be annoying to do, since there aren't any docs. Is that actually true? The Apple A SoCs don't boot random kernels, so I would think the Apple M SoC does not, either, and requires bootloader/kernel to be signed by Apple, just like iPhone firmware.
Full Security: Ensures that only your current OS, or signed operating system software currently trusted by Apple, can run. This mode requires a network connection at software installation time.
Reduced Security: Allows any version of signed operating system software ever trusted by Apple to run.”
⇒ it appears ‘other’ still requires OSes signed by Apple, but it allows you to run an OS even if Apple has no longer trusts it. Or am I misreading that?
So, there might be Apple-signed Linuxes, but I wouldn’t hold my breadth for that.
Edit: so like Secure Boot with only Windows key, Secure Boot with Microsoft-approved key (note that the key used for Windows and key for Linux signing is different) and Secure Boot disable.
Eh, I read reduced mode as basically how secure boot works on hardware with Microsoft-only keys in which MS signs a shim and it automatically blesses desendants (technically the OEM is not restricted to put other keys on the key database, but aside from business computers it seems that most machines have only Microsoft and OEM keys). Of course, Microsoft has a stronger incentive to sign these (or else they will be accused of antitrust violations), so Apple might not do that.
See this "option only appears when you run csrutil disable", which is the one that you need for third-party OSes, and doesn't impose any requirements on the OS that you boot.
Bootloader/kernel signing can be turned off, there is even GUI for that if you turn off SIP first. Is it just like a jailbroken iPhone/iPad, but straight from Apple and without losing warranty.
No, you cannot turn off the signed bootloader requirement just by using the GUI. You need to run csrutil in a terminal after booting into macOS recovery.
Well, I should have been more precise. There is GUI for switching system into 'permissive security' mode that does not check system signatures [1] but user still needs to first turn SIP off using terminal in recovery mode.
To be fair though to Apple, at least it is standardized. Have you tried to turn off Secure Boot?
Note: depending on the specific motherboard it could be:
- Windows Command-line (some Surfaces)
- a simple switch on the BIOS configuration (usually on desktop motherboards which are sold as a part)
- set first a password to the setup and then switching it off (notably some Acer laptops)
- removing a screw physically, setting a setup password and switching it off (some Acer laptops probably copied from ChromeOS SKUs)
- Setting secure boot to custom and then clearing the key database (usually business computers)
- (Technically incorrect) setting it to BIOS/CSM mode
- Shout to heavens because that OEM has somehow hard-baked secure boot on the system and does not have CSM options (company shall remain unnamed but the name ends in L)
As soon as you have kernel-level code execution ability you can "chainload" either u-boot or a Linux kernel directly. But yeah, the biggest problem will be the lack of documentation - for example the good old classic iPod had iPodLinux, but never got real traction.
The new M series? Probably Apple themselves will allow booting other OSes, but I would not count on any official support in getting stuff running.
