Apple explains that there is currently no trust provided for the Microsoft Corporation UEFI CA 2011.
Apple recently announced their new Macs with powerful chipsets and enhanced security. The security has been beefed up with an Apple T2 Security Chip that provides a strong and Secure Enclave co-processor that is mainly responsible for TouchID, APFS storage encryption, UEFI Secure Boot validation, Touch ID handling, a hardware microphone disconnect on lid close, and others. This same chip also enables the secure boot feature on most new Apple computers, which could be a huge block for most Linux installations.
A report by Phoronix states that the T2 Chip has been blocking Linux from booting and only allows Apple MacOS and Microsoft Windows OS to work well.
Apple explains that there is currently no trust provided for the Microsoft Corporation UEFI CA 2011, which would allow verification of code signed by Microsoft partners. UEFI CA is commonly used to verify the authenticity of bootloaders for other operating systems such as Linux variants.
However, although Apple is allowing users to disable this feature which can enable Linux for booting, the report states that disabling the same is not working. The T2 restricts the boot process quite a bit and verifies each step of the process using crypto keys signed by Apple.
Late last year, Apple explained in a support document on how one can disable this secure boot. However, that does not seem to work on the newer Apple Macs.
‘According to Apple Support, it may be possible to disable the Secure Boot security in full when booting to the Startup Security Utility in the macOS Recovery mode. This may allow Linux to then load on the device albeit without any boot security but by default / out-of-the-box the T2 chip will indeed prevent Linux distributions from booting,’ reported Phoronix. However, they also claimed that the process is still not working well.
So unless Apple takes a decision to allow Linux on the newer Macs and older ones that feature the T2 Chip, it will be difficult for those Linux lovers to work on these babies. So unless Apple releases a fix, Linux will have to be at bay.