T2 co-processor, which equips the Apple iMac Pro, and all the new models of Mac Mini, MacBook Pro and MacBook Air on the hardware level blocks the installation of Linux and other operating systems except macOS and Windows 10. Thus, according to the manufacturer, it is possible to provide the most effective protection of user data from the computer memory without putting them at risk of leaks or unauthorized reading by third parties.
Chip T2 ensures safe Mac, checking each stage of loading with Apple-signed encryption keys. This eliminates the likelihood of penetration to the device is illegitimate, which for some time were considered to be distributions of Linux. Even load Windows on computers by default T2 will be blocked until then, until the user manually activates the utility Boot Camp Assistant.
Why not install Linux on a Mac
“This action will install the certificate Windows Production CA 2011, which is used to authenticate the Windows boot loaders, but will not install the UEFI certificate used to sign the distributions of Linix, — explained the experts of the resource Phoronix. This means that as long as Apple decides to add this certificate, or the T2 chip will not be cracked, running Linux on the latest Apple hardware is still impossible.”
It is noteworthy that to correct the situation and allow the same to install Linux on a new Mac does not allow disabling Secure Boot utilities. Chip T2 continues to block the installation of other operating systems except macOS and Windows 10, which is weird because in the description of the security settings, Secure Boot is clearly written that its deactivation will lead to total freedom downloads without any restrictions.