The newly-embedded chip handles Touch ID and storage encryption, while disconnecting the hardware microphone when users close the lid. Unfortunately it also wields power over the boot process, which means Linux is currently locked out.
While support for Microsoft Windows is turned off by default, Mac owners can still enable this manually through the Secure Boot functionality. They will then be able to use the Boot Camp Assistant, as they normally would.
Apple’s own support documentation effectively says until it adds support for the Linux certificate (or someone enables it through less-official means), it will not be possible to boot the OS, or its variants on this generation of Mac hardware.
Related: Best MacBook 2018
The document reads: “By default, Mac computers supporting secure boot only trust content signed by Apple. However, in order to improve the security of Boot Camp installations, support for secure booting Windows is also provided. The UEFI firmware includes a copy of the Microsoft Windows Production CA 2011 certificate used to authenticate Microsoft bootloaders.
“Microsoft Corporation UEFI CA 2011, which would allow verification of code signed by Microsoft partners. This UEFI CA is commonly used to verify the authenticity of bootloaders for other operating systems such as Linux variants.”
The discovery was made by Phoronix (via Inquirer), which writes: “The Boot Camp Assistant will install the Windows Production CA 2011 certificate that is used to authenticate Microsoft bootloaders. But this doesn’t setup the Microsoft-approved UEFI certificate that allows verification of code by Microsoft partners, including what is used for signing Linux distributions wishing to have UEFI SecureBoot support for Windows PCs.”
So, Linux lovers with new Mac hardware look to be out of luck here.
Will this alter your decision to buy a Mac mini or MacBook Air 2018? Drop us a line @TrustedReviews on Twitter.