Apple recently introduced its renewed MacBook Air with Retina display, and among the innovations in these devices is the Apple T2 security chip that is responsible for supporting the Touch ID sensor (with Secure Enclave), the encryption of APFS storage units and the validation of UEFI Secure Boot.
Precisely this last option is the one that affects a section with which Linux lovers will not be happy: the T2 chip blocks the boot of Linux distributions , and even disabling this option it is possible to make use of this operating system on these machines .
The security chip T2, responsible
As indicated in Phoronix, the Boot Camp Assistant software that allows adding support for installing Windows 10 on these machines causes the Windows Production CA 2011 security certificate to be installed , and this certificate was also used by Microsoft partners and by the distributions themselves.
The T2 security chip documentation ( PDF ) explicitly states that there is “currently” no support for that certificate , which “would allow verification of the code signed by Microsoft partners.” Without this support, it is impossible to access the installation of a Linux distribution, neither on the MacBook Air nor on other devices with the T2 chip, as the also renewed Mac mini .
The security chip, as explained in Stack Exchange , makes the storage unit “disappear” for installers , and those who have tried to disable it have found that even then it is not possible to install Linux, although Windows 10 is still supported via Boot Camp.
In sites such as OMGUbuntu, they claim that the “Startup Security Utility” utility that is available on these computers allows disabling that safe boot and boot Linux on Mac mini and MacBook Air, but they do not give proof of having done it , and those who have tried to do so in their new equipment they have not obtained it or deactivating that ocpion.
We will have to wait to see if Apple solves the problem, but for now if you were to buy one of the new MacBook Air or Mac mini and thought to install Linux on them, be careful: you can not do it .