Running Linux on Apple Silicon

[jdb8167]

Installing something VMWare ESXi for ARM when it's released would probably be the desired way. Even if Apple doesn't officially support it, the fact T2 security is now broken suggests a type 1 Hypervisor should be installable and then you should be able to boot ARM Mac OS X as a guest OS just like any other guest.

T2 security might be broken in 2018 and forward Macs but it won't be broken on Apple Silicon Macs just like the same jailbreak doesn't work on A13 iPhones.

 

[Yebubbleman]

This isn't exactly like 2005-2006 transition at all. Intel had a complete boot environments in their reference designs that supported EFI and BIOS. Apple adding something Intel already had working and that the standards committee around EFI was going to stuff into UEFI (major BIOS compatibility mode) was something that was going to happen whether Apple came to x86 or not. Adding BIOS in 2006-2007 was a "freebie" where the work was already 95+% done already for Apple and Apple wanted to leaverage a "safety net" feature for nervous switchers.

In 2020, Apple owns the stack. On "Apple designed silicon", the extremely dominate default boot environment is iBoot. That is something that is entirely Apple and there is no wide system vendor or OS implementer that targets it. Nobody else. So going from "about everybody is on it already" to "nobody else is on it at all" is extremely far from being 'exactly the same'. It is only "exactly the same" in a wishful thinking alternative reality.

Apple overtly says in the session that when boot in "Full Security" mode that the Mac gets all the same security that iPhones get. The notion that iBoot isn't here is ignoring that Apple is trying to unify the boot process here across the product line up. Mac's have more options so there will be some variation, but the default core objective is to be like the Apple Silicon devices.

On the 68K to PPC transition, did Apple add BIOS boot support to make it easier to boot Windows and other mainstream targeted OS instances ? No. Apple did not go out of their way to open up a broader set of OS. When Apple selected the 68K in the first place. Lots of boots support for other operating systems? No.

Furthermore, Apple's push to put instructions that nobody else has and function units that nobody else has into the CPU package is far more indicative to a path where the SoC is only good for being a Mac. More highly speciliazed CPUs for smaller sets of products; not a widening to a CPU product that is extremely broadly targeted. Apple has no interest at all of selling their CPUs to someone else to build systems with. That is 180 degrees opposite of Intel's position. ( yet another "one of these things is not like the other" characteristic of the current context. )

The only difference between 2005-06's Intel transition and 2020's Apple Silicon transition from the standpoint of allowing another OS to natively boot is that Apple needs to be more closely involved in allowing a third party OS to boot. That's it. And honestly, we're talking about the engineering of a bootloader on whatever Linux or Windows 10 for ARM64 variant that Apple would allow.

I never said that it would operate exactly like the Intel Mac Boot Camp because realistically it wouldn't. But Apple and Microsoft could easily partner to create something that can be purchased and downloaded from the Mac App Store to Apple Silicon Macs, sold by Microsoft, but co-engineered by both Apple and Microsoft. Completely doable. Substitute "Microsoft" for either "Red Hat" or "Canonical" (assuming ARM64 variants will exist for those) and it's the same point. It's totally doable, but Apple has to decide to make it so. In that regard, it's no different than Boot Camp was when it was introduced. It's not like there's an engineering limitation that prevents this on Apple Silicon Macs that isn't intentionally imposed by Apple.

 

[dogslobber]

T2 security might be broken in 2018 and forward Macs but it won't be broken on Apple Silicon Macs just like the same jailbreak doesn't work on A13 iPhones.

All we know is right now it is broken and can only wait and see with ARM Macs once they get released in January. Until then we can only assume they will be broken too.

 

[seek3r]

Folks have pointed to hackery where add some old style kernel extension that then proceeds to "eat" the rest of the MacOS kernel to push some rogue boot manager into taking over the primary CPU cores. That's dubious too with Apple Silicon feature of making the kernel space code read only after loading. At some point kernel extensions may go completely away.

On some old world macs, including the beige G3 I have somewhere in the closet behind me, we would end up using a MacOS boot as essentially a springboard/glorified boot loader to get linux running. I imagine that may be a possible avenue again

 

[jackoverfull]

On some old world macs, including the beige G3 I have somewhere in the closet behind me, we would end up using a MacOS boot as essentially a springboard/glorified boot loader to get linux running. I imagine that may be a possible avenue again

I was thinking about this...On Mac OS Classic the user had more or less direct access to the hardware, though, on modern macOS this is no longer the case and doing something like that is likely to be much more complex.

 

[MK500]

With SIP enabled, I see:

But with SIP disabled, I see:

But this now seems to be based on a selected volume instead of the whole machine. So not sure if this helps the idea of booting a completely different OS.

But anyway, I thought it was interesting because I hadn't seen that third option before.

 

[jido]

With SIP enabled, I see:
View attachment 1674754
But with SIP disabled, I see:
View attachment 1674751
But this now seems to be based on a selected volume instead of the whole machine. So not sure if this helps the idea of booting a completely different OS.

But anyway, I thought it was interesting because I hadn't seen that third option before.

Could you check if you see the third option on an external disk with SIP enabled? Thank you.

 

[MK500]

Could you check if you see the third option on an external disk with SIP enabled? Thank you.

So, this was an interesting rabbit hole I just went down

SIP is currently enabled on my internal drive. I connected a Samsung T3 external SSD and partitioned it with Disk Utility as an APFS volume. I shut down and entered recovery. The new disk did not show on the Startup Security Utility. So I thought, "probably needs an OS installed". Since I was already in Recovery, I had these options:

So I clicked Reinstall macOS Big Sur and selected the external drive. It installed rather slowly. In the installation log there were a LOT of errors. I was able to save a copy of this log near the end of the installation to my internal drive. Finally it rebooted a couple times and eventually booted me back into my internal drive installation. I shut down and booted into recovery. Note that I could not see the new drive in boot options:

This time I could see the drive in Startup Security Utility:

And the settings were different from my internal drive:

So I attempted to change them as shown:

But I received the following error:

So then I decided to reboot and attempt to use System Preferences -> Startup Disk to boot off the external. I'm curious at this point if the new installation will even work. This is what happened:

So I wonder at this point if it's even possible to create a bootable disk using 11.0.1. I guess I could try another installation method. Maybe if I log in with my developer account there is installation media and I can make a thumb drive.

Anyway, interesting stuff. Here is the beginning of the installation log in case anyone is curious:

Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Hardware: MacBookAir10,1 @ 0 MHz (x 8), 16384 MB RAM
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Running OS Build: macOS 11.0.1 (20B29)
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: __OSINSTALL_ENVIRONMENT=1
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: XPC_SERVICE_NAME=com.apple.recoveryos_agent
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: PATH=/usr/bin:/bin:/usr/sbin:/sbin
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: XPC_FLAGS=0x0
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: LOGNAME=root
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: USER=root
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: HOME=/var/root
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: SHELL=/bin/sh
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: TMPDIR=/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: __CF_USER_TEXT_ENCODING=0x0:0:0
Nov 20 13:42:54 MacBook-Air InstallAssistant[244]: OSISClient: In the recovery OS, setting a recovery UI delegate
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: BaseSystem clock appears to be correct
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: OSISSoftwareUpdateController: Using catalog (source: GM Default): https://swscan.apple.com/content/catalogs/others/index-10.16-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog.gz
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: Using product <OSISSharedSupportProduct: 0x1418048b0> at distance 10
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: Using product <OSISPredicateUpdateProduct: 0x141805070> at distance 20
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: osinstallersetupd registered client
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: Ignoring disk <DADisk 0x14061e0a0 [0x1ef43efc0]>{id = /System/Volumes/Preboot?owner=0} because is has no device
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: Ignoring disk <DADisk 0x1406193b0 [0x1ef43efc0]>{id = /Volumes?owner=0} because is has no device
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: Ignoring disk <DADisk 0x1406193b0 [0x1ef43efc0]>{id = /System/Volumes/Data?owner=0} because is has no device
Nov 20 13:42:54 MacBook-Air OSIESpringboard[223]: -[SpringboardController utilityDidAppear:]: NSConcreteNotification 0x14a84a560 {name = com.apple.installdvdspringboard.utilityappear; object = <NSConcreteTask: 0x129b5e1b0>}
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: Will not return owner for disk disk5s1 because it's not internal
Nov 20 13:42:54 MacBook-Air InstallAssistant[244]: Boot device does not have owners. Will fall back to all owners.
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: OSISSoftwareUpdateController: Loaded catalog https://swscan.apple.com/content/catalogs/others/index-10.16-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog.gz (610 products)
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: Will not return owner for disk disk5s1 because it's not internal
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: Will not return owner for disk disk7s1 because it's not internal
Nov 20 13:42:54 MacBook-Air InstallAssistant[244]: Now using all owners.
Nov 20 13:42:55 MacBook-Air osinstallersetupd[246]: OSISPredicateUpdateProduct: Incompatible Apps List: Evaluating products in catalog
Nov 20 13:42:55 MacBook-Air osinstallersetupd[246]: IFJS: Package Authoring Error: access to path "/Library/Video/Professional Video Workflow Plug-Ins/AppleAVCIntraCodec.bundle" requires <options allow-external-scripts='true'>

 

[seek3r]

With SIP enabled, I see:
View attachment 1674754
But with SIP disabled, I see:
View attachment 1674751
But this now seems to be based on a selected volume instead of the whole machine. So not sure if this helps the idea of booting a completely different OS.

But anyway, I thought it was interesting because I hadn't seen that third option before.

That bodes well for getting other OSes running, at least it's a good start

 

[jido]

So, this was an interesting rabbit hole I just went down

SIP is currently enabled on my internal drive. I connected a Samsung T3 external SSD and partitioned it with Disk Utility as an APFS volume. I shut down and entered recovery. The new disk did not show on the Startup Security Utility. So I thought, "probably needs an OS installed". Since I was already in Recovery, I had these options:

View attachment 1674829

So I clicked Reinstall macOS Big Sur and selected the external drive. It installed rather slowly. In the installation log there were a LOT of errors. I was able to save a copy of this log near the end of the installation to my internal drive. Finally it rebooted a couple times and eventually booted me back into my internal drive installation. I shut down and booted into recovery. Note that I could not see the new drive in boot options:

View attachment 1674832

This time I could see the drive in Startup Security Utility:

View attachment 1674833

And the settings were different from my internal drive:

View attachment 1674836

So I attempted to change them as shown:

View attachment 1674840

But I received the following error:

View attachment 1674842

So then I decided to reboot and attempt to use System Preferences -> Startup Disk to boot off the external. I'm curious at this point if the new installation will even work. This is what happened:

View attachment 1674843

So I wonder at this point if it's even possible to create a bootable disk using 11.0.1. I guess I could try another installation method. Maybe if I log in with my developer account there is installation media and I can make a thumb drive.

Anyway, interesting stuff. Here is the beginning of the installation log in case anyone is curious:

Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Hardware: MacBookAir10,1 @ 0 MHz (x 8), 16384 MB RAM
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Running OS Build: macOS 11.0.1 (20B29)
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: __OSINSTALL_ENVIRONMENT=1
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: XPC_SERVICE_NAME=com.apple.recoveryos_agent
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: PATH=/usr/bin:/bin:/usr/sbin:/sbin
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: XPC_FLAGS=0x0
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: LOGNAME=root
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: USER=root
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: HOME=/var/root
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: SHELL=/bin/sh
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: TMPDIR=/var/folders/zz/zyxvpxvq6csfxvn_n0000000000000/T/
Nov 20 13:42:53 MacBook-Air InstallAssistant[244]: Env: __CF_USER_TEXT_ENCODING=0x0:0:0
Nov 20 13:42:54 MacBook-Air InstallAssistant[244]: OSISClient: In the recovery OS, setting a recovery UI delegate
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: BaseSystem clock appears to be correct
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: OSISSoftwareUpdateController: Using catalog (source: GM Default): https://swscan.apple.com/content/catalogs/others/index-10.16-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog.gz
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: Using product <OSISSharedSupportProduct: 0x1418048b0> at distance 10
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: Using product <OSISPredicateUpdateProduct: 0x141805070> at distance 20
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: osinstallersetupd registered client
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: Ignoring disk <DADisk 0x14061e0a0 [0x1ef43efc0]>{id = /System/Volumes/Preboot?owner=0} because is has no device
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: Ignoring disk <DADisk 0x1406193b0 [0x1ef43efc0]>{id = /Volumes?owner=0} because is has no device
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: Ignoring disk <DADisk 0x1406193b0 [0x1ef43efc0]>{id = /System/Volumes/Data?owner=0} because is has no device
Nov 20 13:42:54 MacBook-Air OSIESpringboard[223]: -[SpringboardController utilityDidAppear:]: NSConcreteNotification 0x14a84a560 {name = com.apple.installdvdspringboard.utilityappear; object = <NSConcreteTask: 0x129b5e1b0>}
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: Will not return owner for disk disk5s1 because it's not internal
Nov 20 13:42:54 MacBook-Air InstallAssistant[244]: Boot device does not have owners. Will fall back to all owners.
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: OSISSoftwareUpdateController: Loaded catalog https://swscan.apple.com/content/catalogs/others/index-10.16-10.15-10.14-10.13-10.12-10.11-10.10-10.9-mountainlion-lion-snowleopard-leopard.merged-1.sucatalog.gz (610 products)
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: Will not return owner for disk disk5s1 because it's not internal
Nov 20 13:42:54 MacBook-Air osinstallersetupd[246]: Will not return owner for disk disk7s1 because it's not internal
Nov 20 13:42:54 MacBook-Air InstallAssistant[244]: Now using all owners.
Nov 20 13:42:55 MacBook-Air osinstallersetupd[246]: OSISPredicateUpdateProduct: Incompatible Apps List: Evaluating products in catalog
Nov 20 13:42:55 MacBook-Air osinstallersetupd[246]: IFJS: Package Authoring Error: access to path "/Library/Video/Professional Video Workflow Plug-Ins/AppleAVCIntraCodec.bundle" requires <options allow-external-scripts='true'>

Thank you that was interesting. I hope it's possible to boot into something else than macOS.