404

Apple designed a bootloader for Apple Silicon Macs that allows you to run an unsigned OS without degrading security when you boot into MacOS. This wasn't an accident.

Macs have always allowed you to run another OS.

iDevices have always had a locked bootloader.

People shouldn't confuse the two.

Such bugs have happened and been reported before. Asahi exercises "raw boot" facilities that just don't get all that much attention in any other context.

(removed)

Most computers have been like that, FOSS got lucky that IBM failed to secure the PC for themselves, thus the PC clones.

When folks say Intel and AMD are done, and we should all be on ARM, or RISC-V, beware of what to wish for.

Yes there are device trees now, however someone has to keep them up to date, and that is only part of what makes a motherboard.

Other than this situation, what other landmines are there? I have an M1 with Asahi Arch Linux that I've been using as my primary laptop for the last 8 months, its my favorite laptop by far out of the 5ish I have.

Pretty much all ARM platforms are. Even ARM devices designed from the ground up to be Linux devices are full of issues, like the MNT Pocket Reform's lack of HW suspend. The tight interop between vendor and implementation is a huge anti-pattern for software freedom, and the standardization initiatives like ARM SR are nowhere to be seen. It's probably the most problematic part of ARM being the future of personal computing, yet another impending manifestation of enshittification.

i run linux on both in arch and fedora versions with zero problems, by using the hypervisor framework of macos and wsl2 (wrapper for hyperv). do you need a more direct than hypervisor access to some hardware?

what about the ones from CIX like the orangepi or their framework mainboard? (though I agree, I miss UEFI for all its faults)

There is clear intent, albeit not as good as the Boot Camp days. One doesn't just accidentally the Boot Policy subsystem to enable doing so every step of the way as it is. It has even been remarked as much by an Apple dev:

https://x.com/XenoKovah/status/1339914716454526979

> I purposely designed a mechanism so that M1 Macs would retain the capability to boot completely arbitrary code instead of XNU if users wanted. But you have to 1) reboot to recoveryOS with a physical power button press and 2) put in your SEP-backed credentials.

> The challenge to running arbitrary code of course, as @marcan42 noted in his crowdfunding effort to getting linux on the M1, is that the SOC is undocumented, so you still have to reuse bits of XNU and/or reverse engineer a bunch of stuff.

> As one senior architect said "the contract is that there is no contract". So that Apple can change things to suit its own needs, not others', to build the best macOS experience, which is what most customers (besides y'all who follow me) are there for.

12.1 also added support for raw image boot, which was seemingly for, and has only been relevant to, making booting Asahi Linux easier. Discussion at the time https://news.ycombinator.com/item?id=29591578 and an archive of the tweet's content below:

> Looks like Apple changed the requirements for Mach-O kernel files in 12.1, breaking our existing installation process... and they also added a raw image mode that will never break again and doesn't require Mach-Os. And people said they wouldn't help. This is intended for us.

If you believe this, the fight should be against PlayStation and Xbox.

They’re 100% commodity hardware and fully locked down from any user freedom. Weirdly everyone focuses on Apple with all their might instead of gaming consoles.

>I wish the EU would regulate this kind of stuff.

Regulate what exactly? Bugs? That's what this was...

I can see the argument when it comes to locked-down mobile devices, but macOS is a general-purpose operating system with no restrictions on software sources that can't be easily disabled. Nearly every program available for Linux (excepting OS-specific stuff like desktop environments) is available for macOS, commercial and free, and there's plenty more that's macOS-only. Asahi is cool, but it's mostly used by enthusiasts - there's very little practical use for it as a macOS alternative. I think that you'd have a hard time convincing regulators that this cause really matters.

In any case, though, Apple agrees with you, and they explicitly built support for non-macOS OSes into the bootloader. This is a bug in the first developer beta of a new release.

The EU is probably going to want tight control over users like any other government body. Bring your own software runs counter to that.

Honestly this shouldn't be limited to traditional computing devices. Why do I need some hacker to reverse engineer my robot vacuum and then fully disassemble it just to install custom firmware to it? Should be a basic requirement of right to repair so all this smart crap doesn't wind up in a landfill when a company goes out of business or decides to arbitrarily drop support for it.

I don't think it's unreasonable for a device manufacturer to tightly couple it to the software they design to run on it.

The EU is not some kind of god that will make others do your bidding if you pray enough to them. You've been misguided into following a false religion.

For every niche thing you wish that Apple or other third parties do only for your own enjoyment, there are hundreds of millions of other people who want different niche things. Buy the products that suit your needs and wants, and companies have incentive to make them. And if no company wants to provide a feature or function that you know a huge portion of people will want, then you have a golden opportunity to start a business providing this.

> A consumer shouldn't be restricted from installing their own OS on a device that they bought

That is not what the industry, that pays lobby money, wants. They want to be able to control what the user runs and extract profits.