> It used to be the case, and still widely accepted for a lot of other products, that physical ownership actually meant something beyond just being a consumer.
It still does. The only thing is we've distinguished physical ownership and mere physical possession.
It is a feature that if I leave my personal laptop at my desk at work while using the bathroom, my IT department can't rootkit it. It is an improvement to my freedom - both my computing freedom and my physical freedom - if I can leave a laptop in my hotel room while seeing tourist sights. It protects me from the government if a border control agent looking through my bag, or a cop who's seized my laptop, can't get in. (The iPhone is an existence proof that such defense against the government is possible, and it's weird that the usually pro-personal-liberty free software crowd hasn't decided that a free software implementation of the same thing is critically important.)
Of course software freedom requires access control. My freedom over my possessions involves other people's lack of freedom over my possessions. I can't make sure my computer is running the code I want it to if everyone else can make my computer run the code they want it to. This control is essential liberty; pretending that anyone with physical access is an owner because it's easier than crypto and key management has been decades of temporary convenience, and I'm glad it's coming to an end.
I can turn secure boot on and off with an admin password, which I set when I first booted the machine because that's what demonstrates physical ownership and not mere possession. (And systems that don't permit me to do so, like Microsoft or Apple ARM devices, are in fact an affront to software freedom.) But nobody else can.
You can turn it on or off, but if you want to do anything on your own you have to turn it off as your can't sign anything. If they were really giving you what you say they should make signing your own apps as easy as turning it on/off.
This can't be stressed enough. Freedom (indeed "ownership") means that I should be able to run any app I want on my device without having to create an account with Apple. It would be great if I could have both freedom and security, but Apple has decided that is not an option. I have to choose one or the other.
That's literally what I said. There's a checkbox for you to choose freedom inside System Preferences. You, as a device owner, can check that box. Someone with temporary access to your computer cannot.
This is a step forward for most users and not a step backwards for any users. Sure, it would be better to let you enroll your own keys. But as it is you have more options than you have previously, and you as device owner are the only person who can decide between those options - attackers have no more options than they had previously.
With UEFI Secure Boot, you can enroll your own "Machine Owner Key" and use the private part for signing, thus having both, freedom and to a certain degree security (the hardware has firmware, that with high degree of probability won't be signed by your key, so you will have to keep someone else key enrolled too; so it is not perfect either).
Platforms like T2, which allow only on/off, but not key enrollments, are a step back.
I can't argue with the notion that this adds an option for users, and increases the security of users who choose to use the functionality.
I can't help but think that you're suffering from some kind of IT Stockholm Syndrome, however. Characterizing a secure boot option that only allows MacOS to be booted securely, (with no option to enroll your own keys) as "freedom" sounds to me like characterizing the 2002 Iraqi presidential referendum as a "free election".
Apple's agenda isn't aligned with user freedom. There's no place for the word "freedom" in characterizing Apple. They arguably have a user security and privacy agenda, but they have no user freedom agenda.
Without T2: You don't have the option of booting anything securely.
With T2: You can boot macOS securely, but everything else is still insecure.
If Apple had denied the option to disable secure boot, and didn't make any affordances to boot other OSes (albeit insecurely), we would indeed have lost freedom. The way they did it, we gained security within the macOS ecosystem without losing any freedom elsewhere.
I'm not characterizing the presence of the switch as freedom - I'm characterizing the existence of the choice "Do things the old way" as containing as much freedom as you previously had, and pointing out that a) such a choice exists b) the ability to make the choice is in the hands of the owner only.
You can't meaningfully characterize the 2002 Iraqi election as a loss of freedom. You can characterize it as a farce, sure. You can call it evidence that you had no freedom all along. (And if people want to say that the lack of user-enrolled secure boot has been a freedom problem with personal computers since forever, I will certainly agree with them.) But you can't meaningfully say, "We had more freedom before this election, and I want to go back to how things were." So arguments about giving up essential liberty and temporary safety just don't technically make sense. If you don't have essential liberty now, you certainly didn't have it before.
I also think that there will be some users who will choose freely to use macOS because they genuinely believe that's better for their computing freedom, and they're not manifestly wrong in reaching that conclusion (whereas I would be much more skeptical of someone saying "I voted for Saddam because I think he's going to do good things for the country"). As I mentioned there is no competent free software implementation of an OS secure against evil maid attacks, with secure boot and TPM-locked full disk encryption. You can, in theory, fiddle with tpm-tools and cryptsetup and shim (or coreboot?) and build something of your own; I've never seen anyone do it, and I've certainly not seen a distro that provides a one-click option in the installer to do it. macOS on a system with a T2 chip provides this out of the box. Windows with BitLocker does. Chrome OS does. (I suppose Chromium OS does, but doing binary builds of that seems at least as tricky as getting cryptsetup and tpm-tools working.) A user who decides to use a proprietary platform as a tradeoff for knowing that their machine is only running software they've chosen (even though their choices are limited) is not obviously making a mistake.
(I will admit that I have a Chromebook for secure stuff and a normal Debian stable laptop for everyday stuff, and I am considering the purchase of a Mac with a T2 chip, for roughly these reasons. I've wanted to figure out TrouSerS / tpm-tools for years but at this point it's clear I won't get around to it.)
> This is a step forward for most users and not a step backwards for any users.
Maybe. What happens when the check box goes away on a future version of MacOS? If my freedom depends entirely on an obscure checkbox rather than the ability to install my own keys, that seems like a thin reed to me.
That depends on how that option is deployed and how it interacts with the hardware. It is at least possible to deploy a key-based option that Apple could not arbitrarily rescind. It's not possible to do that with a check box in a control panel.
Even if you turn secure boot off you cannot grant for love or any amount of money permission for software of your choosing to access the built in storage which is pretty much required for normal people to be able to run software of their choosing on the machine.
Few people will buy equivalent external ssd storage for 300-500 and carry it around with them to have access to a second OS.
There is absolutely no reason to believe that they will ever act to increase your ownership of your own device and every reason to believe that you will ultimately have about the same privileges as someone using their employers machine at work while being expected to fall full freight.
It's especially bemusing when you understand that evil maid is almost nonexistent in reality while your actual loss of freedom has real effects now.
What software of your choice have you attempted to use, where did it fail, and what's the stack trace?
Given that Windows works, it's hard to believe that any issues accessing internal storage are a result of permissions. It just sounds like nobody's implemented Linux support for the hardware. Why don't you?
If you're not able to either spend time writing a driver or hiring someone to do so, you have no meaningful ability to exercise your software freedom. You might be lucky if someone else implements support; you might not. But that's always been true.
Windows works on the new MacBook not because it has special drivers for NVMe-via-T2 but because Apple trusts Microsoft's EFI key.
So no, stop it with all this "Linux works if you just disable Secure Boot" nonsense. It doesn't. You can run Linux from a USB key, sure, but it can't access the internal NVMe SSD!
It looks like some kind of driver issue, not an intentional lockout.
To corroborate this, while I don’t have personal experience running Linux on T2 devices, I do know it’s possible to build xnu from source and boot the resulting unsigned kernel (in “No Security” mode) without the disk disappearing.
Please provide evidence for this causal link. It is true that (with Boot Camp enabled) the firmware trusts the Windows key and not the MS third-party key. It is true that Windows can access the disk and Linux cannot. It is not obvious that these are related.
Why don't I in my free time implement driver support for a machine I can't afford for a company with almost 300 billion in cash equivalents who has benefited massively from open source but wont even provide specification so that someone can do the free work for them effectively?
Why don't they send me a laptop along with the specs one of their engineers feels sufficient to implement support?
I believe they are referring to the fact that linux (and non boot camp windows) cannot access the SSD on T2 equiped macbooks. People seem to disagree if it's the T2 itself or just a driver issue with apples proprietary controller.
Nobody ever said you can't disable secure boot and boot from an external drive. The point is that you can't access the expensive and essential internal storage where all your data lives. Here is an equivalent product a thunderbolt external nvme ssd 480GB for about $300.
If you don't mind spending hundreds of dollars, carrying around a second slightly awkward box wherein if you accidentally unplug it your computer crashes, and if you continue to use osx ferrying data between a and b periodically you too can run linux.
It would be utterly fantastic if people didn't keep responding to reports of the actual problem with articles like this which actually don't even touch on the item at hand.
People are responding this way because there are contradictory reports out there. Some sources, like the one I linked to and Apple's T2 security document, say you can run Linux without mentioning that you need an external drive. Have you tried disabling security as Apple suggests and installing Linux?
There seem to be several individuals making the claim that you can boot linux if you disable secure boot I have heard zero people claim that linux can access the internal device.
As far as I can see all primary sources are saying the same things. Then people who don't have the hardware are misreading said reports and spreading misinformation.
I don't have the hardware either so I can give you no direct report myself. I just bothered to read what people are saying instead of skimming and guessing.
> I can't make sure my computer is running the code I want it to if everyone else can make my computer run the code they want it to
This is exactly why _you_ must be in control of what software can boot and not Apple or some other company. It's not exactly freedom if you must disable the secure boot feature to run your own software, it's a work-around.
If Apple really cared about freedom they would provide you with your own _unique_ key to sign your own software, so you can ensure that your system actually runs _your_ software.
>and it's weird that the usually pro-personal-liberty free software crowd hasn't decided that a free software implementation of the same thing is critically important.)
Purism did. But this requires hardware too which the free software people don't have access to.
It still does. The only thing is we've distinguished physical ownership and mere physical possession.
It is a feature that if I leave my personal laptop at my desk at work while using the bathroom, my IT department can't rootkit it. It is an improvement to my freedom - both my computing freedom and my physical freedom - if I can leave a laptop in my hotel room while seeing tourist sights. It protects me from the government if a border control agent looking through my bag, or a cop who's seized my laptop, can't get in. (The iPhone is an existence proof that such defense against the government is possible, and it's weird that the usually pro-personal-liberty free software crowd hasn't decided that a free software implementation of the same thing is critically important.)
Of course software freedom requires access control. My freedom over my possessions involves other people's lack of freedom over my possessions. I can't make sure my computer is running the code I want it to if everyone else can make my computer run the code they want it to. This control is essential liberty; pretending that anyone with physical access is an owner because it's easier than crypto and key management has been decades of temporary convenience, and I'm glad it's coming to an end.
I can turn secure boot on and off with an admin password, which I set when I first booted the machine because that's what demonstrates physical ownership and not mere possession. (And systems that don't permit me to do so, like Microsoft or Apple ARM devices, are in fact an affront to software freedom.) But nobody else can.