I’m not sure if this has been discussed here on the forum before (although it probably has in mailing lists, etc. at some point). But it’s worth pointing out, as I believe a hardware storm is beginning to form, and sadly… I do not think I’m exaggerating.
Booting with authentication is nothing new, and varied form factors from enterprise workstations to mobile devices have implemented forms of it for some time. Chromebook uses Verified Boot, which can be turned off via developer mode. Microsoft introduced Secure Boot in Windows 8, which OEMs adopted in order to meet standards for win32/64 on their hardware. On ARM, it was left up to the hardware provider, and on some, there was no legacy mode – but luckily, on most x86_64 or AMD64 hardware today, Secure Boot (or as the FSF properly refers to it, Shackled Boot) can be turned off or keys can be added to the system.
Now, I was (and am) worried as a Mac user, as well as a Haiku and Gnu/Linux enthusiast as well (I know, glaring contradiction there for sure!) The reason is the T2 chip introduced first in the iMac Pro. And thanks to it, Secure Boot on Mac is now a thing. So far, just like its Windows PC and Chromebook counterparts, secure booting can be controlled, as explained/shown below:
Transcription/text:
Secure Boot
- Full security: Ensures that only your current OS, or signed operating system software currently trusted by Apple, can run. This mode requires a network connection at software installation time.
- Medium security: Allows any version of signed operating system software ever trusted by Apple to run.
- No security: Does not enforce any requirements on the bootable OS.
External Boot
- Disallow booting from external media: Restricts the ability to boot from any devices such as USB and Thunderbolt drives.
- Allow booting from external media: Does not restrict the ability to boot from any devices
Image:
What makes me post this topic now is that the new MacBook Pro, MacBook Air, and also the Mac mini all have this T2 chip, making nearly the entire Mac lineup (minus the regular iMac and Pro, which have yet to be updated) all Secure Boot machines.
And for the curious, I have not had the opportunity to test this! The latest Mac model I have is currently a 2011 MacBook Pro, so I have not had the luxury to test out Haiku on anything later than that (or to see T2/SB on Apple hardware in action).
But this is a telling sign that the times are indeed changing, and with the iPad Pro (which I do use) being a part of the lockdown reality, I have to wonder how Haiku fits into the next 10 years of computing, including the rumored 2020 removal of Legacy/CSM support. Will Release 1 include Secure Boot support? After seeing Apple roll out Secure Boot in addition to everyone else, I’m beginning to believe that it will need to in order to boot on hardware in the future.
I’m not trying to scare or annoy anyone, stir anything, or be an alarmist. I’m simply stating a concern to raise awareness in the Haiku community of this reality so that Haiku can be ready for the future. I hope this makes sense and that this can be addressed in R1 and beyond.