[cmurf]

Unacceptable. The user must disable Secure Boot to run Linux, which means the system becomes vulnerable to bootkit attacks. And, the typical scenario will be a user who leaves it disabled, making both macOS and Linux and possibly Windows (if also installed) more vulnerable to bootkit attacks.

I'm quite sure Microsoft would be willing to provide Apple their UEFI public key, which is what pretty much all Linux shim bootloaders are signed with.

[geofft]

> Unacceptable. The user must disable Secure Boot to run Linux, which means the system becomes vulnerable to bootkit attacks.

I see this said a lot, and I find it baffling because so many Linux users demanded no secure boot at all - which is exactly the thing being called unacceptable now. (It's not just you; The Register, for instance, complained about how "malware or malicious users that gets onto your Mac can potentially alter the operating system to hide spyware right from startup" when secure boot is off, in an article otherwise complaining about how Apple must hate Linux users because secure boot is now on.) There is no increased risk of bootkit attacks to Linux users as a result of this change. There is simply a reduced risk to macOS users.

I do agree that a model (as MS implemented) where you can enroll your own keys would be better - but that would be a new feature. In the meantime, if every Macintosh from the 128K until today was acceptable, what changed?

[voltagex_]

I think that secure boot got maligned as non-removable options were conflated with the ones where you could enroll keys.

[nneonneo]

The white paper addresses this - the UEFI CA is not included in the secure enclave's trust store. This is intentional - the UEFI CA is used to sign bootloaders that don't perform chain-of-trust validation, meaning that if the secure enclave trusted the UEFI CA by default, then secure boot could be pretty trivially bypassed.

Sure, they could make things more secure by allowing you to add your own keys. You could go ahead and add the public key for your secure bootloader that does chain-of-trust validation, but the "typical scenario" would be a user adding a generic UEFI CA that leaves them open to a modified or malicious OS.

[solarkraft]

> But the "typical scenario" would be a user adding a generic UEFI CA that leaves them open to a modified or malicious OS

What's the downside (to allowing it)? Do they think they need to protect users from themselves?

[saagarjha]

> And, the typical scenario will be a user who leaves it disabled, making both macOS and Linux and possibly Windows (if also installed) more vulnerable to bootkit attacks.

No way. The typical user will leave it enabled because they will only use macOS.

[X-Istence]

Bootcamp will also install Microsoft's root for UEFI so that Windows 10 can run fully secure.

[userbinator]

So Apple will let you run macOS or Windows, but not Linux or anything else. Wow. This is the exact scenario the secure boot opponents several years ago were trying to stop.

[oarsinsync]

No, Apple will let you secure boot into macOS or Windows, and will allow you to disable secure boot so you can boot into Linux or anything else.