[Bluerise]

First of all the feature wasn't available in the initial Big Sur release and it only got available during the Betas for the first minor patch. Second of all, some Apple developer stated on Twitter that (during M1 unveil) he's finally able to show all the boot policy work they worked on the past year(s) to allow users to boot foreign OSes and without opening up holes for attackers.

Basically it boils down to: they could have just used iBoot without changing it at all to keep it as a brick like the iPhone/iPad/Watch, but instead they invested plenty of resources to allow it.

With all that work done to allow it, I'm sure there'll be plenty of people inside of Apple who'd protest if someone changes their mind and decides all this has to go away.

[lrvick]

Kind of like all the work Sony did to allow Linux on the PS4 only to kill it later?

You don't own a mac. You can only do on it what it is profitable for Apple to let you do, today.

As much as I respect the incredible RE skills required for this task, I feel like this is shaky foundation unless an unpatchable bootrom exploit is discovered. Even then new models would be patched leaving existing users with an insecure platform that they can't replace when it breaks.

[oneplane]

You don't really own any high-tech stuff anyway (with that interpretation). You can't boot your Intel of AMD CPU without their signed and sometimes encrypted code. You can't even initialise a single core, let alone the DRAM controllers.

Everyone likes to point at Apple, because that's easy, but it's neither new nor big nor special. There are practically three things at play:

- root-of-trust, if you have a better solution than CA-based signing, by all means, let the world know

- NDA/IP/Lawyerisms

- Apple and many others aren't selling hardware, they are trying to sell experiences or ecosystems, and that is the only reason they exist at all and also the reason a lot of the beige box hardware companies are either less visible, less profitable or both

Is it fun? No. But it's not some sort of automatic malice or 'haha you don't own things but you thought you did' all the time either.

[jmnicolas]

> You can't boot your Intel of AMD CPU without their signed and sometimes encrypted code.

Except that Intel and AMD don't care what you run on your machine, they don't lose money if you don't run their software.

When you run Linux on a MAC, Apple isn't getting money from their iCloud subscriptions and from the store so they have a motive to stop you from escaping the walled garden.

[Grustaf]

You don't need iCloud to use macOS. And macOS itself is free, as is their awesome office apps, XCode and a lot of other useful apps and services.

[jmnicolas]

Of course but if you run Linux they're sure you will never earn them any money from these services.

So at one point they could decide that they don't want people to use Linux on their Macs and there's nothing you could do.

Look at what happened to CentOS.

[Grustaf]

If they can sell you a mac for $1500 I don't think they are very concerned that you're not spending 50 bucks a year on iCloud.

I mean, if they prevent Linux you probably won't buy a mac at all, you won't prioritise using an M1 macbook over using Linux if you're a hardcore Linux nerd.

Bottomline is that yes they are greedy, but they are not trying to stop people from installing Linux on macs just to perhaps earn some extra dollars.

[oneplane]

iCloud is free unless you pay for extra space or features, and most people I know of don't.

[monocasa]

PS3, and supposedly that was because some jurisdictions treated game consoles and computers differently for import tariffs (computers being cheaper to import), but those jurisdictions changed to not having a distinction.

Agreed with the underlying point you're making though. They allow this because it aligns with their current strategic objectives, and changes to those objectives can be arbitrary and capricious, at least from the viewpoint of the consumer.

[pricci]

I remember it was because geohot "jailbreaked" the PS3 using the Linux capabilities to some extent.

But I could be wrong.

[svenpeter]

There were two versions of the PS3: The original model and a slimmed down version released after a few years.

the timeline was something like this:

- Sony released the original PS3 with Linux running under a hypervisor that locked certain things (e.g. 3D rendering and their DRM)

- Sony released the PS3 slim without Linux. They claimed they didn't have the resources to make Linux run on it. (We later figured out all that was required were a few incredibly simple kernel patches)

- geohot found a somewhat unstable hardware glitch that, with some luck and a few tries, could escalate to hypervisor mode and enable e.g. 3D rendering from Linux. Their DRM was still untouched at this point and no one really cared.

- Sony released an update for the old PS3 models to disable Linux as well citing "security concerns"

After that more people started looking into the PS3 and marcan, me and others at fail0verflow eventually figured out their security wasn't all that great. It was actually so bad that we could calculate their private keys. Then they sued us for that but that's another story.

[paulryanrogers]

Got a link to that story?

[svenpeter]

zarvox already linked to the talk we gave at https://media.ccc.de/v/27c3-4087-en-console_hacking_2010.

We talked about how you could compute private keys but didn't release any keys for obvious reasons.

Essentially Sony had N different sets of keys protecting different levels of their system (e.g. one keyset for the hypervisor and another one for the kernel). What we found allowed to compute the private signing key given two public signatures.

Due to some technicality this meant that you needed another bug which allowed to extract these plaintext signatures. (The best comparison today would be that we found a universal code execution bug but you still needed to find your own info leak to defeat ASLR which we either didn't share or didn't have for all keysets).

What happened then was that geohot used this flaw we found together with a simple bug that leaked two plaintext signatures to extract one of the most important keys and published that one on his website.

Sony responded by suing him and us as well - probably because they assumed that we worked together. After a few month they reached a settlement with geohot where he promised to never hack any Sony product ever again. At the same time they simply dropped the lawsuit against marcan, me and a few other friends from fail0verflow without having ever served us. Those months resulted in quite some stress for me and personal and legal issues for another friend.

[zarvox]

https://media.ccc.de/v/27c3-4087-en-console_hacking_2010

[michaelmrose]

I actually think other os got canned before the jailbreak. If I recall correctly it provided extra incentive.

They may have wanted to make it harder to jailbreak. Another argument is that they weren't profitable to sell as computers but largely become profitable via the money they made off games sold for the platform including money paid by game developers.

[colonwqbang]

The same goes for any device you can buy today. We should demand more of manufacturers in general, I agree.

But you cannot expect that Apple should give you a legally enforceable contract (or whatever) pertaining to a product you haven't bought yet and they haven't even made yet.

The fact that the boot process on the M1 chip is explicitly not locked down on release is at least showing a modicum of goodwill.

[raverbashing]

I'd say there might be ongoing work to support Windows/BootCamp but in true Apple tradition (or maybe due to MS delays) it is being kept secret

[kmeisthax]

Apple's outright said it's a matter of Microsoft agreeing to license Windows on ARM for consumers. Right now putting Windows on an ARM Mac is about as legal as Hackintoshing.

[saagarjha]

I don't think that's what Apple said at all–they just said the ball is in their court, which means that they want Microsoft to write Bootcamp essentially.

[DCKing]

Yeah. Someone - cough cough Microsoft - would need to be convinced to write a Boot Camp Assistant app equivalent (okay), a Windows bootloader (okay), various device drivers for Apple Silicon hardware revisions for Windows (big ugh), graphics drivers for Apple Silicon GPUs for Windows (VERY big ugh). Microsoft will need to very motivated to distribute Windows on ARM for this to happen, even if Apple gives them access to all the info they need which is not a given by any means.

...I don't think this is going to happen, and Apple probably doesn't either.

[Twisell]

Apple have developed Bootcamp and provided drivers so far for Intel Mac. But shipping Bootcamp for Windows ARM would be an EULA violation until Microsoft loosen theirs conditions. Changing this is literally step 1.

Wether Apple would develop Bootcamp for ARM or not is purely theoretical discourse until then.

[DCKing]

The only driver Apples needed to develop for Windows are Mac specifics though, like the stuff that was managed by the T1. Not trivial, but not the end of the world to have to make. Things like wifi drivers and especially the graphics drivers are just the chip vendor's standard preexisting Windows drivers.

Apple is now the vendor of at least the GPU. I don't think they're going to write a Windows driver for that - the incentives are just not there.

[ksec]

If I remember correctly Windows on ARM is still limited to 32bit Apps.

And you can actually download Windows on ARM from Microsoft Insider Preview for Free. And run it on top of Parallels Desktop 16.

[benjaminl]

Windows on ARM supports 64bit ARM apps.

What you were possibly remembering was that Windows on ARM when it was first introduced only supported emulating x86 apps. Although x64 emulation is currently in preview.

https://docs.microsoft.com/en-us/windows/uwp/porting/apps-on...

[GeekyBear]

Legacy x86-64 app emulation has only just appeared in alpha form and still has massive compatibility issues.

I'd still call it something we hope to see in the future, instead of a working proof of concept.

https://www.youtube.com/watch?v=OhESSZIXvCA

[brundolf]

That would make a lot of sense. Windows is in a tight spot right now because OEMs have lagged on ARM. Apple could offer MS a way out of that, while at the same time giving people one more reason to spend money on a Mac.

[r00fus]

There is a significant number of people working at Microsoft who use Windows on a Mac as it's generally nice (and expensive) hardware. I'm sure they'd be thrilled to see Bootcamp operational on ARM Macs.

[_ph_]

Right, if MS is serious about Windows on ARM, they should support the Mac as a show case and also to allow all future Mac buyers the chance to run Windows. Of course, Apple can't announce much until Microsoft makes an announcement about Windows on AS Macs.

[tibbydudeza]

Is MS not busy looking at doing their own ARM silicon for future Windows powered Surface devices after release of M1 and the failure Qualcomm with the Snapdragon 8cx (we just use ARM reference designs) ???.

They do have the chops for it since they have done Xbox and Hololens and various other devices in-house.

[solarkraft]

It's a rumor. If they're starting now I expect results in 2-5 years and in Azure first.

> They do have the chops for it since they have done Xbox and Hololens and various other devices in-house.

Not sure about the Hololens, but the XBox contains an x86 AMD processor.

[unilynx]

Maybe they are already developing their own "MS1" in secret ?

But even if they are, it would make sense to release Windows 10 for the M1 and getting Win-developers to start porting their applications to ARM, so they could leap-frog Apple on ARM if they manage to build a 'better' ARM SoC

[Hamuko]

https://www.theverge.com/2020/12/18/22189450/microsoft-arm-p...

There are rumors.

[zarkov99]

Or they could take significant market share away from Windows, possibly permanently, by offering increasingly more performant machines. Seems like a better move to me.

[Hamuko]

Linus Tech Tips actually just released a video a couple of hours ago where they compared the Surface Pro X SQ2 with the M1 MacBook Air. It was not pretty.

https://www.youtube.com/watch?v=OhESSZIXvCA

[danudey]

So basically, the M1 Macbook Air is two to three times faster than the SQ2, including comparing ARM Windows on the SQ2 against ARM Windows in a VM on the M1 Air.

[glandium]

Relatedly, I wrote this on Twitter a few weeks ago: cargo build of sccache on a Lenovo Yoga C630 (Snapdragon 850) in WSL: 4 minutes 55 seconds. On a Macbook Air M1: 55 seconds

[mkl]

WSL 1 or 2? WSL 1 has very slow disk access, so compiling can be pretty slow. I.e. I would expect WSL to be slower for disk reasons even it was running on an M1.

[granzymes]

The virtualized Windows comparison was just brutal.

[uncledave]

It’s 100% on the mark that video.

[vlovich123]

He’s off on the strategic focus of Apple (where he says that the M1 benefit because Apple is taking a mobile OS and adapting it for the desktop vs Microsoft is taking a desktop OS and adapting it for mobile architectures. The truth of the matter is that Apple has been consistently making CPUs for about a decade that blow away the competition on compute per watt. Like 2-3 years before the industry catches up to where Apple was. They’re just bringing that same power to laptops/PCs as they’ve saturated what that buys them on mobile (not fully but it’s not a big enough sales driver as mobile sales growth has slowed). That’s why you see AirPods and M1 - “where else can we deploy our perf per watt and vertical integration advantage”.

As for “why are there so few ARM versions of apps”, that’s purely the vertical integration piece again. Apple makes it very clear the old tech line is dead so developers have a clear thing to explain to their management. Microsoft tries to keep everyone happy which means devs are like “I’ll wait until this actually has industry buy in” which then Microsoft uses as “well there’s no interest here and maybe the tech won’t work out/vendors won’t materialize” and “we can’t ask our customers to pay this transition cost”.

[Technically]

Is there any point of running windows outside of intel processors? I'm aware they have an ARM offering but it's not clear what the "killer apps" of the OS/arch pair are.

I'd think linux/BSD drivers would be the concern here!