In Apple's defense, it's not a trivial ask. They have security features like activation lock that would be defeated by a badly-implemented owner override[0]. Right now, if someone steals your iPhone, it becomes e-waste because you can't reset it unless you login to iCloud. But if there's an owner override that anyone can use, then they can install a version of iOS with the activation lock patched out.
That's not to say it can't be made reasonably secure. In fact, Apple actually did it on M1 Macs[1]. The secure boot policy there includes a device-generated key that only the first admin account - the Owner account - gets, which can be used to sign new kernels for that machine only. Ergo, if you want to install Linux, you have to be logged into that Owner account. You can't steal someone's Mac, wipe it, and defeat the activation lock by installing Linux. But to get there required a lot of additional engineering work[2] - the easy path is "only our software runs on our hardware".
[0] AFAIK Android has similar security features, so they face the same threats that iOS does.
[1] T2 has a similar but less elaborate scheme. It doesn't have per-volume security guarantees - if you want to dual-boot Mac and Linux, then you have to turn off the signature check on the macOS side.
[2] Engineering work, BTW, that I'm genuinely surprised Apple put in. I imagine there were some very heated internal debates over whether or not the Mac should even have an owner override. Especially given that Apple did their darnedest to ensure that the owner override can't touch anything even remotely related to iOS. If you launch an owner-signed kernel, iOS app support turns itself off; and the Apple-signed versions of macOS actually have the same sideloading restrictions on iOS apps that iOS does. Which is particularly silly, because you can get around that by just compiling for Catalyst.
Yeah I agree it's a very nontrivial task but there is a difference between not doing it because it's hard or explicitly saying "fuck you, know your place"
>If you launch an owner-signed kernel, iOS app support turns itself off; and the Apple-signed versions of macOS actually have the same sideloading restrictions on iOS apps that iOS does.
Has there been an attempt to patch this out? if the supposed owner override is actually real then technically the only thing separating you from a non treacherous ios subsystem is a few conditional jumps right?
That's not to say it can't be made reasonably secure. In fact, Apple actually did it on M1 Macs[1]. The secure boot policy there includes a device-generated key that only the first admin account - the Owner account - gets, which can be used to sign new kernels for that machine only. Ergo, if you want to install Linux, you have to be logged into that Owner account. You can't steal someone's Mac, wipe it, and defeat the activation lock by installing Linux. But to get there required a lot of additional engineering work[2] - the easy path is "only our software runs on our hardware".
[0] AFAIK Android has similar security features, so they face the same threats that iOS does.
[1] T2 has a similar but less elaborate scheme. It doesn't have per-volume security guarantees - if you want to dual-boot Mac and Linux, then you have to turn off the signature check on the macOS side.
[2] Engineering work, BTW, that I'm genuinely surprised Apple put in. I imagine there were some very heated internal debates over whether or not the Mac should even have an owner override. Especially given that Apple did their darnedest to ensure that the owner override can't touch anything even remotely related to iOS. If you launch an owner-signed kernel, iOS app support turns itself off; and the Apple-signed versions of macOS actually have the same sideloading restrictions on iOS apps that iOS does. Which is particularly silly, because you can get around that by just compiling for Catalyst.