Thursday, November 15, 2018

Apple’s new bootloader won’t let you install GNU/Linux

Bootloader protection that doesn’t allow an owner to decide which signatures they trust is security against the user: security that prevents the user from overriding the manufacturer, and so allows the manufacturer to lock the user in.

The chip comes with a user-inaccessible root of trust that allows for the installation of Apple and Microsoft operating systems, but not GNU/Linux and other open and free alternatives.

Google’s flagship Pixel Chromebooks come with hardware switches that can be activated during the bootup to allow their owners to change which signatures the system trusts.

Publishing tools to allow for bootloader overrides is legally risky under section 1201 of the DMCA, which provides for 5 year prison sentences and $500,000 fines (for a first offense) for anyone who trafficks in tools to override access controls for copyrighted works.