The T2 coprocessor, which complements Apple iMac Pro, as well as all new Mac Mini, MacBook Pro and MacBook Air models, at the hardware level, blocks the installation of Linux and other operating systems besides MacOS and Windows 10.
So, according to the manufacturer, it is possible to ensure the most effective protection of user data from computer memory without placing them at risk of leaks or unauthorized readings by third parties.
The T2 chip ensures Mac boot security by checking each boot step with an encryption key signed by Apple. This eliminates the possibility of infiltration of unauthorized software into the device, which has long been considered to have been distributed by Linux distributions.
Even Windows booting on a computer with T2 will be blocked by default until the user manually activates the Boot Camp Assistant utility.
"This action will install the CA 2011 Production Production certificate, which is used to authenticate the Windows bootloader, but will not install the certificate UEFI, used to sign the Linix distribution, experts at Phoronix explained. "This means that until Apple decided to add this certificate, or the T2 chip was not hacked, launching Linux on the latest Apple hardware would still be impossible."
It should be noted that improving the situation and allowing Linux to be installed on a new Mac does not even allow complete deactivation of the Safe Boot utility.
The T2 chip continues to block the installation of other operating systems, except MacOS and Windows 10, which is strange, because the description of the Secure Boot security settings clearly states that the deactivation will lead to unlimited download freedom without limitation.