https://news.ycombinator.com/item?id=29684585
For example intel systems (and Android) run resident supervisor code you can't get rid of, and that can do remotely initiated updates you have no control over. That's not so on Apple silicon.
>In fact I'm much more sure about that than I would be with the laptops the FSF peddles as "respects your freedom"; last time I looked at the schematics for one of those, it had over a half dozen chips running secret blobs, and at least two or three of them had full access to all system RAM via a DMA capable bus. You'd have to be insane to trust that over an M1, which is designed to sandbox all coprocessors from the main CPU and RAM via IOMMUs, such that even if all firmware is backdoored it can't take over your main CPU.
Also these comments are worth considering.
The Oxide Computer folks wrote their own AMD boot loader and have an entire chain of trust and apparently (?) basically got rid of the supervisor code (Ring -2 and -3). They also have custom motherboards with third-party BMCs.
Could something similar be done on Intel?
However if that phone home feature is read only, it could always just re-root itself.
Also, I don't believe Apple has no backdoors and such. They basically made it impossible to be root on your iPhone, so you don't think they have a almighty-super-superuser mode on their laptops that only they can use? Wishful thinking if you ask me.
There’s no IP misuse and the ability to boot an arbitrary OS is an intentional part of the design of M-series Macs. The built in lag time of the current situation ensures that macOS will never have its position as the dominant OS for Mac hardware challenged. Further, doing this would stoke the flames of the already red-hot internet Apple haters and unnecessarily burn goodwill. It’d be a loss across the board.
What? Where do you get that?
Apple knows how to build an iPhone: if they wanted to lock down a Mac they would have simply done that. There's something like nine pages detailing the differences. What word describes that other than "intentional" design? The fact that you can sign and boot a third party OS isn't an "accident" if it's documented, and there's no "exploit" because this is functionality the platform supports; anyone can do it with tools already present on the (Apple-signed) recovery OS.
They certainly don't provide great support for people wanting to develop [drivers for] these operating systems, but the platform was very clearly engineered to support booting them.
[1]: https://help.apple.com/pdf/security/en_US/apple-platform-sec...
If they did, I still have macOS, an OS I can easily disable all runtime protections and security on, rig up into a kernel debugger, arbitrarily dump memory of other processes and so on. If Apple takes away our ability to easily boot alternative kernels, the tools are readily available to find...alternative ways around iBoot security, which is not ideal for Apple since iOS iBoot is mostly the same as it is on macOS.
I find it hard to believe that Apple would purposefully shoot themselves in their own feet, unless you also believe that they would lock down the Mac as much as an iPad, ever.
How could they do that? They could cease providing the facilities the project relies on in newer chips, but the existing chips, er, exist. They could stop making chips all together and go back to intel. It's not a useful hypothetical.
>Also, I don't believe Apple has no backdoors and such. They basically made it impossible to be root on your iPhone, so you don't think they have a almighty-super-superuser mode on their laptops that only they can use?
It's possible such a thing exists, of course, it's possible on intel, or AMD, or any ARM chips, or any chip at all. However such a back door, if discovered, would not be accessible only to them. It would have the same problem that all such backdoors have, in that if Apple can exploit it, others can exploit it. Apple very heavily relies on the claim that they have no such back door, and they have relied on this as a legal defence, and frankly it's hard to see how they would benefit from having such a back door. A chunk of their business model and legal liability protection depends on not having such a back door.
>Wishful thinking if you ask me.
If you say so, this is all about relative risk. However what reason might anyone have for thinking that any other platform, such as Intel with it's proprietary supervisor code with remote updatability, is more under the control of the user? There may be platforms that have a better security architecture that's more under the control of the user, but I can't think of any of the major ones that does. Which would you suggest?
And, at least in the case of their private cloud compute, they encourage third party audit of their claims and even provide a virtual research environment running an instance of their PCC on your mac.
The UK explicitly requesting a backdoor to iCloud's advanced data protection forcing Apple to pull the service instead also tells me their claims are legit.
It's certainly possible a backdoor exists in hardware instead, or elsewhere in the stack but given Apple's surprising relative openness for how they implement their privacy products & the research papers they put out I'm inclined to believe them for now. (I say relative because its not open source, which is the only way to be 100% certain, but their research papers are surprisingly in depth).
iBoot? Asahi needs iBoot to boot third-party volumes for Linux to run properly. Apple controls iBoot; if they burn an eFuse and disable third-party volumes in a "Security" update, Asahi cannot fight back.
You cannot boot macOS with an unsigned iBoot firmware, so writing your own bootloader isn't an option. If a fuse is burned, you also cannot downgrade to older firmwares. The entire system is designed to give Apple the ability to disable other OSes in a macOS update if they ever decided to.
Any manufacturer could put an eFuse in any of their hardware and lock it. No hardware can be proven not to have such exploits. That's the first point marcan makes in that post.
This is my point too, though. Do we trust Apple to not burn a hardware fuse if their community one-ups them? They've already done it on iPad and iPhone hardware when users find a boot ROM exploit. All that they'd need to do is push an update for "security" purposes, and then the new boot flow could refuse to boot into unsigned volumes or deny running unsigned bootloaders. There would be no way to downgrade.
This is basic ARM security architecture stuff, I'm a little shocked that people can't imagine how this type of lockout is possible. There are tons of commodity ARM boards that are effectively bricked and eFused to user-hostile security epochs.
When was the last time they looked at the schematics for one of the Apple machines? Oh, wait.
And I'm not even talking about drivers
To sell more hardware?
Obviously I get your point, but there's a bunch of customers who would like good ARM hardware but can't accomplish their work with macOS. It's not like Apple needs this tiny market, but it wouldn't hurt them either.
Citation needed.
In the x86 sphere it isn't that much better either, most ACPI tables are thoroughly broken if Linux announces itself as Linux and not as Windows. In fact, a lot of machines' ACPI tables barely work on Windows.