苹果发布了新款Mac Mini,这些产品的新硬件上都装备了苹果T2安全芯片,相关的文档显示它不能正常安装Linux操作系统,本文将为你解决这一问题,实现在新款Mac Mini中安装Linux发行版本。
背景及苹果方面的解释 苹果Mac Mini的新硬件上都装备了苹果T2安全芯片。作为Secure Enclave协处理器,能够为APFS加密磁盘、安全启动和Mac端的Touch ID提供基础安全保护。但是这层保护竟然不能支持安装Linux操作系统。
为此,苹果方面解释称: 在默认情况下,支持安全启动的Mac设备仅信任苹果签名的内容。不过,为了提高Boot Camp安装的安全性,也为Windows系统提供了安全启动。UEFI固件中包含了用于验证微软BootLoaders的Microsoft Windows Production CA 2011证书副本。 注意:目前并没有为Microsoft Corporation UEFI CA 2011(由微软合作伙伴签署验证的代码)提供信任。UEFI CA通常用于验证Linux发行版本等其他操作系统引导加载程序的可信度。 简单来说,得益于Microsoft Windows Production CA 2011证书,这些装备苹果T2安全芯片的设备能够安装微软的Windows系统,但是不能安装如Linux Mint、Ubuntu、Fedora、openSUSE Leap或者CentOS这样的Linux发行版本。
解决的办法 有不少Linux用户指出了可以在装备T2安全芯片的设备上禁用安全启动功能,这样就能安装Linux发行版本了,你可以按下面的方法做,简单的说Mac Mini用户需要访问Startup Security Utility,然后选择“No Security”选项,具体操作如下: 1、MacOS开机在看到苹果LOGO之后,立即长按Command (⌘)-R来启动macOS的Recovery。 2、在macOS Utilities窗口,从菜单栏上选择Utilities > Startup Security Utility(然后选择“No Security”选项)。
3、如果要求授权,输入macOS的密码,选择管理员账号并且输入密码。
附:Secure boot policy can be configured in one of three ways 1、Full Security: Ensures that only the current macOS, or signed operating system software currently trusted by Apple, can boot the computer. This includes Windows (if enabled via Boot Camp Assistant). This setting prevents the installation of older copies of macOS (a key component of downgrade attacks) if those copies are not still being signed by Apple. 2、Medium Security: Allows any signed operating system software ever trusted by Apple to boot the computer. This setting allows the installation of older copies of macOS even if they are not currently being signed by Apple. This method is only functional as long as the copy was previously signed by Apple and it hasn’t been tampered with. 3、No Security: Completely disables secure boot evaluation on the application processor and allows any operating system to boot the computer.
相关主题 |