Hector Martin

This is like having an Android that can dual-boot the stock OS without OEM unlock and passing all SafetyNet checks, and also whatever custom OS you want without Gapps and anything else. Which is really cool.

So the takeaway here is: Apple have built a very clever secureboot process previously unseen in any kind of desktop computer. They make us go through hoops to boot Linux, but those hoops are there to protect normal users.

Once your Mac is set up with an OS install with permissive security, there is no phoning home or anything like that; that is just for from-scratch setups or if you need to reinstall.

It is up to us (i.e. Asahi Linux) to provide recovery mechanisms that allow you to fix a broken Linux install without having to depend on additional Apple software or do a full machine restore (and we will, don't worry).

In other words: Apple Silicon is like a Google Pixel device, but better. You need the factory OS to get to the "enable OEM unlock" toggle, and after that you're good. As long as you only mess with the installed OS (system/data partitions), you can do whatever you want.

On Android there is a signed, verified boot chain, up until the OS kernel where unlocking is possible - exactly the same as on Apple Silicon. Apple Silicon allows multiple installed OSes, and that boundary is slightly before the OS kernel (includes OS loader and some firmware).

If you truly wipe all storage on Android, you hard-brick the device (unless you can find private vendor tools to restore from a blank slate, if possible at all). On Apple Silicon you can always fix it with a documented process - but it does involve phoning home to Apple.

Apple Silicon Macs do have a separate NOR flash for core system firmware and manufacturing settings (think: serial numbers, certificates, calibration data, etc) - if you wipe *that* then you have to send the thing off to Apple to fix it. But there is no reason for us to touch NOR