So my Nexus 6p battery was dying. I took a look at a video, and went to one of themyriad of phone repair shops that will do the whole thing for you for 60-70$. Should be good for a couple more years.
It's not just Apple. My Pixel's battery is crap and the YouTube battery replacement video I watched involved 15 minutes of using a heat gun and various small prying tools with the warning from the guy that you'll probably break your screen doing this just to get the case open.
The "case" in this case is you separating the display (thin and no reinforcement along the edges) from the rest of the body. The iFixit guide for it has you using one of their heating tools (iOpener, but you can use a heat gun as well) to loosen the adhesive enough to get an opening pick in there, but you really can't pull up much on it without possibly breaking the screen before you cut the adhesive (just enough to slip the pick in there). Oh, and you can't insert the picks too deep (about 1.5mm) or you'll also damage the display :rotate:
I'm looking at doing the battery replacement myself on my Pixel XL. I miss the days of removable batteries.
A sealed shell and spot welded and whatever are bad yes.
But when other companies actively put chips in their stuff so you cannot even crack it open or that chip will essentially cryptolocker your hard drive on purpose...
$800+ bucks for something that loses a lot of its functionality in two years seems like it should be an unsustainable business model. Hopefully.
Let me tell you about my Samsung dryer that wasn't getting hot enough after 3 years and the $800 it took to replace it.
People give Samsung so much crap. Oh, this Samsung dryer doesn't get hot enough, and this Samsung phablet gets too hot. Got damn Goldilocks consumers are impossible to please.
Samsung: Ok, we're gonna mail you a Note 7. Just throw it in the dryer with your clothes.
$800+ bucks for something that loses a lot of its functionality in two years seems like it should be an unsustainable business model. Hopefully.
Let me tell you about my Samsung dryer that wasn't getting hot enough after 3 years and the $800 it took to replace it.
People give Samsung so much crap. Oh, this Samsung dryer doesn't get hot enough, and this Samsung phablet gets too hot. Got damn Goldilocks consumers are impossible to please.
Samsung: Ok, we're gonna mail you a Note 7. Just throw it in the dryer with your clothes.
I'm not sure if this deserves an Awesome or a frustrated glare.
So my Nexus 6p battery was dying. I took a look at a video, and went to one of themyriad of phone repair shops that will do the whole thing for you for 60-70$. Should be good for a couple more years.
My impression is those are basically just volume businesses - i.e. you'll break N phones per attempt, and when you do just drop the memory/CPU into a new body and send that back to the customer.
But it's all BS - the original iPhone 3 was amazingly easy to repair - 2 screws and the screen and entire thing could be stripped right down.
It's not just Apple. My Pixel's battery is crap and the YouTube battery replacement video I watched involved 15 minutes of using a heat gun and various small prying tools with the warning from the guy that you'll probably break your screen doing this just to get the case open.
The "case" in this case is you separating the display (thin and no reinforcement along the edges) from the rest of the body. The iFixit guide for it has you using one of their heating tools (iOpener, but you can use a heat gun as well) to loosen the adhesive enough to get an opening pick in there, but you really can't pull up much on it without possibly breaking the screen before you cut the adhesive (just enough to slip the pick in there). Oh, and you can't insert the picks too deep (about 1.5mm) or you'll also damage the display :rotate:
I'm looking at doing the battery replacement myself on my Pixel XL. I miss the days of removable batteries.
A sealed shell and spot welded and whatever are bad yes.
But when other companies actively put chips in their stuff so you cannot even crack it open or that chip will essentially cryptolocker your hard drive on purpose...
It's not just Apple. My Pixel's battery is crap and the YouTube battery replacement video I watched involved 15 minutes of using a heat gun and various small prying tools with the warning from the guy that you'll probably break your screen doing this just to get the case open.
The "case" in this case is you separating the display (thin and no reinforcement along the edges) from the rest of the body. The iFixit guide for it has you using one of their heating tools (iOpener, but you can use a heat gun as well) to loosen the adhesive enough to get an opening pick in there, but you really can't pull up much on it without possibly breaking the screen before you cut the adhesive (just enough to slip the pick in there). Oh, and you can't insert the picks too deep (about 1.5mm) or you'll also damage the display :rotate:
I'm looking at doing the battery replacement myself on my Pixel XL. I miss the days of removable batteries.
A sealed shell and spot welded and whatever are bad yes.
But when other companies actively put chips in their stuff so you cannot even crack it open or that chip will essentially cryptolocker your hard drive on purpose...
Who's doing that? Obviously flown under my radar.
First revealed last month by MacRumors and Motherboard, both of which got their hands on an internal Apple document, the T2 chip could render a computer inoperable if, say, the logic board is replaced, unless the chip recognizes a special piece of diagnostic software has been run.
A bit of an exaggeration by me, but the secure boot options means a Linux install can't access internal storage and doing repairs on a Mac without their proprietary software means the computer will likely become unusable.
0
syndalisGetting ClassyOn the WallRegistered User, Loves Apple Productsregular
It's not just Apple. My Pixel's battery is crap and the YouTube battery replacement video I watched involved 15 minutes of using a heat gun and various small prying tools with the warning from the guy that you'll probably break your screen doing this just to get the case open.
The "case" in this case is you separating the display (thin and no reinforcement along the edges) from the rest of the body. The iFixit guide for it has you using one of their heating tools (iOpener, but you can use a heat gun as well) to loosen the adhesive enough to get an opening pick in there, but you really can't pull up much on it without possibly breaking the screen before you cut the adhesive (just enough to slip the pick in there). Oh, and you can't insert the picks too deep (about 1.5mm) or you'll also damage the display :rotate:
I'm looking at doing the battery replacement myself on my Pixel XL. I miss the days of removable batteries.
A sealed shell and spot welded and whatever are bad yes.
But when other companies actively put chips in their stuff so you cannot even crack it open or that chip will essentially cryptolocker your hard drive on purpose...
Who's doing that? Obviously flown under my radar.
First revealed last month by MacRumors and Motherboard, both of which got their hands on an internal Apple document, the T2 chip could render a computer inoperable if, say, the logic board is replaced, unless the chip recognizes a special piece of diagnostic software has been run.
A bit of an exaggeration by me, but the secure boot options means a Linux install can't access internal storage and doing repairs on a Mac without their proprietary software means the computer will likely become unusable.
That's what encrypted plus secure boot means, though.
when you turn that option on, you have effectively locked that volume out from external means to access it outside of the secure boot.
Thats working as intended. If an employee laptop gets stolen, I am super glad the likelyhood of said thief getting into the data is significantly lower.
SW-4158-3990-6116
Let's play Mario Kart or something...
It's not just Apple. My Pixel's battery is crap and the YouTube battery replacement video I watched involved 15 minutes of using a heat gun and various small prying tools with the warning from the guy that you'll probably break your screen doing this just to get the case open.
The "case" in this case is you separating the display (thin and no reinforcement along the edges) from the rest of the body. The iFixit guide for it has you using one of their heating tools (iOpener, but you can use a heat gun as well) to loosen the adhesive enough to get an opening pick in there, but you really can't pull up much on it without possibly breaking the screen before you cut the adhesive (just enough to slip the pick in there). Oh, and you can't insert the picks too deep (about 1.5mm) or you'll also damage the display :rotate:
I'm looking at doing the battery replacement myself on my Pixel XL. I miss the days of removable batteries.
A sealed shell and spot welded and whatever are bad yes.
But when other companies actively put chips in their stuff so you cannot even crack it open or that chip will essentially cryptolocker your hard drive on purpose...
Who's doing that? Obviously flown under my radar.
First revealed last month by MacRumors and Motherboard, both of which got their hands on an internal Apple document, the T2 chip could render a computer inoperable if, say, the logic board is replaced, unless the chip recognizes a special piece of diagnostic software has been run.
A bit of an exaggeration by me, but the secure boot options means a Linux install can't access internal storage and doing repairs on a Mac without their proprietary software means the computer will likely become unusable.
That's what encrypted plus secure boot means, though.
when you turn that option on, you have effectively locked that volume out from external means to access it outside of the secure boot.
Thats working as intended. If an employee laptop gets stolen, I am super glad the likelyhood of said thief getting into the data is significantly lower.
"Working as intended."
When secure boot is turned off it locks out the volume from use. That means if the user, owner, and purchaser of the product disables Secure Boot, Apple says "nope."
You cannot use Linux on the internal storage. A LOT of people use Linux on Mac products.
Which I would assume is also working as intended.
jungleroomx on
+1
syndalisGetting ClassyOn the WallRegistered User, Loves Apple Productsregular
It's not just Apple. My Pixel's battery is crap and the YouTube battery replacement video I watched involved 15 minutes of using a heat gun and various small prying tools with the warning from the guy that you'll probably break your screen doing this just to get the case open.
The "case" in this case is you separating the display (thin and no reinforcement along the edges) from the rest of the body. The iFixit guide for it has you using one of their heating tools (iOpener, but you can use a heat gun as well) to loosen the adhesive enough to get an opening pick in there, but you really can't pull up much on it without possibly breaking the screen before you cut the adhesive (just enough to slip the pick in there). Oh, and you can't insert the picks too deep (about 1.5mm) or you'll also damage the display :rotate:
I'm looking at doing the battery replacement myself on my Pixel XL. I miss the days of removable batteries.
A sealed shell and spot welded and whatever are bad yes.
But when other companies actively put chips in their stuff so you cannot even crack it open or that chip will essentially cryptolocker your hard drive on purpose...
Who's doing that? Obviously flown under my radar.
First revealed last month by MacRumors and Motherboard, both of which got their hands on an internal Apple document, the T2 chip could render a computer inoperable if, say, the logic board is replaced, unless the chip recognizes a special piece of diagnostic software has been run.
A bit of an exaggeration by me, but the secure boot options means a Linux install can't access internal storage and doing repairs on a Mac without their proprietary software means the computer will likely become unusable.
That's what encrypted plus secure boot means, though.
when you turn that option on, you have effectively locked that volume out from external means to access it outside of the secure boot.
Thats working as intended. If an employee laptop gets stolen, I am super glad the likelyhood of said thief getting into the data is significantly lower.
"Working as intended."
When secure boot is turned off it locks out the volume from use. That means if the user, owner, and purchaser of the product disables Secure Boot, Apple says "nope."
You cannot use Linux on the internal storage. A LOT of people use Linux on Mac products.
Which I would assume is also working as intended.
Dude, not true. You can easily install linux on modern macs. well, as easily as any linux install on an EFI-based system would be anyways.
The thing the article actually states, not the hyperbole you started this specific thread on is, that you cannot replace the touch ID sensor or the logic board outside of an apple certified or apple support environment. This 100% has to do with them protecting the secure enclave / encryption. Every other component can be swapped or replaced without their software.
This also very clearly falls into the camp of if this is deal breaker for you because you see yourself wanting to swap the motherboard or touch sensor in your laptop, then there are other manufacturers. This is FAR less egregious in my mind then other stuff they (and others) do like gluing cases shut and designing cables that break when you open the case.
SW-4158-3990-6116
Let's play Mario Kart or something...
0
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
It's not just Apple. My Pixel's battery is crap and the YouTube battery replacement video I watched involved 15 minutes of using a heat gun and various small prying tools with the warning from the guy that you'll probably break your screen doing this just to get the case open.
The "case" in this case is you separating the display (thin and no reinforcement along the edges) from the rest of the body. The iFixit guide for it has you using one of their heating tools (iOpener, but you can use a heat gun as well) to loosen the adhesive enough to get an opening pick in there, but you really can't pull up much on it without possibly breaking the screen before you cut the adhesive (just enough to slip the pick in there). Oh, and you can't insert the picks too deep (about 1.5mm) or you'll also damage the display :rotate:
I'm looking at doing the battery replacement myself on my Pixel XL. I miss the days of removable batteries.
A sealed shell and spot welded and whatever are bad yes.
But when other companies actively put chips in their stuff so you cannot even crack it open or that chip will essentially cryptolocker your hard drive on purpose...
Who's doing that? Obviously flown under my radar.
First revealed last month by MacRumors and Motherboard, both of which got their hands on an internal Apple document, the T2 chip could render a computer inoperable if, say, the logic board is replaced, unless the chip recognizes a special piece of diagnostic software has been run.
A bit of an exaggeration by me, but the secure boot options means a Linux install can't access internal storage and doing repairs on a Mac without their proprietary software means the computer will likely become unusable.
That's what encrypted plus secure boot means, though.
when you turn that option on, you have effectively locked that volume out from external means to access it outside of the secure boot.
Thats working as intended. If an employee laptop gets stolen, I am super glad the likelyhood of said thief getting into the data is significantly lower.
"Working as intended."
When secure boot is turned off it locks out the volume from use. That means if the user, owner, and purchaser of the product disables Secure Boot, Apple says "nope."
You cannot use Linux on the internal storage. A LOT of people use Linux on Mac products.
Which I would assume is also working as intended.
Dude, not true. You can easily install linux on modern macs. well, as easily as any linux install on an EFI-based system would be anyways.
The thing the article actually states, not the hyperbole you started this specific thread on is, that you cannot replace the touch ID sensor or the logic board outside of an apple certified or apple support environment. This 100% has to do with them protecting the secure enclave / encryption. Every other component can be swapped or replaced without their software.
This also very clearly falls into the camp of if this is deal breaker for you because you see yourself wanting to swap the motherboard or touch sensor in your laptop, then there are other manufacturers. This is FAR less egregious in my mind then other stuff they (and others) do like gluing cases shut and designing cables that break when you open the case.
Or hard wiring the storage to the logic board and not allowing even approved Apple service providers to pull the data from it?
Macs prevent the boot because it does not include the UEFI certificate for Linux.
Upon disabling that, Linux has no access to internal storage if it does boot.
So technically sure you can, but only technically
jungleroomx on
+1
syndalisGetting ClassyOn the WallRegistered User, Loves Apple Productsregular
It's not just Apple. My Pixel's battery is crap and the YouTube battery replacement video I watched involved 15 minutes of using a heat gun and various small prying tools with the warning from the guy that you'll probably break your screen doing this just to get the case open.
The "case" in this case is you separating the display (thin and no reinforcement along the edges) from the rest of the body. The iFixit guide for it has you using one of their heating tools (iOpener, but you can use a heat gun as well) to loosen the adhesive enough to get an opening pick in there, but you really can't pull up much on it without possibly breaking the screen before you cut the adhesive (just enough to slip the pick in there). Oh, and you can't insert the picks too deep (about 1.5mm) or you'll also damage the display :rotate:
I'm looking at doing the battery replacement myself on my Pixel XL. I miss the days of removable batteries.
A sealed shell and spot welded and whatever are bad yes.
But when other companies actively put chips in their stuff so you cannot even crack it open or that chip will essentially cryptolocker your hard drive on purpose...
Who's doing that? Obviously flown under my radar.
First revealed last month by MacRumors and Motherboard, both of which got their hands on an internal Apple document, the T2 chip could render a computer inoperable if, say, the logic board is replaced, unless the chip recognizes a special piece of diagnostic software has been run.
A bit of an exaggeration by me, but the secure boot options means a Linux install can't access internal storage and doing repairs on a Mac without their proprietary software means the computer will likely become unusable.
That's what encrypted plus secure boot means, though.
when you turn that option on, you have effectively locked that volume out from external means to access it outside of the secure boot.
Thats working as intended. If an employee laptop gets stolen, I am super glad the likelyhood of said thief getting into the data is significantly lower.
"Working as intended."
When secure boot is turned off it locks out the volume from use. That means if the user, owner, and purchaser of the product disables Secure Boot, Apple says "nope."
You cannot use Linux on the internal storage. A LOT of people use Linux on Mac products.
Which I would assume is also working as intended.
Dude, not true. You can easily install linux on modern macs. well, as easily as any linux install on an EFI-based system would be anyways.
The thing the article actually states, not the hyperbole you started this specific thread on is, that you cannot replace the touch ID sensor or the logic board outside of an apple certified or apple support environment. This 100% has to do with them protecting the secure enclave / encryption. Every other component can be swapped or replaced without their software.
This also very clearly falls into the camp of if this is deal breaker for you because you see yourself wanting to swap the motherboard or touch sensor in your laptop, then there are other manufacturers. This is FAR less egregious in my mind then other stuff they (and others) do like gluing cases shut and designing cables that break when you open the case.
Or hard wiring the storage to the logic board and not allowing even approved Apple service providers to pull the data from it?
So long as it is not encrypted, you can boot a modern mac up in such a way that you can access the storage using a USB-c cable. I know this because I have done this.
If the storage is encrypted, then yes, tough shit. Nobody is getting in. That's the point.
SW-4158-3990-6116
Let's play Mario Kart or something...
0
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
It's not just Apple. My Pixel's battery is crap and the YouTube battery replacement video I watched involved 15 minutes of using a heat gun and various small prying tools with the warning from the guy that you'll probably break your screen doing this just to get the case open.
The "case" in this case is you separating the display (thin and no reinforcement along the edges) from the rest of the body. The iFixit guide for it has you using one of their heating tools (iOpener, but you can use a heat gun as well) to loosen the adhesive enough to get an opening pick in there, but you really can't pull up much on it without possibly breaking the screen before you cut the adhesive (just enough to slip the pick in there). Oh, and you can't insert the picks too deep (about 1.5mm) or you'll also damage the display :rotate:
I'm looking at doing the battery replacement myself on my Pixel XL. I miss the days of removable batteries.
A sealed shell and spot welded and whatever are bad yes.
But when other companies actively put chips in their stuff so you cannot even crack it open or that chip will essentially cryptolocker your hard drive on purpose...
Who's doing that? Obviously flown under my radar.
First revealed last month by MacRumors and Motherboard, both of which got their hands on an internal Apple document, the T2 chip could render a computer inoperable if, say, the logic board is replaced, unless the chip recognizes a special piece of diagnostic software has been run.
A bit of an exaggeration by me, but the secure boot options means a Linux install can't access internal storage and doing repairs on a Mac without their proprietary software means the computer will likely become unusable.
That's what encrypted plus secure boot means, though.
when you turn that option on, you have effectively locked that volume out from external means to access it outside of the secure boot.
Thats working as intended. If an employee laptop gets stolen, I am super glad the likelyhood of said thief getting into the data is significantly lower.
"Working as intended."
When secure boot is turned off it locks out the volume from use. That means if the user, owner, and purchaser of the product disables Secure Boot, Apple says "nope."
You cannot use Linux on the internal storage. A LOT of people use Linux on Mac products.
Which I would assume is also working as intended.
Dude, not true. You can easily install linux on modern macs. well, as easily as any linux install on an EFI-based system would be anyways.
The thing the article actually states, not the hyperbole you started this specific thread on is, that you cannot replace the touch ID sensor or the logic board outside of an apple certified or apple support environment. This 100% has to do with them protecting the secure enclave / encryption. Every other component can be swapped or replaced without their software.
This also very clearly falls into the camp of if this is deal breaker for you because you see yourself wanting to swap the motherboard or touch sensor in your laptop, then there are other manufacturers. This is FAR less egregious in my mind then other stuff they (and others) do like gluing cases shut and designing cables that break when you open the case.
Or hard wiring the storage to the logic board and not allowing even approved Apple service providers to pull the data from it?
So long as it is not encrypted, you can boot a modern mac up in such a way that you can access the storage using a USB-c cable. I know this because I have done this.
If the storage is encrypted, then yes, tough shit. Nobody is getting in. That's the point.
No, as in
If the logic board goes, your data is fucking toast.
+2
syndalisGetting ClassyOn the WallRegistered User, Loves Apple Productsregular
It's not just Apple. My Pixel's battery is crap and the YouTube battery replacement video I watched involved 15 minutes of using a heat gun and various small prying tools with the warning from the guy that you'll probably break your screen doing this just to get the case open.
The "case" in this case is you separating the display (thin and no reinforcement along the edges) from the rest of the body. The iFixit guide for it has you using one of their heating tools (iOpener, but you can use a heat gun as well) to loosen the adhesive enough to get an opening pick in there, but you really can't pull up much on it without possibly breaking the screen before you cut the adhesive (just enough to slip the pick in there). Oh, and you can't insert the picks too deep (about 1.5mm) or you'll also damage the display :rotate:
I'm looking at doing the battery replacement myself on my Pixel XL. I miss the days of removable batteries.
A sealed shell and spot welded and whatever are bad yes.
But when other companies actively put chips in their stuff so you cannot even crack it open or that chip will essentially cryptolocker your hard drive on purpose...
Who's doing that? Obviously flown under my radar.
First revealed last month by MacRumors and Motherboard, both of which got their hands on an internal Apple document, the T2 chip could render a computer inoperable if, say, the logic board is replaced, unless the chip recognizes a special piece of diagnostic software has been run.
A bit of an exaggeration by me, but the secure boot options means a Linux install can't access internal storage and doing repairs on a Mac without their proprietary software means the computer will likely become unusable.
That's what encrypted plus secure boot means, though.
when you turn that option on, you have effectively locked that volume out from external means to access it outside of the secure boot.
Thats working as intended. If an employee laptop gets stolen, I am super glad the likelyhood of said thief getting into the data is significantly lower.
"Working as intended."
When secure boot is turned off it locks out the volume from use. That means if the user, owner, and purchaser of the product disables Secure Boot, Apple says "nope."
You cannot use Linux on the internal storage. A LOT of people use Linux on Mac products.
Which I would assume is also working as intended.
Dude, not true. You can easily install linux on modern macs. well, as easily as any linux install on an EFI-based system would be anyways.
The thing the article actually states, not the hyperbole you started this specific thread on is, that you cannot replace the touch ID sensor or the logic board outside of an apple certified or apple support environment. This 100% has to do with them protecting the secure enclave / encryption. Every other component can be swapped or replaced without their software.
This also very clearly falls into the camp of if this is deal breaker for you because you see yourself wanting to swap the motherboard or touch sensor in your laptop, then there are other manufacturers. This is FAR less egregious in my mind then other stuff they (and others) do like gluing cases shut and designing cables that break when you open the case.
Or hard wiring the storage to the logic board and not allowing even approved Apple service providers to pull the data from it?
So long as it is not encrypted, you can boot a modern mac up in such a way that you can access the storage using a USB-c cable. I know this because I have done this.
If the storage is encrypted, then yes, tough shit. Nobody is getting in. That's the point.
No, as in
If the logic board goes, your data is fucking toast.
If the SSD goes, your data is fucking toast.
If your bitlocker gets corrupted, your data is fucking toast.
If someone steals your laptop, your data is fucking toast.
If you house burns down, your data is fucking toast.
Like, there are numerous fail points that are alleviated with local and/or cloud backups. People losing everything because their entire life lived on a single storage unit in their laptop is mostly a thing of the past for anyone even remotely concerned about this. I am 100% fine with encrypted drives becoming inaccessible when things go south. This is a security > convenience thing for sure, but its a valid choice.
SW-4158-3990-6116
Let's play Mario Kart or something...
0
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
edited January 2019
Yes, hard drive failures happen. But a hard drive failures shouldn't destroy my RAM or vice versa.
It's a shitty policy done to eek out money at the genius bar and not for user security. Apple admitting that repairs cost them money makes sense when you look at the ridiculous amount of money they charge to fix things they purposely make hard/impossible to fix for no reason.
jungleroomx on
+7
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
Also I do love that the solution to Apples fuckery is to pay them more money for cloud storage.
What a bunch of fucking assholes.
+1
syndalisGetting ClassyOn the WallRegistered User, Loves Apple Productsregular
Bowing out. You get way too hot on this.
SW-4158-3990-6116
Let's play Mario Kart or something...
If you have a (Microsoft) bitlockered hard drive and your logic board/TPM chip are toast you're also not getting that data back, unless you have the extremely long recovery/encryption keys.
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
If you have a (Microsoft) bitlockered hard drive and your logic board/TPM chip are toast you're also not getting that data back, unless you have the extremely long recovery/encryption keys.
The recovery key is, like, 25-30 numerals.
You are provided with the option to print or save the key when you encrypt the drive.
edit: you can mount a bitlockered drive on any device running windows or linux, as long as you have the recovery key.
If you have a (Microsoft) bitlockered hard drive and your logic board/TPM chip are toast you're also not getting that data back, unless you have the extremely long recovery/encryption keys.
It's not extremely long. The recovery key is, like, 25-30 numerals.
You are provided with the option to print or save the key when you encrypt the drive.
Yeah but it's not something one could like, memorize or guess.
Fun fact, I once lost all of a user's local data by forgetting to turn bitlocker off before upgrading their BIOS. Whoops.
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
If you have a (Microsoft) bitlockered hard drive and your logic board/TPM chip are toast you're also not getting that data back, unless you have the extremely long recovery/encryption keys.
It's not extremely long. The recovery key is, like, 25-30 numerals.
You are provided with the option to print or save the key when you encrypt the drive.
Yeah but it's not something one could like, memorize or guess.
Fun fact, I once lost all of a user's local data by forgetting to turn bitlocker off before upgrading their BIOS. Whoops.
Yeah, you can't guess them. Because it's something that by definition you can't lock out. It needs to be hard to crack, and humans don't choose passwords that are hard to crack.
It is also something you'd only need during an emergency. And humans are not capable of memorizing something they might possibly need once at some point during the lifetime of a computer.
So, microsoft tells you to save them securely. Pretty much forces you to do it when you enable bitlocker, and gives you the ability to recover the key if the device is working and you have an admin account.
I work in a Windows shop, and all our PCs are encrypted using bitlocker. We backup hard and soft copies of all the recovery keys, and they get stored in different locations. Because if you lose them you lose your data.
It works okay, except that just using the TPM isn't exactly enough. Because the key gets read out of the TPM and then stored in memory, if you dicker with the hardware(add things to the MoBo) to prevent the bios from being able to clear the RAM during the POST process, you can recover the key from the memory and break bitlocker unless a second usb keystore or PIN is used.
While Apple is aggressively crap on user serviceability, this (and some other similar theoretical attacks) aren't possible. (I think) All of the keys and decryption stay in the T2 chip. Their devices are more secure. Their devices are generally delivered to the user in a much more secure state.
redx on
They moistly come out at night, moistly.
+3
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
If you have a (Microsoft) bitlockered hard drive and your logic board/TPM chip are toast you're also not getting that data back, unless you have the extremely long recovery/encryption keys.
You can keep your bitlocker recovery keys on a recovery flash drive. Which I do.
You can also turn off bitlocker and still be able to dual boot or just flat out install Linux on your user replaceable storage media.
If you have a (Microsoft) bitlockered hard drive and your logic board/TPM chip are toast you're also not getting that data back, unless you have the extremely long recovery/encryption keys.
You can keep your bitlocker recovery keys on a recovery flash drive. Which I do.
You can also turn off bitlocker and still be able to dual boot or just flat out install Linux on your user replaceable storage media.
Well... you can let your windows install do that, but totally commercially available usb/cd images will cause windows to ignore checks for all your local passwords when you boot from it.
If you check the little box where boot media need to be signed, neither this nor linux boot disk(at the very least most linux boot disks anyway) will not work.
redx on
They moistly come out at night, moistly.
0
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
Okay so this has gone a field of the original intent.
Bringing it back to the original point of locking down storage and the reality of hardware, there are 2 things which account for the vast majority of cascading hardware failures (i.e. not just a single component dying/taking out it's own interface), and that's a motherboard failure or a power supply failure. However, most of the time in modern hardware, they are usually contained with modern safeguards.
But now, the actual reality of Apples current design is that if anything happens to your CPU, logic board, RAM, or other components, all of your data is gone.
Fwish.
The port that Apple used to have on their logic boards that would allow for retrieval of data by Genius bar employees is also gone and I have not heard of any backup or other solution available to retrieve data once a Mac can no longer boot.
And from what I understand, it's not exactly cheap to fix these problems. Especially with all of the internally soldered components and the T2 chip preventing any kind of boot up without a proprietary bit of software that Apple hasn't even given their authorized service providers if any components are replaced, even with Apple approved parts.
There isn't an analogous situation for this kind of lockdown by any other company, but rest assured if these locked down consumer products sell well it will be the green light for other companies to follow suit.
0
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
Further, nothing anyone has said justifies turning all the individual components of the computer into 9-10 single points of (expensive) failure.
You can have all the security in the world with removable media and other components. Hardwiring everything then locking it down with the T2 is just anti-repair and anti-consumer.
Because accordingto their documentation not only can you turn it off entirely, it doesn't appear to be on by default and you are given manual recovery keys when you turn it on.
Aioua on
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
0
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
Because accordingto their documentation not only can you turn it off entirely, it doesn't appear to be on by default and you are given manual recovery keys when you turn it on.
Because accordingto their documentation not only can you turn it off entirely, it doesn't appear to be on by default and you are given manual recovery keys when you turn it on.
"Thanks to the new SSD controller, the T2 automatically encrypts your drive regardless of whether you have FileVault on or not"]Thanks to the new SSD controller, the T2 automatically encrypts your drive regardless of whether you have FileVault on or not"
Ah ok yeah it looks like the T2 runs its own layer of encryption that is always on and the only keys are hardware based. You can FileVault on top of that. So if you had both and Mac was busted, the Apple store could extract the data (assuming the relevant parts of the logic board weren't fried) and then you'd need to use the FileVault key on the data they extracted to get it back to plaintext. If the Mac is well and truly hardware fucked then there's nothing you can do to get that data.
Yeah I will say that is consumer unfriendly. There's no reason to have forced encryption built only on unextractable keys in the hardware, expect to further lock down their already very locked down platform.
The encryption is useful for the end user but it could just use the FileVault system where you can get the key and like, have you turn it on as part of setup ("hey we're encrypting the drive for your protection, the keys are tied to your Apple account which you already entered, press OK to continue or click advanced to do skip encryption/get a numeric key")
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
+2
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
edited January 2019
@Aioua they removed the ability to pull the data from the drive. The port they used to use is gone. Once the Mac can't boot up any and all data on the internal storage is gone.
It looks like you can still pull it, just not directly. So enough of the computer needs to be working to keep the T2 chip happy and thinking it's still all the same hardware. And presumedly it being mediated by T2 means Apple can keep that diagnostic software locked down, so a home user/3rd party shop can't use it.
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
0
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
It looks like you can still pull it, just not directly. So enough of the computer needs to be working to keep the T2 chip happy and thinking it's still all the same hardware. And presumedly it being mediated by T2 means Apple can keep that diagnostic software locked down, so a home user/3rd party shop can't use it.
Oh yeah they won't give the T2 software out to even their certified 3rd party shops.
I'm also pretty sure that you can't simply back it up to external storage since it's encrypted. It really does look like the cheapest method is shelling out money to Apple to use iCloud, which to me feels kind of skeezy to force people on to a platform because you've locked them down so much involuntarily.
I mean I've got a whole other complaint about how this violates the hell out of basic security theory (confidentiality/integrity/availability) for nebulous reasons, but my biggest takeaway is that if you really require security this strict for the data you use, using generalized consumer products is probably your first mistake.
*Casually waves towards the US Govt using Dells with Windows as an example of said mistake*
It looks like you can still pull it, just not directly. So enough of the computer needs to be working to keep the T2 chip happy and thinking it's still all the same hardware. And presumedly it being mediated by T2 means Apple can keep that diagnostic software locked down, so a home user/3rd party shop can't use it.
Oh yeah they won't give the T2 software out to even their certified 3rd party shops.
I'm also pretty sure that you can't simply back it up to external storage since it's encrypted. It really does look like the cheapest method is shelling out money to Apple to use iCloud, which to me feels kind of skeezy to force people on to a platform because you've locked them down so much involuntarily.
I mean I've got a whole other complaint about how this violates the hell out of basic security theory (confidentiality/integrity/availability) for nebulous reasons, but my biggest takeaway is that if you really require security this strict for the data you use, using generalized consumer products is probably your first mistake.
*Casually waves towards the US Govt using Dells with Windows as an example of said mistake*
As you have mentioned several times, backups are the appropriate compensating control for lack for availability.
But yeah, these are more restricted than the DoD requires by a whole bunch and it is kinda ridiculous.
redx on
They moistly come out at night, moistly.
0
jungleroomxIt's never too many graves, it's always not enough shovelsRegistered Userregular
It looks like you can still pull it, just not directly. So enough of the computer needs to be working to keep the T2 chip happy and thinking it's still all the same hardware. And presumedly it being mediated by T2 means Apple can keep that diagnostic software locked down, so a home user/3rd party shop can't use it.
Oh yeah they won't give the T2 software out to even their certified 3rd party shops.
I'm also pretty sure that you can't simply back it up to external storage since it's encrypted. It really does look like the cheapest method is shelling out money to Apple to use iCloud, which to me feels kind of skeezy to force people on to a platform because you've locked them down so much involuntarily.
I mean I've got a whole other complaint about how this violates the hell out of basic security theory (confidentiality/integrity/availability) for nebulous reasons, but my biggest takeaway is that if you really require security this strict for the data you use, using generalized consumer products is probably your first mistake.
*Casually waves towards the US Govt using Dells with Windows as an example of said mistake*
As you have mentioned several times, backups are the appropriate compensating control for lack for availability.
But yeah, these are more restricted than the DoD requires by a whole bunch and it is kinda ridiculous.
We'll see, here's one reason why the DoD doesn't use biometrics on their stuff:
If the key to unlocking a computer is your face, then someone hell bent on getting what's in it will also just take your face.
It's grim but it's a big reason they use CAC cards and not fingerprint scanners or face recognition on most standard issue stuff.
It looks like you can still pull it, just not directly. So enough of the computer needs to be working to keep the T2 chip happy and thinking it's still all the same hardware. And presumedly it being mediated by T2 means Apple can keep that diagnostic software locked down, so a home user/3rd party shop can't use it.
Oh yeah they won't give the T2 software out to even their certified 3rd party shops.
I'm also pretty sure that you can't simply back it up to external storage since it's encrypted. It really does look like the cheapest method is shelling out money to Apple to use iCloud, which to me feels kind of skeezy to force people on to a platform because you've locked them down so much involuntarily.
I mean I've got a whole other complaint about how this violates the hell out of basic security theory (confidentiality/integrity/availability) for nebulous reasons, but my biggest takeaway is that if you really require security this strict for the data you use, using generalized consumer products is probably your first mistake.
*Casually waves towards the US Govt using Dells with Windows as an example of said mistake*
You can still back up to external storage. The disk being encrypted isn't magic, the OS layer still needs to see plaintext. Once you're all booted then Time Machine or any backup software of your choosing or just rsync will do the job just fine.
life's a game that you're bound to lose / like using a hammer to pound in screws
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
I once tried to check my work email while on vacation. I was in a city with an office, but despite being on a borrowed corp-managed laptop on a corp wifi network I couldn't log in because I was missing a hardware token attached to my account
That level of security is fine for a corporation. Losing everything by default if the hardware dies is not a great move. Completely disabling access to internal hardware if not running an approved OS is also not a great move
Sure, you can technically disable secure boot, but you still have no access to the internal SSD and only allowing external booting for non-blessed os installs is pretty anti-consumer. There is never any way to access internal storage unless you are apple or win10 via bootcamp, the t2 simply pretends it doesn't exist
Well, at least the Aus government's 'anti-encryption' law will likely force Apple and all to make it easier to pull any corporation controlled encryption keys off hardware.
Or at least it will attempt to do so.
Not sure how much assistance Apple and all will provide in actually doing this, but at least our secret courts can ask.
syndalisGetting ClassyOn the WallRegistered User, Loves Apple Productsregular
The only allowing external booting for non blessed OSs thing isn’t true, you can dual boot any variant of Linux, Windows, etc where drivers exist for the machine.
It’s slightly trickier to install linux because macs are not bog-standard PCs and you have to contend with an EFI boot, but there are prepackaged ISOs out there if you want to install Ubuntu into the internal SSD.
SW-4158-3990-6116
Let's play Mario Kart or something...
The only allowing external booting for non blessed OSs thing isn’t true, you can dual boot any variant of Linux, Windows, etc where drivers exist for the machine.
It’s slightly trickier to install linux because macs are not bog-standard PCs and you have to contend with an EFI boot, but there are prepackaged ISOs out there if you want to install Ubuntu into the internal SSD.
It's not having to deal with EFI, it's secure boot certificates. You can change boot camp settings to allow the microsoft certificate used for windows but not the microsoft certificate used by shim. So you have to completely disable secure boot.
Posts
A sealed shell and spot welded and whatever are bad yes.
But when other companies actively put chips in their stuff so you cannot even crack it open or that chip will essentially cryptolocker your hard drive on purpose...
Samsung: Ok, we're gonna mail you a Note 7. Just throw it in the dryer with your clothes.
I'm not sure if this deserves an Awesome or a frustrated glare.
I hate you all
My impression is those are basically just volume businesses - i.e. you'll break N phones per attempt, and when you do just drop the memory/CPU into a new body and send that back to the customer.
But it's all BS - the original iPhone 3 was amazingly easy to repair - 2 screws and the screen and entire thing could be stripped right down.
Who's doing that? Obviously flown under my radar.
Steam | XBL
https://www.google.com/amp/s/www.theverge.com/platform/amp/2018/11/12/18077166/apple-macbook-air-mac-mini-t2-chip-security-repair-replacement-tool
A bit of an exaggeration by me, but the secure boot options means a Linux install can't access internal storage and doing repairs on a Mac without their proprietary software means the computer will likely become unusable.
That's what encrypted plus secure boot means, though.
when you turn that option on, you have effectively locked that volume out from external means to access it outside of the secure boot.
Thats working as intended. If an employee laptop gets stolen, I am super glad the likelyhood of said thief getting into the data is significantly lower.
Let's play Mario Kart or something...
Steam | XBL
"Working as intended."
When secure boot is turned off it locks out the volume from use. That means if the user, owner, and purchaser of the product disables Secure Boot, Apple says "nope."
You cannot use Linux on the internal storage. A LOT of people use Linux on Mac products.
Which I would assume is also working as intended.
Dude, not true. You can easily install linux on modern macs. well, as easily as any linux install on an EFI-based system would be anyways.
The thing the article actually states, not the hyperbole you started this specific thread on is, that you cannot replace the touch ID sensor or the logic board outside of an apple certified or apple support environment. This 100% has to do with them protecting the secure enclave / encryption. Every other component can be swapped or replaced without their software.
This also very clearly falls into the camp of if this is deal breaker for you because you see yourself wanting to swap the motherboard or touch sensor in your laptop, then there are other manufacturers. This is FAR less egregious in my mind then other stuff they (and others) do like gluing cases shut and designing cables that break when you open the case.
Let's play Mario Kart or something...
Or hard wiring the storage to the logic board and not allowing even approved Apple service providers to pull the data from it?
Macs prevent the boot because it does not include the UEFI certificate for Linux.
Upon disabling that, Linux has no access to internal storage if it does boot.
So technically sure you can, but only technically
So long as it is not encrypted, you can boot a modern mac up in such a way that you can access the storage using a USB-c cable. I know this because I have done this.
If the storage is encrypted, then yes, tough shit. Nobody is getting in. That's the point.
Let's play Mario Kart or something...
No, as in
If the logic board goes, your data is fucking toast.
If the SSD goes, your data is fucking toast.
If your bitlocker gets corrupted, your data is fucking toast.
If someone steals your laptop, your data is fucking toast.
If you house burns down, your data is fucking toast.
Like, there are numerous fail points that are alleviated with local and/or cloud backups. People losing everything because their entire life lived on a single storage unit in their laptop is mostly a thing of the past for anyone even remotely concerned about this. I am 100% fine with encrypted drives becoming inaccessible when things go south. This is a security > convenience thing for sure, but its a valid choice.
Let's play Mario Kart or something...
It's a shitty policy done to eek out money at the genius bar and not for user security. Apple admitting that repairs cost them money makes sense when you look at the ridiculous amount of money they charge to fix things they purposely make hard/impossible to fix for no reason.
What a bunch of fucking assholes.
Let's play Mario Kart or something...
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
The recovery key is, like, 25-30 numerals.
You are provided with the option to print or save the key when you encrypt the drive.
edit: you can mount a bitlockered drive on any device running windows or linux, as long as you have the recovery key.
Yeah but it's not something one could like, memorize or guess.
Fun fact, I once lost all of a user's local data by forgetting to turn bitlocker off before upgrading their BIOS. Whoops.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Yeah, you can't guess them. Because it's something that by definition you can't lock out. It needs to be hard to crack, and humans don't choose passwords that are hard to crack.
It is also something you'd only need during an emergency. And humans are not capable of memorizing something they might possibly need once at some point during the lifetime of a computer.
So, microsoft tells you to save them securely. Pretty much forces you to do it when you enable bitlocker, and gives you the ability to recover the key if the device is working and you have an admin account.
I work in a Windows shop, and all our PCs are encrypted using bitlocker. We backup hard and soft copies of all the recovery keys, and they get stored in different locations. Because if you lose them you lose your data.
It works okay, except that just using the TPM isn't exactly enough. Because the key gets read out of the TPM and then stored in memory, if you dicker with the hardware(add things to the MoBo) to prevent the bios from being able to clear the RAM during the POST process, you can recover the key from the memory and break bitlocker unless a second usb keystore or PIN is used.
While Apple is aggressively crap on user serviceability, this (and some other similar theoretical attacks) aren't possible. (I think) All of the keys and decryption stay in the T2 chip. Their devices are more secure. Their devices are generally delivered to the user in a much more secure state.
You can keep your bitlocker recovery keys on a recovery flash drive. Which I do.
You can also turn off bitlocker and still be able to dual boot or just flat out install Linux on your user replaceable storage media.
Well... you can let your windows install do that, but totally commercially available usb/cd images will cause windows to ignore checks for all your local passwords when you boot from it.
If you check the little box where boot media need to be signed, neither this nor linux boot disk(at the very least most linux boot disks anyway) will not work.
Bringing it back to the original point of locking down storage and the reality of hardware, there are 2 things which account for the vast majority of cascading hardware failures (i.e. not just a single component dying/taking out it's own interface), and that's a motherboard failure or a power supply failure. However, most of the time in modern hardware, they are usually contained with modern safeguards.
But now, the actual reality of Apples current design is that if anything happens to your CPU, logic board, RAM, or other components, all of your data is gone.
Fwish.
The port that Apple used to have on their logic boards that would allow for retrieval of data by Genius bar employees is also gone and I have not heard of any backup or other solution available to retrieve data once a Mac can no longer boot.
And from what I understand, it's not exactly cheap to fix these problems. Especially with all of the internally soldered components and the T2 chip preventing any kind of boot up without a proprietary bit of software that Apple hasn't even given their authorized service providers if any components are replaced, even with Apple approved parts.
There isn't an analogous situation for this kind of lockdown by any other company, but rest assured if these locked down consumer products sell well it will be the green light for other companies to follow suit.
You can have all the security in the world with removable media and other components. Hardwiring everything then locking it down with the T2 is just anti-repair and anti-consumer.
Is this something that isn't FileVault?
Because accordingto their documentation not only can you turn it off entirely, it doesn't appear to be on by default and you are given manual recovery keys when you turn it on.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
"Thanks to the new SSD controller, the T2 automatically encrypts your drive regardless of whether you have FileVault on or not"
Ah ok yeah it looks like the T2 runs its own layer of encryption that is always on and the only keys are hardware based. You can FileVault on top of that. So if you had both and Mac was busted, the Apple store could extract the data (assuming the relevant parts of the logic board weren't fried) and then you'd need to use the FileVault key on the data they extracted to get it back to plaintext. If the Mac is well and truly hardware fucked then there's nothing you can do to get that data.
Yeah I will say that is consumer unfriendly. There's no reason to have forced encryption built only on unextractable keys in the hardware, expect to further lock down their already very locked down platform.
The encryption is useful for the end user but it could just use the FileVault system where you can get the key and like, have you turn it on as part of setup ("hey we're encrypting the drive for your protection, the keys are tied to your Apple account which you already entered, press OK to continue or click advanced to do skip encryption/get a numeric key")
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
https://www.google.com/amp/s/9to5mac.com/2018/09/20/apple-t2-data-recovery-transfer-imac-pro-macbook/amp/
It looks like you can still pull it, just not directly. So enough of the computer needs to be working to keep the T2 chip happy and thinking it's still all the same hardware. And presumedly it being mediated by T2 means Apple can keep that diagnostic software locked down, so a home user/3rd party shop can't use it.
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
Oh yeah they won't give the T2 software out to even their certified 3rd party shops.
I'm also pretty sure that you can't simply back it up to external storage since it's encrypted. It really does look like the cheapest method is shelling out money to Apple to use iCloud, which to me feels kind of skeezy to force people on to a platform because you've locked them down so much involuntarily.
I mean I've got a whole other complaint about how this violates the hell out of basic security theory (confidentiality/integrity/availability) for nebulous reasons, but my biggest takeaway is that if you really require security this strict for the data you use, using generalized consumer products is probably your first mistake.
*Casually waves towards the US Govt using Dells with Windows as an example of said mistake*
As you have mentioned several times, backups are the appropriate compensating control for lack for availability.
But yeah, these are more restricted than the DoD requires by a whole bunch and it is kinda ridiculous.
We'll see, here's one reason why the DoD doesn't use biometrics on their stuff:
If the key to unlocking a computer is your face, then someone hell bent on getting what's in it will also just take your face.
It's grim but it's a big reason they use CAC cards and not fingerprint scanners or face recognition on most standard issue stuff.
You can still back up to external storage. The disk being encrypted isn't magic, the OS layer still needs to see plaintext. Once you're all booted then Time Machine or any backup software of your choosing or just rsync will do the job just fine.
https://support.apple.com/en-us/HT208344
fuck up once and you break your thumb / if you're happy at all then you're god damn dumb
that's right we're on a fucked up cruise / God is dead but at least we have booze
bad things happen, no one knows why / the sun burns out and everyone dies
I once tried to check my work email while on vacation. I was in a city with an office, but despite being on a borrowed corp-managed laptop on a corp wifi network I couldn't log in because I was missing a hardware token attached to my account
That level of security is fine for a corporation. Losing everything by default if the hardware dies is not a great move. Completely disabling access to internal hardware if not running an approved OS is also not a great move
Sure, you can technically disable secure boot, but you still have no access to the internal SSD and only allowing external booting for non-blessed os installs is pretty anti-consumer. There is never any way to access internal storage unless you are apple or win10 via bootcamp, the t2 simply pretends it doesn't exist
Or at least it will attempt to do so.
Not sure how much assistance Apple and all will provide in actually doing this, but at least our secret courts can ask.
It’s slightly trickier to install linux because macs are not bog-standard PCs and you have to contend with an EFI boot, but there are prepackaged ISOs out there if you want to install Ubuntu into the internal SSD.
Let's play Mario Kart or something...
It's not having to deal with EFI, it's secure boot certificates. You can change boot camp settings to allow the microsoft certificate used for windows but not the microsoft certificate used by shim. So you have to completely disable secure boot.