The T2 coprocessor that Apple equips with iMac Pro, as well as all the new Mac Mini, MacBook Pro and MacBook Air, at the hardware level, blocks the installation of Linux and other operating systems outside of MacOS and Windows 10.
Thus, according to the manufacturer, it is possible to provide the most effective protection of user data from the computer's memory without compromising the risk of leakage or unauthorized reading by third parties.
The T2 chip provides a secure Mac boot, checking each boot step with encrypted keys signed by Apple. This eliminates the possibility of infiltrating illegal software onto a device that Linux distributions have been taking into account for some time.
Even Windows startup on T2 machines will be blocked by default until you manually enable the Boot Camp Assistant.
"This action will install the Windows Production CA 2011 certificate that is used to authenticate Windows boot programs, but does not install the certificate UEFIused to sign Linix distributions, experts from Phoronix explained. "This means that until Apple decides to add this certificate or the T2 chip is not hacked, running Linux on the latest Apple hardware will still be impossible."
It is worth noting that improving the situation and allowing the installation of a Linux system on new Macs does not even allow the Safe Run tool to be completely disabled.
The T2 chip still blocks the installation of other operating systems, except for macOS and Windows 10, which is strange because the description of Secure Boot security settings clearly states that its deactivation will lead to full freedom of downloading without any restrictions.