I’d like to start a topic on ARM Macs and how they may work with existing as well as future eGPU products. Would love to hear everyone’s thoughts.
For the past 8 years, Apple has integrated Thunderbolt technology in all Macs except for the 12-in MacBook. There’s no chance they are abandoning Thunderbolt 3 Macs and accessories during this transition. We’ve learnt adding a TB3 AIB can allow non-supported AMD CPU systems to work with Thunderbolt devices. It’s a simple task for Apple to implement Thunderbolt 3 and eventually USB4 on the new ARM Mac lineup.
The biggest blow to this switch is Boot Camp mode for gaming. I don’t foresee Apple ever be able to earn the trust of game developers to make macOS gaming a viable option. Linux gaming will be our only hope going forward. I’d probably hang on to the 2020 13-in Ice Lake MacBook Pro so that I can keep using Boot Camp for the next 5 years. After 2025, all bets are off.
The switch to ARM on Macs enables Apple to make significant changes to the macOS preboot environment and enforce far more control over security. Notably, however, Apple claims that while these changes enhance security, hobbyists and security researchers can turn off most protections, similar to how we can today.
ARM Macs will incorporate a secure boot process similar to iOS and iPadOS. At maximum security, this implies signed macOS versions, with verification of the entire boot chain done early on. Additionally, the new system is designed for:
- Support for multiple macOS installs
- Support for multiple macOS versions
- macOS recovery flows
Meaning there is feature parity in terms of flexibility of macOS installations. But there’s more. Startup options will now be a dedicated UI instead of just keyboard shortcuts. This can be accessed by long-pressing the power button. Target Disk Mode has been replaced with Mac Sharing Mode. Security is fully configurable using
- Secure Boot
- Authenticated Root Volumes
- System Integrity Protection
Here’s a look at the user interface:
On Intel Macs, disabling SIP or ART will affect every installation of macOS. In a sense, those security policies are global for every Mac, rather than every install. With Apple Silicon, security policies will be applied per OS, meaning that one can have a fully secured (SIP/ART/SB enabled) install + unsecured volume to test and fiddle around with.
The login experience will be far better as well. Similar to iOS, ARM Macs can boot into the OS even with FileVault enabled, providing an accelerated UI for unified login with Accessibility support. Besides that, strides have been made in data protection in scenarios such as hibernation.
Recovery’s Recovery – If for some reason macOS Recovery is inaccessible, a separate System Recovery mechanism exists locally beyond the Internet Recovery system that runs a minimal version of macOS to reinstall macOS and macOS Recovery.
There are only two security modes on ARM Macs:
- Full security – like the iPhone
- Reduced security – support for unsigned macOS versions and notarized 3rd party kexts
Kernel Integrity Protection on ARM Macs will prevent any modifications of the kernel in memory – meaning EFI patching will likely not be possible. I am not sure if we can load unsigned kernel extensions from identified developers in reduced security mode.
Share this Post