back to article Asahi Linux progress: Apple Silicon OS works – though it's 'rough around the edges' and has no GUI acceleration

Developer Hector Martin has reported on progress with Asahi Linux, a port for Apple Silicon Macs, and said that the OS now works but with some limitations, notably a lack of accelerated graphics. In his August progress report, Martin talks further about the challenges of porting Linux to a platform that was created by Apple …

  1. elsergiovolador Silver badge

    Warantless

    The question is whether the M1 CPU would still scan personal data regardless of what operating system is running. Now that there is no documentation available, this platform can't be trusted with anything.

    Even if you run Linux on it, your data can still be compromised.

    1. Anonymous Coward
      Anonymous Coward

      Re: Warantless

      Doesn’t that apply to any cpu in the last 10 or so years?

      1. elsergiovolador Silver badge

        Re: Warantless

        The Intel or other companies didn't publicly express intent for warrantless data sweeps. Intel and AMD cpus may be capable of such performing such tasks, however those companies don't have a control on the entire ecosystem, whereas Apple controls hardware and software, so they can do that easily.

    2. Anonymous Coward
      Anonymous Coward

      Re: Warantless

      Given the level that a CPU operates at, would it even have any context for the data that's going through it? How could it differentiate one lot of bytes as being some mundane calculation versus another lot of bytes containing personal data?

      1. elsergiovolador Silver badge

        Re: Warantless

        The content format detection is not a rocket science and the streams can certainly be probed for keywords and things like accessed image data can be extracted from data streams. Take into account that M1 has direct access to the large amount of memory, so once a certain header is identified, it can then be buffered, queued and processed through nnhash without the main operating system knowledge.

        1. Anonymous Coward
          Anonymous Coward

          Re: Warantless

          Could the same be said for any component within a computer that handles data? Should I be concerned that my network card, disk drive or memory units contain some gizmo for capturing/analysing data and sending it to someone I don't want to see it?

          1. elsergiovolador Silver badge

            Re: Warantless

            It's possible but impractical. These external devices likely process already encrypted data and do not have enough metadata nor processing power to conduct such surveillance.

            Embedding this in M1 processor is a perfect opportunity for that, because you cannot replace the CPU nor memory nor the drive and it will have all metadata to be able to select what needs to be inspected, stored and then processed. M1 has all what's needed for such processing.

            For example if you wanted to create such system on a memory module, you would essentially have to add a computer on already cramped board and you wouldn't have the same access to I/O as the CPU etc. plus if you seen a memory module, something like this would immediately look dodgy and you could just replace the module.

    3. gnasher729 Silver badge

      Re: Warantless

      How much do you know about operating systems, CPU, software development? And which CPU scans what personal data? Your post seems to come straight from the anti-vaxxer universe.

      1. Anonymous Coward
        Anonymous Coward

        Re: Warantless

        I was just about to ask if it could be miniaturized (or chopped into really tiny pieces) and injected.

        /s ... or is it?

      2. elsergiovolador Silver badge

        Re: Warantless

        The most basic version could work like this on a CPU level:

        The supervisor program could run off a non maskable interrupt:

        - Am I running macOS? If not, continue

        - Setup a non maskable periodical memory scanning interrupt

        Mind you that the entire hardware stack is controlled by Apple, so they can embed the ML model on the integrated SSD and the running operating system wouldn't be able to modify it without special privileges.

        - Scanning interrupt triggers

        - Is there any idle core available? If yes, continue

        - Scan the memory, en-queue pointers to any detected JPEG signature or copy it to a location

        - Load the ML model from a known location if it is not already loaded

        - Use integrated Neural Engine to perform neural hash analysis.

        - If any hash match found, store it in a buffer

        - Is there any hash in a buffer? If not, return

        - Is there enough hashes to meet the threshold? If yes, continue

        Here given that again Apple has control over entire hardware stack, they can easily initiate a network connection and send the hashes for review. This will only be few bytes or kB.

        The entire process can run separately from the running operating system and be extremely difficult to detect and AI is hardware accelerated so user wouldn't notice any slow down.

        There are reports that this NeuralHash Apple has already hidden in iOS 14.

        1. doublelayer Silver badge

          Re: Warantless

          Yeah, you've just discovered what a rootkit is. Apple could write a rootkit. So could anyone else. There could be one on your computer right now. The manufacturer could have hidden it on a firmware chip or the processor manufacturer could have it in microcode. Better smash it up to be on the safe side.

    4. Anonymous Coward
      Anonymous Coward

      Re: Warantless

      Did you hit your head this morning or something? Feeling okay? I wonder if you feel the same way about Qualcomm snapdragon, Samsung, and every other chip designer out there.

      They're out to get you, you know....

      1. elsergiovolador Silver badge

        Re: Warantless

        And why are you gaslighting? Did Qualcomm or Samsung declare that they will be treating their customers as potential suspects and start scanning their personal data and reporting them to authorities?

        Watch you they gonna get you...

    5. Glen Turner 666

      Re: Warantless

      Apple have been upfront about the way they scan user's phone content, and that's not a backdoored CPU.

      If you disbelieve Apple's description, then if anyone is going to find unexplained mailboxes to secret off-board processors or to find missing CPU cycles, then it's this very project.

      Documentation of CPU functions doesn't help solve your concern -- Apple can simply not document the CPU functions which concern you. What you want is forward- and reverse-traceability from requirement to implementation. So you can prove that there's not a single gate in the CPU silicon which can't be traced back to a requirement. This is expensive and isn't offered outside of cryptographic processors.

      The difficulty in providing a design is trustworthy is so hard that it's unlikely that any commodity CPU would meet this level of trust. It's just too easy for chip fabrication tooling to add covert CPU gates or chip initialisation code to your design. Similarly in verifying that the semiconductor fabrication mask doesn't have covertly-added etching. Bunny Huang goes through this in some detail in his effort to build a trustworthy laptop.

      1. elsergiovolador Silver badge

        Re: Warantless

        Apple have been upfront about the way they scan user's phone content, and that's not a backdoored CPU.

        Except they have not been upfront. Today it emerged they have already shipped the neuralhash code in the iOS 14.3.

        Your other points are valid, however, Apple is acting dishonestly and expressed an intent and they have serious capability to make it happen. All these factors give grounds to be concerned and treat the platform as no longer secure.

        1. Gordon 10 Silver badge

          So this is going well.

          Good to see that the old saw about arguing with an idiot is still true.

          Once you control the hardware you control everything. No additional software is necessary.

          1. sabroni Silver badge

            Re: Good to see that the old saw about arguing with an idiot is still true.

            Yeah, if all those rational rebuttals like "did you knock your head?" and "Smash up your computer" don't work then just take the piss some more, eh?

            1. Gordon 10 Silver badge

              Re: Good to see that the old saw about arguing with an idiot is still true.

              "Yeah, if all those rational rebuttals like "did you knock your head?" and "Smash up your computer" don't work then just take the piss some more, eh?"

              You're not a regular visitor to these parts are you? If you were you'd know taking the piss is why TheRegister exists and that includes the forums too.

  2. chivo243 Silver badge

    practical?

    no, probably not, Apple will stay one step ahead, what new feat will the M1x do or the M2? It will prove to be instructional in a lot of ways.

    1. Throatwarbler Mangrove Silver badge
      Paris Hilton

      Re: practical?

      Can't that be said of any architecture? Who knows ahead of time what new features will be added to an Intel or ARM CPU?

  3. bofh1961

    I can't see the point in it

    Is it being done just to prove that Linux runs on anything, anywhere?

    1. Throatwarbler Mangrove Silver badge
      Paris Hilton

      Re: I can't see the point in it

      Couldn't that originally have been said of Linux at all? Why bother running, much less developing for, this niche operating system with no vendor support?

      1. Binraider Silver badge

        Re: I can't see the point in it

        One suspects ARM cores for compute (non-Apple) may become rather more common than just in Phones and Tablets in coming years.

        X86 is reaching the limits of it's architecture, just like PPC did in the mid 2000's and 68K in the mid 90's. Sure, you can try and crank clock speed to extract extra power but the diminishing returns, appalling energy efficiency and short part lifetime are not conducive to results. Going "more parallel" is also reaching practical limits for desktop applications. Bulk number crunchy processes like video encoding or machine learning being the exception of course - the latter GPU's often better suited anyway.

        So, if you want more speed for less power over the coming years, ARM happens to be the way to go right now.

        Linux on M1 isn't just Linux on M1, it's also the foundation of linux on M1X and future Apple hardware too.

    2. DS999 Silver badge

      Re: I can't see the point in it

      If they can get it running well I'm sure there will be some people who buy M1 Macs to run Linux on. They're very fast and very quiet, and would make good Linux machines so long as you are willing to accept the negatives (relatively expensive, current models not expandable)

      1. JamesTGrant
        Linux

        Re: I can't see the point in it

        It sounds like very hard work. I wonder if it’s all done in ‘free time’ and then I think; ‘how does some one get THAT good unless it’s their job, and then presumably they’d be doing something that their paymasters wanted, rather than this which seems to be a passion project’. But then I think; ‘who’s paying for that dev effort?’ Makes no sense to me - but I’m all for it!! Maybe El Reg could interview these folk and find out what makes them tick?

      2. sabroni Silver badge

        Re: good Linux machines

        Not sure what you mean by "good linux machine", shouldn't a good one have an open architecture to go with the open software it runs? How good can linux be on a proprietary multi chip system like this?

        Surely it's better to work on hardware that has open specifications?

        1. Anonymous Coward
          Anonymous Coward

          Re: good Linux machines

          I don't think you have to have open everything for something to be good, although the definition of "good" will vary from person and use case to person and use case.

          Over in the corner I have what I consider to be a "good" Linux machine. It's basically a modest i7-based tower that used to run Windows, got a bit wobbly and found itself being rebuilt with Ubuntu. It's plenty capable of running productivity applications, email/web stuff and playing media into my TV. As a capable home PC, it is perfectly "good". I don't think my experience would be improved if hardware was replaced by something with open specifications.

      3. Dan 55 Silver badge

        Re: I can't see the point in it

        I wouldn't make any plans which depend on running Linux on an M1 Mac as Apple can just push an update which makes life more difficult than it is now or even impossible. If they wanted you to run Linux then things would be easier than they are now. Why not just support an ARM computer manufacturer who wants you as a customer?

    3. This post has been deleted by its author

  4. Anonymous Coward
    Anonymous Coward

    "unlike iOS devices, Apple does not intend to lock down what OS you can use on Macs."

    Maybe. But I bet somewhere on Tim Cook's desk is a Big Red Button that can change than in an instant. ( probably right beside the button that emails El Reg, and equally dusty and unused.) This is Apple - it's not that they won't, it's just that they haven't (yet).

    1. Dan 55 Silver badge

      "unlike iOS devices, Apple does not intend to lock down what OS you can use on Macs."

      They already did, the bootloader will only boot partitions which look like MacOS installations.

      In order for an OS to be bootable on Apple Silicon machines, it has to “look” like a real macOS installation. This means it has to be an APFS container with multiple volumes within it, containing specific directory structures and files. Until now, the simplest way of doing this was to actually install macOS a second time in a separate partition, and then replace its kernel with m1n1. This is, needless to say, a major pain in the ass, as the installation process is fairly slow. It also wastes around 70GB of disk space, which is how much you need for an upgradable macOS install. It also makes it difficult to install a specific macOS version, which is going to become a problem once we start requiring the usage of specific firmware bundles. This clearly won’t cut it for anything beyond early development.

      Source.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2021