Asahi Linux

From a security perspective, these machines may possibly qualify as the most secure general purpose computers available to the public which support third-party OSes, in terms of resistance to attack by non-owners.

Overview

Asahi Linux1 is a project that is using "clean-room" reverse engineering2 to port Linux to the Apple Silcone ARM platform. They upstream all of their work and improvements into the mainline Linux kernel and respective projects3, having contributed significant improvements to power management and sound processing on Linux (among many other contributions).

Hardware platform

The Apple Silicone hardware platform is extremely well-designed, as has been documented by the Asahi Linux folks.

[Apple Silicone] machines use a large number of auxiliary firmware blobs, each dedicated to a specific purpose and running on a separate CPU core. This is better than having a smaller number of kitchen sink blobs (like Intel ME), since each blob can only affect a particular subsystem (e.g. display, storage, camera), which makes it harder for multiple blobs to collude in order to compromise the user in a meaningful way. For example, the blob running inside the keyboard controller has no mechanism to communicate with the blob running on the WiFi card, and thus cannot implement a keylogger surreptitiously; the blob running on the display controller similarly has no way to communicate with the network, and thus can't implement a secret screen scraper.

The Asahi Wiki has tons4 of interesting technical information and is well worth a read.

References