O T2 chipwhich equips the iMac Pro and the Mini macs, MacBooks Pro and Air more recently, has had its security features widely publicized and boasted by Apple at every possible opportunity we ourselves have talked about several of them here in the . All this protection, however, also has its disadvantages.
As reported in this document (PDF) detailing the security features of T2 (which we have already mentioned in this post), users who want to install distributions of Linux as a secondary system on your chip-equipped Macs will have difficulty doing so, as will those who need to install versions of Windows before 10.
This is because T2, coupled with the safe boot feature of macOS, does not support the certificates required to boot these systems or, in other words, the system cannot rely on the veracity and integrity of the operating systems at boot time. therefore blocks them before activating them.
More specifically, macOS supports the Microsoft Windows Production CA 2011 certificate, which authenticates bootloaders from Windows 10 so it remains perfectly supported in Boot Camp. There is another certificate, called Microsoft Corporation UEFI CA 2011, that authenticates the bootloaders from older versions of Windows and other systems such as Linux; this, apple does not support on macOS.
Does this mean then that it would be impossible to install any system other than Windows 10 on your T2 chip Mac? No, but such a process involves a configuration change that can put your machine at risk: you must completely disable the macOS secure boot feature, which can open the door for malware on the secondary systems you use.
To disable safe boot of macOS, you must restart your machine and press the R keys during boot, releasing them when the Apple logo appears on the screen. Under "Utilities," click the "Startup Security Utility" option. Select your administrator account, enter your password, and finally, in the "Secure Boot" field, select the "No Security" option.
But just take your own risk, of course!