At the new product launch conference held in late October, Apple’s T2 security chip was equipped with new hardware including the Mac Mini. As a Secure Enclave coprocessor, it provides essential security for APFS encrypted disks, secure boot, and Touch ID on the Mac side. However, according to Apple’s official technical documentation [ PDF ], the T2 security chip does not support Linux.
In the document Apple explained:
By default, Mac computers supporting secure boot only trust content signed by Apple. However, in order to improve the security of Boot Camp installations, support for secure booting Windows is also provided. The UEFI firmware
includes a copy of the Microsoft Windows Production CA 2011 certificate used to authenticate Microsoft ootloaders.
NOTE: There is currently no trust provided for the the Microsoft Corporation UEFI CA 2011, which would allow verification of code signed by Microsoft partners. This UEFI CA is commonly used to verify the authenticity of
bootloaders for other operating systems such as Linux variants.
With the Microsoft Windows Production CA 2011 certificate, these devices equipped with the Apple T2 security chip can install Microsoft Windows systems, but cannot install Linux distributions such as Linux Mint or Ubuntu.