@paoloredaelli GNU/Darwin might be possible actually if you reuse their signed kernel. i just got mine yesterday and haven't tampered with the OS yet, but bputil's manpage suggests you can disable the signed system volume verification.
you're late to the "referencing the right to read" party.
https://sneak.berlin/20201112/your-computer-isnt-yours/
signed kernel and signed binaries means that malware that gains root can't overwrite them. this is largely a good thing, and great for platform security. the question is as always: who owns the keys?
@sneak I agree. It would be a good thing to be able to get keys to sign my own binaries and kernels. Is it possible with Apple? My last hw from Apple is an iBook-Se G3 clamshell (I know, it's Jurassic)
no but you can use bputil to disable the signature checks on the readonly root partition (but only if you're not using disk encryption). replacing the kernel is not possible at this time afaik but also there's no real reason you'd need to do that. all of the objectionable apple stuff is in userspace.
@sneak signed kernel and signed binaries always scares me and reminds of the distopian tale "The right to read" 😥 we're already there