Why are you even encrypting? What's the threat model it's protecting against? Clearly it's not "prevent me from reading your data" since you have access to the keys anyway.
Or you can just sign your Linux kernel from macOS recovery mode, which is what the Asahi Linux installer does already. No need for weird hacks.
You also don't have "kernel access" in macOS. After boot, the memory region corresponding to the macOS kernel is marked as read-only at the memory controller level.
That's exactly how LLMs are so effective: the text looks impressive to people who don't possess enough knowledge to make an accurate judgement. Meanwhile actual researchers with Apple experience found clear errors on a quick skim.
The large amount of rewriting being done within 5 minutes is another sign of LLM...
This quickly went from Brandolini's Law to Cunningham's Law. Learn how Apple's boot process works by explaining it wrong and waiting for people to correct you!
For example, it says quite unambiguously that the bootloader is encrypted directly with the GID key (loading the LLB ciphertext into the AES engine), but that's not how it works, the GID key is used to decrypt the LLB's KBAG into an AES key:IV pair and that is used to decrypt the LLB.
More:
> The behavior of the Boot ROM changes fundamentally based on the "Security Domain" fuse.
>
> Production (CPFM 01):
Security Domain (SDOM) is a different thing than CPFM. And production devices have CPFM 03.
> CHIP (Chip ID): Identifies the SoC model (e.g., 0x8101 for M1).
The M1 SoC is 0x8103.
Due to Brandolini's Law I will not continue to list everything else that is wrong here...
As said elsewhere in the thread:
> You’re saying that they should take the money people pay to buy Xboxes and put it in T-bills instead of delivering Xboxes?