Apple T2 security chip The invisible gatekeeper between startup disk and data leaking

The T series chip is a small square hardware chip soldered on Apple computer’s motherboard and Apple has released T1 chip (2016) and T2 security chip (2017) so far. As its name suggests, the T2 chip is a security chip that better secures your personal data from being hacked by cybercriminals or accessed by any non-authorized people. 

Apple has equipped the T2 chip on its newer Mac such as MacBook Pro/Air introduced in 2018 and later, Mac mini introduced in 2018 and Mac Pro introduced in 2019. You can also find the T2 chip on iMac Pro machines but, strangely, iMac computers don’t have a T2 chip yet.

Current Mac computers have already had FileVault, a built-in full disk encryption tool, to encrypt startup disk and protect data on SSD from unwanted touch. Research has shown that the XTS-AES-128 encryption with 256-bit key the FileVault uses is nearly impossible for hackers to unlock the disk. However, users have to turn on the FileVault manually and create an administrator password for it before it starts to protect your files. If it is not enabled, your data on SSD is exposed to potential hackings, especially when the operating system somehow comprises. 

In addition, the cybercrimes such as comfecting and eavesdropping are not well protected by FileVault. The demand for better security on built-in camera and microphone is increasing. 

Since FileVault is not sufficient in security, Apple upgraded the T1 chip to T2 security chip to add more security capabilities. 

  • Secure Boot. The T2 chip only allows Mac to boot through Apple-trusted hardware. That is to say, booting from an external drive as before is strictly limited on Mac. Even though you can disable this option, the T2 chip will check the booting process and stop it whenever it finds abnormal intervention. 
  • hardware encryption. Unlike FileVault software encryption, the encryption on T2-equipped Mac happens within the SSD. Each T2 chip generates a random serial key to encrypt and decrypt data, which leaves the data non-decryptable even when the SSD is removed and connected to another computer as an external drive. Moreover, the data is encrypted and decrypted separately by the T2 chip instead of the main processor, so it doesn’t share the resources with other tasks and won’t affect the read and write performance of Mac’s SSD. 
  • Real-time encryption. On a T2-secured Mac, data is encrypted the same time when you store it to the storage and decrypted the same time when you access it. It requires no manual setup and no password to be remembered. It guarantees that all data is always unreadable to prying eyes whenever the SSD is removed or scanned. 
  • Abandon HD camera and microphone when lid is closed. Both T1 and T2 chip will encrypt Touch ID and Siri voice, but it is not enough if you need to use webcam to do online studying, working or virtual socializing. As the new designed audio controller and image signal controller, the T2 chip will hardware disconnect the built-in HD camera and microphone when MacBook goes to sleep after the lid is closed. It physically cuts off the hardware through which the hackers can sneak into your computer. 

However, T2 chip is not all about good news. It brings headaches to third-party repairers, refurbishers, and data recovery software developers. The new security chip makes it extremely difficult for repair workshops to repair or replace some faulty components without the help of an official Apple diagnostic tool. In addition, erasing all data is a must before reselling but the T2-secured Mac won’t let recyclers do it if a former owner didn’t factory reset the computer with his administrator password. As for data recovery, Mac’s SSD is actually an encrypted drive but a lot of Mac data recovery software don’t have the ability to scan encrypted Mac’s SSD and restore deleted or lost data from it. iBoysoft Data Recovery for Mac is one of few data recovery programs that can restore information from T2-encrypted Mac machines.

Avatar
About the Author

Everything Apple, every day. This post was written by an AppleMagazine newsroom writer.