You need a 2nd Mac with Apple Configurator and also a cable to recover a Mac with T2 chip. See Apple's support document for the iMac Pro.
(Please don't shoot the messenger)
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Looking Into Limited Reports of T2-Related Kernel Panics on New MacBook Pro and iMac Pro
- Thread starter MacRumors
- Start date
- Sort by reaction score
(Please don't shoot the messenger)
Please report this to Apple immediately through a senior advisor and even escalate it from there if you can. This is hugely unacceptable. Once more and more people start seeing this will be as big of a deal as the throttling issue was.
[doublepost=1532697756][/doublepost]
Im not trying to do any sort of recovery. I am trying to do a clean install after a total wipe of the HD. What you’re saying is absurd. I have a iMac Pro with the same T2 and can totally do a clean install. Just did one.
Now this requirement is ridiculous. Both because it should be pretty much impossible to get the T2 into a state that requires a restore if Apple wants to put it at the centre of their security functionality and because one shouldn’t have to have another Mac to restore your first one if something goes wrong. At the very least, recovery from a usb-based medium should be an option. This feels like Apple treating Macs like phones.
While not the same situation, for some reason, I hear echoes of Steve Jobs' email to staff back in 2008 regarding MobileMe. Just replace "MobileMe" with "MacBook Pro".
---------------
"The launch of MobileMe was not our finest hour. There are several things we could have done better:
And later...
---------------
"After gathering employees in the Apple auditorium, Jobs asked them, “Can anyone tell me what MobileMe is supposed to do?” When a few bold individuals began to answer him, Jobs snapped: “So why the f**k doesn’t it do that?”
He spent the next hour berating the group. He scolded them for tarnishing Apple’s reputation. And he told them they “should hate each other for having let each other down.”
He then fired the head of the team..."
---------------
Sounds like a Jobs style a$$ whooping is whats missing at Apple these days.
https://www.cultofmac.com/495868/today-in-apple-history-steve-jobs-acknowledges-mobileme-failure/
---------------
"The launch of MobileMe was not our finest hour. There are several things we could have done better:
- MobileMe was simply not up to Apple’s standards – it clearly needed more time and testing."
And later...
---------------
"After gathering employees in the Apple auditorium, Jobs asked them, “Can anyone tell me what MobileMe is supposed to do?” When a few bold individuals began to answer him, Jobs snapped: “So why the f**k doesn’t it do that?”
He spent the next hour berating the group. He scolded them for tarnishing Apple’s reputation. And he told them they “should hate each other for having let each other down.”
He then fired the head of the team..."
---------------
Sounds like a Jobs style a$$ whooping is whats missing at Apple these days.
https://www.cultofmac.com/495868/today-in-apple-history-steve-jobs-acknowledges-mobileme-failure/
After gathering employees in the Apple auditorium, Jobs asked them, “Can anyone tell me what MobileMe is supposed to do?” When a few bold individuals began to answer him, Jobs snapped: “So why the f**k doesn’t it do that?”
He spent the next hour berating the group. He scolded them for tarnishing Apple’s reputation. And he told them they “should hate each other for having let each other down.”
He then fired the head of the team..."
---------------
Sounds like a Jobs style a$$ whooping is what's missing at Apple these days.
https://www.cultofmac.com/495868/today-in-apple-history-steve-jobs-acknowledges-mobileme-failure/
Amen!!!
He spent the next hour berating the group. He scolded them for tarnishing Apple’s reputation. And he told them they “should hate each other for having let each other down.”
He then fired the head of the team..."
---------------
Sounds like a Jobs style a$$ whooping is what's missing at Apple these days.
https://www.cultofmac.com/495868/today-in-apple-history-steve-jobs-acknowledges-mobileme-failure/
Amen!!!
At least with Bitlocker on Windows I get a recovery key. Does the Apple version have any such thing?
It quite obvious that the T2 is the new DRM protection. At least half of the OSX users that I know uses hackintosh. Instead of building better and cheaper computers they put a new drm protection. Very clever and it will hit the hackentosh users in about 5 years. Solid plan!
Apples way of arrogance will bring them to the graveyard, they will never ever admit that they fked up, fixing bad hardware design via "software updates" GENIUS!
Because it sucks when you pay thousands of dollars for something that doesn't work like advertised.
I'm here because I am tied to the ecosystem. not because im tied to the new hardware that seems to keep breaking.
Which "Gimmick" are you speaking of? :
1. AES-256 Encryption with zero CPU intervention?
2. Effectively Always-On FileVault?
3. The inability to even desolder the SSD or T2 and move it to another Mac for an attacker to do extended Decryption-attempts on it?
4. Secure/Trusted Boot, which keeps Kernel-Level Malware from infiltrating your Mac undetected?
5. Touch ID?
6. Hey, Siri support (which, with HomeKit and being available, and the recent advances in Siri, is becoming much more useful).
I would say that none of those features could be correctly classified as "Gimmicks" (with the possible exception of #6, at least until "Siri Shortcuts" comes over from iOS 12 to Mojave.
Personally the inability to change out the SSD seems like a massive PITA....
On the same boat.
[doublepost=1532703940][/doublepost]So the clean OS is not possible on faulty T2 chips or any new macbook pro?
Especially for the bad guys/LEO...
You can certainly change-out the SSD, all you need is the appropriate SMT Rework Station, and some skill at surface-mount desoldering...
It appears that the SSD in a T2-equipped Mac is always encrypted by the T2, but that FileVault is used to determine whether or not a User Password is required to access the data, or if it is automatically decrypted.
I would suggest someone with a 2018 MacBook Pro (or really any Mac that "travels") to, in addition to having a TM Backup Drive at home, use a cloud-based Backup service for protection while on the road. For $5/month ($50/yr, $95/2 yrs) for UNLIMITED Storage (including the ability to Restore VERSIONS of Files for up to 30 days), BackBlaze has my vote. For as little as $3.95/mo, you are protected both with a redundant, OFFSITE backup while at home, and an always-on, always-available Backup while travelling.
And, that, my friend is MUCH better than being able to swap out an SSD card. Because swapping out an SSD Card DOESN'T BRING YOUR DATA BACK!!!
[doublepost=1532705782][/doublepost]
Really?
ONE YouTuber got Apple to look-into/FIX the Slowdown issue on the 2018 MBP in about 24 HOURS.
So, do you REALLY think they don't immediately investigate these issues?
[doublepost=1532705887][/doublepost]
I think if you visit some Dell, HP, Acer, Lenovo, et al, Forums, you might be surprised...
[doublepost=1532706099][/doublepost]
Sounds plausible.
Apple said that in every single case of iMac Pro KPs, that a fresh OS install permanently eliminated the Panics.
Based on the limited information available, T2 encryption is not the same as Filevault (or, more precisely, file-based encryption provided by APFS) - at least for now.
The T2 base encryption is transparent, uses a unique factory-set static key, and hence has no recovery key.
FileVault activates APFS encryption which functions at the filesystem layer (although it does appear that the T2 performs some key management functions here). In any case, FileVault provides a recovery key.
They have had the solution to this issue since OS X 10.5 (Leopard).
It's called Time Machine.
This seriously sucks man i was waiting for the mbp to upgrade the ram to 32 GB. Why can't they maintain the quality if the user pays big bucks. I will be leaving to asia for an year in two months time, so I need to buy a machine with good support. There are apple service providers where I am staying but don't know about dell. This sucks. Really was looking forward to buy the macbook pro. They were reliable before, but it seems not so much anymore.
Not quite. Always-on, transparent encryption. This is more useful for the iMac Pro where the SSD NAND is comprised of removable blades (which could move between machines). It's much less useful on a MBP with the SSD storage soldered on. In either case, FileVault should still be enabled as well.
Sorry to say, this is a pointless statement. If you have physical access to the hardware, there's no need to desolder and move it to run an attack.
The T2 secure boot functionality verifies the bootloader, not the kernel. It is more to protect against so-called "evil maid" type attacks.
And no way to recover data if the SSD chip/module or controller fails, REGARDLESS of encryption or "Replaceablility".
Solution: Time Machine, with a cloud-based backup service like BackBlaze ($5/mo for UNLIMITED storage) to provide a REDUNDANT, Always-Available (everywhere/everywhen) OFFSITE Backup in addition to your local TM Backups.
Anything else means you just don't care about your data, which is, of course, your choice... But don't pretend that being able to swap an SSD module is going to provide any more protection for your data than having up-to-date Backups. In fact, it is statistically far LESS likely.
[doublepost=1532708195][/doublepost]
On #1, I stand partially corrected; you're right, it IS "always-on encryption, not always-on FileVault. But with a T2 chip on the iMac Pro, being able to swap the "blades" STILL doesn't get you access to your Data, because the T2 chip in that machine is keyed to the motherboard at mfg.-time, and without the ability to ALSO move the T2 to another iMac Pro, you STILL won't be able to access that data.
On #2, it totally depends on the individual situation.
On #3, I find no evidence to support your claim that Secure Boot "only verifies the bootloader" (which is the Utility you see if you hold down "Option" during Startup, that allows you to Boot from multiple OSes). In fact, it seems to thoroughly check the OS from top to bottom (probably not including Applications, though).
This Article specifically states that the Kernel IS checked (which makes sense; since one of the main reasons behind Secure Boot was to prevent Kernel-Level (RootKit)-type Exploits. But it also can stop "Evil Maid" attacks, by disallowing booting from random USB sticks, etc.
https://appleinsider.com/articles/1...o-handle-secure-boot-password-encryption-more
Hope this helps...
I don't think anyone was arguing the value of backups. I assume from your post that your backups are always complete, and everything is backed up on-the-fly, up-to-the-minute as you're working? If not, being able to recover data from a non-failed, but soldered-on, SSD seems like a good idea - and functionality that seems to have been removed in the 2018 models.
[doublepost=1532708503][/doublepost]
Which is precisely why I said it is more useful on an iMac Pro.
Well, I did link to the article. To quote from the article itself: "Once the Mac is rebooted, the signature on the boot.efi specified in NVRAM on the PreBoot partition is verified."
Then you are old enough to remember the days BEFORE Kernel Exploits and Government Rootkits. Ya know, the things that started making always-on Encryption of local storage and Trusted Boot procedures an actual necessity.
Very few things become simpler over time. OS design in particular.
[doublepost=1532709854][/doublepost]
To sow FUD.
See, e.g., recent Samsung ads.
[doublepost=1532710023][/doublepost]
In ALL of the iMac Pro KPs, Apple has noted that the issue was permanently resolved by reinstalling macOS.
Just sayin'...
[doublepost=1532710215][/doublepost]
If you owned a PowerMac 6500, then you KNOW about Crashes...