Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Looking Into Limited Reports of T2-Related Kernel Panics on New MacBook Pro and iMac Pro
- Thread starter MacRumors
- Start date
- Sort by reaction score
I guess then the problem affects only few devices ( I hope). Let's wait and see.
I have just noticed one thing happening on my end which seems to repeat its self. I would be typing something on a page or say email and then all of the sudden that part I am typing on would just close and vanish. Has happened quite a few times where it just closed by its self. Say I had Gmail open went to compose then another part opened up to allow me to write email. As I would be typing it would just close and vanish. I noticed this happening with parts that would open up another mini link. Another example would be on a forum if you were to write a post or reply where another mini page like would pop open. That part would close and vanish as you are typing. Does not always happen but has happened quite a few times since I got my MacBook Pro.
Reasons like what? It makes the Mac significantly more secure, handles FileVault encryptions (I think) so the main CPU isn't taxed by that anymore, controls access to hardware components (remember the exploit that allowed people to remotely access the iSight camera without the light lighting up?), allows for biometric authentication, Hey Siri and most likely frees up a little bit of internal space to use for other stuff (larger batteries?).
Outside of this issue (which seems like something that can be fixed software-wise), they seem like a step-up in every way.
Late to this thread.
I had about a 40min panic (in my thoughts) when I updated my brand new 2018 MBP 13" last week, just days after receiving it. The screen was blank yet the TouchBar was on, showing the default keys (the one with Siri), short bar not fully iconized. I figured just wait it out for another 2hrs then come back. Well the update was successful and my machine is flying
Still I was VERY nervous.
my thoughts as well.
Many here forget the days of the G3/G4 and G5 in which the CPU resided on a 'daughter card' which Apple implemented for OSX security to limit hackintoshing. After the switch to Intel inside .. things changed, and thus Apple is catching up to the industry with T2 chip.
We're getting huge performance gains and the warranty from Apple to take ownership of that performance and reliability, vs running to the online or local store and manufacturer of a 3rd party component for the PCIe NVME SSD. When components begin to fail on your MBP ... Apple is responsible vs every other component manufacturer of your personalized Win PC; recall the days where drivers was a big issue and manufacturers pointed fingers at one another? Still happens in the PC world, especially with the full 'build your own gaming computer' yet not as often.
I had about a 40min panic (in my thoughts) when I updated my brand new 2018 MBP 13" last week, just days after receiving it. The screen was blank yet the TouchBar was on, showing the default keys (the one with Siri), short bar not fully iconized. I figured just wait it out for another 2hrs then come back. Well the update was successful and my machine is flying
Still I was VERY nervous. my thoughts as well.
Many here forget the days of the G3/G4 and G5 in which the CPU resided on a 'daughter card' which Apple implemented for OSX security to limit hackintoshing. After the switch to Intel inside .. things changed, and thus Apple is catching up to the industry with T2 chip.
We're getting huge performance gains and the warranty from Apple to take ownership of that performance and reliability, vs running to the online or local store and manufacturer of a 3rd party component for the PCIe NVME SSD. When components begin to fail on your MBP ... Apple is responsible vs every other component manufacturer of your personalized Win PC; recall the days where drivers was a big issue and manufacturers pointed fingers at one another? Still happens in the PC world, especially with the full 'build your own gaming computer' yet not as often.
...Until you want to revert to an older operating system and you realize that Apple took that feature away with a firmware update that they silently slipped in with that newer OS. Or until you want to recover data from your MacBook Pro only to realize that the T2 necessitated the removal of the data recovery port (in the case of the MacBook Pros) or until you want to do anything with either the SSD or the slots they plug into (in the case of the iMac Pro). My MacBook Pro was never so taxed by FileVault encryptions that I felt the need to offload that to a separate chip. Incidentally anyone looking at my iSight camera is only going to see my ugly mug looking vaguely pissed off and nothing else at all exciting. Biometric login is nice and it's great that I can do it on other platforms without having to sacrifice my freedom to manage my own storage devices, but the fact that Apple doesn't let me have my cake and eat it too here is asinine. Also, I'm not that paranoid. Certainly not so much that I feel the need to surrender what control I have ON MY OWN MACHINE for the privilege.
Nah, they will release a new MBP next year and it will be quieter, problem solved.
You raise some good points, thank you.
I think it comes down a lot to how one prioritizes these setbacks compared to the advantages of the T2 chip. I've never really wanted to deliberately install an older system on a Mac than it came with (Sierra or lower in case of the new MBP); I can see why for example a developer might want to do it (though then again there's virtualization software if it's just about testing compatibility), but I'd wager a large part of the user base has zero interest in ever installing Sierra or something older on their new MBP when Mojave is already knocking on the door.
The data recovery port could certainly be useful, but it's not something that affects your everyday usage and anyone who creates backups on a regular basis (or uses iCloud, OneDrive etc. to sync all his important data) is probably not bothered by it at all.
Touch ID on the other hand is immensely useful and something I sorely miss when I'm on my iMac. The increased security of your machine is also something that is of value all the time. I still encounter people who put tape over their laptop webcam, so knowing that unwanted/unnoticeable access to the iSight cam is much more unlikely to happen with the new MBPs is a great thing. Similarly, while the pure performance impact of using FileVault might not have been very noticeable before (I think I once read about 3% slower disc speeds, though that was a while ago so it might have been changed since), many people were leaving it deactivated because they "are never gonna need it" and were deterred by even the slightest outlook of a slower computer. The fact that this slowdown is now gone entirely might push many people over the edge to using it since there's now no good reason not to anymore.
I'm not talking about running an OS lower than the one the machine came with. I'm talking about a scenario wherein you upgrade to a new OS - let's say, as a hypothetical, Mojave - and find that, even by the time Apple has patched it to the .4 release, it still has some issues that, until resolved, are show-stopping deal-breakers. This sadly is not an uncommon scenario and it happens every time Apple releases a new OS (and with the frequency of their macOS release cycle having increased to an annual rate, the bugs that surface become more blaring and intolerable). With a pre-T2 Mac (I'm not 100% sure that the T1-based TouchBar MacBook Pros from 2016 and 2017 fully apply as the TouchBar does run a separate OS that I don't think can be downgraded), you can, at the worst, erase your startup volume and reinstall the version of macOS you had before or any version of the OS down to the system-specific build of whatever version that Mac was introduced with.
So, back to that hypothetical, if I upgrade a non-T2 Mac to Mojave, and find that it has serious issues, I can revert it back to High Sierra or (if it's old enough) Sierra and wait until Apple either fixes the issues or until 10.15 comes out and is better. On a T2 Mac, by default, this is not doable. You can change settings in Internet Recovery that make it doable, but if Apple slips in a firmware update in Mojave or in 10.15 or later that disables that ability, then guess what? You no longer have the option of downgrading. For a consumer machine such as a 12" MacBook or a low-end 21.5" iMac, one might argue that this could be reasonable as consumers are less likely to have a major OS update make or break the usability they have with their Mac.
However, for a machine geared at professionals, this is not acceptable, given the pace at which Apple is changing macOS. If their update cadence was closer to that of Microsoft's with Windows 10, maybe it'd be acceptable. But at the rate macOS keeps changing under the hood year-over-year, that's user-hostile to professionals.
The data recovery port made it so that, despite the SSD being integrated onto the main logic board, if an unrelated part of said main logic board went bad, replacement wouldn't mean that data would have to be lost; a user could supply a drive if they, for whatever reason, didn't have a Time Machine drive.
MacBook Pros are expensive; it's hard enough to convince my friends to buy AppleCare+ when their $3000 computer already emptied their bank accounts. Sounds silly and like it's lacking in priority, but some folks can't afford to get their ducks in a row at the time of purchase, so they don't and then forget and/or get lazy. Happens more than you'd think. I'm not saying that it's smart. And it's certainly not how I'd handle the purchase and operation of a 2016-2017 MacBook Pro with Touch Bar, but I'm sure it's very common. And nixing that port in the name of security (that most of those consumers probably don't care about anyway), ironically takes away a lifeline that they have for making sure they can at least offload their data if, say, their GPU fails (if it's a 15") or if their RAM fails.
First off, an Apple Watch removes the need for Touch ID as merely the presence of your wrist wearing it can perform the same function of TouchID without having to do anything. I'm not saying that TouchID on the Mac isn't awesome. But it's not awesome enough to sacrifice control of your boot drive. It's just not.
As for machine security, you'd be surprised how little that matters to the average user. Really, a UNIX back-pinning, a decent password, and the promise of Windows viruses and malware having zero effect is enough for most people. If the security of your information is paramount, FileVault 2 has been sufficient for most users since it came out with Mac OS X Lion (by the way, arguably the perfect example of a macOS release worth downgrading from). Though it sounds as though you might be the type that isn't easily put at ease by those things, in which case, perhaps you are okay with the sacrifice of freedom for perceived safety. And I won't knock that preference, but I will say that not everyone has it themselves and for those that don't, the T2 chip is not a fortunate thing.
I encounter those people too, all the time. If you tell them that there's a chip that prevents unauthorized access to their webcam, for some reason that'll only increase their fears that such a chip might be exploited by bad people. Or that Skynet will come alive. It's illogical, not wholly dissimilar to the logic of buying a $3000 2016 or 2017 MacBook Pro with TouchBar and not buying either AppleCare+ or a Time Machine drive for it, but people, tend to be silly that way. Nevermind the fact that unless there's a striptease or an orgy going on in the background, the most a webcam will capture is the user's face looking blankly at their screen. Nothing worth fretting about.
If you hand me a T2 equipped Mac, sure, I'll enable FileVault 2 on it because I might as well. The drive is already encrypted and adding FileVault 2 doesn't cost me anything; it just makes managing that encryption conveniently easier.
If you hand me literally any other Mac, I likely won't enable FileVault 2 because I don't have anything sensitive enough on my computer for any thief to want to go through the trouble of pulling my SSD and doing any kind of data dump of it. If I had social security numbers and passwords and other stuff, that'd be another story, but I don't and won't ever because that's the most secure way to handle that kind of data. Incidentally, if performance was REALLY an issue, there's a serious chance that it wouldn't be so drastic unless I was on the oldest possible supported Mac (and even then it probably wouldn't make enough of a difference to matter).
Very well, thank you for the comprehensive reply, you raise good arguments.
I'm not going to reply to every point you make, I agree with you on some aspects while on others I think it's more a level of priority and of how one individually weights the advantages and disadvantages of the T2 chip. Overall, I think the majority of people still perceive the inclusion of the T2 chip as progress and as an overwhelmingly good thing, but I see why you and certainly also others don't see it that way. It also seems likely that the T2 chip is just the first iterative of Apple's own A-series-derivative for the Mac and that we'll get more and more advanced custom-made chips by Apple in the future – meaning that the disadvantages of the T2 chip are most likely a one-time thing right now whereas we'll get even more features and advantages of the T2 chip (and its successors) in the coming years, strongly outweighing the few setbacks we have now.
I wish though that Apple had found a way to integrate the internal data-recovery port into the new MBPs, maybe by having it directly be connected to the T2 chip in some way so that, as long as the T2 chip, SSD and the other necessary components are intact, data recovery could still take place. A lot of what you said as a disadvantage of the T2 chip comes down to the lack of this port. But who knows, maybe Apple will find a way to integrate it in a future generation. Having the decryption of the T2 chip take place might not require the entire motherboard to be fully intact when data recovery is the only interest.
The only thing I strongly disagree with of what you said is that the Apple Watch replaces Touch ID, because that's not remotely the case. First of all, a vast part of the MacBook Pro user base doesn't have an Apple Watch. I see plenty of students with MBPs at my university, but I rarely see one with an Apple Watch, and I'm sure this is the case for many other demographics aswell. And, like you yourself said in one of your arguments – you can't reasonably expect anyone who just bought a 3000€ laptop to spend another 400+ € on an Apple Watch just for this unlock feature, just like you can't expect that everyone who just bought a 3000€ laptop will spend another 300€ or so on AppleCare or a backup drive when they see no immediate need to.
But even assuming that every MacBook Pro owner has an Apple Watch – even then, the watch's unlock-feature is in no way a replacement for Touch ID. the Unlock-via-Apple-Watch feature unlocks the Mac when you are wearing the watch, and it does that reasonably well. It doesn't unlock 1Password, iCloud Keychain or other password managers for you, it doesn't authorize the App Store or iTunes Store for you, it doesn't authorize Apple Pay on your Mac and it doesn't authorize Finder or any other app to make changes that require admin-privileges. For me, that's the meat of what I use Touch ID on my Mac for, not just for unlocking my Mac; I get a little annoyed every time I have to type in my 25-letter password into the 1Password window instead of just having to flick my finger. The Apple Watch does not replace that in any way.
But outside of that, as I said I agree with you on many points and agree-to-disagree on others where I think it comes down to how one prioritizes one feature over the lack of another.
"Most people" won't pay attention to the T2 chip at all. Let's at least be clear about that. As far as a public facing feature, it'll be a technological side element on their marketing pages that the vast majority of users (particularly those on the consumer side of things) MIGHT gloss over once and then ignore at best. More likely, they won't know what it means and not care.
The freedom to backtrack to an OS that works when Apple decides to break compatibility with a workflow that you depend on to make a living is unarguably valuable to professionals. If it's not something that's valuable to you then you either use software that weathers Apple's drastic OS changes well or the things you do on your computer are not all that mission critical. It's really that simple. To say that The T2 is an overwhelmingly good thing despite the sacrifice of that ability basically suggests that your priorities here are (at least) the vast majority of Mac users' priorities. And to clarify, I'm not saying that your priorities are wrong. I'm instead saying that they're nowhere near the only ones out there and that Apple going in that direction is not a unilaterally good thing by a long shot.
As for "Progress", that's more subjective. It is certainly progress in terms of Apple's MO of making the Mac more like iOS and the progressions that it has taken to go down that path.
I'm very much unsure of where you come to the conclusion that future T-series chips will only bring advantages and not drawbacks. That seems almost naively optimistic. I do agree that the T-series chips are VERY likely the first step towards ARM-based Macs and Apple SoCs for Macs. But the notion that the disadvantages that I bring up being temporary things doesn't seem plausible. I think they will stand and only get worse with further tradeoffs in the name of security. And certainly when and if Apple transitions to ARM, then, barring what one can do within macOS, it will be a much more prohibitive platform because of it.
For the T2 to be effective at its data encryption the way Apple intended, you cannot simply plug in your drive into another computer. That's the reason that port doesn't exist anymore. This is by design. This is the "progress" that you spoke of earlier.
Remember that we're talking about TouchID as a means of replacing the manual entry of one's password. Most people are used to doing this, so therefore most won't find having to do so a serious hindrance. Furthermore, your Mac prompts you for your password each and every time you perform an action that requires administrative privileges. This is a good thing. I'm not saying that EVERYONE HAS AN APPLE WATCH. I'm saying that the convenience of TouchID on the Mac is replaceable, albeit by spending more money (which, one could easily argue you'd have to do for the premium of a TouchID enabled Mac) and in such a way that you are not forfeiting any freedom of operating your own computer hardware. Something that can't be said about a T-series chip enabled MacBook Pro.
True, and not necessarily incompatible with what I have said. If you read through some reviews or even forum posts of people who have a new MacBook Pro in their hands or are considering one, the opinions are overwhelmingly either positive or at least indecisive. Not many people view it as a step back, it's mostly mentioned as either a positive or a "meh I don't care much but it's worth mentioning"-sort of thing like you said – but rarely as a downside. And of course you might hold against that that MacRumors posters aren't exactly representative of the average user, but that only reinforces my point since the people with a negative opinion about something are usually much more vocal on the internet about it than those who like it.
Point being, the public opinion of the T2 chip is actually not bad. It's mostly either perceived as a good thing or as a "nice-to-have". There's no doubt that for some people, there are good reasons to see it differently, but as far as public perception is concerned, it's not a huge downside for a large amount of people.
Don't have much to add here, pretty much agree with what you said. As you guessed I personally most likely won't need it and I presume the average user won't either, but I have no doubt that it can be a very valuable thing to certain professionals. Still, as you said in an earlier post – reverting back to an earlier OS is still possible on the new Macs, it's just disabled by default, and from my perception, we don't have any reason to believe that Apple will just randomly disable it completely in a software/firmware update, so I don't really see see it as a big issue right now. Those who actually need that functionality most likely won't have trouble figuring out how to access it, and for them it's a one-time change of a setting to get that functionality back. Can it be an inconvenience? Certainly. But I don't see how it warrants dropping the T2 chip as a whole or anything like that.
I'm actually a bit surprised you perceive it that way, but let me explain the way I see it. In my eyes, the best we can compare the T1/T2 chip series to is, well, any other custom-made chip series by Apple, first and foremost the A-series in the iPhones and iPads. Do the yearly chip improvements on the iOS-side of things come with any big disadvantages each year? No, they usually don't – making a chip faster, more energy-efficient and more specialized for certain tasks (like with the neural engine for Face ID) doesn't inherently take away from any functionality. Exceptions are times like the switch from 32-bit to 64-bit, but these are one-time things and they don't happen all that often. It's not like Apple has to drop 2 features for every time they crank up performance or shrink the chips down. Similarly to the A-chip series, I also can't see any advantages that the chip in the Apple Watch brought in its yearly updates, or the W1 chip in the headphones, and so on.
The main reason for why we have these drawbacks with the T2 chip right now is because Apple switched from third-party controllers for the motherboard and certain system functions towards their own custom-made chips that they have more control over. The SSD not having the recovery port is due to the T2 now being the SSD's controller (that is proprietary for its encryption), the T2 is now linked into the boot process which results into the disadvantage about not being able to revert back to older systems as easily but comes with the upside of making it much more difficult to get malicious code or modified OS'es into the boot process, and so on.
And for each such component in the MacBook Pro, that switch only needs to be done once. Once they have made this switch from non-custom to custom silicone as a controller for a certain hardware function, that switch doesn't need to be made again for that specific part. And since they made this switch for a lot of components this year, there's not that much left where they even can still make the switch in the future. Hence my perception that these drawbacks are mostly a one-time thing – they result from changes that only need to be made once (per component).
Of course there is still one much bigger change to come that might be accompanied with its own set of drawbacks – namely, the rumored switch from Intel to an Apple-made derivative of the A-series. But this is still a few years away and these chips most likely won't have the T-branding, so they are not so relevant in this context. But before this big switch (if it happens), I could very well imagine a T3 or T4 chip in the next year and the one after that, coming with some performance and efficiency improvements, maybe even being able to take over some more background tasks to free up the CPU/GPU or being able to do do some completely new things (neural engine for Face ID, for example?). And none of this would necessarily require any drawbacks in my eyes. But on the opposite, these switches from third-party to custom-made silicone might result in all kinds of advantages sometime down the road since Apple has more control on what they do with their chips in the future.
I suppose this is an agree-to-disagree topic. The unlock-via-Apple-Watch feature is a great thing, but as I pointed out above, it only really replaces one single instance in which you have to enter your password, namely when your Mac is locked and you want to unlock it. It doesn't replace any of the other instances where you have to type out one password or another when your Mac is not locked, and this is the meat of what me and presumably many other people use Touch ID on the Mac for, so I personally would not say that Touch ID on the Mac is replaceable by owning an Apple Watch.
When you say that we're only taking about Touch ID as a means of replacing manual password entry, you seem to imply that you mean manual password entry for unlocking the Mac, because in this context, you're pretty spot-on. But we also have to include all the other instances of entering a password that aren't just done to unlock a Mac when weighing Touch ID vs Apple Watch here. All of these are useful applications of Touch ID, not just getting access to your Mac, and I'm pretty sure biometric authentication on the Mac isn't going away anytime soon (though Touch ID might be replaced by Face ID eventually – or maybe we actually get both on a Mac but I'm not getting my hopes up for that).
By the way, contradictory to what you say Touch ID on the Mac does allow me to grant admin access (except for some specific things like System Preferences panels). If it won't work for you, it might be that it's either not activated for that, or maybe your user account the fingerprints are registered for doesn't have admin privileges.
Public opinion of the T2 chip is that it's there. I've read nothing in forums or articles or reviews that are positive or negative about it, save for the implications that I've outlined extensively in this thread already. The vast majority of people will ignore it until it inconveniences them (if it ever happens).
Apple would never drop it, so that's a moot discussion point. As for the ability to turn off the setting. That's great today. But there is literally nothing stopping Apple from later quietly disabling it in a future OS update. The problem is that they have that capability and users can't and won't prevent them from exercising it should they so choose to. I don't know about you, but it seems rather unpleasant to be at the mercy of the business I give money to. Typically, it's supposed to be the other way around.
The Mac is not an iOS device. Toward this end, one of the things that make the Mac historically more versatile than an iOS device is that if a component fails, you replace the component. Even with logic boards that don't have removable CPUs or GPUs or SMCs, a failure on one of those systems doesn't mean failure on all of them and a firmware patch can usually be issued that only affects the one component. The downside to more things being governed by the T2 is that more and more eggs are being piled into the same basket. If Apple's quality control was what it was in 2008 or even 2012, I'd say "cool!". However, with the issues already surrounding the 2018 MacBook Pros (the topic that this thread stems from being among one of them) and not to mention how terrible iOS 11 and macOS 10.13 High Sierra have been compared to past releases, my "cool!" is now MUCH more skeptical.
I've heard the Apple marketing pitch before. And I'll repeat again, all of the eggs are now being put into one basket. And if Apple's hardware and software quality control was what it was six or even ten years ago, that'd be fine. Today, it's substantially worse and so, that kind of unification, especially in light of the incidents that prompted THIS VERY THREAD, makes that kind of thing a tad worrisome.
Have you heard of System Integrity Protection (AKA S.I.P.)? First introduced in OS X 10.11 El Capitan. That accomplished the vast majority of the concerns you that you attribute the T2 chip to helping with. The amount of people that have their macOS compromised at such a core level is small. The only people that will be truly inconvenienced by Apple's SecureBoot implementation will be Hackintosh users and that will only happen once the minimum system requirements of a macOS version are a Mac with a T2 chip. Otherwise, the T2's security features are overkill for 95% of use cases.
Furthermore, I challenge you to find me a large number of cases of people taking 2016 and 2017 MacBook Pros with Touch Bar and attempting to desolder the SSD to get data off of the drive. Hell, just finding the right adapter to read the proprietary SSDs that they used on Retina MacBook Pros and MacBook Airs is a costly challenge.
That's a naïve assessment because it only assumes that changes to the freedom one has with the machine change because components are either added or removed to the SoC and it makes no accounting of the fact that the T-series processor RUNS ITS OWN OPERATING SYSTEM that YOU DON'T HAVE THE FREEDOM TO EVEN REPARTITION THE DRIVE IT LIVES ON. Also, the ability to replace or upgrade the RAM in your MacBook Pro was taken away from you several years before the first T-series enabled Mac ever hit the market.
I don't think you really have a solid grasp on what happens when Apple takes these previously separate components and integrates them into their co-processors beyond what the marketing pages suggest. There's a LOT more to it. Similarly, I think you underestimate the power that your current era 64-bit x86 processor is capable of doing. You do NOT need THAT much additional power for crap like "Hey Siri" and you don't need THAT much additional power for facial recognition (case in point, it has existed in Surface machines and various PC laptops for the last couple of years now without the need of offloading functions from the CPU to some other co-processor). You need engineers that aren't prioritizing design over function. It really is that simple. The T2 processor isn't about satisfying a great customer need. The element of "security" is designed as a marketing tactic to make you feel all the safer about the Mac being a really safe platform. And it has worked with you! The fact of the matter is that the Mac was and is plenty secure ALREADY well before you factor in the now-three shipping T2-equipped Mac models.
Really this boils down to a convenience. And no, I won't argue that TouchID isn't convenient in and of itself. The price to pay if you care about your computer's internals (specifically control over your internal boot drive and the freedom to either replace it or [in the specific case of the T2-equipped 2018 models] change what's stored on it), seems unreasonably steep. There are plenty of other computers out there with built-in government approved biometric alternatives to password entry that do not make such forfeits. And you can't argue that it isn't a steep price to pay unless you make the assertion that said freedoms don't matter. Feel more than free to make that assertion that this applies to you. Feel more than free to make the assertion that this applies to a sizable population of consumers who likely don't care how their computer works or what OS it is running. Hell, I'll probably make that one with you. But don't make the assertion that this is unilateral progress or that those priorities are that of everyone or even the vast majority of the professionals that the word "Pro" in "MacBook Pro" would apply to (at least for the target market audience that the 15" version [let alone the iMac Pro] caters to). Because doing so would be egregiously and borderline offensively wrong.[/QUOTE]
Last edited:
I wasn't trying to spark a discussion about how greatly the additional security of the T2 chip to the boot process is or isn't, I was just reiterating one feature as an example of how these perceived disadvantages come to be (and yes I know about SIP). But to break it down, you're saying that the the boot up sequence of the Mac (aswell as its SSDs) is already so secure that the additional security features Apple decided to put on top of that barely matters to anyone. That doesn't sound like such a bad thing to me.
If the failure rate of a plane engine is one in a million, then I'll feel very comfortable to board that plane, but that doesn't mean that I won't be happy about that failure rate improving to one in a billion, even if the end result is almost always the same for me either way. I get that the point you're making is that for a vast majority of people, the additional security won't affect their everyday life and is therefore negligible, but does that make it so wrong for Apple to try and push even further? Now I know your counterargument might be "well, but you do make some sacrifices for boarding that more secure plane" – well sure, but that's why we have the choice to go with whatever boot up security we like, and just turn off the additional T2 security features if we don't like them. We are not forced into that new, more secure plane, so to speak, we are given the choice which of the two planes we like to board and can change our choice at any time, whether or not we prefer to have that additional bit of safety and piece of mind.
That's a pretty pessimistic point of view, and I have a hard time imagining that it ever happens. Could they do it? Probably. But at the same time I see no compelling reason why they ever would. In fact, I took a look out of curiosity at the interface Apple provides that option with, namely the Startup Security Utility, a new app introduced just for Macs with the T2 chip, and one thing that makes me pretty sure that your fear won't materialize is that installing new OS software requires a network connection to make sure the respective OS is trusted by Apple, meaning that if all other options but the "full security" one were to go away, people without any internet connection (or a very unreliable one) would be unable to ever install a new OS or to restore their OS, which I can't ever see Apple do.
Messing up your OS installation if you don't have any access to your internet where you live would mean turning your Mac into an expensive paperweight if you don't have the ability to decrease the secure boot options, and that's something I just can't see happen. Maybe you live in a remote region where you don't have proper internet access, or you have issues with your internet provider, or your workplace only provides very restricted internet access, etc. There will always be places in which people just don't have an internet connection, and Apple isn't going to make Macs unusable/unrestorable in these situations.
Your point reminds me a bit about the initial launch of the Mac App Store where some people were worried that Apple would restrict the Mac platform to the App Store in the same way iOS was, to prevent users from running apps from outside the Mac App Store. Now we are almost 9 years later and we still have to see a conclusive hint that Apple plans to do this. There's Gatekeeper for some additional security for apps outside the App Store, sure, but you can just switch one setting and still use whatever app you like, whether trusted or not. Personally, I perceive the secure boot options in a similar light: Apple could theoretically disallow all other boot options, but is unlikely to ever do that. Right now, I perceive it as a strength of the T2 Macs that we have some additional choices on how secure we want our Mac to be, I don't perceive these choices as a downside. You argue that we don't really need that additional bit of security, but really, everyone who sees it the same can just flick off that setting, he can "board the other plane" if he prefers it.
By the way, the medium security setting in the Startup Security Utility seems like the best of both worlds to me right now. It does require the OS to be trusted by Apple which seems inherently like a good thing from a security point of view, but allows to install whatever older OS version you like (as long as it's compatible with your hardware). Probably gonna choose this setting on my 2018 MBP.
As it would be egregiously and borderline offensively wrong to claim that an Apple Watch can replace all the functions of Touch ID on the Mac?
I only kept reiterating my point about Touch ID because you kept pushing against it, I never claimed that everyone has to have the same priorities or view the inclusion of the T2 chip as unilateral progress. Maybe we misunderstood each other somewhere along the way, but your original statement was that (to quote you) "Apple Watch removes the need for Touch ID as merely the presence of your wrist wearing it can perform the same function of TouchID without having to do anything", which, while true for some people with certain use cases, is just objectively false when stated universally. It can't replace entering the 25-letter alphanumeric password for your password manager or be used to grant administrative privileges or to authorize your Apple ID in the App or iTunes Store and so on and on. I did not say that the payoff for having Touch ID is worth it to everyone, I just contested the point that they are equal in functionality. But I feel like we have discussed that point plentiful now.
Furthermore I'm aware that Intel's current CPUs aren't exactly incapable, but that Apple has a tendency to put certain software functions into specialized low-energy chips instead of using the big cannons for that was merely an observation, not something either of us have or have not to be content with. When/if we do get Face ID on the Mac for example (and I presume it's a matter of when, not of if), then I bet you it won't happen without some iteration of their Neural Engine finding it's way into the Mac. This was just another point where I simply stated one of Apple's tendencies and made the logical conclusion that they are continue doing that in the future. If you dislike that or think it's unnecessary, then by all means.
And while advertising the T2 chip as a security feature first and foremost like you said certainly served for a good justification for it on the marketing-side of things, I firmly believe that Apple's main reason for creating that chip was as a first experiment with more extensive custom-made silicone for the Mac, as preparation for the strongly rumored CPU-switch away from Intel (and I don't use "experiment" in a condescending tone here). Putting all that R&D into a new chip only to advertise a little additional bit of security that (from what you yourself said) most people will barely care about seems like a waste of resources; it's much more likely that this chip is part of a much bigger picture Apple's engineering team is working towards and the new security features, "Hey Siri" and stuff like that was just a nice side-effect that they found worth advertising.
About the rest of your response, well, I'll keep my answer short since I don't feel like the discussion can really go anywhere from here as a lot of it are either "agree-to-disagree" topics or "lean back and see what turns out right over the next years" kind-of things. If you like, call me overly optimistic or naive for believing that Apple's custom chip design for the Mac will be mostly beneficial to the user and without major trouble when Apple has proven with its mobile device family that they are pretty capable of that, for not giving in to the believe that the road for future Mac hardware will be filled with obstacles because of that when Apple's chip design on the iOS-side of things has gone splendidly for years.
I certainly agree that quality control issues along with putting all eggs in one basket, as you call it, might cause some issues, that's an excellent point – but I also don't think that it's a recipe for disaster when Apple's chip design and (to a lesser extend, but still mostly also) software has been excellent on many ends over the last years. Has Apple's quality control gone down a bit? Yeah, I'd probably agree with that, but it's still one of the better in the market and the Mac isn't affected any more of that than any of Apple's other products. I'm not saying that there will be no downsides to it at all, but I'd be very surprised if they outweigh whatever advancements Apple intends for the chips next. I remain cautiously optimistic about whatever Apple's chip R&D team has in store next. Feel free to disagree – as I said, I don't see us convincing each other on this topic, and we don't need to. That's fine.
I might however put a sort-of mental bookmark into this discussion. Might be interesting to revisit some of our discussion points when we inevitably see the T2-successor in the next 1-2 years and how many up- and downsides we'll actually get. (Though being honest, I'll probably forget it till then.)
Last edited:
It might be because they’re so big now that they’re struggling to keep the reliability strong on such a large scale and with a wider range of products. It is strange though. You definitely think it’s worse now than it used to be, or are people remembering the past with rose tinted glasses? As you say the fact that things are shared on the internet and platforms like YouTube is probably making it seem worse than it is. I wasn’t around in the old Apple days so I don’t know.
I definitely think iOS quality control went down from iOS 7 onwards so I wouldn’t be supprised hardware reliability has dropped a bit too. I think they’re still probably better than most other companies though.
its very easy to notice the old hardware quality, just see how many collectors still own working a decade or two old Macintosh computers.
That's not how you make a deal or a tradeoff. You don't take a minor nicety in exchange for a nasty inconvenience. I mean, you clearly will because it's a feature that has no significance to you. But I'm sure you can see how there are practical examples of how that might not apply to a sizable amount of users of the product(s) affected. Or at least, I hope you are someone capable of placing themselves in the case of a user that isn't yourself with needs and workflows that aren't your own to adjust your overall opinion of the product as simply having less of a UNIVERSAL appeal.
I really don't think you understand Apple's security models beyond its product marketing. I don't say that to be condescending, but I'm only seeing you reference T2 marketing and not anything pertinent to what practical improvements were made in the name of security aside from making it much harder for someone to take the SSD from a 2018 MacBook Pro, de-solder it, and recover data from it (an exercise that would be far less practical to most of the kinds of people that would want to steal a MacBook Pro to begin with).
Furthermore, again, you're talking about the envelope being pushed not much further in any practical terms in exchange for palpable inconvenience. If we're talking about the 2018 MacBook Pro from the standpoint of a notebook that should appeal to the widest audience (as historically the 13" MacBook Pro has been a bestseller), then Apple is alienating people (who aren't you or the type of user you are) in the name of security (the improvements of which are so minor they do not have any practical benefit to 98% of use cases).
I've been a Mac owner for the last fifteen years. I was using Macs even before then (my first Apple OS was Mac OS 8.6). Apple has gone through several twists and turns since then, but I've studied them all at great length. The fact that Apple is setting their default Secure Boot setting to "Full Security" tells me that they will use the telemetry data that they're now collecting as of Mojave to gauge whether or not this control will matter. To many it won't. To a very loud and sizable few, it will. However, Apple's priority since Mac OS X Lion has been to take the best features of the iPad and give them to the Mac so that the Mac becomes a far more capable iPad. You'll still be able to run your desktop grade software, but as far as actually managing your Mac, beyond the things you can do with Terminal, it'll be ever more similar to managing an iPad. Certainly much closer to managing an iPad than it ever was in the Snow Leopard days. This is a trend that has been steadily on the rise ever since Mac OS X Lion. In fact, barring a few under the hood features here and there, just about every macOS release since Snow Leopard has had a bulk of its marquee features be ones inherited from either the version of iOS the year prior or that have always been inherent to iOS and are just making their way to the Mac now. iOS is Apple's favorite child now and the Mac is being made to be the thing you get for when a 12.9" iPad Pro won't suffice. This isn't pessimism, this is fact.
Toward that end, iOS has ALWAYS required an internet connection before installing ANY AND ALL updates. From the tiny 11.4.1 updates to the more substantial full release updates. Similarly any fresh wipe (either performed on the device itself or via iTunes) has to make a similar call to the Internet to verify that the version being installed is still signed by Apple; whether the device has cellular or WiFi or not. If the OS package isn't signed by Apple, your iOS device doesn't get it. I seriously wish I shared the naive optimism required to believe that Apple will draw the line somewhere around here and say that they will always allow the Mac users to opt out of that setting on their Mac, but it simply doesn't align with any of their stated goals for the Mac platform. They want people running the current shipping build of macOS just like they want people doing it for iOS. They don't want people to downgrade either OS. Period. The Apple T2 chip makes that desire official on the Mac.
Now, today, the Startup Security Utility app exists today. And yes, in its current form, it allows you to revert to life the way it was before the advent of the T2. However, Apple's policy is that each OS update has the potential to slip in firmware updates in the process. You no longer get standalone firmware updates as part of your software update process that you can defer or not. If you read the macOS Deployment Reference (free on iBooks), it will spell all of that out in detail. In fact, this one of several nails in the coffin of Mac imaging and other classic styles of Mac deployment.
It is not pessimism to say that as soon as Apple can move away from allowing downgrades they will. Supporting iOS devices is far easier for AppleCare personnel to do because if an iPad, iPhone, or iPod touch isn't running its latest supported version of iOS, they can suggest that as a fix. Furthermore, it simplifies the combination of environments that they would have to support; AppleCare can simply mandate that they will only support issues on the current version of the OS.
Right now, for the reasons I have stated in abundance, Apple can't do that with the Mac without it being a nightmare for certain users. Furthermore if I buy a 2018 MacBook Pro today and buy it with AppleCare, decide I want to keep it at High Sierra, in two years, they still have to support my High Sierra environment. It is advantageous for Apple to remove my ability to stay at a lower OS, even if my livelihood depends on it. They know that, as was the case with the OS 9 to OS X transition and the PowerPC to Intel transition, people will either adapt or leave. So, no, it's not unrealistic to assume that, in a future firmware update (likely in one of the bigger OS releases, such as Mojave), the Startup Security Utility will be subject to change. The T2 can be updated for such a change the way that hardware exists today. That's not pessimism, that's just fact right there.
People said the very same thing you said here when Mac OS X 10.7 Lion came out and there was no disc option that could be shipped to your door. "What if I don't have access to the Internet?" "What if my internet is too slow for the 4.7GB OS download?!" Look at MacRumors threads from back then and you can see it with your own eyes. The complaints were so loud about it that they eventually released it in a very cute little USB drive.
However that victory was short-lived as that next year when OS X 10.8 Mountain Lion was released, there was no USB drive option; download or bust. Now no one complains that the OS is download only. It's simply a fact of life if you're a Mac user. Incidentally, as stated above, iOS requires an Internet connection to download and verify itself. To the best of my knowledge, Apple has never not done it this way with iOS. Incidentally, no one has ever complained about it ever (save for those that really wish they could downgrade their iOS devices to a version that ran smoother on their aging hardware).
Regarding your comment about the App Store; there are four very key reasons why people's fears about the Mac App Store were unfounded:
One, unlike the iOS App Store, the Mac App Store was never the only place to acquire Mac apps legitimately. With the iOS App Store, that was the ONLY SANCTIONED WAY to get apps onto your iPhone, iPod touch, and later, iPad. And back then, that was an upgrade over a WebClips architecture that was half-baked at best, so people rejoiced and for the most part didn't contest it.
Two, especially given the above, developers, having long enjoyed not having to pony over 30% of their revenues to Apple, saw no reason to do so. Furthermore, they were not fans of the review process that is required on the iOS App Store, essentially making the Mac App Store an inconvenience with barely any real value to them.
Three, given that, the experience became so bad for users that, for the most part, if an app developer offers their Mac App Store app OUTSIDE OF THE MAC APP STORE, it's better to just get it there, lessening the traction the store has.
Four, no traction on the Mac App Store, no mandating that it be the only way to buy and sell apps. Remember, the Mac has always been in a more fragile spot in terms of percentage of marketshare than the iPhone is in its market.
Also, your citation of Gatekeeper is interesting as you now have fewer options for customizing it today (in 10.12 and later) than you did upon its original release (in 10.7.5 and the original shipping version of 10.8). You can no longer turn it completely off. To assume that Apple won't change the Startup Security Utility via a future firmware update, especially given their track record is simply foolhardy. Like, seriously, don't go to Vegas making that bet; you will lose money.
I'm merely going to focus on the words I've bold-faced. Technology changes and Apple changes. Case in point: Gatekeeper no longer has the option to be fully disabled. There will probably come a point in time, maybe as soon as Mojave, where Apple slips in a firmware update that changes the options you have. It's not an unreasonable assumption given the direction they're going in and have been going in.
If you did benchmarking results and gave me numbers that suggested that the T2 performing, say, the responsibilities of the SMC, was a vast improvement to performance and reliability from the machines that still have their own SMC, I'd say that's something. Similar for the SSD controller, and any of the other components that are now handled by the T2. To the best of my knowledge, there is no visible improvement to the end user experience with the T2 taking these functions onto itself and away from either the CPU or previous modules on the main logic board. FileVault 2 performance, possibly. Again, I'd probably only use FileVault 2 on a 2018 MacBook Pro simply because I might as well. Otherwise, I either wouldn't use it, or be grateful that using it didn't come at the expense of the freedom to choose what OS I'm running whether Apple wanted such a change or not.
Otherwise, yes, I completely agree, this is obviously the first (or second if you count the T1) step down the road toward Apple making their own CPUs (whether they be ARM or x86) and not using Intel's. And certainly I see that as being both inevitable and probably coming as soon as the MacBook Pro gets its next major design refresh, if not sooner. And certainly, by the time that happens, the freedoms that I'm arguing about as being potentially scrapped by a future update will be lost from those Macs. Not because I'm a pessimist, but because there's no logical reason why say, an ARM-based Mac should behave differently from an ARM based iPad when it comes to managing the boot and install portion of the operating system. Even if it's an Apple-designed x86 processor and if they control all other elements of the system, then there's no reason why they wouldn't have similar control of the boot and install portion of the operating system there either.
Apple is a company that is all about control over their stuff. Has been since the early days. This is the direction the Mac is headed in. I'm not contesting that. What I am contesting is the notion that this is a good thing relative to how it has been. iOS was always this way, so I can't say that it is any better or worse than it was eleven years ago. The Mac, however, didn't always have a mechanism one firmware update away from choosing what you have the freedom to install or not.
Unless iOS 11 and the pitfalls that caused Apple Quality Repair Programs for the iPhone 4, iPhone 5, iPhone 6, iPhone 6 Plus, iPhone 6s and 6s Plus phones that shipped from September through November of 2015, CDMA models of iPhone 7 all don't exist in your world, then yes, I'd say you're being overly optimistic. Similarly, the issue that stemmed this thread is further proof that a chip taking away THAT MUCH CONTROL from the systems that used to reliably govern those functions isn't necessarily a good thing.
iOS has had two very bad releases in its history. iOS 8 and iOS 11. Out of, what will be, 12 releases, that's a pretty solid track record. In that same span of time, macOS has had 10. While most might disagree on which ones post-Snow Leopard weren't great, I'd probably argue that, out of those ten, you only had, at best, five good ones. And that's if you're considering 10.5 Leopard and 10.14 Mojave to be great (I like the latter so far, but my experiences have been somewhat minimal). So, 50% odds to have a crappy macOS release. Really, if you frame it in such a way as to only look at releases following Snow Leopard, then the odds are more like one in three are great and two in three aren't. Compared to iOS, macOS has a much worse track record. Furthermore, High Sierra itself had about the worst track record for issues and security blunders that ANY VERSION OF macOS HAS EVER HAD. Apple had to issue an apology with no upside about releasing (not just out of beta, but well into the .1 update) a version of macOS where anyone could just authenticate as root with no password. Put that in your "T2 makes my Mac more secure" pipe and smoke it.
As for the hardware, every MacBook and every 2016 and 2017 MacBook Pro has at least one Apple Quality Repair program associated with it. Hell, you could probably add every retina MacBook Pro prior to the Touch Bar generation to that list as well. That's not just a slight dip in quality control. That's massive. The fact that their chip design hasn't seen any serious issues doesn't say anything, especially since the issue that this thread is going on about isn't the T2, but the OS it runs. Yup, having a system within a system is all well and good from the hardware perspective until you fail to engineer a stable operating system for it to run.
Take, instead, the MacBook Pro "Escape" or the iMacs that don't have an Apple custom chip running iBridge. Look ma, no kernel panics! Not only is there no embedded chip that's one firmware update away from making several thousand Mac customer's lives as Mac customers really annoying, but no shoddily crafted OS for IT to get stuck on.
I'll put this whole discussion to you in another light. On my PCs, I have Windows 10. Presently, they are running Windows 10 version 1803, otherwise known as "The April 2018 Update" (I know; their marketing could use a little work). Honestly, that fact isn't really that important to me because I know that from version to version, Windows 10 isn't going to change SO DRASTICALLY that I yearn for the ability to backpedal back to, for example, Windows 10 v1709, otherwise known as "The Fall Creators Update". In fact, I have never yearned for the ability to backpedal back to any version of Windows 10 as Windows 10 doesn't break anything critical in its subsequent releases, let alone make any changes to my workflow that I'd find irritating or annoying. Furthermore, I can tell the OS "yo, I need to wait until I get support for x program or y driver" and defer Windows Update from upgrading me for up to a year. Usually that's enough because, again, Windows 10 really doesn't change that drastically version to version.
If Microsoft prevented me from backpedalling on Windows 10 through one of the chips it put on the Surface Book I would hypothetically own, I probably wouldn't care. Why? Because, again, there aren't enough changes for me to really care version to version. They release updates twice a year. Certainly if you compare Windows 10 version 1803 to Windows 10 version 1703, you would see some differences, but none of them would be enough to make or break the difference in terms of you wanting to go forward or backward. BECAUSE NOT MUCH CHANGES. NOT MUCH BREAKS. WHEN STUFF DOES BREAK, MICROSOFT FIXES IT. You can wait for the Windows 10 update equivalent of the .1 release and be assured that it will be fine for the most part. So, in those cases, sure, take away my ability to install an older OS.
Meanwhile in Apple land, where things change drastically under the hood from version to version EVERY FREAKIN YEAR, this is not a proposition I'm comfortable with, having had to backpedal from macOS 10.12 Sierra back to OS X 10.11 El Capitan and then the same when trying my hand with High Sierra. Two back to back releases where I backpedaled to the one I was at before going forward. Not good. Certainly not enough to make me want to waive my right to backtrack.
Last edited:
I got my 2018 MacBook Pro 15 512g stock version last week, an upgrade from the equivalent 2017 version, and this problem has been happening since then. Especially after sleep.
[doublepost=1535429999][/doublepost]
You shouldn't, I have both T1 and T2 machines, 512g2017MBP15 and 512g2018MBP15, to be exact. If you are having issues with T1 machines, you should go talk to Apple, because if you are not doing anything wrong then it's an isolated case of hardware issue, which Apple will just replace the logic board for you.
[doublepost=1535430513][/doublepost]
Just like what they did with 2017 MBPs with the second generation butterfly keyboard. They didn't plan on doing anything before class action cases forced them to start the repair program.
I had A10X GPU panic causing iOS kernel to reboot issue on iPad Pro 12.9 2017 as frequent as my 2.6 Ghz 2018 MBP 15, I returned it for a 10.5 version and I absolutely love it. I will get a replacement MBP and see how that goes.
[doublepost=1535429999][/doublepost]
You shouldn't, I have both T1 and T2 machines, 512g2017MBP15 and 512g2018MBP15, to be exact. If you are having issues with T1 machines, you should go talk to Apple, because if you are not doing anything wrong then it's an isolated case of hardware issue, which Apple will just replace the logic board for you.
[doublepost=1535430513][/doublepost]
I think this may be a T2 hardware issue, and they don't have anything to swap for at the moment. Maybe they will disable a batch of features that T2 fulfils at the moment, and just let the problems slide as much as possible.
Just like what they did with 2017 MBPs with the second generation butterfly keyboard. They didn't plan on doing anything before class action cases forced them to start the repair program.
I had A10X GPU panic causing iOS kernel to reboot issue on iPad Pro 12.9 2017 as frequent as my 2.6 Ghz 2018 MBP 15, I returned it for a 10.5 version and I absolutely love it. I will get a replacement MBP and see how that goes.
iBridge DOES run on the T1; though I'll grant you that these kernel panics do seem to be exclusively related to the T2.
And interesting that you had A10X issues on the second gen 12.9" iPad Pro but not the 10.5" model as I'm pretty sure that, unlike their first gen 12.9" and 9.7" iPad Pro predecessors (try saying that six times fast), they're pretty much identical under the hood.
Originally I wasn't really sure if I was gonna reply again for reasons I had outlined above (don't want to ride around on the same discussion points over and over again, as many of them are simply agree-to-disagree points, or things where we'll have to see what the future holds to see what turns out right), but I actually stumbled over an interesting article today that reminded me of our discussion: 9to5mac reports that there is a vulnerability that might result in data theft or worse that almost all Macs and PCs are susceptible to – but not those with a T2 chip. They are, reportedly, completely immune to it. Even FileVault doesn't seem to make a difference (and SIP isn't even mentioned, so I presume it doesn't do anything either to prevent this exploit), only the T2 chip does.
So I think our discussion over whether or not the T2 chip's additional security is just some sounds-nice-but-it-doesn't-really-ever-benefit-you type of marketing jargon or if it actually makes our Macs more secure in real-life scenarios comes to a screeching halt here – the T2 chip makes Macs immune to a real, feasible exploit that, if we fall victim to it, could potentially have catastrophical consequences. And this exploit was coincidentally only discovered a few weeks after our discussion about it, and less than 9 months after the T2 chip's first inclusion in the iMac Pros, so if there is one dangerous exploit the T2 chips (and seemingly no other of the Mac's security measures) can protect us from, then who knows which other exploits of similar nature might and will be discovered in the years to come. Now this doesn't invalidate anything else that you said, and as I stated plentiful before, I'm not claiming that there aren't people for who the T2's intentional restrictions can become a nuisance, but this real-world example shows that there is some tangible benefit for us users to be found in the security aspects of the T2 chip.
While I'm at it, I thought I mention another (in my eyes not insignificant) advantage of the T2 chip that I didn't even know before: it makes enabling and disabling FileVault instantaneous.
Previously, enabling/disabling FileVault was a lengthy process that could take many hours or even days for the Mac to complete. Now there wasn't much you as a users had to do during this process, it's not like you had to watch all the time, but that doesn't mean it didn't come with some noticeable downsides: your Mac was slowed down during this process because it had to run the encryption/decryption in the background, you couldn't stop the process once started in case you got cold feet or activated it by accident, and maybe worst of all, Time Machine would by design not make any backups during this process, meaning that if anything happened to your machine during this process, you might suffer data loss that wouldn't have happened otherwise. I don't even think you get warned about Time Machine beforehand, meaning that if you didn't make a Time Machine backup in a while and only realize that you might need one after you have started the encryption/decryption process (for example because you then take your Mac on a vacation or trip or whatever where you have a higher risk of losing/damaging it), then you were simply out of luck.
And actually, there was one downside to this even larger than the Time Machine one: the encryption/decryption process would in rare instances get stuck forever, with no user control or anything you could feasibly do to get it going again, apart from praying. I only know that because I almost had it happen on a MacBook of mine – I started the FileVault encryption but when I checked a few hours later, it was stuck. And I'm not just talking about the progress bar not moving, which is to be expected with such a slow process, but the progress tracker literally said "not encrypting" and nothing else while in the middle of the encryption process, without any sort of explanation. Restarted my Mac a couple times, even ran First Aid from the recovery partition, nothing seemed to change anything. Fortunately, it did get moving again on its own a couple hours later for no obvious reason, but during my research online, I found out that not everyone had the same luck and that for some people, it just wouldn't get unstuck at all, forcing them to eventually erase and restore their Macs, which, due to the lack of a cancel option, is the only thing you can do to "fix" this if you ever run into this situation.
Now I'm sorry for these two lengthy paragraphs, but the reason I'm listing all these problems in detail is because the T2 chip literally fixes all of them. The encryption and decryption process is instantaneous, meaning that you can't really do anything wrong, you don't have to live for days with less performance and without the ability of making Time Machine backups, and the lack of a cancel option becomes abundant because there is no longer a process during which you would even need to cancel it and you can just immediately revert it if you change your mind. And maybe best of all, the issue of the encryption process getting stuck is (most likely) gone aswell. I mean I have no hard proof of this, but since it only tends to happen in the middle of the encryption and decryption process from what I could gather online, in other words during a part of the encryption process that is no longer, well, a part of the encryption process, it seems very likely that this issue is gone aswell. Meaning that the T2 chip doesn't just cause additional issues (like the kernel panics), but it actually potentially resolves at least one pretty bad technical issue.
Now chances are not many people are even going to notice this change since enabling/disabling FileVault is usually not something you usually do on a regular basis, but in these situations where you do need to do that after all, this improvement is of immense value. It's a good example that the "it just works" and "like magic" design philosophies are still present in Apple's products today, because for people who ever had to sit through the FileVault process or even had issues with it, it sure seems like magic that your hard drive is now encrypted and decrypted in less than a second instead of over the course of potentially several days.
(Now obviously – I know it's not really your hard drive being encrypted/decrypted in the fraction of a second here, but to the user, it sure feels like it. What is more likely happening here is that, because the SSD is now always encrypted per standard with the encryption key being stored by the T2 chip's Secure Enclave, it's only the SSD's encryption key that is encrypted and decrypted with the user password when you enable and disable FileVault, and the files on your hard drive are therefore no longer required to be encrypted and decrypted in their entirety. Enabling and disabling FileVault only changes whether or not the SSD encryption key requires the user password to be decrypted, not the hard drive itself whose files are gibberish without the encryption key anyway. At least this is my guess of what happens.)
This also makes for an additional great advantage of the T2 chip when you are selling your Mac, btw. With everything on your SSD being encrypted per standard, the loss of the SSD encryption key means that nothing of your data will be recoverable, so you won't have to worry about a potential buyer using data recovery tools and snooping around in your files. I would presume that the SSD encryption key gets reset when you reformat your drive or reset the Mac to factory settings (though this is just a guess, I haven't looked it up – if it doesn't, then switching on FileVault should definitely do the trick), so everything that was on that drive before is unrecoverable afterwards. Previous to the T2 chip, if you weren't using FileVault then you either had to activate it and sit through the lengthy encryption process before deleting any of your files, or use some other tools to go over your hard drive and make sure that every block of the SSD contains randomized strings, otherwise you were at risk of data recovery tools being potentially able to restore some of your data, as far as I'm aware.
Having mentioned Kernel Panics, I think there also was a patch from Apple in meantime since our discussion that resolves the T2-caused Kernel Panics, or at least was supposed to? But then again, there are people here on the MacRumors forums over in the MacBook Pro forum who still do seem to have Kernel Panics, even after the update. So maybe Apple's update only fixed some causes for the Kernel Panics but not all of them yet? I don't know.
By the way, see the attached screenshot blow for what my Gatekeeper settings currently look like (the selected option says "no restrictions". Does this not mean that Gatekeeper is fully disabled? I mean, I do remember some warning messages on occasion when I initially started an app from an unverified developer from outside the Mac App Store ("This app was downloaded from... do you really want to open it?"), so I guess Gatekeeper is not fully disabled in the sense that it still performs some kind of check on the apps you downloaded, but I don't think it ever prevented me from opening an app with this option enabled. (But yeah I'm pretty sure this wasn't the originally selected option the Mac came with, so you as a user have to go out of your way to change it if you want to run apps from anywhere – but that's not a bad thing in my eyes.)
On another topic, in retrospect I'm not sure if I follow why the only reason in which you see the SSD being encrypted to be helpful is if it is desoldered without damage and then tried to connect with a suitable connector: if there is a recovery port for Apple to access the data on the SSD previous to the 2018 MBPs, a port which we have discussed in abundance already, what's stopping a malicious third party from simply opening up the MacBook Pro and accessing the data on the SSD themselves via the recovery port? While there are without doubt situations in where the recovery port can come in useful for users, it also poses a security risk, as far as I can see, and this is an angle that we (or at least I) didn't really consider in our discussion before. If the data on the drive is not encrypted per standard, and if there is a port to access that data for Apple technicians, then who's going to stop a potential thief from accessing it?
Now I'm not saying that this is a super common situation or anything. I also have no idea if the respective tool to connect to the data recovery port is some industry standard of if it's something Apple-proprietary that usually only Apple technicians have – but even if the last of the two is the case, it should be possible to get such a tool for someone who really wants to. In any case it seems like a much more easy and likely scenario to access unencrypted data on the SSD than to unsolder it without damaging it and then trying to find a fitting connector to the SSD itself, so the point that the new encryption standards for the SSD are not useful because it's so difficult to desolder and afterwards access it kind of falls apart, as far as I see.
Anyway. There's more I originally wanted to say to your extensive and well-argumented response, but it's late where I live so I'm gonna do it another time (if at all).
Attachments
Last edited:
Also, to add to my last post, about that quoted statement of yours... it seems this turns out to be factually wrong aswell, you might want to check this article for example. Apple did introduce a new data recovery process for the Macs with the new T2 chip, it has just become a different process that is now external instead of relying on an internal recovery port.
So I suppose that's another point of our previous discussion that we can now put to rest as your argument about the drop of the recovery port being by design didn't really end up being true, and my previous suggestion (that your above statement I quoted responded to and that you strongly disagreed with) that Apple didn't abandon the idea of data recovery from an internal drive as much as they did abandon the previous method of it in favor of a new one that's more congruous and compatible with the added security and features of the T2 chip wasn't that far off actually, as this is more or less what they did. I mean I wasn't 100% correct either as I didn't expect that Apple could retroactively fit such a solution into the already shipped hardware with the T2 chip (which they now did), I expected it to require some hardware-level changes in the next iterations – but what matters in my opinion is that they did it at all.
So the takeaway from this is, it's one more alleged big disadvantage of the T2 chip that is out of the window. Leaving us only with technical issues (Kernel Panics which appear to be already partially solved with the latest update, and will hopefully be completely solved in the near future) aswell as the potential risk of Apple restricting the boot up choices in the future as disadvantages of the T2 chip. Which overall doesn't look that bad, considering the benefits that we do get from the T2 chip.
Nevertheless, we shouldn't overestimate the inclusion or exclusion of such a recovery method. While we can probably agree that its inclusion in T2 Macs is a good thing, it will still only help you in a fraction of repair cases, i.e. only when your logic board is just damaged enough to require a replacement but not damaged enough for the SSD or any other part of the recovery process to be dysfunctional. Point being, a recovery method, whether it's by a recovery port as before or by external means (and partially internal means, I presume it still requires the T2 chip to be functional for the decryption) like it is now doesn't replace external backups, whether it's via Time Machine to an external drive or via a cloud storage solution or anything else. If your Mac breaks or becomes faulty by any way, then you must generally assume that your data is unrecoverable. I know that you most likely know that just as much as me, but it's worth repeating. Apple doesn't officially advertise this data recovery port/process in any way, and for good reason – it can be helpful in a small amount of edge cases, but it's not something to rely on in any capacity, it's not a magical catch-all safety net.
That's fantastic news and a great find! I'm wondering why the 9to5Mac app (which is on all of my iOS devices) didn't give me an alert as I'd assume that'd be sizable news (unless they're assuming that all I want to hear about is iPhone Xs/Xs Max/Xr coverage). That said, The requirement that the machine be able to be powered on isn't stellar, but it's better than no data recovery ability at all.
Kind of splitting hairs. They DID remove the data recovery port due to the T2. They DID NOT remove ANY means of data recovery due to the T2 because, as you've wonderfully cited above, it seems as though there is a means of doing Data recovery on those machines now.
The restriction of boot choices is far bigger than any real discernible advantage of the T2 chi. You have yet to really cite me any real-world example of something that makes a T2 Mac function better for the typical day-to-day operation than a Mac. The recent cold-boot vulnerability would be something significant there were it not for Apple saying that they're going to release firmware patches for non-T2 Macs in the near future (making this as much of a non-issue as the lack of a data recovery port is now).
Apple will lose customers if, upon taking in a Mac to the Genius Bar, it tells the customer that due to the drive being (a) integrated onto the logic board, and (b) the security offered by the T2 chip, it can't read the SSD. The user doing so will care zero about whatever securities offered by the T2 chip and leave pissed off not wanting to buy another Mac ever again. Apple knows this far better than we do. So, it offering SOME WAY to recover data is not only critical, it's essential; Time Machine or not.