Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
That's fantastic news and a great find! I'm wondering why the 9to5Mac app (which is on all of my iOS devices) didn't give me an alert as I'd assume that'd be sizable news (unless they're assuming that all I want to hear about is iPhone Xs/Xs Max/Xr coverage). That said, The requirement that the machine be able to be powered on isn't stellar, but it's better than no data recovery ability at all.
Thank you!
Kind of splitting hairs. They DID remove the data recovery port due to the T2. They DID NOT remove ANY means of data recovery due to the T2 because, as you've wonderfully cited above, it seems as though there is a means of doing Data recovery on those machines now.
Yep, pretty much.

The restriction of boot choices is far bigger than any real discernible advantage of the T2 chi. You have yet to really cite me any real-world example of something that makes a T2 Mac function better for the typical day-to-day operation than a Mac. The recent cold-boot vulnerability would be something significant there were it not for Apple saying that they're going to release firmware patches for non-T2 Macs in the near future (making this as much of a non-issue as the lack of a data recovery port is now).
I find it a bit misleading that you call it a "restriction of boot choices" when right now, it's actually the exact opposite: we have more boot choices than before, the T2 chip is giving users more granular control about how much boot up security they want to have on their Mac. If they don't think these options benefit them in any way, they can just completely turn them off and it's all like it was before. I know that what you mean by that is the possibility of a future restriction of boot choices as we've gone over this topic a few times now, but still, right now we actually have the opposite of it: more choices, not less.

About citing you a "real-world example of something that makes a T2 Mac function better for the typical day-to-day operation than a Mac [without T2 chip?]", I'm not sure if you noticed my other, previous response to you, the one right above the one you quoted where I also talked a bit about the cold boot attack that you so casually mention. Not gonna repeat here in detail what I said up there, but to answer your question, I think the protection from the cold-boot attack is a solid example of the T2's security features being not just all marketing-gobbledegook but offering actual protection from dangerous real-world attacks for the users, and the fact that the T2 chip makes enabling/disabling FileVault instantaneous instead of the lengthy, tedious, Time Machine-disabling process that it was before aswell as the fact that safely erasing your data before selling/getting rid of your MacBook is now a trivial matter are pretty rad benefits that do affect the average user from time to time (even if not necessarily consciously so).

What I think is a great example: just imagine a typical user who didn't bother with FileVault before or thought he'd never need it, but shortly before he departs on a vacation or trip with his MacBook, he figures FileVault might help him to better protect his personal data in case his laptop gets stolen/lost/confiscated/... during his travels (I speak from experience when I say that situations like these are where many people usually start to look into additional safeguards like FileVault). So he flicks on the FileVault switch, but only afterwards realizes that this prevents him from doing a Time Machine backup during the encryption process (because you're not told of that beforehand, as far as I remember), and because this process can take many hours or even days, he potentially has to depart without making a backup of his personal files. Activating this additional safeguard for his personal files actually put his files more at risk because now he can't make a backup of them before his journey. Not so with T2 Macs: because enabling/disabling FileVault is instantaneous, you can do it whenever and wherever you want and how often you want, without having to live with the performance slowdown or with being locked out of making Time Machine backups. (Yes this is ignoring the fact that you can also back up your files via other means than Time Machine, but you get the point.)

Again, this is the short version, I much more comprehensively explain what I think about all three of these in my other comment above so I'm not going to repeat it all here.
 
I find it a bit misleading that you call it a "restriction of boot choices" when right now, it's actually the exact opposite: we have more boot choices than before, the T2 chip is giving users more granular control about how much boot up security they want to have on their Mac. If they don't think these options benefit them in any way, they can just completely turn them off and it's all like it was before. I know that what you mean by that is the possibility of a future restriction of boot choices as we've gone over this topic a few times now, but still, right now we actually have the opposite of it: more choices, not less.

To call the choice to impose restrictions on yourself from the baseline having 'more choices' is a serious stretch. I'm not buying it.

About citing you a "real-world example of something that makes a T2 Mac function better for the typical day-to-day operation than a Mac [without T2 chip?]", I'm not sure if you noticed my other, previous response to you, the one right above the one you quoted where I also talked a bit about the cold boot attack that you so casually mention. Not gonna repeat here in detail what I said up there, but to answer your question, I think the protection from the cold-boot attack is a solid example of the T2's security features being not just all marketing-gobbledegook but offering actual protection from dangerous real-world attacks for the users, and the fact that the T2 chip makes enabling/disabling FileVault instantaneous instead of the lengthy, tedious, Time Machine-disabling process that it was before aswell as the fact that safely erasing your data before selling/getting rid of your MacBook is now a trivial matter are pretty rad benefits that do affect the average user from time to time (even if not necessarily consciously so).

(a) Enabling FileVault 2 on any Mac with Intel's hardware based cryptography IS instantaneous as the boot drive will have already been converted to Core Storage. This was an OS X Yosemite feature and is nothing new. Furthermore, not everyone who uses their Mac is as paranoid about their data falling into the wrong hands as you are. Not by a long shot.

(b) I don't count the cold-boot attack as there haven't been any reports of it being exploited yet and Apple has already announced that they're going to be pushing firmware updates to other Macs that protect it. From any kind of functional standpoint, this is effectively a non-issue

(c) Other than the cold-boot attack and FileVault 2 encryption time (which, again, are arguably non-issues), you still haven't cited anything that would make a T2-based Mac preferable to a Mac that doesn't have one based on any real-world use cases or metrics.

What I think is a great example: just imagine a typical user who didn't bother with FileVault before or thought he'd never need it, but shortly before he departs on a vacation or trip with his MacBook, he figures FileVault might help him to better protect his personal data in case his laptop gets stolen/lost/confiscated/... during his travels (I speak from experience when I say that situations like these are where many people usually start to look into additional safeguards like FileVault). So he flicks on the FileVault switch, but only afterwards realizes that this prevents him from doing a Time Machine backup during the encryption process (because you're not told of that beforehand, as far as I remember), and because this process can take many hours or even days, he potentially has to depart without making a backup of his personal files. Activating this additional safeguard for his personal files actually put his files more at risk because now he can't make a backup of them before his journey. Not so with T2 Macs: because enabling/disabling FileVault is instantaneous, you can do it whenever and wherever you want and how often you want, without having to live with the performance slowdown or with being locked out of making Time Machine backups. (Yes this is ignoring the fact that you can also back up your files via other means than Time Machine, but you get the point.)

Again, this is the short version, I much more comprehensively explain what I think about all three of these in my other comment above so I'm not going to repeat it all here.

This is a bit of a stretch as it requires many things to be happening at once; the user having to leave quickly, the user deciding that their data should be encrypted lest it fall into the wrong hands, and the user AT THE SAME TIME, realizing that their ability to back up said data via Time Machine WHILE ALL OF THOSE OTHER THINGS ARE ALSO HAPPENING will be impacted. This is not a frequently occurring scenario. Most will, if in a hurry, only worry about the one or two things that need securing (or will have already taken the precaution to encrypt their drive). While yes, a T2 Mac wouldn't have that limitation, that's really not a realistic situation. I'm sorry.
 
To call the choice to impose restrictions on yourself from the baseline having 'more choices' is a serious stretch. I'm not buying it.
That's a pretty questionable statement on a number of levels.

First of all, that's some backwards logic: a choice is not a choice because of (arbitrary thing about it that I don't like)? I don't think that's how most people would define a choice. I suppose Mojave doesn't give us the choice then between light and dark mode because, uh, dark mode is dark and I don't like that, so how dare anyone call it a choice!

We should really separate facts from opinions in these discussions, and calling something "not a choice" because of something you don't like about it isn't exactly doing that. One is how we define it, the other one is what we think about it, and presenting different options to choose from at will is something most people would consider a choice, regardless what these options about.

Secondly, the "medium security" option doesn't seem to impose any restrictions upon you, as far as I can tell, at least not regarding what macOS- or Windows-version you can install – only the "high security" setting does. That's why, in an earlier comment of mine, I called it the medium security one the best of both worlds – you get the additional security because it checks the OS installer and system installation for integrity while not changing what OS version you are able to install. What's not to like about that?

(As I think about it, this might actually be a benefit to people who want to revert back to an older OS, the very people who you claim are at a disadvantage because of the T2 chip: because Apple only provides the installer of the newest OS version in the Mac App Store, people who want to revert back to an earlier OS version might have to resort to unofficial sources on the internet to get the exact OS installation file they want, but such sources bear the risk of the installation file being modified with by third parties. From my understanding, the integrity check that the T2 chip performs on medium and high security when installing such a file might recognize when an OS installer has been tampered with, because whatever hash functions it applies to it and compares to the servers probably spew out the wrong values. To be clear, that's just my understanding of it and I don't know for certain whether or not I'm right about it, but it's worth to consider.)

And thirdly, even if the only choice here would be whether or not to impose these restrictions onto yourself – why is this a disadvantage of the T2 machines in any way? Isn't it a good thing that everyone can decide for themselves what option they prefer? If you view it that way, that's fine – you can just decide not to impose these "restrictions" onto yourself; that's why having a choice is a great thing. That doesn't mean that it's the best choice for everyone, or that nobody else should decide to have their Macs be a little more secure, even if that means having it be more locked-down; that just because you don't view them as a good option for you, nobody else should. Let's have enough trust in people to make up their on mind on this instead of suggesting that what you personally find to be the best choice should be forced onto everyone.

To put into perspective how much of a "disadvantage" this choice about restrictions is, let's pick up on your analogy with the Apple Store genius telling a Mac owner that he can't restore data because of the T2's security restrictions for a second: would you really go up to someone who has just suffered data loss or has valuable data compromised or his identity stolen because of the cold boot attack, and tell them: "You know what, it's actually a good thing this happened to you, because at least, you never had these annoying pesky completely optional choices to deal with? If you had a T2 Mac then this wouldn't have happened to you and your data wouldn't have gotten stolen just now, but at very least you never had the choice to impose additional "restrictions" on yourself that wouldn't ever bother you unless you went out of your way to find them, so shouldn't you be happy about that?" Would anyone really do this and expect a positive reaction? Now obviously that is the absolute edge-case scenario, but I think it goes to show that arguing that the T2 chip is a bad thing because it offers more user choice, regardless of what these choices are, is a little nonsensical.

(a) Enabling FileVault 2 on any Mac with Intel's hardware based cryptography IS instantaneous as the boot drive will have already been converted to Core Storage. This was an OS X Yosemite feature and is nothing new.
Not sure where you are getting this from, but this is false. If you don't believe me, you can easily check it yourself: if you have a non-T2-Mac with Yosemite or newer, go into System Preferences and enable or disable FileVault 2 (depending on whether or not you currently have it enabled or not). If what you say is correct, then this shouldn't be any problem for you because it's finished immediately, so you can just revert the setting (which would also happen immediately) and you're done testing it. Spoiler: it won't. It will take up several hours or even multiple days, depending on what Mac model and how much performance you have, how much files you have and so on.

(Or you can check this support article where it also says that it can take quite a while, I guess.)
This is a bit of a stretch as it requires many things to be happening at once; the user having to leave quickly, the user deciding that their data should be encrypted lest it fall into the wrong hands, and the user AT THE SAME TIME, realizing that their ability to back up said data via Time Machine WHILE ALL OF THOSE OTHER THINGS ARE ALSO HAPPENING will be impacted. This is not a frequently occurring scenario. Most will, if in a hurry, only worry about the one or two things that need securing (or will have already taken the precaution to encrypt their drive). While yes, a T2 Mac wouldn't have that limitation, that's really not a realistic situation. I'm sorry.
For someone who has been emphasizing that we shouldn't ignore other people's use cases just because they don't apply to us personally, no matter how niche or unlikely, that doing so would be "egregiously and borderline offensively wrong", it seems a little hypocritical that you are dismissing this scenario because it's "not a realistic situation" from your point of view. If the user having to leave quickly to go on a trip is too much of a stretch, just take any situation instead where the user decides, for any reason, that they should encrypt or decrypt their files with FileVault, only to realize in the potential days that this process can take up that they cannot make a Time Machine backup. On one hand, you argue how important it is that we have a recovery method that is never officially advertised and only helps you in a very small number of hardware problems, but on the other hand you claim that it's not a big deal to be unexpectedly locked out of making a backup of your data for several days? These two statements don't mesh too well together, don't they?

By the way, I actually had that happen to me earlier this year (minus having to go on a trip): I switched FileVault on, wanted to make a backup and only then realized that I couldn't. And no, the process was not instantly finished. And by the way, the reason I did decide to back it up during this process was because the encryption process got stuck and wouldn't continue at all, which, if it won't resolve itself, only leaves you with the possibility to completely erase ad set up your Mac again. As I don't want to write down again what I already wrote out extensively about this topic earlier (but you seem to have either ignored or overlooked it), I'm just going to copy the relevant paragraphs from an earlier comment of mine where I talked about it quite a bit:

> Previously, enabling/disabling FileVault was a lengthy process that could take many hours or even days for the Mac to complete. Now there wasn't much you as a users had to do during this process, it's not like you had to watch all the time, but that doesn't mean it didn't come with some noticeable downsides: your Mac was slowed down during this process because it had to run the encryption/decryption in the background, you couldn't stop the process once started in case you got cold feet or activated it by accident, and maybe worst of all, Time Machine would by design not make any backups during this process, meaning that if anything happened to your machine during this process, you might suffer data loss that wouldn't have happened otherwise. I don't even think you get warned about Time Machine beforehand, meaning that if you didn't make a Time Machine backup in a while and only realize that you might need one after you have started the encryption/decryption process (for example because you then take your Mac on a vacation or trip or whatever where you have a higher risk of losing/damaging it), then you were simply out of luck.

> And actually, there was one downside to this even larger than the Time Machine one: the encryption/decryption process would in rare instances get stuck forever, with no user control or anything you could feasibly do to get it going again, apart from praying. I only know that because I almost had it happen on a MacBook of mine – I started the FileVault encryption but when I checked a few hours later, it was stuck. And I'm not just talking about the progress bar not moving, which is to be expected with such a slow process, but the progress tracker literally said "not encrypting" and nothing else while in the middle of the encryption process, without any sort of explanation. Restarted my Mac a couple times, even ran First Aid from the recovery partition, nothing seemed to change anything. Fortunately, it did get moving again on its own a couple hours later for no obvious reason, but during my research online, I found out that not everyone had the same luck and that for some people, it just wouldn't get unstuck at all, forcing them to eventually erase and restore their Macs, which, due to the lack of a cancel option, is the only thing you can do to "fix" this if you ever run into this situation.

> Now I'm sorry for these two lengthy paragraphs, but the reason I'm listing all these problems in detail is because the T2 chip literally fixes all of them. The encryption and decryption process is instantaneous, meaning that you can't really do anything wrong, you don't have to live for days with less performance and without the ability of making Time Machine backups, and the lack of a cancel option becomes abundant because there is no longer a process during which you would even need to cancel it and you can just immediately revert it if you change your mind. And maybe best of all, the issue of the encryption process getting stuck is (most likely) gone aswell. I mean I have no hard proof of this, but since it only tends to happen in the middle of the encryption and decryption process from what I could gather online, in other words during a part of the encryption process that is no longer, well, a part of the encryption process, it seems very likely that this issue is gone aswell. Meaning that the T2 chip doesn't just cause additional issues (like the kernel panics), but it actually potentially resolves at least one pretty bad technical issue.

> Now chances are not many people are even going to notice this change since enabling/disabling FileVault is usually not something you usually do on a regular basis, but in these situations where you do need to do that after all, this improvement is of immense value. It's a good example that the "it just works" and "like magic" design philosophies are still present in Apple's products today, because for people who ever had to sit through the FileVault process or even had issues with it, it sure seems like magic that your hard drive is now encrypted and decrypted in less than a second instead of over the course of potentially several days.

> (Now obviously – I know it's not really your hard drive being encrypted/decrypted in the fraction of a second here, but to the user, it sure feels like it. What is more likely happening here is that, because the SSD is now always encrypted per standard with the encryption key being stored by the T2 chip's Secure Enclave, it's only the SSD's encryption key that is encrypted and decrypted with the user password when you enable and disable FileVault, and the files on your hard drive are therefore no longer required to be encrypted and decrypted in their entirety. Enabling and disabling FileVault only changes whether or not the SSD encryption key requires the user password to be decrypted, not the hard drive itself whose files are gibberish without the encryption key anyway. At least this is my guess of what happens.)

> This also makes for an additional great advantage of the T2 chip when you are selling your Mac, btw. With everything on your SSD being encrypted per standard, the loss of the SSD encryption key means that nothing of your data will be recoverable, so you won't have to worry about a potential buyer using data recovery tools and snooping around in your files. I would presume that the SSD encryption key gets reset when you reformat your drive or reset the Mac to factory settings (though this is just a guess, I haven't looked it up – if it doesn't, then switching on FileVault should definitely do the trick), so everything that was on that drive before is unrecoverable afterwards. Previous to the T2 chip, if you weren't using FileVault then you either had to activate it and sit through the lengthy encryption process before deleting any of your files, or use some other tools to go over your hard drive and make sure that every block of the SSD contains randomized strings, otherwise you were at risk of data recovery tools being potentially able to restore some of your data, as far as I'm aware.

TL;DR of the copied paragraphs: the T2 chip makes a previously lengthy and performance-hugging process that prevented Time Machine backups instantaneous, it most likely also fixed the (pretty severe, though fortunately rare) bug of the encryption getting stuck completely and forcing you into erasing your Mac. While probably not something you do on a daily basis, all of this can be of immense value when you do need or decide to enable/disable FileVault for any reason. It also trivializes making sure your data cannot be read anymore if you decide to sell your Mac sometime down the road (which is something a lot of people do when they upgrade their Mac eventually – you cannot tell me that selling a computer that holds up particularly good in value of the years when you upgrade is an unrealistic niche application that we shouldn't account for).

(b) I don't count the cold-boot attack as there haven't been any reports of it being exploited yet and Apple has already announced that they're going to be pushing firmware updates to other Macs that protect it. From any kind of functional standpoint, this is effectively a non-issue
I kind of like how the goalposts have moved: previously, you argued that the T2's security features were all marketing talk and weren't really an advantage because there weren't really have any dangerous real-world vulnerabilities that they would protect you from – now we are arguing that this dangerous real-world vulnerability isn't really an advantage of the T2 chip because it might get fixed on other Macs sometime down the line and because it doesn't functionally affect you (unless you just happen to be affected). Don't get me wrong, for the vast majority of people, namely those who aren't vicim of this bug, their usage of the machine isn't affected by whether or not it has the T2 chip – but those who do suffer a data breach or whatever by the cold boot exploit aren't going to be comforted by you thinking that a hardware component that makes you immune to this issue isn't really a good thing.

(Besides, do we know when it's going to be fixed for non-T2 Macs? Seeing as to how this vulnerability is known since a while now, it seems like the release of Mojave would have been a good opportunity to.)

But having said that, the bigger takeaway from the cold boot vulnerability is, in my opinion, that vulnerabilities that the T2 chip protects you from can happen. It is the first real-world example of such a vulnerability, and it was discovered only a couple of months after the initial release of the first Macs with a T2 chip (which is likely pretty early into its lifespan). Who knows what other vulnerabilities might be discovered over the next years that the T2 chip and his potential successors do protect us from? Hell, who knows how many other such vulnerabilities are already discovered by someone right now and just aren't disclosed to Apple, let alone to the public? For all we know, this cold boot vulnerability might just be the tip of the iceberg and there are a whole family of similar vulnerabilities that the T2 chip prevents. Despite what you may think, I'm actually not that much into data security measures in my everyday life, but for me, the discovery and public disclosure of a vulnerability like this puts a screeching halt to our discussion on whether or not the T2 chip has any real-world security benefits.

(c) Other than the cold-boot attack and FileVault 2 encryption time (which, again, are arguably non-issues), you still haven't cited anything that would make a T2-based Mac preferable to a Mac that doesn't have one based on any real-world use cases or metrics.
Really? I think it's time for a short recap then. Correct me if I've forgotten anything, but technical issues like KPs aside (which I agree should not happen, but are more software- than hardware-related), the only feasible disadvantage of having a T2 chip in every Macs from now on that we can sort-of agree on is that in the far future, Apple might take away the old boot up choices (which, again, is something I find highly unlikely to happen for reasons I've laid down earlier, but there it goes). On the other side of the fence, we have:

- Touch ID (incredibly useful for a great deal of people, and definitely the biggest benefit for me personally),
- the Touch Bar (I know, not that useful for most people, but technically a feature enabled at least partially by the T2 chip),
- "Hey Siri"-functionality,
- the SSD always being safely encrypted by the T2 chip, and all the benefits that come with that, including having zero instead of just a very small decrease in read/write speeds with FileVault enabled,
- Instant FileVault on/off, as opposed to it being a lengthy and tedious process (and all the benefits that come with it that we've gone over earlier),
- The rare but catastrophic issue of FileVault getting stuck during en-/decryption of your hard drive that forced you into erasing and setting up your Mac from scratch most likely being eradicated,
- Making your data unrestorable when you reset the Mac to sell it is now a trivial matter,
- Increased bootup security and security choices (which might not be of any feasible benefit to you as long as you aren't affected, but can be of immense value if you do become victim of malicious attacks),
- Increased security in a number of other areas like webcam access, possibly preventing software from accessing it without the user having a way of noticing,
- A new data recovery process that might even be a little easier for Apple technicians to do because they no longer have to open up the machine,

And maybe more that I can't think of off the top of my head. But yeah, I don't think most people are going to be too bothered by the possible scenario of maybe having their boot up choices taken away 8 or 12 years down the road, considering this list of benefits that we all right now. I know that not all of these points affect everyone in their everyday life, or might only become useful very rarely like the additional security features, but when weighing all of this against something that might happen years down the line, I know I'd choose a Mac with T2 chip over the same one without it if I had the choice, and I presume most people would.

If you don't see yourself profiting from any of them, if none of these things are useful for you personally, then that's absolutely fine – nobody's going to convince you into using any of these features (or at least not me), but please don't make the assumption that because they may not seem to make Macs with the T2 chip more attractive for you, that this has to apply to everyone, and that everyone else should just forget about all of these improvements in favor of the fear of a future where Apple drops some boot up choices.

I'd wager that biometric authentication alone already makes the inclusion of the T2 chip more than worth it for a great deal of people, far outweighing any "B... but it may all be different in a couple of years"-type of scenario, and the same is probably true for people who find ways to integrate the Touch Bar into their workflows in a meaningful manner (I haven't personally, but I've seen some Mac apps that make excellent use of the Touch Bar – Final Cut Pro X, Logic Pro X or photo editing apps like Pixelmator Pro, the Affinity apps or Photoshop being just some examples).

Finally, I think it's important to consider what the T2 chip means in a greater context. You talked in an earlier comment about how Intel's current CPUs are pretty powerful – which, in a vacuum, is undeniably true – but when we look back at how these chips have improved over the last couple of years, and then look forward to Intel's current roadmap, then their evolution has been pretty stagnant and might continue to be so for the foreseeable future. Their 10nm architecture has been delayed several times now and pushed back multiple years in total (and is now rumored to only be 10nm in name and in reality closer to 12nm?), and so on and on. Apple on the other hand has been killing it in the chip game lately, with some significant improvements clocking in every single year for a while now – the A12 and S4 chips being the most recent examples. The T1 and T2 chips are likely just the first step towards Mac hardware with fully ARM-based, Apple-developed processor units inside; they are indicative of the fact that Apple is trying to rely less on Intel's questionable roadmaps and releases which does seem like a good thing fundamentally. I know you said in an earlier comment that you don't really like that direction, but it's not in either of our hands and the more these custom chips find their way into the Mac lineup right now, the smoother a complete transition like that might be in a couple of years.
 
Last edited:
That's a pretty questionable statement on a number of levels.

First of all, that's some backwards logic: a choice is not a choice because of (arbitrary thing about it that I don't like)? I don't think that's how most people would define a choice. I suppose Mojave doesn't give us the choice then between light and dark mode because, uh, dark mode is dark and I don't like that, so how dare anyone call it a choice!

I am not given the ability to do anything with those additional options. No new capability is afforded to me. Merely the limiting of ability I was already afforded by owning a name brand x86-64 computer because I'm afraid that I will be one of the statistically unlikely few to be affected with a cold-boot attack. You see this as a benefit because, you are more paranoid of such attacks than I am. (Strangely, you don't cite how common they are, in practice, with any credible data.) As it stands right now, the only real world benefit to this restriction you've been able to even cite up to this point, aside from the booting of an unsanctioned and unsigned OS (something I have not only never had happen to me personally, but have also never heard of having happened to the thousands of other Mac users that I've supported throughout my IT career) against the user's will, is that if I'm running late for a trip and spontaneously decide that I want to encrypt my drive while also backing it up, I can do so. Again, not sold on that as a practical benefit.

Now, you are TECHNICALLY GIVEN OPTIONS in the Startup Security Utility on those systems, and OPTIONS ARE CHOICES. But do these choices GRANT YOU ANY ADDITIONAL FUNCTIONALITY, I'd argue no, especially seeing as you are LIMITING what you are able to do with those additional options. However, citing facts on the necessity of the security offered by the T2 chip, which you do not have, you are insistent that you are offered the peace of mind that a set of vulnerabilities that are pretty uncommon among non-T2-enabled Macs are now something you are impervious to. Which, I suppose, in your opinion, is a benefit. However, if we are to use your earlier provided example of Gatekeeper as a metric, Apple will almost certainly impose limitations in the future to prevent T-series Macs from booting anything that isn't the up-to-the-minute version of macOS a la iOS.

We should really separate facts from opinions in these discussions, and calling something "not a choice" because of something you don't like about it isn't exactly doing that. One is how we define it, the other one is what we think about it, and presenting different options to choose from at will is something most people would consider a choice, regardless what these options about.

Considering that you have yet to offer me a real-world practical benefit that comes with the T2 chip, your saying that it is an advancement that all users would appreciate seems to be more of an opinion than a fact.

On the other hand, Apple's track record, suggesting heavily that options such as the ones in the Startup Security Utility on T2 Macs today won't be something that persists, is fact. I can't predict the future. But if I was a gambling man, it'd be a really safe bet that Apple will go that route.

Secondly, the "medium security" option doesn't seem to impose any restrictions upon you, as far as I can tell, at least not regarding what macOS- or Windows-version you can install – only the "high security" setting does. That's why, in an earlier comment of mine, I called it the medium security one the best of both worlds – you get the additional security because it checks the OS installer and system installation for integrity while not changing what OS version you are able to install. What's not to like about that?

What if I want to boot a Linux OS? What if I want to boot a special bootable utility that wasn't ever signed by Apple or Microsoft? It's my computer; why can't I boot whatever I want on it, especially if I'm not violating any copyright laws to do so? Is this not something I should be ABLE to do?

(As I think about it, this might actually be a benefit to people who want to revert back to an older OS, the very people who you claim are at a disadvantage because of the T2 chip: because Apple only provides the installer of the newest OS version in the Mac App Store, people who want to revert back to an earlier OS version might have to resort to unofficial sources on the internet to get the exact OS installation file they want, but such sources bear the risk of the installation file being modified with by third parties. From my understanding, the integrity check that the T2 chip performs on medium and high security when installing such a file might recognize when an OS installer has been tampered with, because whatever hash functions it applies to it and compares to the servers probably spew out the wrong values. To be clear, that's just my understanding of it and I don't know for certain whether or not I'm right about it, but it's worth to consider.)

Apple actually provides every downloadable version of the Mac Operating System dating back to Lion. In fact, you can still download Mavericks, Yosemite, El Capitan, Sierra, and High Sierra today. You won't find them by searching on the Mac App Store, but you can find them still today, making this issue of tampered OSes a non-issue, unless you're REALLY worried that Apple's servers might get hacked and their files for older OSes replaced by ones with fraudulent hash signatures, but honestly, this seems HIGHLY unlikely.

And thirdly, even if the only choice here would be whether or not to impose these restrictions onto yourself – why is this a disadvantage of the T2 machines in any way? Isn't it a good thing that everyone can decide for themselves what option they prefer? If you view it that way, that's fine – you can just decide not to impose these "restrictions" onto yourself; that's why having a choice is a great thing. That doesn't mean that it's the best choice for everyone, or that nobody else should decide to have their Macs be a little more secure, even if that means having it be more locked-down; that just because you don't view them as a good option for you, nobody else should. Let's have enough trust in people to make up their on mind on this instead of suggesting that what you personally find to be the best choice should be forced onto everyone.

We already agreed that most users won't be aware enough to make up their mind, so I'm not sure what your point here is. Also, I'm not attacking your preference. I'm attacking the assertion that your preference has any real-world benefit beyond simply being your preference. Also, the implication that the sacrifices that we are very likely going to have to make during the lifetime of the current T2 Macs are even remotely worth it.

To put into perspective how much of a "disadvantage" this choice about restrictions is, let's pick up on your analogy with the Apple Store genius telling a Mac owner that he can't restore data because of the T2's security restrictions for a second: would you really go up to someone who has just suffered data loss or has valuable data compromised or his identity stolen because of the cold boot attack, and tell them: "You know what, it's actually a good thing this happened to you, because at least, you never had these annoying pesky completely optional choices to deal with?

The amount of people who have had their identity stolen in a cold boot attack is certainly substantially smaller than the amount of people who are apt to be inconvenienced by the fact that ALL T-series MacBook Pros do not have a discretely separate SSD. Again, I have never heard of it happening to anyone I know or have ever worked with and that's a fairly sizable population.

If you had a T2 Mac then this wouldn't have happened to you and your data wouldn't have gotten stolen just now, but at very least you never had the choice to impose additional "restrictions" on yourself that wouldn't ever bother you unless you went out of your way to find them, so shouldn't you be happy about that?" Would anyone really do this and expect a positive reaction? Now obviously that is the absolute edge-case scenario, but I think it goes to show that arguing that the T2 chip is a bad thing because it offers more user choice, regardless of what these choices are, is a little nonsensical.

If you could guarantee me that these choices were going to remain for the functional lifetime of the T2 machines without any change to them slipstreamed via Firmware or otherwise, I'd say that it isn't a bad thing. However, you cannot guarantee me that. Nor can you refute that if Apple were going to take away my choices, the T2 chip and the bridgeOS it runs would be the way in which they do so and until you can guarantee and refute accordingly, you cannot make the claim that it's simply more options being added with no drawback, potential or otherwise.


Not sure where you are getting this from, but this is false. If you don't believe me, you can easily check it yourself: if you have a non-T2-Mac with Yosemite or newer, go into System Preferences and enable or disable FileVault 2 (depending on whether or not you currently have it enabled or not). If what you say is correct, then this shouldn't be any problem for you because it's finished immediately, so you can just revert the setting (which would also happen immediately) and you're done testing it. Spoiler: it won't. It will take up several hours or even multiple days, depending on what Mac model and how much performance you have, how much files you have and so on.

(Or you can check this support article where it also says that it can take quite a while, I guess.)

https://eclecticlight.co/2015/12/28...restorage-changes-hard-drives-and-their-care/

https://derflounder.wordpress.com/2...ablement-option-in-yosemites-setup-assistant/

If you have a Mac model that supports Intel's cryptography features (and, not all Macs capable of running even High Sierra do), then your boot drive, upon installing OS X Yosemite or newer will be converted to Core Storage and you will get to the end of the setup assistant and be asked if you merely want to turn it on.

For someone who has been emphasizing that we shouldn't ignore other people's use cases just because they don't apply to us personally, no matter how niche or unlikely, that doing so would be "egregiously and borderline offensively wrong", it seems a little hypocritical that you are dismissing this scenario because it's "not a realistic situation" from your point of view.

The need to backtrack to a previous operating system and the need to encrypt your drive whilst simultaneously backing it up all in a hurry do not compare in terms of which is the more realistic scenario to encounter. The former is a problem that happens on such a larger scale, especially in the recent era of declined quality control at the Infinite Loop. The latter seriously doesn't sound plausible. If you care enough about your data to want it encrypted, would you really not also put the same care into having backed it up beforehand? For the record, I don't think drive encryption or back-up practices are foolish. But trying to do both at the same time? Or the latter before the former? That's foolish.

If the user having to leave quickly to go on a trip is too much of a stretch, just take any situation instead where the user decides, for any reason, that they should encrypt or decrypt their files with FileVault, only to realize in the potential days that this process can take up that they cannot make a Time Machine backup. On one hand, you argue how important it is that we have a recovery method that is never officially advertised and only helps you in a very small number of hardware problems, but on the other hand you claim that it's not a big deal to be unexpectedly locked out of making a backup of your data for several days? These two statements don't mesh too well together, don't they?

Again, if I care enough about my data, I will recognize that I should Time Machine BEFORE I either enable or disable FileVault and I should plan accordingly. Period. Also, if my drive is decrypting or encrypting, is it REALLY smart to be using my computer during that time to the point where I would want to back up the changes via Time Machine? I'd argue it really isn't. If this is a practical use case that you're giving me, you're not doing the best job of making the case...well...practical.

By the way, I actually had that happen to me earlier this year (minus having to go on a trip): I switched FileVault on, wanted to make a backup and only then realized that I couldn't. And no, the process was not instantly finished. And by the way, the reason I did decide to back it up during this process was because the encryption process got stuck and wouldn't continue at all, which, if it won't resolve itself, only leaves you with the possibility to completely erase ad set up your Mac again.

I'm not trying to be rude or mean here, but that sounds like you weren't really careful here and that the whole ordeal that you mention here could've been avoided if you had backed up BEFORE setting up FileVault, and then let your computer encrypt uninterrupted. If the benefit of the T2 chip is that you can effectively walk and chew bubblegum at the same time (turn on FileVault like it's no big deal and then do a Time Machine backup), then I'd say that's a pretty minor benefit that wouldn't be necessary if you had previously gotten used to the best practices of both technologies in the preceding years of their existence. I won't knock you for liking it, but I don't see that as being any serious advancement in computing either.

As I don't want to write down again what I already wrote out extensively about this topic earlier (but you seem to have either ignored or overlooked it), I'm just going to copy the relevant paragraphs from an earlier comment of mine where I talked about it quite a bit:

> Previously, enabling/disabling FileVault was a lengthy process that could take many hours or even days for the Mac to complete. Now there wasn't much you as a users had to do during this process, it's not like you had to watch all the time, but that doesn't mean it didn't come with some noticeable downsides: your Mac was slowed down during this process because it had to run the encryption/decryption in the background, you couldn't stop the process once started in case you got cold feet or activated it by accident, and maybe worst of all, Time Machine would by design not make any backups during this process, meaning that if anything happened to your machine during this process, you might suffer data loss that wouldn't have happened otherwise. I don't even think you get warned about Time Machine beforehand, meaning that if you didn't make a Time Machine backup in a while and only realize that you might need one after you have started the encryption/decryption process (for example because you then take your Mac on a vacation or trip or whatever where you have a higher risk of losing/damaging it), then you were simply out of luck.

> And actually, there was one downside to this even larger than the Time Machine one: the encryption/decryption process would in rare instances get stuck forever, with no user control or anything you could feasibly do to get it going again, apart from praying. I only know that because I almost had it happen on a MacBook of mine – I started the FileVault encryption but when I checked a few hours later, it was stuck. And I'm not just talking about the progress bar not moving, which is to be expected with such a slow process, but the progress tracker literally said "not encrypting" and nothing else while in the middle of the encryption process, without any sort of explanation. Restarted my Mac a couple times, even ran First Aid from the recovery partition, nothing seemed to change anything. Fortunately, it did get moving again on its own a couple hours later for no obvious reason, but during my research online, I found out that not everyone had the same luck and that for some people, it just wouldn't get unstuck at all, forcing them to eventually erase and restore their Macs, which, due to the lack of a cancel option, is the only thing you can do to "fix" this if you ever run into this situation.

> Now I'm sorry for these two lengthy paragraphs, but the reason I'm listing all these problems in detail is because the T2 chip literally fixes all of them. The encryption and decryption process is instantaneous, meaning that you can't really do anything wrong, you don't have to live for days with less performance and without the ability of making Time Machine backups, and the lack of a cancel option becomes abundant because there is no longer a process during which you would even need to cancel it and you can just immediately revert it if you change your mind. And maybe best of all, the issue of the encryption process getting stuck is (most likely) gone aswell. I mean I have no hard proof of this, but since it only tends to happen in the middle of the encryption and decryption process from what I could gather online, in other words during a part of the encryption process that is no longer, well, a part of the encryption process, it seems very likely that this issue is gone aswell. Meaning that the T2 chip doesn't just cause additional issues (like the kernel panics), but it actually potentially resolves at least one pretty bad technical issue.

> Now chances are not many people are even going to notice this change since enabling/disabling FileVault is usually not something you usually do on a regular basis, but in these situations where you do need to do that after all, this improvement is of immense value. It's a good example that the "it just works" and "like magic" design philosophies are still present in Apple's products today, because for people who ever had to sit through the FileVault process or even had issues with it, it sure seems like magic that your hard drive is now encrypted and decrypted in less than a second instead of over the course of potentially several days.

> (Now obviously – I know it's not really your hard drive being encrypted/decrypted in the fraction of a second here, but to the user, it sure feels like it. What is more likely happening here is that, because the SSD is now always encrypted per standard with the encryption key being stored by the T2 chip's Secure Enclave, it's only the SSD's encryption key that is encrypted and decrypted with the user password when you enable and disable FileVault, and the files on your hard drive are therefore no longer required to be encrypted and decrypted in their entirety. Enabling and disabling FileVault only changes whether or not the SSD encryption key requires the user password to be decrypted, not the hard drive itself whose files are gibberish without the encryption key anyway. At least this is my guess of what happens.)

> This also makes for an additional great advantage of the T2 chip when you are selling your Mac, btw. With everything on your SSD being encrypted per standard, the loss of the SSD encryption key means that nothing of your data will be recoverable, so you won't have to worry about a potential buyer using data recovery tools and snooping around in your files. I would presume that the SSD encryption key gets reset when you reformat your drive or reset the Mac to factory settings (though this is just a guess, I haven't looked it up – if it doesn't, then switching on FileVault should definitely do the trick), so everything that was on that drive before is unrecoverable afterwards. Previous to the T2 chip, if you weren't using FileVault then you either had to activate it and sit through the lengthy encryption process before deleting any of your files, or use some other tools to go over your hard drive and make sure that every block of the SSD contains randomized strings, otherwise you were at risk of data recovery tools being potentially able to restore some of your data, as far as I'm aware.

TL;DR of the copied paragraphs: the T2 chip makes a previously lengthy and performance-hugging process that prevented Time Machine backups instantaneous, it most likely also fixed the (pretty severe, though fortunately rare) bug of the encryption getting stuck completely and forcing you into erasing your Mac. While probably not something you do on a daily basis, all of this can be of immense value when you do need or decide to enable/disable FileVault for any reason. It also trivializes making sure your data cannot be read anymore if you decide to sell your Mac sometime down the road (which is something a lot of people do when they upgrade their Mac eventually – you cannot tell me that selling a computer that holds up particularly good in value of the years when you upgrade is an unrealistic niche application that we shouldn't account for).

Regarding FileVault 2: FileVault 2 will only get stuck in such a terrifying fashion if one of three things are true: (1) The drive you are encrypting is going bad or (2) The data you are trying to encrypt is corrupt or (3) both. A T2 chip will not save you from any of those fates; nor will any SSD made by Apple or otherwise. At best, it will reduce the likelihood that you are doing anything while your drive is being encrypted that might induce any of those scenarios.

Regarding my data not being read anymore once I've sold my computer: What data do you have to suggest that someone I sell my computer to is at all likely going to take that opportunity to try to see what data was once on it? Do you even have any data to suggest that this is at all a real-world concern for anyone outside of maybe a business that already has established information security practices (the likes of which even Apple's best practices pale in comparison to)? Because NOTHING you have said so far suggests that such concerns are applicable to any real-world use case outside of your own preferences and comforts.


I kind of like how the goalposts have moved: previously, you argued that the T2's security features were all marketing talk and weren't really an advantage because there weren't really have any dangerous real-world vulnerabilities that they would protect you from – now we are arguing that this dangerous real-world vulnerability isn't really an advantage of the T2 chip because it might get fixed on other Macs sometime down the line and because it doesn't functionally affect you (unless you just happen to be affected).

Apple has stated that they will be providing fixes. There are no reports of Mac users suffering the kinds of cold-boot attacks not possible on T2 chip Macs, therefore the only thing the T2 chip would offer me is the peace of mind that such an attack couldn't even theoretically happen. From a practical standpoint, I see no difference. I'm not going to get attacked either way.

Don't get me wrong, for the vast majority of people, namely those who aren't vicim of this bug, their usage of the machine isn't affected by whether or not it has the T2 chip – but those who do suffer a data breach or whatever by the cold boot exploit aren't going to be comforted by you thinking that a hardware component that makes you immune to this issue isn't really a good thing.

I'll put it to you this way: As someone who works in IT, and has seen many different kinds of environments (all of which held information security in the highest regard), if a data breach is incurred because someone was able to successfully execute a cold-boot attack on a single Mac not equipped with a T2 co-processor, then there are MUCH BIGGER systemic problems that the party whose data was breached has with the way they are handling sensitive data. Period.

(Besides, do we know when it's going to be fixed for non-T2 Macs? Seeing as to how this vulnerability is known since a while now, it seems like the release of Mojave would have been a good opportunity to.)

Who's to say it hasn't already been patched in Mojave? The whole point of my chief complaint about the T2 is that as of the recent couple of macOS releases, Apple has been silently pushing firmware updates IN EVERY VERSION OF THE OPERATING SYSTEM. They no longer announce them.

But having said that, the bigger takeaway from the cold boot vulnerability is, in my opinion, that vulnerabilities that the T2 chip protects you from can happen.

Sure. Either one of us could get hit by a bus tomorrow, as well.

It is the first real-world example of such a vulnerability, and it was discovered only a couple of months after the initial release of the first Macs with a T2 chip (which is likely pretty early into its lifespan). Who knows what other vulnerabilities might be discovered over the next years that the T2 chip and his potential successors do protect us from? Hell, who knows how many other such vulnerabilities are already discovered by someone right now and just aren't disclosed to Apple, let alone to the public? For all we know, this cold boot vulnerability might just be the tip of the iceberg and there are a whole family of similar vulnerabilities that the T2 chip prevents. Despite what you may think, I'm actually not that much into data security measures in my everyday life, but for me, the discovery and public disclosure of a vulnerability like this puts a screeching halt to our discussion on whether or not the T2 chip has any real-world security benefits.

Wake me up when there are actually reported incidents of issues that the T2 could've prevented ACTUALLY HAPPENING TO PEOPLE. Because I still have yet to hear of a single case of that ACTUALLY HAPPENING.

Otherwise, at this point, by the time there's a serious vulnerability in something like an Intel processor's microcode, for instance, it is discovered by security researchers, announced to the world and then patched well before anyone has taken the time and energy to SUCCESSFULLY exploit it.


Really? I think it's time for a short recap then. Correct me if I've forgotten anything, but technical issues like KPs aside (which I agree should not happen, but are more software- than hardware-related), the only feasible disadvantage of having a T2 chip in every Macs from now on that we can sort-of agree on is that in the far future, Apple might take away the old boot up choices (which, again, is something I find highly unlikely to happen for reasons I've laid down earlier, but there it goes).


You find it unlikely that Apple might take away a feature that, by the very nature of the T2 chip, they've already started taking away? (Again, Gatekeeper no longer has an option to be completely turned off and it sure didn't debut in 10.7.5 and 10.8 that way.)

You must be relatively new to the Apple scene.

Also, technical issues such as the aforementioned KP (among a plethora of other recent examples across their hardware and software product lines) fully highlight just how poor Apple's quality control has become as of late. Furthermore, as I wouldn't care about a chip inside of a Surface Book 2 that won't let me downgrade from Windows 10 v1809 (when it releases) to Windows 10 v1803 or v1709 even due to Microsoft's quality control being consistent across its recent OS revisions, Apple even making slight moves towards taking away that ability is only a problem for me because they do not have that same quality control and, statistically, more OSes since Snow Leopard have sucked than have been awesome. A poor track record if you are trying to get me to sign up for a future where I'm supposed to act as though the version of the OS I'm running isn't important. I won't backpedal from Windows 10 v1803 to v1709 the way I've backtracked from both Sierra and High Sierra to El Capitan. Make Apple's OS upgrades not suck so much and then even my gripes on this feature will be moot. Until then, they most certainly aren't.


On the other side of the fence, we have:

- Touch ID (incredibly useful for a great deal of people, and definitely the biggest benefit for me personally),
- the Touch Bar (I know, not that useful for most people, but technically a feature enabled at least partially by the T2 chip)

I'll chalk this up to your personal preference and leave it at that. It does say a lot that these features have been out for two years already and they haven't made it to any other Mac. Furthermore, that the 13" MacBook Pro "Escape Edition" has been so popular explicitly for lacking these features.

- "Hey Siri"-functionality,

"Serious real world benefit here!" said no one ever.

- the SSD always being safely encrypted by the T2 chip, and all the benefits that come with that, including having zero instead of just a very small decrease in read/write speeds with FileVault enabled,
- Instant FileVault on/off, as opposed to it being a lengthy and tedious process (and all the benefits that come with it that we've gone over earlier),
- The rare but catastrophic issue of FileVault getting stuck during en-/decryption of your hard drive that forced you into erasing and setting up your Mac from scratch most likely being eradicated,
- Making your data unrestorable when you reset the Mac to sell it is now a trivial matter,

Pretty sure all four of those points are the same point. I defer you to my comments above on how small I believe those benefits are in terms of real-world benefit (especially if we're comparing a T2 Mac with a healthy SSD to a non-T2 Mac with a healthy SSD).

- Increased bootup security and security choices (which might not be of any feasible benefit to you as long as you aren't affected, but can be of immense value if you do become victim of malicious attacks),

Again, you have yet to cite me cases where anyone has ever actually been affected by such a cold-boot attack. You may have had a vaccine for tuberculosis, but if I never encounter it, we're both just as safe in practice.

- Increased security in a number of other areas like webcam access, possibly preventing software from accessing it without the user having a way of noticing,

You know what you'd see if you could see through my webcam right now? My ugly mug looking at the computer screen. Nothing fancy. You know what most people look like through their webcam? Pretty much the same, except maybe prettier. You cannot tell where I am. So, even if this was a real widespread vulnerability (and again, I have not heard any widespread reports that this is something to fear as a user with a webcam that lacks a T2 chip to prevent me from such calamities), it seems to be of relatively minor concern.

- A new data recovery process that might even be a little easier for Apple technicians to do because they no longer have to open up the machine,

I'll tell you, having worked for an AASP in a past life, opening up any MacBook Pro Unibody or newer is REALLY NOT THAT HARD. Hell, I could do the Unibody ones in my sleep. But no, it likely makes the process slightly harder for technicians because you technically are removing a condition in which the data can be accessed (through a port on the logic board that will still work even if the rest of the board is screwed) and then they have to have that conversation with the customer about how their data would've probably been retrievable if Apple had not ironically prioritized the security of the data that they can no longer get back as a result. Yay for security! Keeping you from your own data!

And maybe more that I can't think of off the top of my head. But yeah, I don't think most people are going to be too bothered by the possible scenario of maybe having their boot up choices taken away 8 or 12 years down the road, considering this list of benefits that we all right now. I know that not all of these points affect everyone in their everyday life, or might only become useful very rarely like the additional security features, but when weighing all of this against something that might happen years down the line, I know I'd choose a Mac with T2 chip over the same one without it if I had the choice, and I presume most people would.

I take it you're the one person out there that actually buys Earthquake insurance at times not immediately succeeding an Earthquake?

You also seem to presume that most people care as deeply about information security as you do. I'll tell you, as someone who encounters all sorts of users out there, that presumption is just not the way it is. Most people do not care about these things as you do.

That said, would most of the people in Apple's target market audience for the 13" MacBook Pro care about limited boot options, definitely not. However, I'm sure that most of the people in Apple's target market audience for the 15" MacBook Pro, let alone the iMac Pro would certainly care if you told them that, following a restore, they HAD to install the latest version of macOS despite the fact that their Avid/Premiere/ProTools/AfterEffects/FCPX/Logic plug-ins were not yet compatible, forcing them to stay behind.

If you don't see yourself profiting from any of them, if none of these things are useful for you personally, then that's absolutely fine

I appreciate you giving me the freedom Apple won't.

– nobody's going to convince you into using any of these features (or at least not me), but please don't make the assumption that because they may not seem to make Macs with the T2 chip more attractive for you, that this has to apply to everyone, and that everyone else should just forget about all of these improvements in favor of the fear of a future where Apple drops some boot up choices.

Now, you're just putting words into my mouth. Or are you taking my personal distaste for the T2 chip so personally because you happen to own one of them yourself? Either way, this is nonsense.

The people who are in Apple's target market audience will fall into three camps: (a) those who put security above all (the camp you very clearly belong in), (b) people who either don't care or will never be aware, and (c) those who will surely be affected by such a clearly inevitable future. Again, the way I see it, the folks with 13" MacBook Pros are very likely to fall in the first two camps, while those with the 15" MacBook Pro and iMac Pro are far more likely to be in the latter camp (as is evidenced by the vast majority of people who have switched back to PC following the 2016 MacBook Pro's launch and the revelation that Apple won't be releasing another Mac Pro until 2019 at the earliest). Understand the target market audience for these machines and understand what it takes to appropriately support an environment of more than ten Macs at a time and you'll understand where I'm coming from.

I'd wager that biometric authentication alone already makes the inclusion of the T2 chip more than worth it for a great deal of people, far outweighing any "B... but it may all be different in a couple of years"-type of scenario, and the same is probably true for people who find ways to integrate the Touch Bar into their workflows in a meaningful manner (I haven't personally, but I've seen some Mac apps that make excellent use of the Touch Bar – Final Cut Pro X, Logic Pro X or photo editing apps like Pixelmator Pro, the Affinity apps or Photoshop being just some examples).

I think this is more of you projecting yourself and your preferences onto that of the masses. But that's just my opinion. The people I encounter are indifferent to TouchID and the TouchBar, view them as gimmicks they don't need and would've rather a Mac that gave them a removable boot drive, and full USB-A ports. Furthermore, if you scour these forums, you won't find that the aforementioned people I encounter are alone or even in the minority.

Like you said, you're free to like what you like. But to assume that everyone else likes it as you do is folly.

Finally, I think it's important to consider what the T2 chip means in a greater context. You talked in an earlier comment about how Intel's current CPUs are pretty powerful – which, in a vacuum, is undeniably true – but when we look back at how these chips have improved over the last couple of years, and then look forward to Intel's current roadmap, then their evolution has been pretty stagnant and might continue to be so for the foreseeable future. Their 10nm architecture has been delayed several times now and pushed back multiple years in total (and is now rumored to only be 10nm in name and in reality closer to 12nm?), and so on and on. Apple on the other hand has been killing it in the chip game lately, with some significant improvements clocking in every single year for a while now – the A12 and S4 chips being the most recent examples. The T1 and T2 chips are likely just the first step towards Mac hardware with fully ARM-based, Apple-developed processor units inside; they are indicative of the fact that Apple is trying to rely less on Intel's questionable roadmaps and releases which does seem like a good thing fundamentally. I know you said in an earlier comment that you don't really like that direction, but it's not in either of our hands and the more these custom chips find their way into the Mac lineup right now, the smoother a complete transition like that might be in a couple of years.

I thought we agreed on this point posts ago.

Yes, the T-series chips are a harbinger of what's to come. Apple will gradually move more and more away from separate components and more towards having their Mac processors be SoCs. Their chips could be x86, but far more likely (especially with their unending quest for thinner computers), they will be ARM. Certainly once they are ARM-based, then there will be no reason for them to be treating the management of installation and updating of the Mac operating system any differently than iOS so long as the end user experience of using a Mac remains the same. Yes, I don't like it. I get it, but I don't like it. It makes perfect sense. But for it to make sense, you can't deny that Apple will, at the absolute latest, as part of that transition, remove the freedom of choice in what OS can be loaded onto those Macs.
 
Last edited:
I am not given the ability to do anything with those additional options. No new capability is afforded to me. Merely the limiting of ability I was already afforded by owning a name brand x86-64 computer because I'm afraid that I will be one of the statistically unlikely few to be affected with a cold-boot attack. You see this as a benefit because, you are more paranoid of such attacks than I am. (Strangely, you don't cite how common they are, in practice, with any credible data.) As it stands right now, the only real world benefit to this restriction you've been able to even cite up to this point, aside from the booting of an unsanctioned and unsigned OS (something I have not only never had happen to me personally, but have also never heard of having happened to the thousands of other Mac users that I've supported throughout my IT career) against the user's will, is that if I'm running late for a trip and spontaneously decide that I want to encrypt my drive while also backing it up, I can do so. Again, not sold on that as a practical benefit.

Now, you are TECHNICALLY GIVEN OPTIONS in the Startup Security Utility on those systems, and OPTIONS ARE CHOICES. But do these choices GRANT YOU ANY ADDITIONAL FUNCTIONALITY, I'd argue no, especially seeing as you are LIMITING what you are able to do with those additional options. However, citing facts on the necessity of the security offered by the T2 chip, which you do not have, you are insistent that you are offered the peace of mind that a set of vulnerabilities that are pretty uncommon among non-T2-enabled Macs are now something you are impervious to. Which, I suppose, in your opinion, is a benefit. However, if we are to use your earlier provided example of Gatekeeper as a metric, Apple will almost certainly impose limitations in the future to prevent T-series Macs from booting anything that isn't the up-to-the-minute version of macOS a la iOS.



Considering that you have yet to offer me a real-world practical benefit that comes with the T2 chip, your saying that it is an advancement that all users would appreciate seems to be more of an opinion than a fact.

On the other hand, Apple's track record, suggesting heavily that options such as the ones in the Startup Security Utility on T2 Macs today won't be something that persists, is fact. I can't predict the future. But if I was a gambling man, it'd be a really safe bet that Apple will go that route.

https://www.apple.com/feedback/

Have you thought venting these critiques towards Apple directly? I don't mean that in any sarcastic capacity, I'm genuinely wondering if you have as this would likely be the best place for them.

If you haven't already, consider writing them what you wrote me, more or less. Obviously there's no guarantee that anything will come from it (don't want to know how many million people sent feedback about the obtrusive iOS volume overlay over the years), but with your concerns about this topic being as gigantic as they are, this would probably be the best place to put them. We are mostly moving in circles with our discussion and Apple most certainly doesn't read these forums. More likely than not such a critique would get buried under the thousands and thousands of feedback messages that Apple likely receives each day, but with you being so deeply concerned about this future scenario, this is likely the one place where putting these concerns has at least the potential to make a change.

Outside of telling you my predictions for the probability of it to happen, which you don't agree with anyway, that's the best advise I can give you on the topic of boot up choices. Let Apple know what you think, not (just) me and any random MacRumors readers that happen to stumble over our comments (doubt there are many anyway). I'm not losing any sleep over this possibility, most people don't seem to (feel free to disprove me here if you don't think that's true, I'd generally be interested in knowing what other people think about it), but if you do, this is the address where I would voice all these concerns. Don't just tell me how bad this would be, tell the company that is in charge of this very decision that you are afraid of.

Apple actually provides every
What if I want to boot a Linux OS? What if I want to boot a special bootable utility that wasn't ever signed by Apple or Microsoft? It's my computer; why can't I boot whatever I want on it, especially if I'm not violating any copyright laws to do so? Is this not something I should be ABLE to do?
Then change it to the low security setting, duh. We've been over this already. You originally described workflows that might require you to revert to an earlier macOS version, which I used as a baseline scenario for calling the medium security one the "best of both worlds". If you change your workflow to what you've described, just use the one without any restrictions.

We already agreed that most users won't be aware enough to make up their mind, so I'm not sure what your point here is. Also, I'm not attacking your preference. I'm attacking the assertion that your preference has any real-world benefit beyond simply being your preference. Also, the implication that the sacrifices that we are very likely going to have to make during the lifetime of the current T2 Macs are even remotely worth it.
I'm not sure what you don't understand about my point there. You obviously prefer the setting without any restrictions, as you've laid out ad infinitum. Some people might prefer one of the higher security setting for any reason (and I'm not talking about myself), which they are able to choose with the current settings. Most people, like you point out, are likely just going to leave it at the standard one Apple preselects for them. All of this is fine because if you ever need to install an OS that your current settings don't allow, you get a nice message telling you exactly how you can change it (source). These settings, in their current form, are a non-issue.

About the second part, refer to what I wrote above. We are mostly arguing in circles because we time and time again end up at the unknown variable of whether or not Apple will take away some of these settings in the future. I cannot prove you that it won't happen, you cannot prove me that it will happen, and we obviously have vastly different opinions about its likelihood. We only know it's larger than 0 and smaller than 1. I won't argue that these boot up choices would be worth giving up the ability to install an older OS, and neither will you contest, as you said yourself, that they "aren't bad" if we never need to give up this ability.

Further down below I actually cite another educated opinion that arrives, just like me, at the conclusion that it'll likely not happen, so I guess you can refer to them and maybe try asking them for their exact reasoning if you find them somewhat of an interesting source, but otherwise, like I suggested, my best advise to you if it concerns you that much is to share all of your concerns with Apple instead of just with me. The worst that can happen is that nothing comes from it (and the same can be said about our discussion here as Apple will most definitely not read that). The best thing that can happen, besides it maybe easing your mind, is that the right people end up reading it and it decreases the chances of it happening at least a tiny little bit.

Or maybe the very very very best that can happen is that they actually give you a definite statement. You are probably going to claim that this is impossible but people thought the same about if we'll get an official statement on if Apple plans to merge iOS and macOS. I won't contest that it is highly unlikely, but if you are truly looking for proof that it's not going to happen, like you claim you do, then this is your best chance at getting it, and all the more reason to share your concerns with Apple. With rumors being that Apple truly reads all the feedback post they get (at least I read that a few times – not sure if there was any real substance to it), you'll have at least the same size of an audience as you do here where I'm, presumably, the only one who reads through your posts on this topic and vice versa.

Apple actually provides every downloadable version of the Mac Operating System dating back to Lion. In fact, you can still download Mavericks, Yosemite, El Capitan, Sierra, and High Sierra today. You won't find them by searching on the Mac App Store, but you can find them still today, making this issue of tampered OSes a non-issue, unless you're REALLY worried that Apple's servers might get hacked and their files for older OSes replaced by ones with fraudulent hash signatures, but honestly, this seems HIGHLY unlikely.
Didn't know that they did. In that case, good point. Though then again, if Apple does decide to drop the ability to install older versions of macOS with a software update, I'm doubtful if they'll keep these older OS installations on their servers for long. If the T2's ability to check the OS installer's integrity is of any worth at that point is another question.

https://eclecticlight.co/2015/12/28...restorage-changes-hard-drives-and-their-care/

https://derflounder.wordpress.com/2...ablement-option-in-yosemites-setup-assistant/

If you have a Mac model that supports Intel's cryptography features (and, not all Macs capable of running even High Sierra do), then your boot drive, upon installing OS X Yosemite or newer will be converted to Core Storage and you will get to the end of the setup assistant and be asked if you merely want to turn it on.
Exactly, thank you for proving my point. The only situation where enabling/disabling FileVault 2 is instantaneous is when you're setting up your Mac. Not at any point afterwards, which is what we were talking about. Want to do it at any later point than the setup process itself? Then that process is going to take a while. Not so with Macs with the T2 chip.

I'm not trying to be rude or mean here, but that sounds like you weren't really careful here and that the whole ordeal that you mention here could've been avoided if you had backed up BEFORE setting up FileVault, and then let your computer encrypt uninterrupted. If the benefit of the T2 chip is that you can effectively walk and chew bubblegum at the same time (turn on FileVault like it's no big deal and then do a Time Machine backup), then I'd say that's a pretty minor benefit that wouldn't be necessary if you had previously gotten used to the best practices of both technologies in the preceding years of their existence. I won't knock you for liking it, but I don't see that as being any serious advancement in computing either.
While I disagree with you on a lot of things, I actually don't think you are being rude here. To be clear here, all of my important data is stored in iCloud with occasional backups via Time Machine and OneDrive, so even if I had lost all the files on my drive during the stuck encryption process, I wouldn't have lost any of my actual data. So in that sense I don't at all think I was being careless, but of course you didn't know the whole picture. I mostly started the Time Machine backup after I realized that the process was stuck and might force me into setting the Mac up if it didn't resolve itself, so making a new backup seemed like the obvious thing to do (being able to jump right in after the restore process where I left off and all that). It was only then that I realized that you can't do that during the encryption process.

Having said that however, I think you have circled a bit around what I think is the main issue here: you aren't told beforehand that you can't use Time Machine during this process. The warning panel in System Preferences even tells you that you can continue using your Mac normally while it's en-/decrypting – I don't know how that sounds to you, but to me the phrasing implies that performing a Time Machine backup, something that falls under "normal use" by any reasonable metrics, will be possible. If the warning panel would outright tell you about it, then yeah, I'd agree with you that the user knows what they are getting into, and are mostly responsible themselves for any lack of backups as a result from it. But without a warning like that, I think Apple is at least partially to blame for users who navigate themselves into pesky situations like that. It might be obvious to you that encrypting the drive and making a backup are two things that don't mix too well together, but I wouldn't expect (for example) my elder parents to make that connection.

Besides, the inability to make Time Machine backups during this process was one benefit I listed as a benefit of the T2 chip in relation to FileVault, and not even necessarily the most significant one. I think what's going to bug more people is the slowdown to their machine that the encryption process comes with. Now to be clear, we are at a technological point where having your hard drive being en-/decrypted in the background does in no way make the machine unusable, unless maybe for the most intensive of tasks, but it can definitely still be noticeable during everyday use, as I can attest to from experience. It's probably somewhere around the performance impact that Spotlight indexing, iCloud sync and stuff like that usually has during the first few hours of use, if not a little more, and most people just want to get that over with as fast as possible. Nobody wants their machine to be unnecessarily slowed down for any longer than necessary, so having that time literally trimmed down to zero is a good thing from my perspective. Yes, you can technically put that encryption process in a week where you maybe don't use your machine, or don't use it so often, so that you are not actively affected by the slowdown, but nobody really wants to plan their own schedules around the needs of their machine, it doesn't make for a great user experience.

Regarding FileVault 2: FileVault 2 will only get stuck in such a terrifying fashion if one of three things are true: (1) The drive you are encrypting is going bad or (2) The data you are trying to encrypt is corrupt or (3) both. A T2 chip will not save you from any of those fates; nor will any SSD made by Apple or otherwise. At best, it will reduce the likelihood that you are doing anything while your drive is being encrypted that might induce any of those scenarios.
Or maybe there are just some bugs to the FileVault encryption process? How can you be so sure that this isn't the case and that the drive itself must be the issue? Especially if you criticize the decrease in Apple's quality control in the very same comment?

That said, the T2 chip's way of handling a FileVault encryption will most likely actually save you from this fate, or at very least fate number (2), for reasons I've outlined earlier. It won't un-corrupt your data obviously, but because it no longer reads and re-writes all the data on your drive, it will most likely not get hung up anymore on corrupted data. Thinking about it, it might save you from (1) messing up your FileVault encryption process aswell: if your drive is showing signs of going bad but is still usable, then chances are that the T2 encryption process is just als likely or unlikely to get hung up on it as anything else you do. The content of your drive is now always encrypted, all the T2 chip does when (de-)activating FileVault, like I said before (at least from my understanding – I don't have any hard proof to back it up because Apple doesn't publicly disclose it to my knowledge) is encrypt and decrypt the SSD's encryption key with the user password that it stores in the Secure Enclave. Not the drive itself since it is always encrypted anyway.

(Again, Gatekeeper no longer has an option to be completely turned off and it sure didn't debut in 10.7.5 and 10.8 that way.)
And once again (since you seemingly didn't read it the first two times), turning off Gatekeeper entirely is still possible; see the attached screenshot of mine in an earlier post. Not the standard option, but possible.

Besides, we have

- Gatekeeper: security mechanism that restricts the user to some extend, is on by default but can be turned halfway off or completely off be the user, and behaves that way since its' inclusion many years ago (you obviously know better than me since how many years exactly),

- SIP: security mechanism that restricts the user to some extend, is on by default but can be turned off completely be the user, and behaves that way since its' inclusion many years ago,

- The T2's boot up options: security mechanism that restricts the user to some extend, is on by default but can be turned off either halfway or completely by the user, and behaves that way since it's inclusion earlier this year (or, if we want to be precise, December of last year).

Think of that what you will, but I do see a bit of a pattern here.

You must be relatively new to the Apple scene.

I know you are being sarcastic here, but Apple has actually been gravitating towards opening up their OS'es in a number of ways and giving both developers and users more and more freedom over the last few years: many more APIs for things that were previously reserved for system functions (if possible at all), giving users options in places where they previously held back from doing that for no good reason, and so on and on. If you would have told me a couple years ago, or even as recently as one year ago, that Apple would bring a powerful scripting tool to iOS with tons of ways for third-party developers to bake their own actions into it and with the ability to create our very own Siri summoning spells for it, I probably wouldn't have believed you. I'm not even sure I would have believed you that they would bring Siri support for third-party music apps like Spotify around.

I won't deny that there are still some dumb restrictions all over the place, but the tendency at the moment that I've also read a few developers claim is that Apple is opening up their systems overall, not further closing them down.

Does that mean they'll not take out these boot up choices? No, obviously not. But it sure makes it a little more likely that they plan to keep them in than if they were still as restrictive as they were at several points in the past.

Besides, remind me how again removing these boot up choices would result in a significant financial gain for Apple, large enough to justify turning off and potentially losing a nontrivial part of their user base? If someone upgrades their Mac and they realize afterwards that whatever workflow they had is now messed up or that some important software of them is now incompatible/dysfunctional, and they couldn't downgrade in any capacity, wouldn't that make them much less likely to purchase a new Mac in the future? A new Mac (which also couldn't be downgraded in that case) wouldn't restore their workflows in any way and might potentially pose exactly the same problems for them later down the line, so wouldn't they much rather consider a Windows or Linux machine or some other non-Mac alternative at that point? Obviously there are more variables to consider, like if the software of them is also available on other platforms and yada yada, but in general, wouldn't people who burn themselves on such a severe restriction much rather not buy a new Mac after that and thereby decrease Apple's sales?

Plus, taking away the ability to upgrade likely means that more people are on the newest OS version than otherwise, which as a consequence means that their Mac would feel much more fresh and exciting to those people than if it wasn't up-to-date and didn't yet have all the newest features installed (yet). Now I admit this is a bit more of a speculative point, but to see what I mean, just look at all those people here on MacRumors and on other places who previously wanted to upgrade to a new iPhone or iPad but after installing iOS 12 don't want to do that anymore. Hadn't iOS 12 been such a great performance-focused and refined release that breathed fresh live into their old devices, or had it dropped (at least) the iPhone 5s or so, Apple might have had a good amount more iPhone sales this year around. Yet they still made iOS 12 the way it is.

Maybe there are things I'm missing – I don't claim to be an expert in this area, so I'm all ears learning from you how exactly you think Apple would make more money from it. But besides some "planned obsolescence"-type of scenario where Apple intentionally slows down older machines, which iOS 12 (aswell as Apple's claims at the most recent two keynotes) pretty much proves that they don't really do, I don't really see how such a decision would foster Mac sales.

Regarding my data not being read anymore once I've sold my computer: What data do you have to suggest that someone I sell my computer to is at all likely going to take that opportunity to try to see what data was once on it? Do you even have any data to suggest that this is at all a real-world concern for anyone outside of maybe a business that already has established information security practices (the likes of which even Apple's best practices pale in comparison to)? Because NOTHING you have said so far suggests that such concerns are applicable to any real-world use case outside of your own preferences and comforts.
Personal photos and videos (including ones that I'd rather not have the public see), E-Mails, messages, social security number, banking data, credit card numbers, banking receipts, purchase receipts, login credentials for pretty much all the websites I use, lots of personal information detailing my employment and my social contacts, health-related documents about myself and my family, and so on and on. Now to be clear: personally I'm using FileVault and storing most of the more confidential things I listed in a password manager (meaning even without FileVault there shouldn't be any way to restore it), so I'm personally not worried about any of it getting out if I sell one of my Macs. But your Average Joe might not use any of these precautions or even understand to which extend they help him here. An elderly guy I know stored his banking and credit card data and god knows what other personal stuff as a text document on his desktop. Yeah, that can be a thing.

Point being, there is a lot of personal and confidential stuff people store on their devices, and not always with a lot of precautions that might have bad consequences if anyone you don't know gets his hands on it. I'm not saying that the person who buys your Mac will target you specifically, but what if they just decide to run a data recovery program over it to see what they can find just for yikes, or in the hopes of finding something that they can somehow exploit? Might be an uncommon occurrence in itself, but it's not reasonable to be afraid of it, and I've talked to people who did have concerns like that when selling their old machine. And if you're unlucky and someone does find critical confidential data from you, that might have all sort of bad consequences: they might be able to commit identity fraud in all sorts of ways, abuse your credit card data, they could try to extort you in some way – hell, even if they "only" publish (for example) a naked pic of you on the internet that they were able to find and the wrong people see it, that could have catastrophic consequences. The notion that only businesses have confidential data that they don't want a random and potentially malicious weirdo to see does seem a little absurd to me.

Make Apple's OS upgrades not suck so much and then even my gripes on this feature will be moot. Until then, they most certainly aren't.
https://www.apple.com/feedback/

Understand the target market audience for these machines and understand what it takes to appropriately support an environment of more than ten Macs at a time and you'll understand where I'm coming from.
Are you implying by that that Apple themselves doesn't understand their target audience? If so, I'm not saying that I necessarily disagree, but that's still a curious statement.

I think this is more of you projecting yourself and your preferences onto that of the masses. But that's just my opinion. The people I encounter are indifferent to TouchID and the TouchBar, view them as gimmicks they don't need and would've rather a Mac that gave them a removable boot drive, and full USB-A ports. Furthermore, if you scour these forums, you won't find that the aforementioned people I encounter are alone or even in the minority.

Like you said, you're free to like what you like. But to assume that everyone else likes it as you do is folly.
I don't think I'm projecting myself onto the masses. Actually, some people that I've conversed with (in real life) were quite fond of the idea of a fingerprint scanner and stuff like that finding its' way onto a laptop. But that's not what I'm making these statements based on. As someone who bought a 2018 MBP a while ago, I watched and read at least 20+ reviews about it before making a purchase. Any pretty much every single one of them praised Touch ID to a more or lesser extend, even the ones that were mostly critical about the 2018 MBPs because of their port selection and thermal issues. It is a feature that even the more critical voices mostly like – and of course they do, because everyone has passwords, but nobody finds typing out passwords fun. Extrapolating that onto the larger masses, and it's not really refutable that Touch ID on the Mac is something that's very easy to appreciate. I'm not saying there aren't exceptions, but from extrapolation alone, it's easy to see that Touch ID is an advantage that most people value at least a little, and that many people value a lot.

Now for comparison, how many reviews I read and watched mentioned the risk of Apple dropping some of the introduced boot up choices in the future? At this point you might be expecting the answer "none" to support my point, but no, there is actually one of them: the Arstechnica.com review, a site BTW that generally goes very in-depth about a lot of technical things. (On a rather unrelated note, their iOS 12 and macOS Mojave deep dives are a great read.) And how did they mention it? In a throwaway paragraph where they admit that it could happen but quickly dismiss it as unlikely, meaning they are saying more or less the same as me in this matter and can practically make my argument for me.

"There are so many advantages to this chip that I expect to see something similar in most future Macs after a short time, but how far Apple goes with it remains to be seen. For example, will Apple enforce the equivalent of “full security” on all Macs in the future, just as it does on iOS devices? I doubt it, but you never know." Arstechnica.com, source (actually, while looking it up I realized it was the iMac Pro review, not even the MacBook Pro one which doesn't even contain a mention of the possibility of Apple dropping these choices in the future, but since you're asking me to cite things, I figure the quote is still appropriate.)​

That's pretty telling, isn't it? The only reviewer of at least 20 that even mentioned that this "clearly inevitable" future has a chance > 0 of happening – and who is one of the most in-depth reviewer in all things Apple out there, by the way, and therefore has a lot of knowledge and experience to base that judgement on – just said that he doubts it's going to happen. So not only, by extrapolating the 1-in-20+ ratio of reviewers who even mention or acknowledge it, does that mean that not a lot of people perceive the risk of this possibility as an issue (compared to the ton of people who like Touch ID as a feature), but at least some of the ones who are aware of it are pretty dismissive of it about being a problem.

Now I'm not sure what you think about the guys over at Arstechnica, but they are without a doubt significantly more knowledgeable about these topics than me and if they basically come to the same conclusion than me that it's unlikely, then I find it unlikely to become an issue, at least during the current MacBook Pro's and iMac Pro's lifecycle. You are saying that we shouldn't ignore the use cases of the few in favor of the ones of the many, but neither should we just forget what the majority of people want in favor of the desires of the few, and while my experience from these reviews definitely isn't any market research or so, it goes to show that the average MacBook Pro user or reviewer is more appreciative of something like Touch ID than he is concerned about the risk of maybe losing his boot up choices several years down the line. That's not projecting my own opinions onto the masses, it's just extrapolation of (semi-)random data points.

But by that, I don't want to undermine the point I made at the beginning of this comment; if anything, I'd want to cement it by that: if you're concerned about Apple dropping these choices, tell them that you are. We are all friends here and despite disagreeing on the likelihood of it happening, we both want the same thing on this matter: for Apple not to drop these boot up choices. So instead of just, well, disagreeing on the probability of it happening and trying to convince each other of it, I strongly advise you to do the one one thing that might decrease the probability of it happening, regardless of where it currently sits at.

Which brings me to an interesting question: do you have any hard data or read-ups on how many other people are concerned about the possibility of Apple dropping boot up choices, or other people's commentary or assessments about its likelihood? And I don't ask this because you also nag me about citing sources, but because I'd find it interesting to have more information about this issue. Maybe there are a ton of similarly minded complaints that I just don't know of. So far, I have mostly just your opinion on it. Whether or not Apple will do this is the main point of our whole discussion, yet neither of us have really factored in other people's commentary on it so far (in my case, mostly because none of the reviews I watched and read contain such, but at least there's the Arstechnica bit now standing in the room, of which you can make what you will). Most people don't base their opinions on what one single guy or gal predicts will potentially happen several years down the line. If you have any links to likeminded, credible people coming to the same conclusion as you, then by all means, share them with me, let's dive into some new perspectives of different people instead of just playing ping-pong about whether or not it's going to happen.

So far, like I've said above, removing these choices would to me seem like an anti-consumer move without any payoff for Apple, financial or otherwise, in a time where they are on a good track to opening up their OS'es wherever beneficial and take a strong stance on the longevity of their hardware. People who won't ever downgrade their Macs aren't affected either way, and those who do want to downgrade their Macs and can't as a consequence from it would very likely think twice about buying a Mac (or just Apple hardware in general) again, resulting in losses for Apple, not in increased profits. Where is the payoff here for Apple? Besides some "planned obsolescence"-horror stories (that we can probably both agree on are not likely to happen unless there is some fundamental paradigm shift at Apple, in which case we probably have much larger problems), I don't see how this would be of any significant benefit to Apple. If you disagree, then by all means, enlighten me, because so far, you haven't convinced me that it is very likely of happening, let alone "clearly inevitable".

By the way, since you're asking me to cite sources and other people's opinions, I thought I'd also note here that Arstechnica speaks quite positively about the security features of the T2 chip, even more positively than me. Just gonna leave these quotes here, make of it what you will:

The T2 is an all-purpose system controller. It manages the microphones, speakers, cooling system, and the SSD (which is actually two SSDs working in tandem). It also acts as an ISP for the front-facing camera. This chip thus allows Apple to streamline the internal components and reduce reliance on other manufacturers—and it has speed and security advantages, too. Apple remains all about that end-to-end integration.

While this approach to a system management, audio, and SSD controller might have some small performance advantages, it’s mostly a boon for Apple’s own design and engineering goals. Most users would not even be aware of it.

But the biggest advantage is security, and users should know about what it does on that front. The T2 chip contains a secure enclave processor, which manages security keys. Further, it contains a dedicated encryption engine for the machine’s flash storage—it actually encrypts the drives’ contents on the fly.

As if that’s not enough, the T2 is a key component of a secure-boot feature that’s currently unique to the iMac Pro. The T2 validates the boot loader, which in turn validates the firmware, which in turn validates the kernel, which in turn validates the drivers.

With this comes a new tool called the Startup Security Utility, which is accessible from the macOS recovery mode. You reach this by rebooting the machine and holding Command and R. The Startup Security Utility gives you a choice between three security modes—full security, medium security, and no security. It also permits you to allow or disallow booting from external media, and you can set a firmware password “to prevent this computer from starting up from a different hard disk, CD, or DVD without the password.”​

Source. Also

The T2 chip is not something that most users will notice or care about outside of Hey Siri, but the security features matter for IT managers. And it speaks to Apple's relentless efforts to free itself from external silicon vendors.​

Source. They even speak positively about "Hey Siri", something that you were pretty quick to dismiss above:


The T2 chip has also enabled Hey Siri on this computer, which other Macs don't support at this time. I tried out Hey Siri and it worked just fine. The computer never missed a prompt, and it was always ready to accept a request or command within a second or so of my saying, "Hey Siri." This is nice to have when you're working on an external keyboard without the Siri button you would otherwise be able to reach on the Touch Bar.​

Same source. By the way, I personally don't use "Hey Siri" on my MacBook and have disabled it outright (I tried it but since my iPhone would always hug the request anyway, I found it pointless for me, plus I rarely ever use Siri on my Macs anyway), but for people who more often use Siri on the Mac for a variety of tasks and don't have their iPhone or iPad greedily taking over the request, I totally see how it can be useful. Is it a killer-feature? For the majority of people, most likely not. But for some it might be a great thing.

I'm not going to respond to everything you wrote since it's pretty tedious and time-consuming to write all this down, but some final things:

I take it you're the one person out there that actually buys Earthquake insurance at times not immediately succeeding an Earthquake?
I'm not sure how you get to that conclusion since as I said, the main thing that I personally like about the T2 chip is Touch ID. I kinda wish I could say the same about the Touch Bar but the thing I use it for most frequently, besides system controls (which actually are a little more convenient that way IMO than with binary buttons) is enabling PiP in videos in Safari. So yeah, not that useful for me personally. But I've seen and tried out some apps that make great use of it, so I'm sure there are some people for who it is a great thing.

Despite what you may think, I'm actually not that concerned about a lot of the security stuff, but I'm all for moving forward in that regard and not stand still just because we don't know of any security holes. Otherwise we end up with companies doing much less testing in that regard and ending up with disasters like the "root" bug in High Sierra. For every security hole they close, for every security feature they add ("them" being Apple as much as any other big company), there is likely someone somewhere out there who will profit from it without even knowing. And like you yourself said – Apple's quality control hasn't been that great lately either, which makes going forward in that regard all the more important.

I thought we agreed on this point posts ago.
I also thought we agreed on High Sierra/Mojave still giving us the ability to completely turn Gatekeeper off, which you contested. Check one of my previous comments, I attached a screenshot where it literally says that it allows apps from "everywhere", which I presume to mean that Gatekeeper is off. It's not the standard setting, though I never claimed it to be – but it still is a setting.

I'll tell you, having worked for an AASP in a past life, opening up any MacBook Pro Unibody or newer is REALLY NOT THAT HARD. Hell, I could do the Unibody ones in my sleep. But no, it likely makes the process slightly harder for technicians because you technically are removing a condition in which the data can be accessed (through a port on the logic board that will still work even if the rest of the board is screwed) and then they have to have that conversation with the customer about how their data would've probably been retrievable if Apple had not ironically prioritized the security of the data that they can no longer get back as a result. Yay for security! Keeping you from your own data!
Do you know what's even faster than opening up a MacBook? Not opening up a MacBook.

To be clear, I was mostly speculating on that point – I don't think we can know for sure from the outside whether or not the process is any better/faster/different than the previous one that required opening up the MacBook. But with the new process just consisting of plugging a cable into one of the USB-C ports, it does seem likely that the reason for the new recovery method in its current form (besides the inclusion of the T2 chip, of course) is that they wanted to streamline the process. I'm not claiming that it's difficult to open up a MacBook Pro, but just plugging in a cable sure seems like a faster process than unscrewing everything, opening it up sufficiently and then plugging in a cable. Not going to contest that it might create some conditions under which the data could previously be recovered and cannot now.

I appreciate you giving me the freedom Apple won't.
A pleasure. ;)

That said, would most of the people in Apple's target market audience for the 13" MacBook Pro care about limited boot options, definitely not. However, I'm sure that most of the people in Apple's target market audience for the 15" MacBook Pro, let alone the iMac Pro would certainly care if you told them that, following a restore, they HAD to install the latest version of macOS despite the fact that their Avid/Premiere/ProTools/AfterEffects/FCPX/Logic plug-ins were not yet compatible, forcing them to stay behind.
Yes, but all those people are also a reason for why it's unlikely to add these restrictions.

Personally, I'm curious to see the direction Apple has chosen with the upcoming Mac Pro. Not because I'd personally be interested in one, but because it should give us an indication on how much Apple values the different professional parts of their user base. If they go all in and deliver the performance-beast port-wonder with proper cooling and everything else that people are asking for, then your prediction about Apple taking away these choices is less likely to come true than if it ends up being a cop-out with, for example, an external keyboard with Touch Bar being the main killer feature and with thermals being once again compromised for looks and sleekness with Jony Ive talking about how beautiful the aluminium is and how silent the fans (or single fan...) is.

By the way, since you asked it at some point (but I can't find it again right now to quote): there was actually a patent from Apple floating around several months ago that detailed a Magic Keyboard with Touch Bar + Touch ID. Now I know that doesn't has to mean something as not all of Apple's patents turn into a product, but it strongly indicates Apples was at least conceptualizing and toying with the idea of such a keyboard. My guess on why we haven't seen one yet is that it's just more difficult to develop one than with an internal keyboard. If you want Touch ID and Touch Bar to be on an external keyboard, you have battery life, Bluetooth transfer speeds and possibly all sorts of other things to worry about that aren't an issue on MacBooks. My guess is that we either see one with one of the next iMac refreshes (wouldn't actually be impossible for the refresh rumored for later this month, though I'm rather doubtful of it) or that Apple will skip Touch ID on desktop Macs altogether and move on to Face ID instead.

Now, you're just putting words into my mouth. Or are you taking my personal distaste for the T2 chip so personally because you happen to own one of them yourself? Either way, this is nonsense.
I'm not sure I follow – I was under the impression you don't just argue with me about the topic of Apple possibly taking away choices purely for fun, but to raise awareness of it and convince me and possibly others of how likely it is to happen. That's where my comment that others don't have to fall into the same fear and prioritizing them over features they benefit from right now was directed at. If this understanding of mine constitutes nonsense and putting words into your mouth to you, then by all means, I take it back and you are free to worry about it all on your own instead.

My ugly mug
I'm sure that's not true. But if you disagree, I'm not going to try to prove you wrong in that regard.

(Strangely, you don't cite how common they are, in practice, with any credible data.)
I mean if you have any credible data to contribute on this particular topic, then by all means, don't let me stop you from citing them. I wouldn't be uninterested in reading it.

The people I encounter are indifferent to TouchID and the TouchBar. [...] But to assume that everyone else likes it as you do is folly.
Which is why I'm basing my assumptions about "most people" more on statistics and extrapolation instead of anecdotes or personal preferences. I don't doubt you that you personally and the people you encounter are indifferent to Touch ID, and that's your good right to be. If that statement was easily generalizable to the greater masses, if everyone or almost everyone was indifferent to biometric authentication, then as a logical conclusion, we wouldn't live in a time where almost every higher-end smartphone and even many laptops come with either a fingerprint scanner or a different form of biometric authentication; or where Face ID is so tempting that it is one of the main reasons why people are willing to spend 1000+ €/$ on a smartphone. Many people aren't indifferent to it. They don't want to go back to manually typing in passcodes and password for everything when there's a faster, easier, much more convenient way.

But for it to make sense, you can't deny that Apple will, at the absolute latest, as part of that transition, remove the freedom of choice in what OS can be loaded onto those Macs.
Because... why, exactly? That's just a conjecture. The T2 chip is already ARM-based (I think? Correct me if I'm wrong here, but in any case it is Apple-designed), and Macs with it can downgrade to older machines just fine. So why would switching the CPU to an ARM-based, Apple designed one require what is currently the low security setting on the T2 chip to be removed in any capacity?

Or are you talking about being able to install Windows on a Mac? Because in that case, I'd ask the same question because Windows 10 already runs on ARM processors. Will Apple support that via Bootcamp after the transition? I don't know, but at least I don't see any obvious reason why they would be fundamentally unable to.

To conclude, I once again encourage you to give Apple feedback on this particular topic if you haven't already, not just me. And if you have already, consider doing it again. More likely than not it won't change anything, but the people who are crazy enough to think they can change the world are the ones who do, after all. I'm still crazy enough to believe that one of these years, Apple will move the annoying volume indicator on iOS out of the middle of the screen.

I doubt anyone is able to provide you with proof of it not happening, outside of Apple themselves (which actually isn't 100% impossible, considering they made a pretty telling and definite statement at WWDC 2018 about whether or not iOS and macOS are going to merge, which is another question that people were pretty concerned about for years and didn't really expect to get officially answered by Apple... so who knows if they won't maybe make statements on these sort of things in the future aswell), but nagging them about it is probably the best thing you can do in terms of channeling your deep concern and trying to make a change about it. If Apple ever does make a surprise announcement that they won't remove these boot up choices, you'll be the first person I'll message to get you the desired proof you asked of me. I doubt it's going to happen, but weirder things have happened ¯\_(ツ)_/¯

Edit: By the way, as you were keen for me to cite some sources, here are two more reputable news sites, namely Appleinsider and Rene Ritchie from iMore, who praise the T2 chip's security (without any acknowledgement of the potential of Apple dropping these boot up choices):

The T2's encryption uses dedicated Apple-designed silicon instead of a third-party processor. There are two benefits to this, the first being the fact that your data never reaches the Intel processor, so it's more secure. The second is that by using dedicated hardware, there's no effect on SSD performance.

[...]

The biggest security enhancement may actually be Secure Boot. This makes sure that only a legitimate, trusted operating system loads at startup. By default it's in Full Security mode, allowing only your current OS or signed OS software trusted by Apple to run. It also disallows booting from external media, such as USB or Thunderbolt drives.

This offers huge protection from hackers who could potentially boot into a different operating system in order to steal your data. Although not recommended, you can change these settings within macOS Recovery mode.

Source.

T2 also handles security and encryption. That includes cryptographically verifying the integrity of the entire startup process, from boot loader to firmware to kernel to extensions. You can disable it if you really want or need to, but otherwise it will make sure no one and nothing has tampered with your Mac, and it'll do it so fast you won't even notice it's there at all.

Thanks to a dedicated AES crypto engine, T2 also provides hardware encryption for the SSD storage. There's a unique key for each and every iMac Pro, and if you use FileVault, your own personal key to completely lock down your data as well. In real time. As you're reading and writing it. Which is ludicrously cool tech.

Source. So, yeah, don't just take my word for it, refer to these sources about the question whether or not the T2 chip adds anything security-wise as they sound much more appreciative of it than I did. What you make of that, I'll leave to you. Privacy and security are, as Apple claims, main pillars of their philosophy, and as you fittingly described – there are different groups of people in regard to it, those who care a lot about this quality, those who care a little but perceive Apple's security and privacy standards more as a cherry on top of their apple-cake, and many who don't care at all. But at very least many people from the first group applaud Apple for this quality and for their continued attempts to advance even further in the realm of security, which the T2 chip (among many other things) does. You don't have to, but a lot of people like it. You don't have to take my word for it, take theirs.

I think Apple is absolutely on the right track to move forward in this regard and add additional layers of protection wherever possible instead of standing still and hoping that the security layers they have right now will be sufficient forever. I don't want to overblow this in any capacity – personally, I care more about the additional privacy protection layers in Mojave than about any of the security-ramifications of the T2 chip – and much more so about all the cool features on the user-end of things that Mojave brings to the table – but as the cited reviews prove, many people who fall into the security-camp perceive both (T2 chip aswell as Mojave's additional security features) to be steps into the right direction. Or, to quote Rene Ritchie once again, "these are all features iOS has been benefiting from for years and it's great to see them, and more custom silicon, come to the Mac." (Source)

By the way, as I've gone through it now, the AppleInsider article also positively mentions the instant FileVault process:

After enabling FileVault on the 2017 MacBook Pro, which lacks the T2, we were told we would have to wait a full day for encryption to finish — and that if we suddenly decided against it, we wouldn't be able disable it until the process was complete. Even once it finished, storage read speeds dipped significantly.

On the 2018 MacBook Pro enabling FileVault is instantaneous, with no change in subsequent speeds at all.

aswell as some things that I actually didn't know and that you can more or less add to the list of advantages if you so like, namely

The newer T2 takes care of the exact same tasks as the T1, but adds an image signal processor, audio controller, and a mass storage controller that includes a dedicated AES engine for encryption.

Apple says the image signal processor works with the FaceTime HD camera to enable enhanced tone mapping, improved exposure control, and face-based auto-exposure, as well as automatic white balancing. As you can see in our video, white balancing is indeed much better, exposure is improved, and the detail in hair and eyes no longer gets crushed by dark shadows.

[...]

We've also noticed a pretty big difference in microphone quality, thanks to the T2's audio controller, which processes signals that ultimately end up at the MacBook's stereo speakers. That probably contributes to the better sound output found in this year's MacBook Pro models. On top of that, the T2 chip adds "Hey Siri" support.​

So, yeah, take that as you will. I'm not saying that you wouldn't be able to achieve any of these things without the T2 chip, but according to AppleInsider, the chip does directly result in a vastly better quality of the FaceTime camera, microphones and likely the improved sound output. And you can tell me what you want, these are absolutely areas that the average user uses his machine for. Especially the speakers (though to be fair, the article only says that the T2 chip probably contributes to the better speaker quality – but the other improvements are all listed as facts). Even a vastly improved video and audio quality from the webcam and microphones alone are absolutely features that a large part of the user base can profit from. Not game changers, but definitely things they could notice in a direct comparison and that improve the experience. If my Mom or one of my friends can hear me twice as good in a FaceTime call, that's, as you say, a "real-world benefit". If my dumb voice later sounds twice as crisp in my voice memo, that's a real-world benefit. If the sound of the movie that I'm watching sounds a lot better (and the speakers on my 2018 MBP are pretty amazing in my opinion)... well, you get the point.

Edit 2: What doesn't seem like such a good thing (or actually like a pretty bad thing) about the T2 chip on the other hand is this:

https://www.macrumors.com/2018/10/04/t2-macs-must-pass-diagnostics-for-certain-repairs/

"Apple's diagnostic suite is limited to internal use by Apple Stores and Apple Authorized Service Providers, as part of what is called the Apple Service Toolkit. As a result, independent repair shops without Apple certification may be unable to repair certain parts on the iMac Pro and 2018 MacBook Pro.

Moreover, when the iMac Pro and 2018 MacBook Pro are eventually classified as vintage products, meaning they are no longer eligible for hardware service from Apple, repairs through alternative channels might not be possible."​

Just noticed this today, thought I'd add it. So yeah, while not 100% confirmed, we can probably both agree on that if it's true, it's a pretty bad thing.
 
Last edited:
I am not given the ability to do anything with those additional options. No new capability is afforded to me. Merely the limiting of ability I was already afforded by owning a name brand x86-64 computer because I'm afraid that I will be one of the statistically unlikely few to be affected with a cold-boot attack. You see this as a benefit because, you are more paranoid of such attacks than I am. (Strangely, you don't cite how common they are, in practice, with any credible data.) As it stands right now, the only real world benefit to this restriction you've been able to even cite up to this point, aside from the booting of an unsanctioned and unsigned OS (something I have not only never had happen to me personally, but have also never heard of having happened to the thousands of other Mac users that I've supported throughout my IT career) against the user's will, is that if I'm running late for a trip and spontaneously decide that I want to encrypt my drive while also backing it up, I can do so. Again, not sold on that as a practical benefit.

Now, you are TECHNICALLY GIVEN OPTIONS in the Startup Security Utility on those systems, and OPTIONS ARE CHOICES. But do these choices GRANT YOU ANY ADDITIONAL FUNCTIONALITY, I'd argue no, especially seeing as you are LIMITING what you are able to do with those additional options. However, citing facts on the necessity of the security offered by the T2 chip, which you do not have, you are insistent that you are offered the peace of mind that a set of vulnerabilities that are pretty uncommon among non-T2-enabled Macs are now something you are impervious to. Which, I suppose, in your opinion, is a benefit. However, if we are to use your earlier provided example of Gatekeeper as a metric, Apple will almost certainly impose limitations in the future to prevent T-series Macs from booting anything that isn't the up-to-the-minute version of macOS a la iOS.



Considering that you have yet to offer me a real-world practical benefit that comes with the T2 chip, your saying that it is an advancement that all users would appreciate seems to be more of an opinion than a fact.

On the other hand, Apple's track record, suggesting heavily that options such as the ones in the Startup Security Utility on T2 Macs today won't be something that persists, is fact. I can't predict the future. But if I was a gambling man, it'd be a really safe bet that Apple will go that route.



What if I want to boot a Linux OS? What if I want to boot a special bootable utility that wasn't ever signed by Apple or Microsoft? It's my computer; why can't I boot whatever I want on it, especially if I'm not violating any copyright laws to do so? Is this not something I should be ABLE to do?



Apple actually provides every downloadable version of the Mac Operating System dating back to Lion. In fact, you can still download Mavericks, Yosemite, El Capitan, Sierra, and High Sierra today. You won't find them by searching on the Mac App Store, but you can find them still today, making this issue of tampered OSes a non-issue, unless you're REALLY worried that Apple's servers might get hacked and their files for older OSes replaced by ones with fraudulent hash signatures, but honestly, this seems HIGHLY unlikely.



We already agreed that most users won't be aware enough to make up their mind, so I'm not sure what your point here is. Also, I'm not attacking your preference. I'm attacking the assertion that your preference has any real-world benefit beyond simply being your preference. Also, the implication that the sacrifices that we are very likely going to have to make during the lifetime of the current T2 Macs are even remotely worth it.



The amount of people who have had their identity stolen in a cold boot attack is certainly substantially smaller than the amount of people who are apt to be inconvenienced by the fact that ALL T-series MacBook Pros do not have a discretely separate SSD. Again, I have never heard of it happening to anyone I know or have ever worked with and that's a fairly sizable population.



If you could guarantee me that these choices were going to remain for the functional lifetime of the T2 machines without any change to them slipstreamed via Firmware or otherwise, I'd say that it isn't a bad thing. However, you cannot guarantee me that. Nor can you refute that if Apple were going to take away my choices, the T2 chip and the bridgeOS it runs would be the way in which they do so and until you can guarantee and refute accordingly, you cannot make the claim that it's simply more options being added with no drawback, potential or otherwise.




https://eclecticlight.co/2015/12/28...restorage-changes-hard-drives-and-their-care/

https://derflounder.wordpress.com/2...ablement-option-in-yosemites-setup-assistant/

If you have a Mac model that supports Intel's cryptography features (and, not all Macs capable of running even High Sierra do), then your boot drive, upon installing OS X Yosemite or newer will be converted to Core Storage and you will get to the end of the setup assistant and be asked if you merely want to turn it on.



The need to backtrack to a previous operating system and the need to encrypt your drive whilst simultaneously backing it up all in a hurry do not compare in terms of which is the more realistic scenario to encounter. The former is a problem that happens on such a larger scale, especially in the recent era of declined quality control at the Infinite Loop. The latter seriously doesn't sound plausible. If you care enough about your data to want it encrypted, would you really not also put the same care into having backed it up beforehand? For the record, I don't think drive encryption or back-up practices are foolish. But trying to do both at the same time? Or the latter before the former? That's foolish.



Again, if I care enough about my data, I will recognize that I should Time Machine BEFORE I either enable or disable FileVault and I should plan accordingly. Period. Also, if my drive is decrypting or encrypting, is it REALLY smart to be using my computer during that time to the point where I would want to back up the changes via Time Machine? I'd argue it really isn't. If this is a practical use case that you're giving me, you're not doing the best job of making the case...well...practical.



I'm not trying to be rude or mean here, but that sounds like you weren't really careful here and that the whole ordeal that you mention here could've been avoided if you had backed up BEFORE setting up FileVault, and then let your computer encrypt uninterrupted. If the benefit of the T2 chip is that you can effectively walk and chew bubblegum at the same time (turn on FileVault like it's no big deal and then do a Time Machine backup), then I'd say that's a pretty minor benefit that wouldn't be necessary if you had previously gotten used to the best practices of both technologies in the preceding years of their existence. I won't knock you for liking it, but I don't see that as being any serious advancement in computing either.



Regarding FileVault 2: FileVault 2 will only get stuck in such a terrifying fashion if one of three things are true: (1) The drive you are encrypting is going bad or (2) The data you are trying to encrypt is corrupt or (3) both. A T2 chip will not save you from any of those fates; nor will any SSD made by Apple or otherwise. At best, it will reduce the likelihood that you are doing anything while your drive is being encrypted that might induce any of those scenarios.

Regarding my data not being read anymore once I've sold my computer: What data do you have to suggest that someone I sell my computer to is at all likely going to take that opportunity to try to see what data was once on it? Do you even have any data to suggest that this is at all a real-world concern for anyone outside of maybe a business that already has established information security practices (the likes of which even Apple's best practices pale in comparison to)? Because NOTHING you have said so far suggests that such concerns are applicable to any real-world use case outside of your own preferences and comforts.




Apple has stated that they will be providing fixes. There are no reports of Mac users suffering the kinds of cold-boot attacks not possible on T2 chip Macs, therefore the only thing the T2 chip would offer me is the peace of mind that such an attack couldn't even theoretically happen. From a practical standpoint, I see no difference. I'm not going to get attacked either way.



I'll put it to you this way: As someone who works in IT, and has seen many different kinds of environments (all of which held information security in the highest regard), if a data breach is incurred because someone was able to successfully execute a cold-boot attack on a single Mac not equipped with a T2 co-processor, then there are MUCH BIGGER systemic problems that the party whose data was breached has with the way they are handling sensitive data. Period.



Who's to say it hasn't already been patched in Mojave? The whole point of my chief complaint about the T2 is that as of the recent couple of macOS releases, Apple has been silently pushing firmware updates IN EVERY VERSION OF THE OPERATING SYSTEM. They no longer announce them.



Sure. Either one of us could get hit by a bus tomorrow, as well.



Wake me up when there are actually reported incidents of issues that the T2 could've prevented ACTUALLY HAPPENING TO PEOPLE. Because I still have yet to hear of a single case of that ACTUALLY HAPPENING.

Otherwise, at this point, by the time there's a serious vulnerability in something like an Intel processor's microcode, for instance, it is discovered by security researchers, announced to the world and then patched well before anyone has taken the time and energy to SUCCESSFULLY exploit it.





You find it unlikely that Apple might take away a feature that, by the very nature of the T2 chip, they've already started taking away? (Again, Gatekeeper no longer has an option to be completely turned off and it sure didn't debut in 10.7.5 and 10.8 that way.)

You must be relatively new to the Apple scene.

Also, technical issues such as the aforementioned KP (among a plethora of other recent examples across their hardware and software product lines) fully highlight just how poor Apple's quality control has become as of late. Furthermore, as I wouldn't care about a chip inside of a Surface Book 2 that won't let me downgrade from Windows 10 v1809 (when it releases) to Windows 10 v1803 or v1709 even due to Microsoft's quality control being consistent across its recent OS revisions, Apple even making slight moves towards taking away that ability is only a problem for me because they do not have that same quality control and, statistically, more OSes since Snow Leopard have sucked than have been awesome. A poor track record if you are trying to get me to sign up for a future where I'm supposed to act as though the version of the OS I'm running isn't important. I won't backpedal from Windows 10 v1803 to v1709 the way I've backtracked from both Sierra and High Sierra to El Capitan. Make Apple's OS upgrades not suck so much and then even my gripes on this feature will be moot. Until then, they most certainly aren't.




I'll chalk this up to your personal preference and leave it at that. It does say a lot that these features have been out for two years already and they haven't made it to any other Mac. Furthermore, that the 13" MacBook Pro "Escape Edition" has been so popular explicitly for lacking these features.



"Serious real world benefit here!" said no one ever.



Pretty sure all four of those points are the same point. I defer you to my comments above on how small I believe those benefits are in terms of real-world benefit (especially if we're comparing a T2 Mac with a healthy SSD to a non-T2 Mac with a healthy SSD).



Again, you have yet to cite me cases where anyone has ever actually been affected by such a cold-boot attack. You may have had a vaccine for tuberculosis, but if I never encounter it, we're both just as safe in practice.



You know what you'd see if you could see through my webcam right now? My ugly mug looking at the computer screen. Nothing fancy. You know what most people look like through their webcam? Pretty much the same, except maybe prettier. You cannot tell where I am. So, even if this was a real widespread vulnerability (and again, I have not heard any widespread reports that this is something to fear as a user with a webcam that lacks a T2 chip to prevent me from such calamities), it seems to be of relatively minor concern.



I'll tell you, having worked for an AASP in a past life, opening up any MacBook Pro Unibody or newer is REALLY NOT THAT HARD. Hell, I could do the Unibody ones in my sleep. But no, it likely makes the process slightly harder for technicians because you technically are removing a condition in which the data can be accessed (through a port on the logic board that will still work even if the rest of the board is screwed) and then they have to have that conversation with the customer about how their data would've probably been retrievable if Apple had not ironically prioritized the security of the data that they can no longer get back as a result. Yay for security! Keeping you from your own data!



I take it you're the one person out there that actually buys Earthquake insurance at times not immediately succeeding an Earthquake?

You also seem to presume that most people care as deeply about information security as you do. I'll tell you, as someone who encounters all sorts of users out there, that presumption is just not the way it is. Most people do not care about these things as you do.

That said, would most of the people in Apple's target market audience for the 13" MacBook Pro care about limited boot options, definitely not. However, I'm sure that most of the people in Apple's target market audience for the 15" MacBook Pro, let alone the iMac Pro would certainly care if you told them that, following a restore, they HAD to install the latest version of macOS despite the fact that their Avid/Premiere/ProTools/AfterEffects/FCPX/Logic plug-ins were not yet compatible, forcing them to stay behind.



I appreciate you giving me the freedom Apple won't.



Now, you're just putting words into my mouth. Or are you taking my personal distaste for the T2 chip so personally because you happen to own one of them yourself? Either way, this is nonsense.

The people who are in Apple's target market audience will fall into three camps: (a) those who put security above all (the camp you very clearly belong in), (b) people who either don't care or will never be aware, and (c) those who will surely be affected by such a clearly inevitable future. Again, the way I see it, the folks with 13" MacBook Pros are very likely to fall in the first two camps, while those with the 15" MacBook Pro and iMac Pro are far more likely to be in the latter camp (as is evidenced by the vast majority of people who have switched back to PC following the 2016 MacBook Pro's launch and the revelation that Apple won't be releasing another Mac Pro until 2019 at the earliest). Understand the target market audience for these machines and understand what it takes to appropriately support an environment of more than ten Macs at a time and you'll understand where I'm coming from.



I think this is more of you projecting yourself and your preferences onto that of the masses. But that's just my opinion. The people I encounter are indifferent to TouchID and the TouchBar, view them as gimmicks they don't need and would've rather a Mac that gave them a removable boot drive, and full USB-A ports. Furthermore, if you scour these forums, you won't find that the aforementioned people I encounter are alone or even in the minority.

Like you said, you're free to like what you like. But to assume that everyone else likes it as you do is folly.



I thought we agreed on this point posts ago.

Yes, the T-series chips are a harbinger of what's to come. Apple will gradually move more and more away from separate components and more towards having their Mac processors be SoCs. Their chips could be x86, but far more likely (especially with their unending quest for thinner computers), they will be ARM. Certainly once they are ARM-based, then there will be no reason for them to be treating the management of installation and updating of the Mac operating system any differently than iOS so long as the end user experience of using a Mac remains the same. Yes, I don't like it. I get it, but I don't like it. It makes perfect sense. But for it to make sense, you can't deny that Apple will, at the absolute latest, as part of that transition, remove the freedom of choice in what OS can be loaded onto those Macs.
Also, given recent developments (and seeing how you haven't responded to me since – in particular not to my request about providing some additional sources yourself that make predictions similar to your own), I think it's worth adding a few things.

Firstly, since both the new Mac mini aswell as the new MacBook Air now come with the T2 chip, it's reasonable to assume that all new Macs from now on will. So if you're going to avoid all Macs with a T2 chip, then you are going to have a hard time within the Apple ecosystem.

Secondly and maybe more importantly – barely anyone seems to mind. In fact, people are pretty happy about the two new Macs that were released this week. The main complaint people have with them is the price (understandably so). The second-most frequent complaints reach from the fact that the MacBook Air only ships with Bluetooth 4.2 instead of 5.0 to its screen brightness being much lower than not just the MacBook Pro display but even just the display of the 12" MacBook, or the 128GB introductory storage option in both of them. You know... these are the kind of things people are concerned about, for the most part.

I have yet to read any reputable review discouraging people to buy the new MacBook Air or Mac mini because it has a T2 chip, or even just voicing the same dystopian concerns you did about what Apple is so very likely to do with it in the future. On the contrary however, there are plenty of reviews who praise or at the very least positively acknowledge the inclusion of the T2 chip – Rene Ritchie for example highly praises the chip and its inclusion in both his MacBook Air and his Mac mini review over at imore.com.

Which circles back to what I said in my last post extensively: if even the most reputable and knowledgeable of reviewers have a generally positive opinion about the T2 chip and dismiss the possibility of Apple restricting boot up choices and the like as highly unlikely to happen, then I'm a little more inclined to believe all of them instead of a single guy on the internet who says otherwise without any truly convincing arguments. You are not wrong to have that opinion, of course, but I find it very telling that in the >1 month since our last message exchange, you weren't willing (read: able) to even provide me a single reputable, trustable source that comes to the same conclusions as you did on this topic, even though I openly invited you to and would have loved to read a bit into more people's opinions than just yours. To express it in your very own words: I'm not attacking your opinion. I'm attacking the assertion that your opinion has any real-world influence beyond simply being your opinion. You can choose to believe whatever you want, but you haven't yet convinced me that everyone else is wrong and only you are right about this topic, which is the logical consequence of your narrative.

If it was only this then I might not have responded back (seeing as how you conversely also didn't respond to my last comment thus far, possibly due to the aforementioned lack of credible sources that I asked you for?). But there's more. In fact, as you might or might not know, Apple talked quite a bit about the T2 chip at the October 2018 event (and very little about Intel, unsurprisingly). Among the real-world advantages that we have already discussed extensively, such as the audio controller for better, wider stereo sound, the always-on processor for "Hey Siri", the image signal processor for a better video quality of the FaceTime camera, all the security advancements and the SSD controller for on-the-fly encryption and more, there was one particular mention that stuck out to me and that I don't think was very well-known before: it also features a HEVC video encoder.

This alone is a pretty big advancement if you ask me (or just any video-editing professional really). Apple themselves claimed that this feature of the T2 chip allowed for 30 times (!) faster video encoding on the new Mac minis – though it is important to note that the last-generation, 4-year-old Mac minis didn't yet have Intel chips with HEVC hardware encoding whereas Coffeelake chips do, which probably also contributes a big factor in that x30-number Apple was advertising.

How much of an advantage this is will largely depend on which Macs/PCs you're comparing it to and if they already have CPUs with HEVC hardware encoding built in. Even so, I was a bit curious an dug around, and a very relevant comparison that turned up is this review of the 2018 MacBook Pros by professional video-editor Austin Mann in which he measured that the maxed out 2018 MacBook Pros encoded a video file more than 400% as fast as the maxed out 2016 MacBook Pros (24 seconds vs 99 seconds). For reference, the 2013 MacBook Pro took him 1980 seconds, which in comparison correlates well with Apple's x30 performance increase claim for HEVC encoding (considering the 2013 MBPs didn't have Intel CPUs with HEVC hardware encoding either, I think).

It's important to note in this comparison that both the Skylake CPUs from 2016 aswell as the Coffeelake CPUs from this year already have Intel's Quick Sync feature, so while the CPU difference might have somewhat contributed to that 4x increase in HEVC encoding speed, it's a pretty safe guess that it's not just the leap in Intel's chipset that made this difference – the jump from the top-of-the-line mobile Skylake to the respective Coffeelake chips is maybe around 50% due to the additional two cores, not >300%. As a result, Austin Mann in the linked article explains these significant differences with the inclusion of the T2 chip and with it assisting the CPU/GPU in the encoding process – an explanation that, especially with what Apple said at their last keynote, sounds very believable to me.

Bottom line is: even with Intel's latest CPUs having HEVC hardware encoding built in, the video encoding capabilities of the T2 chip still make a fairly significant difference and are able to cut encoding times in half or into even smaller fractions, which is likely to affect a great deal of professional and hobbyist video editors. It's another fairly big real-world advantage we can add to our list; from a crunching-numbers point of view maybe the biggest one thus far. If you tell me that having an encoding time being shrunken down to 10 minutes from 40 isn't a real-world advantage then I don't know what to tell you.

It's also possible by the way that the T2 chip somewhat helps with preserving battery life during playback of HEVC video (which make out a huge part of the videos being watched by the average consumer – for example, Netflix and many other streaming services use HEVC nowadays since it's so much more space- and bandwidth-friendly than the old H.264 codex for example.) Back when I read some MBP 2018 reviews, there were a few reviewers that mentioned good/improved battery life during H.265 video playback, compared to the 2016/17 models. Now I originally figured that was mostly due to the increased batteries (power consumption also increased, but maybe not proportional to the battery size with everything you do). That might still be the case, though in retrospect it seems very possible that the T2 chip also has a part in this and helps to make HEVC playback more energy- and therefore battery-preserving. Now keep in mind that this is more of a speculative topic though – it seems plausible to me but I don't have any hard sources to back it up right now. But if true, it is – you guessed it – another real-world advantage of the T2 co-processor we can essentially add to the list.

There's also another big security benefit that we haven't discussed and that was seemingly only discovered by the new document Apple published about the T2 chip: closing the lid will prevent access to the microphone of the MacBook (Pro) on a hardware-level and therefore shutting out any and all potential spy software that you might have unknowingly caught on your machine. Knowing your opinion about the rest of the T2's security advancements, maybe you're going to counter-argue that there would never ever be any malicious software that's going to spy on you via your microphones; but if that's the case, then that just seems like a far cry from reality just to discredit one more security advancement by Apple. To quote the very 9to5mac article I linked above:

"As TechCrunch notes, the idea that Macs are largely hack-proof has been thoroughly debunked in recent years, as a number of high-profile and well-documented security threats have proven how vulnerabilities have gone largely undetected in Macs by the broader cybersecurity industry. The Fruitfly malware, which went undetected for years and only came to light last year, allowed hackers to gain complete control of a Mac, including the ability to remotely turn on its webcam, control the mouse and keyboard, take screenshots of the display, and even alert a third party to when the user was actively using the device." (Source)
Yeah, I'll just leave it at that, I don't have much to add here.

By the way, here's a fun fact: Mark Zuckerberg himself covers he webcam of his computer. So if you claim that nobody is worried about being spied on through their webcam or microphone, then you are kind of pretending that Facebook doesn't exist. (Ironically, this statement might be true in more ways than just one: it reminds me of reading of multiple cases where users claimed that the ads Facebook presented changed to something that users solely spoke about loud while using the Facebook app (not actually entering it into the Facebook app in any way, just saying it out loud while the app was open). Meaning that, unless it was some very convenient coincidence, Facebook might have been listening to them somehow. But I'm not going to go down that rabbit hole now just to link you sources – I'm sure if you want to, you can find cases like these yourself by Googling.)

Also, here is the link to Apple's very own security overview for the T2 chip that I mentioned earlier. I haven't read it in its entirety but it's generally an interesting read. It also mentions some of the things we talked about earlier like the addition instant FileVault (de-)activation that you at first very so insistent was already possible before.

To conclude this post, I think Rene Ritchie hit the nail on the head about the T2 chip in his MacBook Air review: "Apple's also using its own, custom silicon here — the T2 Security Chip — to engineer around some of Intel's... lack of engineering." (Source) That's what the T2 chip is all about and what it has been designed around: to bring some of the much needed progress in chip development over to the Mac in a time where Intel has long stopped advancing in correlation to Moore's law and instead disappoints year after year. It's there to provide some most of the time subtle and oftentimes unnoticeable but nevertheless important and meaningful advancements to the Mac in a multitude of areas, with for a vast majority of people negligible and unnoticeable drawbacks. And after all we have discussed, you haven't really conclusively convinced me that it didn't achieve just that. It's the first step in bringing all these exciting news in SoC engineering that we hear about in the Steve Jobs theater in September of each year back to the Mac.
 
Last edited:
I just bought an iMac Pro and started having problems immediately when trying to connect external 4k monitors. Apple claims the iMac Pro can drive four 4k monitors at 4k 60Hz. I couldn't get a single monitor at 4k 60Hz, only 4k 30 Hz, using what Apple techs called an excellent quality Uni USB-C to Displayport 4k 60Hz Adapter (https://www.amazon.com/gp/product/B075V27G2R/ref=oh_aui_detailpage_o02_s00?ie=UTF8&psc=1). When I called AppleCare I was told they had never heard of this issue and would have to send my problem up to the engineering department (and of course, the engineering department never even contacted me). Later I tried to hooking up multiple 4k monitors with the Uni cables and that caused a kernel panic. When I did a google search on the kernel panic I realized I was far from alone with this problem and that Apple is more than aware of it. By this time I was corresponding and speaking to Benji from the Apple Corporate Customer Relations team. At first Benji promised me the world. When he asked what I wanted I told him that I just wanted Apple to send me a replacement iMac without charing my debit card another $5k. Today he called me back and told me that he had spoken to the department that handles exchanges and that my request to send me another iMac Pro before my current machine had been returned had been rejected, but that I could always purchase another iMac Pro and return this one later. As if his office, the Apple Executive Customer Relations Team, didn't have the authority to get me a replacement iMac Pro fedexed to me immediately... No, Benji is just inept and lazy. By the way, Apple pulled the same BS on me last week with a Macbook Pro I purchased the same day I ordered the iMac Pro. Apple convinced me that they could't send me a replacement MB Pro and insisted that I had to purchase another MB Pro to replace the defective Macbook Pro they sent me 2 days earlier. So by the point of Benji's call today, I was simply fed up with mediocre Apple customer service. The iMac Pro is supposed to be Apple's shining example of state of the art quality and engineering. In truth, it's a bug-ridden piece of crap built in China with obvious rampant quality problems.

I knew it wouldn't be long after Steve Jobs' passing that Apple would fall apart. But I have to admit, the speed of Apple's decline is stunning. Apple used to be the product that cost more because it worked the first time, every time, right out of the box as promised on stage and in commercials. Now Apple products are just overpriced, buggy tech items which promise to be revolutionary but in reality aren't even evolutionary. They're poor quality, don't perform as promised, and when they miss the mark the customer service is horrible. I've seen Apple fail like this once before, and but-for Steve Jobs' return, Apple would be bankrupt today. This time around Steve Jobs' isn't alive to save Apple. I looked at Tim Cook's tweets over recent weeks (as Apple lost a staggering $200BN in value) before I tweeted him about my terrible experience this week with new high end Apple products (which Tim, of course, didn't bother to acknowledge). What was he concerned about on his twitter feed? Recovering his stock value? Making his pro customers satisfied? Aiming to restore customer confidence in evermore costly Apple products? Nope, Tim was tweeting about diversity and slobbering all over George Bush's memory. Tim Cook is clueless and he's running Apple down into an early grave. So perhaps his strange focus on George Bush was telling, maybe he's already keenly aware he's run Apple into a deep, muddy ditch. Apple Shareholders and Board Members, you still have a narrow window to save Apple before Tim adds to the red with his newly proposed expansion of Apple employee roles in Austin and San Diego. Fire Tim Cook! Do it right away.




As highlighted by Digital Trends and VentureBeat, a small number of users have turned to the Apple Support Communities to report incidents of kernel panicking on the new MacBook Pro, possibly linked to Apple's T2 chip. The issue has also been highlighted by some of our own readers in the MacRumors forums.

t2-macbook-pro.jpg

Image Credit: iFixit

Many of the crash logs shared by users mention bridgeOS, which is the device firmware on the logic board that controls many functions, including the T2, fueling speculation that the chip is the root cause of the problem.

Similar reports of kernel panicking began last year with the iMac Pro, which is also equipped with the T2, so this does seem to be a potential issue with the chip, or the bridgeOS firmware that manages it, rather than an entirely new MacBook Pro controversy like the since-fixed excessive throttling.

Apple's custom T2 chip integrates several previously separate components, including the system management controller, image signal processor, audio controller, and SSD controller. It also features a Secure Enclave coprocessor for secure boot, encrypted storage, and authenticating Touch ID.

Apple support representatives appear to have provided a wide variety of solutions, ranging from disabling FileVault to turning off Power Nap, but none of the advice customers received suggests there is a permanent fix.

MacRumors reached out to Apple, which told us that this is not a widespread issue, nor one that it has received any direct reports about. Nevertheless, Apple said it has relevant teams looking into the matter and, unsurprisingly, is always aiming to improve the stability and reliability of its products.

In general, Apple recommends that customers update their MacBook Pros with the macOS High Sierra Supplemental Update released earlier this week, which contains reliability and stability improvements, including a bug fix that addresses excessive thermal throttling with the latest MacBook Pro models.

According to at least one user, the Supplemental Update has not resolved the kernel panicking. Hopefully, whatever is causing the issue can be identified and promptly fixed in a future software update.

Article Link: Apple Looking Into Limited Reports of T2-Related Kernel Panics on New MacBook Pro and iMac Pro
 
As an Amazon Associate, MacRumors earns a commission from qualifying purchases made through links in this post.
  • Like
Reactions: Peperino
I just bought an iMac Pro and started having problems immediately when trying to connect external 4k monitors. Apple claims the iMac Pro can drive four 4k monitors at 4k 60Hz. I couldn't get a single monitor at 4k 60Hz, only 4k 30 Hz, using what Apple techs called an excellent quality Uni USB-C to Displayport 4k 60Hz Adapter (https://www.amazon.com/gp/product/B075V27G2R/ref=oh_aui_detailpage_o02_s00?ie=UTF8&psc=1). When I called AppleCare I was told they had never heard of this issue and would have to send my problem up to the engineering department (and of course, the engineering department never even contacted me). Later I tried to hooking up multiple 4k monitors with the Uni cables and that caused a kernel panic. When I did a google search on the kernel panic I realized I was far from alone with this problem and that Apple is more than aware of it. By this time I was corresponding and speaking to Benji from the Apple Corporate Customer Relations team. At first Benji promised me the world. When he asked what I wanted I told him that I just wanted Apple to send me a replacement iMac without charing my debit card another $5k. Today he called me back and told me that he had spoken to the department that handles exchanges and that my request to send me another iMac Pro before my current machine had been returned had been rejected, but that I could always purchase another iMac Pro and return this one later. As if his office, the Apple Executive Customer Relations Team, didn't have the authority to get me a replacement iMac Pro fedexed to me immediately... No, Benji is just inept and lazy. By the way, Apple pulled the same BS on me last week with a Macbook Pro I purchased the same day I ordered the iMac Pro. Apple convinced me that they could't send me a replacement MB Pro and insisted that I had to purchase another MB Pro to replace the defective Macbook Pro they sent me 2 days earlier. So by the point of Benji's call today, I was simply fed up with mediocre Apple customer service. The iMac Pro is supposed to be Apple's shining example of state of the art quality and engineering. In truth, it's a bug-ridden piece of crap built in China with obvious rampant quality problems.

I knew it wouldn't be long after Steve Jobs' passing that Apple would fall apart. But I have to admit, the speed of Apple's decline is stunning. Apple used to be the product that cost more because it worked the first time, every time, right out of the box as promised on stage and in commercials. Now Apple products are just overpriced, buggy tech items which promise to be revolutionary but in reality aren't even evolutionary. They're poor quality, don't perform as promised, and when they miss the mark the customer service is horrible. I've seen Apple fail like this once before, and but-for Steve Jobs' return, Apple would be bankrupt today. This time around Steve Jobs' isn't alive to save Apple. I looked at Tim Cook's tweets over recent weeks (as Apple lost a staggering $200BN in value) before I tweeted him about my terrible experience this week with new high end Apple products (which Tim, of course, didn't bother to acknowledge). What was he concerned about on his twitter feed? Recovering his stock value? Making his pro customers satisfied? Aiming to restore customer confidence in evermore costly Apple products? Nope, Tim was tweeting about diversity and slobbering all over George Bush's memory. Tim Cook is clueless and he's running Apple down into an early grave. So perhaps his strange focus on George Bush was telling, maybe he's already keenly aware he's run Apple into a deep, muddy ditch. Apple Shareholders and Board Members, you still have a narrow window to save Apple before Tim adds to the red with his newly proposed expansion of Apple employee roles in Austin and San Diego. Fire Tim Cook! Do it right away.

The entire design team needs to be fired.
It is pathetic that a company to the level of Apple is making such big mistakes in design, and they fail to address them.
The entire Pro line up (Macbook, Mac Pro and iMac Pro) they promise always that you can connect monitors many hardrives becuase USB-C can handle until it does NOT.

Mac Pro a failure.
Mac Mini -same old design after 4 years and 70% more expensive.
iMac- same old 10 year design
Macbooks Pro 2016+ another big massive failure.

Shady issues about MacBook Pro


30 Inconsistencies

 
As an Amazon Associate, MacRumors earns a commission from qualifying purchases made through links in this post.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.