I am not given the ability to do anything with those additional options. No new capability is afforded to me. Merely the limiting of ability I was already afforded by owning a name brand x86-64 computer because I'm afraid that I will be one of the statistically unlikely few to be affected with a cold-boot attack. You see this as a benefit because, you are more paranoid of such attacks than I am. (Strangely, you don't cite how common they are, in practice, with any credible data.) As it stands right now, the only real world benefit to this restriction you've been able to even cite up to this point, aside from the booting of an unsanctioned and unsigned OS (something I have not only never had happen to me personally, but have also never heard of having happened to the thousands of other Mac users that I've supported throughout my IT career) against the user's will, is that if I'm running late for a trip and spontaneously decide that I want to encrypt my drive while also backing it up, I can do so. Again, not sold on that as a practical benefit.
Now, you are TECHNICALLY GIVEN OPTIONS in the Startup Security Utility on those systems, and OPTIONS ARE CHOICES. But do these choices GRANT YOU ANY ADDITIONAL FUNCTIONALITY, I'd argue no, especially seeing as you are LIMITING what you are able to do with those additional options. However, citing facts on the necessity of the security offered by the T2 chip, which you do not have, you are insistent that you are offered the peace of mind that a set of vulnerabilities that are pretty uncommon among non-T2-enabled Macs are now something you are impervious to. Which, I suppose, in your opinion, is a benefit. However, if we are to use your earlier provided example of Gatekeeper as a metric, Apple will almost certainly impose limitations in the future to prevent T-series Macs from booting anything that isn't the up-to-the-minute version of macOS a la iOS.
Considering that you have yet to offer me a real-world practical benefit that comes with the T2 chip, your saying that it is an advancement that all users would appreciate seems to be more of an opinion than a fact.
On the other hand, Apple's track record, suggesting heavily that options such as the ones in the Startup Security Utility on T2 Macs today won't be something that persists, is fact. I can't predict the future. But if I was a gambling man, it'd be a really safe bet that Apple will go that route.
https://www.apple.com/feedback/
Have you thought venting these critiques towards Apple directly? I don't mean that in any sarcastic capacity, I'm genuinely wondering if you have as this would likely be the best place for them.
If you haven't already, consider writing them what you wrote me, more or less. Obviously there's no guarantee that anything will come from it (don't want to know how many million people sent feedback about the obtrusive iOS volume overlay over the years), but with your concerns about this topic being as gigantic as they are, this would probably be the best place to put them. We are mostly moving in circles with our discussion and Apple most certainly doesn't read these forums. More likely than not such a critique would get buried under the thousands and thousands of feedback messages that Apple likely receives each day, but with you being so deeply concerned about this future scenario, this is likely the one place where putting these concerns has at least the potential to make a change.
Outside of telling you my predictions for the probability of it to happen, which you don't agree with anyway, that's the best advise I can give you on the topic of boot up choices. Let Apple know what you think, not (just) me and any random MacRumors readers that happen to stumble over our comments (doubt there are many anyway). I'm not losing any sleep over this possibility, most people don't seem to (feel free to disprove me here if you don't think that's true, I'd generally be interested in knowing what other people think about it), but if
you do, this is the address where I would voice all these concerns. Don't just tell me how bad this would be, tell the company that is in charge of this very decision that you are afraid of.
Apple actually provides every
What if I want to boot a Linux OS? What if I want to boot a special bootable utility that wasn't ever signed by Apple or Microsoft? It's my computer; why can't I boot whatever I want on it, especially if I'm not violating any copyright laws to do so? Is this not something I should be ABLE to do?
Then change it to the low security setting, duh. We've been over this already. You originally described workflows that might require you to revert to an earlier macOS version, which I used as a baseline scenario for calling the medium security one the "best of both worlds". If you change your workflow to what you've described, just use the one without any restrictions.
We already agreed that most users won't be aware enough to make up their mind, so I'm not sure what your point here is. Also, I'm not attacking your preference. I'm attacking the assertion that your preference has any real-world benefit beyond simply being your preference. Also, the implication that the sacrifices that we are very likely going to have to make during the lifetime of the current T2 Macs are even remotely worth it.
I'm not sure what you don't understand about my point there. You obviously prefer the setting without any restrictions, as you've laid out ad infinitum. Some people might prefer one of the higher security setting for
any reason (and I'm not talking about myself), which they are able to choose with the current settings. Most people, like you point out, are likely just going to leave it at the standard one Apple preselects for them. All of this is fine because if you ever need to install an OS that your current settings don't allow, you get a nice message telling you exactly how you can change it (
source). These settings,
in their current form, are a non-issue.
About the second part, refer to what I wrote above. We are mostly arguing in circles because we time and time again end up at the unknown variable of whether or not Apple will take away some of these settings in the future. I cannot prove you that it won't happen, you cannot prove me that it will happen, and we obviously have vastly different opinions about its likelihood. We only know it's larger than 0 and smaller than 1. I won't argue that these boot up choices would be worth giving up the ability to install an older OS, and neither will you contest, as you said yourself, that they "aren't bad" if we never need to give up this ability.
Further down below I actually cite another educated opinion that arrives, just like me, at the conclusion that it'll likely not happen, so I guess you can refer to them and maybe try asking them for their exact reasoning if you find them somewhat of an interesting source, but otherwise, like I suggested, my best advise to you if it concerns you that much is to share all of your concerns with Apple instead of just with me. The worst that can happen is that nothing comes from it (and the same can be said about our discussion here as Apple will most definitely not read
that). The best thing that can happen, besides it maybe easing your mind, is that the right people end up reading it and it decreases the chances of it happening at least a tiny little bit.
Or maybe the very very
very best that can happen is that they actually give you a definite statement. You are probably going to claim that this is impossible but people thought the same about if we'll get an official statement on if Apple plans to merge iOS and macOS. I won't contest that it is highly unlikely, but if you are truly looking for proof that it's not going to happen, like you claim you do, then this is your best chance at getting it, and all the more reason to share your concerns with Apple. With rumors being that Apple truly reads all the feedback post they get (at least I read that a few times – not sure if there was any real substance to it), you'll have at least the same size of an audience as you do here where I'm, presumably, the only one who reads through your posts on this topic and vice versa.
Apple actually provides every downloadable version of the Mac Operating System dating back to Lion. In fact, you can still download Mavericks, Yosemite, El Capitan, Sierra, and High Sierra today. You won't find them by searching on the Mac App Store, but you can find them still today, making this issue of tampered OSes a non-issue, unless you're REALLY worried that Apple's servers might get hacked and their files for older OSes replaced by ones with fraudulent hash signatures, but honestly, this seems HIGHLY unlikely.
Didn't know that they did. In that case, good point. Though then again, if Apple does decide to drop the ability to install older versions of macOS with a software update, I'm doubtful if they'll keep these older OS installations on their servers for long. If the T2's ability to check the OS installer's integrity is of any worth at that point is another question.
https://eclecticlight.co/2015/12/28...restorage-changes-hard-drives-and-their-care/
https://derflounder.wordpress.com/2...ablement-option-in-yosemites-setup-assistant/
If you have a Mac model that supports Intel's cryptography features (and, not all Macs capable of running even High Sierra do), then your boot drive, upon
installing OS X Yosemite or newer will be converted to Core Storage and you will get to the end of the setup assistant and be asked if you merely want to turn it on.
Exactly, thank you for proving my point. The only situation where enabling/disabling FileVault 2 is instantaneous is when you're setting up your Mac. Not at any point afterwards, which is what we were talking about. Want to do it at any later point than the setup process itself? Then that process is going to take a while. Not so with Macs with the T2 chip.
I'm not trying to be rude or mean here, but that sounds like you weren't really careful here and that the whole ordeal that you mention here could've been avoided if you had backed up BEFORE setting up FileVault, and then let your computer encrypt uninterrupted. If the benefit of the T2 chip is that you can effectively walk and chew bubblegum at the same time (turn on FileVault like it's no big deal and then do a Time Machine backup), then I'd say that's a pretty minor benefit that wouldn't be necessary if you had previously gotten used to the best practices of both technologies in the preceding years of their existence. I won't knock you for liking it, but I don't see that as being any serious advancement in computing either.
While I disagree with you on a lot of things, I actually don't think you are being rude here. To be clear here, all of my important data is stored in iCloud with occasional backups via Time Machine and OneDrive, so even if I had lost all the files on my drive during the stuck encryption process, I wouldn't have lost any of my actual data. So in that sense I don't at all think I was being careless, but of course you didn't know the whole picture. I mostly started the Time Machine backup after I realized that the process was stuck and
might force me into setting the Mac up if it didn't resolve itself, so making a new backup seemed like the obvious thing to do (being able to jump right in after the restore process where I left off and all that). It was only then that I realized that you can't do that during the encryption process.
Having said that however, I think you have circled a bit around what I think is the main issue here: you aren't told beforehand that you can't use Time Machine during this process. The warning panel in System Preferences even tells you that you can continue using your Mac normally while it's en-/decrypting – I don't know how that sounds to you, but to me the phrasing implies that performing a Time Machine backup, something that falls under "normal use" by any reasonable metrics, will be possible. If the warning panel would outright tell you about it, then yeah, I'd agree with you that the user knows what they are getting into, and are mostly responsible themselves for any lack of backups as a result from it. But without a warning like that, I think Apple is at least partially to blame for users who navigate themselves into pesky situations like that. It might be obvious
to you that encrypting the drive and making a backup are two things that don't mix too well together, but I wouldn't expect (for example) my elder parents to make that connection.
Besides, the inability to make Time Machine backups during this process was one benefit I listed as a benefit of the T2 chip in relation to FileVault, and not even necessarily the most significant one. I think what's going to bug more people is the slowdown to their machine that the encryption process comes with. Now to be clear, we are at a technological point where having your hard drive being en-/decrypted in the background does in no way make the machine unusable, unless maybe for the most intensive of tasks, but it can definitely still be noticeable during everyday use, as I can attest to from experience. It's probably somewhere around the performance impact that Spotlight indexing, iCloud sync and stuff like that usually has during the first few hours of use, if not a little more, and most people just want to get that over with as fast as possible. Nobody wants their machine to be unnecessarily slowed down for any longer than necessary, so having that time literally trimmed down to zero is a good thing from my perspective. Yes, you can technically put that encryption process in a week where you maybe don't use your machine, or don't use it so often, so that you are not actively affected by the slowdown, but nobody really wants to plan their own schedules around the needs of their machine, it doesn't make for a great user experience.
Regarding FileVault 2: FileVault 2 will only get stuck in such a terrifying fashion if one of three things are true: (1) The drive you are encrypting is going bad or (2) The data you are trying to encrypt is corrupt or (3) both. A T2 chip will not save you from any of those fates; nor will any SSD made by Apple or otherwise. At best, it will reduce the likelihood that you are doing anything while your drive is being encrypted that might induce any of those scenarios.
Or maybe there are just some bugs to the FileVault encryption process? How can you be so sure that this
isn't the case and that the drive itself must be the issue? Especially if you criticize the decrease in Apple's quality control in the very same comment?
That said, the T2 chip's way of handling a FileVault encryption will most likely actually save you from this fate, or at very least fate number (2), for reasons I've outlined earlier. It won't un-corrupt your data obviously, but because it no longer reads and re-writes all the data on your drive, it will most likely not get hung up anymore on corrupted data. Thinking about it, it might save you from (1) messing up your FileVault encryption process aswell: if your drive is showing signs of going bad but is still usable, then chances are that the T2 encryption process is just als likely or unlikely to get hung up on it as anything else you do. The content of your drive is now
always encrypted, all the T2 chip does when (de-)activating FileVault, like I said before (at least from my understanding – I don't have any hard proof to back it up because Apple doesn't publicly disclose it to my knowledge) is encrypt and decrypt the
SSD's encryption key with the user password that it stores in the Secure Enclave. Not the drive itself since it is always encrypted anyway.
(Again, Gatekeeper no longer has an option to be completely turned off and it sure didn't debut in 10.7.5 and 10.8 that way.)
And once again (since you seemingly didn't read it the first two times), turning off Gatekeeper entirely is still possible; see the attached screenshot of mine in an earlier post. Not the standard option, but possible.
Besides, we have
- Gatekeeper: security mechanism that restricts the user to some extend, is on by default but can be turned halfway off or completely off be the user, and behaves that way since its' inclusion many years ago (you obviously know better than me since how many years exactly),
- SIP: security mechanism that restricts the user to some extend, is on by default but can be turned off completely be the user, and behaves that way since its' inclusion many years ago,
- The T2's boot up options: security mechanism that restricts the user to some extend, is on by default but can be turned off either halfway or completely by the user, and behaves that way since it's inclusion earlier this year (or, if we want to be precise, December of last year).
Think of that what you will, but I do see a bit of a pattern here.
You must be relatively new to the Apple scene.
I know you are being sarcastic here, but Apple has actually been gravitating towards opening up their OS'es in a number of ways and giving both developers and users more and more freedom over the last few years: many more APIs for things that were previously reserved for system functions (if possible at all), giving users options in places where they previously held back from doing that for no good reason, and so on and on. If you would have told me a couple years ago, or even as recently as one year ago, that Apple would bring a powerful scripting tool to iOS with tons of ways for third-party developers to bake their own actions into it and with the ability to create our very own Siri summoning spells for it, I probably wouldn't have believed you. I'm not even sure I would have believed you that they would bring Siri support for third-party music apps like Spotify around.
I won't deny that there are still some dumb restrictions all over the place, but the tendency at the moment that I've also read a few developers claim is that Apple is opening up their systems overall, not further closing them down.
Does that mean they'll not take out these boot up choices? No, obviously not. But it sure makes it a little more likely that they plan to keep them in than if they were still as restrictive as they were at several points in the past.
Besides, remind me how again removing these boot up choices would result in a significant financial gain for Apple, large enough to justify turning off and potentially losing a nontrivial part of their user base? If someone upgrades their Mac and they realize afterwards that whatever workflow they had is now messed up or that some important software of them is now incompatible/dysfunctional, and they
couldn't downgrade in any capacity, wouldn't that make them
much less likely to purchase a new Mac in the future? A new Mac (which also couldn't be downgraded in that case) wouldn't restore their workflows in any way and might potentially pose exactly the same problems for them later down the line, so wouldn't they much rather consider a Windows or Linux machine or some other non-Mac alternative at that point? Obviously there are more variables to consider, like if the software of them is also available on other platforms and yada yada, but in general, wouldn't people who burn themselves on such a severe restriction much rather
not buy a new Mac after that and thereby
decrease Apple's sales?
Plus, taking away the ability to upgrade likely means that more people are on the newest OS version than otherwise, which as a consequence means that their Mac would feel much more fresh and exciting to those people than if it wasn't up-to-date and
didn't yet have all the newest features installed (yet). Now I admit this is a bit more of a speculative point, but to see what I mean, just look at all those people here on MacRumors and on other places who previously wanted to upgrade to a new iPhone or iPad but after installing iOS 12 don't want to do that anymore. Hadn't iOS 12 been such a great performance-focused and refined release that breathed fresh live into their old devices, or had it dropped (at least) the iPhone 5s or so, Apple might have had a good amount more iPhone sales this year around. Yet they still made iOS 12 the way it is.
Maybe there are things I'm missing – I don't claim to be an expert in this area, so I'm all ears learning from you how exactly you think Apple would make more money from it. But besides some "planned obsolescence"-type of scenario where Apple intentionally slows down older machines, which iOS 12 (aswell as Apple's claims at the most recent two keynotes) pretty much proves that they don't really do, I don't really see how such a decision would foster Mac sales.
Regarding my data not being read anymore once I've sold my computer: What data do you have to suggest that someone I sell my computer to is at all likely going to take that opportunity to try to see what data was once on it? Do you even have any data to suggest that this is at all a real-world concern for anyone outside of maybe a business that already has established information security practices (the likes of which even Apple's best practices pale in comparison to)? Because NOTHING you have said so far suggests that such concerns are applicable to any real-world use case outside of your own preferences and comforts.
Personal photos and videos (including ones that I'd rather not have the public see), E-Mails, messages, social security number, banking data, credit card numbers, banking receipts, purchase receipts, login credentials for pretty much all the websites I use, lots of personal information detailing my employment and my social contacts, health-related documents about myself and my family, and so on and on. Now to be clear: personally I'm using FileVault and storing most of the more confidential things I listed in a password manager (meaning even without FileVault there shouldn't be any way to restore it), so I'm personally not worried about any of it getting out if I sell one of my Macs. But your Average Joe might not use any of these precautions or even understand to which extend they help him here. An elderly guy I know stored his banking and credit card data and god knows what other personal stuff as a text document on his desktop. Yeah, that can be a thing.
Point being, there is a lot of personal and confidential stuff people store on their devices, and not always with a lot of precautions that might have bad consequences if anyone you don't know gets his hands on it. I'm not saying that the person who buys your Mac will target
you specifically, but what if they just decide to run a data recovery program over it to see what they can find just for yikes, or in the hopes of finding something that they can somehow exploit? Might be an uncommon occurrence in itself, but it's not reasonable to be
afraid of it, and I've talked to people who
did have concerns like that when selling their old machine. And if you're unlucky and someone
does find critical confidential data from you, that might have all sort of bad consequences: they might be able to commit identity fraud in all sorts of ways, abuse your credit card data, they could try to extort you in some way – hell, even if they "only" publish (for example) a naked pic of you on the internet that they were able to find and the wrong people see it, that could have catastrophic consequences. The notion that only businesses have confidential data that they don't want a random and potentially malicious weirdo to see does seem a little absurd to me.
Make Apple's OS upgrades not suck so much and then even my gripes on this feature will be moot. Until then, they most certainly aren't.
https://www.apple.com/feedback/
Understand the target market audience for these machines and understand what it takes to appropriately support an environment of more than ten Macs at a time and you'll understand where I'm coming from.
Are you implying by that that Apple themselves doesn't understand their target audience? If so, I'm not saying that I necessarily disagree, but that's still a curious statement.
I think this is more of you projecting yourself and your preferences onto that of the masses. But that's just my opinion. The people I encounter are indifferent to TouchID and the TouchBar, view them as gimmicks they don't need and would've rather a Mac that gave them a removable boot drive, and full USB-A ports. Furthermore, if you scour these forums, you won't find that the aforementioned people I encounter are alone or even in the minority.
Like you said, you're free to like what you like. But to assume that everyone else likes it as you do is folly.
I don't think I'm projecting
myself onto the masses. Actually, some people that I've conversed with (in real life) were quite fond of the idea of a fingerprint scanner and stuff like that finding its' way onto a laptop. But that's not what I'm making these statements based on. As someone who bought a 2018 MBP a while ago, I watched and read at least 20+ reviews about it before making a purchase. Any pretty much every single one of them praised Touch ID to a more or lesser extend, even the ones that were mostly critical about the 2018 MBPs because of their port selection and thermal issues. It is a feature that even the more critical voices mostly like – and of course they do, because everyone has passwords, but nobody finds typing out passwords fun. Extrapolating that onto the larger masses, and it's not really refutable that Touch ID on the Mac is something that's very easy to appreciate. I'm not saying there aren't exceptions, but from extrapolation alone, it's easy to see that Touch ID is an advantage that most people value at least a little, and that many people value a lot.
Now for comparison, how many reviews I read and watched mentioned the risk of Apple dropping some of the introduced boot up choices in the future? At this point you might be expecting the answer "none" to support my point, but no, there is actually one of them: the Arstechnica.com review, a site BTW that generally goes very in-depth about a lot of technical things. (On a rather unrelated note, their iOS 12 and macOS Mojave deep dives are a great read.) And how did they mention it? In a throwaway paragraph where they admit that it
could happen but quickly dismiss it as unlikely, meaning they are saying more or less the same as me in this matter and can practically make my argument for me.
"There are so many advantages to this chip that I expect to see something similar in most future Macs after a short time, but how far Apple goes with it remains to be seen. For example, will Apple enforce the equivalent of “full security” on all Macs in the future, just as it does on iOS devices? I doubt it, but you never know." Arstechnica.com,
source (actually, while looking it up I realized it was the iMac Pro review, not even the MacBook Pro one which doesn't even contain a mention of the possibility of Apple dropping these choices in the future, but since you're asking me to cite things, I figure the quote is still appropriate.)
That's pretty telling, isn't it? The only reviewer of at least 20 that even
mentioned that this "clearly inevitable" future has a chance > 0 of happening – and who is one of the most in-depth reviewer in all things Apple out there, by the way, and therefore has a lot of knowledge and experience to base that judgement on – just said that he doubts it's going to happen. So not only, by extrapolating the 1-in-20+ ratio of reviewers who even
mention or
acknowledge it, does that mean that not a lot of people perceive the risk of this possibility as an issue (compared to the ton of people who like Touch ID as a feature), but at least
some of the ones who are aware of it are pretty dismissive of it about being a problem.
Now I'm not sure what you think about the guys over at Arstechnica, but they are without a doubt significantly more knowledgeable about these topics than me and if they basically come to the same conclusion than me that it's unlikely, then I find it unlikely to become an issue, at least during the current MacBook Pro's and iMac Pro's lifecycle. You are saying that we shouldn't ignore the use cases of the few in favor of the ones of the many, but neither should we just forget what the majority of people want in favor of the desires of the few, and while my experience from these reviews definitely isn't any market research or so, it goes to show that the average MacBook Pro user or reviewer is more appreciative of something like Touch ID than he is concerned about the risk of maybe losing his boot up choices several years down the line. That's not projecting
my own opinions onto the masses, it's just extrapolation of (semi-)random data points.
But by that, I don't want to undermine the point I made at the beginning of this comment; if anything, I'd want to cement it by that: if you're concerned about Apple dropping these choices, tell
them that you are. We are all friends here and despite disagreeing on the likelihood of it happening, we both want the same thing on this matter: for Apple not to drop these boot up choices. So instead of just, well, disagreeing on the probability of it happening and trying to convince each other of it, I strongly advise you to do the one one thing that might
decrease the probability of it happening, regardless of where it currently sits at.
Which brings me to an interesting question: do you have any hard data or read-ups on how many other people are concerned about the possibility of Apple dropping boot up choices, or other people's commentary or assessments about its likelihood? And I don't ask this because you also nag me about citing sources, but because I'd find it interesting to have more information about this issue. Maybe there are a ton of similarly minded complaints that I just don't know of. So far, I have mostly just your opinion on it. Whether or not Apple will do this is the main point of our whole discussion, yet neither of us have really factored in other people's commentary on it so far (in my case, mostly because none of the reviews I watched and read contain such, but at least there's the Arstechnica bit now standing in the room, of which you can make what you will). Most people don't base their opinions on what one single guy or gal predicts will potentially happen several years down the line. If you have any links to likeminded, credible people coming to the same conclusion as you, then by all means, share them with me, let's dive into some new perspectives of different people instead of just playing ping-pong about whether or not it's going to happen.
So far, like I've said above, removing these choices would to me seem like an anti-consumer move without any payoff for Apple, financial or otherwise, in a time where they are on a good track to opening up their OS'es wherever beneficial and take a strong stance on the longevity of their hardware. People who won't ever downgrade their Macs aren't affected either way, and those who
do want to downgrade their Macs and can't as a consequence from it would very likely think twice about buying a Mac (or just Apple hardware in general) again, resulting in
losses for Apple, not in increased profits. Where is the payoff here for Apple? Besides some "planned obsolescence"-horror stories (that we can probably both agree on are not likely to happen unless there is some fundamental paradigm shift at Apple, in which case we probably have much larger problems), I don't see how this would be of any significant benefit to Apple. If you disagree, then by all means, enlighten me, because so far, you haven't convinced me that it is very likely of happening, let alone "clearly inevitable".
By the way, since you're asking me to cite sources and other people's opinions, I thought I'd also note here that Arstechnica speaks quite positively about the
security features of the T2 chip, even more positively than me. Just gonna leave these quotes here, make of it what you will:
The T2 is an all-purpose system controller. It manages the microphones, speakers, cooling system, and the SSD (which is actually two SSDs working in tandem). It also acts as an ISP for the front-facing camera. This chip thus allows Apple to streamline the internal components and reduce reliance on other manufacturers—and it has speed and security advantages, too. Apple remains all about that end-to-end integration.
While this approach to a system management, audio, and SSD controller might have some small performance advantages, it’s mostly a boon for Apple’s own design and engineering goals. Most users would not even be aware of it.
But the biggest advantage is security, and users should know about what it does on that front. The T2 chip contains a secure enclave processor, which manages security keys. Further, it contains a dedicated encryption engine for the machine’s flash storage—it actually encrypts the drives’ contents on the fly.
As if that’s not enough, the T2 is a key component of a secure-boot feature that’s currently unique to the iMac Pro. The T2 validates the boot loader, which in turn validates the firmware, which in turn validates the kernel, which in turn validates the drivers.
With this comes a new tool called the
Startup Security Utility, which is accessible from the macOS recovery mode. You reach this by rebooting the machine and holding Command and R. The Startup Security Utility gives you a choice between three security modes—full security, medium security, and no security. It also permits you to allow or disallow booting from external media, and you can set a firmware password “to prevent this computer from starting up from a different hard disk, CD, or DVD without the password.”
Source. Also
The T2 chip is not something that most users will notice or care about outside of Hey Siri, but the security features matter for IT managers. And it speaks to Apple's relentless efforts to free itself from external silicon vendors.
Source. They even speak positively about "Hey Siri", something that you were pretty quick to dismiss above:
The T2 chip has also enabled Hey Siri on this computer, which other Macs don't support at this time. I tried out Hey Siri and it worked just fine. The computer never missed a prompt, and it was always ready to accept a request or command within a second or so of my saying, "Hey Siri." This is nice to have when you're working on an external keyboard without the Siri button you would otherwise be able to reach on the Touch Bar.
Same
source. By the way, I personally don't use "Hey Siri" on my MacBook and have disabled it outright (I tried it but since my iPhone would always hug the request anyway, I found it pointless for me, plus I rarely ever use Siri on my Macs anyway), but for people who more often use Siri on the Mac for a variety of tasks and don't have their iPhone or iPad greedily taking over the request, I totally see how it can be useful. Is it a killer-feature? For the majority of people, most likely not. But for some it might be a great thing.
I'm not going to respond to everything you wrote since it's pretty tedious and time-consuming to write all this down, but some final things:
I take it you're the one person out there that actually buys Earthquake insurance at times not immediately succeeding an Earthquake?
I'm not sure how you get to that conclusion since as I said, the main thing that I
personally like about the T2 chip is Touch ID. I kinda wish I could say the same about the Touch Bar but the thing I use it for most frequently, besides system controls (which actually are a little more convenient that way IMO than with binary buttons) is enabling PiP in videos in Safari. So yeah, not that useful for me personally. But I've seen and tried out some apps that make great use of it, so I'm sure there are some people for who it is a great thing.
Despite what you may think, I'm actually not
that concerned about a lot of the security stuff, but I'm all for moving forward in that regard and not stand still just because we don't
know of any security holes. Otherwise we end up with companies doing much less testing in that regard and ending up with disasters like the "root" bug in High Sierra. For every security hole they close, for every security feature they add ("them" being Apple as much as any other big company), there is likely someone somewhere out there who will profit from it without even knowing. And like you yourself said – Apple's quality control hasn't been
that great lately either, which makes going forward in that regard all the more important.
I thought we agreed on this point posts ago.
I also thought we agreed on High Sierra/Mojave still giving us the ability to completely turn Gatekeeper off, which you contested. Check one of my previous comments, I attached a screenshot where it literally says that it allows apps from "everywhere", which I presume to mean that Gatekeeper is off. It's not the standard setting, though I never claimed it to be – but it still is a setting.
I'll tell you, having worked for an AASP in a past life, opening up any MacBook Pro Unibody or newer is REALLY NOT THAT HARD. Hell, I could do the Unibody ones in my sleep. But no, it likely makes the process slightly harder for technicians because you technically are removing a condition in which the data can be accessed (through a port on the logic board that will still work even if the rest of the board is screwed) and then they have to have that conversation with the customer about how their data would've probably been retrievable if Apple had not ironically prioritized the security of the data that they can no longer get back as a result. Yay for security! Keeping you from your own data!
Do you know what's even faster than opening up a MacBook? Not opening up a MacBook.
To be clear, I was mostly speculating on that point – I don't think we can know for
sure from the outside whether or not the process is any better/faster/different than the previous one that required opening up the MacBook. But with the new process just consisting of plugging a cable into one of the USB-C ports, it does seem likely that the reason for the new recovery method in its current form (besides the inclusion of the T2 chip, of course) is that they wanted to streamline the process. I'm not claiming that it's difficult to open up a MacBook Pro, but just plugging in a cable sure seems like a faster process than unscrewing everything, opening it up sufficiently and
then plugging in a cable. Not going to contest that it
might create some conditions under which the data could previously be recovered and cannot now.
I appreciate you giving me the freedom Apple won't.
A pleasure.
That said, would most of the people in Apple's target market audience for the 13" MacBook Pro care about limited boot options, definitely not. However, I'm sure that most of the people in Apple's target market audience for the 15" MacBook Pro, let alone the iMac Pro would certainly care if you told them that, following a restore, they HAD to install the latest version of macOS despite the fact that their Avid/Premiere/ProTools/AfterEffects/FCPX/Logic plug-ins were not yet compatible, forcing them to stay behind.
Yes, but all those people are also a reason for why it's unlikely to add these restrictions.
Personally, I'm curious to see the direction Apple has chosen with the upcoming Mac Pro. Not because I'd personally be interested in one, but because it should give us an indication on how much Apple values the different professional parts of their user base. If they go all in and deliver the performance-beast port-wonder with proper cooling and everything else that people are asking for, then your prediction about Apple taking away these choices is less likely to come true than if it ends up being a cop-out with, for example, an external keyboard with Touch Bar being the main killer feature and with thermals being once again compromised for looks and sleekness with Jony Ive talking about how beautiful the aluminium is and how silent the fans (or single fan...) is.
By the way, since you asked it at some point (but I can't find it again right now to quote): there was actually a patent from Apple floating around several months ago that detailed a Magic Keyboard with Touch Bar + Touch ID. Now I know that doesn't
has to mean something as not all of Apple's patents turn into a product, but it strongly indicates Apples was at least conceptualizing and toying with the idea of such a keyboard. My guess on why we haven't seen one yet is that it's just more difficult to develop one than with an internal keyboard. If you want Touch ID and Touch Bar to be on an external keyboard, you have battery life, Bluetooth transfer speeds and possibly all sorts of other things to worry about that aren't an issue on MacBooks. My guess is that we either see one with one of the next iMac refreshes (wouldn't actually be impossible for the refresh rumored for later this month, though I'm rather doubtful of it) or that Apple will skip Touch ID on desktop Macs altogether and move on to Face ID instead.
Now, you're just putting words into my mouth. Or are you taking my personal distaste for the T2 chip so personally because you happen to own one of them yourself? Either way, this is nonsense.
I'm not sure I follow – I was under the impression you don't just argue with me about the topic of Apple possibly taking away choices purely for fun, but to raise
awareness of it and convince me and possibly others of how likely it is to happen. That's where my comment that others don't have to fall into the same fear and prioritizing them over features they benefit from right now was directed at. If this understanding of mine constitutes nonsense and putting words into your mouth to you, then by all means, I take it back and you are free to worry about it all on your own instead.
I'm sure that's not true. But if you disagree, I'm not going to try to prove you wrong in
that regard.
(Strangely, you don't cite how common they are, in practice, with any credible data.)
I mean if you have any credible data to contribute on this particular topic, then by all means, don't let me stop you from citing them. I wouldn't be uninterested in reading it.
The people I encounter are indifferent to TouchID and the TouchBar. [...] But to assume that everyone else likes it as you do is folly.
Which is why I'm basing my assumptions about "most people" more on statistics and extrapolation instead of anecdotes or personal preferences. I don't doubt you that you personally and the people you encounter are indifferent to Touch ID, and that's your good right to be. If that statement was easily generalizable to the greater masses, if everyone or almost everyone was indifferent to biometric authentication, then as a logical conclusion, we wouldn't live in a time where almost every higher-end smartphone and even many laptops come with either a fingerprint scanner or a different form of biometric authentication; or where Face ID is so tempting that it is one of the main reasons why people are willing to spend 1000+ €/$ on a smartphone. Many people aren't indifferent to it. They don't want to go back to manually typing in passcodes and password for everything when there's a faster, easier, much more convenient way.
But for it to make sense, you can't deny that Apple will, at the absolute latest, as part of that transition, remove the freedom of choice in what OS can be loaded onto those Macs.
Because... why, exactly? That's just a conjecture. The T2 chip is already ARM-based (I think? Correct me if I'm wrong here, but in any case it is Apple-designed), and Macs with it can downgrade to older machines just fine. So why would switching the CPU to an ARM-based, Apple designed one require what is currently the low security setting on the T2 chip to be removed in any capacity?
Or are you talking about being able to install Windows on a Mac? Because in that case, I'd ask the same question because Windows 10
already runs on ARM processors. Will Apple support that via Bootcamp after the transition? I don't know, but at least I don't see any obvious reason why they would be fundamentally unable to.
To conclude, I once again encourage you to give Apple feedback on this particular topic if you haven't already, not just me. And if you have already, consider doing it again. More likely than not it won't change anything, but the people who are crazy enough to think they can change the world are the ones who do, after all. I'm still crazy enough to believe that one of these years, Apple will move the annoying volume indicator on iOS out of the middle of the screen.
I doubt anyone is able to provide you with proof of it not happening, outside of Apple themselves (which actually isn't 100% impossible, considering they made a pretty telling and definite statement at WWDC 2018 about whether or not iOS and macOS are going to merge, which is another question that people were pretty concerned about for
years and didn't really expect to get officially answered by Apple... so who knows if they won't maybe make statements on these sort of things in the future aswell), but nagging them about it is probably the best thing you can do in terms of channeling your deep concern and trying to make a change about it. If Apple ever does make a surprise announcement that they won't remove these boot up choices, you'll be the first person I'll message to get you the desired proof you asked of me. I doubt it's going to happen, but weirder things have happened ¯\_(ツ)_/¯
Edit: By the way, as you were keen for me to cite some sources, here are two more reputable news sites, namely Appleinsider and Rene Ritchie from iMore, who praise the T2 chip's security (without any acknowledgement of the potential of Apple dropping these boot up choices):
The T2's encryption uses dedicated Apple-designed silicon instead of a third-party processor. There are two benefits to this, the first being the fact that your data never reaches the Intel processor, so it's more secure. The second is that by using dedicated hardware, there's no effect on SSD performance.
[...]
The biggest security enhancement may actually be Secure Boot. This makes sure that only a legitimate, trusted operating system loads at startup. By default it's in Full Security mode, allowing only your current OS or signed OS software trusted by Apple to run. It also disallows booting from external media, such as USB or Thunderbolt drives.
This offers huge protection from hackers who could potentially boot into a different operating system in order to steal your data. Although not recommended, you can change these settings within macOS Recovery mode.
Source.
T2 also handles security and encryption. That includes cryptographically verifying the integrity of the entire startup process, from boot loader to firmware to kernel to extensions. You can disable it if you really want or need to, but otherwise it will make sure no one and nothing has tampered with your Mac, and it'll do it so fast you won't even notice it's there at all.
Thanks to a dedicated AES crypto engine, T2 also provides hardware encryption for the SSD storage. There's a unique key for each and every iMac Pro, and if you use FileVault, your own personal key to completely lock down your data as well. In real time. As you're reading and writing it. Which is ludicrously cool tech.
Source. So, yeah, don't just take my word for it, refer to these sources about the question whether or not the T2 chip adds anything security-wise as they sound much more appreciative of it than I did. What you make of that, I'll leave to you. Privacy and security are, as Apple claims, main pillars of their philosophy, and as you fittingly described – there are different groups of people in regard to it, those who care a lot about this quality, those who care a little but perceive Apple's security and privacy standards more as a cherry on top of their apple-cake, and many who don't care at all. But at very least many people from the first group applaud Apple for this quality and for their continued attempts to advance even further in the realm of security, which the T2 chip (among many other things) does. You don't have to, but a lot of people like it. You don't have to take my word for it, take theirs.
I think Apple is absolutely on the right track to move forward in this regard and add additional layers of protection wherever possible instead of standing still and hoping that the security layers they have right now will be sufficient forever. I don't want to overblow this in any capacity – personally, I care more about the additional privacy protection layers in Mojave than about any of the security-ramifications of the T2 chip – and
much more so about all the cool features on the user-end of things that Mojave brings to the table – but as the cited reviews prove, many people who fall into the security-camp perceive both (T2 chip aswell as Mojave's additional security features) to be steps into the right direction. Or, to quote Rene Ritchie once again, "these are all features iOS has been benefiting from for years and it's great to see them, and more custom silicon, come to the Mac." (
Source)
By the way, as I've gone through it now,
the AppleInsider article also positively mentions the instant FileVault process:
After enabling FileVault on the 2017 MacBook Pro, which lacks the T2, we were told we would have to wait a full day for encryption to finish — and that if we suddenly decided against it, we wouldn't be able disable it until the process was complete. Even once it finished, storage read speeds dipped significantly.
On the 2018 MacBook Pro enabling FileVault is instantaneous, with no change in subsequent speeds at all.
aswell as some things that I actually didn't know and that you can more or less add to the list of advantages if you so like, namely
The newer T2 takes care of the exact same tasks as the T1, but adds an image signal processor, audio controller, and a mass storage controller that includes a dedicated AES engine for encryption.
Apple says the image signal processor works with the FaceTime HD camera to enable enhanced tone mapping, improved exposure control, and face-based auto-exposure, as well as automatic white balancing. As you can see in our video, white balancing is indeed much better, exposure is improved, and the detail in hair and eyes no longer gets crushed by dark shadows.
[...]
We've also noticed a pretty big difference in microphone quality, thanks to the T2's audio controller, which processes signals that ultimately end up at the MacBook's stereo speakers. That probably contributes to the better sound output found in this year's MacBook Pro models. On top of that, the T2 chip adds "Hey Siri" support.
So, yeah, take that as you will. I'm not saying that you wouldn't be able to achieve any of these things without the T2 chip, but according to AppleInsider, the chip does directly result in a vastly better quality of the FaceTime camera, microphones and likely the improved sound output. And you can tell me what you want, these are absolutely areas that the average user uses his machine for. Especially the speakers (though to be fair, the article only says that the T2 chip probably contributes to the better speaker quality – but the other improvements are all listed as facts). Even a vastly improved video and audio quality from the webcam and microphones alone are absolutely features that a large part of the user base can profit from. Not game changers, but definitely things they could notice in a direct comparison and that improve the experience. If my Mom or one of my friends can hear me twice as good in a FaceTime call, that's, as you say, a "real-world benefit". If my dumb voice later sounds twice as crisp in my voice memo, that's a real-world benefit. If the sound of the movie that I'm watching sounds a lot better (and the speakers on my 2018 MBP are pretty amazing in my opinion)... well, you get the point.
Edit 2: What doesn't seem like such a good thing (or actually like a pretty bad thing) about the T2 chip on the other hand is this:
https://www.macrumors.com/2018/10/04/t2-macs-must-pass-diagnostics-for-certain-repairs/
"Apple's diagnostic suite is limited to internal use by
Apple Stores and Apple Authorized Service Providers, as part of what is called the Apple Service Toolkit. As a result, independent repair shops without Apple certification may be unable to repair certain parts on the iMac Pro and 2018 MacBook Pro.
Moreover, when the iMac Pro and 2018 MacBook Pro are eventually classified as vintage products, meaning they are no longer eligible for hardware service from Apple, repairs through alternative channels might not be possible."
Just noticed this today, thought I'd add it. So yeah, while not 100% confirmed, we can probably both agree on that if it's true, it's a pretty bad thing.