Apple Shares T2 Security Chip Guide Detailing Privacy Features 'Never Before Seen on Mac'

MacRumors

macrumors bot
Original poster
Apr 12, 2001
7,402
8,479



Apple's event today included brief details about the company's T2 security chip coming to the MacBook Air and Mac mini (it's already in the 2018 MacBook Pro), but a new security guide has shed light onto what exactly the chip does for user privacy (via TechCrunch). According to the guide, on MacBook Air and Pro the chip includes a hardware microphone disconnect feature that ensures the microphone is disabled when the lid is closed.


This is accomplished through hardware so that the microphone becomes physically disabled from the rest of the MacBook hardware every time the lid is closed, preventing any software from engaging the microphone when the user shuts the MacBook. Apple points out that the camera is not disconnected in hardware, because its field of view is already completely obstructed when the MacBook lid is closed.
All Mac portables with the Apple T2 Security Chip feature a hardware disconnect that ensures that the microphone is disabled whenever the lid is closed. This disconnect is implemented in hardware alone, and therefore prevents any software, even with root or kernel privileges in macOS, and even the software on the T2 chip, from engaging the microphone when the lid is closed. (The camera is not disconnected in hardware because its field of view is completely obstructed with the lid closed.)
Apple says that the T2 chip gives Macs a solid foundation for encrypted storage, secure boot, and Touch ID, all based on dedicated security hardware and the Secure Enclave coprocessor included on the T2 chip. Combined with the security and convenience of Touch ID, Macs with the T2 chip provide "a level of privacy and security protections never before seen on Mac," according to Apple.

Besides its security features, the new 13-inch MacBook Air includes a Retina Display, two Thunderbolt 3 ports, a headphone jack, 50 percent smaller display bezels, a reduced footprint, and more. Pre-orders for the device are live today, starting at $1,199.00, and the MacBook Air will officially launch on November 7.

Article Link: Apple Shares T2 Security Chip Guide Detailing Privacy Features 'Never Before Seen on Mac'
 

guzhogi

macrumors 68030
Aug 31, 2003
2,932
796
Wherever my feet take me…
According to the guide, on MacBook Air and Pro the chip includes a hardware microphone disconnect feature that ensures the microphone is disabled when the lid is closed.
I have a number of coworkers who use their laptops in clamshell mode, and connected to external monitors. What happens then? Will they have to get external microphones?
 

now i see it

macrumors 601
Jan 2, 2002
4,007
8,006
I was never a fan of the MB air. It seemed too gimped to me. But this new release looks like its actually a "real computer". I'll be taking it into consideration now.
 
  • Like
Reactions: martyjmclean

Nozuka

macrumors 68020
Jul 3, 2012
2,233
2,713
I'm surprised there is not more detail on the camera protection.

I'm pretty sure the T2 is there to protect the camera too.

Is it possible to turn on the camera without the green LED lighting up? Or is this hardwired somehow.
 

nt5672

macrumors 68000
Jun 30, 2007
1,901
3,942
Yep, the potential problem is when Apple decides that Apple is the only one that can decide what software I can install on my computers. Much like the iPhone, Apple TV, Apple Watch, and HomePod. Wait that is every device Apple makes excluding the Mac. Apple is just too nanny like for me to be comfortable.
 

TrulsZK

macrumors regular
May 1, 2018
107
106
Norway
Should be a way to hardware disable the microphone when the Mac is in use, and for desktops without a lid

Also a hard wired LED, in such a way it can’t be disabled with software for both camera and microphone would be nice.
 
  • Like
Reactions: RandomDSdevel

twistedpixel8

macrumors 6502
Jun 9, 2017
280
507
“Once those [90 failed password] attempts are exhausted, the Secure Enclave will no longer process any requests to decrypt the volume or verify the password.”

Erm... so some idiot could spend 20 minutes deliberately entering the wrong password into your Mac and you permanently lose all your data? Not sure how I feel about this.
 

Davk87

Suspended
Oct 26, 2014
52
49
England
“Once those [90 failed password] attempts are exhausted, the Secure Enclave will no longer process any requests to decrypt the volume or verify the password.”

Erm... so some idiot could spend 20 minutes deliberately entering the wrong password into your Mac and you permanently lose all your data? Not sure how I feel about this.
Happy. You should feel happy. Not because you lost your data, it because you now know that the person screwing with your computer is somebody you want out of your life.
 
  • Like
Reactions: martyjmclean

TrulsZK

macrumors regular
May 1, 2018
107
106
Norway
“Once those [90 failed password] attempts are exhausted, the Secure Enclave will no longer process any requests to decrypt the volume or verify the password.”

Erm... so some idiot could spend 20 minutes deliberately entering the wrong password into your Mac and you permanently lose all your data? Not sure how I feel about this.
That means you must also protect your Mac physically
Same as the iPhone that deletes all data after 10 failed passcode attempts, due to the delay enforced after multiple passcode attempts it will take you 1 hour and 36 minutes to delete my iPhone

Also due to the delay enforced, like iOS it will take several hours to permanently delete my data, and yes I have multiple backups of everything

Attempts Delay Enforced

1–14 none

15–17 1 minute

18–20 5 minutes

21–26 15 minutes

27–30 1 hour
 
Last edited:

twistedpixel8

macrumors 6502
Jun 9, 2017
280
507
Happy. You should feel happy. Not because you lost your data, it because you now know that the person screwing with your computer is somebody you want out of your life.
Well that’s great and all but... my data. Why can’t it just be a perpetual 1 hour delay after a certain number of attempts?
 

NT1440

macrumors G5
May 18, 2008
12,141
13,983
I have a number of coworkers who use their laptops in clamshell mode, and connected to external monitors. What happens then? Will they have to get external microphones?
...do you really think Apple hasn’t thought through one of these use cases?
 

centauratlas

macrumors 65816
Jan 29, 2003
1,089
1,412
Florida
I like the concept of the T1 and T2 chips

Just hope the T2 is not the reason the 2018 MBPs still experience crashes
I've had my 2018 MBP since it came out (ordered to replace my 2012 15 inch MBP which had its fans on pretty much continuously) and, knock on wood, I haven't had any crashes. It is a 32GB RAM machine with the 6 core i9 (MacBookPro15,1).

I do use it in clamshell mode 95% of the time with a 2004 30 inch Apple Cinema and a CalDigit hub. It is used a lot - X Code, and a lot of stuff running continuously in the background, so it does get a workout.

I wonder if there is a pattern to machines that have crashes.

As far as microphone, I have an external USB one that works fine. I actually prefer it because it is higher quality if I need to use it (once per year it seems0.
 
  • Like
Reactions: RandomDSdevel

NT1440

macrumors G5
May 18, 2008
12,141
13,983
“Once those [90 failed password] attempts are exhausted, the Secure Enclave will no longer process any requests to decrypt the volume or verify the password.”

Erm... so some idiot could spend 20 minutes deliberately entering the wrong password into your Mac and you permanently lose all your data? Not sure how I feel about this.
20 minutes?
 

Attachments

Nozuka

macrumors 68020
Jul 3, 2012
2,233
2,713
My 2018 MBPR is also crashfree so far.

The MacOS Update today also changed the T2 firmware number. So maybe this version will fix some things for people with problems...
 

casperghst42

macrumors member
Jan 11, 2006
81
48
The problem with the T2 chip in the computers is that Apple now have a valid reason to stop allowing 3rd party to repair the computers, ie. change screen, keyboard, or just the case... Which means that repairs will cost a premium, ie. Apple Tax is now in play.