How important is Apple T2 Security Chip ?

[Whackintosh]

The absence of a T2 chip in the 2019 iMacs is one of the key factors pushing me towards considering spending more than I ever wanted to spend on a refurb iMac Pro. I worry that future OS versions will be making increasingly significant use of it.

 

[codernova]

The absence of a T2 chip in the 2019 iMacs is one of the key factors pushing me towards considering spending more than I ever wanted to spend on a refurb iMac Pro. I worry that future OS versions will be making increasingly significant use of it.

For security features sure. But as PCs have had equivalent HSM's (Hardware Security Module) and continue to function with or without them, I doubt your Mac will suddenly become less supported than a T2 equipped one in the future.

Non pro iMac probably doesn't contain the chip 'cause it's built to sit on desks in people's homes. Less security is needed. Mac mini's would contain them because those are used in businesses very often for purpose built tasks. The pro lines and laptops would need them for obvious reasons.

macOS and software in 2026 is still going to support non T2(T3/T4/Tx) enabled Macs just as Windows still supports hardware without HSM chips.

 

[mcnallym]

I would say that the 2019 iMac doesn’t have the T2 in it as was a minimal change refresh.

A lot of mini 2018 sit at desk on home yet that got the T2.

I would be surprised if when the iMac gets a proper redesign that will get the T2 chip.

Once the 2019 iMac which is the last iMac to not have the T2 goes end of support and dropped from os updates then will be the interesting time to see if Apple check for a T series chip presence.

 

[PBMB]

I would be surprised if when the iMac gets a proper redesign that will get the T2 chip.

Not sure that I understand: do you mean that you do not expect the T2 chip in the redesigned iMac, whenever it arrives?

Once the 2019 iMac which is the last iMac to not have the T2 goes end of support and dropped from os updates then will be the interesting time to see if Apple check for a T series chip presence.

This is what I think. It is very likely that this chip will serve as reference point for supported machines in future macOS updates.

 

[Strider64]

I have an iMac Pro and try to keep the security measures to a minimum (I don't turn on file vault), but if this computer was in small business instead of a residential home I more than likely would turn on the T2 features. In my opinion it depends (security wise) what the computer is used for that the determines the importance of the T2 security chip.

 

[partsofspeech]

The absence of a T2 chip in the 2019 iMacs is one of the key factors pushing me towards considering spending more than I ever wanted to spend on a refurb iMac Pro. I worry that future OS versions will be making increasingly significant use of it.

The new features Sidecar could be assigned to T2 in the future. Keyboard with touchbar, if it comes, will likely be handled by T2. iMac without T2 will be blocked away from accessing newer input devices. I will not surprised to see T2-only features announced in the future. Those are just my guess, but I believe that that is the trend.

 

[maflynn]

Does the T2 help protect against hackers, etc? And/or is the T2 Chip something that only professional users (photograph, video, scientific stuff) would want?

Apple has been leveraging the T2 for a couple of things, such as hardware decryption, and sandboxing components, such as the camera. Yet with that said, its a proprietary technology where some people have reported an inability to install an OS on the main drive other then macOS. That is if you want to run linux only on the internal drive. Being proprietary apple had a difficult time getting it to work smoothly and not causing crashes. I think they're beyond that but it did cause a lot of headaches for people. Personally, I feel its a move to further lock down the system and you as the consumer lose a bit more control.

 

[SecuritySteve]

Directly undoing defects in someone else's hardware is a litmus test for "good security device". It is more the case that whole scoping of the problem is way. off.



If also offers secure key and credential storage. Often that was the problem with the MDS/attacks is they are chasing sensitive information. One way of securing it is to not storage the master keys in RAM at all.

Even free of CPU defects, any code in the kernel and with root privs can see pragmatically everything anyway.

Implementing very good security consists of multiple layers. The T2 doesn't have to solve every security problem. The evaluation should be more so on does it add yet another secure layer to the system's defenses.

T2 does a bit more than Boot volume security. One of its primary purposes is to protects the boot firmware itself. That is data independent of the end user "storage disk" capacity it serves up. if the firmware isn't secure ( similar to trust corrupted kernel/root level) the whole system has security vulnerabilities.

Thank you for explaining what I said again in more detail. If you also really knew how the speculative execution attacks worked you would know it was impossible for the T2 to be in-between the x86 processor and it's cache without seriously affecting performance, which is a litmus test of a good security device itself.