iMac Pro Features Apple's Custom T2 Chip With Secure Boot Capabilities

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Dec 14, 2017.

  1. NT1440 macrumors G4

    NT1440

    Joined:
    May 18, 2008
    #26
    In that the TPM is vital for enabling BitLocker or other encryption schemes, yes, but that’s pretty much where the similarities end.

    Apple has made the T2 the home for some very important/impressive in-house designs from the ISP to the SMC.
     
  2. bernuli macrumors 6502

    Joined:
    Oct 10, 2011
  3. manu chao macrumors 603

    Joined:
    Jul 30, 2003
    #28
    That required that the computer was already running, you couldn't get past the disk encryption password upon boot with this bug. Which is only a small consolation as computers are booted up 99.9% of the time probably.
     
  4. honam1021 macrumors regular

    Joined:
    Nov 4, 2012
    #29
    Now only if they would give us this amount on control on iOS...
     
  5. kemal macrumors 65816

    kemal

    Joined:
    Dec 21, 2001
    Location:
    Nebraska
    #30
    FakeT2Chip.kext . Will have to have this since FakeSMC.kext won't make sense in ~2024.
    --- Post Merged, Dec 14, 2017 ---
    So the SSDs Apple are using in the T/12 computers lack a flash transition layer. Saves Apple money (not you.)
     
  6. G-News macrumors regular

    Joined:
    Oct 2, 2013
    Location:
    Switzerland
    #31
    So what happens when your disk is encrypted but separated from it’s T2 enclave, because the T2 is fried, or another problem occurs with the mainboard that requires the SSD to be migrated to another machine?

    Seems like the T2 is great at protecting the data to be read by anyone, including the owner...
     
  7. deconstruct60 macrumors 604

    Joined:
    Mar 10, 2009
    #32
    Serious chops? No more than most of the other SSD controllers used by mid-upper tier SSDs these days. Sandforce controllers did 'on the fly' encryption more than several years ago. Once Apple takes the SSD controller duties away from a third party SSD controller, being able to do on the fly encrypt is simply just replacing the technological capability of a reasonable 3rd party solution.

    AES was selected ( and designed ) to be relatively easy to be implemented in fix transistor logic implementations. The Intel CPUs can pragmatically do on the fly encryption from RAM. It is not so much "chops' as simply allocating sufficient transistor budget.

    The bigger issue here is Apple taking that third party SSD position. More than likely this is a SSD that is soldered on logic board (like some recent laptops). A modular SSD that fit into a socket ( even Apple tweaked S2 socket) still has the controller on the card/module. If the controller is inside of this T2 chip then that is most likely soldered to the board. At that point the NAND chips would pragmatically need to be also.


    Apple spent $390-400M more than several years ago to buy a SSD controller company ( https://www.macrumors.com/2012/01/10/apple-confirms-acquisition-of-israeli-flash-memory-firm-anobit/), so not particularly surprising they are in process of kicking all the other 3rd parties out of standard Mac configurations across the whole Mac product line.

    If forget the boot password , the drive is attached to the logic board, and have turned off booting from external devices .......... a bit more than dead in the water at that point. ( hopefully there is a service port that can trigger a secure erase. )
    --- Post Merged, Dec 14, 2017 ---
    This isn't particularly any different than if your current SSD's controller get fried. The SSD is dead. As for other drives FileVault2 , again if your secure boot partition's data is scrambled somehow (i.e., your key storage is nuked ) your disk is pragmatically toast. That current systems have highly approximately the same structural pitfall.

    Largely same crypto key storage technique though that is used regularly on an order of magnitude larger number of iOS devices ( relative to number of Macs). Apple could screw it up if sloppy but don't really have an hardware crypto track record for that. Solid state storage that users/kernel can't mess with and extremely low number of writes and mostly read only. The failure modes are going to be relatively very small compared to normal general usage drive storage.


    Owner forgetting password or T2 failing to function correctly .... which one is more likely ? I'm sure some owners will get locked out, but the root cause is probably not going to be the T2.
     
  8. xnu macrumors 6502

    xnu

    Joined:
    Jul 15, 2004
    #33
    Thank you Glmnet1 !

    One more question if anyone knows... The RX Vega 64 is approximately GTX 1080 Ti level card?

    Just trying to figure out which card to get.
     
  9. M.PaulCezanne macrumors 6502a

    M.PaulCezanne

    Joined:
    Mar 5, 2014
    #34
    They did, but then they decided they wanted ACTUAL security.
     
  10. Constable Odo macrumors 6502

    Constable Odo

    Joined:
    Mar 28, 2008
    #35
    It's being said enterprise companies are buying them because they don't take much in the way of desk-space and they'll be more or less used as desktops geared for specific tasks. Also claimed is a lot of employees are asking for OSX desktops and not Windows. Supposedly, Apple built these enclosed AIO iMacs because that's what many enterprise businesses were asking for and they qualify for relatively inexpensive AppleCare support. It's anyone's guess how many of these iMac Pros Apple will be able to sell. I'd like to purchase a base-model iMac Pro sometime next year and I'm not a professional by any stretch.
     
  11. FelixDerKater Contributor

    FelixDerKater

    Joined:
    Apr 12, 2002
    Location:
    Nirgendwo in Amerika
    #36
    Does the keyboard get TouchID, or an iSight system with FaceID? Coming soon?
     
  12. Baymowe335 macrumors 68020

    Joined:
    Oct 6, 2017
    #37
    You are so hilarious.

    Name 1 case this hack mattered and tell us how long it took Apple to fix after reported.
     
  13. Zarniwoop, Dec 14, 2017
    Last edited: Dec 14, 2017

    Zarniwoop macrumors 6502a

    Joined:
    Aug 12, 2009
    Location:
    West coast, Finland
    #38
    It is more like what Amiga had in the good old days: co-processors, that are taking over some key duties of the CPU, in addition to security enclave similar to TPM. Audio DSP and video ISP are very nice addition for the Mac. I've been waiting for these couple of years now... because CPU's havn't evolved that much anymore, there has been a need for a bunch of co-processors. I think this is one reason why Apple created APFS. To make it work with a security enclave.
    --- Post Merged, Dec 14, 2017 ---
    Here are some of my predictions from 2015 & 2016, although I imagined Apple would need AMD to do this. But maybe that is in the works as well.

    https://forums.macrumors.com/thread...mac-pro-in-2016.1928328/page-22#post-22239493

    https://forums.macrumors.com/threads/2016-nmp.1952250/page-51#post-22749296

    https://forums.macrumors.com/threads/2016-nmp.1952250/page-51#post-22749377

    https://forums.macrumors.com/threads/2016-nmp.1952250/page-55#post-22760533

    https://forums.macrumors.com/threads/2016-nmp.1952250/page-88#post-22870051

    https://forums.macrumors.com/threads/2016-nmp.1952250/page-88#post-22870390

    https://forums.macrumors.com/threads/waiting-for-mac-pro-7-1.1975126/page-49#post-23257976

    https://forums.macrumors.com/thread...-them-until-2017.1983855/page-4#post-23149220
     
  14. Wash08 macrumors member

    Wash08

    Joined:
    Sep 18, 2008
    Location:
    Space
    #39
    If you have to ask, your are not their target user....
     
  15. honam1021 macrumors regular

    Joined:
    Nov 4, 2012
    #40
  16. PastaPrimav macrumors 6502

    Joined:
    Nov 6, 2017
    #41
    A shame that Face ID wasn't included in this. Mac needs Face ID.
     
  17. Zarniwoop macrumors 6502a

    Joined:
    Aug 12, 2009
    Location:
    West coast, Finland
    #42
    They'd need to put T1 in the keyboard. Maybe that is coming with modular Mac Pro next year?

    Update: sorry, my brain was reading TouchID.... sorry for the confusion... :-]
     
  18. deconstruct60 macrumors 604

    Joined:
    Mar 10, 2009
    #43
    No. The keyboard is not hardwired into the main logic board. So it isn't like the T1 case in a MBP.
    The camera is hooked to it.

    No. Probably more of a cost issue than could it be done issue. running iSight through the chip is probably more a security issue ( rogue program activating your camera / microphone without you knowing it) than a login in measure.

    Need the "AI" inferencing subsystem to do the real time facial recognition. Adding that to the chip at this point would probably drive costs much higher than necessary. Besides it has SSD controller 'drama' (workload) to handle at the moment. There is enough complexity to what the T2 has to cover now without adding more. There will probably be a future "kitchen sink" chip when can do more for less costs ( something like 2020+ timeframe I would guess), but probably make these T2 for a while to recoup the costs.
    --- Post Merged, Dec 14, 2017 ---
    T1 in a keyboard doesn't make alot of sense. First, the video for the touch bar is copied from the RAM framebuffer to the T1 chip to be pushed out to the touch display. Detaching that separate, discrete keyboard means all of that has to be pulled over a USB 3 connect. Bandwidth wise not a too big of a deal but it is constant work, which means constant power requirements. General trend for Apple is away from wired keyboards. So bluetooth and batteries are even bigger issue ( less bandwidth and limited power).

    The other issue have is that keyboard can walk away relatively easily. Want all your secure keys to walk away with a simple unplug ( or just walk away period if wireless) with a device that has your fingerprints all over it. Specific fingers targeting individual keys.


    Add the cost of an Apple watch to a base keyboard price that is optional is probably not going to be bought by very many. With the MBP the Apple watch tax isn't really a choice.
     
  19. Zarniwoop macrumors 6502a

    Joined:
    Aug 12, 2009
    Location:
    West coast, Finland
    #44
    Yes. Re-read my post again... made some updates...

    But still, I think if there's going to be TouchID on a wireless keyboard ever, it needs T1, or similar. What it does really is just to keep your fingerprint info in it. And for secondary use, it could draw the letters on the keys that have oled panel each.
     
  20. Tech198 macrumors G5

    Joined:
    Mar 21, 2011
    Location:
    Australia, Perth
    #45
    I dunno, whats with Apple and having affections with the Terminator.

    [​IMG]
     
  21. deconstruct60, Dec 14, 2017
    Last edited: Dec 14, 2017

    deconstruct60 macrumors 604

    Joined:
    Mar 10, 2009
    #46
    If you go to the power section of the review you'll see that those full sized desktop cards are drawing 314-459W . According the iMac Pro marketing page the iMac Pro maxes out at 500W for the whole system. The TDP for the Intel Xeon W chip is 140W. Let say that draws 80-100W on a average workload. However, there is also the display, SSD , etc. etc. so can easily 'back of envelope' put it at less than 325W for the GPU. In short, the clocking is likely not the same. Like the MP 2013 GPUs these are likely clocked lower to fit the thermal envelope constraints.

    If slavishly trying to match the exact same specs of a desktop Nvidia card's top end, then the top end option is probably closer.
     
  22. Zarniwoop macrumors 6502a

    Joined:
    Aug 12, 2009
    Location:
    West coast, Finland
    #47
    Yes, hence they're branded Radeon Pro, former Firepro. They're run under more optimal perf/watt ratio for Vega chip. RX cards are overclocked to the roof and are far away from the perfect perf/watt in order to keep up with Nvidia. But this way AMD sacrificed the efficiency.
     
  23. Peter K. macrumors 6502a

    Peter K.

    Joined:
    Nov 6, 2012
    Location:
    SoCal / Philly
    #48
    Actually, the T101, T1000 and TX were the models sent back in time in T1, T2 and T3, respectively.
     
  24. leman macrumors G3

    Joined:
    Oct 14, 2008
    #49
    You restore from backup which you as a responsible person have maintained regularly. basically, same as with any other hardware failure.
     
  25. Ener Ji macrumors regular

    Joined:
    Apr 10, 2010
    #50
    Backups are critical for any data that it is irreplaceable. SSDs are much more reliable than magnetic spinning discs, but all hardware has the possibility to fail and cause data loss.

    I fully expect Face ID to come to Macs, but not for at least a couple of years. I expect the rollout to proceed somewhat like this:
    • Next to the iPad Pro (rumored to be refreshed Spring 2018).
    • Then to the mainstream iPhones releasing Fall 2018 (iPhone 9 or whatever they are called).
    • Then sometime around 2019 or 2020, Macs and regular iPads will start to get it, coinciding with their scheduled refreshes. (For example, MBP gets a major refresh roughly every four years, so 2020 would be a logical guess given the last major refresh was in 2016.)
    • The iPhone SE and iPad Mini (assuming it still exists) will probably be last to get it, in 2020+.
    All that said, given the iMac Pro will be a lower-volume iMac and it just got refreshed, I wouldn't expect Face ID any time soon.
     

Share This Page