Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iMac Pro Features Apple's Custom T2 Chip With Secure Boot Capabilities

btrach144 said:
So this is similar to the TPM 2.0 chip that some enterprise PCs use?
Click to expand...
In that the TPM is vital for enabling BitLocker or other encryption schemes, yes, but that’s pretty much where the similarities end.

Apple has made the T2 the home for some very important/impressive in-house designs from the ISP to the SMC.
 
  • Like
Reactions: MrUNIMOG
Glmnet1 said:
If they put one of these in every 2018 models, by the time the current models are not supported anymore (~2024) I'm pretty sure they could prevent installation of the latest macOS on non-official hardware.
Click to expand...

FakeT2Chip.kext . Will have to have this since FakeSMC.kext won't make sense in ~2024.
[doublepost=1513281317][/doublepost]So the SSDs Apple are using in the T/12 computers lack a flash transition layer. Saves Apple money (not you.)
 
  • Like
Reactions: vkd, stiligFox, honam1021 and 1 other person
deanthedev said:
....

If the T2 chip can perform real-time encryption while maintaining this performance then it’s not some “companion” chip - it would need some serious chops to do this.
Click to expand...

Serious chops? No more than most of the other SSD controllers used by mid-upper tier SSDs these days. Sandforce controllers did 'on the fly' encryption more than several years ago. Once Apple takes the SSD controller duties away from a third party SSD controller, being able to do on the fly encrypt is simply just replacing the technological capability of a reasonable 3rd party solution.

AES was selected ( and designed ) to be relatively easy to be implemented in fix transistor logic implementations. The Intel CPUs can pragmatically do on the fly encryption from RAM. It is not so much "chops' as simply allocating sufficient transistor budget.

The bigger issue here is Apple taking that third party SSD position. More than likely this is a SSD that is soldered on logic board (like some recent laptops). A modular SSD that fit into a socket ( even Apple tweaked S2 socket) still has the controller on the card/module. If the controller is inside of this T2 chip then that is most likely soldered to the board. At that point the NAND chips would pragmatically need to be also.


Apple spent $390-400M more than several years ago to buy a SSD controller company ( https://www.macrumors.com/2012/01/10/apple-confirms-acquisition-of-israeli-flash-memory-firm-anobit/), so not particularly surprising they are in process of kicking all the other 3rd parties out of standard Mac configurations across the whole Mac product line.

If forget the boot password , the drive is attached to the logic board, and have turned off booting from external devices .......... a bit more than dead in the water at that point. ( hopefully there is a service port that can trigger a secure erase. )
[doublepost=1513282146][/doublepost]
G-News said:
So what happens when your disk is encrypted but separated from it’s T2 enclave, because the T2 is fried, or another problem occurs with the mainboard that requires the SSD to be migrated to another machine?
Click to expand...

This isn't particularly any different than if your current SSD's controller get fried. The SSD is dead. As for other drives FileVault2 , again if your secure boot partition's data is scrambled somehow (i.e., your key storage is nuked ) your disk is pragmatically toast. That current systems have highly approximately the same structural pitfall.

Largely same crypto key storage technique though that is used regularly on an order of magnitude larger number of iOS devices ( relative to number of Macs). Apple could screw it up if sloppy but don't really have an hardware crypto track record for that. Solid state storage that users/kernel can't mess with and extremely low number of writes and mostly read only. The failure modes are going to be relatively very small compared to normal general usage drive storage.


Seems like the T2 is great at protecting the data to be read by anyone, including the owner...
Click to expand...

Owner forgetting password or T2 failing to function correctly .... which one is more likely ? I'm sure some owners will get locked out, but the root cause is probably not going to be the T2.
 
  • Like
Reactions: vkd, dysamoria, Ener Ji and 2 others
Glmnet1 said:
You should be able to run Windows without any issue.

No liquid cooling, it uses a new cooling design with two fans which is more efficient than the regular iMac.
Click to expand...

Thank you Glmnet1 !

One more question if anyone knows... The RX Vega 64 is approximately GTX 1080 Ti level card?

Just trying to figure out which card to get.
 
Gary1580 said:
Why in the world would anyone buy one of these?
Click to expand...
It's being said enterprise companies are buying them because they don't take much in the way of desk-space and they'll be more or less used as desktops geared for specific tasks. Also claimed is a lot of employees are asking for OSX desktops and not Windows. Supposedly, Apple built these enclosed AIO iMacs because that's what many enterprise businesses were asking for and they qualify for relatively inexpensive AppleCare support. It's anyone's guess how many of these iMac Pros Apple will be able to sell. I'd like to purchase a base-model iMac Pro sometime next year and I'm not a professional by any stretch.
 
  • Like
Reactions: dysamoria and MrUNIMOG
btrach144 said:
So this is similar to the TPM 2.0 chip that some enterprise PCs use?
Click to expand...
It is more like what Amiga had in the good old days: co-processors, that are taking over some key duties of the CPU, in addition to security enclave similar to TPM. Audio DSP and video ISP are very nice addition for the Mac. I've been waiting for these couple of years now... because CPU's havn't evolved that much anymore, there has been a need for a bunch of co-processors. I think this is one reason why Apple created APFS. To make it work with a security enclave.
[doublepost=1513285895][/doublepost]Here are some of my predictions from 2015 & 2016, although I imagined Apple would need AMD to do this. But maybe that is in the works as well.

https://forums.macrumors.com/thread...mac-pro-in-2016.1928328/page-22#post-22239493

https://forums.macrumors.com/threads/2016-nmp.1952250/page-51#post-22749296

https://forums.macrumors.com/threads/2016-nmp.1952250/page-51#post-22749377

https://forums.macrumors.com/threads/2016-nmp.1952250/page-55#post-22760533

https://forums.macrumors.com/threads/2016-nmp.1952250/page-88#post-22870051

https://forums.macrumors.com/threads/2016-nmp.1952250/page-88#post-22870390

https://forums.macrumors.com/threads/waiting-for-mac-pro-7-1.1975126/page-49#post-23257976

https://forums.macrumors.com/thread...-them-until-2017.1983855/page-4#post-23149220
 
Last edited:
  • Like
Reactions: zapmymac and dysamoria
FelixDerKater said:
Does the keyboard get TouchID,
Click to expand...

No. The keyboard is not hardwired into the main logic board. So it isn't like the T1 case in a MBP.
The camera is hooked to it.

or an iSight system with FaceID? Coming soon?
Click to expand...

No. Probably more of a cost issue than could it be done issue. running iSight through the chip is probably more a security issue ( rogue program activating your camera / microphone without you knowing it) than a login in measure.

Need the "AI" inferencing subsystem to do the real time facial recognition. Adding that to the chip at this point would probably drive costs much higher than necessary. Besides it has SSD controller 'drama' (workload) to handle at the moment. There is enough complexity to what the T2 has to cover now without adding more. There will probably be a future "kitchen sink" chip when can do more for less costs ( something like 2020+ timeframe I would guess), but probably make these T2 for a while to recoup the costs.
[doublepost=1513288888][/doublepost]
Zarniwoop said:
They'd need to put T1 in the keyboard. Maybe that is coming with modular Mac Pro next year?
Click to expand...

T1 in a keyboard doesn't make alot of sense. First, the video for the touch bar is copied from the RAM framebuffer to the T1 chip to be pushed out to the touch display. Detaching that separate, discrete keyboard means all of that has to be pulled over a USB 3 connect. Bandwidth wise not a too big of a deal but it is constant work, which means constant power requirements. General trend for Apple is away from wired keyboards. So bluetooth and batteries are even bigger issue ( less bandwidth and limited power).

The other issue have is that keyboard can walk away relatively easily. Want all your secure keys to walk away with a simple unplug ( or just walk away period if wireless) with a device that has your fingerprints all over it. Specific fingers targeting individual keys.


Add the cost of an Apple watch to a base keyboard price that is optional is probably not going to be bought by very many. With the MBP the Apple watch tax isn't really a choice.
 
  • Like
Reactions: dysamoria
deconstruct60 said:
No. The keyboard is not hardwired into the main logic board. So it isn't like the T1 case in a MBP.
The camera is hooked to it.



No. Probably more of a cost issue than could it be done issue. running iSight through the chip is probably more a security issue ( rogue program activating your camera / microphone without you knowing it) than a login in measure.

Need the "AI" inferencing subsystem to do the real time facial recognition. Adding that to the chip at this point would probably drive costs much higher than necessary. Besides it has SSD controller 'drama' (workload) to handle at the moment. There is enough complexity to what the T2 has to cover now without adding more. There will probably be a future "kitchen sink" chip when can do more for less costs ( something like 2020+ timeframe I would guess), but probably make these T2 for a while to recoup the costs.
[doublepost=1513288888][/doublepost]

T1 in a keyboard doesn't make alot of sense. First, the video for the touch bar is copied from the RAM framebuffer to the T1 chip to be pushed out to the touch display. Detaching that separate, discrete keyboard means all of that has to be pulled over a USB 3 connect. Bandwidth wise not a too big of a deal but it is constant work, which means constant power requirements. General trend for Apple is away from wired keyboards. So bluetooth and batteries are even bigger issue ( less bandwidth and limited power).

The other issue have is that keyboard can walk away relatively easily. Want all your secure keys to walk away with a simple unplug ( or just walk away period if wireless) with a device that has your fingerprints all over it. Specific fingers targeting individual keys.


Add the cost of an Apple watch to a base keyboard price that is optional is probably not going to be bought by very many. With the MBP the Apple watch tax isn't really a choice.
Click to expand...
Yes. Re-read my post again... made some updates...

But still, I think if there's going to be TouchID on a wireless keyboard ever, it needs T1, or similar. What it does really is just to keep your fingerprint info in it. And for secondary use, it could draw the letters on the keys that have oled panel each.
 
  • Like
Reactions: dysamoria
I dunno, whats with Apple and having affections with the Terminator.

lionsgate-2001194-100181-Full-Image_GalleryBackground-en-US-1483993497664._RI_SX940_.jpg
 
  • Like
Reactions: DeepIn2U
honam1021 said:
Depending on the workload. It's on pair with 1080 Ti/Titan Xp in some benchmarks but falls behind 1070 in others

https://www.anandtech.com/show/11717/the-amd-radeon-rx-vega-64-and-56-review/17
Click to expand...

If you go to the power section of the review you'll see that those full sized desktop cards are drawing 314-459W . According the iMac Pro marketing page the iMac Pro maxes out at 500W for the whole system. The TDP for the Intel Xeon W chip is 140W. Let say that draws 80-100W on a average workload. However, there is also the display, SSD , etc. etc. so can easily 'back of envelope' put it at less than 325W for the GPU. In short, the clocking is likely not the same. Like the MP 2013 GPUs these are likely clocked lower to fit the thermal envelope constraints.

If slavishly trying to match the exact same specs of a desktop Nvidia card's top end, then the top end option is probably closer.
 
Last edited:
deconstruct60 said:
If you go to the power section of the review you'll see that those full sized desktop cards are drawing 314-459W . According the iMac Pro marketing page the iMac Pro maxes out at 500W for the whole system. The TDP for the Intel Xeon W chip is 140W. Let say that draws 80-100W on a average workload. However, there is also the display, SSD , etc. etc. so can easily 'back of envelope' put it at less than 325W for the GPU. In short, the clocking is likely not the same. Like the MP 2013 GPUs these are likely clocked lower to fit the thermal envelope constraints.
Click to expand...
Yes, hence they're branded Radeon Pro, former Firepro. They're run under more optimal perf/watt ratio for Vega chip. RX cards are overclocked to the roof and are far away from the perfect perf/watt in order to keep up with Nvidia. But this way AMD sacrificed the efficiency.
 
  • Like
Reactions: honam1021, Ener Ji and MrUNIMOG
G-News said:
So what happens when your disk is encrypted but separated from it’s T2 enclave, because the T2 is fried, or another problem occurs with the mainboard that requires the SSD to be migrated to another machine?

Seems like the T2 is great at protecting the data to be read by anyone, including the owner...
Click to expand...

You restore from backup which you as a responsible person have maintained regularly. basically, same as with any other hardware failure.
 
  • Like
Reactions: dysamoria and Ener Ji
G-News said:
So what happens when your disk is encrypted but separated from it’s T2 enclave, because the T2 is fried, or another problem occurs with the mainboard that requires the SSD to be migrated to another machine?

Seems like the T2 is great at protecting the data to be read by anyone, including the owner...
Click to expand...

Backups are critical for any data that it is irreplaceable. SSDs are much more reliable than magnetic spinning discs, but all hardware has the possibility to fail and cause data loss.

BMcCoy said:
I wonder if they considered sticking in a FaceID camera?

Presumably they'll show up on all Apple devices over the next couple of years..?
Click to expand...

FelixDerKater said:
Does the keyboard get TouchID, or an iSight system with FaceID? Coming soon?
Click to expand...

PastaPrimav said:
A shame that Face ID wasn't included in this. Mac needs Face ID.
Click to expand...

I fully expect Face ID to come to Macs, but not for at least a couple of years. I expect the rollout to proceed somewhat like this:
  • Next to the iPad Pro (rumored to be refreshed Spring 2018).
  • Then to the mainstream iPhones releasing Fall 2018 (iPhone 9 or whatever they are called).
  • Then sometime around 2019 or 2020, Macs and regular iPads will start to get it, coinciding with their scheduled refreshes. (For example, MBP gets a major refresh roughly every four years, so 2020 would be a logical guess given the last major refresh was in 2016.)
  • The iPhone SE and iPad Mini (assuming it still exists) will probably be last to get it, in 2020+.
All that said, given the iMac Pro will be a lower-volume iMac and it just got refreshed, I wouldn't expect Face ID any time soon.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back