Skip to main content

The Apple T2 chip in the latest MacBook Pros offer a deeper level of security

Apple surprised customers with a sudden (but expected) hardware refresh of its 13- and 15-inch MacBook Pros without an on-stage introduction. The updated models include the T2 security chip first introduced in 2017’s iMac Pro providing a secure boot, encrypted storage, live “Hey Siri” commands, and more.

“The Apple T2 chip includes a Secure Enclave coprocessor that provides the foundation for secure boot and encrypted storage capabilities,” the company states. “It also consolidates many discrete controllers, including the system management controller, audio controller, and SSD controller, into one.”

A deep-dive into the chip shows that it includes a built-in hardware encryption engine that encrypts all data stored on the MacBook Pro’s SSD. This process uses 256-bit AES encryption and security keys unique to that specific MacBook Pro model. Owners gain access to the data through Apple’s FileVault platform that provides your own personal key.

This method is great in that data cannot be accessed without your personal key. Moreover, if the SSD were to be removed, a hacker still won’t gain access to the stored data. But that also means you can’t move the SSD to another MacBook Pro should your current model suffer catastrophic failure. This is why you should frequently make backups using Time Machine.

Apple’s T2 chip also provides what Apple calls a “hardware root of trust,” meaning that the chip handles the startup process. It monitors each step and cryptographically signs an approval so that the startup can progress to the next stage. This process includes scanning the firmware, the system kernel, kernel extensions, and more. It will even scan the integrity of Boot Camp Windows-based volumes.

What this means for MacBook Pro owners is that their device isn’t susceptible to low-level attacks, as only verified, trusted software will launch during the startup process. But you can control the secure boot process by pressing “Command-R” to access the Startup Security Utility. With this tool, you can password-protect the firmware and enable/disable booting from external devices.

This tool also provides three settings — full, medium, and no — to control how strict the T2 chip will be during boot. For instance, the Full Security mode, set by default, requires a network connection to verify the operating system’s integrity, the latest version of MacOS, and “verifiable” software at boot. Meanwhile, the Medium Security setting doesn’t require the latest MacOS or an internet connection but still has the “verifiable software” requirement.

Other features provided by Apple’s T2 chip include an always-listening “Hey Siri,” a first for MacBooks. The chip also controls both Touch ID and the Touch Bar and includes an image signal coprocessor that works with FaceTime HD. According to Apple, this coprocessor provides “enhanced tone mapping, improved exposure control, and face-detection-based auto-exposure and auto white balance.”

Apple’s new 13-inch MacBook Pro with Touch Bar starts at $1,800 packing an eighth-generation Core i5 processor and four Thunderbolt 3 ports while the non-Touch Bar 13-inch MacBook Pros still ride on older seventh-generation processors. The new 15-inch MacBook Pros start at $2,400 packing eighth-generation six-core chips.

Editors' Recommendations