Apple surprised customers witha sudden (but expected) hardware refreshof its 13- and 15-inch MacBook Pros without an on-stage introduction. The updated models include the T2 security chip first introduced in2017’s iMac Proproviding a secure boot, encrypted storage, live “Hey Siri” commands, and more.
“The Apple T2 chip includes a Secure Enclave coprocessor that provides the foundation for secure boot and encrypted storage capabilities,” the company states. “It also consolidates many discrete controllers, including the system management controller, audio controller, and SSD controller, into one.”
A deep-dive into the chipshows that it includes a built-in hardware encryption engine that encrypts all data stored on the MacBook Pro’s SSD. This process uses 256-bit AES encryption and security keys unique to that specific MacBook Pro model. Owners gain access to the data throughApple’s FileVault platformthat provides your own personal key.
This method is great in that data cannot be accessed without your personal key. Moreover, if the SSD were to be removed, a hacker still won’t gain access to the stored data. But that also means you can’t move the SSD to another MacBook Pro should your current model suffer catastrophic failure. This is why you should frequently make backups usingTime Machine.
Apple’s T2 chip also provides what Apple calls a “hardware root of trust,” meaning that the chip handles the startup process. It monitors each step and cryptographically signs an approval so that the startup can progress to the next stage. This process includes scanning the firmware, the system kernel, kernel extensions, and more. It will even scan the integrity of Boot Camp Windows-based volumes.
What this means for MacBook Pro owners is that their device isn’t susceptible to low-level attacks, as only verified, trusted software will launch during the startup process. But you can control the secure boot process by pressing “Command-R” to access theStartup Security Utility. With this tool, you can password-protect the firmware and enable/disable booting from external devices.
This tool also provides three settings — full, medium, and no — to control how strict the T2 chip will be during boot. For instance, theFull Security mode, set by default, requires a network connection to verify the operating system’s integrity, the latest version of MacOS, and “verifiable” software at boot. Meanwhile, theMedium Security settingdoesn’t require the latest MacOS or an internet connection but still has the “verifiable software” requirement.
Other features provided by Apple’s T2 chip include an always-listening “Hey Siri,” a first for MacBooks. The chip also controls both Touch ID and the Touch Bar and includes an image signal coprocessor that works with FaceTime HD. According to Apple, this coprocessor provides “enhanced tone mapping, improved exposure control, and face-detection-based auto-exposure and auto white balance.”
Apple’s new 13-inch MacBook Pro with Touch Bar starts at $1,800 packing an eighth-generation Core i5 processor and four Thunderbolt 3 ports while the non-Touch Bar 13-inch MacBook Pros still ride on older seventh-generation processors. The new 15-inch MacBook Pros start at $2,400 packing eighth-generation six-core chips.
