An open community 
of Macintosh users,
for Macintosh users.

FineTunedMac Dashboard widget now available! Download Here

Previous Thread
Next Thread
Print Thread
T2 chip - what it means for new macs
#49641 08/03/18 10:56 AM
Joined: Aug 2009
OP Offline

Joined: Aug 2009
I'd like to discuss the upcoming "T2" chip that Apple is starting to put in the Mac Pros, iMac Pros, and MacBook Pros (with touch-bar)"

https://www.digitaltrends.com/computing/apple-t2-chip-brings-deeper-secuirty-to-macbook-pro/

Right now, an out-of-the-box macintosh has SIP enabled, primarily meaning root is neutered and you can't netboot off a server. The T2 is kicking it up a notch. Here's the highlight:

Quote:
This tool also provides three settings — full, medium, and no — to control how strict the T2 chip will be during boot. For instance, the Full Security mode, set by default, requires a network connection to verify the operating system’s integrity, the latest version of MacOS, and “verifiable” software at boot. Meanwhile, the Medium Security setting doesn’t require the latest MacOS or an internet connection but still has the “verifiable software” requirement.


Read that again. Summary: "by default, your computer requires an internet connection to BOOT"

And here I thought iPads requiring a network connection to activate was bad!

"rootless" has been irritating enough for me at work. It would seem that what had been merely rolling downhill, has just leapt off a cliff...

(this is the hardware equivalent of "internet connection required to run the software" DRM, which as far as I can tell, Steam is the only one that has managed to pull off without starting a riot)


I work for the Department of Redundancy Department
Re: T2 chip - what it means for new macs
Virtual1 #49643 08/03/18 03:29 PM
Joined: Aug 2009
Likes: 8
Offline

Joined: Aug 2009
Likes: 8
"The latest version of MacOS" is another annoyance. Users often delay in updating.

It may come down to how easily the settings you mention can be changed.


On a Mac since 1984.
Currently: 24" M1 iMac, M2 Pro Mac mini with 27" BenQ monitor, M2 Macbook Air, MacOS 14.x; iPhones, iPods (yes, still) and iPads.
Re: T2 chip - what it means for new macs
Virtual1 #49645 08/03/18 04:33 PM
Joined: Aug 2009
Likes: 15
Online

Joined: Aug 2009
Likes: 15
I can't imagine there not being a setting that will allow you to use your Mac in a remote location where internet isn't available. (It will be a function of necessity and should, but probably won't, be easy to toggle.)

Nor can I imagine the frustration when you forget to toggle it before you're out of internet range.

I've worked with SIP disabled since day one and will go for the same sort of setting - which I can't imagine not being available in the new environment - when/if I'm beholden to it.

Does "verifiable software" mean that developers will be prevented from running their own under-development software without totally disabling their enforced security?

Are they still our computers, or are they now just on loan from Apple and subject to their owner's whims?


The new Great Equalizer is the SEND button.

In Memory of Harv: Those who can make you believe absurdities can make you commit atrocities. ~Voltaire

Moderated by  alternaut, cyn 

Link Copied to Clipboard
Powered by UBB.threads™ PHP Forum Software 7.7.4
(Release build 20200307)
Responsive Width:

PHP: 7.4.33 Page Time: 0.025s Queries: 20 (0.019s) Memory: 0.5775 MB (Peak: 0.6345 MB) Data Comp: Zlib Server Time: 2024-03-29 09:00:44 UTC
Valid HTML 5 and Valid CSS