Home > Wiki Tips

Apple T2 Security Chip Overview: What Does It Do & Is It Helpful

Updated on Monday, November 18, 2024

iBoysoft author Connie Yang

Written by

Connie Yang
Professional tech editor

Approved by

Jessica Shee

English Deutsch

Summary: What is the Apple T2 chip? This article will tell you its definition, what the Apple T2 does, which Mac models have Apple T2, and how to disable it. Also, the differences between the Apple T2 and the M1 chip.

Apple T2 chip

The T2 security chip is the second generation of Apple's T-series chips, which is optimized on the basis of the T1 chip. This article will help you thoroughly learn about the Apple T2 chip. Now, let's discover the secrets of the Apple T2 security chip.

What is the Apple T2 chip

The T2 chip is Apple's second-generation custom security silicon that is used for Mac devices. All it did are to keep your data stored on Mac more secure. As a coprocessor, the Apple T2 chip delivers the foundation for secure boot, storage encryption, and Touch ID.

Moreover, it also takes over and integrates some of the CPU's work to enhance Mac's performance, including the SSD controller, System Management controller, audio controller, and image signal processor.

Apple T2 chip
Source: From Apple.com

What does Apple's T2 chip do

As a secure chip, T2 offers the administrators a secure boot of their Macs and takes charge of all data encryption on the SSD (your internal hard drive). It indeed brings higher security for your data stored on Mac.

So, how does the Apple T2 chip work to increase your Mac's security? Here are the answers.

The Apple T2 chip brings a secure boot environment

The primary task of the Apple T2 chip is to ensure the entire boot process is cryptographically verified by Apple as approved and trusted. It will check the legality of the OS first during booting.

Besides, it will also ensure that all the components involved in Mac's startup process, including firmware, the macOS kernel, and kernel extensions are signed by Apple.

The T2 chip will prevent all third-party software detected during the boot process, limiting an attacker from inserting malicious code during startup to control your Mac. Once the entire booting process is passed Apple's security verification, then you can boot into macOS.

The Apple T2 chip fully encrypts the SSD

The T2 security chip features real-time encryption and decryption, highly protecting all files on the internal SSD.

Usually, cache data has been generated continually since your Mac started up. And the generated data will be written to flash memory (also called NAND memory) through DMA (Direct Memory Access).

While the T2 security chip offers a dedicated AES Crypto Engine built into the DMA path. During DMA transferring the data, the Secure Enclave's AES Engine will encrypt the data to ciphertext. Finally, the ciphertext (encrypted data) will be stored on your flash memory in macOS.

 Note: The AES engine is a customized engine for Secure Enclave on the T2 chip. It can offer one more encryption to the internal SSD that has already used FileVault encryption (FileVault is a built-in disk encryption feature in macOS).

When the stored encrypted data is needed, AES Engine will decrypt the ciphertext and transmit it to the host. If no correct password for decrypting the data, it keeps encrypted.

How the Apple T2 chip encrypts the SSD
Source: From Apple.com

Therefore, any of Apple's unsigned components have no chance to access the data in the SSD. Not to mention that third-party software or malware tries to get your data.

The Apple T2 chip protects your Touch ID

Touch ID is an electronic fingerprint recognition feature built on MacBook Air (2018 & later) and MacBook Pro. It provides an easier way for the administrator to unlock their Macs instead of typing a password.

Commonly, you may think that your fingerprint is stored as a fingerprint image on your Mac. Not really. Your Touch ID is compiled as a mathematical representation and only stored on the SSD with the T2 chip's Secure Enclave encryption. Thus, the T2 chip enables the security of your touch ID to be trustworthy.

T2 chip brings harder data recovery & third-party repairs

Apple says their T2 security chip brings completely high security for your whole Mac. On the other hand, it indicates that Apple begins to lock down its Mac devices from data recovery and some third-party repair services.

For data recovery, the T2 makes every Mac have a unique ID for encryption. So, it is fruitless to use Target Disk Mode to recover data from a corrupted T2 Mac. But there still have ways, to use third-party software like iBoysoft Data Recovery for Mac that can help you recover data from Macs with T2 chip securely.

For third-party repairs, it's tougher too. The T2 chip can communicate with other components for better Mac performance. So, it prevents any untrusted components from accessing data on SSD. So, independent repair providers cannot perform Mac repairs as they don't have access to parts of these Mac devices. Not to mention refurbishing your Mac computer.

Mac models with the Apple T2 security chip

You may ask the question "Has my Mac got a T2 chip". Apple started using the T2 security chip in 2017 with the launch of the iMac Pro. If you don't know whether your Mac has a T2 chip, check the following list.

These Mac devices have the Apple security T2 chip:

  • iMac Pro
  • Mac mini (2018)
  • Mac Pro (2019)
  • iMac (Retina 5K, 27-inch, 2020)
  • MacBook Air (13-inch, 2018, 2019, and 2020)
  • MacBook Pro (2018, 2019, and 2020)

MacBook Pro with Apple T2 chip
Source: From IndiaToday

Or you can also check on your Mac through these steps:

  1. Open the Apple menu and choose About This Mac.
  2. Select System Report and click Controller.

If your Mac has an AppleT2 chip, it will be listed there.

Check if your Mac has the Apple T2 chip

How to disable the Apple T2 chip

The T2 security chip supplies Secure Boot utility to ensure you can securely load from a legitimate and approved OS. But if you want to boot into Windows that is installed on the Mac or boot from an external hard drive, the T2 chip will block it.

To overcome this limitation, Startup Security Utility is available on T2-based Mac computers. It has three settings for secure boot: Full Security, Medium Security, and No Security.

The difference between Full Security and Medium Security is that Medium Security won't verify the integrity and reliability of the OS. For No Security, as its name shows, there are no requirements on the OS and your Mac won't boot with security checkings.

Disable the Apple T2 chip

Here's how to disable Secure Boot and reset it:

  1. Press the Command + R keys during the Mac startup to boot in macOS Recovery Mode.
  2. Select Utilities > Startup Security Utility.
  3. Reset the Secure Boot option to No Security.
  4. Check Allow booting from external or removable media if you want to boot from an external device.

People Also Ask

Read More Questions