Written byConnie Yang
Apple T2 Security Chip Overview: What Does It Do & Is It Helpful
Summary: What is the Apple T2 chip? This article will tell you its definition, what the Apple T2 does, which Mac models have Apple T2, and how to disable it. Also, the differences between the Apple T2 and the M1 chip.
The T2 security chip is the second generation of Apple's T-series chips, which is optimized on the basis of the T1 chip. This article will help you thoroughly learn about the Apple T2 chip. Now, let's discover the secrets of the Apple T2 security chip.
What you'll get from this post:
- 1. What is the Apple T2 chip
- 2. What does Apple's T2 chip do
- 3. T2 chip brings harder data recovery & third-party repairs
- 4. Mac models with the Apple T2 security chip
- 5. How to disable the Apple T2 chip
- 6. FAQs about Apple T2 chip
What is the Apple T2 chip
The T2 chip is Apple's second-generation custom security silicon that is used for Mac devices. All it did are to keep your data stored on Mac more secure. As a coprocessor, the Apple T2 chip delivers the foundation for secure boot, storage encryption, and Touch ID.
Moreover, it also takes over and integrates some of the CPU's work to enhance Mac's performance, including the SSD controller, System Management controller, audio controller, and image signal processor.
Source: From Apple.com
What does Apple's T2 chip do
As a secure chip, T2 offers the administrators a secure boot of their Macs and takes charge of all data encryption on the SSD (your internal hard drive). It indeed brings higher security for your data stored on Mac.
So, how does the Apple T2 chip work to increase your Mac's security? Here are the answers.
The Apple T2 chip brings a secure boot environment
The primary task of the Apple T2 chip is to ensure the entire boot process is cryptographically verified by Apple as approved and trusted. It will check the legality of the OS first during booting.
Besides, it will also ensure that all the components involved in Mac's startup process, including firmware, the macOS kernel, and kernel extensions are signed by Apple.
The T2 chip will prevent all third-party software detected during the boot process, limiting an attacker from inserting malicious code during startup to control your Mac. Once the entire booting process is passed Apple's security verification, then you can boot into macOS.
The Apple T2 chip fully encrypts the SSD
The T2 security chip features real-time encryption and decryption, highly protecting all files on the internal SSD.
Usually, cache data has been generated continually since your Mac started up. And the generated data will be written to flash memory (also called NAND memory) through DMA (Direct Memory Access).
While the T2 security chip offers a dedicated AES Crypto Engine built into the DMA path. During DMA transferring the data, the Secure Enclave's AES Engine will encrypt the data to ciphertext. Finally, the ciphertext (encrypted data) will be stored on your flash memory in macOS.
Note: The AES engine is a customized engine for Secure Enclave on the T2 chip. It can offer one more encryption to the internal SSD that has already used FileVault encryption (FileVault is a built-in disk encryption feature in macOS).
When the stored encrypted data is needed, AES Engine will decrypt the ciphertext and transmit it to the host. If no correct password for decrypting the data, it keeps encrypted.
Source: From Apple.com
Therefore, any of Apple's unsigned components have no chance to access the data in the SSD. Not to mention that third-party software or malware tries to get your data.
The Apple T2 chip protects your Touch ID
Touch ID is an electronic fingerprint recognition feature built on MacBook Air (2018 & later) and MacBook Pro. It provides an easier way for the administrator to unlock their Macs instead of typing a password.
Commonly, you may think that your fingerprint is stored as a fingerprint image on your Mac. Not really. Your Touch ID is compiled as a mathematical representation and only stored on the SSD with the T2 chip's Secure Enclave encryption. Thus, the T2 chip enables the security of your touch ID to be trustworthy.
T2 chip brings harder data recovery & third-party repairs
Apple says their T2 security chip brings completely high security for your whole Mac. On the other hand, it indicates that Apple begins to lock down its Mac devices from data recovery and some third-party repair services.
For data recovery, the T2 makes every Mac have a unique ID for encryption. So, it is fruitless to use Target Disk Mode to recover data from a corrupted T2 Mac. But there still have ways, to use third-party software like iBoysoft Data Recovery for Mac that can help you recover data from Macs with T2 chip securely.
For third-party repairs, it's tougher too. The T2 chip can communicate with other components for better Mac performance. So, it prevents any untrusted components from accessing data on SSD. So, independent repair providers cannot perform Mac repairs as they don't have access to parts of these Mac devices. Not to mention refurbishing your Mac computer.
Mac models with the Apple T2 security chip
You may ask the question "Has my Mac got a T2 chip". Apple started using the T2 security chip in 2017 with the launch of the iMac Pro. If you don't know whether your Mac has a T2 chip, check the following list.
These Mac devices have the Apple security T2 chip:
- iMac Pro
- Mac mini (2018)
- Mac Pro (2019)
- iMac (Retina 5K, 27-inch, 2020)
- MacBook Air (13-inch, 2018, 2019, and 2020)
- MacBook Pro (2018, 2019, and 2020)
Source: From IndiaToday
Or you can also check on your Mac through these steps:
- Open the Apple menu and choose About This Mac.
- Select System Report and click Controller.
If your Mac has an AppleT2 chip, it will be listed there.
How to disable the Apple T2 chip
The T2 security chip supplies Secure Boot utility to ensure you can securely load from a legitimate and approved OS. But if you want to boot into Windows that is installed on the Mac or boot from an external hard drive, the T2 chip will block it.
To overcome this limitation, Startup Security Utility is available on T2-based Mac computers. It has three settings for secure boot: Full Security, Medium Security, and No Security.
The difference between Full Security and Medium Security is that Medium Security won't verify the integrity and reliability of the OS. For No Security, as its name shows, there are no requirements on the OS and your Mac won't boot with security checkings.
Here's how to disable Secure Boot and reset it:
- Press the Command + R keys during the Mac startup to boot in macOS Recovery Mode.
- Select Utilities > Startup Security Utility.
- Reset the Secure Boot option to No Security.
- Check Allow booting from external or removable media if you want to boot from an external device.
FAQs about Apple T2 chip
The T2 chip is a coprocessor on Intel-based Mac computers to cooperate with other Intel chips, mainly featuring the security functionality. But the M1 chip is a separate chip that replaces and integrates features of the Intel chips to work as a CPU on Mac.
The two chips have quite different performance characteristics. The T2 chip brings better overall performance in data read and write on SSD. But for large files, the transfer rates on an M1 Mac is faster than on a T2-based Mac.
Apple T1 is the first generation of Apple's self-designed T series chip while the T2 chip, as its name shows, is the second generation.
The T1 chip is an ARMv7 SoC that delivers with SMC and Touch ID sensor of MacBook Pro with Touch Bar released in 2016 and 2017.
While T2 is a 64-bit ARMv8 chip, releasing with the 2017 iMac Pro. It supports secure boot for Mac machines, which brings higher security and performance than Apple T1 chip.
Apple began to add the T2 security chip to Mac machines since December 2017 with the launch of the iMac Pro computers.