(in)Secure is a weekly column that dives into the rapidly escalating topic of cybersecurity.
The launch of the 2018 MacBook Pro has been rife with controversy, with issues ranging from the performance to the keyboard. While we’re at it, let’s throw one more log on the fire, shall we?
The new MacBook Pros come with what Apple calls the T2 coprocessor — a chip first featured in the iMac Pro. Although its main reason for inclusion is Siri voice activation, it also has important implications on security and storage. Better security is great, but unfortunately, the T2 coprocessor isn’t without problem.
The T2 coprocessor brings all sorts of security features to the MacBook Pros. In its press release, Apple says it has “support for secure boot” and “on-the-fly encrypted storage,” two features that first came when the T2 showed up in last year’s iMac Pro. These security features might not sound like a big deal, but they’ll have a much larger effect on users than activating Siri with your voice.
Apple’s never been all that forthcoming about the exact processes these chips control, but there are a few things we know the T2 does handle. That includes Boot-up, storage, and the Touch Bar/Touch ID. Not only are these processes the Intel CPU and third-party controllers no longer must handle, it keeps them protected in Apple’s closed system of stopgaps.
A great example is the boot-up process, which is now partially handled by the T2. As detailed in initial reports about the coprocessor in the iMac Pro, the T2 verifies everything about the system before it’s allowed to move forward. As soon as the Apple logo appears, the T2 is in control, and acts as Apple’s “root of trust” to ensure that everything checks out.
Encrypted storage is equally important. Because the functions of the conventional disk controller have been replaced by the T2, the coprocessor now has direct control over the storage in your MacBook Pro.
That kind of access allows Apple to ensure every piece of data in the SSD is automatically protected and encrypted. That lets Apple to do things like secure your biometric data outside of the SSD. Right now, that’s just the TouchID sensor, but in the future that could include something like FaceID.
However, some compromises were made to bring these new security features to the MacBook Pro.
While the MacBook Pro’s new storage is fast and safe, the technology has introduced a new problem as well.
In older models of the MacBook Pro, technicians had access to a data access recovery port on the logic board. Thanks to a special tool Apple developed, this port enabled the data of your SSD to be saved — even on a failed logic board. Because memory has been soldered on to the board of MacBooks since 2016, this was the only way to save the data if something went awry on your computer. It was as simple as bringing your dead laptop to a local Apple Store.
But now, thanks to a breakdown by iFixit, we know that data access recovery port is missing on new MacBook Pros. Apple may have another backup plan for recovering data, but none that it has shared so far.
What does this have to do with security? Well, according to sources in contact with MacRumors, this data recovery port was “likely removed because 2018 MacBook Pro models feature Apple’s custom T2 chip, which provides hardware encryption for the SSD storage.”
In other words, to add this extra dose of security with its new processor, Apple’s made it much harder to save your data from the system. That’s great for security, but not great if your MacBook fails.
And, according to internal documents obtained by MacRumors, Apple technicians are advised to encourage users to back up their systems using Time Machine. So, while you can try to stay backed up or possibly send your whole system to a very expensive data recovery specialist, Apple’s ability to service its own products has dwindled. The reliability and service that set Apple’s products apart shrinks by the day.
As with many issues regarding Mac these days, it’s one step forward, two steps back.