Hi guys, I am part of the team working on all things T2. [1]
The checkra1n support is just in a PoC state, it will successfully exploit and boot the T2. The payload support is partially broken, but being worked on.
Additionally, we have SSH working over usbmuxd from a tethered device [2] and SSH working from macOS on device, with an SDK in the works [3].
Some key takeaways from the T2 being jailbroken:
- Custom Bootloaders (OpenCore, Coreboot, etc) are now possible as the T2 validates/sends the UEFI payload to PCH using a bridgeOS binary called MacEFIUtil, which can trivially have its signature checks patched.
- Filevault and by extension Touch ID are more or less crippled, especially in light of the recent SEP exploits. Amusingly, Apple uses a hardcoded "passcode", analogous to an iDevice's unlock pin in plain text within the UEFI firmware.
- Support for In-System Debugging of the PCH/Intel processor over USB. This works in a similar fashion to those Bonobo cable used for debugging iDevices [4]. We are working on building an accessory that you can purchase and plug into your Mac with a USB male endpoint exposing Intel's DCI debugging protocol.
- Lightweight AppleSilicon Tinkering environment. With SSH support from macOS on device, and the T2's modest specs, its a nice sandbox for messing with arm64 stuff. It's a pretty peppy chip, at times coming close to my 8th gen i7...yikes.
The Secure Enclave on the T2 chip was used to store secrets that were supposed to stay inaccessible, even to someone with physical access.
If you use a strong password to encrypt your drive you should still be safe, unless Apple did something really stupid. The password is used as a one-way hash to generate the key.
However if you can login with Touch ID and they find a way to use known SE exploits, it's compromised. Your fingerprint isn't a secret that gets hashed – instead it's verified by the SE which also holds the secret key for the drive.
Some one from Apple, I'm sure you read this. Please answer this ASAP. I rely on mac and FileValute for professional use at work. Need to know the state of this exploit.
Software encryption is very often much easier to rotate than integrated solutions. When all the TPM chips were broken, Windows stopped using them for BitLocker, but didn't reencrypt any of the affected disks. They're just as vulnerable as they were.
Software encryption is also harder to protect without a trusted boot path. My point was just that this isn't a simple binary decision but rather something which requires review and defense in depth.
Go count how many CVEs have come out for OpenSSL, GNUTLS, LUKS, etc. and ask whether you’re offering helpful advice. Security is expensive and there are no silver bullets: at the end of the day you need a lot of skilled work and being open source doesn’t magically get that for free.
Are you seriously claiming that anything short of omniscience is useless? In most fields people deal with incomplete data on a daily basis and this is no different. CVEs don’t tell you everything but they definitely give you more than zero, and more to the point, the many vulnerabilities in open source projects suggests that the very broad but completely unsupported claim I was responding to is based on ideology rather than reasoned analysis.
> the many vulnerabilities in open source projects suggests that the very broad but completely unsupported claim I was responding to is based on ideology rather than reasoned analysis
Does it? In order to claim that, one would have to have some idea of (a) the ratio of disclosed vulnerabilities to true vulnerabilities discovered in both open source, accessible code vs closed source, hardware locked code, and (b) the relative ratios of disclosed vulnerabilities.
Do you have any idea what either ratio might be? 1:1? 4:1? 1:4? 100:1?
Again, the comment I responded to made an absolute claim but, like you, had no supporting evidence. Unless one of you can produce some evidence it’s hard to support the belief that this is based on data.
If you read the thread, note that I’m not taking a side other than finding it absurd to claim that all open source products are inherently better than all proprietary products with no analysis or data.
Unless you know the true ratio, you can't claim that open source projects are better either. Or that one has advantages over the other when it comes to cryptographic security.
I'm not GP and I'm not arguing for either side, just pointing i tout.
I disagree. There are times when either no open-source solution is available, or the open-source solution is unmaintained, or not popular (thus not under much scrutiny) and you don't have the resources (time and skill) to audit it yourself.
As long as the incentives of the developer of the security scheme and the end-user are aligned (so no backdoors), I would trust a widespread, proprietary solution which appears to stand up to significant attacks (the solution being widespread means there are lots of efforts underway to crack it) more than an open-source implementation that nobody uses.
As it stands now, from my understanding, the failure case of the proprietary solution is the same level of security as the best case of the open source solution. So I don't see your point. Open source isn't any better.
Open source full disk encryption can be password cracked without limitations just like a hacked T2 chip. A sleeping open source full disk encryption machine can be accessed with enough skill to pull things out of frozen ram, etc.
I want not note, that ZFS is not full disk encryption.
ZFS native encryption was designed to allow secure backups via "zfs send | zfs receive" mechanism, so it encrypt only data blocks, and not metadata.
LUKS and GEIL are full-disk encryption systems, and if you need FDE, you must use them under ZFS, not ZFS native encryption.
> It's a pretty peppy chip, at times coming close to my 8th gen i7...yikes.
Have you got any benchmarks? It is passively cooled right? I am really surprised to hear a ~2016 arm64 CPU can can beat a 2019 Intel i7 in even synthetic benchmarks.
Some synthetic benchmarks are so simple that they almost reduce to a measure of CPU clock speed and instruction parallelism. Find a benchmark that uses a unique instruction combination on one CPU and it will heavily disadvantage the other CPU.
Add a real world workload to the mix with heavy memory access and mixed compute workloads and the chips will diverge significantly in performance.
I work with some cross-platform code that has to run on mobile devices and desktop platforms. The advances Apple has made in low power performance are incredible, but the idea that their iPhone chips are as fast as desktop computers is still far from the truth unless you’re measuring specific, heavily optimized workloads.
I’m still excited to see what Apple can do with a full desktop level power budget though.
I suspect the "benchmarks are stupid" comments will die down the moment people start running desktop software on these chips, because it will cease to be a convenient excuse. While benchmarks may occasionally be slightly misleading, they are usually a good indicator of performance if done well–and if you've ever actually run desktop-class software on one of these chips you'll see that the divergence is just not there.
Mostly synthetics and some program compilation (configure+make) tests. Yes, it is passively cooled. To clarify, it does not match the host Intel CPU (i7-8750H @ 2.2GHz) but in some synthetics, i.e. Coremark, the T2 does come close. I would attribute the i7's lackluster performance mainly to thermal throttling issues.
Userbenchmark is not a good site to use. Although it is typically the first search result, most hardware subreddits have banned it or issued notices on how biased or even false their content is (eg. An i3 considered better than a Ryzen 9 3900x).
They aren’t, they’ve removed much of the Intel software that is usually included with UEFI except what is required for DRMed video. If the T2 is compromised, they say that one could compromise UEFI on the device permanently as well.
Yes, although now the Mac is as secure as any PC with UEFI Secure Boot (and no Intel ME), which isn’t necessarily the end of the world if you have a long firmware password (which protects the Recovery Mode secure boot utility) and login password (which protects FileVault). If you’re in a position where you could be compromised by a state actor or a hacker group (that can find a public flaw in Secure Boot that isn’t just turning it off), perhaps throw away your Mac, but everyone else should still be “okay”.
Part of me wonders if there could be a way to permanently disable DFU mode (preferably outside of epoxy in the upper left USB-C port). That would prevent someone from jailbreaking the T2, albeit you would no longer be able to replace the SSD or Touch ID sensor (not that you’d want to anyway if you were at risk).
Unfortunately, physically obstructing the primary port would not completely prevent DFU from being accessed. With the aforementioned accessory device, the ACE Type-C controllers within Macs can automatically reroute the DFU, DCI, and PCH/T2 UARTs to any of the other ports, irrespective of the T2 and PCH. Apple uses this technique as part of their factory test harness.
I never understood this sentiment, if people choose to pay their way into a walled garden, why should they still care about hardware ownership/repairabilty, etc.?
It's a trade-off. I buy MBPs for the great form-factor and OS, not for the walled-garden shenanigans. If those shenanigans can be somewhat reduced, the trade-off balance looks better.
I don't mean to me facetious, but I am genuinely curious: why should you get to have it your way? You are attempting to buy a product they do not sell.
After you buy your hardware it's yours to do with as you will. If these hacks result in the ability to load whatever you like on the T2 and intel proper then why not? Hackers like to hack. A lot of programmers are also hackers (in the traditional sense, not the negative sentiments that the press gives it)
Then perhaps they should sell it, and stop ignoring people who want it?
Benign neglect (not creating limitations) is not the same as active interference (actively preventing) and Apple is much more on the side of active interference. They could simply do nothing (which is cheaper). They choose not to, at which point we get to question their motives.
In the end your question reduces to "why do you want anything at all that someone doesn't already make?" and that doesn't make alot of sense given that new products come out on the market all the time.
Why would I not? Why should I accept everything companies do without ever complaining? Am I not allowed to tell the fishmonger that his fish doesn’t look that fresh to me? In the same way, I’m free to tell Apple their fish would taste better with some adjustments.
First sale doctrine says if I buy something, I now completely own it and I can do as I please with it, even if it goes against any of the former owner's wishes or intent.
I'm a happy iPhone, iPad and Mac user but have also jailbroken some of my old iPhones before so they could be used by family in China.
In the arguments about opening up the iPhone and forcing Apple to allow third party app stores and allow side loading I'm on Apple's side. I think Apple should decide what products they design, how they design them and what features they should have. If I like the feature set, I'll buy the. I do not think it's reasonable for other people to dictate to Apple what code they should write and how it should work, health and safety or deceptive marketing aside. The ability to side load apps would be a software feature that needs to be designed, coded, QA tested, secured etc. Who gets to make all those decisions? I don't think it makes sense to force Apple into doing these things if it doesn't want to do them. You don't like the inability to side load? Buy another phone.
On the other hand once I own a device, it's mine. If I have the ability to jailbreak it, or hack it, or do whatever to it that's my business, not Apple's.
Would the current side loading capability, requiring a hard link to a Mac and an install of XCode, satisfy those calling for a side loading capability for consumers? I doubt it, but that's my point. Who gets to decide what satisfies any such requirement? Building in the features to support third party app stores is even more of a can of worms.
"if people choose to pay their way into a walled garden, why should they still care about hardware ownership/repairabilty, etc.?"
I don't like the walled garden but i still brought a iPhone because iPhones get updates for really long time(3 years minimum). Iphone SE(1st gen) released in 2016 got the iOS14 update.
I'm in the same boat as well :) . I keep a mac laptop for work/consulting stuff and otherwise have a linux box and several rpi's for my linux hacking hobbies :)
We don't live in a world with a robust operating system market where people can pick and choose the perfect option for them. You have three choices and they are each going to be a mixed bad of good and bad features for almost everyone.
Mac hardware traditionally holds resale value. The T2 chip threatens to turn that hardware into a brick once resold. So beyond that jailbreaking ultimately makes the user's data more secure once Apple repairs and releases a fix (likely only going forward with new hardware) the jailbreak will cure the problem with aftermarket bricks for hardware with this T2 chip.
It's not an intentional anti-resale feature, but it does make repair a lot harder, because it locks (or at least, can lock) specific hardware components to the motherboard. This means if something on the laptop breaks, you can't repair it without the T2 chip knowing about it and potentially refusing to work. Apple has at least told their authorized repair partners that failing to register the repair with Apple may brick the device should Apple choose to further lock down unauthorized repairs in future firmware updates.
The T2 also has a particularly wonky approach to disk encryption. It uses a key management approach where neither you nor Apple control the actual key material. This means that a dead T2 takes your data with it and there is no recovery. In pre-T2 MacBooks, Apple had a lifeboat connector which could be used for data recovery from the soldered-on SSD. They got rid of this with the T2, because there's no point - only that specific T2 in that specific motherboard is ever able to decrypt the data.
Data recovery - in an era where you have to go out of your way to keep your data out of the cloud, backups are easier than ever and can be done wirelessly - this is going to be your major objection?
Please. As for matching parts to the motherboard, they have a point when it comes to I/O devices. It’s probably way more cloak and dagger than most people will ever have to worry about but it’s not unheard of. Again, if you don’t want to think about such things and want a device that trades ease of repair for improved base security why isn’t that something that shouldn’t be a choice?
I’m generally pretty pro right to repair, but as with anything there are pro’s and con’s to all choices and I’m not fond of several of the right to repair arguments for government regulation being made. Apple is far from the only maker of computers out there. It is the only maker of macOS, but that still doesn’t justify people trying to dictate their business model - especially when many aspects of their business models are major reasons why I prefer their platforms.
The cloud is not going to replace local storage until low-latency, high-bandwidth internet connections become widespread and you can do iSCSI or similar with your cloud service. This is not going to happen anytime soon.
Until then, clouds operate on a best-effort basis, some of which rely on hacks or break common use-cases (I can't put a Git repo in iCloud for example, and it doesn't perform well with lots of small files, and accessing the iCloud folder from the terminal apparently has problems). Why is iCloud still not a supported target for Time Machine, Apple's official backup solution for macOS?
But isn't the repair being harder a net-benefit for the consumer? It's not like the repair is arbitrarily harder. It's harder because the repairs in question deal with the TouchID sensor and the SSD, like you said. I wouldn't want someone being able to access my data just by replacing a component on the computer that then bypassed all the security systems present on the computer. It's the same situation as when replaced displays on iPhones were causing issues because repair shops weren't moving over the TouchID sensor. The cost of that security is that I need to have my data backed up but that's a best practice anyways for anyone that values their data.
"You should have had a backup" is not an acceptable excuse for not having a data recovery mechanism. Furthermore, full disk encryption is not bypassable in the way you suggest. Your login password is (supposed to be) the key material for the encryption, which is stored off-device, preferably in your head. In other disk encryption systems that are not locked to a particular encryption chip, if you take the disk out of the machine and plug it into another machine, it won't be readable unless you have that password.
Furthermore, most people do not make this calculation in their head of "Okay, anything I put behind the T2 is Apple's property now so I'd better have unencrypted backups". They just buy the computer that works and says that it keeps thieves and snoops out of their data. Everything we're talking about with backups comes as a post-purchase surprise, usually AFTER the data is already lost.
>Your login password is (supposed to be) the key material for the encryption, which is stored off-device, preferably in your head.
This is referencing the Touch Bar repair which means that the user has encrypted their drive with Touch ID. The only reason any repair would be harder is because the Touch ID sensor is paired to the secure enclave. The same goes for the SSD. Without the key, as you stated, you shouldn't be able to access the data so I don't see how that's any different than "having a data recovery mechanism". A data recovery mechanism shouldn't exist if you don't have the proper keys.
That's a very disingenuous assessment of the situation at hand. Epic knowingly violated their developer agreement. There was no retaliation. There was the consequences that were written into the developer agreement that Epic agreed to.
Apple revoked the developer accounts that Epic uses, so Epic could no longer notarize their (unrelated, MacOS desktop) software. No matter what you think about the lawsuit, you have to admit that Apple used their position of power to strong-arm the competition, and went against their promises to end-users regarding notarization.
They revoked the developer accounts because Epic intentionally violated the rules of those accounts. What you're doing by blaming Apple amounts to blaming the police for arresting a criminal that broke the law. Epic knew ahead of the time what the consequences were for violating the agreement and they knowingly did that. There was no strong-arming involved. The judge even stated in her initial briefing that Epic overstepped their bounds and didn't even need to do what they did to file their lawsuit. The only reason they did it was to try and stir up a PR storm but that backfired on them.
Apple promised to the users (not Epic) they would only use notarization to block harmful software. Epic's software is not harmful to the user, and the lawsuit didn't change anything about that.
> Epic knowingly violated their developer agreement. There was no retaliation
I think you don't understand how this works. The agreement itself is the subject of the lawsuit and thus MUST be violated in order to show harm. Epic did it on purpose in order to sue Apple and whether you agree with that or not, it is the only mechanism the law allows to make the agreement itself the subject of the suit. And Epic does have a right to sue Apple for whatever reason they choose.
This is quite incorrect. Epic can already demonstrate financial harm due to the 30% fee that Apple has been collecting. They did not also need to break the agreement in order to bring the lawsuit. The judge literally recommended they cure the breach and put Fortnite back on the App Store while the lawsuit was pending.
> macOS will deprecate older Macs 6-7 years after their release.
This is substantially inaccurate. Current versions of macOS run on nearly all Apple systems from 2012 (8 years old), with the exception of some 2012 Mac Pros. The limiting factor in most cases is GPUs -- macOS 10.14 and later require some GPU capabilities which weren't reliably available in 2012.
Catalina, released in October 2019, dropped support for MacBooks released before 2015, MacBook Air models from before mid-2012, MacBook Pro models from before mid-2012, Mac Minis from before late 2012, and Mac Pros from before late 2013[1]. Do the math and that is 5 to 7 years between initial release of the hardware and deprecation by macOS.
> dropped support for MacBooks released before 2015
Those machines were all sold in 2011 or earlier. Saying "before 2015" is misleading, because the MacBook name was used during two disjoint periods to refer to two completely different machines.
Between 2006 and mid-2011, the MacBook brand name was used for a line of low-cost Core 2 laptops, most of which had plastic cases. (Some sales to schools continued through 2012.) These are the laptops which were not supported by macOS 10.14 and later.
Between mid-2011 and 2015, there were no computers sold under the MacBook brand. Apple only sold laptops under the MacBook Air and MacBook Pro brands during this period.
In 2015, Apple reused the MacBook brand name for a line of 12" ultraportable laptops. These are supported under current releases of macOS.
My point is that, in this context, "models released before 2015" really means "models released before 2012", because there were no MacBook computers on the market between 2012 and 2015. Using the phrasing "released before 2015" implies that there were some MacBooks from 2014 which Apple dropped support for, which is not the case.
Probably comes down to definition of choice. Up thread someone else is describing how a particular macbook is the only hardware meeting their criteria but the OS is hobbling them.
I'd be interested in a real study that actually measured how often people are explicitly choosing the walled garden, and how often they're choosing something else that the walled garden "happens to come with".
My money is on the second option but AFAIK there's no study like this.
because they want a macbook, just disagree with apple on who should be able to fix it. the choice you mention doesn't exist, it's an illusion. you can't buy a macbook that apple allows you to fix yourself.
For the same reason some people will buy a BMW and swap out the exhaust or add a turbo with their own two hands. Because it gives them the combination of customization, challenge, and capabilities they want.
The T2 was more or less a stopgap solution between their current Intel-based offerings and the AppleSilicon devices in regards to their security aspirations. My understanding is that there will be no T3, as evidenced in the DTK, which makes a lot of sense considering how identical these chips will be to their mobile counterparts.
I'm a user on a 2019 16-inch MBP (MacBookPro16,1) who hopes to move to Linux as my base OS on this hardware full-time over the next 12 months. (https://github.com/Dunedan/mbp-2016-linux)
This is because I honestly cannot find a laptop with the combination of 64+ GB RAM, a non-NDIVIA GPU (edit: to clarify, this is because of NVIDIA's notoriously bad compatibility with Linux), and other premium hardware aspects like its market-leading trackpad at this time - and I doubt that will change anytime soon.
I live with the debilitating T2 kernel panic hardware bug every week. There's also a very bad graphics bug that I and many others are facing. (Not sure if that one can be avoided by simply using Linux.)
I just want to do away with this T2 chip, and whatever it does to get in the way of an otherwise great Intel-based computing experience. The CPU can handle all my encryption just fine...
Thank you to your team for what you're doing. I assume Apple will constantly patch T2 jailbreaks with future macOS system updates (as that's how firmware is updated), and play a long-term cat and mouse game.
While it doesn't entirely meet your specs you can get a T495 with 32GB of RAM [0] and Vega graphics. We're getting close, I am holding on to my T470 as a daily driver and it's one of the best laptops I've owned (I'm forced to use a 16" MBP for work as well - and I still prefer the T470).
One of these years we'll get a comparable AMD laptop. Fingers crossed.
Well I have slightly lower vision than most people so it prob doesn't bother me as much as it would most. But yeah that's an issue. I was actually so excited about the other components when I bought it that I kind of overlooked the resolution specs. I was / am disappointed about that aspect of it, but everything else is awesome.
Why without an Nvidia GPU? Just go with an XPS 15 or 17 and embrace Nvidia on Linux. I have three developers running Linux on HP zBooks with Nvidia GPUs without any hassle.
You can also buy any newer Thinkpad (my recommendation). They are also available with AMD CPUs.
Everyone in the Linux space, from what I regularly read and hear, says that NVIDIA GPUs are notorious and a bad idea for using Linux. They're saying go with AMD. (As well as Ryzen instead of Intel for CPUs, where possible.) The only open-source nouveau drivers are absolutely terrible, I can attest to that fact myself. There's several benefits to not relying on NVIDIA's proprietary and non-in-built drivers for a decent experience. You'll know this already, depending on how deeply and regularly you use Linux.
I will anecdotally agree; I've been a Linux laptop user for... well, 2 decades maybe? and explicitly choose Dell Mobile Precision and/or IBM/Lenovo T-series laptops with ATI/AMD, dealing with NVIDIA graphics is just a pain in the ass once we passed the GeForce era (ish).
I'd rather just have/use Intel GPU over them as well, I am not a laptop gamer to need anything NVIDIA offers in exchange for the pain in maintenance using out of tree modules to me.
Depending on which distro you use NVIDIA grapics can be quite painless. Using Pop!_OS, I just had to download the correct iso from their downloads page.
I believe most other distros have NVIDIA's drivers in their non FL/OSS repos as well.
Optimus graphics will even work with the most current drivers.
I'll agree here as well. While I'd love to get more AMD centric options without Nvidia - they're not as bad these days as it was years ago. In fact I use an Intel NUC (Skull Canyon) as my daily desktop driver. The kicker is I wanted to do some OpenCV with Nvidia and run the NUC with an eGPU on Linux. I've been doing it for years and it works surprisingly well. It's gotten even better with 'egpu-switcher' [0].
I’m using Pop!Os (preinstalled) with a sys76 laptop. Works great (can even game) battery life is terrible (though it looks fantastic and can drive a 32 inch high dpi external)
I can switch to built in Intel video for better battery but it requires a reboot. I see this as a stopgap. My home machine has an amd video.
I've used nvidia GPUs on Ubuntu with the proprietary drivers.
In my experience they're largely OK. There are some rough edges - you'll struggle to get Steam and CUDA working at the same time, for example - but no showstopping problems.
I certainly don't have a debilitating kernel panic every week :)
At my end, that's what I have to start testing on my 2019 MBP as I plan a transition to bare metal Linux fully on it, using the tools at https://github.com/Dunedan/mbp-2016-linux. (Will take several months.) I'll be sure to document it in that community and share tips when extensive testing is done.
It's only MBP NVIDIA GPU in Linux (older model) that I have extensive experience on so far, and it's been terrible with nouveau.
Nvidia gpus require proprietary drivers that are only provided for specific distros and are only supported for a small amount of time. And if you find any bug well tough luck, nobody can help you. For a work setup that you rely on someone else in the company for support they might be fine but I wouldn't recommend them for a personal setup.
All this is on top of the fact that they still don't support Wayland and you have to reboot to switch between the igpu and the nvidia gpu.
10 years of support on the latest driver branch (current branch goes back to the 600 series, and the 400 series was dropped in June) doesn’t exactly seem like a small amount of time.
>Last time I looked, it was perfectly possible to install them directly, without support by the distro. Yes, it's more work.
Yes, you can install them and they will break with every single update and you need to re-install them. And you will encounter bugs that no-one has any idea why they are there and no-one will help you with.
>There's an open source driver, nouveau, but of course it's behind the newest hardware.
It's not just behind, it's actively sabotaged by nvidia by locking basic hardware functions behind closed firmware that it encrypted.
> I honestly cannot find a laptop with the combination of 64 GB RAM, a non-NDIVIA GPU, and other premium hardware like its market-leading trackpad at this time
I really hope so. I'm even willing to give up the Apple trackpad if something else comes that lines everything else up. I tried so hard a couple of weeks ago to find something non-Apple that ticked all the boxes, and was shocked my existing MBP was the only one that ticked enough of them. I'm waiting and waiting for an explicitly Linux-supporting manufacturer to offer a truly high end and Linux-friendly laptop. It's a holy grail right now.
Firstly, thanks so much for your hard work. All I want is to run Arch on an MBP 15,1. I've given your repos on Github a try--do you have a functioning bootloader config? T2 just freezes GRUB for me no matter what I try. Thanks again
The T2 Mac startup chime is located in /System/Library/PrivateFrameworks/BridgeAccessibilitySupport.framework/AXEFIAudio_VoiceOver_Boot.aiff . I think it will only be months until someone manages to change the 'bong' sound into a custom startup chime. This will be very interesting...
Apple tried to use a side channel in their security coprocessor to detect if the device had booted out of DFU (which is part of how the exploit worked). This didn't work because people found a vulnerability in that processor itself.
>Hi guys, I am part of the team working on all things T2.
So there is a team working on this? What is the incentive model? Are you paid to do this work? What is the revenue model?
I woke up today learning my MacBook Pro is now substantially less secure but why? So I can run games on the touch bar? So I can use the T2 as a raspberry pi?
There is a team taking advantage (jailbreaking on iOS) of the security flaw in all A-series chips up to A11 in the hardware-level bootloader. The T2 in your 2018 or newer Mac is a variant of the A10.
The bootROM flaw allows for an exploit that can only be executed with physical access, another Mac and DFU mode. It's not persistent.
The main use of this exploit was to install unsigned code on iOS devices (jailbreaking.) The team is doing it for free, however many contributors take advantage of Apple's bug bounty program for income, therefore making newer devices more secure.
I would say it is persistent enough to be malicious. The T2 does not reboot, with the exception occuring during a DFU restore, extremely drained battery, or firmware update. With that in mind, a party intending harm would have more than enough time.
It could be argued that work like this actually helps make people's data more secure.
Granted, owners of the affected hardware might not like it, but this sheds light on issues that are actually present in the hardware. Who's to say that "law authority" or some criminal organization didn't do any work on this without intention to publish their results?
If people have sensitive data and were counting the T2 chip to keep it secure, now they know there are limitations to this security model. They can now weigh the pros and cons and, if applicable, set up an alternative that will be more secure. This could also push Apple to provide better security in upcoming products.
I'm glad they released their jailbreak, because otherwise, those exploits would be sold and traded on the black market or collected and used by malicious groups, and we would be none the wiser. We'd walk around believing our machines are secure, and act like it, while that clearly isn't the truth.
Imagine if their "evil twins" working in the dark or for the NSA, KGB or Red Army, have cracked this but not tweeted about it. Now the Apple security is just as broken but you don't know about it. Is your data more or less secure?
Law enforcement has been going apeshit about legally forcing Apple to build in hardware backdoors to their products. If this jailbreak didn't exist, they'd be putting a gun to Apple's head and demanding decryption tools for all iPhones.
Furthermore, the entire point of a jailbreak is to regain root access to your own device - Apple provides no way for a user to do so, which I find at least somewhat irksome. The way it currently stands, all iOS devices ship with Apple having total control over the device, and a jailbreak lets you claw back control by force if you so choose.
I think that over-simplifies the idea too much. "Freedom" on its own isn't a constant positive. We don't give people the "freedom" to murder each other or modify their cars in whatever ways they want. In fact, some people choose Apple because it doesn't provide them the freedom to do anything they want which includes breaking their devices in ways that they don't know. Having that freedom isn't necessarily a net positive for some people.
Showing security problems is the opposite of making Technology less secure. Maybe ask Apple why they think it's a good idea to have closed source special chip at all.
The fact that Apple uses this chip to, among other things, block "unauthorized repair" (can't change a freaking SSD in 2020, really), makes me very happy that people are finding ways to break this chip to make repairs more accessible.
On the other hand, this could have serious implications on the iOS security model for example.
And I'm pretty sure someone is gonna run Doom on the touchbar in some months.
A legit application would be a rather awesome (and secure) way to generate a new private key with human generated randomness. Or perhaps a puzzle that you have to solve before your computer boots? The possibilities are endless!
Fair enough, but the problem is mainly when you are in a third world country and parts are very difficult to get, and where Mac stores are non-existent.
People in third world countries buy Macbooks - really? A decent macbook is several times above an average monthly income in a first-world country already...
Of course we buy them! The same way in your country there are rich peoples able to afford yachts, we also have an upper class capable of buying all the Apple stuffs.
I'd guess many in third-world countries buy second-hand Macbooks, as they have a reputation (at least in the past) for lasting a long time?
And are there any first-world countries (except maybe the US^^) where a 13" Macbook is several times the average net monthly income? In Germany, for instance, the monthly average net wage (MANW) is €2500, while the price of a 13" Macbook starts at €1300. Italy: MANW is €1700, Spain: €1800, France: €2400, UK: €2200. Go to the Nordic countries, Switzerland, Ireland, Austria etc. and we're talking MANW of €3000+. Canada has MANW of around US$3400.
^^ If the US is the only first-world country matching your statement, one could argue this is further evidence that the US is no longer a first-world country.
Can you please provide a source from where you got your numbers as I have a feeling some are quite wrong.
Maybe in Switzerland , but in Austria the MANW is definitely not 3000+ Euros a month.
As a developer I don't earn nowhere near close that NET every month and salaries here are lower overall than in Germany.
same website :D 70k/year is 5k monthly which results in 44k post tax. thats 3700 a month post tax. only us austrians (and i think italians?) do this whole nonsense of 13/14/15/16th salary
You're right, I forgot to divide the 13 and 14 salary.
Even with those included, I'm at 2750 NET per month(49K/year before taxes), which is still below the 3000+ average claimed above and devs tend to be above average paid(usually).
Or everyone else makes 3000+ and I'm underpaid, who knows. :D Sucks that people in this country don't usually discuss salaries because reasons.
No idea since I don't live in Vienna but afaik worse than in German/Swiss tech hubs but at a lower CoL.
Whether the overall salary/CoL ratio is a better deal for you here than in the other hubs really depends on how good your salary is and how much you'll spend.
Well, there is a variety of choices, there is a good selection of excellent coworking places in Wien, Salzburg, Graz. I used to live in Vienna, so found a few interesting places her https://www.matchoffice.at/mieten/coworking/wien-city
You mixed that reputation up with Lenovo thinkpads. Apple keyboards break down after several years with the touchpad and butterfly keyboard disasters are even unusable afresh. You cannot replace anything, and are way overpriced.
>Apple keyboards break down after several years with the touchpad and butterfly keyboard disasters are even unusable afresh. You cannot replace anything, and are way overpriced.
I have 10 and 15 year old iBooks and MacBooks and MacBook Pros with intact keyboards...
You mixed the issue with the butterfly BS keyboards in the past 2-3 years with the old Apple keyboards (which didn't just "break down"). The resale value of old Mac laptops I think speaks for itself related to that.
That said, Thinkpads are indeed built like Toyotas and have easy replacements.
I have 5 good old macbook airs without the problematic butterfly keyboard and they all became unusable with some dead keys after around 5 years. For 1 or 2 keys you can workaround it, but then you can throw it away.
Does not happen with proper keyboards. Esp. thinkpads.
> with the butterfly BS keyboards in the past 2-3 years
Sadly 4 years now, they started in 2016. It's the main issue blocking me from buying another MBP - this keyboard broke when it was already out of warranty, I really don't want to risk it again.
I have a 2016 Macbook Pro that is out of warranty and Apple is replacing the keyboard at no cost. Unless you broke the keyboard through abuse, any keyboard issues present as a result of "BS keyboards" are covered by Apple.
They’ve changed the keyboard three times over 4 years, iirc; I am somewhat skeptical that they really know how to get it right given the constraints of their current design.
I was referring to the thinness and resulting length of travel allowed to keys, which afaik are still extreme. TBF i've not tried one of the latest models yet. But as I said, I'm now a bit skeptical. Trust in quality is hard to regain after so many disappointing years.
One could say that you're mixing Thinkpads from IBM era, where they were really well made (my first A21m holds a special place in my heat till this day), Thinkpads from Lenovo that are plastic piece of garbage and MacBooks from Apple post keyboard change, that was indeed faulty, but it isn't anymore. There you go, I've fixed it for ya ;)
If you haven't come across it, [HOPE]'s work getting modern internals in X60s is pretty cool. Not sure where the project is at now, I think at some point they were orderable.
I got my Thinkpad Edge E530 replaced twice during warranty (motherboard problems) and my work Thinkpad T420s broke down one month after warranty ended, so I have completely opposite experience. I got no problems with IBM Thinkpad T42 though.
eh, my 2013 rMBP is kicking a long pretty well. Kinda sluggish but no issues with the keyboard. It's been dropped a few times too and the screen cable disconnected at some point from a fall but was an easy fix.
It can be a business investment. I sometimes send work to third-world countries via Fiverr, and these people definitely have decent hardware. They buy and write off their machines like any other business in the world.
Guess what, there are rich people in 3rd world countries too. I once met a Bangladesh teenager on IRC, who was the son of someone popular in that country, and he did have enough money to buy pretty good parts to assemble a pc. His problem was not the money, rather the availability of the parts.
Oh, prepare to be mind-blown. Let me tell you how it works. Someone goes to the US (such as a direct flight to NY or ATL), they hop off the plane, load a backpack full of laptops, then fly back and resell them without paying import taxes or VAT. It works even better if the person flying is flying for work and someone else buys the ticket.
It's not scalable, but works pretty good when a group of friends purchases them.
Cost of MBP in the US: $2,799 (€2,390)
Cost of MBP in NL: €3,199 ($3,746)
Cost of plane ticket from NL to US: (pre-covid) ~€600
You have to get rid of the packaging, and dump all the manuals etc or otherwise you might get a date with customs to explains why you have 10 unopened MBP's in your backpack and you get a nice import fee + VAT or you can leave them at the customs office. Also, you get about 10% tax added when buy.
I like processing through Newark, New Jersey the best. They seem to have the least propensity for wasting your (their) time, or else a very good nose on who the actual problems are in the crowd and focusing their attention on them. [edit: and these use beagles to check luggage! How cute is that.]
There is only anticlimax :) The ‘executive’ screener was kindly about helping me sort them into a line of individual trays and then back into the luggage and didn’t show the slightest curiosity about any of it.
That just means apple should have done a better job securing the chip. All of these management chips have a bad history of security look up HP and Dell BMC chips as well
The function of the anti-theft mechanism is, at its most basic level, to assert the concept of "rightful owner".
Subverting these mechanisms provides a way to prevent the system from making this assertion.
Likewise, the alleged "anti-repair" mechanism for TouchID sensors and TouchBar relate directly to protecting the system's ability to distinguish between the "rightful owner" and a thief.
"Do what I want with the machine I own" is functionally indistinguishable from "increase the resale value of the machine I stole".
The bits about "preventing theft" and "user security" are secondary justifications. It's the same basic pattern as all authoritarianism - the main goal is the control itself, which then provides trickle-down stability.
I'll be interested in trusted hardware when I see an implementation that actually puts the device owner into the privileged position, rather than reserving it for the device manufacturer.
Sorry, but the only rational consumer response to a device that actively works against you is not to purchase it, not hack it. Once millions of people pay to be imprisoned on their own devices, the long game is lost no matter how good the hackers are, the firm has the upper hand and the resources to prevail in the long run.
And I am perfectly happy to assert this as a political preference, and vote in office people that vow to protect consumers from this kind of racketeering. I understand this might not be your cup of tea, and that some people prefer unfettered capitalism, its your political right. However I fell that allowing this in our society limits my freedom and choices, because the things you buy affect me too.
You don't care that you can't change out the SSD, but you will care when you take your dead laptop to the Genius Bar and they tell you it's going to be cheaper to buy a new one and that your data is already gone.
I don’t see how this changes the calculus. Presumably the parent knew this when they bought the laptop. People buy cars that are stupidly expensive to repair all the time. Just because the cost of ownership of a Honda Civic is lower than a Mercedes doesn’t mean everyone’s gonna go with the Honda.
If it works like iOS and just flashes a warning then I don’t see the issue. The self-check thing is invaluable when buying used devices.
All I care about is having a high-quality *nix machine. Right now, a MacBook Pro with macOS fits that bill well: the calculus may very well change, on both the hardware and OS side, when x86 is replaced with ARM64, though.
No, I don't. I have backups of my data and, while it's not ideal that they can't swap out the SSD without swapping out the logic board, I don't care how they get it working again as long as they do get it working and Apple, at least in my experience, has been way more solid than any other computer manufacturer.
Cheaper to buy a new laptop than to replace an SSD? Come on, man. I feel like you've never owned an Apple laptop and you're getting your opinions on the genius bar from Louis Rossman. What you're describing is probably 0.001% of genius bar encounters.
Such people would have no issue if they were to be provided with a 20 character secret code that allows rooting and fine grained security control. They would simply not enter it and rely on Apple's decisions for them.
This pretty much kills the whole "intended" security line, the intent is user control.
Or perhaps Apple doesn’t want to have to build and support a complicated alternate signing mechanism that virtually none of their users want? I don’t see how a company should have an obligation to offer you exactly the product you want, particularly when there are tons of viable alternatives (which I’m guessing you’re using right now to type these messages).
Oh come on. It is a similar issue with network locked terminals - networks fought tooth and nail to keep the unlock codes away from the people who finished their contracts. In the end, it costs them nothing to provide the codes, but real money to lose customers.
The "none of the users want it" is circular reasoning. If unlock was possible on a mass scale, developers would build for the unfettered iDevices and a market would emerge separate from the one Apple controls. Then users would want it, since it provides value for them - cheaper apps, legal apps that are banned in the Store etc. Of course Apple will fight to the death to prevent such a thing.
The difference was when that was common, virtually all the carriers in certain countries did it because as you said it netted them more money and for a while they mostly refused the compete on it. There are plenty of competitors selling rootable phones and laptops, there’s even ones completely without stuff like Intel’s Management Engine. These are more niche, because the desire for them is more niche, but they’re by no means extinct or on the way out. The users have the option to opt for different products with the properties you want.
There is less money overall put into these products, and correspondingly less software, but that’s not because of anti-competitive practices. It’s because the reality is less people care about this stuff. I don’t think “people are obligated to put effort into the products I want” is a particularly noble political position, since you seem to be insistent on framing it that way. The position you’re talking about in the carrier case is different, it’s “people are obligated not to conspire together to do things that none of their users want and give them no options to vote with their feet”.
In the "carrier era" you could still buy unlocked phones directly from the manufacturer. Your analogy doesn't hold.
The truth is that there is a threshold, a level of user complaints that turns a legitimate practice into an anti-competitive one. People disagree on where this threshold lies - is it at 0, is it at 1000, is it at millions? Until recently, most of Apple's shenanigans have kept the complaints under thresholds small enough to be socially acceptable, that's all. If more people complain, that threshold could be reached.
That wasn’t the case for CDMA phones in the US (and back then not every manufacturer made models for multiple bands). There was no SIM card to swap in. If you could buy unlocked phones from the manufacturer without the carrier subsidy, what was anti-competitive about it?
That’s an interesting metric for anti-competitive practice. Isn’t a large number of user complaints basically the core mechanism that drives market competition? Once you have enough users complaining about an aspect of a product (or otherwise being underserved), why would they not go to a competitor if one is allowed to exist (as they are in this situation)?
A manufacturer had to have a relationship with carriers to move enough product to make its prices affordable even off-carrier. Manufacturers who couldn’t sell through carriers were effectively made uncompetitive by the carrier cartel, that also resulted in a number of other restrictions (how one can pay for stuff etc). In this sense, as I wrote elsewhere, Apple strong-arming ATT was a big step forward; but it also took legislation on this side of the pond to force carriers to play nice with unlockings, there was no chance the market would self-correct.
Which takes me to the second point: the market alone often does not self-correct. This is why we have antitrust laws and authorities to enforce them. People lack the education to be able to reason about “voting with their wallet” in an effective way; and even when they do, they often don’t have the resources to follow through. This is why contract bundles are so popular, despite the fact that they make handset more expensive overall: people can’t do math, and when they do they still often lack the cash reserves to buy a handset in one go rather than paying small instalments for a long time. If a market fails, it’s legitimate for the law to step in; and one indication of failure is the level of discontent from consumers.
It has the same security as the scenario of buying vs non buying a product for its alleged security: you either use it or you don't. If you do, you are greeted with copious warnings and voiding of warranty, so it would definitely be a conscious act.
You're completely ignoring the fact that a large part of the user base of these products explicitly buys these products because they don't have these options. Windows attempted to add UAC control to the OS so that people wouldn't install random files from websites without being notified of the changes being made and browsers tried to add systems where users had to go into the options and turn off protections in Windows Defender to be able to install. What was the end result? These websites just started offering tutorials that showed users how to turn off those protections and bypass them completely. If you give people a way to bypass security, they'll do it in order to get to what they think they want. The problem is that most people don't understand the unintended consequences of those actions. That's the entire reason why people trust Apple to make those decisions on their behalf.
Ah, the ole "idiot user" rhetoric, imprisoned for their own sake. Say I call the Apple support center, ask for the code, and they warn me in no uncertain terms that I'm voiding my warranty and would not be eligibile for continued support.
How can this prevent any mentally sane person from trusting Apple made the correct decisions and not root their device?
No, not "idiot user". No one is imprisoned. In the same way that people choose to be part of organizations and groups with rules and limits to what can be done, people choose to use devices that are slightly limited in exchange for reliability and security. I don't want Apple waste time and resources to need to support the people that call the call center to ask for this supposed code and most people using their devices don't either. If they did, wouldn't the market make that movement?
No, it wouldn't, see the terminal unlock code for contract phones discussed below. If your opinion is that the free market is all correcting and magical and that laws and regulations should never intervene in private consumer choices, I have a failed state I can introduce you to, not to mention a salmonela infested burrito.
Unlocking phones isn't in the same scope at all. Locking a phone in the first place was done because carriers were subsidizing phones so they needed to ensure they stayed on their networks. An "unlock code" for root access to a phone is a giant security flaw and a potential vector even for anyone that doesn't want the functionality or care to root their phone. The fact that the option could exist for someone to bypass security is, in and of itself, a security risk. The specific reasons I buy iPhones for family and staff is because I know they can't do those things, even if they wanted to. I want them to have smartphones so they can run specific apps or connect to our servers but I don't want even the possibility of those devices being compromised.
That's definitely a fair point! Though I think this could probably open you up to some MITM style attacks where someone intercepts a Macbook in transit and steals the root key that comes with it or something. Maybe not though, I guess it really depends on how you accomplish this.
But on the surface it does seem like that could work.
How does me (or anyone else) buying a MacBook affect your freedom and choices? Was there some extinction of e.g. Linux-capable devices I didn’t hear about? And if I actually want the security features, who are you to say that’s not an option for me?
Okay, so why do your preferences for the device take priority over the majority of users who don’t care about what the T2 does and the ones who do and actually want it? Why should it be illegal for a company to make a product for us instead of you?
Clearly the majority has won thus far and Apple is not restrained in any way. But I have the right to a differing political opinion, and when the majority shifts, your freedoms are not encroached, just like when the majority of people decide smoking should not be allowed in airplanes.
That’s a bizarre analogy to me, and you’re implying a symmetry to the situation that doesn’t exist. I want to be able to buy a product that has the properties that I want, and I want you to be able to buy a product with properties that you want (in part because I also want and own products with the properties you want). You want the only option to be products made with the properties you want, so that other businesses are forced to make more software for the products you want. Which of these is restricting freedom more?
I think you’re going to have to try harder to convince anyone that this situation is analogous to second hand smoke. You probably want to come up with better arguments for your “political” movement.
The condescendence is really unwarranted, it is a simple idea that purchasing options are affected by political choices of others. To give a symmetrical example, you are not allowed to purchase completely safe recreational drugs, because of the opinions the majority holds on their use.
The metric you use of avoiding "restricting freedom" is a strongly ideological stance in itself and is not a natural goal political systems strive for. You might value some flavors of individual autonomy and imply they have an universal vocation by calling them "freedom". I might favor other sets, such as the restriction of corporate power and consumer empowerment, and call those, in turn "freedom", see for example the GPL ethos. Both sets of political views are legitimate and can be pursued in a democracy.
Okay, but again, if your metric is consumer empowerment, how does you dictating the properties of products consumers can buy based on your personal preferences result in more consumer empowerment? Can most consumers take their System76 laptop, and then set it up so it has the properties of a laptop with something like the T2 chip if they so desire? Any more than you can reasonably be expected to delid the T2 chip in a MacBook to get it to do what you want?
I’m not trying to judge your statements by my goalposts as you seem to be implying, I’m trying to understand the internal logic of what you’ve been saying which AFAICT isn’t lining up.
This might be a confusion started from the answer of "amelius", the logic of which I don't fully support. I believe consumer freedom is hampered first and foremost by monopolies (or, in the mobile OS case, oligopolies) and my political choice is to maximize market forces and restrict anti-competitive behavior. This is the grounds on which I oppose Apple practices, not some idea that if people buy Apple products it somehow prevents development for other platforms.
Again, where is the monopoly that forces you to buy devices with a T2 chip (or something) analogous? That’s simply not the world we live in, and it doesn’t seem to me like we’re moving toward it. And if your political choice is to maximize market forces, why are you trying to fight the market forces that result in there being a large market for Apple’s devices and a small (but extant and healthy) market for the devices you want? Do you think that most consumers “really want” the devices you want? If so, why do they choose not to buy them even though they are available?
Right now, as a consumer (which, like you, is my only realistic lever on this situation), I’m pretty happy that I own some Apple devices and some very not-Apple devices. I’d be pretty pissed if I was forced to choose only one of these (in either direction). I think you’d find the same reaction if you became president of the world and threw everyone’s Apple devices in the trash and handed them a Librem 5 or something similar. Do you contest that this would be their reaction? If so, what is your definition of market forces and anti-competitive behavior?
Monopoly power is not a market force, it's an abuse of the market to the detriment of the consumers. If "the market forces that result in there being a large market for Apple’s devices" is Apple using its platform to, say, restrict competition and maximize app revenue, thus having more money to invest in their platform, thus forcing competitors to apply the same dubious tactics or fail, then this is not a pro-consumer model because it leads to an oligopoly at best or impenetrable monopoly at worst.
The consumers can buy any system with any chip they want. If it is employed by Apple to enhance security that's great, for example the Mac. If it's used to lockdown the device so that no competing software can be run, a la iPhone, for them to maintain the stranglehold on the app market, then I am against it on political grounds and my position is not falsifiable.
You are inworking an oligopoly situation and accuse me of wanting to turn it into a monopoly, but I want the exact opposite: all existing platforms to still exist, and additionally, all those prevented by anti-competitive behavior, which by my non-falsifiable definition includes any lockdown on the hardware that is sold in the marketplace, that can only be, and is only used to limit the options of the owner.
It is not like Apple devices would cease to be produced or be confiscated if we pass laws mandating software freedom on purchased hardware, from iPhones to tractors.
Doesn't that, by your own admission, mean that people care about X and not Y? If people don't care about Y, why should manufacturers be forced to appeal to the fraction of people that do?
>Sorry, but the only rational consumer response to a device that actively works against you is not to purchase it, not hack it.
"Actively works against you" is your reading. I very much appreciate what the T2 does, and hope the next update will be even more difficult to hack (aside from its other functionality).
>The fact that Apple uses this chip to, among other things, block "unauthorized repair"
I actually dont mind they block unauthorised repair, at least I believe in the Steve Jobs's Apple era he wanted the best customer experience. And they want the Data of what is failing in their Mac where their Genius Bar gain first hand experience and knowledge which leads to feedback to the Design team. ( They dont publicly announce or admit it, but the database has those problem listed. )
The goal was to aim for perfection, a machine that is so reliable it wouldn't need to repair in the first place. And if and when they fail, Genius Bar is there to help. You used to get some nice gesture from Apple Retail. Now they are simply trying gouge customers into buying a new MacBook, hopefully with AppleCare+, or replacement for the logic board. Every single problem they will just quote you to replace the logic board price. Not only are they expensive, the actual work or replacement isn't even up to Apple's standard.
I will need time to dig up some data. But MacBook Pro 2016+'s resale price has dropped quite significantly compared to MBP 2015 in the same age. And MBP 2015 second hand market is actually going strong.
> The goal was to aim for perfection, a machine that is so reliable it wouldn't need to repair in the first place.
You will have to excuse me, but that is a load of bullcrap.
Let's take the case that irritates me the most: The SSD.
By definition of the technology that is NAND storage, an SSD will be able to operate "within norm" and without bit errors for so long. Rewrite for long enough and you'll see your data waving you good-bye.
As for your other claims about recording errors and whatnot, you can EASILY achieve those (matter of fact it's already implemented in UEFI by some manufacturers), and NOT disallow people from repairing their computer.
Sure the lifespan of an SSD is ideally 5/7 years. But that is a death sentence, not a search for perfection.
Also, what happens if Apple simply refuses to fix your computer, or supply your with parts ! And yes this has happened rather publicly (Linus Sebastian's Mac Pro)
So again, apologies for the language but that is a load of bullcrap
> By definition of the technology that is NAND storage, an SSD will be able to operate "within norm" and without bit errors for so long. Rewrite for long enough and you'll see your data waving you good-bye.
The guarantee of a popular modern 1Tb NVME SSD is you'll at least be able to write 600Tb. I don't know your usage pattern, but those are a lot of write actions.
Remember every component in any electronic device has a finite age: the fan cooling the cpu, keyboards have max. presses, hinges wear out, sockets have a maximum amount of plug/unplug actions.
There's an advantage to soldering on memory, SSD etc: no chance of a bad connector causing problems. The entire class of problems fixed by 'reseating your DIMMS' is gone.
That Linus is a YouTube star who reviews computer stuff. I like to think he got popular because his name is Linus and people mistook him for Torvalds or he came up in searches. I've seen a couple of his videos and he talks to the camera in a manner reminiscent of a young kids show host. I half expected him to start reciting the basic colors to me during a video about doing direct GPU passthrough on multiple VMs. Tone aside, and I know I'm not his core audience, it was a good presentation.
>By definition of the technology that is NAND storage, an SSD
You see, I dont disagree. Apple was striving for an ideal that is not achievable. What they are aiming, trying and actually doing are three different thing.
Consider that their machines maintain the biggest resale value in the PC market (pointing to less long-term issues) and keep working fine for most people for close to a decade or so (including demanding pros in video, music, and graphics), they're doing a bad job at it...
That more or less proves the point. There is very strong demand for old MacBooks because they last. Planned obsolescence is needed to ensure that people upgrade. That can be done multiple ways. This is just one of the approaches and will of course take time to settle in.
>There is very strong demand for old MacBooks because they last.
No, by "old Macbooks" I mean "including current and last year models". Not that only past macbooks had large resale value...
>Planned obsolescence is needed to ensure that people upgrade.
In the Apple world, upgrading is part of the idea and appeal -- you're not supposed to be running a 10 year old laptop or 2-3 versions old OS. The OS is not about backwards compatibility, it's about moving forward faster...
That's part of the appeal of the thing, and part of the reason for the extra control.
I don't want legacy 10/20 year old apps and frameworks to be supported, I don't want apps that don't take advantage of the latest frameworks, hardware and OS features, and so on...
If "compatible with 30 year old programs" is a desirable feature, there's always Windows.
>keep working fine for most people for close to a decade or so
doesn't mesh with -
>you're not supposed to be running a 10 year old laptop or 2-3 versions old OS
Planned obsolescence just means artificially shortening the upgrade cycle. That's it. And Apple has been doing this in the Mac world through different methods.
>Planned obsolescence just means artificially shortening the upgrade cycle.
No, it doesn't not. Planned obsolescence, just the like the actual words in the term are defined, means planning for the fact that technology and the components it's made from has a finite lifespan and that, at some point, users of that technology will have to upgrade. You're inferring that companies are intentionally sabotaging their products to compel and force people to upgrade and that might be the stupidest take I've ever heard.
>In economics and industrial design, planned obsolescence (also called built-in obsolescence or premature obsolescence) is a policy of planning or designing a product with an artificially limited useful life, so that it becomes obsolete (i.e., unfashionable, or no longer functional) after a certain period of time.[1] The rationale behind this strategy is to generate long-term sales volume by reducing the time between repeat purchases (referred to as "shortening the replacement cycle").[2] It is the deliberate shortening of a lifespan of a product to force consumers to purchase replacements.[3]
Apple does this with their hardware by limiting the software support period and economical hardware repair. Having something like the T2 ensures that third parties are not able to extend the life of their systems in a reasonable manner.
I know what the definition is. Your second statement doesn't support your first one. Apple provides hardware and software support for their devices at a far greater level and duration than nearly every other hardware manufacturer. They're not artificially limiting the lifetime of their products, they're ending support for devices that, in most cases, literally can't support new features that they're adding.
The T2 is a security chip. It ensures the integrity of the system. If that integrity is compromised, the chip shouldn't allow third parties to replace components unless those components can be replaced and the integrity restored. You're acting like the T2 was added just to make repairs harder instead of to make the device more secure which, by design, makes repairs more difficult.
It's the same reason that car manufacturers don't let repair shops generate new key fobs unless they're registered with the manufacturer.
Sure it's a security chip but why is it they didn't make it so the owner can do a one-way unlock (like Android's bootloader unlock) so people can fix their own Macs?
Because preventing repairs is one of the desirable side effect of this design.
Because even a one-way unlock can be exploited and is a vector for compromised security.
Apple has no need to prevent people from repairing their devices. They lose money on most repairs they do. What they're concerned about is their brand. If someone gets their device repaired at a shitty shop that isn't Apple certified and uses parts that aren't real Apple parts (like every screen repair kiosk in your local mall), people don't see future screen issues as issues with that repair or screen. They see a problem with an iPhone. That's what the desirable side-effect is. Apple doesn't want to prevent repairs, they want to prevent shitty repairs and security breaches.
>Because even a one-way unlock can be exploited and is a vector for compromised security.
Evidence doesn't support this at all. When was the last root exploit due to an bootloader unlock?
Towing the Apple line gets you nowhere. There is overwhelming support for companies to allow for a right of repair. Most people don't have any issues with security advances, but they do have a problem with companies using this as an excuse to further lock-in to devices that are fully paid for by consumers.
What has changed in the last 5 years? MacOS users have no legitimate alternative if they want to keep their desktop on macOS. If you want a macOS system legally, there's two options, either buy a new Mac, or an old one.
The competition has just done a lot of catching up in the last few years.
Hardware: Other vendors have trackpads with multi-touch (which for me was one of the most amazing things about the first Macbook I ever owned), super high-res screens, and other such features these days. The form factors are thin and stylish as well (there are other aluminum unibody laptops these days).
Software: MacOS has gotten worse, Linux distros have continued to catch up, both in the look and behavior of the OS itself but also in terms of the app ecosystem, esp with companies like Valve spending the big bucks to get lots of games running well on Linux. Speaking of games, MacOS continues to suck when it comes to gaming anyway – so for example I do a bit of gaming on my new MBP 16" and the mild chore of dual-booting continues to irk me. I also splashed out for the 8GB GPU upgrade and performance is still not great. Not quite enough for me to make the switch but I'm not a very hardcore gamer. I know people that need a workhorse a bit more than I do (professional video editors and such) who have recently (last 5 years) made the switch from macbooks to things like razers because they want to be able to really push through serious workloads on the go.
We're not on the same page. My point being that the macOS users that Apple are targeting with this policy has the choice between a new Mac and an used one.
That's where they make their money. People that just want good specs at cheap prices are not their target market.
Replying from my 6 year old Macbook pro, I would definitely consider buying a new one (space on my 256 GB SSD is getting tight, and it seems a bit of a waste to just upgrade that), but I am hesitant about the newer models.
I'm torn on this; on the one hand, the prospect of being able to circumvent things like unauthorized repair prevention down the line is neat, and who knows what people may be able to tease out of this (apparently quite powerful chip). So that's neat.
But it also breaks Apple's security platform in a big way, since this should make Apple's biometry scheme in their Macbooks much weaker and FileVault a lot easier to crack. That's a shame, because it's a very neat and cohesive security platform that gets out of one's way and works really well even for highly non-technical people. Their security stance is one of the things that keep me in Apple's ecosystem and I know a number of people and companies who feel alike. So, coming from that point of view, I do hope they fix this in time for their first round of ARM Macs.
As an Apple customer I'm 100% happy with public developments like this. I really believe Apple tries to take hardware security seriously and an exploit it the open like this is surely to be addressed in the next generation of devices.
Apple consumer devices have been shown to resist state-level actor threats in the past and even if current devices won't be 100% resistant forever I trust Apple to be a couple of steps ahead every gen.
Of course, I'm jumping ship as soon as 100% open-source and verifiably secure HW+OS stack is available. But until then, it's Apple :P
How did you get the information that apple devices resist state-level actor threats?
Repeatedly state actors have broken into iphones and icloud accounts, and apple laptops are frequently the first devices to fall in the Pwn2Own contests.
Don't know why you were downvoted, it's common knowledge that state actors can break Apple's encryption. Apple makes a huge show of refusing to break their own encryption but with a subpoena they legally have to provide the encrypted data and then state actors just go elsewhere for cracking.
Typically, it's criminally illegal to circumvent DRM in the US (and 99% of the rest of the world). However, there are also certain exemptions that have been granted, within the US only (other countries are not so lucky). The right to repair is one such exemption[1].
If Apple had separated security from first-party repair enforcement, then anyone found even attempting to break the T2 chip might have been up for jail time. However, the right to repair is a valid defense.
Of course, making circumvention criminally illegal doesn't make the chip itself any more technically secure; say against criminals. It is a pretty solid deterrent though.
I bet breaking DRM is legal in most parts of the world. Good luck to any company trying to sue an individual for breaking DRM.
"Article 6.4 of the European Directive mandates Member States to ensure users can benefit from the copyright exceptions. This means that countries must have some kind of process in place to allow citizens to make copies of DRMed works." (https://fsfe.org/news/2019/news-20191113-01.en.html)
Unfortunately in US the corporate has lobbied so hard to make EULA, DRM and others enforceable by law.
This is the first time I've heard about this, and quite interesting to me as Article 12 of WIPO Copyright Treaty specifically requires signatories make circumvention of DRM protection devices illegal. This would seemingly be in contradiction to that. However, seems as the US, who were the driving behind this treaty, also provide exceptions/exemptions, I can see how the EU were able to justify any such contradiction.
That said, from the EU directive:
> Member States shall take appropriate measures to ensure that rightholders make available to the beneficiary of an exception or limitation provided for in national law in accordance with Article 5(2)(a), (2)(c), (2)(d), (2)(e), (3)(a), (3)(b) or (3)(e) the means of benefiting from that exception or limitation, to the extent necessary to benefit from that exception or limitation and where that beneficiary has legal access to the protected work or subject-matter concerned.
Additionally, not a lawyer or in Government, however, in my lay-mans reading of this directive, I'm seeing a lot of usages of the word "may". I'm (possibly incorrectly) interpreting this as meaning a Member State can introduce these copyright exceptions, not that it's mandated as the FSFE article states.
Yes but well at least a view (not many) years ago braking DRM for research purpose was fully legal in Germany as well as publishing the findings, through publishing tools which brake DRM was fully illegal.
The US is effectively the only place in the world where circumventing DRM is actually illegal and prosecute-able, every other country has various exemptions and bypasses that remove its teeth. Here in Canada for example, you can happily argue "I was doing it to learn how it worked" and fall under the education exemption, unless you're stripping DRM and actively selling the content or something similar.
It absolutely is not. It is completely unenforceable, especially in the case of criminal circumvention, and serves no realistic or practical purpose. Anyone who commits said "crime" in any meaningfully damaging sense and is caught will already be committing the actual crime of infringement, and so tacking circumvention on is largely pointless. It only serves to deter legitimate public research.
Also, the T2 isn't in any way classifiable as "technological measures used to prevent unauthorized access to copyrighted works". This law is meant to apply to copyright-protection DRM and has nothing to do with software security measures designed to prevent unauthorized access to computer systems. Circumventing the protection of those measures is only legal to do on systems on which you are authorized to do so, and is otherwise illegal under separate law.
> But it also breaks Apple's security platform in a big way, since this should make Apple's biometry scheme in their Macbooks much weaker and FileVault a lot easier to crack.
Perhaps this unsurprising, nearly predestined exploit can convince people that they should not completely rely on biometrics for security.
So, if only Apple didn't tie the ability to repair and extend the device you purchased from them to the security of your own data, you would be able to feel a more consistent emotion with regards to interest in a fix; that seems all on Apple being a bit evil :/.
Can you describe a scenario where Touch ID is safe against evil maid attacks (say, a chip is installed allowing anyone to transmit a certain signal that spoofs Touch ID) while also allowing unrestricted modifications by someone with physical possession of the device (as this T2 rooting post celebrates)?
Right now, that security is provided by Apple crypto-locking the Touch ID sensor to the T2 chip so that it cannot be modified to allow unauthorized access without being disabled altogether.
With the ability to bypass the restrictions of the T2 OS, that protection is stripped away, and replaced by .. nothing, as far as I can determine.
This is akin to removing your car’s electronic anti-theft system because it requires OEM keys. Sure, you can do so, but your car is a lot easier to steal, too. Only it’s not your car here, it’s your computer and all personal data on it, and all SSH keys you use to access remote servers, too.
I’m all for repairability but it’s worrying that the tech community is so invested in removing a padlock that offends them that they set aside security and risk issues in favor of rooting without addressing it at all. If this complete lack of interest in device security is the best we can do, we don’t deserve repairability, and we don’t deserve root.
I do not understand why you find it worrying that the tech community is invested in removing a restriction IN THE OPEN. If it can be removed for nefarious purposes, eventually, someone will do so and sell the exploit on the zero-day market (probably to a state actor). The existence of the vulnerability is just a fact, it is reality. Why do you feel safer not knowing about it? Whether you know about it or not the vulnerability is still there.
I do not ‘feel safer not knowing about it’. I feel safer knowing how to DFU a T2 Mac, though. It’s turning out to be very useful knowledge over time. I encourage you to learn how too.
Allow the users to install their own keys. Changing keys invalidates all encrypted/secured data. Which means you have to export the data if you do hardware changes and reimport it after supplying your own. Once you have your own keys installed you could sign additional hardware with them.
If apple is a viable root of trust then you yourself should be too. There's nothing magical that only apple can do.
I believe that Apple is burning their cryptographic key into readonly memory, so they would need to build out a readwrite pipeline and provide a secondary keystore option for "non-default" users that is writable by the hardware itself. That's a tall ask, but it's feasible, so we're good so far. The benefit to expert users with crypto competence is clear.
How would this benefit third-party repair shops, though?
The point is that you'd backup the keys in advance (when you initially set up the machine) and when the machine dies and your T2 is fried the repair shop can just replace it with a new T2, load the backed-up keys into it and give you back your machine with the data intact.
AFAIK, it's not just about the security of your data (you don't need a T2 chip to encrypt data), but also about discouraging theft of the hardware itself.
In light of that, how do you allow for components to be swapped out wholesale without breaking the security model?
Isn't the entire point that you can't just steal a Macbook, swap out the SSD, and now you have a functioning (stolen) laptop?
You can also get away with a much weaker passphrase if you can somehow rate-limit brute force attacks. As I understand it that's one of the things the T2 does, you can't authenticate except through the T2, and the T2 will slow you down and lock you out after n tries.
And I think that's actually incredibly underappreciated feature, most people are both bad at memorizing long, complex passwords/passphrases and not all that motivated since the threat is quite abstract. I've had a hard time convincing some people to have any sort of password at all on their laptop (that they travel with, work in all sorts of places and are overall pretty careless with), as it carries the risk of forgetting the password and it's cumbersome and inconvenient compared to being able to simply open the computer to a logged-in desktop.
Making security less of a hassle really does help with adoption. Having a short, relatively weak, but not trivial password is way way better than having none at all, and realistically that's all most people are ever going to have, so making those passwords hold up better is a really smart move that instantly ups the security of lots and lots of people out there.
But that's not something I believe you could do without a scheme like tieing the encrypted data to a complex secret inside a specific T2 that is uncracked, otherwise you could simply put the SSD in another computer and brute-force it there.
The initial transition from the apple root of trust to your own root (which you would then use to install new hardware) could require being authenticated, this way a thief couldn't do it while the legitimate owner could.
Trying to prevent theft that way is a fundamentally flawed approach. It's in the end all about controlling the phone you brought to prevent you from using it in any way they don't like or using it longer then they like (by repairing it).
Theft will happen anyway. You can even sell permanently-locked/bricked devices to people which doesn't look to closely at the sellers description. Sure you will need to sell them for cheap, but that's all.
That idea is like saying all cars must be always tracked, always link up with the drivers phone and be remote-controllable by there manufacturer to prevent theft.
Sure it would prevent theft, maybe, until people find ways to brake it. But it's still totally unreasonable with a lot of hidden cost to it.
E.g. in case of apple laptops the cost is losing a lot of small independent companies as well as any way to properly repair an Apple laptop. (Apple doe NOT provide proper repairs they at best replace whole components often the whole main board because it's one component when many damages tend to be similar because people use their devices similar and often are reasonable fixable with a bit of not-easy-but-not-very-hard-either soldering).
EDIT: And most important! The theft constraint can be archived to a reasonable degree WITHOUT locking out third party repair. A example (through not applicable to mac in this case) is how I setup my laptop with a custom EFI platform key/certificate and a BIOS password so to reuse it after theft people have to replace the BIOS chip soldered onto the motherboard (it has no publicly known master key or reset pin). Apple can archive similar things so that theft is more costy but third party repairs are still mostly unconstrained.
In general I agree with your points. But reducing the profit achievable on stolen devices can reduce the motivation to steal them. Whereas there are already big risks involved in stealing a car so adding DRM wouldn't be that much of an impediment in that case. (And cars already do use DRM in various ways.)
I think it's always best for these things to come out if there's a flaw. You can bet if these guys found it that China, the US government, and 11 eyes by extension all knew about it before that. It's best to know the truth, that the security is broken, rather than crossing your fingers and hoping the security works.
If it really matters, Apple can bring an update that blocks these attacks. If the system depends on security through obscurity, sorry, that never lasts.
Well, somewhat. They’re doing a clever side channel based on the SEP’s RNG to panic the device when booting from DFU, but this has already been bypassed on older devices via a bug in SEPROM. I believe they already have code execution in the A11’s enclave as well, but that one has some sort of replay protection that complicates matters.
I wonder if this has security implications. The T2 houses the "secure enclave" and that's where your private keys, certificates and passwords are stored.
The things stored in the enclave are encrypted with a key derived from, among other things, your device password so no jailbreak is going to provide access to them.
It would be a big deal if one could, say, run 'offline' dictionary attacks against secure enclave content.
> run 'offline' dictionary attacks against secure enclave content.
Isn't the T2 chip the only reason they can't do that:: because it sets a minimum time-limit and cooldown period on attempts to authenticate using the device passcode?
So presumably rooting T2 and removing the artificial time limits and/or extracting KDF data would mean game-over because brute-forcing `[0-9]{4,8}`, with even the most expensive hash function - and with a salted hash - can probably be done on a desktop within a day.
...but why can't we do that today by de-capping the T2 chip and looking at its flash storage with an electron-microscope?
The Secure Enclave is just a part of the T2 chip. My understanding is that this is similar to if you jailbreak your iOS device, you won't get any special access to the Secure Enclave.
And as I understand it, it's also the Secure Enclave that enforces the attempt limits.
That’s right, but the T2 chip is based on the A10 one and has the same Secure Enclave; this enclave is vulnerable to the blackbird exploit discovered recently.
I don't think it's just that - the design intent is for the crypto operations to run only on the device and also to depend not just on a key derived from the user password but on parameters built into the device that are not accessible to the software. Just controlling the software is not necessarily enough to take the attempts off-device.
Nope. A salt is something different. It is persistent and part of the hash result. A seed is not persistent and not part of the result. ie. it can be generated on T2 power-on.
of course. Previously your keys are stored securely in a vault in a security facility but now the doors to the security facility is blown wide open. They still need to figure out the Secure Enclave though, which is no easy feat
If you follow the links you'll find https://checkra.in/ which gives you a dmg download - however the release notes don't mention anything about a T2 jailbreak. I would treat this with skepticism.
It does claim “partial bridgeOS support” which is the OS that runs on the T2. So maybe not as crazy. Good call though, it’s good to be aware of that sort of thing
This is huge! Does anyone know if Apple is able to ship updated software to patch this? I thought the T2 was fairly isolated from the rest of the system. If it’s not easy to fix OTA, this will be really painful for security.
Excited to see what sorts of things people build from this though! Would be cool to run a mini OS on the touch bar when the rest of the system is powered off.
Interesting. Does this mean that companies can now use this to unlock corp laptops that ex-employees have iCloud/activation-locked to their personal accounts without Apple's help? [+]
[+] Yes, I realize that this also applies to stolen laptops, but this is an actual pain point with running fleets of Macs, from what I've heard.
Are you saying that there is a long-term way to bypass Activation Lock? My understanding was that even if you bypass it locally (through jailbreak), you will not be able to use any of Apple's online services (iMessage, App Store, push notifications, etc) because Apple will not let this device register (and get the necessary client certificates) unless the original account's credentials are provided first, and this is enforced server-side and thus immune to local exploits.
Does the T2 have any secure storage like the A12 and newer, or are all boot ROM exploits essentially unpatchable? And do we know if this specific exploit is a boot ROM exploit?
It’s the checkra1n BootROM exploit, yes. T2 does have a SEP processor like every modern iPhone but that’s been recently cracked too (interestingly enough because Apple tried to run some trickery to “patch the unpatchable” using it).
Given that T2 is basically and ARM processor + other stuff, I wonder if it's possible to have a separate dump kernel, like OpenVMS. Some watchdog that runs on the chip, and either gracefully shuts down or handles a kernel crash.
So as I recently got a Mac from a guy and he don’t remember the password and I’m stuck on activation lock should I keep it or should I sell it or throw it ! Thanks a lot
Bottom line, can you use this exploit to read the user data on a recent (2019+) iPhone or MacBook if you have possession of the device and it's locked? Yes or no?
I imagine there’s no better incentive to get people to move en masse to your new architecture than an exploit for your old architecture that completely and irreparably breaks its security model showing up weeks before it’s released.
And so the futility of captured computing continues. I would love to write software for the Touch Bar that runs when I shut the MacBook down .. it'd be quite useful for some things, I imagine - such as using it for a remote control for other equipment I own.
Just imagine opening your laptop without turning it on, and using it to unlock your front door without getting up, or turning off/on the TV, or the temperature of the house.
Nothing. But I don't know about you, but I'm more likely to have a laptop nearby than my phone. Especially if the kiddo is playing his dragon game on it.
The checkra1n support is just in a PoC state, it will successfully exploit and boot the T2. The payload support is partially broken, but being worked on.
Additionally, we have SSH working over usbmuxd from a tethered device [2] and SSH working from macOS on device, with an SDK in the works [3].
Some key takeaways from the T2 being jailbroken:
- Custom Bootloaders (OpenCore, Coreboot, etc) are now possible as the T2 validates/sends the UEFI payload to PCH using a bridgeOS binary called MacEFIUtil, which can trivially have its signature checks patched.
- Filevault and by extension Touch ID are more or less crippled, especially in light of the recent SEP exploits. Amusingly, Apple uses a hardcoded "passcode", analogous to an iDevice's unlock pin in plain text within the UEFI firmware.
- Support for In-System Debugging of the PCH/Intel processor over USB. This works in a similar fashion to those Bonobo cable used for debugging iDevices [4]. We are working on building an accessory that you can purchase and plug into your Mac with a USB male endpoint exposing Intel's DCI debugging protocol.
- Lightweight AppleSilicon Tinkering environment. With SSH support from macOS on device, and the T2's modest specs, its a nice sandbox for messing with arm64 stuff. It's a pretty peppy chip, at times coming close to my 8th gen i7...yikes.
1. https://www.theiphonewiki.com/wiki/T8012_checkm8
2. https://twitter.com/qwertyoruiopz/status/1237904335184564224
3. https://twitter.com/su_rickmark/status/1286886010681462784
4. http://bonoboswd.com/