
Apple’s T2 security chip blocks some third-party repairs of new Macs - ccwilson10
https://www.theverge.com/2018/11/12/18077166/apple-macbook-air-mac-mini-t2-chip-security-repair-replacement-tool
======
macintux
> “This could be an attempt to grab more market share from the independent
> repair providers. Or it could be a threat to keep their authorized network
> in line. We just don’t know.”

Good grief. "Apple adds systems integrity hardware to reduce the risk of local
compromise" becomes "Apple is out to destroy your repair business" because
reasons.

~~~
agoodthrowaway
Thee articles are getting ridiculous. I recall the complaints about 3rd party
repairs to the fingerprint reader on iPhone. I never understood the spin that
Apple is blocking repairs on the device. The fingerprint reader is used to
unlock sensitive information and make payments. Locking that prevents all
kinds of Backdoor hacks around fingerprint security.

~~~
acid303
It was fine when they were blocking the readers, however the whole outcry
started because Apple started bricking these phones with error 53.

------
alphabettsy
This doesn’t seem like a very big deal.

Unless I read it wrong this only applies to repairs that could interfere with
the operation of the T2 security chip, but I’ve only ever had my Macs repaired
by Apple or authorized third-parties when I couldn’t do it myself so maybe
it’s just me not seeing the issue.

~~~
simongr3dal
I agree.

Even in Denmark where Apple doesn't have any officials stores, there are still
plenty of small tech repair shops that replace phone screens, and from what
I've noticed at least 50% of those are Apple Authorized Service Providers who
are able to repair any Apple product and also provide the service free of
charge if you are under warranty.

------
SEJeff
And by blocking some third-party repairs, it is also making it harder to
replace components with "backdoored" ones like the "big back" bloomberg
article posted recently. These types of changes at their core are good, even
if they're annoying.

~~~
fraudsyndrome
[https://www.cnbc.com/2018/10/22/aws-ceo-jassy-follows-
apple-...](https://www.cnbc.com/2018/10/22/aws-ceo-jassy-follows-apple-calls-
for-spy-chip-story-retraction.html)

Apparently that was debunked.

~~~
SEJeff
I realize it was debunked, but the core attack vector still exists. This type
of thing makes it harder (but definitely not impossible) to pull off.

------
overcast
Pretty much at the end of my 2008 Mac Pro rope. Along with repair-ability, the
base and upgrade pricing is just getting out of control. With a high spec mac
mini approaching 2k, I can only imagine what the new MacPro will end up being.
I sure as hell am not spending $6000+ on one. Next machine will be a coffee
lake Hackintosh, it really takes very little effort to install nowadays.

~~~
dpcx
You have a (probably) $6k machine that is still giving you a workable system
10 years later - doesn't that tend to suggest something?

~~~
64738
Mine's a mid-2010 MBP, only paid $1600 new (later upgraded the memory and
swapped to an SSD). It's still my main system eight years later.
Unfortunately, I can't install newer versions of the OS. I'm stuck at no
higher than 10.12(?), so now there's mainstream software I can't install
because of OS version requirements.

Kind of a bummer since it's still a good machine. 8+ years is a pretty good
run, but that doesn't mean I'm ready to replace it. I guess my point is, yeah,
even if initially expensive, it's been a good value. I hope the new ones are
similar...

~~~
overcast
You can definitely install a newer MacOS, they run fine. It's a 5 minute patch
to the installer, and away you go. My 2008 has been running High Sierra
without any issues.

[http://dosdude1.com/software.html](http://dosdude1.com/software.html)

~~~
64738
Very interesting! I have looked for ways to fake what version MacOS reports to
installers, but was unaware of methods to install the newer OSes. Thank you, I
sincerely appreciate the link :D

------
Wowfunhappy
Is there a technical reason why the T2 chip can't be disabled wholesale for
situations like this? Obviously, this would disable features like touch ID,
but that seems like an okay trade off.

~~~
Tsiklon
As I understand it - the T2 chip is also the storage controller for the Flash
storage used in these new machines, so if it were disabled you'd have to use
external storage.

~~~
dunham
That's interesting - are the encryption keys for the storage in a secure
enclave then?

~~~
alphabettsy
Yea.
[https://www.apple.com/mac/docs/Apple_T2_Security_Chip_Overvi...](https://www.apple.com/mac/docs/Apple_T2_Security_Chip_Overview.pdf)

------
mrobins
The newest Above Avalon podcast makes the case that Apple is embracing
secondhand markets and key to that is increasing device longevity.

If it’s true they’re thinking about devices as likely to have multiple owners
it makes sense to take precautions against hardware backdoors.

[https://www.aboveavalon.com/podcast/2018/10/26/above-
avalon-...](https://www.aboveavalon.com/podcast/2018/10/26/above-avalon-
episode-135-the-gray-market-factor)

