
Ask HN: ELI5 how is the HW encryption in iMac Pros better than standard Macs? - whitepoplar
Hi HN. The new iMac Pro is nearly ready for sale, and one of the touted features is a &quot;T2&quot; chip that performs hardware encryption. How is this encryption scheme better than what is currently offered with standard Macs a la FileVault 2 FDE?
======
wahern
The T1 (new Macbook Pro) and T2 (iMac Pro) chips are ARM processors that run a
separate, security-oriented operating system outside of macOS. Think of it as
bringing iPhone-level credential protection to your desktop.

Not sure how it changes the security of FileVault--it depends on the
filesystem drivers and whether blocks can be decrypted on the T2 chip or if
the bulk decryption key needs to be visible to the macOS drivers. It's more
about protecting your long-term credentials, like public keys, passwords, and
other sensitive information (e.g. biometrics). As long as those credentials
never need to leave the T2 chip, they're much safer than if the regular macOS
kernel needed to know them. Rooting the macOS kernel (like rooting the Linux
kernel or Windows kernel) is fairly trivial, which means anyone who can manage
to install or control software on your machine effectively has visibility to
any secret keys directly readable by the kernel. If the secrets are encrypted
by your password, the moment you provide your password to decrypt them for use
by the macOS kernel, they can be stolen.

By off-loading management and usage of those secrets to a separate chip with a
more robust software stack and more limited attack surface, they're much more
likely to remain a secret. Though an attacker may be able to make use of them
(just like you can), the secrets are bound to the hardware, as opposed to the
attacker being able to copy the secrets off-machine without leaving a trace
and then using them at their leisure.

Think of it as the difference between a key to your house that can be stolen,
copied, and returned without your knowledge, versus a key to your house that
can never be copied, not even by you. An attacker would need to have control
over that single key to make use of it, which is a serious (though not
complete) impediment.

