Hi HN. The new iMac Pro is nearly ready for sale, and one of the touted features is a "T2" chip that performs hardware encryption. How is this encryption scheme better than what is currently offered with standard Macs a la FileVault 2 FDE?
The T1 (new Macbook Pro) and T2 (iMac Pro) chips are ARM processors that run a separate, security-oriented operating system outside of macOS. Think of it as bringing iPhone-level credential protection to your desktop.
Not sure how it changes the security of FileVault--it depends on the filesystem drivers and whether blocks can be decrypted on the T2 chip or if the bulk decryption key needs to be visible to the macOS drivers. It's more about protecting your long-term credentials, like public keys, passwords, and other sensitive information (e.g. biometrics). As long as those credentials never need to leave the T2 chip, they're much safer than if the regular macOS kernel needed to know them. Rooting the macOS kernel (like rooting the Linux kernel or Windows kernel) is fairly trivial, which means anyone who can manage to install or control software on your machine effectively has visibility to any secret keys directly readable by the kernel. If the secrets are encrypted by your password, the moment you provide your password to decrypt them for use by the macOS kernel, they can be stolen.
By off-loading management and usage of those secrets to a separate chip with a more robust software stack and more limited attack surface, they're much more likely to remain a secret. Though an attacker may be able to make use of them (just like you can), the secrets are bound to the hardware, as opposed to the attacker being able to copy the secrets off-machine without leaving a trace and then using them at their leisure.
Think of it as the difference between a key to your house that can be stolen, copied, and returned without your knowledge, versus a key to your house that can never be copied, not even by you. An attacker would need to have control over that single key to make use of it, which is a serious (though not complete) impediment.
Not sure how it changes the security of FileVault--it depends on the filesystem drivers and whether blocks can be decrypted on the T2 chip or if the bulk decryption key needs to be visible to the macOS drivers. It's more about protecting your long-term credentials, like public keys, passwords, and other sensitive information (e.g. biometrics). As long as those credentials never need to leave the T2 chip, they're much safer than if the regular macOS kernel needed to know them. Rooting the macOS kernel (like rooting the Linux kernel or Windows kernel) is fairly trivial, which means anyone who can manage to install or control software on your machine effectively has visibility to any secret keys directly readable by the kernel. If the secrets are encrypted by your password, the moment you provide your password to decrypt them for use by the macOS kernel, they can be stolen.
By off-loading management and usage of those secrets to a separate chip with a more robust software stack and more limited attack surface, they're much more likely to remain a secret. Though an attacker may be able to make use of them (just like you can), the secrets are bound to the hardware, as opposed to the attacker being able to copy the secrets off-machine without leaving a trace and then using them at their leisure.
Think of it as the difference between a key to your house that can be stolen, copied, and returned without your knowledge, versus a key to your house that can never be copied, not even by you. An attacker would need to have control over that single key to make use of it, which is a serious (though not complete) impediment.