"I don't like closed systems that I have no oversight into"
Whoa there, so you have insight into all those chipsets on your current motherboard? You know, the ones that are outside the CPU, made by third parties and control your audio, communications, video, networking, etc?
> You have two systems: A) T2 SOC B) Multiple chipsets working on its own. In both cases, it is a closed system.
Sorry but I have to disagree with that. In the latter case, it's not a closed system because the manufacturers of the chips (Intel, Realtek, etc) have publicly available datasheets describing in detail how to configure and use the chips. This allows people to write their own drivers for the hardware.
The article says the T2 is implementing, at a minimum:
* RAID
* Sound
* Storage encryption
I have yet to see a public datasheet from Apple describing how a third party OS like Linux can utilize the features of the T2.
You can get chipset datasheets from Intel which describe the registers, how to configure them, chipset IO pins, etc. [1]
Similarly, you can get datasheets from audio chipset manufacturers that describe their chips in detail. [2]
Same goes for many other components in a standard PC system, such as the SuperIO chip, TPM, USB controllers, etc.
What Apple is doing is making more and more of their hardware proprietary, and (to my knowledge) not publishing a datasheet for these replacement components. This will actively harm anyone trying to run a non-Apple OS on the hardware.
Sure, the component datasheets can't help you verify that the chip isn't doing something nefarious interally, but how is that any different than trusting Apple not to have any bugs or do anything nefarious in the T2?
The replacement of components having publicly available datasheets with one that is a black box bothers me.
Thanks for the detailed response. I understand your point completely - I agree that having datasheets publicly available certainly provides a level of transparency.
The problem is that you're already trusting Apple by buying their system which is inherently closed. macOS is a completely closed OS with literally zero information about how these discrete chips may be used. The datasheet provides you with the API to the hardware, but you have no idea how Apple would be using the microphone for example - whether it is T2 chip or Realtek.
GP's argument about "closed system" is moot when you're talking about using an inherently closed system - meaning, OS + Hardware.
Also datasheets are what Realtek, for example, wants to publicize. How would you know if there is additional functionality built into the controller for backdoors, etc. that is deliberately left out of the datasheet?
> The problem is that you're already trusting Apple by buying their system which is inherently closed.
What? Perhaps we have different definitions of a closed system.
I mean, even if you buy a Librium you're still getting a "closed" system because there are binary blobs such as microcode updates that run on it.
The only way you can have a 100% open system is if it's open source hardware and something like RISCV (IMHO).
Anyway, with a datasheet for the motherboard components there's a reasonable chance that someone could get coreboot working on the board. Without datasheets, it's nearly impossible to replace the system firmware with a different implementation.
> macOS is a completely closed OS with literally zero information about how these discrete chips may be used.
I think Apple is still releasing the XNU source, so you should be able to glean some information about the device functionality from the kernel module source code (assuming that is also published). [1]
> The datasheet provides you with the API to the hardware, but you have no idea how Apple would be using the microphone for example - whether it is T2 chip or Realtek.
So what? I never said I wanted to know how macOS is using the microphone.
> GP's argument about "closed system" is moot when you're talking about using an inherently closed system - meaning, OS + Hardware.
No, it's moot for your specific definition of a closed system. My definition of a "closed system" differs from yours.
> Also datasheets are what Realtek, for example, wants to publicize. How would you know if there is additional functionality built into the controller for backdoors, etc. that is deliberately left out of the datasheet?
You don't. Invest in tin-foil hat manufacturers.
> I understand your point completely - I agree that having datasheets publicly available certainly provides a level of transparency.
From your response I don't get the impression that you understand my point at all.
My point was that Apple is replacing standard components used in PC designs since decades with a black box and not publishing a data sheet.
I didn't argue that macOS was open. I didn't claim Apple should provide the VHDL files of the T2. I just said, if they're going to replace components with public datasheets with a magical black box lacking any public datasheet, I don't like that.
My comment was specifically about how lacking a datasheet for the T2 is going to make using the computer with Linux (and without forcing the T2 into "terribly insecure" mode) much more difficult.
Knowing the datasheet = Knowing exactly how the chips are being used.
That's not true at all. You have no insight into the source code. Knowing the datasheet just gives you the functionality definition and capabilities of a particular chipset.
Let's agree to ignore vendors going to the additional effort of putting in intentional back doors in their chips for the moment. That's not the issue I'm discussing in any of my comments.
> I do and what you are claiming is:
That is not what I'm claiming at all. The datasheet is the hardware equivalent of an API interface. I have not stated otherwise.
> Knowing the datasheet = Knowing exactly how the chips are being used.
By having the datasheet and the kernel source code you can see how the chips are being used by the operating system.
Without the datasheet, you have to reverse engineer what the OS/kernel is doing to the chip.
If you also happen to lack the OS/kernel source code, then you have to resort to black box reverse engineering.
> Knowing the datasheet just gives you the functionality definition and capabilities of a particular chipset.
This. Is. Exactly. My. Point.
Apple is still, to my knowledge, not publishing any datasheets for the T2. Therefore you CANNOT KNOW the "functionality definition and capabilities of" the T2 inside the iMac Pro except by the methods I describe above (either source code inspection or black box reverse engineering).
None of my comments have been about the internal operations of these chips or what nefarious nation states or three letter agencies may or may not be doing. It was entirely about Apple replacing components with datasheets with a component lacking a datasheet. jfc
Remember all those components can't "talk" directly to other components. They must all go through the CPU. So if your graphics card want's to make an internet connection, it must go to the CPU which will then go to the network device.
So if you don't have control over a peripheral (say your GPU for example) then yes, it could be doing things you have no control over. But it can't interfere with anything else unless the CPU says so.
But if you don't have control over your CPU, the "central" processing unit, then it's game over.
Not having a central controller multiple subsystem vendors would have to cooperate using an agreed DMA communication protocol to monitor you and send the information back using the wifi/ethernet chip. Possible but unlikely.
The IOMMU functionality is built into the Platform Controller Hub, which is between the baseboard management controller (the ARM) and the main processor.
Theoretically it would be possible to prevent DMA between the two, but it is highly doubtful Apple would program it that way.
He said he didn't like it, not that he refused it in ever case. I don't like it but I accept there are certain limitations I must deal with. Its about trade-offs and where you draw the line.
Whoa there, so you have insight into all those chipsets on your current motherboard? You know, the ones that are outside the CPU, made by third parties and control your audio, communications, video, networking, etc?