The checkra1n support is just in a PoC state, it will successfully exploit and boot the T2. The payload support is partially broken, but being worked on.
Additionally, we have SSH working over usbmuxd from a tethered device  and SSH working from macOS on device, with an SDK in the works .
Some key takeaways from the T2 being jailbroken:
- Custom Bootloaders (OpenCore, Coreboot, etc) are now possible as the T2 validates/sends the UEFI payload to PCH using a bridgeOS binary called MacEFIUtil, which can trivially have its signature checks patched.
- Filevault and by extension Touch ID are more or less crippled, especially in light of the recent SEP exploits. Amusingly, Apple uses a hardcoded "passcode", analogous to an iDevice's unlock pin in plain text within the UEFI firmware.
- Support for In-System Debugging of the PCH/Intel processor over USB. This works in a similar fashion to those Bonobo cable used for debugging iDevices . We are working on building an accessory that you can purchase and plug into your Mac with a USB male endpoint exposing Intel's DCI debugging protocol.
- Lightweight AppleSilicon Tinkering environment. With SSH support from macOS on device, and the T2's modest specs, its a nice sandbox for messing with arm64 stuff. It's a pretty peppy chip, at times coming close to my 8th gen i7...yikes.
Sorry, what does this sentence mean? That someone with physical access to my machine can now unencrypt my FileVault encrypted hard drive?
If you use a strong password to encrypt your drive you should still be safe, unless Apple did something really stupid. The password is used as a one-way hash to generate the key.
However if you can login with Touch ID and they find a way to use known SE exploits, it's compromised. Your fingerprint isn't a secret that gets hashed – instead it's verified by the SE which also holds the secret key for the drive.
... then phase out your use, because proprietary systems will always get cracked given enough time.
This kind of advocacy is not only unhelpful but actually counterproductive
Probably not the best choice :) you never want to use proprietary software if security is a concern
Counting published vulnerabilities in open source systems vs closed source systems says nothing about the relative true ratio of vulnerabilities.
Does it? In order to claim that, one would have to have some idea of (a) the ratio of disclosed vulnerabilities to true vulnerabilities discovered in both open source, accessible code vs closed source, hardware locked code, and (b) the relative ratios of disclosed vulnerabilities.
Do you have any idea what either ratio might be? 1:1? 4:1? 1:4? 100:1?
If you read the thread, note that I’m not taking a side other than finding it absurd to claim that all open source products are inherently better than all proprietary products with no analysis or data.
I'm not GP and I'm not arguing for either side, just pointing i tout.
As long as the incentives of the developer of the security scheme and the end-user are aligned (so no backdoors), I would trust a widespread, proprietary solution which appears to stand up to significant attacks (the solution being widespread means there are lots of efforts underway to crack it) more than an open-source implementation that nobody uses.
Open source full disk encryption can be password cracked without limitations just like a hacked T2 chip. A sleeping open source full disk encryption machine can be accessed with enough skill to pull things out of frozen ram, etc.
LUKS and GEIL are full-disk encryption systems, and if you need FDE, you must use them under ZFS, not ZFS native encryption.
ZFS native encryption on Root is ~IS full disk encryption minus the boot-loader, i would say that's "full" interesting data encryption.
> It's a pretty peppy chip, at times coming close to my 8th gen i7...yikes.
Have you got any benchmarks? It is passively cooled right? I am really surprised to hear a ~2016 arm64 CPU can can beat a 2019 Intel i7 in even synthetic benchmarks.
Add a real world workload to the mix with heavy memory access and mixed compute workloads and the chips will diverge significantly in performance.
I work with some cross-platform code that has to run on mobile devices and desktop platforms. The advances Apple has made in low power performance are incredible, but the idea that their iPhone chips are as fast as desktop computers is still far from the truth unless you’re measuring specific, heavily optimized workloads.
I’m still excited to see what Apple can do with a full desktop level power budget though.
This is interesting; does this mean Apple isn't enabling Intel Boot Guard, relying only on the checks enforced by MacEFIUtil?
Fantastic work, by the way.
Part of me wonders if there could be a way to permanently disable DFU mode (preferably outside of epoxy in the upper left USB-C port). That would prevent someone from jailbreaking the T2, albeit you would no longer be able to replace the SSD or Touch ID sensor (not that you’d want to anyway if you were at risk).
Benign neglect (not creating limitations) is not the same as active interference (actively preventing) and Apple is much more on the side of active interference. They could simply do nothing (which is cheaper). They choose not to, at which point we get to question their motives.
In the end your question reduces to "why do you want anything at all that someone doesn't already make?" and that doesn't make alot of sense given that new products come out on the market all the time.
Kind of hard to have diversity/options if everyone keeps insisting all vendors do everything the same way.
The downvote button on Hacker News doesn't work like a dislike button by the way
Customers have a legal right to do basically anything they want with something that they own.
In the arguments about opening up the iPhone and forcing Apple to allow third party app stores and allow side loading I'm on Apple's side. I think Apple should decide what products they design, how they design them and what features they should have. If I like the feature set, I'll buy the. I do not think it's reasonable for other people to dictate to Apple what code they should write and how it should work, health and safety or deceptive marketing aside. The ability to side load apps would be a software feature that needs to be designed, coded, QA tested, secured etc. Who gets to make all those decisions? I don't think it makes sense to force Apple into doing these things if it doesn't want to do them. You don't like the inability to side load? Buy another phone.
On the other hand once I own a device, it's mine. If I have the ability to jailbreak it, or hack it, or do whatever to it that's my business, not Apple's.
Apple of course has an internal version of iOS that lets you do this.
I don't like the walled garden but i still brought a iPhone because iPhones get updates for really long time(3 years minimum). Iphone SE(1st gen) released in 2016 got the iOS14 update.
Yes it could be used that way. But they have never even indicated that they've been thinking of using the secure enclave for that purpose.
The T2 also has a particularly wonky approach to disk encryption. It uses a key management approach where neither you nor Apple control the actual key material. This means that a dead T2 takes your data with it and there is no recovery. In pre-T2 MacBooks, Apple had a lifeboat connector which could be used for data recovery from the soldered-on SSD. They got rid of this with the T2, because there's no point - only that specific T2 in that specific motherboard is ever able to decrypt the data.
Please. As for matching parts to the motherboard, they have a point when it comes to I/O devices. It’s probably way more cloak and dagger than most people will ever have to worry about but it’s not unheard of. Again, if you don’t want to think about such things and want a device that trades ease of repair for improved base security why isn’t that something that shouldn’t be a choice?
I’m generally pretty pro right to repair, but as with anything there are pro’s and con’s to all choices and I’m not fond of several of the right to repair arguments for government regulation being made. Apple is far from the only maker of computers out there. It is the only maker of macOS, but that still doesn’t justify people trying to dictate their business model - especially when many aspects of their business models are major reasons why I prefer their platforms.
Until then, clouds operate on a best-effort basis, some of which rely on hacks or break common use-cases (I can't put a Git repo in iCloud for example, and it doesn't perform well with lots of small files, and accessing the iCloud folder from the terminal apparently has problems). Why is iCloud still not a supported target for Time Machine, Apple's official backup solution for macOS?
Furthermore, most people do not make this calculation in their head of "Okay, anything I put behind the T2 is Apple's property now so I'd better have unencrypted backups". They just buy the computer that works and says that it keeps thieves and snoops out of their data. Everything we're talking about with backups comes as a post-purchase surprise, usually AFTER the data is already lost.
This is referencing the Touch Bar repair which means that the user has encrypted their drive with Touch ID. The only reason any repair would be harder is because the Touch ID sensor is paired to the secure enclave. The same goes for the SSD. Without the key, as you stated, you shouldn't be able to access the data so I don't see how that's any different than "having a data recovery mechanism". A data recovery mechanism shouldn't exist if you don't have the proper keys.
Then they got in a legal fracas with Epic and immediately retaliated against Epic by banning all their software from all Apple hardware!
Apple has shown they are very eager to use their position of power to strong-arm the competition, and these kinds of chips only add to their power.
Apple promised to the users (not Epic) they would only use notarization to block harmful software. Epic's software is not harmful to the user, and the lawsuit didn't change anything about that.
I think you don't understand how this works. The agreement itself is the subject of the lawsuit and thus MUST be violated in order to show harm. Epic did it on purpose in order to sue Apple and whether you agree with that or not, it is the only mechanism the law allows to make the agreement itself the subject of the suit. And Epic does have a right to sue Apple for whatever reason they choose.
Not to the consumer.
The T2 chip can prevent people from putting their OS of choice on their hardware once Apple deprecates support for their machine.
This is substantially inaccurate. Current versions of macOS run on nearly all Apple systems from 2012 (8 years old), with the exception of some 2012 Mac Pros. The limiting factor in most cases is GPUs -- macOS 10.14 and later require some GPU capabilities which weren't reliably available in 2012.
Catalina, released in October 2019, dropped support for MacBooks released before 2015, MacBook Air models from before mid-2012, MacBook Pro models from before mid-2012, Mac Minis from before late 2012, and Mac Pros from before late 2013. Do the math and that is 5 to 7 years between initial release of the hardware and deprecation by macOS.
Those machines were all sold in 2011 or earlier. Saying "before 2015" is misleading, because the MacBook name was used during two disjoint periods to refer to two completely different machines.
Between 2006 and mid-2011, the MacBook brand name was used for a line of low-cost Core 2 laptops, most of which had plastic cases. (Some sales to schools continued through 2012.) These are the laptops which were not supported by macOS 10.14 and later.
Between mid-2011 and 2015, there were no computers sold under the MacBook brand. Apple only sold laptops under the MacBook Air and MacBook Pro brands during this period.
In 2015, Apple reused the MacBook brand name for a line of 12" ultraportable laptops. These are supported under current releases of macOS.
No, models release before 2015 were deprecated. Same thing with the models of other lines that only had 7 years before being deprecated by macOS.
My money is on the second option but AFAIK there's no study like this.
Do you have any thoughts about what Apple's switch to own-brand ARM chips in laptops and desktops will mean for T2/T3/etc?
This is because I honestly cannot find a laptop with the combination of 64+ GB RAM, a non-NDIVIA GPU (edit: to clarify, this is because of NVIDIA's notoriously bad compatibility with Linux), and other premium hardware aspects like its market-leading trackpad at this time - and I doubt that will change anytime soon.
I live with the debilitating T2 kernel panic hardware bug every week. There's also a very bad graphics bug that I and many others are facing. (Not sure if that one can be avoided by simply using Linux.)
I just want to do away with this T2 chip, and whatever it does to get in the way of an otherwise great Intel-based computing experience. The CPU can handle all my encryption just fine...
Thank you to your team for what you're doing. I assume Apple will constantly patch T2 jailbreaks with future macOS system updates (as that's how firmware is updated), and play a long-term cat and mouse game.
One of these years we'll get a comparable AMD laptop. Fingers crossed.
You can also buy any newer Thinkpad (my recommendation). They are also available with AMD CPUs.
It's pretty easy to buy Linux laptops these days.
I'd rather just have/use Intel GPU over them as well, I am not a laptop gamer to need anything NVIDIA offers in exchange for the pain in maintenance using out of tree modules to me.
Depending on which distro you use NVIDIA grapics can be quite painless. Using Pop!_OS, I just had to download the correct iso from their downloads page.
I believe most other distros have NVIDIA's drivers in their non FL/OSS repos as well.
Optimus graphics will even work with the most current drivers.
I can switch to built in Intel video for better battery but it requires a reboot. I see this as a stopgap. My home machine has an amd video.
I only need the NVIDIA graphics every so often on my laptop though, so it's fine for me.
On desktop I've had no issues.
In my experience they're largely OK. There are some rough edges - you'll struggle to get Steam and CUDA working at the same time, for example - but no showstopping problems.
I certainly don't have a debilitating kernel panic every week :)
It's only MBP NVIDIA GPU in Linux (older model) that I have extensive experience on so far, and it's been terrible with nouveau.
All this is on top of the fact that they still don't support Wayland and you have to reboot to switch between the igpu and the nvidia gpu.
Last time I looked, it was perfectly possible to install them directly, without support by the distro. Yes, it's more work.
> Nvidia gpus require proprietary drivers
There's an open source driver, nouveau, but of course it's behind the newest hardware.
Yes, you can install them and they will break with every single update and you need to re-install them. And you will encounter bugs that no-one has any idea why they are there and no-one will help you with.
>There's an open source driver, nouveau, but of course it's behind the newest hardware.
It's not just behind, it's actively sabotaged by nvidia by locking basic hardware functions behind closed firmware that it encrypted.
Yes but to GP’s stated requirements, the trackpad feels like trying to push a marble around in peanut butter.
Only 14”, and perhaps less performant, but here is this one: https://puri.sm/products/librem-14/.
Forgive my ignorance, why is there not much they can do and what have they tried?
So there is a team working on this? What is the incentive model? Are you paid to do this work? What is the revenue model?
I woke up today learning my MacBook Pro is now substantially less secure but why? So I can run games on the touch bar? So I can use the T2 as a raspberry pi?
The bootROM flaw allows for an exploit that can only be executed with physical access, another Mac and DFU mode. It's not persistent.
The main use of this exploit was to install unsigned code on iOS devices (jailbreaking.) The team is doing it for free, however many contributors take advantage of Apple's bug bounty program for income, therefore making newer devices more secure.
Granted, owners of the affected hardware might not like it, but this sheds light on issues that are actually present in the hardware. Who's to say that "law authority" or some criminal organization didn't do any work on this without intention to publish their results?
If people have sensitive data and were counting the T2 chip to keep it secure, now they know there are limitations to this security model. They can now weigh the pros and cons and, if applicable, set up an alternative that will be more secure. This could also push Apple to provide better security in upcoming products.
Furthermore, the entire point of a jailbreak is to regain root access to your own device - Apple provides no way for a user to do so, which I find at least somewhat irksome. The way it currently stands, all iOS devices ship with Apple having total control over the device, and a jailbreak lets you claw back control by force if you so choose.
Everything he exposes will be fixed and improved. If anything he's helping make Apple devices more secure.
Showing security problems is the opposite of making Technology less secure. Maybe ask Apple why they think it's a good idea to have closed source special chip at all.