What is the Mac T2 Chip: Security and Functions

June 21, 2020 Matt Mills Hardware 0

Apple Macs are increasingly including new and better functions that allow working in a more comfortable way, but also much more secure. When you buy a new Mac, you can see the type of processor, RAM or graphics, but there is also an essential component that offers numerous functions: the T2 chip. In this article we tell you everything you need to know about this chip that can go unnoticed by many.

What is the T2 chip

As its name suggests, the T2 chip is the second generation of Apple’s proprietary security chip and made of silicon. It is important to emphasize that this is a system complement that is vital to keep all our data secure. As the owner of Apple itself, no external company that can manipulate the code intervenes, thus offering important features for users.

Mac T2 Chip: Security and Functions

Keep in mind that operating systems can have security holes that hackers take advantage of to infect computers. macOS is not exempt from this practice and that is why from Apple they work to have a totally safe start. That is why the T2 chip has an important sense in security to mitigate software and hardware attacks. This is seen for example when you want to make a change to a basic component of the Mac, which requires manipulation by someone skilled. This is because the T2 chip guarantees that nobody outside of Apple can manipulate the equipment.

chip T2

This chip plays a leading role in the startup of the Mac. When the computer is turned on, the firmware and code will be reviewed and then give way to the operating system kernel. In this way, the danger posed by the injection of malicious code, called bootkits, is avoided. The problem is that the flash chip was eliminated, which creates a security breach in this sense.

Secure boot enhancements

One of the features offered by the T2 chip is the possibility of making a secure boot on the Mac. This way you can ensure that only a completely legitimate and reliable version of the operating system is loaded. Obviously, this prevents us from using a version of the operating system that is corrupt or is not signed by Apple itself. This boot system offers different security modes to start the operating system, which are the following:

  • Complete security: boot default setting. Internet connection is required, since it will try to recognize the operating system and if it cannot be done, it will connect to Apple’s servers to download the necessary information to verify the operating system. Obviously in this way you will have the guarantee that you are using a totally reliable OS to work. If there is any suspicion, you may be asked to update the OS of the boot disk or to reinstall it.
  • Medium security: as in the previous case, the Mac will verify the installed operating system but does not require any type of internet connection. That is why you cannot avoid using an illegitimate OS.
  • No security: no criteria are imposed on the boot disk to start the OS.

Change secure boot settings

You as a user can decide how you want to start your Mac. We always recommend that you check the maximum security option to be sure of using a legitimate operating system. But if you want to change to other security options, you can always do it by following these steps:

  1. Turn on your Mac and hold down the ‘Command’ key and the ‘R’ key at the same time.
  2. When you see the ‘macOS Utilities’ window go to Utilities> Boot Security Utilities. You will find these options in the upper toolbar.
  3. Enter your Mac’s password and select the security level you want.

arranque seguro macOS chip T2

Better security in Touch ID

The latest MacBooks include the ability to use your fingerprint to unlock your Mac and authenticate to various applications. This technology called ‘Touch ID’ has lived with us for many generations on the iPhone and has now made the leap to the Mac.

One of the biggest concerns you may have is the fate of this fingerprint information. There was much controversy over whether this data was stored on servers as it could undermine the privacy of users. Having someone’s fingerprint is a great responsibility, and that is why Apple has wanted to detail that it does not leave the Mac. Thanks to the T2 security chips, the information is stored here and cannot be manipulated in any way or uploaded. to the iCloud Drive service. This is undoubtedly one of the great star functions and may be more ‘hidden’ from users. Since we must remember that with the fingerprint you can make payments through Apple Pay, a very delicate aspect.

Encrypted storage

As we have repeated throughout the article, the T2 chip offers numerous security functions. One of these is related to storage, since the company always tries to protect the data in the storage units. Specifically, the data from the solid state drive or SSD integrated in the Mac is encrypted with an AES engine that is hardware accelerated and integrated in the T2 chip. Encryption is achieved through 256-bit keys with a unique identifier within the chip itself.

In addition to offering high encryption speed, the T2 chip is prepared for possible disasters, such as the part that houses the encryption keys suffering some type of damage. Specifically, you can always recover the contents of the unit through backups even if the chip is totally damaged. That is why you should always make backup copies in Time Machine or any other method to avoid losing the data on the SSD.

In addition, activating FileVault is essential to further protect the data, since this will always ask for a password to access it. This security option can be found in System Preferences> Security and privacy.

Mac with T2 chip

Not all Macs on the market have a T2 security chip. This is a component that began to be installed from 2018 on the computers that were launched. This chip, as we have seen previously, offers interesting security-related features. If we go to the official list of devices, the Macs that include this type of chip are the following:

  • iMac Pro
  • 2019 Mac Pro
  • 2018 mac mini
  • 2018 or later MacBook Air models
  • 2018 or later Macbook Pro models

El nuevo iMac Pro saldrá a la venta en diciembre de este año.

Check if your Mac has a T2 chip

If you do not know very well what Mac you have, you can always check if your computer has a T2 chip in the system information. To make this query you can follow the following steps:

  1. In the upper corner of your Mac click on the Apple icon.
  2. Click on ‘About this Mac…’
  3. Go to ‘System Information’.
  4. In the sidebar go to the section that says ‘Controller’ and click on it.

If you have a T2 chip on your Mac, it will appear on this information screen as ‘Apple T2 Chip’. In this way you will have full knowledge of what is installed in the bowels of your device.