Welcome to your new Mac: Living with Apple’s T2 chip

“Six months ago, the chances of you getting a new Mac with a T2 chip were slim: only if you handed over a great deal of money for an iMac Pro would you get one,” Howard Noakley writes for Eclectic Light Company. “Now, most new Macs come equipped with a T2 – MacBook Air, MacBook Pro with Touch Bar, Mac Mini, and of course the iMac Pro.”

“You won’t see any difference,” Noakley writes. “There’s no splash screen to say that your Mac has a T2, and in ordinary use there’s nothing noticeably different. But start up in Recovery mode, try installing Linux using Boot Camp, or try starting up from an external drive, and the T2 will make its presence felt.”

“By default, even if you didn’t opt for your startup disk to be encrypted using FileVault when you first set your new Mac up, your startup disk will still be encrypted by the T2, and your Mac will be put into Full Security mode, with booting from external media disabled,” Noakley writes. “This may seem strange, but it doesn’t seem possible to get a Mac with a T2 chip to start up from an unencrypted internal drive: that disk will always be encrypted, no matter whether you turn FileVault ‘off’ or on. The difference it makes is that if you opt for FileVault to be ‘off’, the encryption will unlock using only its internal hardware UID (kept in the T2’s Secure Enclave), and won’t use your password in addition.”

Much more in the full article here.

MacDailyNews Take: The added security offered by Apple’s T2 is well worth any additional effort.

Apple’s T2 security chip brings real security to the enterprise – November 20, 2018
Apple’s new T2 security chip will prevent eavesdroppers from hacking your Mac’s microphone – October 30, 2018


  1. It’s just another necessary layer of obnoxious security in Apple’s ecosystem to try to stay steps ahead of NSA’s, Google’s, FB’s ubiquitous spying, general corporate thefts, and thefts from competing nations. But no amt of Apple’s T2 security can prevent US military contractors from sharing vital classified data to Russia, for just one example, in order to assure a continual pipeline of new Pentagon contracts to keep technological pace with the “enemy.” General taxpayers, workers, are unaware of this grossly wasteful, treasonous scam.

  2. So please explain to us lay-persons how we are supposed to boot from an external SSD with all my troubleshooting utilities etc on it? I don’t want to use Filevault as I am the only person using my machine, and there are no state secrets on it – all this seems to be making it harder to use our own machines the way we want to!

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.