“Six months ago, the chances of you getting a new Mac with a T2 chip were slim: only if you handed over a great deal of money for an iMac Pro would you get one,” Howard Noakley writes for Eclectic Light Company. “Now, most new Macs come equipped with a T2 – MacBook Air, MacBook Pro with Touch Bar, Mac Mini, and of course the iMac Pro.”
“You won’t see any difference,” Noakley writes. “There’s no splash screen to say that your Mac has a T2, and in ordinary use there’s nothing noticeably different. But start up in Recovery mode, try installing Linux using Boot Camp, or try starting up from an external drive, and the T2 will make its presence felt.”
“By default, even if you didn’t opt for your startup disk to be encrypted using FileVault when you first set your new Mac up, your startup disk will still be encrypted by the T2, and your Mac will be put into Full Security mode, with booting from external media disabled,” Noakley writes. “This may seem strange, but it doesn’t seem possible to get a Mac with a T2 chip to start up from an unencrypted internal drive: that disk will always be encrypted, no matter whether you turn FileVault ‘off’ or on. The difference it makes is that if you opt for FileVault to be ‘off’, the encryption will unlock using only its internal hardware UID (kept in the T2’s Secure Enclave), and won’t use your password in addition.”
Much more in the full article here.
MacDailyNews Take: The added security offered by Apple’s T2 is well worth any additional effort.
Apple’s T2 security chip brings real security to the enterprise – November 20, 2018
Apple’s new T2 security chip will prevent eavesdroppers from hacking your Mac’s microphone – October 30, 2018