“Six months ago, the chances of you getting a new Mac with a T2 chip were slim: only if you handed over a great deal of money for an iMac Pro would you get one,” Howard Noakley writes for Eclectic Light Company. “Now, most new Macs come equipped with a T2 – MacBook Air, MacBook Pro with Touch Bar, Mac Mini, and of course the iMac Pro.”
“You won’t see any difference,” Noakley writes. “There’s no splash screen to say that your Mac has a T2, and in ordinary use there’s nothing noticeably different. But start up in Recovery mode, try installing Linux using Boot Camp, or try starting up from an external drive, and the T2 will make its presence felt.”
“By default, even if you didn’t opt for your startup disk to be encrypted using FileVault when you first set your new Mac up, your startup disk will still be encrypted by the T2, and your Mac will be put into Full Security mode, with booting from external media disabled,” Noakley writes. “This may seem strange, but it doesn’t seem possible to get a Mac with a T2 chip to start up from an unencrypted internal drive: that disk will always be encrypted, no matter whether you turn FileVault ‘off’ or on. The difference it makes is that if you opt for FileVault to be ‘off’, the encryption will unlock using only its internal hardware UID (kept in the T2’s Secure Enclave), and won’t use your password in addition.”
Much more in the full article here.
MacDailyNews Take: The added security offered by Apple’s T2 is well worth any additional effort.
SEE ALSO:
Apple’s T2 security chip brings real security to the enterprise – November 20, 2018
Apple’s new T2 security chip will prevent eavesdroppers from hacking your Mac’s microphone – October 30, 2018
Clear as mud. The Filevault control panel is now just a password prompt selection.
https://support.apple.com/en-us/HT208344
“…without FileVault enabled, your encrypted [backup] SSDs automatically mount and decrypt when connected to your Mac.”
It’s just another necessary layer of obnoxious security in Apple’s ecosystem to try to stay steps ahead of NSA’s, Google’s, FB’s ubiquitous spying, general corporate thefts, and thefts from competing nations. But no amt of Apple’s T2 security can prevent US military contractors from sharing vital classified data to Russia, for just one example, in order to assure a continual pipeline of new Pentagon contracts to keep technological pace with the “enemy.” General taxpayers, workers, are unaware of this grossly wasteful, treasonous scam.
Love how you (ridiculously) lump NSA in with Google and Facebook. Sure, they’re all the same. Then you digress to even more ludicrous statements.
This article and similar articles might help:
https://www.fastcompany.com/3012652/tracking-the-nsas-secret-surveillance-programs#!/
And whatever the NSA and other gov. and corporate spy agencies still can’t get legally because certain laws prohibit it, they can just purchase it. Simple and legal in the US. Then there is the so-called “Five Eyes.”
So please explain to us lay-persons how we are supposed to boot from an external SSD with all my troubleshooting utilities etc on it? I don’t want to use Filevault as I am the only person using my machine, and there are no state secrets on it – all this seems to be making it harder to use our own machines the way we want to!
There’s a startup security utility (accessible from CMD-R recovery mode Tools menu) that lets you enable booting from external disks.
–Rob
The day of complex Apple has arrived.
… this negates the use of SuperDuper as a bootable backup?
can anyone confirm?