Apple proudly announces that its latest and best Mac models come with a T2 security chip, but what does it do? And, more importantly, does a T2 chip create more problems than it solves?
What is a T2 security chip?
The T2 is Apple’s second generation “security chip”. It combines several hardware controllers into a piece of custom silicon. These chips are common in smartphones for a while. However, the T2 is not only there for security reasons, it can also make a big difference in terms of overall performance.
So why do we call a security chip? The main reason is that the T2 is responsible for a secure start. It validates the entire startup process, from the second you press the power button until the moment your macOS desktop is displayed on the screen. In short, it verifies that the boot loader and the operating system are signed and approved by Apple, and that only approved drives are used to launch your operating system.
This prevents unsigned software from running at startup, which can be a problem if you occasionally boot to Linux. However, this is also how the chip protects your system; it prevents a third party from starting an unsigned operating system and trying to access your data.
T2 is also responsible for all encryption on the disk. Previously, this was handled by the CPU. By moving the process to a custom chip, performance is improved at all levels, as this gives more resources to the processor.
Both MacBook Pro and MacBook Air are equipped with Touch ID fingerprint scanners to log in and approve administrator-level requests. The T2 chip houses the secure enclave in which your fingerprint data can be safely stored. All verification requests, even those for third-party applications, are fully processed by the chip.
This means that apps never see or never have access to fingerprint data, this is how Face and Touch ID is managed on the iPhone and iPad. The software first requests verification and the T2 chip verifies the fingerprint against that stored in the secure enclave. The software is then informed of the result.
What else does the security chip do?
While its primary function is rooted in device security and encryption, the T2 also does a few other things. For example, it supports the System Management Controller feature found on older Macs. This controller manages behaviors related to power, battery and load, fan speed and internal sensors.
Apple has also entrusted audio processing tasks to the T2 chip, promising an increase in sound quality at all levels. The latest MacBook Pro sounds great, but the T2’s contribution to that is debatable. It handles both audio input and output and automatically closes your MacBook microphone when you close the cover.
The T2 is also an image signal processor, which converts the raw data received by a camera into the image you see on the screen. Apple promises “improved tone mapping, improved exposure control and automatic exposure and white balance based on face detection,” as does the iPhone.
One of the features that Apple is not announcing is improving video rendering times. In a set of independent tests, Apple Insider found the same rendering job on an older iMac without the T2 chip (but sharing the same processor) took about twice as long.
Which Apple Computers Have the Security Chip?
It is likely that Apple will eventually put the T2 (or its successor) in all Mac models. Since June 2020, the following Macs have the T2 chip:
MacBook Air (2018 or later)
MacBook Pro (2018 or later)
Mac mini (2018 or later)
Mac Pro (2019 or later)
Security chip issues
Although T2 is there to protect your system and improve performance, not all of it is good news. Apple confirmed the T2 chip also blocks certain third-party repairs. Unsurprisingly, this continues to be controversial among consumers who want to be able to repair their own devices, something the company has long opposed.
This means that certain components, such as the motherboard (motherboard) and the Touch ID sensor, require certain software diagnostics for the computer to function normally after repair. This forces customers to have repairs done at an Apple Store or through a third party authorized service provider.
The security chip also caused an audio glitch issue on some 2018 models when using the USB 2.0 audio interfaces. MacOS Mojave update 10.14.4 appears to have resolved these issues, although some still report problems. The problem does not appear to affect devices using USB 3.0 or higher.
Again, the main objective of T2 is to protect the boot process by only allowing certain software to run. This means installing another operating system, such as Windows, or running Linux from a live USB stick requires intervention.
Fortunately, you can simply press and hold Command + R while your Mac boots to launch the “Startup Security Utility”. This pre-boot utility allows you to disable secure boot by choosing “No security”, so that any operating system will run. You will also need to choose “Allow boot from external media” if you are using a USB drive to boot your operating system. Click on “Activate firmware password” if you want to password protect your decision.
Is the security chip here to stay?
The functionality provided by the T2 chip is probably something that Apple wants to keep. In the short term, we might see a “T3” revision, since silicon is iterated in future models.
however, Apple Moves Mac Line to Custom ARM Processors, like those of the iPhone and iPad. Right now, the T2 is a custom chip that sits alongside the Intel processors that the company has used for over a decade.
Apple will likely integrate T2 functionality directly into its system on chip in the future. So while we wouldn’t have a separate T2 chip, the component would still be present and would perform the same tasks in everything except the name.
The security chip is only the next step in Apple’s attempt to further secure macOS. He arrived alongside macOS Catalina, which introduced a suite of new security features in the fall of 2019.