WWDC 2018 takes place June 4 to June 8 in San Jose, California.
iMac Pro Features Apple's Custom T2 Chip With Secure Boot Capabilities

The T2 chip integrates several previously separate components, including the system management controller, image signal processor, audio controller, and SSD controller, for expanded capabilities on the iMac Pro.
For instance, Apple says the T2 chip's image signal processor works with the FaceTime HD camera to enable enhanced tone mapping, improved exposure control, and face detection-based auto exposure and auto white balance.
The T2 chip also has a Secure Enclave coprocessor that makes the iMac Pro even more secure with new encrypted storage and secure boot capabilities.
The data on your SSD is encrypted using dedicated AES hardware with no effect on the SSD's performance, while keeping the Intel Xeon processor free for your compute tasks. And secure boot ensures that the lowest levels of software aren't tampered with and that only operating system software trusted by Apple loads at startup.Cabel Sasser, co-founder of software company Panic, recently shared a few screenshots of the Startup Security Utility powered by the T2 chip.
⑤ Security. This new chip means storage encryption keys pass from the secure enclave to the hardware encryption engine in-chip — your key never leaves the chip. And, they it allows for hardware verification of OS, kernel, boot loader, firmware, etc. (This can be disabled…) pic.twitter.com/qKJ6bHdtr8
— Cabel Sasser (@cabel) December 12, 2017
"Full security" ensures that only the latest and most secure software can be run. Apple says this mode requires a network connection at the time of software installation. "Medium security" requires verifiable software to boot, but not the latest software, and "no security" lets the operating system boot freely.
iMac Pro became available to order today with 8- to 18-core configurations ranging in price from $4,999 to $13,199 in the United States. 14-core and 18-core models don't ship for an estimated 6-8 weeks.
Top Rated Comments
(View all)wait so isn't T1 in the new MacBook pro ?
Yes, the MBP has a T1. The iMac Pro has a T2. And the T101 will go back in time to kill Sarah Connor. Sorry, couldn't resist.
Why in the world would anyone buy one of these?
You obviously don’t need one and it’s a secret as to why a lot of folks need one, so I can’t tell you.
Presumably they'll show up on all Apple devices over the next couple of years..?
Yes, the MBP has a T1. The iMac Pro has a T2. And the T800 will go back in time to kill Sarah Connor. Sorry, couldn't resist.
I just remembered: Apple also has a patent for Liquid Metal. OMG! Apple's SkyNet!
Why in the world would anyone buy one of these?
Because its awesome and destroys my current iMac for editing.
....
If the T2 chip can perform real-time encryption while maintaining this performance then it’s not some “companion” chip - it would need some serious chops to do this.
Serious chops? No more than most of the other SSD controllers used by mid-upper tier SSDs these days. Sandforce controllers did 'on the fly' encryption more than several years ago. Once Apple takes the SSD controller duties away from a third party SSD controller, being able to do on the fly encrypt is simply just replacing the technological capability of a reasonable 3rd party solution.
AES was selected ( and designed ) to be relatively easy to be implemented in fix transistor logic implementations. The Intel CPUs can pragmatically do on the fly encryption from RAM. It is not so much "chops' as simply allocating sufficient transistor budget.
The bigger issue here is Apple taking that third party SSD position. More than likely this is a SSD that is soldered on logic board (like some recent laptops). A modular SSD that fit into a socket ( even Apple tweaked S2 socket) still has the controller on the card/module. If the controller is inside of this T2 chip then that is most likely soldered to the board. At that point the NAND chips would pragmatically need to be also.
Apple spent $390-400M more than several years ago to buy a SSD controller company ( //www.macrumors.com/2012/01/10/apple-confirms-acquisition-of-israeli-flash-memory-firm-anobit/), so not particularly surprising they are in process of kicking all the other 3rd parties out of standard Mac configurations across the whole Mac product line.
If forget the boot password , the drive is attached to the logic board, and have turned off booting from external devices .......... a bit more than dead in the water at that point. ( hopefully there is a service port that can trigger a secure erase. )
[doublepost=1513282146][/doublepost]
So what happens when your disk is encrypted but separated from it’s T2 enclave, because the T2 is fried, or another problem occurs with the mainboard that requires the SSD to be migrated to another machine?
This isn't particularly any different than if your current SSD's controller get fried. The SSD is dead. As for other drives FileVault2 , again if your secure boot partition's data is scrambled somehow (i.e., your key storage is nuked ) your disk is pragmatically toast. That current systems have highly approximately the same structural pitfall.
Largely same crypto key storage technique though that is used regularly on an order of magnitude larger number of iOS devices ( relative to number of Macs). Apple could screw it up if sloppy but don't really have an hardware crypto track record for that. Solid state storage that users/kernel can't mess with and extremely low number of writes and mostly read only. The failure modes are going to be relatively very small compared to normal general usage drive storage.
Seems like the T2 is great at protecting the data to be read by anyone, including the owner...
Owner forgetting password or T2 failing to function correctly .... which one is more likely ? I'm sure some owners will get locked out, but the root cause is probably not going to be the T2.
If the T2 chip can perform real-time encryption while maintaining this performance then it’s not some “companion” chip - it would need some serious chops to do this.
[ Read All Comments ]