Apple Seemingly Unable To Recover Data From 2018 MacBook Pro With Touch Bar When Logic Board Fails

An anonymous reader shares a report: In 2016, when Apple introduced the first MacBook Pro with Touch Bar models, the repair experts at iFixit discovered the notebooks have non-removable SSDs, soldered to the logic board, prompting concerns that data recovery would not be possible if the logic board failed. Fortunately, that wasn't the case. Apple has a special tool for 2016 and 2017 models of the MacBook Pro with Touch Bar that allows Genius Bars and Apple Authorized Service Providers to recover user data when the logic board fails, but the SSD is still intact. [...] But, unfortunately, it appears the tool will not work with the latest models.

Last week, iFixit completed a teardown of the 2018 MacBook Pro, discovering that Apple has removed the data recovery connector from the logic board on both 13-inch and 15-inch models with the Touch Bar, suggesting that the Customer Data Migration Tool can no longer be connected. MacRumors contacted multiple reliable sources at Apple Authorized Service Providers to learn more, and based on the information we obtained, it does appear that the tool is incompatible with 2018 MacBook Pro with Touch Bar models. Multiple sources claim that data cannot be recovered if the logic board has failed on a 2018 MacBook Pro. If the notebook is still functioning, data can be transferred to another Mac by booting the system in Target Disk Mode, and using Migration Assistant, which is the standard process that relies on Thunderbolt 3 ports.

Worst MacBook yet

[Lucas123]

Between having only USB Type-C ports, not being able to interface with most displays (even after you purchase the expensive adapter), that user unfriendly "touch bar", a kludgy keyboard and what I consider to be a rather slow boot-up and shutdown process, this latest MacBook is the worst I've ever owned

.

Considering the price premium you pay for that Apple symbol on the cover, this computer should cook you breakfast in the morning, including brewing the espresso and bringing it to your bedside.

I was shocked by how badly this system missed the mark

Re:iCloud sales...

[MightyYar]

Several years ago, this would have been a problem. But now Apple lets you backup to an SMB share and many other manufacturers sell routers that will happily share an attached USB drive.

Another problem with an irremovable hard drive/SSD

[b0s0z0ku]

With a removable hard drive/SSD, you can swap it for a "clean" one while traveling abroad to avoid border guards abusing their authority and (say) stealing sensitive corporate or medical data. Takes five minutes on an older MacBook or (better yet) a Thinkpad.

If the thing is soldered in, your only choice is full backup, zero, reformat, reinstall or carry two computers.

Re:Take away lesson: Back your computer up regular

[Anubis+IV]

Actually, the issue has nothing to do with the fact that you can't remove the drive. The article spells out the actual cause of the issue: hardware encryption.

The data recovery port was likely removed because 2018 MacBook Pro models feature Apple's custom T2 chip, which provides hardware encryption for the SSD storage, like the iMac Pro, our sources said.

I.e. They removed the port because the port was useless in light of their change to using hardware encrypted drives. Even if the drive wasn't soldered in, even if you could remove the drive and plug it in elsewhere, it wouldn't help. This falls into the category of "it's a feature, not a bug" sort of issues, since this was an intentional change on their part to increase the security of the devices—something it does rather well—but it comes at the cost of data recovery in situations where the hardware fails.

Hopefully, the pros buying these models are aware of the importance of regular, frequent backups and already have a backup plan in place and tested, especially since this sort of feature is becoming the norm across more and more Apple (and non-Apple) products these days (e.g. all iPhones and iPads have been hardware encrypted for years, two of the most popular Macs now have it enabled by default, numerous Android phones have it enabled out of the box, and the list goes on and on). There are, of course, stories about people losing access to their data after their devices get mangled, but for the most part, hardware encryption is widely hailed as being a good thing, particularly among the technically literate crowd, so it's a bit disappointing to see a /. summary focus on the downside without explaining the "why?" behind it.

Re:Take away lesson: Back your computer up regular

[Jahoda]

especially since this sort of feature is becoming the norm across more and more Apple (and non-Apple) products these days

. No. Stop right there. This is not the norm in any laptop from any manufacturer. I challenge you to name me a single laptop vendor who is soldering the NVMe drive to the motherboard rather than using the industry-standard m.2 slot. You can't because there's aren't any

I have experienced multiple NVMe disk failures on laptops I manage, I have also experience board failures of systems using NVMe disks. In the first case, it is a negligible repair taking minutes, in the second case, equally easy to pop out the drive, mount it in a PCIe bridge card, and grab the data off.

Stop trying to normalize this latest instance of apple's short-sided thinking, which appears to be driven by only one "long term" goal, that is to say replacement of hardware with new garbage the second it dies even a minute out of warranty.

The fact that you try to reduce this down to a "huhr duhr poer users need backups" argument is preposterous.

Re:Take away lesson: Back your computer up regular

[dgatwood]

I would want my laptop to be 100% encrypted, in case i decided to travel to america or something.

Apple laptops have had optional full-disk encryption for seven years, and optional home directory encryption for fifteen years. Moreover, full-disk encryption has been automatic for four years. In no way should you interpret my comments to in any way imply that full-disk encryption itself is inherently risky. It is only the new implementation of FDE that is poorly designed.

In previous hardware iterations, you could copy the underlying encrypted data to an external hard drive using a specially designed cable attached to another computer. When the user attaches that external hard drive to a new machine, the computer's built-in firmware would ask the user for the password to unencrypt the disk. If he or she knows that password and types it in, the new computer would then be able to retrieve data from that copy just as easily as the original computer could retrieve it from the original flash drive.

Similarly, historically, if you didn't know the password, but printed out a copy of the recovery key, you could use that to decrypt your data.

What changed (reportedly) is that instead of using a pure software-based encryption scheme, they moved to a hardware-accelerated scheme, and instead of having the user be in complete control over the crypto key used, they began using a key that is burned into ROM on a chip on the motherboard for part (hopefully not all?) of the encryption. The result is that even if you copy the contents of the flash silicon to a new machine, that unchangeable hardware key cannot be retrieved (without uncapping the chip and using an electron microscope). Thus, even if you have the password or a recovery key, it is still not possible to decrypt the data without the chip from the original machine.

That is the flaw. Ostensibly, this reduces the risk of someone copying the encrypted data to another machine and then trying to brute-force your password, but in practice, this is a level of sophistication beyond all but the most targeted attacks. The overwhelming majority of people outside the corporate world would rather have the ability to recover their data in the event of a non-storage failure of their computer, rather than have that small bit of additional protection against attacks by CIA-level operatives. That's why that extra level of protection should be an extra checkbox that the user has to check when turning on the machine. Otherwise, it should use normal (but hardware-accelerated) FDE using a key that is entirely under the user's control, with the option of a recovery key, the ability to decrypt a copy of the disk, etc.

Enabling FDE does, of course, present a slightly greater risk of data loss, but that risk is largely mitigated by the fact that unless it gets struck by lightning and the hardware melts down, you can always copy the encrypted data to a new disk and then decrypt the data if you have the password or the (optional) recovery key. Enabling FDE with a fixed hardware key presents an unmitigated risk of data loss, which is what makes it almost always a bad idea unless you have reasonable cause to be afraid of men in black stealing your laptop, cloning it, and returning it without you noticing, then using billions of dollars worth of hardware to try to crack its encryption. And if you're really worried about that, you're either very, very important or very, very nuts.