Slashdot Mirror
Apple Seemingly Unable To Recover Data From 2018 MacBook Pro With Touch Bar When Logic Board Fails (macrumors.com)
An anonymous reader shares a report: In 2016, when Apple introduced the first MacBook Pro with Touch Bar models, the repair experts at iFixit discovered the notebooks have non-removable SSDs, soldered to the logic board, prompting concerns that data recovery would not be possible if the logic board failed. Fortunately, that wasn't the case. Apple has a special tool for 2016 and 2017 models of the MacBook Pro with Touch Bar that allows Genius Bars and Apple Authorized Service Providers to recover user data when the logic board fails, but the SSD is still intact. [...] But, unfortunately, it appears the tool will not work with the latest models.
Last week, iFixit completed a teardown of the 2018 MacBook Pro, discovering that Apple has removed the data recovery connector from the logic board on both 13-inch and 15-inch models with the Touch Bar, suggesting that the Customer Data Migration Tool can no longer be connected. MacRumors contacted multiple reliable sources at Apple Authorized Service Providers to learn more, and based on the information we obtained, it does appear that the tool is incompatible with 2018 MacBook Pro with Touch Bar models. Multiple sources claim that data cannot be recovered if the logic board has failed on a 2018 MacBook Pro. If the notebook is still functioning, data can be transferred to another Mac by booting the system in Target Disk Mode, and using Migration Assistant, which is the standard process that relies on Thunderbolt 3 ports.
Last week, iFixit completed a teardown of the 2018 MacBook Pro, discovering that Apple has removed the data recovery connector from the logic board on both 13-inch and 15-inch models with the Touch Bar, suggesting that the Customer Data Migration Tool can no longer be connected. MacRumors contacted multiple reliable sources at Apple Authorized Service Providers to learn more, and based on the information we obtained, it does appear that the tool is incompatible with 2018 MacBook Pro with Touch Bar models. Multiple sources claim that data cannot be recovered if the logic board has failed on a 2018 MacBook Pro. If the notebook is still functioning, data can be transferred to another Mac by booting the system in Target Disk Mode, and using Migration Assistant, which is the standard process that relies on Thunderbolt 3 ports.
Back up frequently, and always.
I store all my data in the Cloud where it is safe.
Bet that Apple's solution will be "make better backups, we'll sell you 1TB of iCloud for a low, low price." (push, push, nudge, nudge)
Ah well, one more reason not to buy "computers" with everything soldered in and no ports to speak of.
...or just buy a "computer" that works for you, and not to the manufactors agenda of complete and total vendor locking...
That's nice when you're traveling and don't want to carry an external storage device, and either choose not to trust the "cloud" with your data, or don't have the mobile bandwidth for it to work well. Why not give users a CHOICE of removing the internal storage device to recover their data?
Because Apple, that's why? Instead of a $100 SSD upgrade, they want to foist an entire new laptop on their users. Plus they can upsell iCloud space based on the risk of data loss.
Marketeers are arseholes, and Apple are the worst of the worst.
...or just buy a "computer" that works for you, and not to the manufactors agenda of complete and total vendor locking...
Because lots of other "vendors" have "stores" all over the place where you can take your "computer" to have the data restored.
Oh, and for God's sake, turn on backups people.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
If the computer has a removable HDD and only the motherboard failed, one can take the computer to a third-party repair shop which will stick the drive in a "sled" and recover the data. (Even if encrypted, as long as the user knows the appropriate passphrases.)
The ideal is NOT to need a specially blessed authorized dealer to work on the damn things.
Between having only USB Type-C ports, not being able to interface with most displays (even after you purchase the expensive adapter), that user unfriendly "touch bar", a kludgy keyboard and what I consider to be a rather slow boot-up and shutdown process, this latest MacBook is the worst I've ever owned
.
Considering the price premium you pay for that Apple symbol on the cover, this computer should cook you breakfast in the morning, including brewing the espresso and bringing it to your bedside.
I was shocked by how badly this system missed the mark
(Even if encrypted, as long as the user knows the appropriate passphrases.)
Unless the passphrase is made more secure by having it only gain access to the key through a secure enclave chip (so that you can't brute force the password). That chip is on the touch bar in these models.
I agree that sacrificing repairability to make a computer slimmer is a terrible idea, but it's 2018. If you're not encrypting a portable device then you shouldn't leave the house with it.
With a removable hard drive/SSD, you can swap it for a "clean" one while traveling abroad to avoid border guards abusing their authority and (say) stealing sensitive corporate or medical data. Takes five minutes on an older MacBook or (better yet) a Thinkpad.
If the thing is soldered in, your only choice is full backup, zero, reformat, reinstall or carry two computers.
Actually, the issue has nothing to do with the fact that you can't remove the drive. The article spells out the actual cause of the issue: hardware encryption.
The data recovery port was likely removed because 2018 MacBook Pro models feature Apple's custom T2 chip, which provides hardware encryption for the SSD storage, like the iMac Pro, our sources said.
I.e. They removed the port because the port was useless in light of their change to using hardware encrypted drives. Even if the drive wasn't soldered in, even if you could remove the drive and plug it in elsewhere, it wouldn't help. This falls into the category of "it's a feature, not a bug" sort of issues, since this was an intentional change on their part to increase the security of the devices—something it does rather well—but it comes at the cost of data recovery in situations where the hardware fails.
Hopefully, the pros buying these models are aware of the importance of regular, frequent backups and already have a backup plan in place and tested, especially since this sort of feature is becoming the norm across more and more Apple (and non-Apple) products these days (e.g. all iPhones and iPads have been hardware encrypted for years, two of the most popular Macs now have it enabled by default, numerous Android phones have it enabled out of the box, and the list goes on and on). There are, of course, stories about people losing access to their data after their devices get mangled, but for the most part, hardware encryption is widely hailed as being a good thing, particularly among the technically literate crowd, so it's a bit disappointing to see a /. summary focus on the downside without explaining the "why?" behind it.
Until it doesn't. It seems common for it to pop up and say that a backup is corrupted, and prompts you to erase the stored backup and start fresh.
TPM / secure enclave again ties your data to specific hardware, they also tie you to more hw that can fail.
I suspect that for the security conscious this is a feature, not a bug. Think about that.
I am armed because I am free. I am free because I am armed.
You have obviously never owned an Apple laptop — or, for that matter, any laptop containing a standalone GPU soldered onto the logic board. Now that we don't have spinning rust for storage, logic boards are likely the most common non-power-related failure mode by a large margin.
No professional in his or her right might should seriously consider a laptop in which a logic board failure results in the loss of access to storage. Even if you just lose the storage since the last backup, that could be a considerable loss, and this assumes that Time Machine is actually backing things up correctly and that no files on your backup drive have exhibited bit rot. In the worst case, you might lose considerably more, like your entire photo library or some other "why the hell did Apple mark this as a bundle" folder.
No, if true, this qualifies as a showstopper-level flaw, sufficient to get upper management fired. I can't imagine that even the "thin über alles" folks at Apple would be THAT stupid. It seems far more likely that somebody changed a connector, and that they don't have the right tools at the various Apple stores yet, which while qualifying as seriously incompetent, is probably a failure of the Apple Store and/or AppleCare management chain, rather than engineering.
Check out my sci-fi/humor trilogy at PatriotsBooks.
especially since this sort of feature is becoming the norm across more and more Apple (and non-Apple) products these days
. No. Stop right there. This is not the norm in any laptop from any manufacturer. I challenge you to name me a single laptop vendor who is soldering the NVMe drive to the motherboard rather than using the industry-standard m.2 slot. You can't because there's aren't any
I have experienced multiple NVMe disk failures on laptops I manage, I have also experience board failures of systems using NVMe disks. In the first case, it is a negligible repair taking minutes, in the second case, equally easy to pop out the drive, mount it in a PCIe bridge card, and grab the data off.
Stop trying to normalize this latest instance of apple's short-sided thinking, which appears to be driven by only one "long term" goal, that is to say replacement of hardware with new garbage the second it dies even a minute out of warranty.
The fact that you try to reduce this down to a "huhr duhr poer users need backups" argument is preposterous.
Hardware-accelerated crypto is great. Such a design does not necessitate storing keys in some special chip on the logic board, however, and in fact, designs that do so are quite commonly insecure by design, such as those "secure" USB sticks that you can crack by skipping the front end chip and talking directly to the storage controller. So the suggestion that the crypto could somehow be tied to hardware has me seriously concerned about whether the crypto is, in fact, as robust as in previous generations.
But even ignoring that issue, and even assuming the keys can be changed, unless you're a wacko who thinks someone is going to be able to feasibly brute-force your disk password, there is exactly zero benefit to storing the keys in the controller itself, rather than in external flash parts, and a huge loss in robustness from doing so.
Moreover, even if you assume that there is some benefit, there is no reason you couldn't put the contacts on the CPU side of that chip and provide a way for external hardware to talk to the T2 chip.
For that matter, there is no reason not to give users the choice in software when setting up the machine: More secure (risk of data loss from tying the key to the chip) or more recoverable (risk of a targeted attack in which someone unsolders the chips, solders them to a new controller, and brute-forces the password against the raw key, but in which that person is not quite skilled enough to extract the key from the T2 chip with an electron microscope and delamination).
So that explanation makes no sense to anyone who actually understands crypto. At best, it is an excuse to try to get out from under the lawsuits that will follow when users start losing data the next time an NVIDIA chip malfunction plagues their product line. At worst, it is a bunch of tech journalists who don't know what they are talking about spewing FUD. I'm hoping for the latter. If not, I think I'm going to start selling stock now, so that by the time the next NVIDIA/AMD nightmare happens, I'll be entirely divested. Just saying.
Check out my sci-fi/humor trilogy at PatriotsBooks.
Both lessons apply:
(1) Don't buy non-repairable junk.
(2) Back up frequently. Even a removable SSD or HDD can fail in a catastrophic manner.
So now when my drive fails 1 day after the warranty ends I have to buy a whole new computer? That is actually really shitty.
Sorry, teleporters just kill you and then make a copy. A perfect, soul-less copy.
Maybe we need an open source TPM. The functionality for one of these chips is not exactly complicated. Take some values, hash them against previous values, then if the has matches a stored hash, pass the key, otherwise, pass a middle finger. A small ASIC likely could do this functionality, although economies of scale do come into play.
>You don't have to buy it. There are lots of alternatives.
These phrases have never been a shield against criticism. Identification is a precursor to improvement. Fixing bad things is progress; ignoring them is stagnation, decay, rot.
You'll need better if you want immunity to accusations of inferiority or backwards decisions.
That's why you don't buy just any Lenovo, but a business-grade Thinkpad. X- and T-series are dirt-cheap when the come off lease. Slightly bulkier is an acceptable compromise for the thing actually being fixable.
Dell Inspiron. Microsoft Surface. I'm not exactly an expert on this, but those are two with which I have recent experience as someone was asking me to help upgrade and they cannot be upgraded.
W..w..W - Willy Waterloo washes Warren Wiggins who is washing Waldo Woo.
This is not the norm in any laptop from any manufacturer. I challenge you to name me a single laptop vendor who is soldering [...]
The feature I was rather clearly talking about in the quote you pulled was the addition of hardware encryption in these new models. That quote had nothing to do with whether or not Apple solders their drives, and I'm not even sure how you could come away thinking that it did.
Let me be clear: soldering a drive in is a horrible practice that needs to stop. I find it reprehensible. It is NOT a feature. It's an anti-feature.
That said, the issue being discussed here is that users with the new models can't recover their data. Whether Apple solders the drives or not has no bearing on that issue. As I already said, the actual reason people can't recover their data is due to the addition of hardware encryption as a security feature in the new models. I don't like that they solder the drives in either, but our complaints about their soldering drives in have as much to do with the issue at hand as our complaints about their ridiculous laptop keyboards do, which is to say, nothing at all.
With all of that in mind, when I gave my "huhr duhr poer users need backups" argument, I wasn't offering a defense of soldering drives in. I was offering a defense of hardware encryption. I was saying that hardware encryption is worth it, and was lamenting that Slashdot did such a poor job of laying out the facts of the situation.
(As a quick aside, Apple has been soldering these drives in for years, which the article makes clear. I suspect that the poor summarizing is why you and others have been misled into thinking that this is the "latest instance of apple's short-sided [sic] thinking", even though it's neither a new practice nor relevant to the actual news: that stronger security features are rendering previous data recovery techniques impossible to use. Apple should stop soldering the drives, to be sure (that way we could upgrade or replace them), but even if they stopped, you still wouldn't be able to recover that data.)
Totally agree. Just bought a "new" late 2011 Macbook Pro to retain a modular system. If I wanted ultra portability I'll go with a tablet.
Unfortunately now that Apple has announced that 2012's are the cut off for Mac OS compatibility moving forward I'm thinking I'll be moving to Linux when my current Macbook dies.
Apple laptops have had optional full-disk encryption for seven years, and optional home directory encryption for fifteen years. Moreover, full-disk encryption has been automatic for four years. In no way should you interpret my comments to in any way imply that full-disk encryption itself is inherently risky. It is only the new implementation of FDE that is poorly designed.
In previous hardware iterations, you could copy the underlying encrypted data to an external hard drive using a specially designed cable attached to another computer. When the user attaches that external hard drive to a new machine, the computer's built-in firmware would ask the user for the password to unencrypt the disk. If he or she knows that password and types it in, the new computer would then be able to retrieve data from that copy just as easily as the original computer could retrieve it from the original flash drive.
Similarly, historically, if you didn't know the password, but printed out a copy of the recovery key, you could use that to decrypt your data.
What changed (reportedly) is that instead of using a pure software-based encryption scheme, they moved to a hardware-accelerated scheme, and instead of having the user be in complete control over the crypto key used, they began using a key that is burned into ROM on a chip on the motherboard for part (hopefully not all?) of the encryption. The result is that even if you copy the contents of the flash silicon to a new machine, that unchangeable hardware key cannot be retrieved (without uncapping the chip and using an electron microscope). Thus, even if you have the password or a recovery key, it is still not possible to decrypt the data without the chip from the original machine.
That is the flaw. Ostensibly, this reduces the risk of someone copying the encrypted data to another machine and then trying to brute-force your password, but in practice, this is a level of sophistication beyond all but the most targeted attacks. The overwhelming majority of people outside the corporate world would rather have the ability to recover their data in the event of a non-storage failure of their computer, rather than have that small bit of additional protection against attacks by CIA-level operatives. That's why that extra level of protection should be an extra checkbox that the user has to check when turning on the machine. Otherwise, it should use normal (but hardware-accelerated) FDE using a key that is entirely under the user's control, with the option of a recovery key, the ability to decrypt a copy of the disk, etc.
Enabling FDE does, of course, present a slightly greater risk of data loss, but that risk is largely mitigated by the fact that unless it gets struck by lightning and the hardware melts down, you can always copy the encrypted data to a new disk and then decrypt the data if you have the password or the (optional) recovery key. Enabling FDE with a fixed hardware key presents an unmitigated risk of data loss, which is what makes it almost always a bad idea unless you have reasonable cause to be afraid of men in black stealing your laptop, cloning it, and returning it without you noticing, then using billions of dollars worth of hardware to try to crack its encryption. And if you're really worried about that, you're either very, very important or very, very nuts.
Check out my sci-fi/humor trilogy at PatriotsBooks.