Apple Confirms Its T2 Security Chip Blocks Some Third-Party Repairs of New Macs (theverge.com)

← Back to Stories (view on slashdot.org)

Apple Confirms Its T2 Security Chip Blocks Some Third-Party Repairs of New Macs (theverge.com)

Posted by BeauHD on Monday November 12, 2018 @10:03AM from the lock-and-load dept.

An anonymous reader shares a report from The Verge about Apple's new security-focused T2 chip found in the newest Mac computers. The introduction of the chip "has renewed concerns that Apple is trying to further lock down its devices from third-party repair services," The Verge reports. From the report: The T2 is "a guillotine that [Apple is] holding over" product owners, iFixit CEO Kyle Wiens told The Verge over email. That's because it's the key to locking down Mac products by only allowing select replacement parts into the machine when they've come from an authorized source -- a process that the T2 chip now checks for during post-repair reboot. "It's very possible the goal is to exert more control over who can perform repairs by limiting access to parts," Wiens said. "This could be an attempt to grab more market share from the independent repair providers. Or it could be a threat to keep their authorized network in line. We just don't know." Apple confirmed to The Verge that this is the case for repairs involving certain components on newer Macs, like the logic board and Touch ID sensor, which is the first time the company has publicly acknowledged the tool's use. But Apple could not provide a list of repairs that required this or what devices were affected. It also couldn't say whether it began this protocol with the iMac Pro's introduction last year or if it's a new policy instituted recently.

First revealed last month by MacRumors and Motherboard, both of which got their hands on an internal Apple document, the T2 chip could render a computer inoperable if, say, the logic board is replaced, unless the chip recognizes a special piece of diagnostic software has been run. That means if you wanted to repair certain key parts of your MacBook, iMac, or Mac mini, you would need to go to an official Apple Store or a repair shop that's part of the company's Authorized Service Provider (ASP) network. If you want to repair or rebuild portions of those devices on your own, you simply can't -- at least, according to this document. The parts affected, according to the document, are the display assembly, logic board, top case, and Touch ID board for the MacBook Pro, and the logic board and flash storage on the iMac Pro. It is also likely that logic board repairs on the new MacBook Air and Mac mini are affected, as well as the Mac mini's flash storage. Yet, the document, which is believed to have been distributed earlier this year, does not mention those products because they were unannounced at the time. Regardless, to replace those parts, a technician would need to run what's known as the AST 2 System Configuration suite, which Apple only distributes to Apple Stores and certified ASPs. So DIY shops and those out of the Apple network would be out of luck.

179 comments

Min score:

Reason:

Sort:

T2, T2, dupe dupe by Anonymous Coward · 2018-11-12 10:06 · Score: 1

Stop with the T2 articles, shit
1. Re:T2, T2, dupe dupe by b0s0z0ku · 2018-11-12 10:13 · Score: 1
  
  Why? Apple needs to be shamed as much as possible for its anti-owner/anti-consumer bullshit.
2. Re:T2, T2, dupe dupe by Anonymous Coward · 2018-11-12 10:37 · Score: 0
  
  Yes, rub your slimy hands together, these arrogant "citizens" must pay for daring to keep their data in their own hands.
3. Re:T2, T2, dupe dupe by Anonymous Coward · 2018-11-12 12:25 · Score: 0
  
  Motherboard/Vice spends most of its time babbling about politics. That's why he links to them.
4. Re:T2, T2, dupe dupe by TheFakeTimCook · 2018-11-12 12:54 · Score: 1
  
  Apple isn't about privacy, realistically speaking. It's about keeping data trapped in Apple's ecosystem -- privacy theft is OK as long as Apple is the one doing the stealing. Good thieves brook no competition.
  Prove it.
5. Re:T2, T2, dupe dupe by b0s0z0ku · 2018-11-12 13:03 · Score: 1
  
  Their nudging everyone to use iClown vs local storage and/or local backup. Apple are as bad as Google, MS, or Amazon in their cloudpushing scumbaggery.
6. Re:T2, T2, dupe dupe by Tough+Love · 2018-11-12 13:08 · Score: 0
  
  And abandoned as rapidly as possible like investors are doing with AAPL stock.
  
  --
  When all you have is a hammer, every problem starts to look like a thumb.
7. Re:T2, T2, dupe dupe by Iwastheone · 2018-11-12 14:21 · Score: 1
  
  Apple isn't about privacy, realistically speaking. It's about keeping data trapped in Apple's ecosystem -- privacy theft is OK as long as Apple is the one doing the stealing. Good thieves brook no competition.
  Prove it.
  How can one prove that a major device maker is not cooperating with law enforcement? Apple, Windows, Android and Linux would not be allowed to pass unless there was co-operation with the current government. In todays modern world, only a fool or a liar would believe otherwise.
8. Re:T2, T2, dupe dupe by Anonymous Coward · 2018-11-12 22:56 · Score: 0
  
  Apple isn't about privacy, realistically speaking. It's about keeping data trapped in Apple's ecosystem -- privacy theft is OK as long as Apple is the one doing the stealing. Good thieves brook no competition.
  Prove it.
  It doesn't have to be proven, the very fact that Apple devices transmit encrypted data with an encryption key that you cannot access to decrypt the messages "your" device is sending to Apple is enough for all but the most brown-nosed, unthinking Apple shill to know that they are not to be trusted. Do you question why they don't give you that encryption key? No of course you don't because you're just an Apple sheep incapable of rational thought, Apple tells you what to think and say and then you parrot your corporate apologist bullshit here.
9. Re: T2, T2, dupe dupe by RaviBrounstein · 2018-11-13 01:33 · Score: 0
  
  So, security chips are what allow for known communication between devices. the touchbar is itâ(TM)s own watchOS computer yet itâ(TM)s commands are implicitly trusted. You do this with programming and security chips. A BMW is no different, you want to replace a part of the electronics? Well a dealer has to program the main controller to allow the new serial number to be âoetrustedâ so that it can have implicit trust. The idea is to have implicit trust in a programming or physical link that shouldnâ(TM)t be implicitly trusted by having a chip to check for you. Just like a trusted zone on your firewall, then you dump your IPs and Networks you trust in there.
10. Re:T2, T2, dupe dupe by TheFakeTimCook · 2018-11-13 05:00 · Score: 1
  
  Their nudging everyone to use iClown vs local storage and/or local backup. Apple are as bad as Google, MS, or Amazon in their cloudpushing scumbaggery.
  They might "push", but they don't (yet) REQUIRE. That's a BIG difference!
  I, for one, don't use ANY iCloud services or storage; even though I am tempted to, if, for no other reason, effortless iPhone backup and bookmark/content sharing among my various Apple devices and computers.
  But, I simply don't participate. So, "freedom to choose" is still intact.
11. Re:T2, T2, dupe dupe by TheFakeTimCook · 2018-11-13 05:05 · Score: 1
  
  Fool and liar. Perfectly describes the asshole faketimcook
  Anonymous and COWARD. The name says it all...
12. Re:T2, T2, dupe dupe by TheFakeTimCook · 2018-11-13 05:11 · Score: 1
  
  Apple isn't about privacy, realistically speaking. It's about keeping data trapped in Apple's ecosystem -- privacy theft is OK as long as Apple is the one doing the stealing. Good thieves brook no competition.
  Prove it.
  How can one prove that a major device maker is not cooperating with law enforcement? Apple, Windows, Android and Linux would not be allowed to pass unless there was co-operation with the current government. In todays modern world, only a fool or a liar would believe otherwise.
  Would not be allowed to "pass", WHAT, exactly?
  I think you need to understand the difference between "Obey a lawful Order" and "Are Complicit With"
  And I think you really need to upgrade to a heavier-gauge tinfoil. The one you are using isn't deflecting enough of the mind-control beams...
13. Re:T2, T2, dupe dupe by Tough+Love · 2018-11-13 10:33 · Score: 1
  
  And abandoned as rapidly as possible like investors are doing with AAPL stock.
  It's the truth. Apple down another 1% today, and down 17% in the month.
  
  --
  When all you have is a hammer, every problem starts to look like a thumb.
At least Macs can still run Linux... by Anonymous Coward · 2018-11-12 10:11 · Score: 0

Wake me up when these fancy chips prevent Macs from running Linux.
1. Re:At least Macs can still run Linux... by Anonymous Coward · 2018-11-12 11:45 · Score: 0
  
  Uh... About that... The "Terminator 2" (tm) chip not only prevents Linux from being installed,
  when a Linux installation is detected it throws the 12 volt rail against the firewire port's floating
  ground which causes the Open GL support to process all requests through a Direct-X 7.1
  configured Windows 10 Virtual Box in a OSx High-Serria clone.
  Needless to say, it ain't pretty...
  CAP === 'predate'
2. Re:At least Macs can still run Linux... by Anonymous Coward · 2018-11-12 12:12 · Score: 0
  
  Wake me up when these fancy chips prevent Macs from running Linux.
  They do. If you turn Secure Boot off you will be able to boot from the Linux installation media properly but the installer is unable to see the internal storage. Additionally if you try to install Windows without going through BootCamp you get the same issue.
3. Re: At least Macs can still run Linux... by Anonymous Coward · 2018-11-12 12:53 · Score: 0
  
  Unless you go into settings
Secure enclave. by b0s0z0ku · 2018-11-12 10:12 · Score: 1

I've often seen "secure enclave" spelled as "secure enslave." Now I know that wasn't a typo.
Anyway, I'd have no problem with something like a boot warning of unauthorized repairs, but prohibiting owners from fixing their own fucking equipment stinks. Especially since there are parts of the world that can be a thousand miles and in a different country from the nearest Apple store.
Sad how far Apple has fallen from being a company founded by hackers and geeks.
1. Re:Secure enclave. by Anonymous Coward · 2018-11-12 10:15 · Score: 0
  
  Waaah. Pull your iButtplug out of your ass and buy a machine without a 300% markup for middle-end parts. You iTarded dumbasses are why Apple gets away with this year after year. You whine and complain and yet still stand in line to buy the newest iTurd every year.
2. Re:Secure enclave. by Balial · 2018-11-12 10:16 · Score: 3
  
  I'd have no problem with something like a boot warning of unauthorized repairs, but prohibiting owners from fixing their own fucking equipment stinks.
  
  Do you have a proposal for how to separate these two? What's to stop a malicious change from masking this boot warning? The security point of the T2 chip is well documented by Apple. The conspiracy theories are the same for the iPhone, though. Bottom line: You can't make a secure system if you allow random modifications. The tiny market share of people who are going to tweak their devices isn't worth forsaking real security for everyone else.
3. Re:Secure enclave. by b0s0z0ku · 2018-11-12 10:19 · Score: 1
  
  By the same token, one could install a counterfeit motherboard without the T2 chip that doesn't brick itself.
4. Re:Secure enclave. by Anonymous Coward · 2018-11-12 10:30 · Score: 0
  
  Just one more reason among many NOT to buy (Cr)apple!!
5. Re:Secure enclave. by lucasnate1 · 2018-11-12 10:34 · Score: 1
  
  Just provide a tiny tiny switch that people who tweak their devices can turn off. Is it really that hard?
  
  --
  Avantgarde Hebrew science fiction
6. Re:Secure enclave. by rogoshen1 · 2018-11-12 10:34 · Score: 1
  
  The tiny market share of people who are going to tweak their devices isn't worth forsaking real security for everyone else.
  1. tiny market for after-market parts?
  2. Apple totally did this for end-user's security. definitely. Absolutely no other possible ulterior motive.
7. Re:Secure enclave. by Anonymous Coward · 2018-11-12 10:35 · Score: 0
  
  What's to stop a malicious change from masking this boot warning?
  The same thing that currently stops it from booting in the first place. What's to stop a malicious change from circumventing the T2 chip?
8. Re:Secure enclave. by sheramil · 2018-11-12 10:35 · Score: 1
  
  Came here to say, is it possible to replace the T2 with a 555 or something equally innocuous?
9. Re:Secure enclave. by Anonymous Coward · 2018-11-12 10:38 · Score: 0
  
  This is my take on it as well. Get your computer confiscated by TSA, "repaired" to have a backdoor'ed motherboard and returned to you without knowing if your computer is trustworthy or not is the problem. Granted, those same things can be done by governmental pressure (which Apple hasn't succumbed to based on my knowledge) or other means (become an "authorized" apple repair shop?) so I'm still not convinced we're completely secure.
  I'd say the best approach might be for Apple to provide whatever software/license is needed for you to repair your own computer based on your serial number of your machine. You can only remove a logic board if you have a license to repair that logic board (or other component). You can only add a new logic board if you have a license to add that logic board (or other component). Buying an OEM component will give you a license to add to your keyring etc. Go a bit further and allow users to lock down their system completely so only their license can allow removing a logic board.
10. Re:Secure enclave. by Desler · 2018-11-12 10:39 · Score: 2
  
  Or they can just ignore the complaints coming from a niche user group composed of a fraction of a fraction of a percent of all users?
11. Re:Secure enclave. by Desler · 2018-11-12 10:41 · Score: 1
  
  If the market is so tiny why would Apple spend 100s of millions on some unproven conspiracy?
12. Re:Secure enclave. by Anonymous Coward · 2018-11-12 10:44 · Score: 0
  
  You'd need serious skills to do that .. T2 also does the audio, storage controller and a bunch of other things.
13. Re:Secure enclave. by AHuxley · 2018-11-12 10:46 · Score: 1
  
  Real security like PRISM was supported?
  
  --
  Domestic spying is now "Benign Information Gathering"
14. Re:Secure enclave. by mellon · 2018-11-12 11:59 · Score: 5, Informative
  
  Yes, it's really that hard. The T2 chip prevents the evil maid attack. Put a switch in, and you've re-enabled the evil maid attack. You can have protection from this attack, or you can have repairability. It's a crappy choice. If you prefer repairability, you have options.
15. Re:Secure enclave. by mellon · 2018-11-12 12:01 · Score: 1
  
  It doesn't have to be one or the other, you know. Yes, this works out well for Apple. If you have a problem with that, you either have to give up on that security feature, or get some new regulations passed (good luck with that!) that constrain the markup companies are allowed to charge for doing repairs, such that you stop feeling like it's a problem that you can't get an aftermarket repair.
16. Re:Secure enclave. by mellon · 2018-11-12 12:02 · Score: 1
  
  If your computer is ever taken by the TSA, and you care about them accessing your files, you should just recycle it.
17. Re:Secure enclave. by Balial · 2018-11-12 12:06 · Score: 1
  
  The whole security model of the T2 chip prevents it. You can't get your data or authenticate your password without the chip. Users are guaranteed to notice if you mess with it. If you fail over to "working with some detail", you can use the working side of it to hack around the detail.
18. Re: Secure enclave. by Anonymous Coward · 2018-11-12 12:09 · Score: 0
  
  Just replace the mac with a PC and run OSX in a VM if you want it.
19. Re:Secure enclave. by Anonymous Coward · 2018-11-12 12:39 · Score: 0
  
  Real security WILL NEVER be attend, with x86 based CPUs. The barn has been open since day one.
  The way to get real security is stop production x86 processors. Go back to earlier designs by IBM (for one) where the processor actually has two states. 1) System (24bit addressing), 2) User 916bit addressing). User mode cannot address outside of its "own" TRANSLATED space. There is no other space that can be addressed, period, full stop. The System CAN address any space (then 7MB max. addressing 23bit. 24bit was TRANSLATE flag). This includes accessing any User space.
  Though it did have only 1 "hole"...
  A user program can set to be allowed to run in System space, by setting a bit on directory entry, priuor to being loaded. Think like another execute bit on a CHMOD or run as administrator. Only this obscured bit allows, also the program to access a special service opcode, that otherwise forces the program to dump.
  Second there was actually "2" processors. MSP (main) and CSP (control). Disk and other I/O are the world of CSP. Processing was in MSP. That special opcode was a note sent to CSP from MSP, if the CSP decided if the request was valid,, it would allow the the extended addressing else dump the program. MSP though was more of a logic array, it registers where actually stored in memory of the job control block. That way switch between programs (time-out or long I/O - like reading disk) the CSP could switch to another job while waiting to run that job again.
  Intel north bridge 386 computer could make a similar design work, but the addressing controls of the CPU would have to change.
20. Re: Secure enclave. by Anonymous Coward · 2018-11-12 12:55 · Score: 0
  
  Or go to an authorized repair shop.
21. Re: Secure enclave. by b0s0z0ku · 2018-11-12 13:01 · Score: 1
  
  My hardware, should be my fucking choice, asshole. Also, authorized service isn't always an option -- in certain countries (St. Lucia, for example) the nearest Apple authorized service center is literally a flight or boat ride away to another country.
22. Re: Secure enclave. by Anonymous Coward · 2018-11-12 13:18 · Score: 0
  
  Fuck that dystopian hell.
23. Re:Secure enclave. by Anonymous Coward · 2018-11-12 14:22 · Score: 0
  
  How is a chip that removes control from the owner capable of securing the owners system? The question here is about trust not security. Someone who cares about security will take the effort that they find sufficient to secure their data. As it is now we have to trust that Apple will do the right thing.
  As for who repairs my computer it's nobodies business but my own. This is snake oil since it still remains the property of Apple.
24. Re: Secure enclave. by Anonymous Coward · 2018-11-12 15:35 · Score: 0
  
  Stop living in a shithole country. Problem solved.
25. Re:Secure enclave. by BronsCon · 2018-11-12 15:44 · Score: 1
  
  Or the T2 chip could pop up a "This Mac has been modified" message that requires user acknowledgment before booting. That is, before the "working side" could "hack around it". The whole security model of the T2 chip allows it.
  
  --
  APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
26. Re: Secure enclave. by blindseer · 2018-11-12 16:34 · Score: 2
  
  That's what happens when you live on a Caribbean island with less than 200,000 people, I can imagine a lot of services are not available there. I grew up on a farm in the American Midwest, and there were no authorized repair centers for anything nearby. If you had something critical to work then you automatically bought two of them. We bought a lot of stuff over the phone and had it shipped to us. If it didn't work for us, it needed repair, or whatever, then we had to do without until we could ship it back and have it set right. It sucked but that's what happens when you grow up so far from a population center.
  Your hardware is your choice. You can choose not to buy from vendors that don't allow user repairs. Given that a modern computer is a rather complex device, especially something so small as a laptop, cell phone, or even many desktop systems like the Mac Mini, I'm not sure what you can expect to repair yourself without special tools and training.
  A secure device is inherently not user repairable. Let's make a bad car analogy. A secure car has locks that need the proper key to open and start it. If the car is designed to be easily repaired then a thief can simply swap out the locks and take the car. A really secure car would be such that even the dealers or makers of the car can't open or start it, because that means there's a master key somewhere that a thief could exploit. Losing the key, sufficient damage to the car, or some other unfortunate event, would mean a total loss on the car rather than merely a (potentially quite expensive) repair. That's what happens when something is made to be secure.
  With all the stuff happening lately on people having their data stolen I'm finding it rather appealing that a computer manufacturer is taking this seriously. As with many things there is a compromise, with greater security comes lowered ability for repairs.
  
  --
  I am armed because I am free. I am free because I am armed.
27. Re: Secure enclave. by CoolDiscoRex · 2018-11-12 20:12 · Score: 1
  
  Yes. Oh yes. The smartest users must be sacrificed for the average users. They just must be. Only people who will make tomorrowâ(TM)s technology would dare do more than the average soccer mom with their machines, and they therefore must be stopped for the good of Corp ... I mean the people. The good and wholesome average people. Idiocracy wonâ(TM)t be so bad, youâ(TM)ll see. The corporate masters will take good care of us, while those pesky top one percenters will make license plates in the gulag, Weâ(TM)ll finally find a use for those people! Fix your own computers will you? As if! Be like the rest of us! Itâ(TM)s bliss!
28. Re: Secure enclave. by CoolDiscoRex · 2018-11-12 20:22 · Score: 1
  
  The pesky smart people must be eradicated! The top technologically literate people must be sacrificed for the good of the average people! Itâ(TM)s the only route to profit! We must stop allowing the smartest of us to dictate the path forward. Our corporate masters are our only hope! The smart people must be rooted out wherever they congregate, let they fester like a boil and their knowledge spread! Join us, the many, the proud, the average consumer! Reject the pompous superiority of those who might fix their own machine, and embrace the loving acceptance and warm bosom of the corporate evangelist as he leads us to the promised land where all problems are taken care of by our benevolent masters! Rise up and cast off the shackles of those oppressors who are smarter than average, for it is they who will keep the share price from reaching itâ(TM)s true potential. Be average. Be proud. Buy shit. Happiness awaits. All we must do is let go and let Apple.
29. Re: Secure enclave. by CoolDiscoRex · 2018-11-12 20:27 · Score: 1
  
  By the way, its that same fraction of a fraction that make the products and software you take such pride in purchasing. How quickly you want to toss them aside and ignore their complaints when you think thereâ(TM)s even a minor benefit to you. Or did you think it was the hot milf across the street churning out those cool IOS games that you just love to play? Go ahead and ignore them, though. Whatâ(TM)s the worst that could happen? Itâ(TM)s not like the average people couldnâ(TM)t do it themselves, right?
30. Re:Secure enclave. by Bert64 · 2018-11-12 20:32 · Score: 1
  
  Whats to stop a malicious user from acquiring the tools used by the authorized repair shop?
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
31. Re: Secure enclave. by CoolDiscoRex · 2018-11-12 20:43 · Score: 1
  
  Dude! Do we try to shit on your purchased identity? Do you know how fucking hard it is to cultivate a talent? Days! Months! Years even!
  Fuck that!
  Squarely in they brown eye at that!
  Imma buy me an iThing then go around saying things like âoeDonâ(TM)t buy it if you canâ(TM)t afford it, thenâ.
  Cause I ainâ(TM)t no poor person, and ishit is how I tell certain people that Iâ(TM)m better than they are. Not to mention, it kicks up the ole self-esteem a notch or two, cause between you and me, Iâ(TM)m otherwise pretty ordinary. I just like the feeling I get when I buy ishit cause it makes me feel special. I totally let the girls see my iPhone at the bar too. It kinda says âI may have a small weiner, but Iâ(TM)ll at least take you to a nice dinner before prematurely ejaculating after catching a glimpse of your nipple (iOS doesnâ(TM)t allow icky girl parts in its apps, and I respect bitches too much to objectify them by thinking of them naked.)
  Iâ(TM)m no athlete, not much of a musician, and Iâ(TM)m not one of those techy nerds like you. Iâ(TM)m one HELL of a consumer, though, so how about you leave my source of pride alone? I mean, we all need our own bag, amirite?
  I may buy my identity, but I have the receipt, so leave me alone and go pick on someone who takes pride in what they do, not what they buy.
  Kthanksbye
32. Re: Secure enclave. by CoolDiscoRex · 2018-11-12 20:49 · Score: 1
  
  Yeah, you tell him! I mean, look at that loser, he lives in a country thatâ(TM)s so shitty that he only feels comfortable posting his opinions as Anonymous Coward! Hahahaha ... looooooooser!
  Wait ...
33. Re:Secure enclave. by AmiMoJo · 2018-11-12 21:39 · Score: 1
  
  Other manufacturers manage to overcome this problem, and actually it's not hard. Laptops from companies like Lenovo and Dell have had the same level of resilience to the evil maid attack without locking out third party repairs. Replacing the secure memory won't help the evil maid, because that's where the encryption keys are stored so replacement means wiping the laptop's SSD which gives the game away and is easy to detect.
  Perhaps you can explain exactly what benefit the T2 chip has in this regard.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
34. Re: Secure enclave. by Anonymous Coward · 2018-11-12 21:40 · Score: 0
  
  Linux, which tons on the same platform as windows, didn't seem to have any of this problem
35. Re: Secure enclave. by Anonymous Coward · 2018-11-12 21:51 · Score: 0
  
  This is absolutely stupid.
  There is literally nothing stopping a government agency or a local repair shop from pirating or borrowing the software \ hardware needed for such replacements
36. Re:Secure enclave. by thegarbz · 2018-11-12 21:52 · Score: 1
  
  Protection does not require complete lockdown. Simply a warning that the maid was up to evil is enough. That way you have some form of protection and repairability at the same time.
  In other news my phone puts some red text on the top of my screen saying that Knox is disabled and that custom software is running on it. I'm okay with this.
37. Re:Secure enclave. by Anonymous Coward · 2018-11-12 23:06 · Score: 0
  
  Yes, it's really that hard. The T2 chip prevents the evil maid attack.
  Does it though? Other than Apple's marketing what do you know about how the T2 chip works that satisfies you of this? Already you're putting your faith in something you don't really understand and are now compelling others to do the same. The inner workings of the chip are completely obfuscated, do you just blindly trust that there is no backdoor or vulnerability in it?
  
  You can have protection from this attack, or you can have repairability.
  So it is impossible to simply inform the user that the device has been tampered with? Simply can't be done? Or is it just because Apple implemented it this way you can't conceive of any other possibility?
38. Re:Secure enclave. by Anonymous Coward · 2018-11-12 23:17 · Score: 0
  
  You fundamentally presume that the T2 chip is well designed and cannot be circumvented in some fashion. Given the markup available in selling Apple compatible products, it's very hard to believe there isn't substantial efforts to undermine the T2 chips, even if it goes as far as cloning T2 chips without the verification hardware--I'm sure a few key people could be bribed to get the details necessary. I don't think Apple as a niche player is in any sort of position to out hardware produce Chinese third party manufacturers for which Apple's efforts only further enrich them.
  But, yea, I'm sure we can trust that Apple will prevent that. Just like they've prevented it in the past.
39. Re:Secure enclave. by AC-x · 2018-11-13 04:46 · Score: 1
  
  Do only a fraction of a fraction of a percent of users ever need their "vintage" Apple hardware repaired?
40. Re:Secure enclave. by Anonymous Coward · 2018-11-13 05:17 · Score: 0
  
  I'd have no problem with something like a boot warning of unauthorized repairs, but prohibiting owners from fixing their own fucking equipment stinks.
  Do you have a proposal for how to separate these two? What's to stop a malicious change from masking this boot warning?
  The security point of the T2 chip is well documented by Apple. The conspiracy theories are the same for the iPhone, though.
  Bottom line: You can't make a secure system if you allow random modifications. The tiny market share of people who are going to tweak their devices isn't worth forsaking real security for everyone else.
  Another not-too-unlikely story (think foreign countries like China where pop-up stores disappear after they've made money) is a malicious repair. Low-ball everyone else, put an exploited chip in . . . data theft.
  I honestly don't think paying for an authorized repair is all that unreasonable for a few of the components in the secure enclave.
41. Re:Secure enclave. by Balial · 2018-11-13 05:22 · Score: 1
  
  Does it though? Other than Apple's marketing what do you know about how the T2 chip works that satisfies you of this?
  
  Have you read the security guidelines for the T2?
  https://www.apple.com/mac/docs...
  
  So it is impossible to simply inform the user that the device has been tampered with?
  
  If you read my original post in this thread, I'm specifically asking for proposals how to do that. In all my security work I don't know how to do this. You seem to know it can be done, so please, do share. Or go out there and build a better product and make mint. I'd love for someone to demonstrate how it can be done, but proof by assertion isn't.
42. Re:Secure enclave. by Anonymous Coward · 2018-11-13 05:55 · Score: 0
  
  Nothing. Malicious people can get themselves hired at the repair shop, or raid it.
  Similiar to how the only people capable of stealing a modern car (without getting the key first) are car repairmen or those who stole the repairmans special tools.
43. Re:Secure enclave. by Anonymous Coward · 2018-11-13 08:44 · Score: 0
  
  The T2 chip does not prevent Evil Maid. The protection it provides in this context is similar to what a TPM can do. Remember, an evil maid can replace the memory, or flash the firmware on your disk or GPU. They can stick a virtual keyboard on the USB controller that only "plugs in" five minutes after being powered on. The evil maid is insidious, and basically can't be stopped without authenticating every single component that has input access or DMA, which is mostly everything. That, or physically potting the entire computer and locking it in a safe.
44. Re: Secure enclave. by Balial · 2018-11-13 11:16 · Score: 1
  
  I think you're confusing the smartest users with the users that claim they're the smartest. The smartest users understand it just fine.
45. Re:Secure enclave. by Anonymous Coward · 2018-11-13 11:20 · Score: 0
  
  Does it though? Other than Apple's marketing what do you know about how the T2 chip works that satisfies you of this?
  Have you read the security guidelines for the T2?
  https://www.apple.com/mac/docs...
  Yes. I presume from your reply that your answer is simply that document (despite the scantness of information about the chip itself) satisfies you that the evil maid hack is no longer possible?
  
  So it is impossible to simply inform the user that the device has been tampered with?
  If you read my original post in this thread, I'm specifically asking for proposals how to do that. In all my security work I don't know how to do this. You seem to know it can be done, so please, do share.
  Why do you believe it is so difficult? If the hardware has been tampered with the boot process must be approved by the user. If the system detects change it can require for approval from the owner in the same way Apple can approve the changes they make to your system when you take it to them for repair. Why do you believe Apple can approve changes to your system but you can't?
46. Re:Secure enclave. by mellon · 2018-11-13 12:24 · Score: 1
  
  Do they really? [citation needed]
47. Re:Secure enclave. by mellon · 2018-11-13 12:26 · Score: 1
  
  How do you differentiate between a legitimate repair and an evil maid "repair"?
  That you are okay with this and want devices that prefer repairability to security means that you aren't the customer Apple is targeting with this marketing campaign.
48. Re:Secure enclave. by mellon · 2018-11-13 12:28 · Score: 1
  
  The sad fact is that you do have to trust somebody. That somebody could be Canonical, or it could be Apple. But if you trust Canonical, you also have to trust whoever makes the software you're running Ubuntu on. So now you have two companies you're trusting. If you trust Apple, you are trusting one company. And unfortunately in practice we actually have no way of validating whether or not these companies are trustworthy. This is a really nasty problem.
49. Re:Secure enclave. by mellon · 2018-11-13 12:29 · Score: 1
  
  How does the user validate that the change did not compromise the hardware?
50. Re:Secure enclave. by mellon · 2018-11-13 12:31 · Score: 1
  
  Your disk is signed. USB devices are not automatically trusted, and do not automatically get DMA access. DMA is done through an iommu.
51. Re: Secure enclave. by Anonymous Coward · 2018-11-13 17:05 · Score: 0
  
  I couldnt agree more
  The worst part is that All other companies ser how Apple gets away with impressive levels of customer abuse and fries to copy it ... Out of sheer envy
  Causing seriÃs damage to non Apple folk and the IT business in general
  And at the same time... iSheep do not understand the Apple hate... Geeez
52. Re:Secure enclave. by thegarbz · 2018-11-14 03:27 · Score: 1
  
  How do you differentiate between a legitimate repair and an evil maid "repair"?
  Ask Apple. They seem to be doing just that. But you fundamentally miss my point. You don't have a loss of security in this regard. Just because you're not locked out of the system doesn't mean security is lower. All that needs to happen is that you be made aware that your device has been tampered with.
  Your firewall also doesn't set fire to your building everytime a sketchy looking packet comes through. At least I hope not, as amusing as that would be.
53. Re:Secure enclave. by Anonymous Coward · 2018-11-14 03:33 · Score: 0
  
  Why inconvenience the many, (i.e. people who want the option of getting their broken kit repaired), for the few, (i.e. people who actually give a shit about security)?
  Hell, why don't they just make it a configurable option at time of purchase? Ask they customers if they actually want the option of third-party repairs, or if they would rather the extra security.
54. Re:Secure enclave. by Anonymous Coward · 2018-11-14 03:45 · Score: 0
  
  I've another solution to that problem. Don't visit the USA.
  If I ever have to, I'll take disposable hardware with no important information on it.
55. Re: Secure enclave. by Anonymous Coward · 2018-11-14 04:26 · Score: 0
  
  Authorised repair shops mostly just send it to Apple anyway, as that is pretty much all Apple lets them do.
56. Re: Secure enclave. by Anonymous Coward · 2018-11-14 04:47 · Score: 0
  
  How hard would it be for Apple to give the user the option?
57. Re:Secure enclave. by Anonymous Coward · 2018-11-14 05:08 · Score: 0
  
  Do only a fraction of a fraction of a percent of users ever need their "vintage" Apple hardware repaired?
  They can still go to the same places that repaired them before - just like they could for decades. The myth that you can't repair old Apple hardware is just that - a myth.
58. Re:Secure enclave. by Anonymous Coward · 2018-11-14 10:15 · Score: 0
  
  How does the user validate that the change did not compromise the hardware?
  This is about preventing the evil maid attack, if the user did not make a change then the very fact that they are notified alerts them that a potentially nefarious change was made without their knowledge. However if the user replaces the hard drive themselves then when notified that the change occurred when trying to boot they can approve that change.
59. Re:Secure enclave. by Anonymous Coward · 2018-11-14 16:28 · Score: 0
  
  You're much more likely to be able to trust a company that is transparent, like Canonical, because you can look at the sourcecode. Sure you can't realistically verify it all yourself but there is a much much higher chance that a change is going to be reviewed by external people and flagged if it is malicious and if you really wanted to dig in and see what's going on you can, with Apple you can't. Even with Apple you're certainly not trusting just one company, Apple don't make the baseband firmware in their networking chips, firmware in their disk controllers or the microcode in the CPUs so you aren't just trusting one company.
60. Re: Secure enclave. by Anonymous Coward · 2018-11-14 17:43 · Score: 0
  
  How hard would it be for Apple to give the user the option?
  What obligation is there for Apple to be all things to all people? If you want a user reparable computer then it's probably not something made by Apple, because Apple chose to not enter that market. How hard would it be for Apple to make their computers more easily repaired? I'm guessing it would be quite difficult. The technology and such would likely not be all that hard, as people have made such products. I'm guessing the hard part would be explaining to the customers the difference between the reparable systems and the secure systems.
  The answer is that Apple has their market, they offer the products they choose to offer, and if you don't like how they don't fit your needs then don't buy them. I'm guessing that if enough people do the same then someone will offer something to meet this need. Maybe that someone is Apple.
61. Re:Secure enclave. by Anonymous Coward · 2018-11-15 10:12 · Score: 0
  
  It comes down to whether or not the user made the change. If the system tells me it was modified but I didn't make any modifications then somebody else did without my knowledge.
  Whether or not a change is valid should be up to the owner of the hardware, not the manufacturer. You're advocating for Apple being more worthy of your trust than yourself.
62. Re:Secure enclave. by Anonymous Coward · 2018-11-15 10:17 · Score: 0
  
  USB devices are not automatically trusted
  Wrong. Just plugged a USB keyboard into my new 2018 Macbook Pro and worked like a charm immediately with no prompts, authentication requirements or notifications of any sort. So, as described above, they can indeed stick a virtual keyboard on the USB controller that only "plugs in" five minutes after being powered on and the T2 chip absolutely does not prevent such an attack.
63. Re:Secure enclave. by Anonymous Coward · 2018-11-15 10:26 · Score: 0
  
  The whole security model of the T2 chip prevents it. You can't get your data or authenticate your password without the chip.
  You are confused, nobody said anything about your data or authenticating your password. Why is it you think you could hack around a boot warning but couldnt hack around the T2 chip?
  Also this isnt about allowing random modifications, this is about the owner of the device being able to approve modifications to the system. Apple (and their authorized repairers) can make modifications to your system and approve them but you cannot. Why do you trust Apple more than you trust yourself?
Re:Fuck the iTarded by b0s0z0ku · 2018-11-12 10:15 · Score: 1

What about people who bought Apple in countries without Apple stores, thinking they could get a local shop to repair the products, as has been done for the past 20-30 years. Nah, fuck Apple and Tim Cook for throwing product owners under a speeding bus.
Rock and hard place. by Anonymous Coward · 2018-11-12 10:15 · Score: 1

So, you might go to a third party repair shop that winds up (innocently or maliciously) installing a replacement component that was built in China and has a spy chip in it that sends your data back to the Chinese government.....and this chip can help block it.
On the other hand, such a requirement produces lock-in which keeps your prices high and prevents open competition for services, which is bad for you and the market.
And anyway the trust issue is kind of moot because Apple might be inserting their own spy chips and hacking us all.
It really isn't possible to win.
1. Re:Rock and hard place. by b0s0z0ku · 2018-11-12 10:17 · Score: 1
  
  There's a happy middle ground -- warn about "un-blessed" hardware, don't brick computers because of it. A Big Red Banner on boot and maybe an audio warning would be sufficient.
2. Re:Rock and hard place. by HarrySquatter · 2018-11-12 10:22 · Score: 1
  
  Except that years and years of showing users warnings have simply coditioned them to ignore said warning and click through them.
3. Re:Rock and hard place. by Desler · 2018-11-12 10:24 · Score: 1
  
  There's a happy middle ground -- warn about "un-blessed" hardware, don't brick computers because of it. A Big Red Banner on boot and maybe an audio warning would be sufficient.
  People Ignore Software Security Warnings Up To 90% of the Time, Says Study
4. Re:Rock and hard place. by Anonymous Coward · 2018-11-12 10:31 · Score: 0
  
  We can't training wheel every possible idiotic user. As a developer I've come to find that every time I put something in place because users are too dumb to pay attention, the users just figure out another way to be even dumber. Security is the same sort of struggle. People want everything to be as safe as possible without them putting in any effort at all. I'm sorry, I think those that pay attention should be rewarded for it, not those that trip-toe through life asking the rest of the world to protect them from themselves. (No, trip-toe was not a misspelling.)
5. Re:Rock and hard place. by Anonymous Coward · 2018-11-12 10:35 · Score: 0
  
  Yes, this is why popping up a warning as suggested by b0s0z0ku is useless. Users ignore them. Apple knows this and is why it does what it does.
6. Re:Rock and hard place. by Anonymous Coward · 2018-11-12 10:37 · Score: 0
  
  There's a happy middle ground -- warn about "un-blessed" hardware, don't brick computers because of it. A Big Red Banner on boot and maybe an audio warning would be sufficient.
  People Ignore Software Security Warnings Up To 90% of the Time, Says Study
  Yeah! Apple is just thinking of you, because you will ignore the security warning anyway they will make sure that you cant get it repaired anywhere else and that you can't do it yourself. Thanks Apple, what an awesome company to be going out of their way to make sure the user doesn't hurt themselves, I guess that's why all their devices come with rounded corners too.
7. Re:Rock and hard place. by Desler · 2018-11-12 10:43 · Score: 1
  
  Couldn't care less what Apple's motivation is but warning banners are less than useless.
8. Re:Rock and hard place. by AHuxley · 2018-11-12 10:47 · Score: 1
  
  vs the approved PRISM connection?
  
  --
  Domestic spying is now "Benign Information Gathering"
9. Re:Rock and hard place. by Anonymous Coward · 2018-11-12 10:53 · Score: 0
  
  Are you retarded or do you just pretend to be so on television?
10. Re:Rock and hard place. by b0s0z0ku · 2018-11-12 11:13 · Score: 1
  
  Depends on the type of warning. If most people got their computer back from repair and it flashed a red, 10-second-long message in several languages that "This hardware has been compromised with unauthorized components," I suspect they'd listen. Make it annoying with a loud beep or the car-crash sound from old Mac system-failure messages, and keep it up there for 10 seconds without ability to click through.
  Far better than turning hardware people OWN into a brick or holding it hostage.
11. Re:Rock and hard place. by Anonymous Coward · 2018-11-12 11:40 · Score: 0
  
  Yes.
12. Re:Rock and hard place. by mellon · 2018-11-12 12:05 · Score: 1
  
  This is bad UI design. What you want is to fail if security is compromised. You don't offer a warning. You just fail. As soon as you start offering warnings and bypasses, you've created an attack surface. And yes, the typical end user will succumb to the attack. So if you want to be elitist and watch your users get pwned, sure, put in a bypass. Otherwise, make your software fail safe.
13. Re:Rock and hard place. by Anonymous Coward · 2018-11-12 12:46 · Score: 0
  
  This is why no one listens to nerds. Your idea is dumb as fuck.
14. Re:Rock and hard place. by b0s0z0ku · 2018-11-12 12:56 · Score: 1
  
  And your idea is paternalistic crap designed for the lowest common denominator. We shouldn't allow installation of software not "blessed" by Apple, M$, or Scroogle either, because it "might" create an attack surface. Shove everyone into a walled garden, no room for imagination or deviation from what Big Papa Corp wants for their users. Yes!
15. Re:Rock and hard place. by Anonymous Coward · 2018-11-12 18:41 · Score: 0
  
  Couldn't care less what Apple's motivation is but warning banners are less than useless.
  Speak for yourself. If they would put up a warning banner when the hardware had been tampered with I would find that useful, not everybody is as ignorant as you are.
16. Re: Rock and hard place. by CoolDiscoRex · 2018-11-12 21:14 · Score: 1
  
  Yeah, nerd!
  Nobody listens to nerds!
  Now Imma gonna go use my software, which was all written by gangsta rappers and their smoking hot ghetto-as bitches, ya heard?
  Yeah, you better have heard.
  Get off of Slashdot, nerd.
17. Re:Rock and hard place. by Anonymous Coward · 2018-11-13 01:25 · Score: 0
  
  It always amazes me. The mental gymnastics the apple fanbois will go through to justify a blatantly anti-consumer move. It really is impressive. I came in to this thread wanting to see how you fanbois would justify it, and you did not disappoint.
18. Re: Rock and hard place. by Anonymous Coward · 2018-11-13 01:48 · Score: 0
  
  Incorrect.
  The Chinese device can be copied exactly and authorized as normal. There's no difference in the ssd for example that sets it apart from any other. Replace the ssd with one that reports to an intelligence agency and then throw it at the authorizer
19. Re:Rock and hard place. by Anonymous Coward · 2018-11-13 02:45 · Score: 0
  
  Well, today I believe going dark is the only sure way.. can't use any of the current electronic...
20. Re:Rock and hard place. by Anonymous Coward · 2018-11-13 05:59 · Score: 0
  
  Make the warning so that taking proper action is easier than cancelling the messagebox. "To prove that you really want to cancel, solve this math problem. Or . . "
21. Re:Rock and hard place. by Anonymous Coward · 2018-11-15 01:51 · Score: 0
  
  No, that is what you want. What I want depends on the situation. On a personal computer, a simple warning that my security may have been compromised is sufficient, at least for me.
  This all boils down to Apple thinking they know best and not giving their users options.
News for nerds by taskiss · 2018-11-12 10:17 · Score: 4, Insightful

"...the T2 chip could render a computer inoperable..." and it went on from there. The hinge of this whole story rests on a "could". Twist the hinge one way, there is no story, the other way, and ... well ... you get this flame bait
You know, stuff that matters.

--
- real hackers don't have sigs -
1. Re:News for nerds by Anonymous Coward · 2018-11-12 10:33 · Score: 1
  
  ...the T2 chip could render a computer inoperable...
  And here I thought that was IOS's job.
2. Re:News for nerds by Anonymous Coward · 2018-11-12 10:44 · Score: 0
  
  "...the T2 chip could render a computer inoperable..." and it went on from there. The hinge of this whole story rests on a "could"
  No, the hinge of the whole story is 'The T2 is “a guillotine that [Apple is] holding over” product owners, iFixit CEO Kyle Wiens told The Verge over email. That’s because it’s the key to locking down Mac products by only allowing select replacement parts into the machine when they’ve come from an authorized source — a process that the T2 chip now checks for during post-repair reboot.' and 'Apple confirmed to The Verge that this is the case for repairs involving certain components on newer Macs, like the logic board and Touch ID sensor, which is the first time the company has publicly acknowledged the tool’s use.'.
  The "could" and what follows comes from earlier internal Apple document leaks on the T2 chip. Ie, they report a claim by iFixit, Apple confirms it, and the basis for the original investigation into hardware lockouts and the means came from what the T2 chip "could" do. So, no, Apple confirming it blocks unauthorized logic board and Touch ID sensor repair through the T2 chip is not "flame bait". You might feel Apple has valid reasons for this, but to argue it's "twist[ing] the hinge one way" is bullshit.
3. Re:News for nerds by swillden · 2018-11-12 12:51 · Score: 2
  
  "...the T2 chip could render a computer inoperable..." and it went on from there. The hinge of this whole story rests on a "could". Twist the hinge one way, there is no story, the other way, and ... well ... you get this flame bait
  I disagree. There is a story here, though it's one without a clear villain, which slashdot will find uncomfortable.
  It is a problem if third-party repair services are effectively blocked. As another commenter points out, it may even be illegal. However, I also see Apple's point. When you're trying to secure a device against hardware attack, the integrity of the components is critical, as is the ability to transmit data between them securely. Since it's all but impossible to keep the various communications busses inaccessible to attackers, you cryptographically authenticate the components to one another and encrypt the traffic (this also denies the data to attackers doing EM sniffing). But to to do that you need the components to have a shared key, which means you need a pairing step -- and that pairing step must be something the attacker can't do. This is easy to arrange in the factory, and not too hard to arrange in authorized repair facilities, but allowing any third party to do it without also allowing attackers to do it is really hard (and, no, asymmetric cryptography doesn't fix this. To paraphrase Bruce Schneier, "If you think asymmetric cryptography solves this problem, you don't understand asymmetric cryptography and you don't understand this problem.").
  
  --
  Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
4. Re:News for nerds by Anonymous Coward · 2018-11-12 14:08 · Score: 0
  
  Please, you bubbledwellers lose your shit if you ate a piece of food That One Time Last Year which later turns out "could have been X during processing".
  You cheer journalists who rush in to demand "What will Company be doing about Thing??" because a hingetwisted vagary Could Exist.
  Device lockdown isn't a theoretical particle. Have you been living under a rock? Or perhaps in a garden? While brewing official Keurig cups for extra irony?
5. Re:News for nerds by Anonymous Coward · 2018-11-12 14:31 · Score: 0
  
  However, I also see Apple's point. When you're trying to secure a device against hardware attack, the integrity of the components is critical, as is the ability to transmit data between them securely. Since it's all but impossible to keep the various communications busses inaccessible to attackers, you cryptographically authenticate the components to one another and encrypt the traffic (this also denies the data to attackers doing EM sniffing). But to to do that you need the components to have a shared key, which means you need a pairing step -- and that pairing step must be something the attacker can't do. This is easy to arrange in the factory, and not too hard to arrange in authorized repair facilities, but allowing any third party to do it without also allowing attackers to do it is really hard (and, no, asymmetric cryptography doesn't fix this.
  That sounds great and all, except Apple goes out of its way to limit access to components and has tight controls over all authorized repair facilities that frequently amount to little more than (1) sending the whole logic board back to Apple (and waiting many days for a replacement) or (2) telling the customer to buy a new computer. It's clear their "secure a device against hardware attack" is more about securing a device against the owner's third party hardware usage which undercuts Apple's profit margin. Yes, there are unscrupulous people who would exploit Apple's name to charge a premium, but it seems clear that Apple is most offended by this because *they* want to be the unscrupulous people who exploit Apple's name to charge a premium.
  If the core point was to provide protect against hardware attack, the realistic approach would be to sub-license third party production under supervision by Apple to sell components at lower prices. All Apple's approach does is encourage third parties to find ways to disable T2 protection entirely, not work with it. Of course, people using unauthorized parts are the sort Apple would love to punish to teach them a lesson: buy from us or your device may randomly soft brick (at least for a few weeks/months, presuming there's enough outcry to disable the soft brick).
  That's the premium you pay by buying Apple. Protection against actual, realistic attacks? Except for some protection by obscurity, it's certainly not the secure software that's doing it, but who cares about realistic attack vectors?
6. Re:News for nerds by cyn1c77 · 2018-11-12 18:50 · Score: 1
  
  "...the T2 chip could render a computer inoperable..." and it went on from there. The hinge of this whole story rests on a "could". Twist the hinge one way, there is no story, the other way, and ... well ... you get this flame bait
  You know, stuff that matters.
  You're right. This is fear mongering. There is no way Apple would ever try to block users from modifying their hardware with third-party components.
7. Re: News for nerds by CoolDiscoRex · 2018-11-12 21:16 · Score: 1
  
  Ok that was funny
8. Re: News for nerds by CoolDiscoRex · 2018-11-12 21:26 · Score: 1
  
  Why donâ(TM)t you people feel like you deserve Appleâ(TM)s love?
  Maybe itâ(TM)s because you donâ(TM)t.
  Some of you replace you iDevices every 2 years, and not the recommended every 3 months.
  Face it, you donâ(TM)t deserve to be able to repair your own devices. If you cared about Apple, youâ(TM)d simply replace them.
  But no, youâ(TM)re all special. Itâ(TM)s YOUR device because YOU paid for it and YOU want to repair it ... you you you you you.
  You disgust me. The lot of you. All Apple has ever tried to do was show you how to love. To show you how to live. To show you how to be the person that you were capable of becoming. To fullfill the great promise that is you, and to give you a pathway to happiness, life, and love.
  And you wipe your smelly, pimple-covered asses with it, throw it on the ground, and shout âoeme me me me!â
  Well go to hell, because Apple owes you nothing! You are not fit to smell the farts of iPeople! You know, people with 2, 3, 4 devices. People who donâ(TM)t care how much RAM is in them. People who ... well, people who are not you.
  If you donâ(TM)t love Apple, well, youâ(TM)re pretty much a serial killer, or worse, an Android user.
  Ewwwwwwwwwwwwww.
9. Re:News for nerds by AmiMoJo · 2018-11-12 21:32 · Score: 2
  
  Apple has already blocked the installation of Linux by having the T2 chip disable all internal storage when you try. They have form with repairs too, such as the 3rd party iPhone home button/fingerprint scanners being rejected. Even the last MacBook Pro they released removed the data recovery header so that if the mobo dies you can't get anything off the soldered-down SSD any more.
  There is a clear pattern here. Apple has always hated third party repairs, or giving users control of their computers and phones.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
10. Re:News for nerds by Mordaximus · 2018-11-13 01:02 · Score: 1
  
  Apple has already blocked the installation of Linux by having the T2 chip disable all internal storage when you try.
  Don't install to the internal storage. Thunderbolt is plenty fast enough to host an external bootable drive. Set the external to target mode and you're off to the races.
11. Re:News for nerds by AmiMoJo · 2018-11-13 02:05 · Score: 1
  
  When you're trying to secure a device against hardware attack, the integrity of the components is critical
  If you are relying on the integrity of components then you are doing it wrong and are completely screwed anyway.
  The scenario you describe where the attacker replaces components in the machine is both far fetched and wouldn't be prevented by the T2 chip, because they could simply replace the T2 chip itself as well. EM sniffing is movie plot stuff - you would have to get the probes in the machine while the victim is authenticating themselves, good luck with that.
  Other manufacturers produce secure machines, certified for government use, and don't go to these lengths.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Apple T2: Judgement Device by fahrbot-bot · 2018-11-12 10:17 · Score: 1

Can't wait for "Apple T3: Rise of the Machinations" and "Apple Sustentation"

--
It must have been something you assimilated. . . .
Re:Fuck the iTarded by Anonymous Coward · 2018-11-12 10:19 · Score: 0

They're doubly dumbfucks. Stop buying their iGarbage and maybe Apple will stop acting assholish. As long as you fucktards continuing buying iShit they will just get bolder and bolder because they see no negative financial impact.
Who cares? by Anonymous Coward · 2018-11-12 10:20 · Score: 1

Having gone through the age of build-it-yourself computers, all I can say is WHO CARES??? I don't remember the last time I opened any of my old computers to change anything. All I see here is Windows people complaining about Apple computers they'd never even buy. PHHHHIIITT!!
1. Re:Who cares? by Anonymous Coward · 2018-11-12 10:27 · Score: 0
  
  The only people who care are a group that probably make up a fraction of 1% of all Apple users along with leeches who set up businesses riding Apple's coattails.
2. Re:Who cares? by AHuxley · 2018-11-12 10:50 · Score: 1
  
  Say a user adds more unapproved RAM?
  RAM that did not get a code entered to approve it.
  That "changes" their computer and any approved backups.
  No more data to read from the computer. No more external backup.
  
  --
  Domestic spying is now "Benign Information Gathering"
3. Re: Who cares? by Anonymous Coward · 2018-11-12 12:59 · Score: 0
  
  Does not seem to affect ram
4. Re: Who cares? by AHuxley · 2018-11-12 13:28 · Score: 1
  
  It could be counterfeit RAM imported into the USA and used to sell as a "repair".
  
  --
  Domestic spying is now "Benign Information Gathering"
5. Re:Who cares? by Anonymous Coward · 2018-11-12 14:28 · Score: 0
  
  >leeches who set up businesses riding Apple's coattails
  Like ifixit right?
  But they're beneath mention, they're barely afloat on "a tiny fraction no one cares 1% windows users"
  I bet no one even looks at those articles. One google search should confirm my shill-gargling.
IMPERSONATING me AGAIN? apk by Anonymous Coward · 2018-11-12 10:27 · Score: 0

You got caught impersonating me c6gunner (your name's the submitter signing "APK") https://linux.slashdot.org/com... as you ALTERED /.ers PRAISE of my work (not yours you don't even HAVE, lol).
(You shouldn't throw stones when you live in a glass house boys - especially vs. me: RIGHT, ZIP? https://developers.slashdot.or... CAUGHT LYING TOO (you DO have a registered /. acc't. but STALK me anonymously instead - punk) https://news.slashdot.org/comm... )
HOWEVER: In your "impersonations" trying to make me "look bad" or a liar (like your kind is)? Hope you're RIGHT (considering I'm only sure hosts stop portsmash vs. Spectre/Meltdown) https://tech.slashdot.org/comm...
APK
P.S.=> GROW UP weezils - you do it to yourselves trying to "take me on" & FAILING like you always do (especially on tech) + so then you start STALKING me by UNIDENTIFIABLE anonymous posts OR by IMPERSONATING me (weak BITCH tactics only a HOMO would do, lol)... apk
1. Re: IMPERSONATING me AGAIN? apk by Anonymous Coward · 2018-11-12 10:31 · Score: 0
  
  LOL, you still refuse to provide evidence that you've been "impersonated" beyond a single c6gunner post. I don't believe you're being impersonated at all, just that you desperately want attention and you get more of it this way. Grow up, crybaby.
2. Re:IMPERSONATING me AGAIN? apk by Anonymous Coward · 2018-11-12 10:40 · Score: 0
  
  Stop bullying and impersonating him you ne'er-do-well! He's just trying to help everybody with his HOSTS File Engine and trying to better himself by getting sweet calf implants.
give 2 months to have it broken by Anonymous Coward · 2018-11-12 10:30 · Score: 0

Now that is known that linux won't work, there is a stronger incentive to break it.
No-fix also = no hack by Anonymous Coward · 2018-11-12 10:37 · Score: 1

I 100% understand the "but we cannot repair it" factor.
I also very much like they "they cannot hack it factor" too ... and yes, for specific devices until there is a method to keep the "feds" out, this to me an acceptable means of securing a device: no "skimmers" inserted into the print reader, no rogue devices onboarded elsewhere, and hopefully the memory/storage are protected to where they cannot be simply slipped onto another device for reading/decrypting too. (Sad, but this is how little I trust.)
Meh, its Apple what do you expect by Anonymous Coward · 2018-11-12 10:37 · Score: 1

Sort of what Apple has always pushed for and if you don't like it, don't buy Apple products. They have always been a bit snobbish about their stuff. Obviously people don't remember the Power PC chip era for Apple, talk about locked down hardware.
1. Re:Meh, its Apple what do you expect by Anonymous Coward · 2018-11-13 07:39 · Score: 0
  
  > Obviously people don't remember the Power PC chip era for Apple, talk about locked down hardware.
  I remember it, I had a Power Mac 7500 that I upgraded with third-party RAM, third-party HDD, third-party G3 accelerator and third-party CD-ROM.
  Or did you mean only PPC PowerBooks?
My next laptop by TechyImmigrant · 2018-11-12 10:39 · Score: 1

My next laptop is not going to be a mac any more. I need unixy behaviour, so a mac was fine. I like using my 2013 mac book pro. But being locked out of third party repair is a major detractment. So my next laptop will be a PC laptop running Linux.

--
I should use this sig to advertise my book ISBN-13 : 978-1501515132.
Stop buying Apple by Anonymous Coward · 2018-11-12 10:42 · Score: 3, Interesting

The hardware quality advantage of MacBooks is long gone. OS X has become a pile of iCloud infested junk. There is simply no reason to buy an Apple product anymore. They've abandoned the power user and no longer innovate. The only thing they can do is build lock-in devices to try to keep customers on their stagnant technology.
I was using Mac laptops since the PowerPC days. I finally gave up and built myself a Linux laptop. Do I miss a few OS X specific apps? Yes. Am I glad to be off Apple's lock-in ecosystem: Hell yes. Even though I had backups I wanted to get the last day's work off my dead MacBook pro. Not so easy when the SSD is soldered to the motherboard. Thanks Apple for starting that trend.
Remmber Microsoft Palladium? by xack · 2018-11-12 10:42 · Score: 1

This sounds like all the fears of Palladium come true.
Can't get them fixed around here by kerashi · 2018-11-12 10:44 · Score: 2

Where I live, there isn't a repair shop within 100 miles, here in northeast Arkansas. I could never recommend a Mac to anyone I know, even someone heavily invested in the Apple ecosystem, because of this. It's the same story with their phones. Both of my parents have iPhones, and without an authorized repair shop anywhere nearby, not even within a 100 mile radius, I can't get them fixed without shipping them off somewhere, and being without the device for God knows how long. Meanwhile, there's an independent repair shop that will happily repair my Android phone same day within 10 miles.
Simple fact is, computers break eventually. Nothing runs forever. Apple's insistence that we use their repair shops, which for me might as well be on the moon, is just crazy. If you can't get the thing fixed when something goes wrong, be it a cracked screen or bad keyboard or whatever, it's just disposable. And Apple products are just too expensive to be disposable.
Violation of Magnussen-Moss Act by coats · 2018-11-12 10:58 · Score: 5, Informative

This violates Federal Law, in particular the Magnussen-Moss Act (15 USC 2302(c)) requirement that says warrantors cannot require that only branded parts be used with the product in order to retain the warranty.

--
"My opinions are my own, and I've got *lots* of them!"
1. Re:Violation of Magnussen-Moss Act by blindseer · 2018-11-12 16:56 · Score: 1
  
  This violates Federal Law, in particular the Magnussen-Moss Act (15 USC 2302(c)) requirement that says warrantors cannot require that only branded parts be used with the product in order to retain the warranty.
  If that is true then Apple needs to be taken to court and I want to hear them make their case.
  I don't know if Apple would win but I can imagine how the case would go. The issue would come down to keeping user data secure, much like we've seen in cases where the government has asked Apple to break their own encryption for the purposes of gaining data for a criminal investigation. They would likely argue that a third party repair is possible but it would not allow for the recovery of any data. If you want a repair and retain your data on the device after the repair then the repairs must be performed with authorized parts. Failure to maintain this control means the security of any Apple device could be bypassed by anyone with the right tools and third party parts.
  Take your pick. Do you want to be able to upgrade the SSD in the future on your Apple computer, or do you want that SSD secured from someone reading it without your permission? If you can find a way to eat your cake and have it too then I'd like to hear it.
  
  --
  I am armed because I am free. I am free because I am armed.
2. Re:Violation of Magnussen-Moss Act by cyn1c77 · 2018-11-12 18:57 · Score: 1
  
  Take your pick. Do you want to be able to upgrade the SSD in the future on your Apple computer, or do you want that SSD secured from someone reading it without your permission? If you can find a way to eat your cake and have it too then I'd like to hear it.
  What are you talking about?
  Self-encrypting SSDs with standardized connectors have existed for years. You just take the drive out when you send it in for repair.
  Apple is just being difficult because they want you to buy their hardware. The solder in their RAM, use special dongles and drop headphone jacks for the same reason.
3. Re:Violation of Magnussen-Moss Act by AmiMoJo · 2018-11-12 21:34 · Score: 1
  
  The warranty will be intact, it just won't work any more. The law needs to catch up, like the GPL did many years ago with V3 that blocked Tivoization and other technical means of taking away your rights.
  Same with DRM. You still have your first sale doctrine right to sell it second hand, it just won't be worth anything because DRM bricks it as soon as you do.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
4. Re:Violation of Magnussen-Moss Act by Mordaximus · 2018-11-13 01:06 · Score: 1
  
  Apple is just being difficult because they want you to buy their hardware. The solder in their RAM, use special dongles and drop headphone jacks for the same reason.
  How do any of those things encourage one to buy their hardware? BTW, there's nothing special about the dongle, nor is dropping the decades old headphone jack unique to Apple.
Re:Confirmed: ZIP & c6gunner are BULLIES... ap by Anonymous Coward · 2018-11-12 11:12 · Score: 0

Maybe you are APK.
Maybe you are someone else pretending to be APK to make APK appear juvenile with this post.
Maybe you are a Russian troll attempting to create a sense of disharmony in our society.
In no case do I care in the slightest what you have to say with your obviously offtopic post.
It already Forbids the Running of Linux by Anonymous Coward · 2018-11-12 11:13 · Score: 0

The T2 Chip is to make sure APPLE gets there Pound of Flesh every time it iis Opened up for anything.
This should be against the LAW, If not then Why Not?
And for the Fan Boys out there that are Okay with this Need a real Life for this is nothing more than a Corp Trying to make Computers a Service not the OS.
What about the external power supply? by aberglas · 2018-11-12 11:16 · Score: 1

Looks like you can still replace that. Looks like Apple messed up there.
1. Re:What about the external power supply? by Bert64 · 2018-11-13 00:15 · Score: 1
  
  The power supply has actually gone the other way, instead of a proprietary apple power supply it now uses standard USB-C. Hopefully the days of each laptop having its own non standard power supply are numbered and i can keep several USB-C at home and office.
  
  --
  http://spamdecoy.net - free throwaway anonymous email - avoid spam!
Re: Fuck the iTarded by Anonymous Coward · 2018-11-12 11:27 · Score: 0

What would you recommend they do? Buy a Dell? How do you expect them to get good software if they are forced to use windows or some shitty Linux build? Letâ(TM)s stop pretending they are anything but the best devices in the market.
Re:Confirmed: ZIP & c6gunner are BULLIES... ap by Anonymous Coward · 2018-11-12 11:30 · Score: 0

ZIP it's obvious you care. You care enough to twuce downmod hide where APK made you look a fool and liar https://news.slashdot.org/comm... Ashamed? You should be.
can they use this lock in ram / cpus? by Joe_Dragon · 2018-11-12 12:39 · Score: 1

Just think of this with tim cooks face and the word NON APPLE HARDWARE no mac os for you.
https://giphy.com/gifs/no-jura...
Welcome to John Deere (dealer only service) by Joe_Dragon · 2018-11-12 12:42 · Score: 1

Welcome to John Deere (dealer only service)
Now will the EU or Australia do something?
Re: Fuck the iTarded by Anonymous Coward · 2018-11-12 12:45 · Score: 0

Paying 300% mark-up for mid-level parts does not make something the best.
Just another reason to buy elsewhere by Tough+Love · 2018-11-12 12:59 · Score: 1

Just another reason to buy elsewhere. Apple was never great at debugging but it's progressed to downright awful. Any luck with that overheating wireless charger?

--
When all you have is a hammer, every problem starts to look like a thumb.
Re:When politics goes the 'wrong' way for Slashdot by Tough+Love · 2018-11-12 13:05 · Score: 1

not one controlled mainstream media outlet carries the story.
You're full of crap.

--
When all you have is a hammer, every problem starts to look like a thumb.
Ever play an old Nintendo? by rsilvergun · 2018-11-12 13:06 · Score: 1

every had a cart that wouldn't play? Ever blow on the cart? That didn't help. What _would_ help is cutting the pin to the lockout chip to by pass Nintendo's DRM. See, what was happening is that not all the pins were making good contact, but most of the time you didn't _need_ perfect contact, except for that darn lockout chip. That thing was sensitive. It had to be or it'd be easy to bypass.

I don't want DRM in my products because not only does it mean the device isn't really mine but it means I've got one more thing to break and when it does it'll likely kill the device completely.

--
Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
1. Re:Ever play an old Nintendo? by b0s0z0ku · 2018-11-12 13:07 · Score: 1
  
  What kind of bad DRM could be bypassed by disconnecting a single pin?
2. Re:Ever play an old Nintendo? by Anonymous Coward · 2018-11-12 14:12 · Score: 0
  
  Shit son, it wouldn't be the first bypassed by a single plaintext bool.
  AUTHENTICATIONATLAUNCH=1
  It doesn't have to be good to control. Now, ask permission to use what you "bought".
3. Re:Ever play an old Nintendo? by _merlin · 2018-11-12 17:46 · Score: 1
  
  The protection MCU on the console mainboard would hold the CPU in reset if it couldn't conduct the "magic handshake" with the corresponding MCU in the cartridge. If you disconnected the line from the protection MCU output to the CPU's reset input, it would defeat the protection for the most part.
You know they are retarded by Gabest · 2018-11-12 13:17 · Score: 1

When they call the motherboard "logic board".
1. Re:You know they are retarded by b0s0z0ku · 2018-11-12 13:21 · Score: 2
  
  That's old tradition dating back to Apple II (hacker-friendly computer) days.
2. Re:You know they are retarded by Anonymous Coward · 2018-11-12 19:42 · Score: 0
  
  When they call the motherboard "logic board".
  In my day, we called 'em mainboards. In the interest of professionalism, drop the gender-specific terminology.
Easy fix by nehumanuscrede · 2018-11-12 13:42 · Score: 1

That T2 chip seems to have a strange effect on my Credit Card anytime I try to purchase an Apple product with such hardware installed.
Guess I'll have to go buy something else . . . . . .
Doesn't matter by Anonymous Coward · 2018-11-12 19:29 · Score: 1

The odds of someone that has the slightest idea what they are doing also buying a Mac seems very remote.
For the old people and tech-ignorant that buy these devices, it won't make the slightest difference.
This will only prevent 3rd party shops from working on Apple hardware.
Let the fools and their money part.
Thanks god I do not need or depend on Apple Macs by ReneR · 2018-11-12 20:48 · Score: 1

After they where hiding the iGPU from my 15" late-2013 rMBP: https://www.youtube.com/watch?... us another proprietary SSD connector every model year (well when they actually updated something): https://www.youtube.com/watch?... and literally each and every MacBook MacSafe charger has blown up and failed on me in the meantime: https://www.youtube.com/watch?... I'm out of purchasing new Apple hardware. Thanks god I maintain my #t2sde Linux (https://t2sde.org) and can just switch to amazing AMD ThinkPads ;-) https://www.youtube.com/watch?...
Re: Fuck the iTarded by CoolDiscoRex · 2018-11-12 20:57 · Score: 1

Lol. If only you were this guy in real life, eh?
I know, Inknow, we all need a dream. I mean, how many times can you tell your âpartnerâ(TM) that her jeans donâ(TM)t make her ass look big?
And they totally donâ(TM)t. Itâ(TM)s her ass that makes her ass look big, amirite?
Awww yeah, you know what time it is ... high five up top!
So, yeah, I donâ(TM)t blame you. Iâ(TM)d be all âoefuck fuck fuckity fuck motherfucker âoe too.
Just make sure you clean your piss off the toilet seat this time. You donâ(TM)t want a repeat of last weekend do you?
Of course you donâ(TM)t.
(No really, go clean the toilet before she gets home. You can swing your dick online later)
Re: Fuck the iTarded by CoolDiscoRex · 2018-11-12 21:06 · Score: 1

might want to wipe your chin there.
donâ(TM)t worry, just tell them that you had a Twinkie for lunch. Fine, a case of Twinkies.
You made Lil Kim look like an amateur, though.
Iâ(TM)m sure Apple will richly reward you for your loyalty. No, really, any day now they totally are going to be all like âYo thanks dawg, hereâ(TM)s a free Mac Pro!â(TM)
Any day now. Just wait, youâ(TM)ll see.
I mean it.
Just wait.
Re: Fuck the iTarded by Anonymous Coward · 2018-11-12 23:56 · Score: 0

You expect people to use a terrible OS like windows or Linux instead? Mac OS runs better on mid tier last get hardware than any other OS runs on the newest flagships. There is barely any markup.
it's about locking you! by sad_ · 2018-11-13 00:00 · Score: 1

forget about the poor 3rd party repair services, this is about you, the customer.
the T2 chip is pure evil, it prevents to use of other OS's, it prevents self-repair (or any repair not by apple).
this is all about locking the customer.
ofcourse, Apple customers probably don't even care.

--
On a long enough timeline, the survival rate for everyone drops to zero.
Re:Confirmed: ZIP & c6gunner are BULLIES... ap by f3rret · 2018-11-13 00:25 · Score: 1

Changed your meds again, eh?

--
Admit nothing. Deny Everything. Make Counter-accusations.
Walk Away by Anonymous Coward · 2018-11-13 01:33 · Score: 1

I stopped buying Sony equipment when they started putting viruses on their DVD's. You've all bitched and moaned to Apple, and in response, they spit on you and called you suckers. WALK AWAY! Spend your money elsewhere.
Correct Apple's action by not buying Apple Product by Anonymous Coward · 2018-11-13 03:02 · Score: 1

There's one way to correct this. Hit Apple where it counts, in the pocketbook. I did. I was tired of the hobbled IOMMU in my late 2013 MacPro Desktop.
I replaced it with a Haydes NUC Canyon. It is fast! I've got Bionic Beaver running, I built a hackintosh using an AMD eGPU (the onboard VEGA Mwasn't supported yet) Installed the egpu Wrangler hack and popped my GTX970 in my Akitio Node (Replaced the low end AMD GPU card that I initially used for the hackintosh build). Now I have Linux, MacOS, and Windows running bare metal on my Haydes Canton NUC.
As far as the IOMMU.. Virt on Linux runs well! eGPU passthrough works!
Don't buy a new Apple products... lots of maggots inside!
I'm just about ready to sell the macpro tin can. no more apple products for me
exit strategy by epine · 2018-11-13 07:02 · Score: 1

We're probably going to buy the Mac mini i5 anyway, to replace my wife's 2008 iMac, with a game plan to run it into the ground for another eight to ten years.
Personally, I don't see the repairability problem. Unless we go crazy writing to the internal storage (unlikely), there's very little to break on this system. Everything but two memory sticks is soldered down. The vast majority of peripherals are tangled up a giant dongle mess behind the cute little box. Those will break and can be unplugged.
Apart from failed DRAM, the smallest possible electronics repair is to swap the main logic board. (The most likely repair is not electronics: it's the power supply and fan, neither of which are protected by the T2 chip, unless Apple is far more Big Brother than anyone back in 1984 even began to imagine.)
I will likely confirm before purchase that it remains possible to install Windows 10 though Boot Camp on an external drive (just an actual TB3 drive would be acceptable as a fail safe; but far better if USB drive were also allowed).
I would be extremely surprised if such a minimalistic system board had more than a 5% failure rate over ten years (unless Apple has completely screwed the cooling envelope, and if there's anything Apple knows, it's confining warm things in tight places, all the while making your think it's your warm thing, in your tight place of choice).
So we'll just self-insure on the books to replace this box if it fails with any damn thing at hand. And we'll keep layers of hot backups on the nearby NAS box. That means we basically won't ever buy any macOS-specific software we can't afford to lose at the first Apple glitch.
It seriously sucks that the world has come to this, but we're going to temporise for one more long product generation. We both hate Windows 10. Every other machine in the house is BSD or Linux. My Android phone doesn't even have its data modem enabled (I can't stand the Android security model), so it's exclusively used for phone calls, text messages, and accessing my personal web server on the internal Wi-Fi. My wife's phone is a recent iPhone from her place of employment, which she only uses for text messages to me and a few other people, and for real work.
It's nice to have one machine in the place compatible with recent, mainstream things. It makes her place of employment happy when she teleworks from a platform they've ever heard of before. That's why she has an iMac in the first place.
1984 Apple's Macintosh Commercial
The T2 is that chick with the hammer. What's she's smashing is any narrative at all you can understand—to be replaced by the blinding wall of dazzling white light of Apple arrogance.

On November 11th, 2018, Apple Computer will introduce the T2 solder-flash refresh. And you'll see why 2018 will be exactly like "1984."
I fudged the date a little, but why not Remembrance day, for good measure? Because I remember the 1984 advertisement (as a scary harbinger), and I always will.
Who can watch that old commercial now, and not read it as foretelling a dark future?