Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Confirms Its T2 Security Chip Blocks Some Third-Party Repairs of New Macs (theverge.com)

Posted by BeauHD on from the lock-and-load dept.

An anonymous reader shares a report from The Verge about Apple's new security-focused T2 chip found in the newest Mac computers. The introduction of the chip "has renewed concerns that Apple is trying to further lock down its devices from third-party repair services," The Verge reports. From the report: The T2 is "a guillotine that [Apple is] holding over" product owners, iFixit CEO Kyle Wiens told The Verge over email. That's because it's the key to locking down Mac products by only allowing select replacement parts into the machine when they've come from an authorized source -- a process that the T2 chip now checks for during post-repair reboot. "It's very possible the goal is to exert more control over who can perform repairs by limiting access to parts," Wiens said. "This could be an attempt to grab more market share from the independent repair providers. Or it could be a threat to keep their authorized network in line. We just don't know." Apple confirmed to The Verge that this is the case for repairs involving certain components on newer Macs, like the logic board and Touch ID sensor, which is the first time the company has publicly acknowledged the tool's use. But Apple could not provide a list of repairs that required this or what devices were affected. It also couldn't say whether it began this protocol with the iMac Pro's introduction last year or if it's a new policy instituted recently.

First revealed last month by MacRumors and Motherboard, both of which got their hands on an internal Apple document, the T2 chip could render a computer inoperable if, say, the logic board is replaced, unless the chip recognizes a special piece of diagnostic software has been run. That means if you wanted to repair certain key parts of your MacBook, iMac, or Mac mini, you would need to go to an official Apple Store or a repair shop that's part of the company's Authorized Service Provider (ASP) network. If you want to repair or rebuild portions of those devices on your own, you simply can't -- at least, according to this document. The parts affected, according to the document, are the display assembly, logic board, top case, and Touch ID board for the MacBook Pro, and the logic board and flash storage on the iMac Pro. It is also likely that logic board repairs on the new MacBook Air and Mac mini are affected, as well as the Mac mini's flash storage. Yet, the document, which is believed to have been distributed earlier this year, does not mention those products because they were unannounced at the time. Regardless, to replace those parts, a technician would need to run what's known as the AST 2 System Configuration suite, which Apple only distributes to Apple Stores and certified ASPs. So DIY shops and those out of the Apple network would be out of luck.

98 of 179 comments (clear)

  1. T2, T2, dupe dupe by Anonymous Coward · · Score: 1

    Stop with the T2 articles, shit

    1. Re:T2, T2, dupe dupe by b0s0z0ku · · Score: 1

      Why? Apple needs to be shamed as much as possible for its anti-owner/anti-consumer bullshit.

    2. Re:T2, T2, dupe dupe by TheFakeTimCook · · Score: 1

      Apple isn't about privacy, realistically speaking. It's about keeping data trapped in Apple's ecosystem -- privacy theft is OK as long as Apple is the one doing the stealing. Good thieves brook no competition.

      Prove it.

    3. Re:T2, T2, dupe dupe by b0s0z0ku · · Score: 1

      Their nudging everyone to use iClown vs local storage and/or local backup. Apple are as bad as Google, MS, or Amazon in their cloudpushing scumbaggery.

    4. Re:T2, T2, dupe dupe by Iwastheone · · Score: 1

      Apple isn't about privacy, realistically speaking. It's about keeping data trapped in Apple's ecosystem -- privacy theft is OK as long as Apple is the one doing the stealing. Good thieves brook no competition.

      Prove it.

      How can one prove that a major device maker is not cooperating with law enforcement? Apple, Windows, Android and Linux would not be allowed to pass unless there was co-operation with the current government. In todays modern world, only a fool or a liar would believe otherwise.

    5. Re:T2, T2, dupe dupe by TheFakeTimCook · · Score: 1

      Their nudging everyone to use iClown vs local storage and/or local backup. Apple are as bad as Google, MS, or Amazon in their cloudpushing scumbaggery.

      They might "push", but they don't (yet) REQUIRE. That's a BIG difference!

      I, for one, don't use ANY iCloud services or storage; even though I am tempted to, if, for no other reason, effortless iPhone backup and bookmark/content sharing among my various Apple devices and computers.

      But, I simply don't participate. So, "freedom to choose" is still intact.

    6. Re:T2, T2, dupe dupe by TheFakeTimCook · · Score: 1

      Fool and liar. Perfectly describes the asshole faketimcook

      Anonymous and COWARD. The name says it all...

    7. Re:T2, T2, dupe dupe by TheFakeTimCook · · Score: 1

      Apple isn't about privacy, realistically speaking. It's about keeping data trapped in Apple's ecosystem -- privacy theft is OK as long as Apple is the one doing the stealing. Good thieves brook no competition.

      Prove it.

      How can one prove that a major device maker is not cooperating with law enforcement? Apple, Windows, Android and Linux would not be allowed to pass unless there was co-operation with the current government. In todays modern world, only a fool or a liar would believe otherwise.

      Would not be allowed to "pass", WHAT, exactly?

      I think you need to understand the difference between "Obey a lawful Order" and "Are Complicit With"

      And I think you really need to upgrade to a heavier-gauge tinfoil. The one you are using isn't deflecting enough of the mind-control beams...

    8. Re:T2, T2, dupe dupe by Tough+Love · · Score: 1

      And abandoned as rapidly as possible like investors are doing with AAPL stock.

      It's the truth. Apple down another 1% today, and down 17% in the month.

      --
      When all you have is a hammer, every problem starts to look like a thumb.
  2. Secure enclave. by b0s0z0ku · · Score: 1

    I've often seen "secure enclave" spelled as "secure enslave." Now I know that wasn't a typo.

    Anyway, I'd have no problem with something like a boot warning of unauthorized repairs, but prohibiting owners from fixing their own fucking equipment stinks. Especially since there are parts of the world that can be a thousand miles and in a different country from the nearest Apple store.

    Sad how far Apple has fallen from being a company founded by hackers and geeks.

    1. Re:Secure enclave. by Balial · · Score: 3

      I'd have no problem with something like a boot warning of unauthorized repairs, but prohibiting owners from fixing their own fucking equipment stinks.

      Do you have a proposal for how to separate these two? What's to stop a malicious change from masking this boot warning? The security point of the T2 chip is well documented by Apple. The conspiracy theories are the same for the iPhone, though. Bottom line: You can't make a secure system if you allow random modifications. The tiny market share of people who are going to tweak their devices isn't worth forsaking real security for everyone else.

    2. Re:Secure enclave. by b0s0z0ku · · Score: 1

      By the same token, one could install a counterfeit motherboard without the T2 chip that doesn't brick itself.

    3. Re:Secure enclave. by lucasnate1 · · Score: 1

      Just provide a tiny tiny switch that people who tweak their devices can turn off. Is it really that hard?

      --
      Avantgarde Hebrew science fiction
    4. Re:Secure enclave. by rogoshen1 · · Score: 1

      The tiny market share of people who are going to tweak their devices isn't worth forsaking real security for everyone else.

      1. tiny market for after-market parts?
      2. Apple totally did this for end-user's security. definitely. Absolutely no other possible ulterior motive.

    5. Re:Secure enclave. by sheramil · · Score: 1

      Came here to say, is it possible to replace the T2 with a 555 or something equally innocuous?

    6. Re:Secure enclave. by Desler · · Score: 2

      Or they can just ignore the complaints coming from a niche user group composed of a fraction of a fraction of a percent of all users?

    7. Re:Secure enclave. by Desler · · Score: 1

      If the market is so tiny why would Apple spend 100s of millions on some unproven conspiracy?

    8. Re:Secure enclave. by AHuxley · · Score: 1

      Real security like PRISM was supported?

      --
      Domestic spying is now "Benign Information Gathering"
    9. Re:Secure enclave. by mellon · · Score: 5, Informative

      Yes, it's really that hard. The T2 chip prevents the evil maid attack. Put a switch in, and you've re-enabled the evil maid attack. You can have protection from this attack, or you can have repairability. It's a crappy choice. If you prefer repairability, you have options.

    10. Re:Secure enclave. by mellon · · Score: 1

      It doesn't have to be one or the other, you know. Yes, this works out well for Apple. If you have a problem with that, you either have to give up on that security feature, or get some new regulations passed (good luck with that!) that constrain the markup companies are allowed to charge for doing repairs, such that you stop feeling like it's a problem that you can't get an aftermarket repair.

    11. Re:Secure enclave. by mellon · · Score: 1

      If your computer is ever taken by the TSA, and you care about them accessing your files, you should just recycle it.

    12. Re:Secure enclave. by Balial · · Score: 1

      The whole security model of the T2 chip prevents it. You can't get your data or authenticate your password without the chip. Users are guaranteed to notice if you mess with it. If you fail over to "working with some detail", you can use the working side of it to hack around the detail.

    13. Re: Secure enclave. by b0s0z0ku · · Score: 1

      My hardware, should be my fucking choice, asshole. Also, authorized service isn't always an option -- in certain countries (St. Lucia, for example) the nearest Apple authorized service center is literally a flight or boat ride away to another country.

    14. Re:Secure enclave. by BronsCon · · Score: 1

      Or the T2 chip could pop up a "This Mac has been modified" message that requires user acknowledgment before booting. That is, before the "working side" could "hack around it". The whole security model of the T2 chip allows it.

      --
      APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
    15. Re: Secure enclave. by blindseer · · Score: 2

      That's what happens when you live on a Caribbean island with less than 200,000 people, I can imagine a lot of services are not available there. I grew up on a farm in the American Midwest, and there were no authorized repair centers for anything nearby. If you had something critical to work then you automatically bought two of them. We bought a lot of stuff over the phone and had it shipped to us. If it didn't work for us, it needed repair, or whatever, then we had to do without until we could ship it back and have it set right. It sucked but that's what happens when you grow up so far from a population center.

      Your hardware is your choice. You can choose not to buy from vendors that don't allow user repairs. Given that a modern computer is a rather complex device, especially something so small as a laptop, cell phone, or even many desktop systems like the Mac Mini, I'm not sure what you can expect to repair yourself without special tools and training.

      A secure device is inherently not user repairable. Let's make a bad car analogy. A secure car has locks that need the proper key to open and start it. If the car is designed to be easily repaired then a thief can simply swap out the locks and take the car. A really secure car would be such that even the dealers or makers of the car can't open or start it, because that means there's a master key somewhere that a thief could exploit. Losing the key, sufficient damage to the car, or some other unfortunate event, would mean a total loss on the car rather than merely a (potentially quite expensive) repair. That's what happens when something is made to be secure.

      With all the stuff happening lately on people having their data stolen I'm finding it rather appealing that a computer manufacturer is taking this seriously. As with many things there is a compromise, with greater security comes lowered ability for repairs.

      --
      I am armed because I am free. I am free because I am armed.
    16. Re: Secure enclave. by CoolDiscoRex · · Score: 1

      Yes. Oh yes. The smartest users must be sacrificed for the average users. They just must be. Only people who will make tomorrowâ(TM)s technology would dare do more than the average soccer mom with their machines, and they therefore must be stopped for the good of Corp ... I mean the people. The good and wholesome average people. Idiocracy wonâ(TM)t be so bad, youâ(TM)ll see. The corporate masters will take good care of us, while those pesky top one percenters will make license plates in the gulag, Weâ(TM)ll finally find a use for those people! Fix your own computers will you? As if! Be like the rest of us! Itâ(TM)s bliss!

    17. Re: Secure enclave. by CoolDiscoRex · · Score: 1

      The pesky smart people must be eradicated! The top technologically literate people must be sacrificed for the good of the average people! Itâ(TM)s the only route to profit! We must stop allowing the smartest of us to dictate the path forward. Our corporate masters are our only hope! The smart people must be rooted out wherever they congregate, let they fester like a boil and their knowledge spread! Join us, the many, the proud, the average consumer! Reject the pompous superiority of those who might fix their own machine, and embrace the loving acceptance and warm bosom of the corporate evangelist as he leads us to the promised land where all problems are taken care of by our benevolent masters! Rise up and cast off the shackles of those oppressors who are smarter than average, for it is they who will keep the share price from reaching itâ(TM)s true potential. Be average. Be proud. Buy shit. Happiness awaits. All we must do is let go and let Apple.

    18. Re: Secure enclave. by CoolDiscoRex · · Score: 1

      By the way, its that same fraction of a fraction that make the products and software you take such pride in purchasing. How quickly you want to toss them aside and ignore their complaints when you think thereâ(TM)s even a minor benefit to you. Or did you think it was the hot milf across the street churning out those cool IOS games that you just love to play? Go ahead and ignore them, though. Whatâ(TM)s the worst that could happen? Itâ(TM)s not like the average people couldnâ(TM)t do it themselves, right?

    19. Re:Secure enclave. by Bert64 · · Score: 1

      Whats to stop a malicious user from acquiring the tools used by the authorized repair shop?

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
    20. Re: Secure enclave. by CoolDiscoRex · · Score: 1
      Dude! Do we try to shit on your purchased identity? Do you know how fucking hard it is to cultivate a talent? Days! Months! Years even!

      Fuck that!

      Squarely in they brown eye at that!

      Imma buy me an iThing then go around saying things like âoeDonâ(TM)t buy it if you canâ(TM)t afford it, thenâ.

      Cause I ainâ(TM)t no poor person, and ishit is how I tell certain people that Iâ(TM)m better than they are. Not to mention, it kicks up the ole self-esteem a notch or two, cause between you and me, Iâ(TM)m otherwise pretty ordinary. I just like the feeling I get when I buy ishit cause it makes me feel special. I totally let the girls see my iPhone at the bar too. It kinda says âI may have a small weiner, but Iâ(TM)ll at least take you to a nice dinner before prematurely ejaculating after catching a glimpse of your nipple (iOS doesnâ(TM)t allow icky girl parts in its apps, and I respect bitches too much to objectify them by thinking of them naked.)

      Iâ(TM)m no athlete, not much of a musician, and Iâ(TM)m not one of those techy nerds like you. Iâ(TM)m one HELL of a consumer, though, so how about you leave my source of pride alone? I mean, we all need our own bag, amirite?

      I may buy my identity, but I have the receipt, so leave me alone and go pick on someone who takes pride in what they do, not what they buy.

      Kthanksbye

    21. Re: Secure enclave. by CoolDiscoRex · · Score: 1
      Yeah, you tell him! I mean, look at that loser, he lives in a country thatâ(TM)s so shitty that he only feels comfortable posting his opinions as Anonymous Coward! Hahahaha ... looooooooser!

      Wait ...

    22. Re:Secure enclave. by AmiMoJo · · Score: 1

      Other manufacturers manage to overcome this problem, and actually it's not hard. Laptops from companies like Lenovo and Dell have had the same level of resilience to the evil maid attack without locking out third party repairs. Replacing the secure memory won't help the evil maid, because that's where the encryption keys are stored so replacement means wiping the laptop's SSD which gives the game away and is easy to detect.

      Perhaps you can explain exactly what benefit the T2 chip has in this regard.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    23. Re:Secure enclave. by thegarbz · · Score: 1

      Protection does not require complete lockdown. Simply a warning that the maid was up to evil is enough. That way you have some form of protection and repairability at the same time.

      In other news my phone puts some red text on the top of my screen saying that Knox is disabled and that custom software is running on it. I'm okay with this.

    24. Re:Secure enclave. by AC-x · · Score: 1

      Do only a fraction of a fraction of a percent of users ever need their "vintage" Apple hardware repaired?

    25. Re:Secure enclave. by Balial · · Score: 1

      Does it though? Other than Apple's marketing what do you know about how the T2 chip works that satisfies you of this?

      Have you read the security guidelines for the T2?

      https://www.apple.com/mac/docs...

      So it is impossible to simply inform the user that the device has been tampered with?

      If you read my original post in this thread, I'm specifically asking for proposals how to do that. In all my security work I don't know how to do this. You seem to know it can be done, so please, do share. Or go out there and build a better product and make mint. I'd love for someone to demonstrate how it can be done, but proof by assertion isn't.

    26. Re: Secure enclave. by Balial · · Score: 1

      I think you're confusing the smartest users with the users that claim they're the smartest. The smartest users understand it just fine.

    27. Re:Secure enclave. by mellon · · Score: 1

      Do they really? [citation needed]

    28. Re:Secure enclave. by mellon · · Score: 1

      How do you differentiate between a legitimate repair and an evil maid "repair"?

      That you are okay with this and want devices that prefer repairability to security means that you aren't the customer Apple is targeting with this marketing campaign.

    29. Re:Secure enclave. by mellon · · Score: 1

      The sad fact is that you do have to trust somebody. That somebody could be Canonical, or it could be Apple. But if you trust Canonical, you also have to trust whoever makes the software you're running Ubuntu on. So now you have two companies you're trusting. If you trust Apple, you are trusting one company. And unfortunately in practice we actually have no way of validating whether or not these companies are trustworthy. This is a really nasty problem.

    30. Re:Secure enclave. by mellon · · Score: 1

      How does the user validate that the change did not compromise the hardware?

    31. Re:Secure enclave. by mellon · · Score: 1

      Your disk is signed. USB devices are not automatically trusted, and do not automatically get DMA access. DMA is done through an iommu.

    32. Re:Secure enclave. by thegarbz · · Score: 1

      How do you differentiate between a legitimate repair and an evil maid "repair"?

      Ask Apple. They seem to be doing just that. But you fundamentally miss my point. You don't have a loss of security in this regard. Just because you're not locked out of the system doesn't mean security is lower. All that needs to happen is that you be made aware that your device has been tampered with.

      Your firewall also doesn't set fire to your building everytime a sketchy looking packet comes through. At least I hope not, as amusing as that would be.

  3. Re:Fuck the iTarded by b0s0z0ku · · Score: 1

    What about people who bought Apple in countries without Apple stores, thinking they could get a local shop to repair the products, as has been done for the past 20-30 years. Nah, fuck Apple and Tim Cook for throwing product owners under a speeding bus.

  4. Rock and hard place. by Anonymous Coward · · Score: 1

    So, you might go to a third party repair shop that winds up (innocently or maliciously) installing a replacement component that was built in China and has a spy chip in it that sends your data back to the Chinese government.....and this chip can help block it.

    On the other hand, such a requirement produces lock-in which keeps your prices high and prevents open competition for services, which is bad for you and the market.

    And anyway the trust issue is kind of moot because Apple might be inserting their own spy chips and hacking us all.

    It really isn't possible to win.

    1. Re:Rock and hard place. by b0s0z0ku · · Score: 1

      There's a happy middle ground -- warn about "un-blessed" hardware, don't brick computers because of it. A Big Red Banner on boot and maybe an audio warning would be sufficient.

    2. Re:Rock and hard place. by HarrySquatter · · Score: 1

      Except that years and years of showing users warnings have simply coditioned them to ignore said warning and click through them.

    3. Re:Rock and hard place. by Desler · · Score: 1

      There's a happy middle ground -- warn about "un-blessed" hardware, don't brick computers because of it. A Big Red Banner on boot and maybe an audio warning would be sufficient.

      People Ignore Software Security Warnings Up To 90% of the Time, Says Study

    4. Re:Rock and hard place. by Desler · · Score: 1

      Couldn't care less what Apple's motivation is but warning banners are less than useless.

    5. Re:Rock and hard place. by AHuxley · · Score: 1

      vs the approved PRISM connection?

      --
      Domestic spying is now "Benign Information Gathering"
    6. Re:Rock and hard place. by b0s0z0ku · · Score: 1

      Depends on the type of warning. If most people got their computer back from repair and it flashed a red, 10-second-long message in several languages that "This hardware has been compromised with unauthorized components," I suspect they'd listen. Make it annoying with a loud beep or the car-crash sound from old Mac system-failure messages, and keep it up there for 10 seconds without ability to click through.

      Far better than turning hardware people OWN into a brick or holding it hostage.

    7. Re:Rock and hard place. by mellon · · Score: 1

      This is bad UI design. What you want is to fail if security is compromised. You don't offer a warning. You just fail. As soon as you start offering warnings and bypasses, you've created an attack surface. And yes, the typical end user will succumb to the attack. So if you want to be elitist and watch your users get pwned, sure, put in a bypass. Otherwise, make your software fail safe.

    8. Re:Rock and hard place. by b0s0z0ku · · Score: 1

      And your idea is paternalistic crap designed for the lowest common denominator. We shouldn't allow installation of software not "blessed" by Apple, M$, or Scroogle either, because it "might" create an attack surface. Shove everyone into a walled garden, no room for imagination or deviation from what Big Papa Corp wants for their users. Yes!

    9. Re: Rock and hard place. by CoolDiscoRex · · Score: 1
      Yeah, nerd!

      Nobody listens to nerds!

      Now Imma gonna go use my software, which was all written by gangsta rappers and their smoking hot ghetto-as bitches, ya heard?

      Yeah, you better have heard.

      Get off of Slashdot, nerd.

  5. News for nerds by taskiss · · Score: 4, Insightful

    "...the T2 chip could render a computer inoperable..." and it went on from there. The hinge of this whole story rests on a "could". Twist the hinge one way, there is no story, the other way, and ... well ... you get this flame bait

    You know, stuff that matters.

    --
    - real hackers don't have sigs -
    1. Re:News for nerds by Anonymous Coward · · Score: 1

      ...the T2 chip could render a computer inoperable...

      And here I thought that was IOS's job.

    2. Re:News for nerds by swillden · · Score: 2

      "...the T2 chip could render a computer inoperable..." and it went on from there. The hinge of this whole story rests on a "could". Twist the hinge one way, there is no story, the other way, and ... well ... you get this flame bait

      I disagree. There is a story here, though it's one without a clear villain, which slashdot will find uncomfortable.

      It is a problem if third-party repair services are effectively blocked. As another commenter points out, it may even be illegal. However, I also see Apple's point. When you're trying to secure a device against hardware attack, the integrity of the components is critical, as is the ability to transmit data between them securely. Since it's all but impossible to keep the various communications busses inaccessible to attackers, you cryptographically authenticate the components to one another and encrypt the traffic (this also denies the data to attackers doing EM sniffing). But to to do that you need the components to have a shared key, which means you need a pairing step -- and that pairing step must be something the attacker can't do. This is easy to arrange in the factory, and not too hard to arrange in authorized repair facilities, but allowing any third party to do it without also allowing attackers to do it is really hard (and, no, asymmetric cryptography doesn't fix this. To paraphrase Bruce Schneier, "If you think asymmetric cryptography solves this problem, you don't understand asymmetric cryptography and you don't understand this problem.").

      --
      Note to ACs: I usually delete AC replies without reading them. If you want to talk to me, log in.
    3. Re:News for nerds by cyn1c77 · · Score: 1

      "...the T2 chip could render a computer inoperable..." and it went on from there. The hinge of this whole story rests on a "could". Twist the hinge one way, there is no story, the other way, and ... well ... you get this flame bait

      You know, stuff that matters.

      You're right. This is fear mongering. There is no way Apple would ever try to block users from modifying their hardware with third-party components.

    4. Re: News for nerds by CoolDiscoRex · · Score: 1

      Ok that was funny

    5. Re: News for nerds by CoolDiscoRex · · Score: 1
      Why donâ(TM)t you people feel like you deserve Appleâ(TM)s love?

      Maybe itâ(TM)s because you donâ(TM)t.

      Some of you replace you iDevices every 2 years, and not the recommended every 3 months.

      Face it, you donâ(TM)t deserve to be able to repair your own devices. If you cared about Apple, youâ(TM)d simply replace them.

      But no, youâ(TM)re all special. Itâ(TM)s YOUR device because YOU paid for it and YOU want to repair it ... you you you you you.

      You disgust me. The lot of you. All Apple has ever tried to do was show you how to love. To show you how to live. To show you how to be the person that you were capable of becoming. To fullfill the great promise that is you, and to give you a pathway to happiness, life, and love.

      And you wipe your smelly, pimple-covered asses with it, throw it on the ground, and shout âoeme me me me!â

      Well go to hell, because Apple owes you nothing! You are not fit to smell the farts of iPeople! You know, people with 2, 3, 4 devices. People who donâ(TM)t care how much RAM is in them. People who ... well, people who are not you.

      If you donâ(TM)t love Apple, well, youâ(TM)re pretty much a serial killer, or worse, an Android user.

      Ewwwwwwwwwwwwww.

    6. Re:News for nerds by AmiMoJo · · Score: 2

      Apple has already blocked the installation of Linux by having the T2 chip disable all internal storage when you try. They have form with repairs too, such as the 3rd party iPhone home button/fingerprint scanners being rejected. Even the last MacBook Pro they released removed the data recovery header so that if the mobo dies you can't get anything off the soldered-down SSD any more.

      There is a clear pattern here. Apple has always hated third party repairs, or giving users control of their computers and phones.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    7. Re:News for nerds by Mordaximus · · Score: 1

      Apple has already blocked the installation of Linux by having the T2 chip disable all internal storage when you try.

      Don't install to the internal storage. Thunderbolt is plenty fast enough to host an external bootable drive. Set the external to target mode and you're off to the races.

    8. Re:News for nerds by AmiMoJo · · Score: 1

      When you're trying to secure a device against hardware attack, the integrity of the components is critical

      If you are relying on the integrity of components then you are doing it wrong and are completely screwed anyway.

      The scenario you describe where the attacker replaces components in the machine is both far fetched and wouldn't be prevented by the T2 chip, because they could simply replace the T2 chip itself as well. EM sniffing is movie plot stuff - you would have to get the probes in the machine while the victim is authenticating themselves, good luck with that.

      Other manufacturers produce secure machines, certified for government use, and don't go to these lengths.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
  6. Apple T2: Judgement Device by fahrbot-bot · · Score: 1

    Can't wait for "Apple T3: Rise of the Machinations" and "Apple Sustentation"

    --
    It must have been something you assimilated. . . .
  7. Who cares? by Anonymous Coward · · Score: 1

    Having gone through the age of build-it-yourself computers, all I can say is WHO CARES??? I don't remember the last time I opened any of my old computers to change anything. All I see here is Windows people complaining about Apple computers they'd never even buy. PHHHHIIITT!!

    1. Re:Who cares? by AHuxley · · Score: 1

      Say a user adds more unapproved RAM?
      RAM that did not get a code entered to approve it.
      That "changes" their computer and any approved backups.
      No more data to read from the computer. No more external backup.

      --
      Domestic spying is now "Benign Information Gathering"
    2. Re: Who cares? by AHuxley · · Score: 1

      It could be counterfeit RAM imported into the USA and used to sell as a "repair".

      --
      Domestic spying is now "Benign Information Gathering"
  8. No-fix also = no hack by Anonymous Coward · · Score: 1

    I 100% understand the "but we cannot repair it" factor.

    I also very much like they "they cannot hack it factor" too ... and yes, for specific devices until there is a method to keep the "feds" out, this to me an acceptable means of securing a device: no "skimmers" inserted into the print reader, no rogue devices onboarded elsewhere, and hopefully the memory/storage are protected to where they cannot be simply slipped onto another device for reading/decrypting too. (Sad, but this is how little I trust.)

  9. Meh, its Apple what do you expect by Anonymous Coward · · Score: 1

    Sort of what Apple has always pushed for and if you don't like it, don't buy Apple products. They have always been a bit snobbish about their stuff. Obviously people don't remember the Power PC chip era for Apple, talk about locked down hardware.

  10. My next laptop by TechyImmigrant · · Score: 1

    My next laptop is not going to be a mac any more. I need unixy behaviour, so a mac was fine. I like using my 2013 mac book pro. But being locked out of third party repair is a major detractment. So my next laptop will be a PC laptop running Linux.

    --
    I should use this sig to advertise my book ISBN-13 : 978-1501515132.
  11. Stop buying Apple by Anonymous Coward · · Score: 3, Interesting

    The hardware quality advantage of MacBooks is long gone. OS X has become a pile of iCloud infested junk. There is simply no reason to buy an Apple product anymore. They've abandoned the power user and no longer innovate. The only thing they can do is build lock-in devices to try to keep customers on their stagnant technology.

    I was using Mac laptops since the PowerPC days. I finally gave up and built myself a Linux laptop. Do I miss a few OS X specific apps? Yes. Am I glad to be off Apple's lock-in ecosystem: Hell yes. Even though I had backups I wanted to get the last day's work off my dead MacBook pro. Not so easy when the SSD is soldered to the motherboard. Thanks Apple for starting that trend.

  12. Remmber Microsoft Palladium? by xack · · Score: 1

    This sounds like all the fears of Palladium come true.

  13. Can't get them fixed around here by kerashi · · Score: 2

    Where I live, there isn't a repair shop within 100 miles, here in northeast Arkansas. I could never recommend a Mac to anyone I know, even someone heavily invested in the Apple ecosystem, because of this. It's the same story with their phones. Both of my parents have iPhones, and without an authorized repair shop anywhere nearby, not even within a 100 mile radius, I can't get them fixed without shipping them off somewhere, and being without the device for God knows how long. Meanwhile, there's an independent repair shop that will happily repair my Android phone same day within 10 miles.

    Simple fact is, computers break eventually. Nothing runs forever. Apple's insistence that we use their repair shops, which for me might as well be on the moon, is just crazy. If you can't get the thing fixed when something goes wrong, be it a cracked screen or bad keyboard or whatever, it's just disposable. And Apple products are just too expensive to be disposable.

  14. Violation of Magnussen-Moss Act by coats · · Score: 5, Informative

    This violates Federal Law, in particular the Magnussen-Moss Act (15 USC 2302(c)) requirement that says warrantors cannot require that only branded parts be used with the product in order to retain the warranty.

    --
    "My opinions are my own, and I've got *lots* of them!"
    1. Re:Violation of Magnussen-Moss Act by blindseer · · Score: 1

      This violates Federal Law, in particular the Magnussen-Moss Act (15 USC 2302(c)) requirement that says warrantors cannot require that only branded parts be used with the product in order to retain the warranty.

      If that is true then Apple needs to be taken to court and I want to hear them make their case.

      I don't know if Apple would win but I can imagine how the case would go. The issue would come down to keeping user data secure, much like we've seen in cases where the government has asked Apple to break their own encryption for the purposes of gaining data for a criminal investigation. They would likely argue that a third party repair is possible but it would not allow for the recovery of any data. If you want a repair and retain your data on the device after the repair then the repairs must be performed with authorized parts. Failure to maintain this control means the security of any Apple device could be bypassed by anyone with the right tools and third party parts.

      Take your pick. Do you want to be able to upgrade the SSD in the future on your Apple computer, or do you want that SSD secured from someone reading it without your permission? If you can find a way to eat your cake and have it too then I'd like to hear it.

      --
      I am armed because I am free. I am free because I am armed.
    2. Re:Violation of Magnussen-Moss Act by cyn1c77 · · Score: 1

      Take your pick. Do you want to be able to upgrade the SSD in the future on your Apple computer, or do you want that SSD secured from someone reading it without your permission? If you can find a way to eat your cake and have it too then I'd like to hear it.

      What are you talking about?

      Self-encrypting SSDs with standardized connectors have existed for years. You just take the drive out when you send it in for repair.

      Apple is just being difficult because they want you to buy their hardware. The solder in their RAM, use special dongles and drop headphone jacks for the same reason.

    3. Re:Violation of Magnussen-Moss Act by AmiMoJo · · Score: 1

      The warranty will be intact, it just won't work any more. The law needs to catch up, like the GPL did many years ago with V3 that blocked Tivoization and other technical means of taking away your rights.

      Same with DRM. You still have your first sale doctrine right to sell it second hand, it just won't be worth anything because DRM bricks it as soon as you do.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    4. Re:Violation of Magnussen-Moss Act by Mordaximus · · Score: 1

      Apple is just being difficult because they want you to buy their hardware. The solder in their RAM, use special dongles and drop headphone jacks for the same reason.

      How do any of those things encourage one to buy their hardware? BTW, there's nothing special about the dongle, nor is dropping the decades old headphone jack unique to Apple.

  15. What about the external power supply? by aberglas · · Score: 1

    Looks like you can still replace that. Looks like Apple messed up there.

    1. Re:What about the external power supply? by Bert64 · · Score: 1

      The power supply has actually gone the other way, instead of a proprietary apple power supply it now uses standard USB-C. Hopefully the days of each laptop having its own non standard power supply are numbered and i can keep several USB-C at home and office.

      --
      http://spamdecoy.net - free throwaway anonymous email - avoid spam!
  16. can they use this lock in ram / cpus? by Joe_Dragon · · Score: 1

    Just think of this with tim cooks face and the word NON APPLE HARDWARE no mac os for you.

    https://giphy.com/gifs/no-jura...

  17. Welcome to John Deere (dealer only service) by Joe_Dragon · · Score: 1

    Welcome to John Deere (dealer only service)

    Now will the EU or Australia do something?

  18. Just another reason to buy elsewhere by Tough+Love · · Score: 1

    Just another reason to buy elsewhere. Apple was never great at debugging but it's progressed to downright awful. Any luck with that overheating wireless charger?

    --
    When all you have is a hammer, every problem starts to look like a thumb.
  19. Re:When politics goes the 'wrong' way for Slashdot by Tough+Love · · Score: 1

    not one controlled mainstream media outlet carries the story.

    You're full of crap.

    --
    When all you have is a hammer, every problem starts to look like a thumb.
  20. Ever play an old Nintendo? by rsilvergun · · Score: 1

    every had a cart that wouldn't play? Ever blow on the cart? That didn't help. What _would_ help is cutting the pin to the lockout chip to by pass Nintendo's DRM. See, what was happening is that not all the pins were making good contact, but most of the time you didn't _need_ perfect contact, except for that darn lockout chip. That thing was sensitive. It had to be or it'd be easy to bypass.

    I don't want DRM in my products because not only does it mean the device isn't really mine but it means I've got one more thing to break and when it does it'll likely kill the device completely.

    --
    Hi! I make Firefox Plug-ins. Check 'em out @ https://addons.mozilla.org/en-US/firefox/addon/youtube-mp3-podcaster/
    1. Re:Ever play an old Nintendo? by b0s0z0ku · · Score: 1

      What kind of bad DRM could be bypassed by disconnecting a single pin?

    2. Re:Ever play an old Nintendo? by _merlin · · Score: 1

      The protection MCU on the console mainboard would hold the CPU in reset if it couldn't conduct the "magic handshake" with the corresponding MCU in the cartridge. If you disconnected the line from the protection MCU output to the CPU's reset input, it would defeat the protection for the most part.

  21. You know they are retarded by Gabest · · Score: 1

    When they call the motherboard "logic board".

    1. Re:You know they are retarded by b0s0z0ku · · Score: 2

      That's old tradition dating back to Apple II (hacker-friendly computer) days.

  22. Easy fix by nehumanuscrede · · Score: 1

    That T2 chip seems to have a strange effect on my Credit Card anytime I try to purchase an Apple product with such hardware installed.

    Guess I'll have to go buy something else . . . . . .

  23. Doesn't matter by Anonymous Coward · · Score: 1

    The odds of someone that has the slightest idea what they are doing also buying a Mac seems very remote.
    For the old people and tech-ignorant that buy these devices, it won't make the slightest difference.
    This will only prevent 3rd party shops from working on Apple hardware.
    Let the fools and their money part.

  24. Thanks god I do not need or depend on Apple Macs by ReneR · · Score: 1

    After they where hiding the iGPU from my 15" late-2013 rMBP: https://www.youtube.com/watch?... us another proprietary SSD connector every model year (well when they actually updated something): https://www.youtube.com/watch?... and literally each and every MacBook MacSafe charger has blown up and failed on me in the meantime: https://www.youtube.com/watch?... I'm out of purchasing new Apple hardware. Thanks god I maintain my #t2sde Linux (https://t2sde.org) and can just switch to amazing AMD ThinkPads ;-) https://www.youtube.com/watch?...

  25. Re: Fuck the iTarded by CoolDiscoRex · · Score: 1
    Lol. If only you were this guy in real life, eh?

    I know, Inknow, we all need a dream. I mean, how many times can you tell your âpartnerâ(TM) that her jeans donâ(TM)t make her ass look big?

    And they totally donâ(TM)t. Itâ(TM)s her ass that makes her ass look big, amirite?

    Awww yeah, you know what time it is ... high five up top!

    So, yeah, I donâ(TM)t blame you. Iâ(TM)d be all âoefuck fuck fuckity fuck motherfucker âoe too.

    Just make sure you clean your piss off the toilet seat this time. You donâ(TM)t want a repeat of last weekend do you?

    Of course you donâ(TM)t.

    (No really, go clean the toilet before she gets home. You can swing your dick online later)

  26. Re: Fuck the iTarded by CoolDiscoRex · · Score: 1
    might want to wipe your chin there.

    donâ(TM)t worry, just tell them that you had a Twinkie for lunch. Fine, a case of Twinkies.

    You made Lil Kim look like an amateur, though.

    Iâ(TM)m sure Apple will richly reward you for your loyalty. No, really, any day now they totally are going to be all like âYo thanks dawg, hereâ(TM)s a free Mac Pro!â(TM)

    Any day now. Just wait, youâ(TM)ll see.

    I mean it.

    Just wait.

  27. it's about locking you! by sad_ · · Score: 1

    forget about the poor 3rd party repair services, this is about you, the customer.
    the T2 chip is pure evil, it prevents to use of other OS's, it prevents self-repair (or any repair not by apple).
    this is all about locking the customer.

    ofcourse, Apple customers probably don't even care.

    --
    On a long enough timeline, the survival rate for everyone drops to zero.
  28. Re:Confirmed: ZIP & c6gunner are BULLIES... ap by f3rret · · Score: 1

    Changed your meds again, eh?

    --
    Admit nothing. Deny Everything. Make Counter-accusations.
  29. Walk Away by Anonymous Coward · · Score: 1

    I stopped buying Sony equipment when they started putting viruses on their DVD's. You've all bitched and moaned to Apple, and in response, they spit on you and called you suckers. WALK AWAY! Spend your money elsewhere.

  30. Correct Apple's action by not buying Apple Product by Anonymous Coward · · Score: 1

    There's one way to correct this. Hit Apple where it counts, in the pocketbook. I did. I was tired of the hobbled IOMMU in my late 2013 MacPro Desktop.
    I replaced it with a Haydes NUC Canyon. It is fast! I've got Bionic Beaver running, I built a hackintosh using an AMD eGPU (the onboard VEGA Mwasn't supported yet) Installed the egpu Wrangler hack and popped my GTX970 in my Akitio Node (Replaced the low end AMD GPU card that I initially used for the hackintosh build). Now I have Linux, MacOS, and Windows running bare metal on my Haydes Canton NUC.

    As far as the IOMMU.. Virt on Linux runs well! eGPU passthrough works!

    Don't buy a new Apple products... lots of maggots inside!

    I'm just about ready to sell the macpro tin can. no more apple products for me

  31. exit strategy by epine · · Score: 1

    We're probably going to buy the Mac mini i5 anyway, to replace my wife's 2008 iMac, with a game plan to run it into the ground for another eight to ten years.

    Personally, I don't see the repairability problem. Unless we go crazy writing to the internal storage (unlikely), there's very little to break on this system. Everything but two memory sticks is soldered down. The vast majority of peripherals are tangled up a giant dongle mess behind the cute little box. Those will break and can be unplugged.

    Apart from failed DRAM, the smallest possible electronics repair is to swap the main logic board. (The most likely repair is not electronics: it's the power supply and fan, neither of which are protected by the T2 chip, unless Apple is far more Big Brother than anyone back in 1984 even began to imagine.)

    I will likely confirm before purchase that it remains possible to install Windows 10 though Boot Camp on an external drive (just an actual TB3 drive would be acceptable as a fail safe; but far better if USB drive were also allowed).

    I would be extremely surprised if such a minimalistic system board had more than a 5% failure rate over ten years (unless Apple has completely screwed the cooling envelope, and if there's anything Apple knows, it's confining warm things in tight places, all the while making your think it's your warm thing, in your tight place of choice).

    So we'll just self-insure on the books to replace this box if it fails with any damn thing at hand. And we'll keep layers of hot backups on the nearby NAS box. That means we basically won't ever buy any macOS-specific software we can't afford to lose at the first Apple glitch.

    It seriously sucks that the world has come to this, but we're going to temporise for one more long product generation. We both hate Windows 10. Every other machine in the house is BSD or Linux. My Android phone doesn't even have its data modem enabled (I can't stand the Android security model), so it's exclusively used for phone calls, text messages, and accessing my personal web server on the internal Wi-Fi. My wife's phone is a recent iPhone from her place of employment, which she only uses for text messages to me and a few other people, and for real work.

    It's nice to have one machine in the place compatible with recent, mainstream things. It makes her place of employment happy when she teleworks from a platform they've ever heard of before. That's why she has an iMac in the first place.

    1984 Apple's Macintosh Commercial

    The T2 is that chick with the hammer. What's she's smashing is any narrative at all you can understand—to be replaced by the blinding wall of dazzling white light of Apple arrogance.

    On November 11th, 2018, Apple Computer will introduce the T2 solder-flash refresh. And you'll see why 2018 will be exactly like "1984."

    I fudged the date a little, but why not Remembrance day, for good measure? Because I remember the 1984 advertisement (as a scary harbinger), and I always will.

    Who can watch that old commercial now, and not read it as foretelling a dark future?