T2 chip in iMac Pro & 2018 MacBook Pro controls boot, security functions previously managed by CPU
Apple's new T2 chip in the iMac Pro and 2018 MacBook Pro is far more than a refinement of the family of sub-processors that launched in the 2016 MacBook Pro, with expanded responsibility encompassing FaceTime camera image quality, drive security, and total control over the boot process.
Editor's note: AppleInsider first published this in January following the iMac Pro debut. Given the volume of questions surrounding the chip following the release of the 2018 MacBook Pro, we have revised the article slightly and republished it to reflect the new hardware
The inclusion of the processor in Apple hardware has been known for some time, with reports in December discussing some features of the T2 in the iMac Pro. At the time, we knew that the T2 regulated boot safety, and had some level of control over boot security, but also at the time, there wasn't a lot of knowledge about how deeply integrated the chip was, nor how far the security implemented by the chip penetrated.
Jason Snell from MacWorld delved deeper into the T2 chip in a report in January, beyond just describing what it does. He elaborates upon the T2's role as mass storage controller, and notes that the T2 has "complete control" over the array of flash storage banks inside the iMac Pro.
The T2 encrypts "every bit" of data sent to the flash storage array in the iMac Pro, wrote Snell, and is responsible for decrypting it for the user. As a result, should the flash array be pulled from the iMac Pro, the data is irretrievable outside of the unit.
Another feature of the T2 is the boot process. Again on the fly, the T2 validates the boot process from start to finish, including verification of a legitimate and properly cryptographically signed bootloader, before the rest of the process is handed off to the rest of the iMac Pro's hardware for completion.
This is all managed by the previously described Startup Security Utility, which is invoked by the user with Command-R during the startup cycle.
Snell reports that by default, security is set to Full — which requires a network connection to verify the operating system's legitimacy during install — including the latest version of Windows 10 through Boot Camp. Medium eliminates the need for a network connection, with the feature also able to be completely disabled.
The T2 also has hooks in the FaceTime camera on both computers. Integrated into the T2 is a new image signal processor that alters all parameters of the FaceTime camera, very similar to the image adjustments that the iPhone makes automatically.
Apple's T2 governs more. It also controls and secures the computer's microphones, governs fan speeds, and controls the speakers in the iMac Pro as well.