Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
×
Desktops (Apple) Security Apple Hardware Technology

Apple Confirms Its T2 Security Chip Blocks Some Third-Party Repairs of New Macs (theverge.com) 179

An anonymous reader shares a report from The Verge about Apple's new security-focused T2 chip found in the newest Mac computers. The introduction of the chip "has renewed concerns that Apple is trying to further lock down its devices from third-party repair services," The Verge reports. From the report: The T2 is "a guillotine that [Apple is] holding over" product owners, iFixit CEO Kyle Wiens told The Verge over email. That's because it's the key to locking down Mac products by only allowing select replacement parts into the machine when they've come from an authorized source -- a process that the T2 chip now checks for during post-repair reboot. "It's very possible the goal is to exert more control over who can perform repairs by limiting access to parts," Wiens said. "This could be an attempt to grab more market share from the independent repair providers. Or it could be a threat to keep their authorized network in line. We just don't know." Apple confirmed to The Verge that this is the case for repairs involving certain components on newer Macs, like the logic board and Touch ID sensor, which is the first time the company has publicly acknowledged the tool's use. But Apple could not provide a list of repairs that required this or what devices were affected. It also couldn't say whether it began this protocol with the iMac Pro's introduction last year or if it's a new policy instituted recently.

First revealed last month by MacRumors and Motherboard, both of which got their hands on an internal Apple document, the T2 chip could render a computer inoperable if, say, the logic board is replaced, unless the chip recognizes a special piece of diagnostic software has been run. That means if you wanted to repair certain key parts of your MacBook, iMac, or Mac mini, you would need to go to an official Apple Store or a repair shop that's part of the company's Authorized Service Provider (ASP) network. If you want to repair or rebuild portions of those devices on your own, you simply can't -- at least, according to this document. The parts affected, according to the document, are the display assembly, logic board, top case, and Touch ID board for the MacBook Pro, and the logic board and flash storage on the iMac Pro. It is also likely that logic board repairs on the new MacBook Air and Mac mini are affected, as well as the Mac mini's flash storage. Yet, the document, which is believed to have been distributed earlier this year, does not mention those products because they were unannounced at the time. Regardless, to replace those parts, a technician would need to run what's known as the AST 2 System Configuration suite, which Apple only distributes to Apple Stores and certified ASPs. So DIY shops and those out of the Apple network would be out of luck.

This discussion has been archived. No new comments can be posted.

Apple Confirms Its T2 Security Chip Blocks Some Third-Party Repairs of New Macs

Comments Filter:
  • by Anonymous Coward

    Stop with the T2 articles, shit

    • Why? Apple needs to be shamed as much as possible for its anti-owner/anti-consumer bullshit.
      • And abandoned as rapidly as possible like investors are doing with AAPL stock.

        • And abandoned as rapidly as possible like investors are doing with AAPL stock.

          It's the truth. Apple down another 1% today, and down 17% in the month.

  • I've often seen "secure enclave" spelled as "secure enslave." Now I know that wasn't a typo.

    Anyway, I'd have no problem with something like a boot warning of unauthorized repairs, but prohibiting owners from fixing their own fucking equipment stinks. Especially since there are parts of the world that can be a thousand miles and in a different country from the nearest Apple store.

    Sad how far Apple has fallen from being a company founded by hackers and geeks.

    • by Balial ( 39889 ) on Monday November 12, 2018 @05:16PM (#57633322) Homepage

      I'd have no problem with something like a boot warning of unauthorized repairs, but prohibiting owners from fixing their own fucking equipment stinks.

      Do you have a proposal for how to separate these two? What's to stop a malicious change from masking this boot warning? The security point of the T2 chip is well documented by Apple. The conspiracy theories are the same for the iPhone, though. Bottom line: You can't make a secure system if you allow random modifications. The tiny market share of people who are going to tweak their devices isn't worth forsaking real security for everyone else.

      • By the same token, one could install a counterfeit motherboard without the T2 chip that doesn't brick itself.
        • Came here to say, is it possible to replace the T2 with a 555 or something equally innocuous?

      • Just provide a tiny tiny switch that people who tweak their devices can turn off. Is it really that hard?

        • by Desler ( 1608317 )

          Or they can just ignore the complaints coming from a niche user group composed of a fraction of a fraction of a percent of all users?

          • The pesky smart people must be eradicated! The top technologically literate people must be sacrificed for the good of the average people! Itâ(TM)s the only route to profit! We must stop allowing the smartest of us to dictate the path forward. Our corporate masters are our only hope! The smart people must be rooted out wherever they congregate, let they fester like a boil and their knowledge spread! Join us, the many, the proud, the average consumer! Reject the pompous superiority of those who might
          • By the way, its that same fraction of a fraction that make the products and software you take such pride in purchasing. How quickly you want to toss them aside and ignore their complaints when you think thereâ(TM)s even a minor benefit to you. Or did you think it was the hot milf across the street churning out those cool IOS games that you just love to play? Go ahead and ignore them, though. Whatâ(TM)s the worst that could happen? Itâ(TM)s not like the average people couldnâ(TM)t do
          • by AC-x ( 735297 )

            Do only a fraction of a fraction of a percent of users ever need their "vintage" Apple hardware repaired?

        • Re:Secure enclave. (Score:5, Informative)

          by mellon ( 7048 ) on Monday November 12, 2018 @06:59PM (#57633974) Homepage

          Yes, it's really that hard. The T2 chip prevents the evil maid attack. Put a switch in, and you've re-enabled the evil maid attack. You can have protection from this attack, or you can have repairability. It's a crappy choice. If you prefer repairability, you have options.

          • by AmiMoJo ( 196126 )

            Other manufacturers manage to overcome this problem, and actually it's not hard. Laptops from companies like Lenovo and Dell have had the same level of resilience to the evil maid attack without locking out third party repairs. Replacing the secure memory won't help the evil maid, because that's where the encryption keys are stored so replacement means wiping the laptop's SSD which gives the game away and is easy to detect.

            Perhaps you can explain exactly what benefit the T2 chip has in this regard.

          • Protection does not require complete lockdown. Simply a warning that the maid was up to evil is enough. That way you have some form of protection and repairability at the same time.

            In other news my phone puts some red text on the top of my screen saying that Knox is disabled and that custom software is running on it. I'm okay with this.

            • by mellon ( 7048 )

              How do you differentiate between a legitimate repair and an evil maid "repair"?

              That you are okay with this and want devices that prefer repairability to security means that you aren't the customer Apple is targeting with this marketing campaign.

              • How do you differentiate between a legitimate repair and an evil maid "repair"?

                Ask Apple. They seem to be doing just that. But you fundamentally miss my point. You don't have a loss of security in this regard. Just because you're not locked out of the system doesn't mean security is lower. All that needs to happen is that you be made aware that your device has been tampered with.

                Your firewall also doesn't set fire to your building everytime a sketchy looking packet comes through. At least I hope not, as amusing as that would be.

      • The tiny market share of people who are going to tweak their devices isn't worth forsaking real security for everyone else.

        1. tiny market for after-market parts?
        2. Apple totally did this for end-user's security. definitely. Absolutely no other possible ulterior motive.

        • by Desler ( 1608317 )

          If the market is so tiny why would Apple spend 100s of millions on some unproven conspiracy?

          • Dude! Do we try to shit on your purchased identity? Do you know how fucking hard it is to cultivate a talent? Days! Months! Years even!

            Fuck that!

            Squarely in they brown eye at that!

            Imma buy me an iThing then go around saying things like âoeDonâ(TM)t buy it if you canâ(TM)t afford it, thenâ.

            Cause I ainâ(TM)t no poor person, and ishit is how I tell certain people that Iâ(TM)m better than they are. Not to mention, it kicks up the ole self-esteem a notch or two, cause betwee

        • by mellon ( 7048 )

          It doesn't have to be one or the other, you know. Yes, this works out well for Apple. If you have a problem with that, you either have to give up on that security feature, or get some new regulations passed (good luck with that!) that constrain the markup companies are allowed to charge for doing repairs, such that you stop feeling like it's a problem that you can't get an aftermarket repair.

      • by AHuxley ( 892839 )
        Real security like PRISM was supported?
      • Yes. Oh yes. The smartest users must be sacrificed for the average users. They just must be. Only people who will make tomorrowâ(TM)s technology would dare do more than the average soccer mom with their machines, and they therefore must be stopped for the good of Corp ... I mean the people. The good and wholesome average people. Idiocracy wonâ(TM)t be so bad, youâ(TM)ll see. The corporate masters will take good care of us, while those pesky top one percenters will make license plates in th
        • by Balial ( 39889 )

          I think you're confusing the smartest users with the users that claim they're the smartest. The smartest users understand it just fine.

    • Welcome to John Deere (dealer only service)

      Now will the EU or Australia do something?

  • by Anonymous Coward

    So, you might go to a third party repair shop that winds up (innocently or maliciously) installing a replacement component that was built in China and has a spy chip in it that sends your data back to the Chinese government.....and this chip can help block it.

    On the other hand, such a requirement produces lock-in which keeps your prices high and prevents open competition for services, which is bad for you and the market.

    And anyway the trust issue is kind of moot because Apple might be inserting their own sp

    • There's a happy middle ground -- warn about "un-blessed" hardware, don't brick computers because of it. A Big Red Banner on boot and maybe an audio warning would be sufficient.
      • Except that years and years of showing users warnings have simply coditioned them to ignore said warning and click through them.

        • Depends on the type of warning. If most people got their computer back from repair and it flashed a red, 10-second-long message in several languages that "This hardware has been compromised with unauthorized components," I suspect they'd listen. Make it annoying with a loud beep or the car-crash sound from old Mac system-failure messages, and keep it up there for 10 seconds without ability to click through.

          Far better than turning hardware people OWN into a brick or holding it hostage.

      • by Desler ( 1608317 )

        There's a happy middle ground -- warn about "un-blessed" hardware, don't brick computers because of it. A Big Red Banner on boot and maybe an audio warning would be sufficient.

        People Ignore Software Security Warnings Up To 90% of the Time, Says Study [slashdot.org]

    • by AHuxley ( 892839 )
      vs the approved PRISM connection?
  • News for nerds (Score:5, Insightful)

    by taskiss ( 94652 ) on Monday November 12, 2018 @05:17PM (#57633328)

    "...the T2 chip could render a computer inoperable..." and it went on from there. The hinge of this whole story rests on a "could". Twist the hinge one way, there is no story, the other way, and ... well ... you get this flame bait

    You know, stuff that matters.

    • by Anonymous Coward

      ...the T2 chip could render a computer inoperable...

      And here I thought that was IOS's job.

    • "...the T2 chip could render a computer inoperable..." and it went on from there. The hinge of this whole story rests on a "could". Twist the hinge one way, there is no story, the other way, and ... well ... you get this flame bait

      I disagree. There is a story here, though it's one without a clear villain, which slashdot will find uncomfortable.

      It is a problem if third-party repair services are effectively blocked. As another commenter points out, it may even be illegal. However, I also see Apple's point. When you're trying to secure a device against hardware attack, the integrity of the components is critical, as is the ability to transmit data between them securely. Since it's all but impossible to keep the various communication

      • by AmiMoJo ( 196126 )

        When you're trying to secure a device against hardware attack, the integrity of the components is critical

        If you are relying on the integrity of components then you are doing it wrong and are completely screwed anyway.

        The scenario you describe where the attacker replaces components in the machine is both far fetched and wouldn't be prevented by the T2 chip, because they could simply replace the T2 chip itself as well. EM sniffing is movie plot stuff - you would have to get the probes in the machine while the victim is authenticating themselves, good luck with that.

        Other manufacturers produce secure machines, ce

    • every had a cart that wouldn't play? Ever blow on the cart? That didn't help. What _would_ help is cutting the pin to the lockout chip to by pass Nintendo's DRM. See, what was happening is that not all the pins were making good contact, but most of the time you didn't _need_ perfect contact, except for that darn lockout chip. That thing was sensitive. It had to be or it'd be easy to bypass.

      I don't want DRM in my products because not only does it mean the device isn't really mine but it means I've got on
      • What kind of bad DRM could be bypassed by disconnecting a single pin?
        • by _merlin ( 160982 )

          The protection MCU on the console mainboard would hold the CPU in reset if it couldn't conduct the "magic handshake" with the corresponding MCU in the cartridge. If you disconnected the line from the protection MCU output to the CPU's reset input, it would defeat the protection for the most part.

    • by cyn1c77 ( 928549 )

      "...the T2 chip could render a computer inoperable..." and it went on from there. The hinge of this whole story rests on a "could". Twist the hinge one way, there is no story, the other way, and ... well ... you get this flame bait

      You know, stuff that matters.

      You're right. This is fear mongering. There is no way Apple would ever try to block users from modifying their hardware with third-party components.

      • Why donâ(TM)t you people feel like you deserve Appleâ(TM)s love?

        Maybe itâ(TM)s because you donâ(TM)t.

        Some of you replace you iDevices every 2 years, and not the recommended every 3 months.

        Face it, you donâ(TM)t deserve to be able to repair your own devices. If you cared about Apple, youâ(TM)d simply replace them.

        But no, youâ(TM)re all special. Itâ(TM)s YOUR device because YOU paid for it and YOU want to repair it ... you you you you you.

        You disgust me. Th

    • by AmiMoJo ( 196126 )

      Apple has already blocked the installation of Linux by having the T2 chip disable all internal storage when you try. They have form with repairs too, such as the 3rd party iPhone home button/fingerprint scanners being rejected. Even the last MacBook Pro they released removed the data recovery header so that if the mobo dies you can't get anything off the soldered-down SSD any more.

      There is a clear pattern here. Apple has always hated third party repairs, or giving users control of their computers and phones

      • Apple has already blocked the installation of Linux by having the T2 chip disable all internal storage when you try.

        Don't install to the internal storage. Thunderbolt is plenty fast enough to host an external bootable drive. Set the external to target mode and you're off to the races.

  • Can't wait for "Apple T3: Rise of the Machinations" and "Apple Sustentation"

  • by Anonymous Coward

    Having gone through the age of build-it-yourself computers, all I can say is WHO CARES??? I don't remember the last time I opened any of my old computers to change anything. All I see here is Windows people complaining about Apple computers they'd never even buy. PHHHHIIITT!!

    • by AHuxley ( 892839 )
      Say a user adds more unapproved RAM?
      RAM that did not get a code entered to approve it.
      That "changes" their computer and any approved backups.
      No more data to read from the computer. No more external backup.
  • by Anonymous Coward

    I 100% understand the "but we cannot repair it" factor.

    I also very much like they "they cannot hack it factor" too ... and yes, for specific devices until there is a method to keep the "feds" out, this to me an acceptable means of securing a device: no "skimmers" inserted into the print reader, no rogue devices onboarded elsewhere, and hopefully the memory/storage are protected to where they cannot be simply slipped onto another device for reading/decrypting too. (Sad, but this is how little I trust.)

  • by Anonymous Coward

    Sort of what Apple has always pushed for and if you don't like it, don't buy Apple products. They have always been a bit snobbish about their stuff. Obviously people don't remember the Power PC chip era for Apple, talk about locked down hardware.

  • My next laptop is not going to be a mac any more. I need unixy behaviour, so a mac was fine. I like using my 2013 mac book pro. But being locked out of third party repair is a major detractment. So my next laptop will be a PC laptop running Linux.

  • Stop buying Apple (Score:3, Interesting)

    by Anonymous Coward on Monday November 12, 2018 @05:42PM (#57633512)

    The hardware quality advantage of MacBooks is long gone. OS X has become a pile of iCloud infested junk. There is simply no reason to buy an Apple product anymore. They've abandoned the power user and no longer innovate. The only thing they can do is build lock-in devices to try to keep customers on their stagnant technology.

    I was using Mac laptops since the PowerPC days. I finally gave up and built myself a Linux laptop. Do I miss a few OS X specific apps? Yes. Am I glad to be off Apple's lock-in ecosystem: Hell yes. Even though I had backups I wanted to get the last day's work off my dead MacBook pro. Not so easy when the SSD is soldered to the motherboard. Thanks Apple for starting that trend.

  • This sounds like all the fears of Palladium come true.
  • by kerashi ( 917149 ) on Monday November 12, 2018 @05:44PM (#57633524)

    Where I live, there isn't a repair shop within 100 miles, here in northeast Arkansas. I could never recommend a Mac to anyone I know, even someone heavily invested in the Apple ecosystem, because of this. It's the same story with their phones. Both of my parents have iPhones, and without an authorized repair shop anywhere nearby, not even within a 100 mile radius, I can't get them fixed without shipping them off somewhere, and being without the device for God knows how long. Meanwhile, there's an independent repair shop that will happily repair my Android phone same day within 10 miles.

    Simple fact is, computers break eventually. Nothing runs forever. Apple's insistence that we use their repair shops, which for me might as well be on the moon, is just crazy. If you can't get the thing fixed when something goes wrong, be it a cracked screen or bad keyboard or whatever, it's just disposable. And Apple products are just too expensive to be disposable.

  • by coats ( 1068 ) on Monday November 12, 2018 @05:58PM (#57633614) Homepage
    This violates Federal Law, in particular the Magnussen-Moss Act (15 USC 2302(c)) requirement that says warrantors cannot require that only branded parts be used with the product in order to retain the warranty.
    • This violates Federal Law, in particular the Magnussen-Moss Act (15 USC 2302(c)) requirement that says warrantors cannot require that only branded parts be used with the product in order to retain the warranty.

      If that is true then Apple needs to be taken to court and I want to hear them make their case.

      I don't know if Apple would win but I can imagine how the case would go. The issue would come down to keeping user data secure, much like we've seen in cases where the government has asked Apple to break their own encryption for the purposes of gaining data for a criminal investigation. They would likely argue that a third party repair is possible but it would not allow for the recovery of any data. If you want

      • by cyn1c77 ( 928549 )

        Take your pick. Do you want to be able to upgrade the SSD in the future on your Apple computer, or do you want that SSD secured from someone reading it without your permission? If you can find a way to eat your cake and have it too then I'd like to hear it.

        What are you talking about?

        Self-encrypting SSDs with standardized connectors have existed for years. You just take the drive out when you send it in for repair.

        Apple is just being difficult because they want you to buy their hardware. The solder in their RAM, use special dongles and drop headphone jacks for the same reason.

        • Apple is just being difficult because they want you to buy their hardware. The solder in their RAM, use special dongles and drop headphone jacks for the same reason.

          How do any of those things encourage one to buy their hardware? BTW, there's nothing special about the dongle, nor is dropping the decades old headphone jack unique to Apple.

    • by AmiMoJo ( 196126 )

      The warranty will be intact, it just won't work any more. The law needs to catch up, like the GPL did many years ago with V3 that blocked Tivoization and other technical means of taking away your rights.

      Same with DRM. You still have your first sale doctrine right to sell it second hand, it just won't be worth anything because DRM bricks it as soon as you do.

  • Looks like you can still replace that. Looks like Apple messed up there.

    • by Bert64 ( 520050 )

      The power supply has actually gone the other way, instead of a proprietary apple power supply it now uses standard USB-C. Hopefully the days of each laptop having its own non standard power supply are numbered and i can keep several USB-C at home and office.

  • Just think of this with tim cooks face and the word NON APPLE HARDWARE no mac os for you.

    https://giphy.com/gifs/no-jura... [giphy.com]

  • Just another reason to buy elsewhere. Apple was never great at debugging but it's progressed to downright awful. Any luck with that overheating wireless charger?

  • When they call the motherboard "logic board".
  • That T2 chip seems to have a strange effect on my Credit Card anytime I try to purchase an Apple product with such hardware installed.

    Guess I'll have to go buy something else . . . . . .

  • by Anonymous Coward

    The odds of someone that has the slightest idea what they are doing also buying a Mac seems very remote.
    For the old people and tech-ignorant that buy these devices, it won't make the slightest difference.
    This will only prevent 3rd party shops from working on Apple hardware.
    Let the fools and their money part.

  • After they where hiding the iGPU from my 15" late-2013 rMBP: https://www.youtube.com/watch?... [youtube.com] us another proprietary SSD connector every model year (well when they actually updated something): https://www.youtube.com/watch?... [youtube.com] and literally each and every MacBook MacSafe charger has blown up and failed on me in the meantime: https://www.youtube.com/watch?... [youtube.com] I'm out of purchasing new Apple hardware. Thanks god I maintain my #t2sde Linux (https://t2sde.org) and can just switch to amazing AMD ThinkPads ;-) h [youtube.com]
  • forget about the poor 3rd party repair services, this is about you, the customer.
    the T2 chip is pure evil, it prevents to use of other OS's, it prevents self-repair (or any repair not by apple).
    this is all about locking the customer.

    ofcourse, Apple customers probably don't even care.

  • by Anonymous Coward

    I stopped buying Sony equipment when they started putting viruses on their DVD's. You've all bitched and moaned to Apple, and in response, they spit on you and called you suckers. WALK AWAY! Spend your money elsewhere.

  • There's one way to correct this. Hit Apple where it counts, in the pocketbook. I did. I was tired of the hobbled IOMMU in my late 2013 MacPro Desktop.
    I replaced it with a Haydes NUC Canyon. It is fast! I've got Bionic Beaver running, I built a hackintosh using an AMD eGPU (the onboard VEGA Mwasn't supported yet) Installed the egpu Wrangler hack and popped my GTX970 in my Akitio Node (Replaced the low end AMD GPU card that I initially used for the hackintosh build). Now I have Linux, MacOS, an

  • We're probably going to buy the Mac mini i5 anyway, to replace my wife's 2008 iMac, with a game plan to run it into the ground for another eight to ten years.

    Personally, I don't see the repairability problem. Unless we go crazy writing to the internal storage (unlikely), there's very little to break on this system. Everything but two memory sticks is soldered down. The vast majority of peripherals are tangled up a giant dongle mess behind the cute little box. Those will break and can be unplugged.

    Apart from

Let's organize this thing and take all the fun out of it.

Working...