I know I trust Apple[1] and all that but I (tin-foil hats on) don't like the system on a system stuff going on. I don't like closed systems that I have no oversight into, into what they might be logging, etc. The industry will likely follow Apple here and it's not too much of an issue given how low volume that iMac Pro is going to be but this could trickle down into macbooks and that'd be sketchy. I should just go hide in my bunker and build linux from scratch on a fully GNU open laptop -- alas that's not practical.<p>[1] more so than Google because Google uses my data and habits to sell me ads and sell that data to their customers, Apple wants to sell me gadgets and songs and movies, if that changes I'll drop Apple
if youd like to cut past the fanboy fluff...
<a href="https://en.wikipedia.org/wiki/Apple_mobile_application_processors#Apple_T2" rel="nofollow">https://en.wikipedia.org/wiki/Apple_mobile_application_proce...</a><p>The Apple T2 chip is a SoC from Apple mainly serving as a secure enclave for encrypted keys in the iMac Pro 2017. It gives users the ability to lock down the computer's boot process. It also handles system functions like the camera and audio control, and manages the solid-state drive.
> For security reasons, the T2 is the iMac Pro hardware’s “root of trust,” and it validates the entire boot process when the power comes on. The T2 starts up, checks things out, loads its bootloader, verifies that it’s legitimate and cryptographically signed by Apple, and then moves on to the next part of the boot process.<p>If they start putting this in every machine going forward I wonder if this will be the end of the hackintosh
This is slightly off-topic, but developments such as these really make me look forward to when Apple will finally get around to releasing their new Mac Pro (coyly quasi-announced as not being due for release in 2017, but in development supposedly for a late 2018 or early 2019). This kind of technology might not be revolutionary per se, but makes for a very solid technological basis to build a system on. If the Mac Pro turns out to be an iMac Pro divorced from the screen and with some internal expandability in a suitably fancy-looking case, I'll be very content.
Good to read something positive about CPU technology today :). Beyond the obvious improvements for securing the computer, it is very interesting to see how the T2 chip not only operates the camera but most of all also works as a hard disk controller. So the "CPU" of the computer might be Intel still, but it is a bit of a guest in a system that is in fact controlled by the T2 chip.<p>As the T2 seems to basically the iPhone CPU it also shows how great a hardware is in current phones now, if using that chip creates a faster flash memory controller for the biggest Intel CPUs.
So... I read the article and I still don't know what, exactly, is the T2 chip or what, exactly, makes it different from other ARM / Intel hybrids, other than several different ways of expressing "it's incredibly, totally great" and "Intel is untrustworthy, so let's trust Apple instead" and "this changes everything all over again".<p>(It doesn't, unless you arbitrarily consider small, incremental changes exclusive to Apple products as the opposite of small and incremental just because of the size of Apple.)
This just sound like the Intel Management Engine story waiting to happen again. A controller that handles camera, networking and is the "root of trust"? No thank you.
I find it interesting that Apple is back to high levels of customization in its PCs. If I'm remembering correctly, one of the big motivators to move to x86 was to be able to use more commodity stuff through out the system, rather than the all the custom work required to design PowerPC system. I recall initial speculation that Apple's x86 machines would be pretty much fully custom chipsets and designs that just happened to have an x86 CPU, but then when the release systems came out, they used Intel chipsets and were pretty ordinary from a PC hardware standpoint.
> For security reasons, the T2 is the iMac Pro hardware’s “root of trust,” and it validates the entire boot process when the power comes on. The T2 starts up, checks things out, loads its bootloader, verifies that it’s legitimate and cryptographically signed by Apple, and then moves on to the next part of the boot process.<p>How is this more secure from a locked down system using "standard" UEFI secure boot powered by any other TPM implementation?<p>I understand that this is not an in-depth technical analysis, mainly catering to the Mac-loving audience of the site and getting them to feel better about their platform of choice.<p>But I'd be interested to hear why I would trust this Apple T2 chip more than a workstation motherboard with a TPM on it, and secure boot on and loaded only with the keys of myself (in case I were to build my own kernel/bootloader and sign it) or a vendor I trust. I could be missing something, but the process outlined in the article sounds exactly like secure boot.
> <i>On most Macs, there are discrete controllers for audio, system management and disk drives. But the T2 handles all these taks. The T2 is responsible for controlling the iMac Pro’s stereo speakers, internal microphones, and dual cooling fans, all by itself.</i><p>Translation: T2 is a southbridge, but this time with a camera controller, and a TPM in addition to the normal disk, audio codec, peripheral bus, and GPIO functionality.
I am wondering on the cost benefits this has with Apple. While it is insignificant with the iMac Pro, it will be important once it is filter down to entry level.<p>Apple now basically have its own IP in everything. Instead of sourcing and paying IP or chips, they can now mix and match their own and build with TSMC. All with the help of iPhone's R&D. I am pretty sure the next one on the list is WiFi and Bluetooth.<p>This a potential saving of up to $50 in BOM cost. If you tell most PC vendor a extra $50 profits per machine they would have their eyes wide open.<p>This roughly translate to a $100 cheaper Retail pricing, but given it is Apple they will likely use this saving to put YET another silly features on the Macbook to sell it at the same price.
I'm glad they allow you to completely disable the "secure boot" functionality so that other OSes like Linux can be installed. Glad Apple didn't pull a Microsoft here. I would be delighted, however, if the secure boot functionality was programmable with custom certificates!
> This version requires a network connection when you attempt to install any OS software updates, because it needs to verify with Apple that the updates are legitimate.<p>They can't just verify the signatures?
I am surprised it has taken this long.<p>In the Marklar days, this was something we speculated about as a Clone-defeat mechanism. Essentially a hackintosh blocker.<p>I look forward to following the discoveries made in this subsystem.
What is old is new again:<p><a href="https://www.folklore.org/StoryView.py?story=Five_Different_Macs.txt" rel="nofollow">https://www.folklore.org/StoryView.py?story=Five_Different_M...</a>
> Before the iMac Pro was released, there was a lot of speculation that it was part of a trend toward creating a “hybrid Mac” that is driven by both an Intel processor and an Apple-designed ARM chip like those found in other Apple devices. The iMac Pro is definitely a hybrid of a sort, but probably not the one people were expecting.<p>Not the thing people were expecting, but still, does anyone know if the T2 is based around one of Apple's ARM cores?
Apple has basically replaced the SMC architecture with a new architecture that is the equivalent of an Apple watch. From an integration perspective, it makes sense. Apple no longer has to source an SMC/arm chip from another supplier, they use their own.<p>All Mac users have at some point had to reset the SMC on a Mac. The MacWorld comment that the iMac pro because of the T2 chip is unlike another Mac, is only half the story. The Functionality that was handled by the SMC (which was an arm based architecture), is now handled by a more beefier arm chip T2.<p>It's a cost savings for Apple, and allows for more advanced functionality. In the Interim , the T2 is doing exactly what the SMC used to do.
Slightly OT, Apple really needs to release a Macbook Pro or two with beefy video cards -- it's becoming nearly untenable to develop games or for AR/VR with their latest hardware. Their Intel-integrated cards are not up to the task.
Where is the disk key? Is it stored in the main board, or in the flash disk itself? E.g. if you have to replace the motherboard, do you lose the data, or because of being in the flash disk it is OK? BTW, if being in the flash disk, how secure it is the key handling?
When all eyes are now looking to the future of branch prediction, this launch will be a bit obfuscated. Does the Intel Xeon inside the iMac Pro also vulnerable? If so, the impact of the T2 will not get attention as it should.
>The T2 is responsible for controlling the iMac Pro’s stereo speakers, internal microphones, and dual cooling fans, all by itself.<p>So it's just a fancy Super I/O chip
"The iMac Pro isn’t running iOS apps"<p>I always find this kind of remarks funny because iOS is essentially a specialised strip down version of MacOS. So basically any accusation of MacOS copying iOS , however exaggerated, is an accusation that MacOS is copying itself.
> Every bit of data stored on an iMac Pro’s SSD is encrypted on the fly by the T2, so that if a nefarious person tried to pull out the storage chips and read them later, they’d be out of luck.<p>What. The. Fuck. How am I supposed to recover my data e.g. if the mainboard gets fried or the machine has to go to service?! With a SATA or NVMe SSD I can plug them into another computer and either keep going (for Linux and macOS, only Windows is a different beast...) or dump the data to somehere safe. With this, Apple forces me to rely on TimeMachine working - which is not a bad idea in itself, but not cool that this is not widely announced on the product page: "BACK UP THE DATA YOURSELF OR IT WILL GET LOST IF ANYTHING GETS SCREWED UP".<p>There's already FileVault for encryption (or LUKS, VeraCrypt and Bitlocker), and in addition some SSDs (and iirc also some expensive HDDs) implement native on disk encryption via standardized SATA commands so one has encrypted storage but still portability (and for native disk encryption, no loss due to CPU-level encryption!).<p>Another reason to not buy anything modern from Apple. If one single problem happens to your modern work machine you're straight out f...ed.