Apple proudly advertises that its latest and greatest Mac models come with a T2 security chip, but what does it do? And, more importantly, does a T2 chip create more problems than it solves?
What Is a T2 Security Chip?
The T2 is Apple’s second-generation “security chip.” It combines several hardware controllers into a custom piece of silicon. Such chips have been commonplace in smartphones for some time. However, the T2 isn’t just there for security purposes—it can make a big difference in terms of overall performance, too.
So, why is it called a security chip? The main reason is the T2 is responsible for a secure boot. It validates the entire boot process, from the second you press power to the moment your macOS desktop is displayed onscreen. In short, it verifies that the bootloader and operating system are signed and approved by Apple, and that only approved drives are used to launch your OS.
This prevents unsigned software from running at startup, which might be a problem if you occasionally boot to Linux. However, this is also how the chip protects your system; it prevents a third-party from booting an unsigned operating system and attempting to access to your data.
The T2 is also responsible for all encryption on the drive. Previously, this was handled by the CPU. By moving the process to a custom chip, performance is improved across the board, as it gives the CPU more resources.
Both the MacBook Pro and MacBook Air have Touch ID fingerprint scanners for logging in and approving admin-level requests. The T2 chip houses the secure enclave in which your fingerprint data can be safely stored. Any verification requests—even those for third-party applications—are handled entirely by the chip.
This means that apps never see or have access to fingerprint data, which is how Face and Touch ID are handled on the iPhone and iPad. Software first requests verification and the T2 chip checks the fingerprint against the one stored in the secure enclave. The software is then notified of the result.
What Else Does the Security Chip Do?
While its primary function is rooted in device security and encryption, the T2 does a few other things, too. For example, it takes over the System Management Controller functionality present on older Macs. This controller manages behaviors relating to power, battery and charging, fan speed, and internal sensors.
Apple has also handed audio processing duty to the T2 chip, promising an increase in sound quality across the board. The latest MacBook Pro sounds great, but how much the T2 contributes to this is up for debate. It handles both audio in- and output and automatically shuts off the microphone in your MacBook whenever you close the lid.
The T2 is also an image signal processor, which converts the raw data received by a camera into the image you see onscreen. Apple promises “enhanced tone mapping, improved exposure control, and face-detection–based autoexposure and auto white balance” just like the iPhone.
One feature Apple doesn’t advertise is improved video rendering times. During a set of independent tests, Apple Insider found the same render job on an older iMac that lacks a T2 chip (but shares the same CPU) took around twice as long.
Which Apple Computers Have the Security Chip?
It’s likely that Apple will eventually put the T2 (or its successor) in all Mac models. As of June 2020, the following Macs have the T2 chip:
- MacBook Air (2018 or later)
- MacBook Pro (2018 or later)
- Mac mini (2018 or later)
- Mac Pro (2019 or later)
- iMac Pro
Issues Linked to the Security Chip
While the T2 is there to protect your system and improve performance, it’s not all good news. Apple confirmed the T2 chip also blocks some third-party repairs. Unsurprisingly, this continues to stir up controversy among consumers who want to be able to repair their own devices—something the company has long been opposed to.
This means some components, like the logic board (motherboard) and Touch ID sensor, require a certain software diagnostic to be run for the computer to function normally after repair. This forces customers to either have any repairs done at an Apple Store or via a third-party Authorized Service Provider.
The Security Chip also caused an audio glitching issue on some 2018 models when using USB 2.0 audio interfaces. The macOS Mojave 10.14.4 update appears to have addressed these, although some still report problems. The issue doesn’t appear to affect devices using USB 3.0 or above.
Again, the T2’s central purpose is protecting the boot process by only allowing certain software to run. This means installing another operating system, like Windows, or running Linux from a live USB stick requires intervention.
Fortunately, you can simply press and hold Command+R while your Mac starts up to launch the “Startup Security Utility.” This pre-boot utility allows you to disable Secure Boot by choosing “No Security,” so any operating system will run. You’ll also need to choose “Allow booting from external media” if you’re using a USB stick to boot your OS. Click “Turn on Firmware Password” if you want to password-protect your decision.
Is the Security Chip Here to Stay?
The functionality provided by the T2 chip is likely something Apple’s keen to hold on to. In the short-term, we might see a “T3” revision, as the silicon is iterated upon in future models.
However, it’s been heavily rumored that Apple is shifting its Mac range to custom ARM-based processors, like those in the iPhone and iPad. At present, the T2 is a custom chip that sits alongside the Intel CPUs the company has used for over a decade.
If Apple was to go the custom silicon route, it might decide to build T2 functionality directly into the system-on-chip. So, while we wouldn’t have a separate T2 chip, the component would still be present and perform the same tasks in all but name.
The Security Chip is merely the next step in Apple’s bid to further secure macOS. It arrived alongside macOS Catalina, which introduced a suite of new security features in the fall of 2019.