قالب وردپرس درنا توس
Home / Mac / living with the T2 chip – The Eclectic Light Company

living with the T2 chip – The Eclectic Light Company



Six months ago, the chances of getting a new Mac with a T2 chip were smart: only if you handed over a great deal of money for an iMac Pro would you get one. Now, most New Macs come equipped with a T2 – MacBook Air, MacBook Pro with Touch Bar, Mac Mini, and of course the iMac Pro. This article looks at some of the most obvious changes that you will notice when you start using your new Mac with its T2 chip.

The most obvious thing is that you will not see any difference. There's no splash screen to say that your Mac has a T2, and in normal use there's nothing noticeably different.

Recovery mode

On many Macs with Startup in Recovery mode, try installing Linux using Boot Camp, or try starting up from an external drive, and the T2 will make its presence. T2 chips, entering Recovery mode is much slower. Unless you're using the built-in keyboard of a laptop model, you'll almost certainly have to connect your wireless keyboard to your Mac using its charging lead, so that it is available via USB rather than Bluetooth.

The newest option, the T2-specific Startup Security Utility is not shown in those options. Then you'll probably be holding Command-R forever before your Mac finally displays the default options for recovery. , but is opened from the menubar.

 t2recovery01 "srcset =" https://eclecticlightdotcom.files.wordpress.com/2018/11/t2recovery01.jpg?w=940 940w, https: / /eclecticlightdotcom.files.wordpress.com/2018/11/t2recovery01.jpg?w=150 150w, https://eclecticlightdotcom.files.wordpress.com/2018/11/t2recovery01.jpg?w=300 300w, https: / /eclecticlightdotcom.files.wordpress.com/2018/11/t2recovery01.jpg?w=768 768w, https://eclecticlightdotcom.files.wordpress.com/2018/11/t2recovery01.jpg 994w "sizes =" (max-width : 940px) 100vw, 940px "/> </span> </p>
<p> You will then be warned that you have to authenticate to access it. </p>
<p> <span class=  t2recovery02" srcset = "https: // eclecticlightdotcom. files.wordpress.com/2018/11/t2recovery02.jpg?w=9 40 940w, https://eclecticlightdotcom.files.wordpress.com/2018/11/t2recovery02.jpg?w=150 150w, https://eclecticlightdotcom.files.wordpress.com/2018/11/t2recovery02.jpg?w= 300 300w, https://eclecticlightdotcom.files.wordpress.com/2018/11/t2recovery02.jpg?w=768 768w, https://eclecticlightdotcom.files.wordpress.com/2018/11/t2recovery02.jpg?w= 1024 1024w, https://eclecticlightdotcom.files.wordpress.com/2018/11/t2recovery02.jpg 1339w "sizes =" (max-width: 940px) 100vw, 940px "/> </span> </p>
<p> That means entering your normal primary administrator's user name and password. </p><div><script async src=

 t2recovery03 "srcset =" https://eclecticlightdotcom.files.wordpress.com/2018/11/t2recovery03.jpg?w=940 940w, https: / /eclecticlightdotcom.files.wordpress.com/2018/11/t2recovery03.jpg?w=150 150w, https://eclecticlightdotcom.files.wordpress.com/2018/11/t2recovery03.jpg?w=300 300w, https: / /eclecticlightdotcom.files.wordpress.com/2018/11/t2recovery03.jpg?w=768 768w, https: //eclecticlightdotcom.files.w ordpress.com/2018/11/t2recovery03.jpg?w=1024 1024w, https://eclecticlightdotcom.files.wordpress.com/2018/11/t2recovery03.jpg 1309w "sizes =" (max-width: 940px) 100vw, 940px "/> </span> </p>
<p> <strong> Disk Encryption </strong> </p>
<p> By default, even if you did not opt ​​for your startup disk to be encrypted using FileVault when you first set your new Mac up, your startup disk will still be encrypted by the T2, and your Mac will be put into <strong> Full Security </strong> mode, with boot from external media disabled. </p>
<p> This may seem strange, but it does not seem possible to get a Mac with a T2 chip to boot from an unencrypted internal drive: that disk will always be encrypted, no matter whether you turn FileVault 'off' or on. Het verschil is dat u ervoor wilt kiezen om FileVault te beëindigen, de encryptie zal alleen worden geopend met behulp van de interne hardware UID (in de T2's Secure Enclave), en zal uw paswoord niet verder gebruiken. </p>
<p> Wanneer you're setting up a new MacBook Air or MacBook Pro with a T2, you're almost certainly going to enable FileVault anyway, and would be well advised to. Det vil gi maksimal beskyttelse til hele innholdet av din interne lagring, selv om noen prøver å fjerne sin drive – noe som ikke er så enkelt nu, da så mange interne SSD'er er lodret i stedet for socketed. </p>
<p> With FileVault ' off ', your Mac does behave differently. Noen som har adgang til et andet brugerkonto på den Mac, trenger ikke da å taste inn det primære passord for å få tilgang til det krypterede interne drev, da det automatisk udføres af T2. Dus de Mac is niet zo veilig als met FileVault turned on. (With FileVault turned on, kunt u ervoor kiezen om andere gebruikers van uw Mac te ontgrendelen met hun eigen wachtwoord, eerder dan de master en dit is ingesteld als de standaardgedrag wanneer u FileVault hebt ingeschakeld.) Men den interne opbevaring er still inaccessible without its T2 chip. </p>
<p> The wonderful thing about FileVault with a T2 is that it does not require any further encryption: it's instant, because all it involves is the T2 shuffling some keys. </p>
<p> <strong> Secure boot </strong> </p>
<p> The other options in the <strong> </p>
<p> <strong> If you are unsure whether to go the whole hog and enable FileVault when setting up, there is no penalty for changing your mind. Startup Security Utility </strong> are thankfully more straightforward. If you want to start up from different versions of macOS, you will not want the <strong> Full Security </strong> option, but probably Medium instead, maybe allowing boot from external media too. </p><div><script async src=

If you want to run Windows using Boot Camp, you can do that under Full Security provided that you use the latest version of Boot Camp Assistant to set it up. This allows the T2 to trust Microsoft's signed code during startup, and enter Windows properly.

Unfortunately, this is not the case for Linux and other operating systems that you may want to install in a Boot Camp partition or an external drive. When things go wrong Off, into No Security and if necessary allow boot from external media.

 <strong> </p>
<p> So what happens if something goes wrong with Secure Boot when you've got <strong> Full Security </strong> turned on? How does your Mac start up? </p>
<p> The answer is in Recovery mode. It then automatically launches the Boot Recovery Assistant, which will first try to fix the problem, or then offer you various options as to how to proceed. <strong> Medium Security </strong>), for example. </p>
<p> You can still use your Mac's internal storage in <strong> Target Disk </strong> ] mode, for example as a Thunderbolt Target Disk when connected back-to-back with another Mac. Men, hvis du valgte to turn FileVault på, vil du måtte gi sitt passord. With FileVault 'off', the T2 chip should handle that itself. </p><div><script async src=

When disaster strikes a Mac with a T2 chip, it can be more serious than without one. If your T2 chip dies, it takes with it its Secure Enclave, and all hope of recovering the disk (s) it has encrypted. Dette gjør det enda vigtigere at du har gode backup til en ekstern disk. With or without FileVault enabled, you should consider encrypting that backup using FileVault.

The time is that, a Time Machine backup volume must be in HFS + and can not use APFS encryption. If you start making backups to an unencrypted volume, Time Machine will warn you that you are backing up encrypted data to an unencrypted backup, and offer FileVault for you.

Laptops

When Ved hjelp av en MacBook Pro med en Touch Bar, kan du selvfølgelig bruke Touch ID, som også fungerer på samme måde som iOS-enheter. As the T2 chip also has special image processing capabilities, there is speculation that Apple may add the option of Face ID in the future, which would of course be more widely applicable.

One final benefit worth noting is that the T2 disconnects your Mac's microphone in hardware when a laptop's member is closed. As a member closure also physically obstructs the camera, this prevents software from eavesdropping when a MacBook Pro or Air is shut.

Reference

Apple's full reference to the T2 is here.


Source link