In the Apple ecosystem, security has always been a priority. Apple now announces the availability of the iMac Pro with the T2 chip, which will further increase the security of the device.
Apple confirmed that iMac Pro is equipped with a custom T2 chip to enhance the level of security and integrity. The chip is second-generation silicon, building upon the T1 chip in the latest MacBook Pro with the Touch Bar that authenticates and secures Touch ID and Apple Pay respectively.
Several separate components, including System Management Controller, Image Signal Processor, Audio Controller and Solid State Drive Controller (SSD), have been integrated into the T2 chip to manage the advanced features of iMac Pro. For example, Apple has said that the T2 chip image processor is working with the FaceTime camera to enhance the tone mapping, improved exposure control, and face detection-based auto exposure and auto white balance.
The T2 chip also has a range of security-enhanced CPUs, which will make it safer than Apple’s Premier Edition using the new encrypted storage and secure boot capabilities. In the following, you can read the statements of Cabel Sasser, the founder of the Panic Software Company, about the new capabilities of iMac Pro.
④ New Chip. This seems big. The iMac Pro features new apple custom silicon: the T2 chip. It integrates previously discrete components, like the SMC, ISP for the camera, audio control, SSD control… plus a secure enclave, and a hardware encryption engine.
— Cabel Sasser (@cabel) December 12, 2017
In this case, the data in the SSD storage will be encrypted using dedicated AES hardware without any negative effect on its performance. In this case, it will not be necessary to perform computational security tasks in the Intel Centrino processor. Safe boot also ensures that the lowest levels of software security are not tampered with and downloads Apple’s approved operating system software when the computer is up.
The existence of this new chip means that the encryption keys are transferred from the secured encryption to the T2 tray hardware encryption engine. Therefore, encryption keys will never leave the chip. This allows for the approval of the operating system, kernel, boot loader, firmware, etc for hardware.
In the screenshot below, you can see the operating system startup security tool provided by the T2 chip. These settings indicate that users can activate the password to prevent the execution and upgrade of iMac Pro via a hard disk, CD-ROM or a password-free DVD.
In addition, as you can see, there are 3 options for boot safely and two options to boot or boot the iMac Pro via external storage media such as USB and Thunderbolt. The three options are as follows:
- Full Security: Enables you to run the most up-to-date and secure version of the software. Apple said it would require an Internet connection when installing software.
- Medium security: This boot option requires software that has the ability to verify and does not need to be up-to-date.
- No security: Allows free download of firmware to iMac Pro.
Apple’s iMac Pro can now be customized for users in the US with a hardware configuration of 8 to 18 cores at $4999 to $1,31399. Of course, models 14 and 18 will not be sold until 6 to 8 weeks.
How do you assess Apple’s new features and security level? Do you think Apple has the safest ecosystem? If your answer is yes, what is the reason?