Winomg

Apple’s T2 Security Chip. Image via WikiBlog.info

Apr 23, 2019  Internet/Network Recovery of El Capitan or Later on a Clean Disk If possible back up your files before proceeding. Restart the computer. Immediately after the chime hold down the (Command-Option-Shift-R) keys until a globe appears.; The Utility Menu will appear in from 5-20 minutes. Nov 23, 2018  Macs equipped with a T2 chip necessarily encrypt the contents of their internal storage, and protect the encryption key in their Secure Enclave. Replace the logic board, so your Mac gets a new T2, or replace the internal SSD, and you lose access to everything stored there. This article looks at how this affects the risks of being a Mac user.

Apple’s newest Macs have a new Apple-designed chip in them — the T2 Security Chip — that integrates several other controllers on Macs (System Management Controller, image signal processor, audio controller and SSD controller) into one chip. These Macs include the iMac Pro (2017 and later) and Mac mini, MacBook Air and MacBook Pro models shipped in 2018. Working with a new app known as the Startup Security Utility, the T2 chip provides features that make these Macs more secure, but can also make them unable to boot from an external drive. In this article, we’ll talk about the new security features and how to re-enable booting from an external drive.

What Are The New Security Features Provided By the Apple T2 Security Chip?
The T2 Security Chip and Startup Security Utility work in tandem to provide three features that keep your Mac from being accessed by an unauthorized party. Those features are:

1 – Firmware Password Protection

This feature prevents anyone who does not know the firmware password from starting the Mac up from a disk other than your designated startup disk. This keeps someone from plugging an external drive into your Mac and selecting that drive as the startup drive, then accessing the main drive to steal data.

2 – Secure Boot

Secure boot makes sure that the Mac is only able to boot from a legitimate, trusted Mac operating system or Microsoft Windows operating system (under Boot Camp).

3 – External Boot

By default, the T2 chip disallows booting from any external media. This can be changed in the Startup Security Utility.

Where Do I Find The Startup Security Utility?
To open the Startup Security Utility, you must boot your Mac in Recovery Mode. To do this:

1) Turn on your Mac, and immediately press and hold Command (⌘) -R after you see the Apple logo.

2) Booting in Recovery Mode, the next thing you’ll see is the macOS Utilities window. Select Utilities > Startup Security Utility from the menu bar.

3) You’ll be asked to authenticate; click Enter macOS Password, then enter the name and password for an administrator account.

The Startup Security Utility screen appears (see screenshot below):

How Do I Set a Firmware Password?
You can set a firmware password to keep anyone without that password from starting up from a disk other than your designated startup disk. Click Turn On Firmware Password, enter the password in the two fields provided, and then click Set Password. Remember this password — if you forget it, you’ll need to schedule an in-person service appointment with an Apple Store or Apple Authorized Service Provider, bring your Mac to the appointment, and also supply an original receipt or invoice as proof of purchase.

Disable T2 Chip

How Do I Enable Secure Boot?
The three settings available for Secure Boot are Full Security, Medium Security and No Security.

Full Security
Full Security provides the same level of security as iOS devices, and it is the default setting for Secure Boot. As the Mac starts up, it verifies the integrity of the operating system on the startup disk to ensure that it is legitimate. If the OS is either unknown or not verified as legitimate, the Mac connects to Apple to download the information it needs to verify the OS. That information is unique to each Mac and is used to make sure that the Mac is starting up from an OS that is trusted by Apple.

An internet connection is required for verification of an unknown or non-legitimate operating system, so make sure that the Mac is connected to a Wi-Fi network or Ethernet.

If the operating system doesn’t pass verification, the following happens:

macOS: The system alerts you that a software update is required to use the startup disk. Clicking Update opens the macOS installer, which can then be used to reinstall macOS on the startup disk. The other option is to click Startup Disk and select a different startup disk, which the Mac then attempts to verify.

Windows: The system alerts you that you’ll need to install Windows with Boot Camp Assistant.

Medium Security

If you prefer running an older or untrusted version of macOS or Windows on your T2-equipped Mac, you’ll need to set Secure Boot to Medium Security. When your Mac starts up with Medium Security enabled, it only checks whether or not the operating system has been properly signed by Apple or Microsoft. No internet connection is required unless Secure Boot determines that the operating system must be updated before it allows the system to boot.

No Security

With No Security set, Secure Boot doesn’t enforce any requirements on the bootable operating system. This means that any compatible version of macOS or Windows can be used to boot the Mac, or even Linux distributions that are designed for installation on Macs.

What Are My Options for External Boot?
The External Boot feature controls whether or not your Mac can start up from an external hard drive, USB thumb drive or other external media. If a Mac is equipped with a T2 chip, it is no longer possible to boot it from a network volume.

By default, Macs with the T2 Security Chip are set to disallow booting from external media, including USB and Thunderbolt drives. When you attempt to change the startup disk to an external drive, Startup Disk preferences displays a message (see screenshot below) that says that “Security settings do not allow this Mac to use an external startup disk“. It also offers instructions on how to change those settings.

Allowing A T2-Equipped Mac to Boot From An External Startup Disk
If you do happen to select an external drive to start up from, restarting the Mac brings up the same message (see above) and provides the option to either restart from the current startup disk or select another startup disk – once you’ve allowed the Mac to use an external startup disk. To do that:

1) Open Startup Security Utility using the instructions found in “Where do I find the Startup Security Utility?” towards the top of this article.

2) Select “Allow booting from external media.”

3) To select an external startup disk before restarting the Mac, quit the Startup Security Utility, then select Apple () menu > Startup Disk.

Find more macOS guides and tricks at our Tech Tips section.

Be Sociable, Share This!

Internet/Network Recovery of El Capitan or Later on a Clean Disk

Mac T2 Chip Issues

If possible back up your files before proceeding.

Which Macs Have T2 Chip

1. Restart the computer. Immediately after the chime hold down the (Command-Option-Shift-R) keys until a globe appears.
2. The Utility Menu will appear in from 5-20 minutes. Be patient.
3. Select Disk Utility and click on the Continue button.
4. When Disk Utility loads select the target drive (will be the out-dented entry) from the side list.
5. Click on the Erase tab in Disk Utility's main window. A panel will drop down.
6. Set the partition scheme to GUID.
7. Set the Format type to APFS (SSDs only) or Mac OS Extended (Journaled.)
8. Click on the Apply button, then click on the Done button when it activates.
9. Quit Disk Utility and return to the Utility Menu.
10. Select Install OS X and click on the Continue button.

Macs With T2 Chip

Apr 23, 2019 11:22 AM