Regarding T2 security chips 'blocking' independent Mac repairs...

Touch ID
Touch ID (Image credit: iMore)

There's a lot of confusion going around about Apple's T2-based Macs, including the iMac Pro (2017), MacBook Pro (2018), and brand new Mac mini (2018) and MacBook Air (2018) and the trade-offs they make between security and repairability. Which is understandable. It's a complex subject, perspective-taking is hard, and the internet is terrible at juggling multiple truths.

Apple likely sees T2 as a major advance in security for the vast majority of its customers at the expense of what is a small and shrinking part of the market that still wants to get inside and mess with the guts of their Macs. Independent repair shops probably see it as yet another blow to traditional, modular computing and their own business models. Where some see badly replaced screens and dangerously swapped batteries, others see overblown, overpriced repairs with no reasonable alternatives.

Latest case in point, from The Verge:

The T2 is "a guillotine that [Apple is] holding over" product owners, iFixit CEO Kyle Wiens told The Verge over email. That's because it's the key to locking down Mac products by only allowing select replacement parts into the machine when they've come from an authorized source — a process that the T2 chip now checks for during post-repair reboot. "It's very possible the goal is to exert more control over who can perform repairs by limiting access to parts," Wiens said. "This could be an attempt to grab more market share from the independent repair providers. Or it could be a threat to keep their authorized network in line. We just don't know."Apple confirmed to The Verge that this is the case for repairs involving certain components on newer Macs, like the logic board and Touch ID sensor, which is the first time the company has publicly acknowledged the new repair requirements for T2-equipped Macs. But Apple could not provide a list of repairs that required this or what devices were affected. It also couldn't say whether it began this protocol with the iMac Pro's introduction last year or if it's a new policy instituted recently.

Here's my understanding: T2 is all about security. Security is perpetually at war with convenience. With T2, the new hardware security is at war with the convenience of indie and self-repair. Apple's not doing anything deliberately or actively to interfere with those types of repairs, they're simply a casualty of the new security systems being put in place.

Security vs. convenience

As much as having T2-level security is a major differentiator for Apple, it's also a huge benefit for many modern Mac customers. That includes tamper protection. If you can simply swap out parts on a T2 system, then T2 offers no real security. That's a huge problem when it comes to things like hardware-based disk encryption and Apple Pay authentication.

Have a target in mind? Get physical access to their machine, swap out the secured parts for compromised parts, and go to town. Think that's hard? How often do you hand over your computer when crossing borders? Apple has spent a lot of time fighting government agencies and bad actors alike, local and international, to prevent bypasses on iOS and, increasingly, that's the level of protection they're aiming for on the Mac.

Making the Mac secure

T2 was designed to prevent all that and more. Including, for example, a website showing you one price and charging you another, higher price. That's done through a hardened, secured channel through the machine, from the Secure Enclave to the display. And it's why, if you do anything that potentially compromises hardware security, potentially including turning off hardware security to run Linux, T2 can disable Touch ID Apple Pay, and require you to authenticate using an iOS device, like you would on a non-Touch ID Mac.

I totally get why indie repair shops feel assaulted. But it's also important to point out that Apple likely cares not one bit about taking market share away from them. Or about them at all. At least not on anything but a basic human level.

Apple has iPhone money. For them, repair is less than a rounding error. Even if that revenue is enormous to the independent repair shops, which no doubt motivates the fear and prompts the push back, more of nearly zero for Apple is still nearly zero.

And being extremist or sensationalist about it on either side, in my humble opinion, only hurts efforts to make fair, accessible, reliable, and affordable repairs available to everyone who needs them.

The power of choice

Now, I'm super sensitive to arguments that trading (repair) freedom for (hardware) security will eventually lead to consumers having neither. But, Apple isn't the industry. Apple may believe its customers want and are better served by integrated, differentiated computers that are more like appliances — more like iOS devices have been from the beginning.

Other companies decidedly do not. For people pissed off at Apple's current direction, for people who value the ability to self-repair, swap, assemble, expand, and even just tinker, those other companies and their products are other, better-for-them options.

If enough people choose those options, Apple will have to pay attention. My hunch is, though, as computers have gone increasingly mainstream, most people, from executives who travel a lot to first-time buyers who've never felt comfortable with the complexity of traditional computing, will find the trade-offs more than worth it. If they think about them at all. And having a private, secure computing option is just as important as having something like the completely customizable Raspberry Pi on the other end — and a good range in between.

I do think, if Apple is creating more secure Macs, then Apple is also taking on the burden of making sure all those Macs have fair, accessible, reliable, and affordable repairs available to them. If Apple ever fails at that, including not having parts or replacements available for new products the same day they ship, then that's worth raising a ruckus over.

○ Video: YouTube
○ Podcast: Apple | Overcast | Pocket Casts | RSS
○ Column: iMore | RSS
○ Social: Twitter | Instagram

Rene Ritchie

Rene Ritchie is one of the most respected Apple analysts in the business, reaching a combined audience of over 40 million readers a month. His YouTube channel, Vector, has over 90 thousand subscribers and 14 million views and his podcasts, including Debug, have been downloaded over 20 million times. He also regularly co-hosts MacBreak Weekly for the TWiT network and co-hosted CES Live! and Talk Mobile. Based in Montreal, Rene is a former director of product marketing, web developer, and graphic designer. He's authored several books and appeared on numerous television and radio segments to discuss Apple and the technology industry. When not working, he likes to cook, grapple, and spend time with his friends and family.

  • I feel like this article was spent defending Apple while saying if you don’t like it buy windows.
  • Thats EXACTLY what it is saying. And guess what there are TONS of devices running windows that are better than the fragile offerings from apple.
  • Fragile isn't really the right word, given that Macs generally have a long lifespan
  • Yep. Ok. That's why screens on the MacBook pro touch bar version are cracking just from the pressure of closing the lid. YES fanboy, they ARE FRAGILE.
  • I haven't heard anything about this, what proof do you have that this is actually happening?
  • LOTS goto apples support site and see. As usual the fanboys will deny, deny, deny! I will post the link in one second!
  • Here you go fanboy! directly from apple's support website. crack, crack, crack. NO THANKS. FRAGILE YES!
  • So maybe this is a rare case, whereas you can find plenty of articles online about how Macs are some of the most reliable machines
  • Did you even read the entire thing? Dude you really have issues.
  • These things happen from time-to-time, I'm not saying it's not real, but to say all Apple machines are fragile, is a hyperbole.
  • I did not Say all apple did I? I said macbook PRO with the touchbar. drink it up!
  • Actually, you said:
    "better than the fragile offerings from apple" Which is a blanket statement.
  • Guess what, there are more than one offerings in the screen breaking MBP saga on apples support site, so yes....FRAGILE OFFEREINGS. drink it up kool aid kid!
  • It's one model, get over yourself.
  • This is one of those "let's agree to disagree". That will depend on how you define better.
    For me better is mostly about ease of use, security and privacy. Macs are therefore at the top for me.
    Obviously your needs are different, that's why you are free to chose something else.
    Insulting/criticizing other people's choices will not grant you much credibility anywhere around here, just so you know.
  • Wow, that was complete BS Renee and you know it. Anything to keep your Apple status eh? What Apple has done is move yet again to prevent repairs from anyone other than Apple. Apple does not want you to be able to repair your laptop because Apple wants to sell you a new one. They have been caught pushing an upgrade or outrageously overpriced parts when only a small fix is needed for repair. Stop moving the goal posts and muddying the waters in justification of apples terrible practices here. But I would expect nothing less from you. Your Apple status is worth more than the truth. You really are a complete sell out.
  • No reason to get personal. You can disagree but let's keep it there please.
    What Rene is saying is Apple just moved the bar up on device security. This means an extra cost for the owner of these devices, especially in case of repairs - nothing is free. And Apple did not consider whether or not third party shops would be impacted, they never do.
    If Apple wanted to sell you a new device that badly, as you say, they would not:
    a) make their computer with solid metal (cheap plastic was the industry standard before they pushed for aluminum)
    b) give you free software updates every year and up to 7-8 years after your purchase., which is more than any other computer company under the sun.
    c) have easily accessible brick ans mortar stores where you can often get qualified help for free at the Genius Bar. There is nothing of the sort for any other brand of computers (except maybe Microsoft? I can't even remember seeing one of these).
    Macs, and iPhones/iPads are famous for their high resale value, that is also contrary to you argument.
    Somehow you seem to think that Apple is evil... that probably says more about you than about Apple.
  • Whilst we are all free to make our own choices I think you are wrong but respect you have your own opinion.
    What makes a computer or and device better is choice not just, “we’ve made it more secure so that’s that”
    I understand that you can alter the way the T2 works do yes in that respect the computer is better.
    Now I remember this argument from years ago. Bear in mind that the old iPhones were plastic as were the Mac’s, were they also cheap tat back then?
    There is no such thing as free. Apple have worked out the cost of those ‘free updates’ in advance and charged you accordingly. That’s a bit naive.
    The stores are pretty good. I’ll give you that but genius they are not, that’s typical Apple marketing BS.
    As for cost, PCs are cheaper and probably always will be, even in the long run.
    Apple are evil. But so are Google, Microsoft, and all the others. You choose how much slack you’re going to cut based on how it suits you.
  • To add to this there are no Geniuses anymore at the Apple Stores. Their skill levels have fallen and the constraints they also have to work within is just crazy! Even the phone support who know you have an old vintage system which can't be fixed still tell you to bring it in (a bit of bait and switch). Then if you need to get an older OS Apple won't help you! Bring in a USB thumb drive and ask for the El Capitan installer for your older 24" iMac as your Drive died. All they want to do is sell you a new system. Many of us independent shops will gladly setup the USB drive for you so its bootable and has the needed OS ready to install.
  • That's not respect in my book... I am not wrong, my own choice can only be right for myself, as yours is for you.
    * I only had great experiences with the employees in Apple store (once they took only 15 to test/replace and set up a new iPhone after they found out my gyro was not working).
    * Naive would be to think that Samsung charges you less because you are not going to get updates or are going to get them late and only for a couple of years at best. Their flagship phones are often more expensive that the equivalent iPhone. Or that the price of iOS (watch OS, MacOS, etc) updates is actually significant over the price of the phone when they are amortized over the millions of devices they keep selling. A rough calculation would put that cost around 10$ per device for the lifetime of the phone. For that price, count me in.
    * iPhones were plastic at first but went metal pretty quickly. It's not an argument, in this field Apple almost always lead and the others follow. They were surely not first but they went all metal and stuck with it.
    * PCs are not, never were and never will be cheaper if you take into account all the time regular people waste on installations, bugs, etc. and if you take into account their resale value is a lot lower and they don't last as long. Ease of use is also worth something for me. People started seeing this 5-7 years ago and that's the reason why the PC market is constantly shrinking while Apple's computers sales are still increasing.
    * You know, companies are not evil (by definition, they can't be), their investors just don't care about you, sorry... I simply chose the one whose best interest - protecting my privacy and making products people love, obviously so they can sell more and make more money- fits my priorities.
  • All I'll say is look at the statement;
    "I THINK, you are wrong". Opinion. Doesn't mean you are, doesn't mean you're not. How that can come across as disrespect is beyond me.
    Whether your choice is for you or not doesn't make it right. It's possible to make a wrong choice for yourself for whatever reason.
  • Indeed, beyond you. Please look up the difference between good/bad and right /wrong, just a hint.
  • It is worth a ruckus over. Did you see the CBC report where the Apple Genius quoted upwards of $1200, and Rossmann did it in 10ish minutes, and said it was just a few buck cable? That's the issue here. I'd be 100% fine with them disabling the fingerprint sensor if it was swapped like they claimed Error 53 was doing. But to completely disable the device? He-double-hockey-sticks (you guys censor the two L ending? sheesh) no.
  • First, sorry I hit the wrong button first - I pressed Report instead of Reply.
    Second, your example is what we call anecdotal, it's ONE case. Disabling the device is EXACTLY what I want to happen in this case.
    And yes, more security will cost you more than less security, there is no reason to expect something more and still pay less. That includes repairs. What Apples is offering is exactly not what you can get from the other operating systems, that's their differentiation, they charge extra (sometimes) for security and privacy, among other things.
  • Lol ok... That is more like spending more money than what you have to, but ok.
  • Show me cheaper product with the same quality/privacy centered/design etc. and I will gladly buy it. I don't care it's Apple's name on the product (for instance, I don't like their keyboards and never had one of their display when they were making them) but I care that the product is well designed and prioritize privacy over anything else.
    Now, I don't own one of their MacBook either because I don't need one.
  • Their displays were awesome. I would own another in a heartbeat.
  • It's what YOU want to happen. And that's fine. BUT, when Apple is proven to demand $1200 for a $10 or whatever cable replacement... They could easily have it be an option that you can turn off. As in, "Do you want us to brick your device if you get it fixed at a place we don't like?" as a choice somewhere UEFI level, and flipping the switch wipes your data, like flashing a bootloader on Android. They're basically telling everyone who doesn't want to trust some random chip to get it right, "Don't buy our stuff". There is also a non-zero number of people who will have their Mac bricked just because the T2 gets confused. 1 is too many, and I think it's ridiculous to blindly trust them to get that right, the same way they couldn't offer a switch to avoid "slowgate".
  • Not a security expert but the whole point of security is that it CANNOT be turned off. Making it an option means it can be bypassed. Did you read Rene's article?
    And yes, this is my choice as is every consumer's choice to buy something else.
  • SimonT_S - I think you mixed things up. The T2 security is a good thing! The issue is how far reaching is it going. So replacing the battery or display kills your system? I see no correlation where security ties to the these parts, the logic board Yes! That makes sense.
  • Agreed bookhound. The T2 is a great feature and service. BUT, making it so I cannot replace anything that craps out in the already fragile and finicky MacBook, that's where it becomes consumer gouging.
  • Finicky yes, fragile no.
  • Fragile YES! Deny, deny, deny!
  • Maybe this is a rare case, whereas you can find plenty of articles online about how Macs are some of the most reliable machines
  • Again, you have major issues. The brainwash runs deep.
  • Maybe Apple have made a mistake? That doesn't mean that all their machines are fragile, and history supports that that's not the case.
  • Again, I did not say all apple devices, I said macbook pro with touchbar...
  • Actually, you said:
    "better than the fragile offerings from apple" Which is a blanket statement
  • See comment above, I am not going to copy and paste the same comments. but keep trying fanboy!
  • One model affected
  • That's not the issue, that's the cost. You gain nothing if you sacrifice nothing. That was a design choice. Now, of course, Apple will obviously look at how they can still serve their customers and keep the same level of security. If they don't come up with a solutions they will lose customers, obviously. Meanwhile, I am expecting them do all this under warranty as these just came out now...
  • El oh el. True to form Apple's White Knight comes to the defense of yet another poor & hostile Apple decision. There's no confusion Rene. Apple is completely disrespectful to its consumers and is openly hostile on RtR laws. This is why they glue unnecessarily, use pentalobe screws, remove ports like the headphone jack and sd card readers and expect people to pony up for dongles. I already know the answer to this but Rene are you ever going to call out Apple for it's complete contempt for consumers?
  • Pretend contempt for consumers. Apple still have the highest consumer satisfaction rate of all mobile phones and computer companies. It's not perfect but it is the best there is.
    I, a consumer, for one do not feel that contempt you are talking about. On the contrary their stance on privacy and good design makes me feel they care deeply.
    Now, imagine Microsoft or Dell or Samsung was doing the same thing, would that even register as news anywhere? And remember most Apple products are not best selling products. So why do they create such (overblown) reactions?
  • If you believe Apple's supposed "Stance on Privacy" I have a bridge to sell you
  • Why wouldn't you believe it, when there are various elements throughout iOS, macOS and the business as a whole which collectively indicate Apple has a strong stance on privacy?
  • They are hypocrites like all other companies. They just stand up and bang a drum the loudest.
    Privacy isn't just about individuals it also means respecting all privacy.
    Do you think that they don't buy info from others that is gleaned in ways they tout they are against? What do you think shell companies get up to?
  • Maybe they do, maybe they don't, it's all whataboutisms. From the visible evidence, they do care about privacy, but no one knows what happens behind closed doors.
  • You lost me at "all companies are hypocrites".
    All trolls are hypocrite. All bullies are hypocrite. All cats are hypocrite.
    Conspiracy theorists of this world unite against Apple!!!
  • The lack of breath of offerings for the serious pro is the real issue! While the new MacBook Pro Touch Bar are great for the jet setters and people who what the bling of the Touch Bar. The systems missed the mark for the older working pro's. These are the diehard bunch that saved Apple years ago and what they need and want is not being met with Apples current offering. Yes, the new Mini is moving in the correct direction with a better cooling system and serviceable RAM. The MacBook Pro's missed it! It can't really support the i9 as it cooling is too limited. The new Mac Air and the current MacBook are so close now it makes no sense to have them both! Apple did it once before rebadging the 13" Unibody MacBook Pro as the MacBook. I think its time to do the same or come up with a new name for this still higher tier If Apple offered a second offering using the older Unibody frame for the more advanced users which want the older keyboard, onboard ports (2xUSB-A & 4 USB-C) as well as SD (SDXC) it would have met the baseline need. I would have modified the back two USB-C ports so a breakaway plug could be installed that is flush with the case. This wouldn't be that hard then we would have had the ability to re-gain a MagSafe type of connection (even offering left & right access). Then internally keep the T2 and the flash storage but offer a two PCIe bays for two blade drives and a much bigger battery in both a 15" and 17" models with 4K displays. This is the frame that should have the i9 or even a Xeon workstation class CPU as it would have had the space for a better cooling system. I know of many people who would jump at buying it!
  • Well, I agree with your argument, I put a lot of job data on my MBP and it is good to be more secure. And like you my concern is more about the price of the repair which can be problematic. Ok for soldered SSD, with T2 chip, I just want that the reaparing price is fair. Hope that there will be some class action in the US to address this concern...
  • I agree the need to have your data and ID info secure is important! But Apple needs to make it clear its for security not interfering with serviceability of the system! As an example there is no reason the display, keyboard or even the trackpad can't be replaced there is no security information in these parts. Even servicing a logic board were a resistor, capacitor or inductor needs replacing or patch a corroded trace. Along as the CPU, T2, flash & RAM chips are not touched there shouldn't be any issues.
  • Well, I am not an expert on security, but what if you could use those connections (the ones for the screen or the keyboard) to plug something else that would perform some kind of attack on the system? You know, maybe Apple made a mistake, and if yes they may correct it one day (Apple is pretty opaque about these things). But what if this is a genuine threat? Apple can afford to employ the brightest security engineers on the planet, and I bet they do.
  • I'm really sad since I am a happy Apple user and have been for years but this is not the future for me. Very unhappy with these new Mac Mini's and Air's. Even seeing how apple kept the same base 128GB storage after all these years of not upgrading previous models. For the price of these both should of came with 256GB as base storage instead of forcing us to pay up right away just to get a decent amount. That aside though and more to reply to this post, I have been fed up for some time even how on the past Air apple used its own special PCIe storage. Only OWC seemed to make one you could replace it with or upgrade but at least OWC did. Now we have no option and the s