iMac Pro debuts custom Apple T2 chip to handle secure boot, password encryption, more
Apple's iMac Pro desktop will also sport an a new custom chip dubbed the T2, serving as a secure enclave for encrypted keys, giving users the ability to lock down their Mac's boot process and also handling system functions like the camera, audio control, and managing the solid-state hard drive.
Details on the T2 chip were revealed on Tuesday by Cabel Sasser, cofounder of developer Panic. According to him, the T2 chip combines previously discrete functions, including the system management controller, image signal processor for FaceTime camera, audio control, and SSD control.
In addition, like Apple's A-series chips for iPhone and iPad, as well as the MacBook Pro's T1 before it, the T2 has a secure enclave for storing information like passwords. It also has a hardware encryption engine, according to Sasser.
"This new chip means storage encryption keys pass from the secure enclave to the hardware encryption engine in-chip -- your key never leaves the chip," he wrote on Twitter. "And, they it allows for hardware verification of OS, kernel, boot loader, firmware, etc. (This can be disabled)"
To take advantage of the T2 chip, the iMac Pro's version of macOS High Sierra includes a new "Startup Security Utility" option. Here, users can turn on a firmware password to prevent a computer from starting up from a different hard disk, CD or DVD without the password.
macOS also gains new "Secure Boot" options, ranging from "Full Security" to "Medium Security" or none. When "Full Security" is enabled, the system ensures only the latest and most secure software can be run, requiring a network connection at software installation time.
Users can also allow or disallow booting from external media with the new T2 chip.

Apple's first T1 chip launched in late 2016 in the MacBook Pro. There, it is responsible for Touch ID authentication, as well as the secure enclave for storing Apple Pay credentials.
The details on the iMac Pro T2 chip would seem to dispel earlier rumors that claimed Apple would build a full-fledged A10 chip into the iMac Pro. The A10 powers Apple's iPhone 7 and iPhone 7 Plus, while a beefed up A10X processor is found in the 2017 iPad Pro lineup.
Notably, the iMac Pro lacks Touch ID, or Face ID, meaning there is no way to authenticate Apple Pay purchases with the device. Users must instead rely on an iPhone or Apple Watch nearby, logged into the same iCloud credentials, to authorize Apple Pay purchases on the web.
Other reports suggested that the addition of custom Apple silicon in the iMac Pro could enable always-on "Hey Siri" support. Sasser's notes on Twitter gave no mention of "Hey Siri" support, but given the T2's integration with other key components in the iMac Pro, it's possible that the feature could be coming in a future update to macOS.
Details on the T2 chip were revealed on Tuesday by Cabel Sasser, cofounder of developer Panic. According to him, the T2 chip combines previously discrete functions, including the system management controller, image signal processor for FaceTime camera, audio control, and SSD control.
In addition, like Apple's A-series chips for iPhone and iPad, as well as the MacBook Pro's T1 before it, the T2 has a secure enclave for storing information like passwords. It also has a hardware encryption engine, according to Sasser.
"This new chip means storage encryption keys pass from the secure enclave to the hardware encryption engine in-chip -- your key never leaves the chip," he wrote on Twitter. "And, they it allows for hardware verification of OS, kernel, boot loader, firmware, etc. (This can be disabled)"
To take advantage of the T2 chip, the iMac Pro's version of macOS High Sierra includes a new "Startup Security Utility" option. Here, users can turn on a firmware password to prevent a computer from starting up from a different hard disk, CD or DVD without the password.
macOS also gains new "Secure Boot" options, ranging from "Full Security" to "Medium Security" or none. When "Full Security" is enabled, the system ensures only the latest and most secure software can be run, requiring a network connection at software installation time.
Users can also allow or disallow booting from external media with the new T2 chip.

Apple's first T1 chip launched in late 2016 in the MacBook Pro. There, it is responsible for Touch ID authentication, as well as the secure enclave for storing Apple Pay credentials.
The details on the iMac Pro T2 chip would seem to dispel earlier rumors that claimed Apple would build a full-fledged A10 chip into the iMac Pro. The A10 powers Apple's iPhone 7 and iPhone 7 Plus, while a beefed up A10X processor is found in the 2017 iPad Pro lineup.
Notably, the iMac Pro lacks Touch ID, or Face ID, meaning there is no way to authenticate Apple Pay purchases with the device. Users must instead rely on an iPhone or Apple Watch nearby, logged into the same iCloud credentials, to authorize Apple Pay purchases on the web.
Other reports suggested that the addition of custom Apple silicon in the iMac Pro could enable always-on "Hey Siri" support. Sasser's notes on Twitter gave no mention of "Hey Siri" support, but given the T2's integration with other key components in the iMac Pro, it's possible that the feature could be coming in a future update to macOS.
Comments
Eh, it'll take a really long time for it to be in enough macs to start to require it. High Sierra still runs on 2009 hardware for instance. Maybe 8 years out, emulating an A10/T2 won't be that bad.
Well, Steve Troughton-Smith was playing around with a system files targeting the A10 in the iMac Pro. I find it unlikely there's both, a T2 and an A10 side by side, so it seems very possible the T2 is just a very A10-like chip.
Certainly overkill for mobile, but a desktop has no such concerns.
Interesting that there's no FaceID. I get not having TouchID, as that does have its problems with a wireless keyboard, or putting it on the front of the computer. The TouchID problems aren't insurmountable, but now we have FaceID, they become unnecessary, since putting the appropriate sensors in the front of the computer is less of a hassle than finding somewhere to put a TouchID sensor, and, if you put it on the keyboard, authenticating it properly for a wireless connection.
It might be that FaceID wasn't ready for the iMac Pro when they finalised the design, but it could (should?) be in subsequent models. Possibly it will turn up in the consumer iMacs first, depending on the release schedule. Maybe it will be in the new Mac mini when they announce it...
All you need is encrypted communication end to end and the government and its agents will have no idea what you do in your bedroom at night.
They can get into your phone and now they will not be about to get into your mac. If you can secure all your written communication end to end the FBI will just have to through in the towel and do old fashion police work verse your electronics ratting you out
simply upgrading the iMac front facing camera array with the depth sensing camera module found in the iPhone X without also including the A11 Bionic SIC will not enable FaceID or the AI capabilities that it needs to function.
And anyone tempted to write that I should use a /s on this post, just don't. The bar is already low enough, isn't it?
Yet you conveniently left out the fact that Apple fixed that problem very quickly.