Apple details iMac Pro's T2 chip, which handles secure boot, system management, ISP, more
Though it flew largely under the radar, Apple introduced a new custom T2 chip in iMac Pro that combines a number of system controllers into a single secure package. The company detailed what, exactly, the silicon does in an update to its iMac Pro product webpage on Thursday.

In an addendum to the iMac Pro mini-site, buried near the bottom of the page, Apple sheds light on what purpose the T2 serves in the company's fastest all-in-one desktop.
A second-generation design that builds on the MacBook Pro's T1 chip, the T2 has been redesigned to deliver improved operational latitude, ensuring enhanced security and greater system performance.
According to Apple, the chip integrates "several controllers" found in other Mac systems, including a system management controller, image signal processor, audio controller and SSD controller. As noted in previous reports, T2 incorporates a secure enclave and hardware encryption engine, allowing for strong on-chip encryption and, if desired, hardware verification of system-level software.
"The data on your SSD is encrypted using dedicated AES hardware with no effect on the SSD's performance, while keeping the Intel Xeon processor free for your compute tasks." Apple says. "And secure boot ensures that the lowest levels of software aren't tampered with and that only operating system software trusted by Apple loads at startup."
In an early look at iMac Pro, Cabel Sasser, co-founder of Panic, noted the inclusion of new macOS tools that take advantage of the T2 chip's security features.
Specific to the all-in-one is a new "Startup Security Utility" that allows users to turn on a firmware password to prevent their Mac from booting from a different hard drive, CD or DVD without a password. Another function called "Secure Boot" lets users select from a range of security levels, from "Full Security" to "Medium Security" or none.
In addition to providing enhanced user protections, T2 leverages its onboard ISP to handle FaceTime HD tone mapping, exposure control and face detection-based auto exposure and white balance. These functions were tasked to a discrete hardware and software prior to Apple's T-series chips.
Apple fails to offer further detail on T2's other integrated controllers, though from past custom silicon iterations, it can be assumed that only select audio and system functions are offloaded to the new chip. For example, M-series motion coprocessors found in iOS devices, and now integrated into the A11 Bionic, assist in the recognition of "Hey Siri" commands. Whether the T2 offers similar functionality, or handles more complex audio tasks, is unknown at this time.
Apple debuted iMac Pro at this year's Worldwide Developers Conference in June, promising the desktop would be available to purchase in December. The company made good on those claims today with the launch of iMac Pro models featuring 8- and 10-core Intel Xeon processors. Configurations boasting top-of-the-line 18-core CPUs will ship in February and carry a hefty price tag starting at over $7,000. Shoppers looking for the best deal can save up to $1,055 by shopping through the AppleInsider Price Guide. Apple authorized resellers are currently taking pre-orders for the new iMac Pros, and several will not collect sales tax in most states. No interest financing offers are also available; details can be found here.

In an addendum to the iMac Pro mini-site, buried near the bottom of the page, Apple sheds light on what purpose the T2 serves in the company's fastest all-in-one desktop.
A second-generation design that builds on the MacBook Pro's T1 chip, the T2 has been redesigned to deliver improved operational latitude, ensuring enhanced security and greater system performance.
According to Apple, the chip integrates "several controllers" found in other Mac systems, including a system management controller, image signal processor, audio controller and SSD controller. As noted in previous reports, T2 incorporates a secure enclave and hardware encryption engine, allowing for strong on-chip encryption and, if desired, hardware verification of system-level software.
"The data on your SSD is encrypted using dedicated AES hardware with no effect on the SSD's performance, while keeping the Intel Xeon processor free for your compute tasks." Apple says. "And secure boot ensures that the lowest levels of software aren't tampered with and that only operating system software trusted by Apple loads at startup."
In an early look at iMac Pro, Cabel Sasser, co-founder of Panic, noted the inclusion of new macOS tools that take advantage of the T2 chip's security features.
Specific to the all-in-one is a new "Startup Security Utility" that allows users to turn on a firmware password to prevent their Mac from booting from a different hard drive, CD or DVD without a password. Another function called "Secure Boot" lets users select from a range of security levels, from "Full Security" to "Medium Security" or none.
In addition to providing enhanced user protections, T2 leverages its onboard ISP to handle FaceTime HD tone mapping, exposure control and face detection-based auto exposure and white balance. These functions were tasked to a discrete hardware and software prior to Apple's T-series chips.
Apple fails to offer further detail on T2's other integrated controllers, though from past custom silicon iterations, it can be assumed that only select audio and system functions are offloaded to the new chip. For example, M-series motion coprocessors found in iOS devices, and now integrated into the A11 Bionic, assist in the recognition of "Hey Siri" commands. Whether the T2 offers similar functionality, or handles more complex audio tasks, is unknown at this time.
Apple debuted iMac Pro at this year's Worldwide Developers Conference in June, promising the desktop would be available to purchase in December. The company made good on those claims today with the launch of iMac Pro models featuring 8- and 10-core Intel Xeon processors. Configurations boasting top-of-the-line 18-core CPUs will ship in February and carry a hefty price tag starting at over $7,000. Shoppers looking for the best deal can save up to $1,055 by shopping through the AppleInsider Price Guide. Apple authorized resellers are currently taking pre-orders for the new iMac Pros, and several will not collect sales tax in most states. No interest financing offers are also available; details can be found here.
Comments
Same as what happens to your iPhone if you forget your password.
https://www.defense.gov/News/Article/Article/688721/dod-wide-windows-10-rapid-deployment-to-boost-cybersecurity/
I don't see how bring back the XServe will make Apple dominant in government organizations, when Windows Server and Linux are far more capable than macOS Server.
Bitlocker have been part of Windows since v8. And in Windows 10 BitLocker, encryption works with TPM chips that come with most business/enterprise PC's (for example, Thinkpads had TPM chips for +10 years). And it even works with Windows Hello, which has facial recognition, something missing in the iMac Pro.
https://docs.microsoft.com/en-us/windows/device-security/bitlocker/bitlocker-device-encryption-overview-windows-10
https://docs.microsoft.com/en-us/windows/access-protection/hello-for-business/hello-why-pin-is-better-than-password
And MS provide tools to manage it, not 3rd party tools needed.
https://docs.microsoft.com/en-us/microsoft-desktop-optimization-pack/mbam-v25/about-mbam-25
I think it's a stretch to say they "see no issues".
Like in nutrition, the question of what is a healthy food is always relative. The question is: "Healthier than what?"
Likewise, compared to Windows 7 or 8, Windows 10 just might be more secure.
.... But then that may be like saying that a BigMac is healthier than a hot dog.
I was responding to @Rob53, who mentioned that "Windows PCs don't come standard with any type of physical encryption like the new iMac Pro, everything is bolted on requiring software updates from third-party companies." I already knew that OS X / macOS had FileVault for many years.
With the term "see no issues", I meant that they found Windows 10 to be secure enough for their requirements, and not necessarily compared to what they had before. If Windows 10 had not match their requirements, they would hold of to what they had or move to another platform, like macOS. I don't think they took that decision lightly, when 4M devices were to be upgraded.
That's what I was waiting on confirmation on, if it eliminates the APFS encrypted performance hit. Sounds like a yes, I'd still like to see tests
https://malcont.net/2017/07/apfs-and-hfsplus-benchmarks-on-2017-macbook-pro-with-macos-high-sierra/
https://technet.microsoft.com/en-us/windows/dn168167.aspx
The only requirement is UEFI and a TPM chip, which are very common in PCs a few years back. I agree with what you said, this type of security should be part of every Mac as it is with Windows. Too bad it's only on the iMac Pro.