Apple confirms T2 coprocessor blocks some third-party Mac repairs

2

Comments

  • Reply 21 of 54
    I'm already chuckling thinking about the video that YouTuber repair guy is going to do about this. Hopefully, this time it'll end with an aneurysm.
    Which of the darlings, specifically. 
  • Reply 22 of 54
    The EU is going to have a massive heart-attack once they hear this.

    Why? Auto manufacturers have similar procedures which are designed to prevent the ability for thieves to not only steal cars, but to part them
    out and resell them. BMW being one of the biggest, and last I checked they were headquartered in Europe.
    Yes, but this is Apple...
  • Reply 23 of 54
    lkrupplkrupp Posts: 10,341member
    Third party repair shops and third party parts means NO security at all. I can see iFixit demanding all repair shops have access to the special diagnostic software. Then, miraculously over night, the software gets reverse engineered and the T2 chip becomes compromised and useless. Nefarious repair shops linked to hackers can then install anything they like on a user’s machine. We just went through a big brouhaha over spy chips possibly being installed on server motherboards by Chinese actors.

    People, you either want security or you don’t. Which will it be? The second you hand over your machine to “Joe’s PC Repair” you have lost any security you thought you had.
  • Reply 24 of 54
    iFixit et al keep harking on about this being Apple trying to stop repairs - when it's pretty obvious what this is: security.

    It means the security of you or your company's files doesn't end when I get out a screwdriver.
    What if it’s a really big screwdriver though?!
  • Reply 25 of 54
    avon b7avon b7 Posts: 6,515member
    jkichline said:
    bitmod said:
    Massive money grab meant to render out of warranty products useless. 
    If the new iMacs and Mac pros have this, then Apple can kiss the Pro market goodbye. Who’s going to buy pro gear with no aftermarket value? Want to replace a HDD... that will be $960 at your authorized dealer thank you...

    First off, Macs retain their value. Most end-users use the product until it it is finished its productive life and then hand it down or sell it for a decent sum and upgrade to a newer machine. We have a 2013 MacBook Pro in the office that’s still chugging along and just updated a 2012 MacBook Air. The old machines are still usable. Macs not only retain their value, but continue to work long after they are supported by Apple.

    You are also quite myopic in your evaluation. No one is saying the device can’t be worked on out of warrantee. It just needs to be done by someone who is certified by Apple to do so. That’s it. That’s the only requirement. There are authorized Apple service centers all over. If it’s not nearby, you can mail it in.

    Lastly, your obvious use of hyperbole is astounding. Really? You think that’s what authorized service centers would charge for a replaceable hard drive? Mind you that modern Macs mostly have the storage soldered to the motherboard so you would need to replace that too. The whole notion is that your Mac has enough storage to work for most of what you need and if you need more storage, you have Thunderbolt 3 which is PCI Express on a cable running 40 gbit/sec. I think you’ll be fine. You’ll be able to buy 2 TB of SSD storage for $100 in 10 years and have all the storage you could need.

    PS: Macs don’t use HDD anymore... they use SSD.
    Some Macs still use HDD. One of the bones of contention is if only Apple or Apple authorised shops can carry out a repair, the customer has no access to a competitive market, Apple sets the price of the components.

    In the EU, proponents of the right to repair have made it clear that any future legislation must include clear guidelines on parts availability both in terms of length of time and pricing. 

    Industry is fighting tooth and nail (but in the shadows) against anything in favour of right to repair and actively lobbying member state governments to impede rapid progess on the subject resulting in fresh legislation.


    muthuk_vanalingam
  • Reply 26 of 54
    Sounds like John Deere does with their tractor software, which of course was just slapped down in the courts as being illegal.  

    I get why Apple would want to protect the security parts of the computer, but if that is the case then maybe a happy medium is that you can have your device repaired by a third party and then the software portion can be done for free or a minimal charge at an authorized repair center.  Then they control the process and the software but it isn't seen as a money grab.  
  • Reply 27 of 54
    Too many people don't understand that, for a device that promises the kind of privacy protection that Apple tauts, a repair is a security risk.  Replacing a critical part with one that isn't up to spec, or possibly even maliciously misperforms, is a security hole a mile wide.  Making it more difficult to replace those critical parts is a good thing.
    lkruppbb-15fastasleep
  • Reply 28 of 54
    mfrydmfryd Posts: 168member
    Things will get interesting on a few years when Apple declares these machines to be "vintage" and refuses to fix them or supply parts.

    Imagine that you have a 2018 MacBook Pro with a broken screen, and a second one, of the same model, with a bad logic board.  Apple refuses to fix "vintage" machines.  You can't swap in your working logic board to replace the bad logic board, because you don't have the software to authenticate the new part.

    It's going to be a major court battle when Apple refuses to repair a device, and their policy prevents you from repairing it yourself.   While Apple has an interest in making the Mac a secure environment, they also have a financial interest in getting people to replace, rather than repair, a machine.

    My suspicion, is that when Apple allows a T2 machine to go vintage, they will also release the necessary diagnostic software for fixing it.  At that point they can say they are cooperating, and by making the machines less secure, they are still encouraging upgrades to new machines.
    muthuk_vanalingam
  • Reply 29 of 54
    zimmiezimmie Posts: 628member
    avon b7 said:
    The EU is going to have a massive heart-attack once they hear this.

    Why? Auto manufacturers have similar procedures which are designed to prevent the ability for thieves to not only steal cars, but to part them
    out and resell them. BMW being one of the biggest, and last I checked they were headquartered in Europe.
    Yes, German car manufacturers try the same tactics although the German Automobile Association is itself against such practices.

    That is why the whole situation is currently under review in the EU with the hope that pan European laws on design protection can be updated to better reflect the wishes of EU citizens.
    German car makers, sure, but also Japanese, Italian, American, and I expect many more. Every single car I have ever seen with an immobilizer has the ability to reset the immobilizer to accept new keys, but only an authorized dealer has the software and credentials with the manufacturer to perform the reset. Further, every single one I've seen requires the technician connect the car to a local computer to get some key information, which it sends to a remote server controlled by the manufacturer. The remote server then responds with an unlock code specific to that car's immobilizer.

    Based on the information which is currently public, AST2 works in exactly the same way. You run AST2 on a local computer and connect it to the computer under repair. It gets key information from the T2 chip, which it uses to form a request to an Apple server for authorization to open the hardware trust store. The Apple server then responds with the authorization, and the technician can get the T2 to trust the new parts.

    To the best of my knowledge, very few have seriously argued for opening up immobilizer resets on cars.
    bb-15fastasleep
  • Reply 30 of 54
    GeorgeBMacGeorgeBMac Posts: 11,421member
    An integral part of Apple's business model is their reputation for quality, privacy and security.   When they open things up to a guy with a screw driver, that gets compromised.

    Isn't it weird though that the Mac got its start from a couple tinkerers with a close relationship to hackers?
  • Reply 31 of 54
    ascii said:
    Why accuse Apple of doing it for monopolistic reasons when the T2 is security chip and there are perfectly good security reasons for insisting on certain parts? For example macOS needs some assurance that the fingerprint reader is genuine if its granting access to the system partially based on its input.
    No TouchID on the Mini though...
  • Reply 32 of 54
    mfryd said:
    Things will get interesting on a few years when Apple declares these machines to be "vintage" and refuses to fix them or supply parts.

    Imagine that you have a 2018 MacBook Pro with a broken screen, and a second one, of the same model, with a bad logic board.  Apple refuses to fix "vintage" machines.  You can't swap in your working logic board to replace the bad logic board, because you don't have the software to authenticate the new part.

    Apple has started a pilot program for a range of 2012 models (2011 iMacs in the US and Turkey) where they are offering extended repair support.

    That's going to be ciritcal for the newer models with integrated storage.
  • Reply 33 of 54
    Brony3535Brony3535 Posts: 3unconfirmed, member
    berndog said:
    It’s simply about controlling the experience - hacked junk repairs lead to disgruntled customers. This is why we used to pay more for a Mac than a pc - so it would just work without “knowing some guy” who’d get it going again for a little while. Till it broke again. I remember having to bring my Mac to work just to get the job done. Many employers back then had to rely on their only hacked (stolen) copy of windows on all their devices because they were to cheap to do it right and even done right you couldn’t achieve WYSIWYG!
     No, every item will break if used improperly.  All apple did was design around the Linux database and limit your accessibility to the computer so you couldn’t “break it again”.  If you set up the computer right and understood PC’s, they wouldn’t “just break again”.  What should happen is you should be required to educate yourself rather than have my computer components limited because you can’t stop from downloading a virus 
  • Reply 34 of 54
    Brony3535Brony3535 Posts: 3unconfirmed, member
    jkichline said:
    bitmod said:
    Massive money grab meant to render out of warranty products useless. 
    If the new iMacs and Mac pros have this, then Apple can kiss the Pro market goodbye. Who’s going to buy pro gear with no aftermarket value? Want to replace a HDD... that will be $960 at your authorized dealer thank you...

    First off, Macs retain their value. Most end-users use the product until it it is finished its productive life and then hand it down or sell it for a decent sum and upgrade to a newer machine. We have a 2013 MacBook Pro in the office that’s still chugging along and just updated a 2012 MacBook Air. The old machines are still usable. Macs not only retain their value, but continue to work long after they are supported by Apple.

    You are also quite myopic in your evaluation. No one is saying the device can’t be worked on out of warrantee. It just needs to be done by someone who is certified by Apple to do so. That’s it. That’s the only requirement. There are authorized Apple service centers all over. If it’s not nearby, you can mail it in.

    Lastly, your obvious use of hyperbole is astounding. Really? You think that’s what authorized service centers would charge for a replaceable hard drive? Mind you that modern Macs mostly have the storage soldered to the motherboard so you would need to replace that too. The whole notion is that your Mac has enough storage to work for most of what you need and if you need more storage, you have Thunderbolt 3 which is PCI Express on a cable running 40 gbit/sec. I think you’ll be fine. You’ll be able to buy 2 TB of SSD storage for $100 in 10 years and have all the storage you could need.

    PS: Macs don’t use HDD anymore... they use SSD.
    I would give you $100.00 for each of those computers, max... 

    i literally just tossed out 4 24” iMacs into the dump because they couldn’t sell for 50 bucks 
    GeorgeBMac
  • Reply 35 of 54
    Brony3535Brony3535 Posts: 3unconfirmed, member
    chasm said:
    bitmod said:
    Want to replace a HDD... that will be $960 at your authorized dealer thank you...

    Somebody didn't actually read the article. FTA:

    "Specifically, when critical hardware like a Touch ID module or logic board is replaced ..." i.e., parts you can only get from Apple.

    And apparently some people also can't comprehend what they read well enough to work out that "authorized" Apple repair places are not just Apple Stores. Really, really rural people are still going to have a lack of easy options, but ... that applies to rural life generally, so I expect they're used to that, as it is part and parcel of deep-rural lifestyle.

    The 99 percent of the two percent who actually upgrade their machines will find that they are as likely to be able to upgrade the RAM and HD/SSD internally as much as they currently can (which varies by model and heroic third-party efforts).
    Agree but we should still be able to do whatever we want to the computer and as long as the programming and hardware work out, we shouldn’t have to fear it not working because dead Steve Jobs didn’t repair it
  • Reply 36 of 54
    mac_dogmac_dog Posts: 1,022member
    Or, it could be that Apple wants to maintain some semblance of quality control. And how does someone infer “planned obsolescence”? All that does is fuel the fire of apple’s detractors. 
    GeorgeBMac
  • Reply 37 of 54
    avon b7avon b7 Posts: 6,515member
    Too many people don't understand that, for a device that promises the kind of privacy protection that Apple tauts, a repair is a security risk.  Replacing a critical part with one that isn't up to spec, or possibly even maliciously misperforms, is a security hole a mile wide.  Making it more difficult to replace those critical parts is a good thing.
    Don't forget that Apple offers no guarantee that any data residing on physical media will be kept private while in its possession.

    Any storage related failure under warranty means the part has to go 'back to Apple'. In my part of the world this 'obligation' is non negotiable.

    The last component that Apple took back from me was a failing Seagate hard disk. Apple sent me an authorized tech who took it back to the shop and then it was sent on to Apple.

    Beyond the documentation for the repair I was not given any assurance or guarantee that the contents of the disk would be cleared. The reality is that when Apple took it I have no idea what happened to it.

    In my particular case, I had an encrypted disk image on it which contained all the confidential items so I wasn't overly concerned but many people still use open systems.
    muthuk_vanalingam
  • Reply 38 of 54
    GeorgeBMacGeorgeBMac Posts: 11,421member
    mac_dog said:
    Or, it could be that Apple wants to maintain some semblance of quality control. And how does someone infer “planned obsolescence”? All that does is fuel the fire of apple’s detractors. 
    Yes, quite true...
    Even here at ai in a recent article on upgrading the MacMini (probably in the comments) we were told that we should re-install the original memory in the Mac Mini after we break it and ask Apple to fix it for us under warranty -- so Apple wouldn't know we were doing some DIY on it.

    And that's from the cult of the faithful!
  • Reply 39 of 54
    avon b7avon b7 Posts: 6,515member
    zimmie said:
    avon b7 said:
    The EU is going to have a massive heart-attack once they hear this.

    Why? Auto manufacturers have similar procedures which are designed to prevent the ability for thieves to not only steal cars, but to part them
    out and resell them. BMW being one of the biggest, and last I checked they were headquartered in Europe.
    Yes, German car manufacturers try the same tactics although the German Automobile Association is itself against such practices.

    That is why the whole situation is currently under review in the EU with the hope that pan European laws on design protection can be updated to better reflect the wishes of EU citizens.
    German car makers, sure, but also Japanese, Italian, American, and I expect many more. Every single car I have ever seen with an immobilizer has the ability to reset the immobilizer to accept new keys, but only an authorized dealer has the software and credentials with the manufacturer to perform the reset. Further, every single one I've seen requires the technician connect the car to a local computer to get some key information, which it sends to a remote server controlled by the manufacturer. The remote server then responds with an unlock code specific to that car's immobilizer.

    Based on the information which is currently public, AST2 works in exactly the same way. You run AST2 on a local computer and connect it to the computer under repair. It gets key information from the T2 chip, which it uses to form a request to an Apple server for authorization to open the hardware trust store. The Apple server then responds with the authorization, and the technician can get the T2 to trust the new parts.

    To the best of my knowledge, very few have seriously argued for opening up immobilizer resets on cars.
    The immobilizer, to the best of my knowledge, is a security feature to prevent unauthorised starting of the car. I don't drive so I could easily be mistaken.

    In the case of the T2, it would go beyond that and refuse to accept installed parts that the owner had sanctioned but Apple hadn't.
  • Reply 40 of 54
    bb-15bb-15 Posts: 283member
    mac_dog said:
    Or, it could be that Apple wants to maintain some semblance of quality control. And how does someone infer “planned obsolescence”? All that does is fuel the fire of apple’s detractors. 
    Yes, quite true...
    Even here at ai in a recent article on upgrading the MacMini (probably in the comments) we were told that we should re-install the original memory in the Mac Mini after we break it and ask Apple to fix it for us under warranty -- so Apple wouldn't know we were doing some DIY on it.

    And that's from the cult of the faithful!
    I suggest that anyone who is afraid of damaging their Apple product with a DYI upgrade should get AppleCare+ for the device. 
    For instance AppleCare+ is available for the Mac Mini ($99) and that extended warranty allows for two incidents of accidental damage (pretty much anything for $299 each).
    I get AppleCare+ for all my major Apple computer/phone/watch purchases.  

    https://www.apple.com/shop/product/S6120LL/A/applecare-plus-for-mac-mini

Sign In or Register to comment.