Beginning with the iMac Pro in December 2017—and continuing with Mac mini, MacBook Air, and MacBook Pro models introduced in 2018 and onwards—Apple has packed Macs with its own homegrown T2 chip. Like its predecessor, the T1, the T2 is designed to shift responsibility for security-critical aspects of Mac hardware out of the hands of the Mac CPU and traditional computing components—where they can be subject to hacks and malfeasance—into a “secure enclave,” a separate environment inaccessible to hacks, malware, and even hardware-based security risks. Even if macOS were somehow completely “pwned” by a security flaw or attacker, the critical functions and data handled by the T2 would be completely unaffected.
These days, it’s safe to say most technology users are interested in more security, rather than less, so the benefits of the T2 seem clear, if decidedly nerdy. But that doesn’t mean a T2-equipped Mac is the right choice for every Mac user right now—even those who want to be as secure as possible.
Why Does Apple Need Security Chips?
It’s no secret Apple’s hardware group has been on a roll for the last several years: it currently makes five processor lines (the A, H, S, T and W chips) that power everything from iPhones and iPads to the Apple Watch and AirPods. So it’s not surprising Apple would bring its own silicon to the Mac to enable Apple-exclusive features.
The company introduced the T1 in late 2016 to handle the fingerprint processing for Touch ID sensors in the first Touch Bar-equipped MacBook Pros, and it also helped lock down sensitive components like the built-in microphones and cameras. Further, the T1 took over the System Management Controller (SMC), which is responsible for heat and power management, battery charging, sleeping and waking the Mac. Finally, the T1 determines if macOS is running on actual Apple hardware.
The T2 picks up from there, with four major capabilities:
- It takes over all access to built-in solid-state drives, enabling real-time encryption and decryption so your data is never stored in the clear
- It provides the processing power that lets you invoke Siri with “Hey Siri”
- It offers image enhancement for built-in FaceTime HD cameras
- It can optionally lock down a Mac’s boot process—so if someone were to steal your Mac, they wouldn’t be able to start it up using an external drive and steal your data
The T1 and T2 can do all these things because they’re basically separate computers with their own isolated memory and storage: they’re ARM chips running Apple’s bridgeOS. The T2 is based on the A10 processor that shipped in the iPhone 7, and bridgeOS derives from Apple’s watchOS. In some ways, the T1 and T2 act as independent co-processors, enhancing performance by handling common tasks for the Mac and enabling the CPU to focus on other things. But in other ways, they significantly beef up security, since they offer a fully independent system that remains secure even if macOS is compromised.
What Does The T2 Do For You?
Apple has published an overview of the T2 chip spelling out some of its technical details, but here are the main points:
- Hush, Now: All T2-equipped MacBook Pro and MacBook Air models have a hardware disconnect for the built-in microphone whenever the lid is closed. That means even if some malware were able to take control of your microphone and surreptitiously listen or record through it, the microphone is essentially physically unplugged from the Mac when you close the lid. The same can’t be said of headsets, external microphones, or other audio gear, though. There’s no hardware disconnect for the FaceTime HD cameras: closing the lid blocks them effectively.
Downsides of the T2
For most Mac users, the benefits of the T2 are clear, particularly for notebook users who take their Macs with them wherever they go. If your new MacBook Air is stolen, the T2 offers decent assurance that sensitive data—like email, passwords, credit card numbers, social media accounts, super-secret projects, or those pictures—won’t fall into the wrong hands.
The T2 isn’t without trade-offs, however:
- Less Repairability: The T2 chip requires technicians to run a proprietary diagnostic tool to replace certain components like flash storage, the Touch ID sensor, and the main logic board, which means repairs or replacement of those components can only be done at Apple Stores or by Apple Authorized Service Providers. Most Mac users will never need to replace those components, but it’s yet another way Macs are becoming less repairable.
- Goodbye, NetBoot: T2-equipped Macs can’t boot from network volumes, which could be a serious issue for organizations and schools that still rely on the now-deprecated NetBoot. If you need NetBoot, take note: Apple’s recently refreshed iMac line does not have the T2 chip (see “Apple Boosts iMac Performance with Faster Multi-Core CPUs,” 19 March 2019).
- Data Recovery As-Good-As Impossible: That on-the-fly encryption and decryption the T2 chip provides for the SSD means the T2 is the only way to get data off the internal drive. If the T2 is damaged or becomes inoperable, your data is inaccessible, even to top data forensics experts, so have a solid backup strategy in place—check out Take Control of Backing Up Your Mac, Third Edition for all you need to know in that department.
- Linux & Older Windows Boot Issues: Lots of software developers—particularly Web developers—prefer to work in Linux or other operating systems, even if they own a Mac. T2-equipped Macs can only boot Linux or versions of Windows prior to Windows 10 from external drives after disabling the T2’s Secure Boot feature. If you need to run one of these operating systems, get used to doing it in a virtual machine. If you must run one of these systems on “bare metal,” a T2 Mac is not for you.
So What’s With These Audio Problems?
Since the introduction of the iMac Pro—and continuing with newer T2-equipped Macs—users have reported occasional audio glitches: little clicks, pops, or bursts of noise that seem to happen at irregular intervals. They occur with both audio playback and audio recording, and can happen using any app, whether listening to Apple Music, watching a video on YouTube, playing a game, or—uh oh!—playing a hot DJ set at a party or recording a live symphony orchestra.
The problem seems most common with USB-connected audio devices—whether consumer-grade headsets, podcaster-level microphones, or professional audio gear—but the glitches also happen with built-in speakers and microphones as well as audio devices connected via Thunderbolt. How often do they happen? Hard to say. Some users see a few every hour, others maybe only one per day.
Many Mac users won’t care. If there’s a little pop while streaming “Baby Shark” for the thirty-first time, it’s not the end of the world, am I right? OK, maybe I’m right?
However, for others, these glitches are literally showstoppers. If you’re using your Mac to process live audio—maybe you’re a DJ, or a musician using your Mac to run software instruments with programs like Ableton Live or Apple’s MainStage—blasting your audience with random pops, clicks, and bursts of sound is a Very Bad Thing. If you are recording music—whether in your bedroom using GarageBand or burning through hundreds of dollars per hour in a professional studio—those glitches will inevitably happen during critical moments, often destroying your recording. Imagine telling a legendary performer: “Hey, that was great, but the Mac glitched. Let’s go again, maybe it’ll record OK this time!” It’s a quick way to end a career. For musicians and audio professionals, this problem makes T2 Macs unreliable and untrustworthy—an irony, since many of these people use Macs to avoid the famously undependability of audio setups under Windows.
For professional recording studios, the T2 chip isn’t yet much of a problem. (No joke: plenty of Mac-based recording studios are still using decade-old Mac Pro towers.) But a tremendous amount of amateur, enthusiast, and professional audio work—whether music, podcasts, mixing, or DJing—doesn’t happen in professional studios: it happens on notebooks and in small Mac-based project studios. Plenty of musicians take their Macs on stage with them to perform in real time. The T2 is spreading across ever-greater swaths of Apple’s Mac lineup, which makes choosing a new Mac difficult.
What to do? The T2 audio problems have been known for well over a year, and Apple has been utterly silent about them save for a vague claim that macOS Mojave 10.14.4 “improves the reliability” of USB audio devices used with T2-equipped Macs. Some audio developers (like Germany’s RME) have reported improvements with USB audio, but my limited testing with a T2-equipped MacBook Pro found no discernible improvement using 10.14.4 with USB or Thunderbolt audio devices.
Some T2 users have been able to reduce the frequency of glitches by killing the built-in
timed process (which synchronizes the Mac clock with a time server) and/or
locationd (which tries to determine a Mac’s location for Location Services). Some folks have had good luck with these workarounds; others still experience problems. Unfortunately, stopping these background processes is non-trivial and requires disabling macOS’s System Integrity Protection. In other words, not recommended.
Is A T2 Mac Right For You?
For most Mac users, the T2 chip offers clear benefits: not only does it power spiffy fingerprint detection on the MacBook Pro and MacBook Air, but it also provides fully encrypted storage and hardens the Mac against a range of sophisticated attacks—including the sorts of things that a government might carry out if one were to seize a computer.
But the T2 also highlights how fragile the Mac world can be. Users who don’t have easy access to an Apple Store or authorized repair shop may encounter real problems getting a T2 Mac fixed. Users who don’t have a good backup strategy probably won’t be able to recover any data at all if the T2 chip fails—even if they turn to data recovery experts. And developers who want to run anything but macOS or Windows 10 natively are basically out of luck. So if your Mac has a T2 chip, figure out in advance where you’ll get it repaired if necessary, make sure you’re backing up regularly to multiple locations, and stick with virtualization for guest operating systems.
All that said, if you rely on your Mac for audio—whether recording podcasts, DJing parties, or as a professional engineer or musician—I recommend avoiding T2-equipped Macs until audio issues have been verifiably resolved for quite some time. If you need a new Mac before that happens, consider one of the few remaining models without a T2 chip, or perhaps an older pre-T2 Mac—sometimes Apple offers refurbished and clearance models on a good deal.