Apple IT Security Features – Part 2: The T2 Chip and the Secure Enclave
In this 3-part series, we are exploring some of the built-in security features that come standard with today’s Apple computer and mobile device models. These features have a positive impact on an organization’s data security requirements and act as additional layers of protection against threats.
The T2 chip significantly increases data security on a Mac, while enabling useful features that improve the end-user’s experience. When hardware is more secure, the software can support those efforts and be more secure as well. While some sections of this article are technical, Parachute believes it’s empowering to understand what is happening behind the scenes with IT security used daily.
The T2 Chip and the Secure Enclave
Included with newer Mac models, Apple’s T2 chip keeps the data stored on Macs safer than ever. Embedded within the T2 chip is the Secure Enclave, which is a specific part of the chip used to store especially sensitive information, such as passcodes and biometric data of a device, such as Face ID, Touch ID, and Apple Pay data.
Communication within the Secure Enclave and processor is isolated, which secures data from malware attacks. In other words, the operating system cannot directly access data stored in the secure enclave. For example, if you enter your password on your Mac, iOS doesn’t know if that is the correct password. It passes along that password to the Secure Enclave, which verifies it against the encrypted password stored within, and then passes back to iOS a ‘correct’ or ‘incorrect’ response. This process also occurs with Touch ID and Face ID. The Secure Enclave is what makes unlocking your Mac with TouchID, filling in passwords within your Internet browser, and making purchases with Apple Pay so easy and usually seamless.
History and Additional Features
The T1 chip was introduced in late 2016 in MacBook Pros featuring the first Touch Bar. The T1 chip provided a fingerprint sensor and storage of this biometric information for the Touch Bar’s Touch ID. It improved the functionality of heat and power management, sleep/wake, and battery charging by integrating with the System Management Controller. It also provided an additional layer of IT security by detecting non-Apple hardware components and installations.
In addition to the functions of the T1 chip, the T2 chip provides support for Siri by summoning the AI with “Hey, Siri…” One of the most important additions is the optional protection of the boot process, which, if activated, prevents the computer from starting up with an external drive. Some IT professionals don’t like this feature, nor the inability to run other operating systems directly on a Mac, but overall, it’s another layer of security for the end-user or the company’s data on the computer. The T2 chip controls failed password attempts. After 220 total attempts, the T2 chip will not decrypt the data, rendering it unrecoverable. Therefore, it’s still essential to have an appropriate data backup solution in place.
If you would like to learn more about how Apple’s IT security features can have a positive impact on your business, give Parachute a call today. We are Apple IT Service specialists with a focus on Apple Ecosystem Administration for companies throughout the San Francisco Bay Area and the Sacramento Valley. Our team is happy to answer your questions and discuss your unique Apple support needs.