Hacker News new | past | comments | ask | show | jobs | submit login

I genuinely don't understand this comment. A hacked T2 is currently less secure than it was a few weeks ago, but I think still more secure than a machine with no T2 at all, no?

That is, so far nobody has leveraged this to hack FileVault or SecureEnclave passwords generally, and until then, this is still marginally more secure than no T2 at all.

Once the above is no longer true, then a MacBook with T2 will be... exactly as secure as a machine with no T2 at all, right?

I guess I'm not seeing how this makes a MacBook less secure than alternatives. What am I missing?




It is making it less secure because it gives Apple more access to your hardware (I'd call that a backdoor with extra steps) than it does to yourself. Now with this vulnerability, you get to have equal access.

But then again, I don't quite understand what problem is T2 solving that isn't solved by simply encrypting the file system with FileVault.


Do you mean that you believe Apple has active access to my hardware? Or do you mean that Apple has put a feature in my hardware that neither I nor anyone else can explicitly access without this hack?

Because I believe the latter is true, not the former, but I believe nearly every manufacturer of complicated electronics has put things into their products that I personally cannot explicitly access, so it doesn't bother me as much as it might bother you.


I mean that ordinarily, as intended by design, Apple has the private key they can use to sign the T2 firmware. You don't have the ability to run any code on the T2 whatsoever. And considering that it sits in the middle of most system buses and is more privileged than the main CPU, effectively controlling the entire thing at all times...




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: