Skip to main content

Send us a Topic or Tip

Have a suggestion for the blog? Perhaps a topic you'd like us to write about? If so, we'd love to hear from you! Fancy yourself a writer and have a tech tip, handy computer trick, or "how to" to share? Let us know what you'd like to contribute!

Thanks for reaching out!

iMac Pro’s T2 Chip: What It Is and What It Does

Detail of T2 chip, photo from OWC teardown of the iMac Pro
(Detail of T2 chip, photo from OWC teardown of the iMac Pro.)

Before the iMac Pro finally shipped in late December, 2017, there was a lot of speculation that the powerful desktop machine would contain an Apple A10 chip, possibly for providing always-on “Hey, Siri” support or other unspecified functions. Shortly before the iMac Pro shipped, one developer who was given early access to the device found that the new computer features a unique custom Apple chip — the T2.

Like the T1 used in the 2016 and 2017 MacBook Pro, the T2 is a custom ARMv7 system-on-chip that performs specific security-related functions for the iMac Pro. On the MacBook Pro, the T1 acts as a secure enclave for processing and encrypting fingerprints for Touch ID as well as keeping tabs on the microphone and FaceTime HD camera to keep them safe from hacking. Oddly enough, the T1 runs a special version of watchOS separate from macOS on the computer itself.

On the iMac Pro, the T2 performs a very similar function, providing a secure enclave for encrypted keys. It also handles system functions including the camera and audio control — probably in a manner identical to that on the MacBook Pro — and manages the solid-state drive of the computer. Although we haven’t yet performed tests and have not seen that others have tested the FaceTime HD camera on the iMac Pro, the T2 also allegedly delivers “enhanced image processing” for that camera. An integrated image signal processor allows tone mapping, exposure control, and face detection-based auto exposure and white balance for the FaceTime HD camera. Those functions were provided on older Macs by other hardware and software before being built into the T-series chips.

On December 14, 2017, Apple announced that the T2 integrates several controllers found in other Mac systems, including a system management controller, image signal processor, audio controller, and SSD controller. The secure enclave is teamed with a hardware encryption engine that allows for strong on-chip encryption and hardware verification of system-level software.

Apple says that “The data on your SSD is encrypted using dedicated AES hardware with no effect on the SSD’s performance, while keeping the Intel Xeon processor free for your compute tasks. And secure boot ensures that the lowest levels of software aren’t tampered with and that only operating system software trusted by Apple loads at startup.”

The developer mentioned in the first paragraph of this post, Cabel Sasser of Panic, found during his early access work with the iMac Pro that there are several new macOS utilities that take advantage of the security features of the T2 chip. One of these is the Startup Security Utility, which allows users to enable a firmware password to prevent the Mac from booting from a different hard drive, CD or DVD without that password. Another function is called “Secure Boot” and lets users select a range of security levels from none to “medium” or “full” security (see screenshot below).

iMac Pro Startup Security Utility. Image via Cabel Sasser, Panic Software
(iMac Pro Startup Security Utility. Image via Cabel Sasser, Panic Software.)

Sasser noted in a tweet sent out in mid-December that “This new chip means storage encryption keys pass from the Secure Enclave to the hardware encryption engine in-chip — your key never leaves the chip. And, it allows for hardware verification of OS, kernel, boot loader, firmware, etc… (this can be disabled).”

With Apple’s custom T1 and T2 silicon now providing enhanced security on the MacBook Pro and iMac Pro respectively, there’s a good chance that we may see these or other chips in other future Macs as well.


Steve Sande
the authorSteve Sande
Contributing Author
Steve has been writing about Apple products since 1986, starting on a bulletin board system, creating the first of his many Apple-related websites in 1994, joining the staff of The Unofficial Apple Weblog in 2008, and founding Apple World Today in 2015. He’s semi-retired, loves to camp and take photos, and is an FAA-licensed drone pilot.
Be Sociable, Share This Post!

Leave a Reply

1 Comment