> I appreciate the desire at making a device difficult for a bad actor to get to your data
That's what FileVault is for. I don't understand what's the problem T2 is trying to solve by its existence. Being able to use something else to read the data from a drive you pulled out of your computer, after decrypting it with your password, is a feature, not a bug. T2 is a regression, not an improvement in security. You can't call it a security product if you keep the master key, which Apple does.
One of the value props was the inability to reset and resell if it were lost or stolen. Now that it’s cracked there is more of an incentive to not try and find the owner.
As for actual data security you are probably right
> One of the value props was the inability to reset and resell if it were lost or stolen.
It's sure one of those nice to have features, but there's no good reason why it has to be mandatory like it is. All in all, having a device purposefully retain some information when you factory reset it is user-hostile.
The "lost or stolen" argument also hardly holds for desktop computers like Mac Pro or Mac Mini or iMac, yet they still have T2s in them.
But one of the things about Apple products that makes people okay with the exorbitant pricing is the resale value. I thought Apple themselves realized this?
> The mini operating system on the T2 (SepOS) suffers from a security vulnerable also found in the iPhone 7 since it contains a processor based on the iOS A10.
> ..Using the checkm8 exploit originally made for iPhones, the checkra1n exploit was developed to build a semi-tethered exploit for the T2 security chip, exploiting a flaw. This could be used to e.g. circumvent activation lock, allowing stolen iPhones or macOS devices to be reset and sold on the black market.
> Since sepOS/BootROM is Read-Only Memory for security reasons, interestingly, Apple cannot patch this core vulnerability without a new hardware revision.
From what I could find, the encryption keys of the T2 are still secure but the OS running on it is not. Wiping the SSD and/or repairing another might be enough to resell the device without any locks but I'm not 100% sure about that.
> I don't understand what's the problem T2 is trying to solve by its existence.
watch the 2 security briefings that Apple delivered at black hat. i think they are 3 years apart and each touched on different aspects. i might be misremembering and T2 is covered in just one of them.
That's what FileVault is for. I don't understand what's the problem T2 is trying to solve by its existence. Being able to use something else to read the data from a drive you pulled out of your computer, after decrypting it with your password, is a feature, not a bug. T2 is a regression, not an improvement in security. You can't call it a security product if you keep the master key, which Apple does.