There's a lot of confusion going around about Apple's T2-based Macs, including the iMac Pro (2017), MacBook Pro (2018), and brand new Mac mini (2018) and MacBook Air (2018) and the trade-offs they make between security and repairability. Which is understandable. It's a complex subject, perspective-taking is hard, and the internet is terrible at juggling multiple truths.
Apple likely sees T2 as a major advance in security for the vast majority of its customers at the expense of what is a small and shrinking part of the market that still wants to get inside and mess with the guts of their Macs. Independent repair shops probably see it as yet another blow to traditional, modular computing and their own business models. Where some see badly replaced screens and dangerously swapped batteries, others see overblown, overpriced repairs with no reasonable alternatives.
Latest case in point, from The Verge:
The T2 is "a guillotine that [Apple is] holding over" product owners, iFixit CEO Kyle Wiens told The Verge over email. That's because it's the key to locking down Mac products by only allowing select replacement parts into the machine when they've come from an authorized source — a process that the T2 chip now checks for during post-repair reboot. "It's very possible the goal is to exert more control over who can perform repairs by limiting access to parts," Wiens said. "This could be an attempt to grab more market share from the independent repair providers. Or it could be a threat to keep their authorized network in line. We just don't know."Apple confirmed to The Verge that this is the case for repairs involving certain components on newer Macs, like the logic board and Touch ID sensor, which is the first time the company has publicly acknowledged the new repair requirements for T2-equipped Macs. But Apple could not provide a list of repairs that required this or what devices were affected. It also couldn't say whether it began this protocol with the iMac Pro's introduction last year or if it's a new policy instituted recently.
Here's my understanding: T2 is all about security. Security is perpetually at war with convenience. With T2, the new hardware security is at war with the convenience of indie and self-repair. Apple's not doing anything deliberately or actively to interfere with those types of repairs, they're simply a casualty of the new security systems being put in place.
Security vs. convenience
As much as having T2-level security is a major differentiator for Apple, it's also a huge benefit for many modern Mac customers. That includes tamper protection. If you can simply swap out parts on a T2 system, then T2 offers no real security. That's a huge problem when it comes to things like hardware-based disk encryption and Apple Pay authentication.
Have a target in mind? Get physical access to their machine, swap out the secured parts for compromised parts, and go to town. Think that's hard? How often do you hand over your computer when crossing borders? Apple has spent a lot of time fighting government agencies and bad actors alike, local and international, to prevent bypasses on iOS and, increasingly, that's the level of protection they're aiming for on the Mac.
Making the Mac secure
T2 was designed to prevent all that and more. Including, for example, a website showing you one price and charging you another, higher price. That's done through a hardened, secured channel through the machine, from the Secure Enclave to the display. And it's why, if you do anything that potentially compromises hardware security, potentially including turning off hardware security to run Linux, T2 can disable Touch ID Apple Pay, and require you to authenticate using an iOS device, like you would on a non-Touch ID Mac.
I totally get why indie repair shops feel assaulted. But it's also important to point out that Apple likely cares not one bit about taking market share away from them. Or about them at all. At least not on anything but a basic human level.
Apple has iPhone money. For them, repair is less than a rounding error. Even if that revenue is enormous to the independent repair shops, which no doubt motivates the fear and prompts the push back, more of nearly zero for Apple is still nearly zero.
And being extremist or sensationalist about it on either side, in my humble opinion, only hurts efforts to make fair, accessible, reliable, and affordable repairs available to everyone who needs them.
The power of choice
Now, I'm super sensitive to arguments that trading (repair) freedom for (hardware) security will eventually lead to consumers having neither. But, Apple isn't the industry. Apple may believe its customers want and are better served by integrated, differentiated computers that are more like appliances — more like iOS devices have been from the beginning.
Other companies decidedly do not. For people pissed off at Apple's current direction, for people who value the ability to self-repair, swap, assemble, expand, and even just tinker, those other companies and their products are other, better-for-them options.
If enough people choose those options, Apple will have to pay attention. My hunch is, though, as computers have gone increasingly mainstream, most people, from executives who travel a lot to first-time buyers who've never felt comfortable with the complexity of traditional computing, will find the trade-offs more than worth it. If they think about them at all. And having a private, secure computing option is just as important as having something like the completely customizable Raspberry Pi on the other end — and a good range in between.
I do think, if Apple is creating more secure Macs, then Apple is also taking on the burden of making sure all those Macs have fair, accessible, reliable, and affordable repairs available to them. If Apple ever fails at that, including not having parts or replacements available for new products the same day they ship, then that's worth raising a ruckus over.
