The original source[0] states that access to Recovery Mode is not possible, at least in some cases. One user there reports[1] that the device shows no signs of life--no power, no fans spinning, nothing:
> No power at all. I tried SMC and PRAM reset but sadly was unable to do either since my computer won’t even turn on.
Computer went to sleep after the update. This was on Friday. Haven't been able to do any kind of thing on it. Trackpad 'clicks' but no screen, not touchbar, nothing (2018 Macbook Pro).
Called apple, they tld me it had to go a store, unfortunately where I live, due to quarantine there are no shops available to pick it, and we aren't allowed to drive outside our district.
Will try the apple configurator idea someone posted below and will report back. Just need to find a cable that supports both power and data that is USB a to USB c.
If your entire startup is dependent on one single Macbook there is something severely wrong with your business model and I hope your customers and/or investors are aware of this risk before giving you any money.
Obviously depending on a laptop for runtime code would be bad, but plenty of early stage startups depend heavily on a small number of machines for customer support and continued development.
Probably a bigger issue isn’t that they’re a single laptop failure away from collapse, the bigger problem is that replacing a laptop right now would be unusually difficult.
In the world of git and cheaply available easy to use backup software, there is zero excuse to not have backups of everything to load on another machine. Even if you want to avoid the cloud and keep it local, a 128gb USB3 drive is under $50.
“A small number of machines” is not what we are talking about. We’re talking about one single consumer-grade laptop that would collapse the entire business forever.
Giving the benefit of the doubt; it’s entirely possible they have that setup, with the tacit assumption that if their machine died they could buy another same day.
Now, you really can’t buy another laptop same day.
Yeah. I gave my MBP (late 2016 “Esc”) to the Apple Store in London for repairs on 12 February. They decided to replace it (yay) and the replacement is scheduled to reach me the week after next. That’s about 10 weeks without my main machine, thanks to SARS-CoV-2. Really drives home the need for a contingency plan.
Might not be a bad idea to buy another laptop (cheap) and just boot it up once a month to make sure you can use it, and if your system dies, then just pull that one out and use it while Apple RMAs your primary. If the cheap laptop doesn't have enough power, just connect to an Amazon Workspace or something and use that until your normal laptop can work again.
Tried it all, nothing worked. Even the DFU revive/restore.
Tomorrow will call a close enough store that seems to be (stated on their website) doing pick-ups and see if they can come and pick it.
My main concern now is they will try to try and charge 1000 or so euros for a repair and I will have to eat the cost as I can't really ask for a replacement one from company or friends since everyone is stuck at home
All possible things. 30 seconds, 60 seconds. 10 seconds then plug in cable. SMC reset. DFU mode (it enters dfu mode, but restore doesn't work). I spent the last 48 hours trying to bring it back to life. Unless Apple releases some kind of software we can use on another mac to 'fix' this one, I don't feel it will be fixed without shipping it to them.
Confirmed; this is what happened to my 16" after this install. I needed to do a DFU restore (using Apple Configurator 2 -- you can download it to your hopefully spare MacBook from the app store) to get my mac back up and running. Unfortunately, for some reason, after the DFU restore, my 16" came back up to do a full reinstall, and I had to restore my files from backup.
I hope Apple doesn’t expect that everyone has a “Spare Macbook” laying around. I’ve been experiencing random system crashes when anything connects via TB3, and 3 random Kernel panics since the update.
The SSD in a T2 Mac is encrypted in the same way that an iPhone is, so if the DFU crashes hard enough you’ll have to regenerate new keys and that’s equivalent to drive zero.
No, it’s not possible to use a FileVault recovery key at this stage of repair.
It’s not failure, it’s secure by design to prevent attackers/governments from stealing your files without consent.
Under DFU brick and reset circumstances, the private key is gone, because otherwise an attacker could just upload a hacked firmware via DFU and access all your files.
I assume the installer uses a different process that performs a DFU upgrade-in-place that safely manages the handoff using signed code and such, but that’s not the process we get as a last restore described above.
If you don’t have off-device backups, you’re accepting the risk of losing all your data at any time due to any number of possible failures (software and hardware). Not much use getting upset about this specific case.
Not sure what DFU means as I'm not familiar with Mac. With any other encryption, it doesn't matter what the state of my system is. As long as I have the key, I can always decrypt it. And it's not a vulnerability. Without the key, the data is effectively inaccessible for everybody else (except maybe somebody with a quantum computer).
The T2 chip itself (runs bridgeOS which is like watchOS) do. It is used only to recover the firmware of the T2, AFAIK it can't be used to write to the SSD directly.
The checkra1n team recently showed that all Macs with a T2 chip are vulnerable to checkm8 exploit used to jailbreak iPhones, and this could persist for a while due to the T2 chip staying on between application processor reboots.
This allows override of mic disconnect (except on the newest models which switched to hardware disconnect), Secure Boot/Firmware Password, and allows you to bypass Apple's signing of Intel ME firmware, TB3 firmware, and CPU microcode. Whether or not there is still Intel signing after that is unknown, but there are already some sort of issues with the host key being leaked on that. The one useful feature I can think of is allowing SSD replacement (you still have to find a way to resolder ofc) and Touch Bar customization.
I think the most likely attack vector for this is an evil maid style attack where corrupted T2 firmware is loaded that rewrites the contents of the SSD while macOS is running to launch further exploit code on that platform.
The one thing not to worry about is if you have FileVault turned on with a password, that still can't be cracked because your password is not stored anywhere on the device. But the BitLocker-style automatic encryption with no password that just locks the SSD to that specific T2 chip isn't useful anymore.
hi, thank you for posting this. I was fascinated by the checkm8 exploit since I read about it last September. Completely unknown to me was that T2 Mac's were also vulnerable to this. With all the vulnerabilities that are now open due to this, i'm questioning was it even worth ever putting these chips inside Macbooks? In retrospect, would they have been better off just scrapping this idea completely? Because the way you put it, due to the checkm8 exploit the T2 is now practically useless in everything it was originally meant to do.
Right now, yes, but in usual circumstances you could just borrow a friend's box, your IT department could fix it, or you could have a el-cheapo Mac (either an old one or like a Mini from 2010) that can run Configurator (which doesn't require a recent version of OS X, I don't think).
Still sucks, just a bit less. not really different than an iPhone, except that you can rebuild those on Windows (for now).
> No power at all. I tried SMC and PRAM reset but sadly was unable to do either since my computer won’t even turn on.
[0]: https://forums.macrumors.com/threads/warning-macos-catalina-...
[1]: https://forums.macrumors.com/threads/warning-macos-catalina-...