Confirmed; this is what happened to my 16" after this install. I needed to do a DFU restore (using Apple Configurator 2 -- you can download it to your hopefully spare MacBook from the app store) to get my mac back up and running. Unfortunately, for some reason, after the DFU restore, my 16" came back up to do a full reinstall, and I had to restore my files from backup.

Took a day, but all's well now.

I hope Apple doesn’t expect that everyone has a “Spare Macbook” laying around. I’ve been experiencing random system crashes when anything connects via TB3, and 3 random Kernel panics since the update.

The SSD in a T2 Mac is encrypted in the same way that an iPhone is, so if the DFU crashes hard enough you’ll have to regenerate new keys and that’s equivalent to drive zero.

Glad it helped.

Is it possible to export a recovery key? Because this kind of failure simply due to a bad update shouldn't be acceptable.

No, it’s not possible to use a FileVault recovery key at this stage of repair.

It’s not failure, it’s secure by design to prevent attackers/governments from stealing your files without consent.

Under DFU brick and reset circumstances, the private key is gone, because otherwise an attacker could just upload a hacked firmware via DFU and access all your files.

I assume the installer uses a different process that performs a DFU upgrade-in-place that safely manages the handoff using signed code and such, but that’s not the process we get as a last restore described above.

If you don’t have off-device backups, you’re accepting the risk of losing all your data at any time due to any number of possible failures (software and hardware). Not much use getting upset about this specific case.

Not sure what DFU means as I'm not familiar with Mac. With any other encryption, it doesn't matter what the state of my system is. As long as I have the key, I can always decrypt it. And it's not a vulnerability. Without the key, the data is effectively inaccessible for everybody else (except maybe somebody with a quantum computer).

You get a recovery key when the original key is generated.

Yes: You can export a FileVault recovery key when enabling FileVault, whether on a T2 Mac or not.

No: There’s no opportunity to use FileVault recovery keys when you’re doing a DFU on a T2 Mac. If you have to DFU, your data is lost.

(edited to clarify per reply)

That wasn't the question I was answering or was asked, I think.

Do T2 Mac’s have DFU mode like iPhone’s? If so that’s news to me and pretty interesting.

The T2 chip itself (runs bridgeOS which is like watchOS) do. It is used only to recover the firmware of the T2, AFAIK it can't be used to write to the SSD directly.

The checkra1n team recently showed that all Macs with a T2 chip are vulnerable to checkm8 exploit used to jailbreak iPhones, and this could persist for a while due to the T2 chip staying on between application processor reboots.

This allows override of mic disconnect (except on the newest models which switched to hardware disconnect), Secure Boot/Firmware Password, and allows you to bypass Apple's signing of Intel ME firmware, TB3 firmware, and CPU microcode. Whether or not there is still Intel signing after that is unknown, but there are already some sort of issues with the host key being leaked on that. The one useful feature I can think of is allowing SSD replacement (you still have to find a way to resolder ofc) and Touch Bar customization.

I think the most likely attack vector for this is an evil maid style attack where corrupted T2 firmware is loaded that rewrites the contents of the SSD while macOS is running to launch further exploit code on that platform.

The one thing not to worry about is if you have FileVault turned on with a password, that still can't be cracked because your password is not stored anywhere on the device. But the BitLocker-style automatic encryption with no password that just locks the SSD to that specific T2 chip isn't useful anymore.

hi, thank you for posting this. I was fascinated by the checkm8 exploit since I read about it last September. Completely unknown to me was that T2 Mac's were also vulnerable to this. With all the vulnerabilities that are now open due to this, i'm questioning was it even worth ever putting these chips inside Macbooks? In retrospect, would they have been better off just scrapping this idea completely? Because the way you put it, due to the checkm8 exploit the T2 is now practically useless in everything it was originally meant to do.

Yes. It’s essentially an ARM A-series chip — it has firmware (BridgeOS) and does have a DFU mode. See https://help.apple.com/configurator/mac/2.7.1/#/apd0020c3dc2

Best have your spare MacBook available to do it!

Love to need another $3000 machine to fix my $3000 machine

Right now, yes, but in usual circumstances you could just borrow a friend's box, your IT department could fix it, or you could have a el-cheapo Mac (either an old one or like a Mini from 2010) that can run Configurator (which doesn't require a recent version of OS X, I don't think).

Still sucks, just a bit less. not really different than an iPhone, except that you can rebuild those on Windows (for now).

Desktop Macs should also be fine.

I wouldn't be surprised if Apple ships Configurator iOS someday, but today is not that day.