Another reason to hate #Apple We're seeing more 2018+ MacBook Pro/Air donations — but Apple's T2 chip means even after iCloud sign-out and reset, the firmware stays locked to the original account.
-
Another reason to hate #Apple We're seeing more 2018+ MacBook Pro/Air donations — but Apple's T2 chip means even after iCloud sign-out and reset, the firmware stays locked to the original account.
Without donor contact, these machines are useless.
I've upcycled ~1,000 older Macs, but T2 era machines will end that. It's controlling, creates e-waste, and will only get worse. #righttorepair matters — Apple couldn't care less.
@codemonkeymike I do appreciate that T2 chips make my macBook basically not a good target for thieves though: They by know understand that stealing these devices is not worth it and don't even attempt.
But it will take time until donors understand that they need to do EACS, which is quite simple:
Erase your Mac and reset it to factory settings - Apple Support
Use the Erase All Content and Settings feature to quickly and securely erase all settings, data, and apps, while maintaining the operating system currently installed.
Apple Support (support.apple.com)
But this isn't widely known yet. There's been some people who had luck with going to Apple Stores and providing some kind of guarantee that these are donated pieces but it's a hassle. But for such a big stack, buying a T203 would potentially make sense, could perhaps even be part of a hacker space's tools.
-
@yama @codemonkeymike @paulywill
It's in non-volatile memory (EEPROM) embedded in the chipset. It won't forget for 100 years.@RealGene @codemonkeymike @paulywill Is that an actual number ? Well that sucks. Then there have to be other ways of fooling it
-
Another reason to hate #Apple We're seeing more 2018+ MacBook Pro/Air donations — but Apple's T2 chip means even after iCloud sign-out and reset, the firmware stays locked to the original account.
Without donor contact, these machines are useless.
I've upcycled ~1,000 older Macs, but T2 era machines will end that. It's controlling, creates e-waste, and will only get worse. #righttorepair matters — Apple couldn't care less.
@codemonkeymike Hmm, I’m about to donate a bunch of MacBooks. All personal devices that were collecting dust. I’ve reset them and reinstalled the latest macOS possible.
Any way to check if they’re still locked?
-
@nicolas17 @yama @codemonkeymike @paulywill this, most modern machines use NVRAM for variable store. You can't reset it by just yoinking the power.
Not sure how it's done on T2-based x86 (assuming T2 acts as ROT), x86 itself isn't fused so firmware isn't tamper-protected but it could be done by T2 (from what I remember, T2 emulates SPI to the x86 host and actual x86 UEFI lives in dedicated portion of an "SSD".
T2 should be vulnerable to checkra1n though, so it should be possible to fool the ROT and at least modify NVRAM variables to change security policy but it would require some research.@elly @codemonkeymike @paulywill Apparently "google is not your friend" as i cant seem to find anything that concretely tells me how nvram stores data "without power". The web truly is dogcrap theese days...
-
@miked1112 @codemonkeymike you have to specifically remove the iCloud account using these steps, logging out of iCloud and reseting the device is not enough. it's a (purposely?) confusing end user experience. https://support.apple.com/en-us/102773
@ben @miked1112 @codemonkeymike It seems pretty easy to me — go to settings > Erase > follow the guide.
-
Hmm… for the hardware firmware I’d still want to have to unlock it on device rather than having an attack surface/backdoor from the internet to exploit. Apple had the issue a couple years ago with thieves exploiting the remote password change to workaround the phone protections.
But I get how it sucks for this use case.
Like a lot of things, for 99% of users who don’t care they should default to a version that’s secure from most thieves but not totally secure from government and then let the users who really care opt in to the stronger lockdown mode.
@HitokiriEric @codemonkeymike @coldclimate i havent read most of this thread, but i read up to this point and i dont plan to read any more after writing this reply here, but i just want to say, the way you talk about people is extremely infantilizing.
Like a lot of things, for 99% of users who don’t care they should default to a version that’s secure from most thieves but not totally secure from government
i think like 99% of things you have a hard time with people because you see them as helpless baby sheep who need a nanny for lacking your superior intellect. and yeah im gathering all of this from reading on reply of yours on a website... but honestly dog i feel so confident in this assessment that i am quite sure i wont be the one thinking about it in an hour.
-
@codemonkeymike@fosstodon.org this is fucking evil. like its not just inconvenient and greedy, it is blatantly evil.
@LunaCOLON3 @codemonkeymike@fosstodon.org im pretty sure a Supreme Court ruling from a few years back forced apple to release flashing scripts to reset the machine to new?
ive been able to defeat T2 era chips/phones before and flash a new OS with no reference to the previous iCloud owner (at least im pretty sure I have) -
Another reason to hate #Apple We're seeing more 2018+ MacBook Pro/Air donations — but Apple's T2 chip means even after iCloud sign-out and reset, the firmware stays locked to the original account.
Without donor contact, these machines are useless.
I've upcycled ~1,000 older Macs, but T2 era machines will end that. It's controlling, creates e-waste, and will only get worse. #righttorepair matters — Apple couldn't care less.
@codemonkeymike Reminds me that this whole ecosystem is broken - My phone number was for a few months for testing purposes in Apple business manager (some 4 years ago) as "technical contact" and even though it's not there anymore, just last year I got three calls from confused people who bought a new MacBook from one of the retailers we used and it presented them with device management window and my phone number ... Not only the retailer mistakenly assigned the serial number under the apple business manager, somehow my phone number still resufarces from time to time even though Apple representatives say it's not there anymore. And even the process of selling old Macs to users and getting them out from Apple business manager is not reliable (at least it wasn't a few years back).
-
@codemonkeymike Link to information about this? Are you saying that the donors failed to clear these machines properly before getting rid of them, or that it is impossible for them to do so?
@LoneLocust @codemonkeymike yeah I’m calling BS on this. I have reset countless Macs, and while it’s true that Activation Lock is a pain, it’s completely false that it’s forever tied to an Apple account. If they remove it properly, the account association is gone completely.
It can be tricky to remove it properly because sometimes you think you removed it just for it to reappear later, but it’s absolutely doable.
-
@HitokiriEric @codemonkeymike @coldclimate i havent read most of this thread, but i read up to this point and i dont plan to read any more after writing this reply here, but i just want to say, the way you talk about people is extremely infantilizing.
Like a lot of things, for 99% of users who don’t care they should default to a version that’s secure from most thieves but not totally secure from government
i think like 99% of things you have a hard time with people because you see them as helpless baby sheep who need a nanny for lacking your superior intellect. and yeah im gathering all of this from reading on reply of yours on a website... but honestly dog i feel so confident in this assessment that i am quite sure i wont be the one thinking about it in an hour.
@0x00string @codemonkeymike @coldclimate
This is an excessively rude and cruel response. The way you’re talking to people is extremely misanthropic and lacks any empathy. Honestly, dog, you’ve added nothing to this exchange except shittiness so peace out.
-
@LoneLocust @codemonkeymike yeah I’m calling BS on this. I have reset countless Macs, and while it’s true that Activation Lock is a pain, it’s completely false that it’s forever tied to an Apple account. If they remove it properly, the account association is gone completely.
It can be tricky to remove it properly because sometimes you think you removed it just for it to reappear later, but it’s absolutely doable.
@can I’m not doubting that there’s a problem of locked machines downwind in the second hand market — people do die without providing their passwords, so there are machines that “died” with their owner, and that is a waste.
I’m just trying to understand in what circumstances Apple has the power to do anything about it, if any.
-
Another reason to hate #Apple We're seeing more 2018+ MacBook Pro/Air donations — but Apple's T2 chip means even after iCloud sign-out and reset, the firmware stays locked to the original account.
Without donor contact, these machines are useless.
I've upcycled ~1,000 older Macs, but T2 era machines will end that. It's controlling, creates e-waste, and will only get worse. #righttorepair matters — Apple couldn't care less.
I'm not an apple user so I wonder, is that a result of the original user not removing their account correctly or is this is a matter of "once the owner, forever the owner"?
-
Another reason to hate #Apple We're seeing more 2018+ MacBook Pro/Air donations — but Apple's T2 chip means even after iCloud sign-out and reset, the firmware stays locked to the original account.
Without donor contact, these machines are useless.
I've upcycled ~1,000 older Macs, but T2 era machines will end that. It's controlling, creates e-waste, and will only get worse. #righttorepair matters — Apple couldn't care less.
@codemonkeymike Contact Apple. Ask for the Enterprise Support Team to look into this. You will have to have some sort of proof about what your organisation does; how you normally obtain the machines. It's likely a "device to device" decision since the devices are locked by the (ex)owner. However, in certain cases Apple may be able to help. (Note: if these used to be for example university DEP enrolled machines, Apple likely can not do anything)
-
@can I’m not doubting that there’s a problem of locked machines downwind in the second hand market — people do die without providing their passwords, so there are machines that “died” with their owner, and that is a waste.
I’m just trying to understand in what circumstances Apple has the power to do anything about it, if any.
@LoneLocust Apple can unlock these Macs, and there’s a process to do it. But you need an invoice with the serial number that states that you are the owner of the device. Obviously the rules there are very strict, otherwise every thief would just fake an invoice and get the Mac unlocked, at which point why even bother with the lock.
The process works well for people with an original invoice from an Apple reseller (I’ve done it many times myself), but you probably won’t get anywhere as soon as the Mac has changed owners once.
Personally, I think it’s a good compromise. The fact that it’s almost impossible for thieves to unlock Macs is a huge win, and *if* people properly dispose of the Macs, reselling/recycling works still.
-
Another reason to hate #Apple We're seeing more 2018+ MacBook Pro/Air donations — but Apple's T2 chip means even after iCloud sign-out and reset, the firmware stays locked to the original account.
Without donor contact, these machines are useless.
I've upcycled ~1,000 older Macs, but T2 era machines will end that. It's controlling, creates e-waste, and will only get worse. #righttorepair matters — Apple couldn't care less.
@codemonkeymike I am not a lawyer, but I am under the impression that the upcoming Circular Economy Act in the EU will prevent manufacturers from pulling off shit like this.
-
@coldclimate it really hurts every one of my brain cells. How could they not have thought about this?
@codemonkeymike @coldclimate I'm one hundred percent sure they DID think of this
-
Another reason to hate #Apple We're seeing more 2018+ MacBook Pro/Air donations — but Apple's T2 chip means even after iCloud sign-out and reset, the firmware stays locked to the original account.
Without donor contact, these machines are useless.
I've upcycled ~1,000 older Macs, but T2 era machines will end that. It's controlling, creates e-waste, and will only get worse. #righttorepair matters — Apple couldn't care less.
@codemonkeymike right there.
I am never (unless they change radically) going to purchase an Apple product.
I will not willingly support this sort of shit. They can have the fastest laptop CPUs with the best battery life, etc. And they can keep it for all i care. I'll not support that sort of practice.
-
@codemonkeymike I had someone give me a used iPad last year and they hadn't reset it and the absolute nightmare I had getting it to work.
They wound up having to trust me with their username and password to log into their account so I could physically deal with it on the device.
Absolute fucking bullshit.
@retrosponge @codemonkeymike I tried to take over an old iPad my mom had forgotten the PIN to. I have to have a Mac to reset it and then I have to repeat it again one week later. Trash.
-
Another reason to hate #Apple We're seeing more 2018+ MacBook Pro/Air donations — but Apple's T2 chip means even after iCloud sign-out and reset, the firmware stays locked to the original account.
Without donor contact, these machines are useless.
I've upcycled ~1,000 older Macs, but T2 era machines will end that. It's controlling, creates e-waste, and will only get worse. #righttorepair matters — Apple couldn't care less.
@codemonkeymike do you have any more info on the internal workings of these restrictions? Because the T2 chip has known vulnerabilities in both SecureROM and SEPROM...
-
Another reason to hate #Apple We're seeing more 2018+ MacBook Pro/Air donations — but Apple's T2 chip means even after iCloud sign-out and reset, the firmware stays locked to the original account.
Without donor contact, these machines are useless.
I've upcycled ~1,000 older Macs, but T2 era machines will end that. It's controlling, creates e-waste, and will only get worse. #righttorepair matters — Apple couldn't care less.
@codemonkeymike incredible
! MacOS is and always being a trending OS - or almost the cool expensive solution to Windows - pretty nice to be able to use Linux on whatever you want; looking forward to alternative to Android too 
