MP 7,1 Will Apple upgrade the 256 GB boot drive?

[goMac]

It's really simple, when new SSD's are detected and setup by the T2 it stores a UUID on them which references a newly generated encryption key stored in the T2. This allows the user to go back and forth between their old modules and the new ones. It's really not hard and it's almost exactly what Apple is doing with their custom tool available only to their own techs.

This makes the design less secure though.

The advantage of the controller only containing one key is that I know if I create a new key, the old one is gone. That way I basically have effectively an instant wipe on the SSD just by replacing the key (which is what iOS does.)

If the controller allowed for multiple keys, there is always going to be a question of if the old key is lurking around somewhere in the controller.

A lot more concerning on a laptop. But still nice to have on a Mac Pro where I might want to sell it and know that the new owner can't get at my data. And a hard requirement at my day job.

 

[defjam]

There is a precedence on the "big" systems, like IBM mainframes, old Cray supercomputers, Sun Starfire, the firmware/"microcode" is stored as files on a separate PC or workstation. The Sun Starfire had to have the workstation load it up over JTAG to boot.

Those are much different systems and, at least when it came to Sun systems, reliance on the SSP (I took an E10K class so I'm very familiar with it) was removed with the release of the SunFire systems. The SSP did a number of things along with the storage of keys so that you could use the system. If I recall not because of any technical dependency but rather licensing reasons.
[automerge]1578594821[/automerge]

Welcome to the new, but not really new, world focused on security. Someone here, forgot who sorry, listed sometime ago all the security implementations being used lately.

How does this make a system more secure? Especially a desktop system?
[automerge]1578595009[/automerge]

A lot more concerning on a laptop. But still nice to have on a Mac Pro where I might want to sell it and know that the new owner can't get at my data. And a hard requirement at my day job.

I'm not sure what you mean here. If you sell your Mac Pro how does this arrangement prevent someone from accessing your data?

 

[konqerror]

A lot more concerning on a laptop. But still nice to have on a Mac Pro where I might want to sell it and know that the new owner can't get at my data. And a hard requirement at my day job.

If you're selling it or sending it for service, then you should be able to run a command and clear the old keys explicitly. Just like doing a TPM clear on a PC to end access to a Bitlocker drive.

You don't want a situation where somebody is troubleshooting and hardware swapping, or a drive one day gives the wrong UUID due to a firmware bug, and suddenly all your data is accidentally lost.

This does happen... I have a Dell which once in a while gets confused and the TPM doesn't unlock. You just shut it down and restart and it works. You do not want your data to be automatically wiped in that situation.

 

[gazwas]

I didn't see anyone overly concerned about reliability but rather the inability to easily swap out the boot drive for a larger one.

And how often do you need to do that?

Sorry, I just think its an overreaction that on the whole new Mac Pro buyers, Macbook Pro and iMac Pro users just don’t seem to have.

 

[konqerror]

And how often do you need to do that?

Sorry, I just think its an overreaction that on the whole new Mac Pro buyers, Macbook Pro and iMac Pro users just don’t seem to have.

Two cases: drive failures. If a boot drive fails on a PC, I can have a new module overnighted, I pull the old one out and pop the new one in about 60 seconds. The Mac now needs a trip to a service center.

Data sanitization. Companies often require old drives be removed and destroyed when the computer is removed from service. Things like financial firms, medical, government. Here you can't do this without an expensive trip to a service center.

 

[defjam]

And how often do you need to do that?

I just attempted to upgrade the drive in my 6,1 just a couple of days ago.

Sorry, I just think its an overreaction that on the whole new Mac Pro buyers, Macbook Pro and iMac Pro users just don’t seem to have.

Aside from the Mac Pro the other systems are difficult to disassemble making replacement of the boot drive more difficult and therefore less likely. However on a system such as the Mac Pro such an upgrade should be easy to do and therefore I think it's unreasonable to have to haul such a system down to the Apple Store just to upgrade the boot drive.
[automerge]1578595962[/automerge]

Two cases: drive failures. If a boot drive fails on a PC, I can have a new module overnighted, I pull the old one out and pop the new one in about 60 seconds. The Mac now needs a trip to a service center.

Data sanitization. Companies often require old drives be removed and destroyed when the computer is removed from service. Things like financial firms, medical, government. Here you can't do this without an expensive trip to a service center.

I was under the impression the boot drive in the 2019 Mac Pro was removable. Is this a misunderstanding on my part?

 

[gazwas]

Two cases: drive failures. If a boot drive fails on a PC, I can have a new module overnighted, I pull the old one out and pop the new one in about 60 seconds. The Mac now needs a trip to a service center.

Data sanitization. Companies often require old drives be removed and destroyed when the computer is removed from service. Things like financial firms, medical, government. Here you can't do this without an expensive trip to a service center.

Two very valid points but with fear of my rebuttal generating more cause for argument I’ll stand by my original point that the OP is in an unfortunate but abnormal situation. The use case for 95% of T2 chipped Macs, this will never be a major issue.

 

[tsialex]

I just attempted to upgrade the drive in my 6,1 just a couple of days ago.


Aside from the Mac Pro the other systems are difficult to disassemble making replacement of the boot drive more difficult and therefore less likely. However on a system such as the Mac Pro such an upgrade should be easy to do and therefore I think it's unreasonable to have to haul such a system down to the Apple Store just to upgrade the boot drive.

If you don't like the way Apple implemented encrypted storage with T2, you still have option of bypassing it with a Mac Pro 2019 for booting. Just enable external booting with Startup Security Utility and use your own PCIe/SATA boot drive.

You can't remove the NAND modules, have to be present, but you can easily bypass the T2 storage.

 

[Quu]

This makes the design less secure though.

The advantage of the controller only containing one key is that I know if I create a new key, the old one is gone. That way I basically have effectively an instant wipe on the SSD just by replacing the key (which is what iOS does.)

If the controller allowed for multiple keys, there is always going to be a question of if the old key is lurking around somewhere in the controller.

A lot more concerning on a laptop. But still nice to have on a Mac Pro where I might want to sell it and know that the new owner can't get at my data. And a hard requirement at my day job.

If they have access to your machine to be able to get the key from the T2 then whats it matter if there's an old key in there? the current key is always there!

Come on people use your heads.

 

[goMac]

If they have access to your machine to be able to get the key from the T2 then whats it matter if there's an old key in there? the current key is always there!

Come on people use your heads.

You can't extract the current key from T2.

Which is why the FBI is so mad about iPhones.

Also them not having access to the old key is the entire point. The old key gets them access to my data. The new key does not.

The chip physically supporting multiple keys doesn't give me assurances that that old key was actually deleted. While they can't read the key back out, can they repoint at the old key?

This also complicates boot time. Which password at preboot unlocks which key?

 

[ZombiePhysicist]

Two cases: drive failures. If a boot drive fails on a PC, I can have a new module overnighted, I pull the old one out and pop the new one in about 60 seconds. The Mac now needs a trip to a service center.

Data sanitization. Companies often require old drives be removed and destroyed when the computer is removed from service. Things like financial firms, medical, government. Here you can't do this without an expensive trip to a service center.

I think those are fair uses. To me the solution is simple. Get the minimum size drive and let it be used as glorified PRAM and an emergency boot drive. Don't put anything on there. Use a PCI SSD solution. Much cheaper. Way faster. Has all the normal benefits.
[automerge]1578597171[/automerge]

If you don't like the way Apple implemented encrypted storage with T2, you still have option of bypassing it with a Mac Pro 2019 for booting. Just enable external booting with Startup Security Utility and use your own PCIe/SATA boot drive.

You can't remove the NAND modules, have to be present, but you can easily bypass the T2 storage.

Do you need to change the external boot setting for PCI or internal sata port booting? Seems those are rather internal. They should change the name to "Non T2 based drives" if thats the case.

 

[defjam]

If you don't like the way Apple implemented encrypted storage with T2, you still have option of bypassing it with a Mac Pro 2019 for booting. Just enable external booting with Startup Security Utility and use your own PCIe/SATA boot drive.

I don't want to have to use external devices just to boot my Mac. IMO this is a restriction for which I have yet to see a sensible reason for.
[automerge]1578597375[/automerge]

You can't extract the current key from T2.

Which is why the FBI is so mad about iPhones.

Also them not having access to the old key is the entire point. The old key gets them access to my data. The new key does not.

The chip physically supporting multiple keys doesn't give me assurances that that old key was actually deleted. While they can't read the key back out, can they repoint at the old key?

This also complicates boot time. Which password at preboot unlocks which key?

Why not? For a single key implementation what assurances do you have the old key isn't recoverable?

 

[Zellio]

If you don't like the way Apple implemented encrypted storage with T2, you still have option of bypassing it with a Mac Pro 2019 for booting. Just enable external booting with Startup Security Utility and use your own PCIe/SATA boot drive.

You can't remove the NAND modules, have to be present, but you can easily bypass the T2 storage.

And the moment the built in ssd dies the machine is useless unless you return it apple.

What if they don't have the parts anymore down the road?

Quit making excuses for this.

 

[konqerror]

I was under the impression the boot drive in the 2019 Mac Pro was removable. Is this a misunderstanding on my part?

The drives can be physically swapped, but the computer will not boot without the new drive being paired to the T2, and firmware reloaded with a service center-only tool.

 

[Moof1904]

OP here.

I just spoke with Apple and the boot "drive" is not upgradeable via an Apple service visit. My only option is to return the Mac Pro during the 14-day return period and purchase the configuration that I want.

 

[tsialex]

Do you need to change the external boot setting for PCI or internal sata port booting? Seems those are rather internal. They should change the name to "Non T2 based drives" if thats the case.

Yes, Apple can word it better with Startup Security Utility to explain the Mac Pro 2019 difference here. With a Mac Pro 2019, only T2 storage is considered internal and everything else is external even with "Physical Interconnect Location" reporting the two SATA ports clearly as internal. I posted about that before:

 

[ZombiePhysicist]

OP here.

I just spoke with Apple and the boot "drive" is not upgradeable via an Apple service visit. My only option is to return the Mac Pro during the 14-day return period and purchase the configuration that I want.

Wow, that's pretty disgusting. Sorry to hear OP. That all said, I'm glad Im not using their T2 boondongle drives.

 

[defjam]

The drives can be physically swapped, but the computer will not boot without the new drive being paired to the T2, and firmware reloaded with a service center-only tool.

They don't have to be swapped, they can just be removed. A lot of retired business systems do not ship with hard disks. But I think I know where you 're going with this, if the drive cannot be user replaced it greatly diminishes the value of the system on the used market.
[automerge]1578600155[/automerge]

OP here.

I just spoke with Apple and the boot "drive" is not upgradeable via an Apple service visit. My only option is to return the Mac Pro during the 14-day return period and purchase the configuration that I want.

This is even worse.

 

[profdraper]

FWIW, I noticed this in the Apple Care+ documentation that came with the MP7.1:

Apple will provide Hardware or ADH Service to you through one or more of these options:
(a) Carry-in service. Carry-in service is available for most Covered Equipment. Return the Covered
Equipment to an Apple-owned retail store location ... [blah blah]

(b) Onsite service. Onsite service is available for many desktop and portable computers computers as
well as for the Apple-branded display if the location of the Covered Equipment is within 80 kilometers
radius of an Apple Authorised Onsite Service Provider ... [blah blah]

So, it may well be that the second option [still] only applies to corporate /uni purchases & have made use of that in the past with large, multiple unit installs with my own university. However, re. the 'private user' and my own personal MP7,1 I am curious about this. For one, it is just plain dopey to expect one to lug this workstation back to one of those awful mall-Apple Stores full of smiley people poking at iPhones [sorry]. That is certainly *not* what I would expect of so-called 'pro' support (although Apple seem insistent on now using that term for everything, even a 'pro' iPhone. WTF?)

Anyways, one of my central and initial concerns for this purchase was in terms of the 3 year Apple Care+ & which I'd thought to be highly noncompetitive with similarly priced options from say Dell or HP where the norm is on-site warranty. In the case of my Dell workstation and convertible, this has been excellent in the past. So, given the text in the Apple Care+ plan above (and which I have not noticed before in a 'consumer' purchase), perhaps there may well be some sensible options for servicing the nMP7,1 on-site? Shall poke at Apple a little more about this in the near future & I certainly live within '80k radius' of an Apple Service Provider.

 

[Quu]

You can't extract the current key from T2.

Which is why the FBI is so mad about iPhones.

Also them not having access to the old key is the entire point. The old key gets them access to my data. The new key does not.

The chip physically supporting multiple keys doesn't give me assurances that that old key was actually deleted. While they can't read the key back out, can they repoint at the old key?

This also complicates boot time. Which password at preboot unlocks which key?

Your understanding of all this is wrong. All the keys would only ever be stored in the T2 chip. Just like it is with whatever current SSD you have. Each SSD you use gets its own key, also stored in the T2. It doesn't matter if they get your old SSD's the key it uses isn't the same as the one used for your current setup etc

This is all basic encryption stuff that has been used in computers for years and years. Apple just leveraged their iPhone model on this, it's just a meh solution really, doesn't increase security.
[automerge]1578606092[/automerge]

OP here.

I just spoke with Apple and the boot "drive" is not upgradeable via an Apple service visit. My only option is to return the Mac Pro during the 14-day return period and purchase the configuration that I want.

My initial reaction, wow haha. Apple just so out of touch.

 

[goodcow]

OP here.

I just spoke with Apple and the boot "drive" is not upgradeable via an Apple service visit. My only option is to return the Mac Pro during the 14-day return period and purchase the configuration that I want.

It's ridiculous, but this is what I expected.

I recently bought a 2018 Mac mini to replace my 2012 Mac mini server. I want to repurpose the old Mini as a media server, and was considering bringing it to the Apple Store for them to remove both hard drives, and install an SSD (not even my own SSD, I mean the original BTO SSD option, "661-6047 256GB, Upper Bay, Solid State Drive"). But the answer was no, while they can do repairs, they can't change anything in terms of how the machine was originally configured, even though it's out of warranty, and I was potentially willing to pay them.

 

[konqerror]

It's ridiculous, but this is what I expected.

I recently bought a 2018 Mac mini to replace my 2012 Mac mini server. I want to repurpose the old Mini as a media server, and was considering bringing it to the Apple Store for them to remove both hard drives, and install an SSD (not even my own SSD, I mean the original BTO SSD option, "661-6047 256GB, Upper Bay, Solid State Drive"). But the answer was no, while they can do repairs, they can't change anything in terms of how the machine was originally configured, even though it's out of warranty, and I was potentially willing to pay them.

No difference from the PC manufacturers, the range of factory-supported upgrades are limited to things like extra drives, video cards, and RAM that the user can officially install themselves. They'll sell you the parts for things like a CPU or drive backplane, but will not provide labor or a guarantee that it will work.
[automerge]1578607693[/automerge]

The chip physically supporting multiple keys doesn't give me assurances that that old key was actually deleted. While they can't read the key back out, can they repoint at the old key?

As a direct example on how that's a faulty assumption, Samsung screwed up their SSD encryption by placing encrypted key data in garbage-collected flash. The system only supports one password, but when somebody changed the password, the key block protected with the old password was not erased. An attack was demonstrated where the old key block was substituted for the new one and access was gained with the old password.

 

[AidenShaw]

I just spoke with Apple and the boot "drive" is not upgradeable via an Apple service visit. My only option is to return the Mac Pro during the 14-day return period and purchase the configuration that I want.

So, your options are basically the same as if the FLASH cards were soldered to the motherboard - but it's cheaper for Apple to repair a failed FLASH card.

Wake up, sheeple!

 

[deconstruct60]

Two cases: drive failures.

Occurs how often?

Data sanitization. Companies often require old drives be removed and destroyed when the computer is removed from service. Things like financial firms, medical, government. Here you can't do this without an expensive trip to a service center.

errr. If machine is being removed from service then it isn't running anymore. So it doesn't matter to that company if it doesn't run anymore. The company here is throwing away a working drive... that is going to be a base line expense regardless. The company has probably written the value of these systems down to zero anyway. ( The hiccup being outlined here is only when trying to sell a system after it has been written down to zero. ).

If shipping to Apple Mac recycling anyway. Apple could put them back in if they wanted to divert those systems into the refurb market. Which actually is better off with brand new drives. ( as opposed to 3-6 year far more deeply worn ones. )
[automerge]1578728469[/automerge]

They don't have to be swapped, they can just be removed. A lot of retired business systems do not ship with hard disks. But I think I know where you 're going with this, if the drive cannot be user replaced it greatly diminishes the value of the system on the used market.

It doesn't diminish the value to buyer just the seller. Need to sell it at a cost where someone can pay to fix what some other company casually destroyed. The major impact here is on the folks to scoop up old equipment form companies, "polish it up" and then sell it used. Middleman businesses.

Also for countries where these "scrap" systems get shipped to and there are few to none Apple Authorize service venues there.

It would be an easier path of Apple had a system worked out with companies that had "destroy media on retire" policies where they could just pick those up and ship them to a depot for refurb prep. It is an issue where Apple should be putting more proactive thought into what they are going to do. [ it is probably the case that the standard procedure it to ship back defective NAND modules for new ones shipped out. So this whole disappearing and destroy act will throw that sideways if a chunk of machines land at severice provider and need more than several NAND modules. It will stick out as odd. ]

 

[deconstruct60]

FWIW, I noticed this in the Apple Care+ documentation that came with the MP7.1:

Apple will provide Hardware or ADH Service to you through one or more of these options:
(a) Carry-in service. Carry-in service is available for most Covered Equipment. Return the Covered
Equipment to an Apple-owned retail store location ... [blah blah]

(b) Onsite service. Onsite service is available for many desktop and portable computers computers as
well as for the Apple-branded display if the location of the Covered Equipment is within 80 kilometers
radius of an Apple Authorised Onsite Service Provider ... [blah blah]

...... For one, it is just plain dopey to expect one to lug this workstation back to one of those awful mall-Apple Stores full of smiley people poking at iPhones [sorry]. That is certainly *not* what I would expect of so-called 'pro' support (although Apple seem insistent on now using that term for everything, even a 'pro' iPhone. WTF?)

Apple Care+ should work at any Authorized Service provider. Part of that "blah blah" is likely something not binding you to an awful mall store in more than just a few locations. Frankly, there are lots of locations where there are no awfull mall stores, but there are other options.

I suspect many of the onsite service options are not based out of 'awful mall locations" either.

Apple is making it increasingly more annoying to casually find what the list of Authorized support locations are on their support website.

Apple at one point was outsourcing major enterprise support out to IBM for coverage. it is the pro but a small operation they don't really aim at. If have business sales representative what the "path" to the service options can be illuminated by them.