The Apple T2 is a trusted security chip. We can easily explain its name. The T2 secures essential features, such as secure boot, Activation Lock, Touch ID, encrypted data storage, etc.
How does Apple T2 security chip work? The Apple T2 chip has control over the MacOS boot procedure. It makes sure that users install drives that Apple approves. Its work begins as soon as a power button is pressed on your Mac computer and lasts until you see MacOS desktop. In other words, one of its primary functions is to verify that Apple has signed your OS and bootloader.
The T2 is also responsible for all encryption data on the hard drive. In previous Mac versions, this function was performed by CPU, which loaded it heavily. By moving these features to the T2 Chip, Apple has significantly improved the newer Mac's performance. The T2 gives the CPU more resources. The Chip secures the Touch ID feature, which is available in MacBook Air and MacBook Pro. The fingerprint scanner in these devices gives a user a quick login option and approves the admin-level requests. The Apple T2 chip helps to store the fingerprint data securely.
It also handles verification requests from different apps. The T2 Chip makes sure that no applications get access to your fingerprint information through Touch ID or Face. When the verification is requested, the Apple T2 Security chip compares the fingerprint with data secured in the enclave coprocessor and notifies of the result.
These Mac computers have the Apple T2 Security Chip:
If you match the Mac’s EMC number to one in the list below, it has a T2 Chip:
According to theiphonewiki these models are vulnerable to checkm8 exploit:
The Apple T2 Chip is running its unique OS called bridgeOS. It is the modified version of Apple watchOS, which can be updated when installing a new macOS version.
According to guys from ironpeak, the boot process flows like this:
The T2 chip is fully booted and stays on, even if your Mac device is shutdown.
The press of the power button or the opening of the lid triggers the System Management Controller (SMC) to boot.
The SMC performs a Power-On-Self-Test (POST) to detect any EFI or hardware issues such as bad RAM and possibly redirect to Recovery.
After those basic sanity checks, the T2 chip is triggered and I/O connectors are setup. (USB, NVMe, PCIe, …) It will use NVMe and PCIe to talk to NAND storage.
The applicable boot disk is selected and a disk encryption password is asked if enabled to mount APFS volumes possibly via FileVault2 disk encryption.
/System/Library/CoreServices/boot.efi is located on your System APFS volume and depending on your secure boot settings is validated.
boot.efi is ran which loads the Darwin kernel (throwback to BSD) (or Boot Camp if booting Microsoft Windows) & IODevice drivers. If a kernel cache is found in /System/Library/PrelinkedKernels/prelinkedkernel, it will use that.
Any User Approved Kernel Extensions are initialized & added to the kernel space -if- they are approved by the T2 chip. This will go away with System Extensions.
Here is a useful infographic on how the secure booting works:
Learn how to jailbreak macbook and get over the T2 Chip root of trust.
The jailbreak mac OS is possible thanks to two teams. @T8012DevelopmentTeam successfully ported checkm8 exploit in T2 Chips. And the Checkra1n team added the T2 exploit to their Checkra1n Jailbreak tool.
Now we can easily jailbreak the T2 Chip with just a single command.
Follow this guide on how to jailbreak the T2 security Chip with Checkra1n.
What you need:
Follow these simple steps to perform the T2 Chip jailbreak successfully.
Step 1. Download the latest version of the Checkra1n T2 Jailbreak tool from the official website.
Step 2. Put your Mac into the DFU mode. Here is the guide on How to Enter MacOS DFU mode.
You can put this command to the macOS terminal if you wish to check whether the device has entered the DFU mode:
ioreg -p IOUSB
Step 3. As this guide is published, the Checkra1n GUI version 0.11.0 does not support the T2 jailbreak. If you connect your T2 Mac to the Checkra1n tool, you will see the following error message:
Sorry, your device is not supported.
But there is a workaround you can try in the next fourth-fifth steps, which can jailbreak your Apple T2 Chip anyways.
Step 4. Try the CLI, command-line version of Checkra1n. Open the Checkra1n app in Finder and right-click it to see the "Show Package Contents" menu (as shown in the screenshot).
Now go to folder Contents => MacOS
. You will see the Checkra1n binary there. Open the Terminal app and drop the binary to "Terminal."
Alternatively, if you put the Checkra1n app into the Applications folder, you can type the following command in "Terminal:"
/Applications/checkra1n.app/Contents/MacOS/checkra1n
Step 5. As you remember, we need to launch the command-line version of Checkra1n. Do it by adding the following options to the command line:
-c
Also, we want to check the jailbreak log, so let's add another command option "-v"
so the final command will look like this:
/Applications/checkra1n.app/Contents/MacOS/checkra1n -c -v
Step 6 (optional). Sometimes you might face the following error:
: Timed out waiting for bootstrap upload (error code: -20)
In this case, relaunch the Checkra1n CLI tool until you see the bootstrap successfully installed message:
: Bootstrap already installed, done
It might take a few retries till you get it done.
Step 7. SSH into your jailbroken Apple T2 Chip. Open a new Terminal window and enter this command:
iproxy 2222 44
Don't close this window and open one more Terminal window (Command + T)
. Enter this command:
ssh [email protected] -p 2222
The password is: alpine
Congratulations! Now you have successfully jailbroken the Apple T2 Security Chip. This jailbreak opens new opportunities for you!
Easy ★ HOW TO BYPASS MDM LOCK ★ guide for Mac computer running macOS Ventura. Detailed instructions for removing MDM profile.
It's super easy to complete the iOS 16 MDM profile bypass for iPhone and iPad using the iActivate service.
Learn How to Bypass iCloud Activation Lock on iPhone with Latest iOS 15
Learn how to how to restore iPhone from DFU Mode using iTunes or Finder on a computer
The user manual describes how to put iPhone into DFU mode: 11, XS, XR, X, 8, 7, 6S, 6 and 5, 5S and iPad.
Each Unlock iCloud Account method described in this in-depth review has its pros and cons. So, choose what suits your needs the best and remove Activation Lock
Best software for APPLE WATCH UNLOCK. Review of the tool that can remove Activation Lock without paired iPhone, Apple ID, and password.
CheckM8.info Telegram bot - you can connect your reseller account here and start processing iCloud Bypass orders via Telegram
Run CheckM8 tool to Bypass iOS 14.6 iCloud Activation Lock. The latest iCloud bypass tool update for iPhone and iPad users supports iOS 14.6.
iOS 14.6 jailbreak and iCloud Activation Lock Bypass ✔️ one-click CheckM8 solution.
Quickest solution - BYPASS ACTIVATION LOCK ON IOS 14.5 - Remove iCloud Lock on iPhone & iPad with single CheckM8 click!
Best tool to bypass iPhone SIM Lock ️remotely (Carrier Lock, SIM not supported, SIM lock screen or SIM not valid issue) for all wireless carrier!
Checkm8 is a reliable tool to bypass iCloud Activation Lock Screen on iPhone & iPad running on iOS 12.3 up to iOS 14.7
LEARN MOREMeet the new CheckM8 solution for carrier-locked iPhone. Checkm8 is ready to unlock iPhone SIM locked devices running on iOS 12.3 up to iOS 14.7
LEARN MORECheckm8 is ready to turn off Find My app and permanent unlock passcode disable iPhone & iPad running on iOS 13 up to iOS 13.7
LEARN MOREBypass Mac Activation Lock Screen on Mac computer with T2 chip even if you forgot the correct Apple ID and password.
LEARN MOREQuick solution to unlok EFI security firmware (BIOS) password protection on any Mac with T2 chip
LEARN MOREUse CheckM8 Software to remove iCloud System Lock PIN Code on any Mac T2 device just in 1 click!
LEARN MOREWe value our customers and offer beneficial partnerships to wholesale and small businesses. We are happy to work with repair shops, workshops, GSM repair, etc. We offer flexible pricing on our services and software to our partners. At the moment, we are supporting some of the most popular GSM-services, including GMS Fusion and DHRU. We develop client's systems and connect reseller websites to our services through API connections or online.