The Apple T2 is a trusted security chip. We can easily explain its name. The T2 secures essential features, such as secure boot, Activation Lock, Touch ID, encrypted data storage, etc.
How does Apple T2 security chip work? The Apple T2 chip has control over the MacOS boot procedure. It makes sure that users install drives that Apple approves. Its work begins as soon as a power button is pressed on your Mac computer and lasts until you see MacOS desktop. In other words, one of its primary functions is to verify that Apple has signed your OS and bootloader.
The T2 is also responsible for all encryption data on the hard drive. In previous Mac versions, this function was performed by CPU, which loaded it heavily. By moving these features to the T2 Chip, Apple has significantly improved the newer Mac's performance. The T2 gives the CPU more resources. The Chip secures the Touch ID feature, which is available in MacBook Air and MacBook Pro. The fingerprint scanner in these devices gives a user a quick login option and approves the admin-level requests. The Apple T2 chip helps to store the fingerprint data securely.
It also handles verification requests from different apps. The T2 Chip makes sure that no applications get access to your fingerprint information through Touch ID or Face. When the verification is requested, the Apple T2 Security chip compares the fingerprint with data secured in the enclave coprocessor and notifies of the result.
These Mac computers have the Apple T2 Security Chip:
If you match the Mac’s EMC number to one in the list below, it has a T2 Chip:
According to theiphonewiki these models are vulnerable to checkm8 exploit:
The Apple T2 Chip is running its unique OS called bridgeOS. It is the modified version of Apple watchOS, which can be updated when installing a new macOS version.
According to guys from ironpeak, the boot process flows like this:
The T2 chip is fully booted and stays on, even if your Mac device is shutdown.
The press of the power button or the opening of the lid triggers the System Management Controller (SMC) to boot.
The SMC performs a Power-On-Self-Test (POST) to detect any EFI or hardware issues such as bad RAM and possibly redirect to Recovery.
After those basic sanity checks, the T2 chip is triggered and I/O connectors are setup. (USB, NVMe, PCIe, …) It will use NVMe and PCIe to talk to NAND storage.
The applicable boot disk is selected and a disk encryption password is asked if enabled to mount APFS volumes possibly via FileVault2 disk encryption.
/System/Library/CoreServices/boot.efi is located on your System APFS volume and depending on your secure boot settings is validated.
boot.efi is ran which loads the Darwin kernel (throwback to BSD) (or Boot Camp if booting Microsoft Windows) & IODevice drivers. If a kernel cache is found in /System/Library/PrelinkedKernels/prelinkedkernel, it will use that.
Any User Approved Kernel Extensions are initialized & added to the kernel space -if- they are approved by the T2 chip. This will go away with System Extensions.
Here is a useful infographic on how the secure booting works:
Learn how to jailbreak macbook and get over the T2 Chip root of trust.
The jailbreak mac OS is possible thanks to two teams. @T8012DevelopmentTeam successfully ported checkm8 exploit in T2 Chips. And the Checkra1n team added the T2 exploit to their Checkra1n Jailbreak tool.
Now we can easily jailbreak the T2 Chip with just a single command.
Follow this guide on how to jailbreak the T2 security Chip with Checkra1n.
What you need:
Follow these simple steps to perform the T2 Chip jailbreak successfully.
Step 1. Download the latest version of the Checkra1n T2 Jailbreak tool from the official website.
Step 2. Put your Mac into the DFU mode. Here is the guide on How to Enter MacOS DFU mode.
You can put this command to the macOS terminal if you wish to check whether the device has entered the DFU mode:
ioreg -p IOUSB
Step 3. As this guide is published, the Checkra1n GUI version 0.11.0 does not support the T2 jailbreak. If you connect your T2 Mac to the Checkra1n tool, you will see the following error message:
Sorry, your device is not supported.
But there is a workaround you can try in the next fourth-fifth steps, which can jailbreak your Apple T2 Chip anyways.
Step 4. Try the CLI, command-line version of Checkra1n. Open the Checkra1n app in Finder and right-click it to see the "Show Package Contents" menu (as shown in the screenshot).
Now go to folder
Contents => MacOS. You will see the Checkra1n binary there. Open the Terminal app and drop the binary to
Alternatively, if you put the Checkra1n app into the Applications folder, you can type the following command in
Step 5. As you remember, we need to launch the command-line version of Checkra1n. Do it by adding the following options to the command line:
Also, we want to check the jailbreak log, so let's add another command option
"-v" so the final command will look like this:
/Applications/checkra1n.app/Contents/MacOS/checkra1n -c -v
Step 6 (optional). Sometimes you might face the following error:
: Timed out waiting for bootstrap upload (error code: -20)
In this case, relaunch the Checkra1n CLI tool until you see the bootstrap successfully installed message:
: Bootstrap already installed, done
It might take a few retries till you get it done.
Step 7. SSH into your jailbroken Apple T2 Chip. Open a new Terminal window and enter this command:
iproxy 2222 44
Don't close this window and open one more Terminal window
(Command + T). Enter this command:
ssh [email protected] -p 2222
The password is:
Congratulations! Now you have successfully jailbroken the Apple T2 Security Chip. This jailbreak opens new opportunities for you!
Checkm8 is a reliable tool for remote iCloud Activation Lock Screen removal on iPhone & iPad running on iOS 12.4 up to iOS 14.3
Checkm8 is ready to remove a passcode and unlock Disabled iPhone & iPad running on iOS 13 up to iOS 13.7
Easily Bypass Mac Activation Lock Screen on your computer even if you forgot the correct Apple ID and password.
The CheckM8 tool provides a quick solution to remove Mac EFI security firmware (BIOS) password protection
Use CheckM8 Software to remove iCloud System Pin passcode Lock on Mac T2 device just in 1 click!
Unlock MacBook without MDM key distantly using CheckM8 Mac MDM bypass software.
FixM8 Utility designed for reset iPhone or iPad without Apple ID (iCloud) password, updating iOS and iTunes to factory settings.
Software was designed to Bypass MDM (Mobile Device Management) Configuration Profile on any iPhone & iPad running up to iOS 14.3