For years, people have speculated about whether Apple would ditch macOS in favor of iOS, shedding desktops and turning laptops into something like an iPad Pro in a fixed clamshell. A version of iOS has apparently come to the Mac, but not in a way that anybody expected. The new Touch Pad has a separate brain, a custom T1 ARM processor system-on-a-chip (SoC), that looks to be running a stripped-down variant of iOS, possibly derived from watchOS.
Steve Troughton-Smith, an iOS developer known for deep examinations of how the operating system ticks, put the pieces together, some of which rely on information provided by Apple during on-the-record press briefings and on its site, and some from examining files within the newest release of Xcode, which allows developers to take advantage of Touch Bar.
It makes sense, because Apple has paired Touch ID in iOS with its custom Secure Enclave chip, a tamper-resistent security vault that’s separate from but intertwined with an iPhone or iPad’s processing circuitry. There’s a Secure Enclave chip in every Touch Bar, just as in every iOS device with Touch ID.
When you enroll your fingerprints in Touch ID, the underlying data is pushed into Secure Enclave, and can’t be pulled back out. When you touch the sensor after that, the characteristics of your fingerprint get sent to Secure Enclave, which determines whether they’re a close enough match. Secure Enclave is used for other purposes, including storing and processing authorization information for Apple Pay.
Apple also confirmed in a briefing that the T1 also controls the ISP (image signal processor) for the FaceTime camera in the MacBook Pro, which is a dandy thing indeed. While it may seem like an overstated risk, an undesirable party gaining access to your camera without your knowledge is a huge vulnerability. Some super geeks dig in and remove video driver software, though malware that can exploit your system can certainly reinstall it secretly. Others put tape over the camera, a surprisingly effective low-tech strategy. However, routing camera access and data via a more heavily secured separate processing system reduces the surface area substantially of an attacker trying to gain access.
The Touch Bar and macOS interact with one another, with macOS rendering graphics and pushing them to the Touch Bar, which handles touch-interface events and sends them to macOS to interpret. This sounds like two small children driving a car: one can see the road and use the steering wheel, while the other is down below pushing the accelerator and the brake pedal.
Fewer paths to exploit
Apple having a separate processor and OS to handle Touch ID is good news for consumers, because iOS, watchOS, and tvOS are more clamped down than macOS, which remains more open to inspect and manipulation as a general-computing platform. While iOS has suffered exploits, there should be even fewer paths to the Touch Bar to find and trigger flaws, as it acts as a peripheral rather than running apps directly.
At the time of the announcement, I assumed Apple could never make a Touch Bar-equipped keyboard, because of the necessary security required for a Secure Enclave chip and connection to a processor. But given that the T1, the Secure Enclave, and the Touch ID sensor are tightly integrated, this entire subsystem could make its way into a Touch Keyboard. Such a keyboard would probably draw too much power to be wireless, and because of the graphics rendering and touch events would require a consistent and fast connection for responsiveness, either USB-C or USB Type A.
Because Touch Bar runs separately, macOS doesn’t have to be in an active state for a user to interact with Touch ID. Apple says you’ll be able to unlock your Mac (and switch among enrolled users with fast-user switching) with Touch ID, but hasn’t provided the full workings yet. Unlike an iOS device, which is effectively fully secured when asleep, a Mac has just a thin veneer of protection unless it’s powered down.
I recommend always having FileVault 2 enabled on your Macs (via the System Preferences > Security & Privacy). It’s the optional, built-in, full-disk encryption that locks away the encryption key until you power up and log in. Behind the scenes, a cold boot from a powered-down state launches a special login via the Recovery Disk, as your startup volume remains encrypted and unavailable.
Can Touch ID let you bypass entering a password at a cold start? Nope. As with iOS, Apple has a variety of conditions under which Touch ID can’t be used, and you have to enter your passcode to re-enable it. One of those is a restart (whether a power down/power up or a system initiated reboot), because a restart assumes you might not want someone else to gain access to the device, even if they have access to—well, to you.
Biometric authentication via a fingerprint on a Mac raises the same security and safety issues it does for iOS. If you’re at risk of domestic or criminal assault or unwarranted government intrusion, your fingerprint can be used to unlock a Mac just as easily as an iPhone. You might choose to not use Touch ID on a MacBook Pro for the same reason, or be just as sure about powering down your Mac as you would an iOS device.