Apple has clarified the Secure Boot function of the iMac Pro’s embedded T2 chip:

Full Security is the default Secure Boot setting, offering the highest level of security. This is a level of security previously available only on iOS devices.

During startup when Medium Security is turned on, your Mac verifies the OS on your startup disk only by making sure that it has been properly signed by Apple (macOS) or Microsoft (Windows). This doesn’t require an Internet connection or updated integrity information from Apple, so it doesn’t prevent your Mac from using an OS that is no longer trusted by Apple.

The No Security setting doesn’t enforce any of the above security requirements for your startup disk.

Glad to see this coming to the Mac, but I’m glad to see that users who need to turn it off can do so.

By writing about the next-generation Mac Pro, I invited the inevitable question:

But what about the Mac mini?

As bad as the Mac Pro’s lot in life has become, the Mac mini isn’t far behind it. The machine was last updated in late 2014 and is still powered by Haswell Core i5s and i7s. Those chips are one generation older than the MacBook Air. To make matter worse, that model removed the ability to upgrade the RAM in the machine.

Their common neglect aside, it is weird that the Mac mini and Mac Pro are so often linked in people’s mind. Start talking about a cheaper entry-model Mac Pro gets people excited, and the question is always at hand:

What if a cheap Mac Pro was the Mac mini?

After all, Tim Cook said it was going to be important again! Why couldn’t Apple kill two desktop birds with one flexible platform stone?

The biggest problem is flexibility. A Mac Pro chassis has to be able to tolerate a wide range of thermal and power demands. There may be a huge gap between the entry model and the highest-end custom configurations.

This means that any shared enclosure between the Mac mini and Mac Pro would need to be insanely flexible. To meet the needs of the highest-end customers, the case would be incredible overkill for the basic needs of Mac mini customers. That would inevitably increase costs on the low end of the line. I don’t know how large the new Mac Pro will be, but I promise its case will be larger and more sophisticated than that of the Mac mini.

Some people have thought that an extremely modular (or even stackable) system could overcome these issues. Users could buy exactly what they need, and add more capability when needed, the argument goes.

Some have tried this approach, and it seems inherently flawed. Even if Thunderbolt 3 was used as to interconnect the modules, a system like this adds unneeded complexity and failure points.

I truly believe the Mac mini and Mac Pro will remain separate computers in 2018 and beyond.

I think the Mac mini deserves to be overhauled. There’s clearly a market for a $499 entry-level Mac for those who are looking for a basic yet capable machine running macOS. I don’t see how getting its chocolate in the Mac Pro’s peanut butter would meet those user’s needs.

I was reminded of this old article of Marco’s today. Will be interesting to see if my hopes for a lower-cost entry model come true.

While it isn’t shipping for another couple of weeks we now know a lot more about the iMac Pro than we did after WWDC. The base model, with its 8 cores, 32 GB of RAM and the Radeon Pro Vega 56 is going to smoke any other Mac on the market easily. The high-end models, which aren’t shipping until early next year, will give macOS-using professionals more power than ever.

That power comes at a cost, of course. A 14-core machine with 128 GB RAM the Radeon Pro Vega 64 will run you $13,199. If you want a VESA mount, toss in another $75, while another $149 will get you the mouse and the trackpad, both in Space Gray.

With this much power and this high of a price tag, I can’t help but wonder what ground is left for the next-generation Mac Pro promised back in April of this year.

Apple mentioned this machine in the press release announcing iMac Pro orders being opened:

In addition to the new iMac Pro, Apple is working on a completely redesigned, next-generation Mac Pro architected for pro customers who need the highest performance, high-throughput system in a modular, upgradeable design, as well as a new high-end pro display.

Does the iMac Pro fill the space left by the Mac Pro? What legs will the next Mac Pro have to stand on?

Cost

Before we get to the new Mac Pro, let’s talk about the last one that was good.

In December 2012, a fully loaded Cheese Grater Mac Pro would have run $11,299 with the following specs:

• Two 3.06 GHz 6-Core Intel Xeon (12 cores)
• 64 GB of RAM
• Four 512 GB SSDs
• ATI Radeon HD 5870 1GB GPU
• 2 SuperDrives

That was without a display. At the time, Apple’s 27-inch LED Cinema Display cost $999.

This puts the iMac Pro in the old Mac Pro’s price bracket at the higher end of things. However, the Late 2012 Mac Pro started at just $2,499.

A fully-loaded iMac would run you $4,249 in December 2012. The Mac Pro’s low cost of entry made the choice between an all-in-one and a tower much harder than it may be in the future, and made the best Mac made accessible to many more users than the new iMac Pro.

More importantly, the 2012 Mac Pro started at exactly half of what the entry-level iMac Pro costs today. Of course, the iMac Pro includes a killer display and packs a lot more horsepower than the low-end Mid 2012 Mac Pro did, but the point stands: the iMac Pro is expensive, and the only thing upgradable in it is the RAM, and that means taking apart a very expensive computer. For most people, the iMac Pro is a sealed box.

Upgradability

Apple has already said the next Mac Pro will be both “modular” and “upgradeable,” so I am choosing to be optimistic that the machine will allow users to upgrade things like RAM, SSDs and GPUs over time. This will set the machine apart from the all-in-one iMac Pro, and may prove attractive for users who want to buy a machine and upgrade it over time, keeping it as relevant as they can for as long as possible.

That’s a big deal to a small number of users, but is upgradability enough to justify its existence?

Performance

The next Mac Pro will be in some form factor other than an all-in-one. Apple is promising a new external display, but it’s anyone’s guess as to how big the new Mac Pro will be, or what shape it may take. Whatever the chassis may be like, I trust that it will give Apple enough space and flexibility to provide a robust cooling system. The Cheese Grater looked the way it did because the PowerMac G5 needed massive amounts of airflow to keep things cool:

In comparison, it’s shocking the Xeon W chips in the iMac Pro have enough room to breathe. However, there’s a catch. It’s widely believed that the internals of the iMac Pro are underclocked to meet the 500 W of heat the computer’s thin design can take. The moment Apple decided to use the 27-inch iMac design for this computer, it was compromised.

A true Mac Pro should not have to compromise on clock speed to meet a design-imposed thermal envelope. The form factor should be able to take the heat of even faster CPUs and GPUs than the iMac Pro, making it faster and even more capable than our new Space Gray friend.

Looking Forward

I think the Mac Pro will sit where it always has in relation to the rest of the Mac line: at the very top, offering more power and more performance than any other computer Apple makes. The iMac Pro has greatly raised the bar, but I still think Apple can clear it with a new machine, built from the ground up for today’s high-end components.

We should be prepared to accept the truth that when the Mac Pro is revealed, it will be faster, more flexible and more expensive than the iMac Pros that many developers, designers and content producers are ordering now.

However, I would love to be surprised by Apple with a lower-cost entry model, like the company used to have for people who needed a tower without having $5,000 to spend. I think there’s room for an entry-level Mac Pro with the comparable specs to the iMac Pro. Without a built-in screen, the cost could come down noticeably, and since it’d be upgradable, it could be a way to sell the Mac Pro to more users.

That’d be good for everybody. The Mac Pro wasn’t selling in big numbers before all of this, and the iMac Pro is going to eat most of that market, by the sheer fact that it made it to market first. The high-end Mac Pro should be crazy expensive, but a more approachable entry model would be more than welcome in my estimation. The iMac straddles an incredible range of performance and cost; why can’t the Mac Pro?

The T2 chip in the new iMac Pro is doing a lot of stuff, including offering boot protection for macOS:

⑤ Security. This new chip means storage encryption keys pass from the secure enclave to the hardware encryption engine in-chip — your key never leaves the chip. And, they it allows for hardware verification of OS, kernel, boot loader, firmware, etc. (This can be disabled…) pic.twitter.com/qKJ6bHdtr8

— Cabel Sasser (@cabel) December 12, 2017

I assumed this would complicate certain tasks, and it looks like that’s true, as noted in this Configurator 2 support document.

In short, the iMac Pro has a DFU mode, not unlike iOS devices:

In certain circumstances, such as a power failure during a macOS upgrade, an iMac Pro may become unresponsive and must be restored.

To restore an iMac Pro, you need a host Mac running High Sierra and Apple Configurator 2.6, connected to the Internet. A USB cable needs to be run from the unresponsive iMac Pro to the host computer. Configurator will detect the iMac Pro and prompt you to restore and update the iBridge device — the T2 chipset — to working order. Once the update is complete, the iMac Pro will reboot into macOS.

All security measures must be weighed against the inconvenience they cause. Personally, I don’t think this tips in the wrong direction, but I know many will disagree with me.

(I assume that disabling Secure Boot doesn’t do anything to make a restore possible without a second Mac and a copy of Configurator.)

Users with bricked iMac Pros aren’t going to know how to do this, unless they are super nerdy. That may not be a big deal now, but I think it is safe to assume this sort of thing will trickle down to consumer-oriented Macs at some point. That’s not to mention the headaches this may cause in the enterprise.

via Steve Troughton-Smith