By John Gruber
Upgraded — Get a new MacBook every two years. From $36.06/month with AppleCare+ included.
Jason Snell, writing at Macworld:
This new boot process means there’s also a new utility for Mac users to get to know: Startup Security Utility, which you can only access by booting into Recovery mode by holding down Command-R while starting up. Startup Security Utility gives the T2 guidance about just how strict it should be when judging whether it should boot your computer.
By default, security is set to Full, which means that only the current operating system or another OS version signed and trusted by Apple — meaning it hasn’t been tampered with in any way — can be booted by the computer. This version requires a network connection when you attempt to install any OS software updates, because it needs to verify with Apple that the updates are legitimate. You can also set the security level lower, to Medium (which allows older version of macOS to run regardless of Apple’s level of trust), or turn the feature off entirely, emulating the way all other Macs currently start up.
(This goes for Boot Camp, too — the T2 respects Microsoft’s signing authority for Windows 10 beginning with 2017’s Fall Creators Update, so Boot Camp users can reboot into Windows 10 while remaining fully secure.)
See also: Timothy Perfitt’s detailed look at how SecureBoot works.
★ Friday, 5 January 2018