Another reason to hate #Apple We're seeing more 2018+ MacBook Pro/Air donations — but Apple's T2 chip means even after iCloud sign-out and reset, the firmware stays locked to the original account.
Without donor contact, these machines are useless. :(
I've upcycled ~1,000 older Macs, but T2 era machines will end that. It's controlling, creates e-waste, and will only get worse. #righttorepair matters — Apple couldn't care less.
@codemonkeymike @coldclimate Well. The use case they were trying to solve for was someone steals your laptop and tries to access it without your permission.
Hard part is getting owners to unlock it before donating/selling to someone else.
@HitokiriEric @coldclimate but here's the rub for me. Even if a user logs into their iCloud account and removes the device from their account, it still won't release.
That should be illegal.
Even enterprise locked Chromebooks can be decommissioned remotely and unlocked.
There is no reason this cant be done with apple.
Hmm… for the hardware firmware I’d still want to have to unlock it on device rather than having an attack surface/backdoor from the internet to exploit. Apple had the issue a couple years ago with thieves exploiting the remote password change to workaround the phone protections.
But I get how it sucks for this use case.
Like a lot of things, for 99% of users who don’t care they should default to a version that’s secure from most thieves but not totally secure from government and then let the users who really care opt in to the stronger lockdown mode.
@HitokiriEric @coldclimate yeah. I mean look. You can unsolder the t2 chip and reprogram it etc. Motivated thiefs can still do it.
But was this when a problem? I really don't think it was.
Again. Look at Chromebooks. They have a firmware level lock too that can't be hacked. And yet it can be decomissioned remotely when the org releases it.
You're telling me apple couldn't do this?! For regular users? Its a racket
@codemonkeymike @coldclimate Well. When that generation of laptops was new, that was a big feature that Apple was selling hard on. They kept trying to lock them down more and more to attempt to be as secure as possible by default and were so proud of how hard it was to defeat.
I’m not saying they couldn’t do better and better consider different choices to improve the balance for different types of users. Which they have done since then.
I’m just saying that back then, the discussion was all about making them as secure as they could think to make them and that’s what they optimized for. It’s not a surprise they went too far back then when that was top of mind for them.
@vriesk @HitokiriEric @coldclimate exactly.. i'm not saying break encryption or offer a back door. That's fine.. i stand by that.
But if a user logs into their secure apple account and removes a device, that device should be able to be wiped and reused.
Hard stop. If you have an issue with that.. you're pro-ewaste
@codemonkeymike @vriesk @coldclimate
I’m with you that overall, the default settings for Find My should allow users to deactivate the lock remotely. Most users would benefit greatly and it would make it so much easier to transfer devices.
I think they still should have an opt-in mode where you can go into a higher security mode and remote unlocks are completely disabled. I don’t think it’s pro-ewaste to make that level of security available and optional.
@HitokiriEric @vriesk @coldclimate agree completely. I'd have no issue with that.
That's secure by default but sensible settings for most users.. and if you wanna go into hard core mode.. then go for it
Does removing the BIOS security screw get around this? I've installed Debian on some Chromebooks, but I suspect they were already released from any corporate locks.
@codemonkeymike @HitokiriEric @coldclimate
Hi, so, question tangential to this thread : about current Macbook theft and activation lock bypass.
So, afaict Macbook theft is still a thing, which means that there must be a way for thieves to get something out of those machines.
Are they just hoping that the machine they stole isn't activation-locked ? Is there like, an entire underground economy of replacing T2 chips to then resell (mostly) functional Macs ?
@codemonkeymike @HitokiriEric @coldclimate also, regarding the Macs you have on your hands, I'm assuming quite a few of them are on the older side, and don't get security updates anymore.
Aren't there like, known vulnerabilities/jailbreaks for those ?
Or even "unpatchable without hardware revision" vulns
@aura exactly. Why is it so confusing. We're nerds and we couldn't figure it out. I gave an old Mac mini to a friend and was really confident I had removed all the hooks.
And still, the bootloader was locked to my Apple id and there was no way around it other than giving him my apple password and then 3fa the login attempt.
It's ridiculous.
@HitokiriEric @codemonkeymike @coldclimate
Reminds me of back in the early days, one of my first sells on eBay was an old iPhone. I was naive enough to not know that the purchaser could mark it as paid without actually paying. Not know how the process worked, I shipped the iPhone not realizing I was never actually paid (and never going to be). The purchaser deleted their eBay account to cover their tracks. The BIG irony... I forgot to reset the phone. I later got angry, threatening messages from the purchaser under a different account saying they would disassemble for parts if I didn't give them the password for the phone they never paid for. 😂
Point is, ya... Apple's anti-theft technology is from their viewpoint a feature, not a bug.
@paulywill they can.. of course. But you need to unlock the bootloader to do that.. and you can't do that while its locked :(
That's the entire issue..
@codemonkeymike I am interested to see if you have tried this method
https://mrmacintosh.com/how-to-restore-bridgeos-on-a-t2-mac-how-to-put-a-mac-into-dfu-mode/
And
https://mrmacintosh.com/how-to-remove-mac-firmware-password-new-way-if-you-have-a-2018-2020-t2-mac/
You need a second Mac that works and you control the one with a firmware lock using Apple Configurator. I have converted Apple Macs to run Linux but all of them have been 2017 or earlier.
@vicash yup.. doesnt work if you don't know the activation password.. AND if you can't prove ownership.
It's shit mate
@coreysnipes it really breaks my brain. And it's just starting..
The ONLY solution seems to be this super long and complicated procedure of literally unsoldering the t2 chip, directly reprogramming it, resoldering it, and then hookign it up to another mac in DFW mode,etc.. HOURS of work just to use a machine you own
@coreysnipes textbook Apple.. I hate it so much.
Like, I can't even tell you how many lives have been improved and SAVED because I was able to install linux on an older mac and give it to someone.
This kills that..
@Victorsigmoid have you seen the video of that? I just watched it and holy shit its intense haha.
I mean I AM considering it.. but what a nightmare.. its' super time consuming.. and you still need another up to date mac to hook it up to in DFW mode..
So even after ALL that.. you still end up needing a current Mac.. god i hate them
@Victorsigmoid @magnetic_tape @codemonkeymike
Have you looked at the price for the T203 unlock kit? AliExpress has them for $275 and upwards.
Probably makes more sense when recovering quite some devices. But nothing likely what someone does for a 2-5 Macs. And then you need the appropriate hotglue gun and a functional Mac along side to reprogram the T2 chip.
Might be worth it if you got a pile of macs which the OP picture shows.
But it is clearly not good for the ability to repair/fix used machines. Quite good for device security though.
Just wondering if this approach renders previous data completely unreadable or if it's possible to scrape off data from the device somewhere in this process.
Mike 
coldclimate
Eric Jennings
vriesk (Jan Srz)
Wink and the Broken Robot
William B Peckham
Chaslinux
toadjaune
raspberry
aura, disgraced heretic
Henry
Siegfried.
Sven Lakemeier
Disco3000
SnoopJ
Rasmus Lindegaard
Leo Schuldiner🤘🏼
Jake in the desert
~\ 
\ >
vicash
Ankh-Morpork Parks and Rec 🌱
Victor Oxyrhynchus
Jonas
🐈⬛David Sommerseth