Jamf Nation Community

ThijsX · ‎08-09-2018

Hi,

Just got the MBP 2018 A1990 models shipped today, damn the combination of T2 and FileVault is lightning fast, after DEP enrollment, FV enabled there are no more encryption times. Nice!

*As for the disk controller? There isn’t one—or more accurately, the disk controller is built into the T2 itself. This gives the T2 complete control over internal storage on the iMac Pro. This has some major benefits in terms of speed and security. Every bit of data stored on an iMac Pro’s SSD is encrypted on the fly by the T2, so that if a nefarious person tried to pull out the storage chips and read them later, they’d be out of luck.

(For additional security, Apple strongly suggests you turn on FileVault, which ties SSD encryption to your password. This provides an additional level of security, because your disk can’t be decrypted without the proper hardware and your password.)

All this encryption happens invisibly, so the SSDs in the iMac Pro still operate at full speed—approximately 3GB per second.*

PhillyPhoto · ‎08-09-2018

We haven't moved over to the DEP workflow yet (despite my best efforts), and the T2 chip has killed our build process. We used to use a macOS loaded on a USB drive which got plugged in to the device. Then we ALT-booted to that and ran Jamf Imaging to thin image the device. The T2 chips have made that impossible, so my workaround is to have the tech create the admin account and manually enroll, then kick off the "post-image" script via Self Service policy. That basically puts it where it would be after running Jamf Imaging. This may be a blessing too though, since the local admin is being created properly and not via script, so it does get the proper security token at creation which is skipped and would cause FileVault issues previously.

kerouak · ‎10-10-2018

Yep, NO MORE ENCRYPTION TIME... weheyy..

Same DEP enrolled n T2.

I was worried that I didn't see the usual progress bar.. ;-)

Jamf Nation Community

T2 chip with FileVault