T2 Chip and Repair Work

T2-chip
According to Apple’s support page ‘The Apple T2 Security Chip brings a new level of integration and security to Mac’. This is all well and good for security if you carry around sensitive client data, as it adds a new layer of protection to Touch ID data and other drive related encryption, but it has added a whole new level of confusion for end users who are unsure of what security level to enable on their new machine and what each of them means. (The link can be found here)

The reason for this post is to first; give some clarity for the average user on what the different levels of security mean, and secondly; to provide some basis for the repair work carried out by TheBookYard, and the recycle/trade-in service offered by Mac2Cash, as both services are affected by this chip to a certain extent. But as they say, knowledge is power, and giving the details of each feature for you to decide how secure you’d like your machine to be is the best result all around.

Two such features relate to repairability from an engineering perspective, these are ‘encrypted storage’ and ‘secure boot’.

Old Systems
Up until now there were 2 different levels of protection. The first protects user data on the boot drive to as high a level as possible and is called FileVault. It not only encrypts the data so that it requires a password to unlock, but it also cannot be reset if you lose your password without going direct to Apple with a receipt and proof of ownership. But your data is all encrypted and protected. That’s a good thing, right?
So in theory, you can access a hard drive by means of a hack in a normal setup if you had the means, but this is not possible with FileVault enabled.
(Please note, the security password set for this is different to the admin password for the machine. It is typically set the same as the first admin user account when the machine is first setup, but if you ever change your password, or create a new admin account, the password is not carried over and will stay the same. This is the most common cause for loss of password by customers we’ve dealt with)

The other protects the machine from external access, and is known as ‘EFI firmware‘ level security. When enabled this prevented the machine from being able to boot to the disk selection screen (and other EFI screens), which is used to boot to an external hard drive. This is the way we carry out our repairs so no customer data is accessed, but it also allows you to boot to the recovery partition to run disk repairs, or to install a clean operating system if needed.
But unless FileVault is enabled, the internal customer drive will mount on the desktop while booted externally (although admin password access is still required to access the data if a password has been set, it is just more secure to have FileVault enabled). You also can’t carry out any major resets (such as SMC or PRAM resets, used in a lot of diagnostics situations), or create drive backups using certain applications with this enabled.

Effects on Repairs
So from a repair perspective, a machine cannot be repaired (or recycled through Mac2Cash) with an EFI password enabled, as a repairer would be unable to complete a full hardware test on the machine before and after, thus preventing any real diagnostics.
We have always been very good at diagnostics because of the extent we go through to ensure stability after a repair. Most repairers will offer low or free diagnostics (but then will charge a high fitting fee, or a charge if you decide not to repair), but their diagnostics are done by way of probability, because they wont order or fit parts until they have been paid for. Some repairers do it better than others, but that is mostly due to experience in identifying probable faults based on symptoms. Deduction becomes easier with experience, but it is not a confirmed diagnosis until the parts have been ordered and fitted, so it is always a bit of a gamble. Its not uncommon for more than one part to be faulty either.
Because we are a parts specialist. We have all parts required for most repairs in-house, so when completing a full diagnosis we don’t go with a ‘best guess’ approach, we fit the required parts, then complete a full hardware test to ensure stability after the fact. This enables us to be sure the fault has been fixed, which is why we offer 3-months warranty on repair work and diagnostics.
(intermittent faults, or software issues invariably add time to repairs)

With that being said, we are able to carry out a full hardware test with FileVault enabled (but not a full hard drive (or SSD) scan for a drive health checkup) but we cannot complete any hardware testing with an EFI password enabled. This goes for a Mac2Cash recycle as well. (a FileVaulted drive will not mount its partitions, but it can be securely sanitised from an external drive. It prevents data from being accessed but does not completely immobilise the SSD or HDD)
So if you have a repair that doesn’t need a drive scan, and/or you have no concerns over the health of your drive, FileVault can be left enabled. But if you have a drive related fault, it is best to disable FileVault before it comes in for repair. That way we can carry out a drive scan without needing to know your admin password for the machine, thus providing more security to you, the client. But if it comes in with FileVault enabled and it is decided afterwards that a drive scan is requested or required, the admin password for the machine would be needed by the engineer.

New System
With the new T2 chip enabled, security has been taken to a new level. Most of the security features go way beyond what most users would even think to enable, but they are enabled as standard. But we cannot carry out repairs, or recycle machines through Mac2Cash with these features enabled because the machine can not be booted via a test drive for a hardware test, but we also cannot securely erase the internal drive (in the case of a recycle). Because the T2 chip is on the main logic board, this renders the most valuable part of the machine completely unsellable, as according to ADISA regulation that we abide by (due to GDPR), ‘a drive that cannot be effectively sanitised must be physically destroyed.’ So dont be surprised when the value of your machine goes down dramatically when the condition is changed from ‘Fully Working’ to having a ‘locked T2 chip’ because you cannot remember the password you set for it.

The machines that have the new T2 chip in them as of the writing of this post (May 2019) are as follows:
iMac Pro (2017<)
Mac mini (2018<)
MacBook Air (2018<)
MacBook Pro (2018<)

Levels of Security
The new T2 chip has still allowed the enabling of a firmware password and FileVault separately, but it has enabled a new level of security known as ‘Secure Boot’. (Encrypted storage is the new name for FileVault)
Secure boot has 3 levels of security, but from what we can ascertain, it covers Apple more than the consumer, as it basically authenticates any boot source for genuine software before booting. This is a good thing if you worry about running a hacked or pirated version of an operating system, but the risk is very minimal if the OS was installed from Apple’s system in the first place and the user doesn’t alter their OS in anyway. The major risk is if it detects an alteration for some reason, this feature would render the machine un-bootable, as it completes the check at the start of each startup.

As described by Apple they cover the following setups:
1 – Full Security
Ensures that only your current OS, or signed operating system software currently trusted by Apple, can run. This mode requires a network connection at software installation time.
2- Medium Security
Allows any version of signed operating system software ever trusted by Apple to run.
3 – No Security
Does not enforce any requirements on the bootable OS

macos-high-sierra-startup-security-utility

External Boot Enabler
The other feature that has been added is known as ‘External Boot’.
This simply allows the enabling and disabling of the ‘disk selection’ or external booting options noted above. For repair work carried out by TheBookYard, we need this option disabled so we can boot to an external test drive to complete diagnostics.

Summary
In brief, when they reference ‘security’ it doesn’t add any encryption or protection to your machine or personal data. It just ensures that your Mac is always started up from a legitimate, trusted Mac or Windows operating system. This effectively makes OSX machines run a lot like iOS devices, because customer data and its accessibility is controlled by the logic board instead of the end user. But because it authenticates the ‘legitimacy’ of the software on each boot, it doesn’t just fail when software fails verification. it also would fail if it cannot connect to the server to authenticate it, thus running a risk of making your machine a non-starter if access cannot be gained during a boot up if it fails to validate the authenticity of your boot OS. (from what we gather, it doesn’t need a network connection at every boot. it completes an authentication check on each boot internally, then if it doesn’t pass, it then requires network activity to fix it, or to re-install the OS)
This security setup has been known to directly prevent data migration from one machine to another, as well as a number of other issues, such as interfering with Thunderbolt accessories when used. But in essence, this chip is added to give more control to Apple over what software is put on the machine.
See this link for a description of what checks are carried out during a verification of the OS.

In short, there are now multiple security options you can enable, but hopefully you are now more educated in what they do so you can make a decision on whether its worth enabling.
The last thing you want to do is enable high levels of security, then in the event of a software or hardware failure, risk losing all your personal data, as would happen in an iOS device.
But as always, diligently backing up your data is the best way of eliminating that risk as well.

Advertisements
Posted in Apple News, Questions and Answers | Tagged , , , , , | Leave a comment

MacBook Pro Retina 2016 and 2017 Keycaps

Overview

As a specialist in the industry, we regularly see faults that appear to be common within certain ranges, however, since so many of the machines that come through our doors are faulty, it is somewhat difficult to perform an objective analysis on the overall stability of any given Mac range with great accuracy.

That being said, it has not gone unnoticed that we have seen an increase in particular keycap and scissor clip sales since the release of Apple’s own ‘butterfly clip’ design. More recently we have also heard of a possible lawsuit against Apple for not replacing keycaps due to poor design.

Unfortunately, because of the way these keyboards have been designed, it is very easy to cause irreparable damage when removing keycaps. We would always recommend going in to see Apple about it (even if it is outside of its original warranty, as you are legally covered by consumer law within the UK/EU for manufacturing faults potentially present at the point of sale for up to 5 years from purchase), as the most common problem is that the keycaps themselves actually snap, which can affect response to touch or become non-responsive.

In cases where you have damaged the keycap then have removed the key and damaged the surface mounts below, or have snapped the scissor clip pegs off, there are other solutions for repairs, but they will not be covered here. What this article aims to cover is the safe fitting and removal process of what we refer to as the Type-M and Type-P keycap types (type-L is also similar in design).

Update: Type-M keycaps were first released on the 2016 retina ranges. Type-P is a slight variant found on the 2017 retina ranges and although it is slightly different, Apple is now positioning it as a direct substitute for the Type-M keycaps.

Butterfly Scissor Clip Design

The butterfly scissor clip differs to the design of earlier models because it doesn’t comprise two interconnected parts. The clip literally ‘butterflies’ with the fold in the middle causing the upper and lower parts to move in-sync with each other, as seen below.

Type-P Butterfly Clip

Type-P Butterfly Clip

Keycaps have been designed in the same basic way all the way back to the original PowerBook ranges, and that doesn’t change here with the butterfly clip. There are four pegs on the scissor clip that hold the keycap onto the keyboard. Two of them align and slide into place, and two of them snap in, holding the key in place, as seen below. The right side aligns first, then the left side clicks into place.

Clip Design

Clip Design, one clip, one slide

If you try to remove the keycap from the wrong side, you will break either the keycap latches, or the scissor clip. If you are dealing with these extremely delicate butterfly clips, there is a very good chance that you can damage the top case mount as well (early ranges have metal mounts that the scissor clip attaches to but the butterfly models attach to easily broken plastic mounts as seen below).

Close up clips

Close up clips

As seen above, the inner pegs will invert when the key is up, and the outer 2 pegs are housed in a plastic frame. when pressed the outer pegs go down, and the inner ones go up. If you try to pry the keycap off the top, the outer plastic mounts often snap irreparably damaging the top case. The only option then is to replace the entire top case (as Apple would suggest) or cut out the mount and glue in a replacement from a surrogate keyboard (not an easy task).

So the short and simple advice is, be very careful when removing your key, especially if there is a chance Apple can be held accountable for it and will provide a replacement. Even if it seems like a simple job initially, its not worth the risk. We’ve heard of a lot of cases where someone has tried to re-fit the key but they’ve damaged the mount and Apple have refused to cover it under warranty.

The replacement process

If you are like many out there who dont have any warranty coverage anymore, or would just want to do the job yourself, we’re hoping the following will help you with the process.

If you are aware of which side of the key ‘clicks’ and which one ‘slides’ (as noted above) and have a gentle touch, you can easily replace most of the keys on your keyboard.

  • Alphanumeric – Clip at the top, and slide at the bottom
  • Space Bar – Clicks at the top, slides at the bottom

Always start at the ‘hinge’ point of the clip. In the middle of the left or right side on the space bar and alphanumeric keys (function and arrow keys, its in the middle of the top or bottom edge, as they are side on).

IMG_5050 2

Make sure to get the pick or piece of plastic just under the keycap edge, but not deep enough to get under the butterfly mechanism. This is very important to ensure you don’t damage the scissor clip.

Then slide it towards the ‘click’ side of the keycap, which is up in the case of the space bar and alphanumeric keys.

IMG_5051 2

IMG_5053

Space Bar Process

Start on the left or right side, the same as the alphanumeric keys, making sure to only go as deep as the keycap, not under the butterfly clip edge.

IMG_5027

You will feel resistance as you come across the ‘clips’ on the underside of the keycap. Remove the pick and reinsert it and carry on.

IMG_5028

IMG_5029

IMG_5030

IMG_5032

Refitting the keys is done in reverse. Align the ‘slide’ side of the keycap to the scissor clip, then push down on the ‘click’ side until it clicks into place.

If you know how it works, they are pretty easy to replace, but hopefully this will make your life easier as we are trying to take the guess work out of the keycap replacement process so you can save yourself the expensive Apple repair process.

IMG_3855

Arrow Keys

 

Butterfly Clip Fitting

If you are unfortunate enough to have to contend with the butterfly clip fitting process, this is where it gets more tricky.

Firstly, if there is any damage to the plastic mount on the top case unit, or if the peg is broken or damaged on the clip, there is no point trying to fit the butterfly clip as it wont seat properly. (see illustration below)

To fit the butterfly clip, you cannot simply ‘press down’ on the clip and expect it to slot into place. This is often how the damage illustrated above is caused. The butterfly clip needs to be ‘stretched’ over the top case mount to prevent any damage to the retaining brackets.

In the illustration below, we start on the left of the space bar (most complicated clip to fit) and work our way to the right.

  1. Align the first 4 pegs to the mount. Inner 2 go in the gap and the outer 2 go under the mount.
  2. To engage the second set of 4 pegs, insert a tiny flat-blade screwdriver between the upper 2 pegs. Gently rotating the screwdriver will stretch the clip away from the mount so that you can lower the clip over the mount and then release the screwdriver to allow the upper peg to go safely under the mount without straining the peg or the mount. Repeat for the lower 2 pegs of this set.
  3. Repeat for the 3rd set of 4 pegs, but rock it (stretch it) to the right.
  4. Repeat for the final 4 pegs on the far right.

 

If you find yourself in a position where the mount on the top case is damaged, there is still hope… but it is about as complicated a job as you will come across when dealing with keycaps. In our experience, you can get it functioning again, but its motion will never be 100% as new again.

The process involves cutting off the plastic surface mount (the domed section with the metal plate under it) and replacing it with an undamaged one from a donor top case. It needs glueing into place, but alignment is so precise on these models that any slight twist will cause the key to stick when pressed so be aware that if you carry out this process, it may not operate with the exact same response as the other keys on your keyboard.
We hope this guide proves helpful when replacing your keycaps and can give your machine a new lease of life. Hopefully Apple will be more supportive when dealing with these sort of manufacturing and design problems on their keyboards, but until then, let us know your thoughts. If there is another guide you’d like to see, get in contact and let us know!

 

Here is a link to a quick how to video we have created. It is just as a quick guide to help see the process in action

YouTube Keycap Removal Video

Posted in How To Guides | Tagged , , , , | 24 Comments

What Has Happened to Apple’s Quality Control?

As one who has worked on nearly every Apple product produced, it must be said, I have been repeatedly disappointed in Apple’s ever degrading quality control.

On the surface, Apple have made many improvements and advancements to their ranges.

Their MacBook Pro ranges have incredible potential, while losing the optical drive (the ever debatable ‘redundant’ feature according to some), the PCIe SSDs speed and the retina display quality is an incredible feat, while keeping the machine so slim at the same time. But the way in which the display is built makes LCD replacements near impossible for the majority of engineers. (we have carried out a number of these repairs at TheBookYard, but because the LCD is not a sealed unit, and the displays were constructed in a clean room environment, it is an extremely time consuming and difficult task to undertake. But that’s for another blog post entirely). They also have the ‘integration’ issue, with so much being combined into one primary (and very expensive) component. The logic board has integrated RAM, integrated GPU, integrated CPU, the battery is sealed to the top case (the top case, keyboard, trackpad and battery is one service spare according to Apple. Go figure. Replace half the machine for one fault? How’s that economical?) and the MagSafe 2 socket is a bit iffy to say the least… I’ll not even get started on the 12″ MacBook Retina range (2015 model) and its repairability.

The iMac ranges are a similar story. The’ve added 4K, then 5K to their iMacs while slimming them down drastically and reducing the excessive heat created to allow full management by a single fan (thats right, the 2012-< iMac ranges only have one fan!). Also with their super slim LCDs with its ‘Gapless’ glass panel, that not only reduce glare, but were noted as being sealed to prevent dust from getting between the panels. (Having serviced many of these later ranges, we’ve found that not to be completely true. They are ‘gapless’ by design, but they are not sealed fully. Dust often falls down between the LCD and the backlight sheets, leaving big ‘specs’ under the panel. its really disappointing that they are not hermetically sealed during their clean room construction)

On the other hand, they are so much less repairable and/or upgradable than their predecessors. With their ‘sealed construction’, a replacement VHB tape kit is required whenever the machine is opened. They also fit their hard drives with specific firmware that maps the internal SMART disk data in a unique way. (all drives do this, but there is a standard language used, just not with Apple…) This means you cannot fit an industry standard hard drive without fiddling with external sensors on replacement cables, etc. Not only that, with their ‘all-in-one’ design principles being used in their later designs, they are combining more and more functions into single serviceable parts. The logic board no longer just houses the CPU, but it now houses the GPU as well as a number of surface mounted thermal sensors and functions, which makes repairability more costly if a fault is to surface down the line.

But to get back on track, the true reason for this ‘rant’ is to talk about their lack of design quality. As time goes by, there are any number of quibbles and issues with products, most of which are minor and do not happen to the majority of the public. I’m not talking about the signal dropping issue of the iPhone 4, or the ‘bendy’ iPhone 6+. I’m not even talking about the Magsafe 2 charger, and its ability to lose connection with the slightest touch. Most of these happen on occasion, and although in hindsight, they could have been prevented by more extensive pre-release testing by the design team, they are not, as i would say, a complete design flaw.

The late range (2012-2013) iMac ranges hinge/clutch mechanism is another story entirely…

You may have heard of these hinges breaking. Typically, when the clutch breaks, the perfectly balanced body of the machine will drop down on its leg. As this is quite a common problem (anything that Apple actually admits to being a problem by extending an exchange/repair programme for is something to make note of), I took to seeing what the issue was. Some faults can be caused by excessive force, but this hinge issue is a complete design flaw. What engineer would trust an entire machines weight to a small piece of plastic!? Let me explain…

D7_Pkg_YL_01

The hinge mechanism is a big chunk of hunky metal, with strong, twisted springs. This is perfectly strengthened to counter the weight of the iMac (fun fact, they first introduced the ‘Feather Touch’ display tilt on the iMac G4 range).

27HINGE13

This is the hinge

But the real flaw, and the part that breaks (and caused Apple to start an extended 3 year exchange programme), is the mount that not only holds the tension of the spring, but that takes the brunt of the strain when the hinge is flexed.

IMG_8763

A broken hinge

The two Torx T8 screws in the middle can be adjusted to change the hinge tension, but the mount underneath is made out of plastic! No wonder it breaks!

IMG_8766

This is the hinge with the broken mounts

So… The bottom line is that, inside this beautifully designed piece of kit, is a tiny piece of plastic that is supposed to support your machine.

If you own either the 2012 or 2013 27″ iMac range, please be careful when moving the display up and down, as pushing it too much will put considerable strain on this plastic mount. It would be a shame for Apple’s exchange programme to expire and you to break it while trying to get a better viewing angle.

A thing to note, is that Apple’s current service spare replacement hinge for these models has the same design, but they have used a thicker plastic. This should make it much stronger, even though it is still made of plastic. But even still, what were you thinking Apple?

IMG_8768

Top – broken original hinge. Bottom – new Apple Service Spare replacement (ASP)

Posted in Apple News, Questions and Answers, Uncategorized | Tagged , , , , | Leave a comment