This is probably not the byline you were expecting for a review of some Apple hardware. It comes as a bit of a shock to both of us, to be honest, but here we are: I have a Mac mini on my desk, along with a Magic Trackpad and Magic Keyboard. It’s all hooked up to an LG 4K 21.5-inch display, all supplied by Apple.
To set your minds at ease; this isn’t the first Mac I’ve used. I have owned a few MacBook Pros over the years, and there was a time a few years go where I was seriously considering giving up Windows and switching entirely to Mac OS X. For now, it suffices to know that if I were to get back into using macOS as my daily driver, the Mac mini is probably the machine I’d want to get.
With the newest Mac mini, gone is the two-core, four-thread 28W Haswell processor with up to 16GB soldered RAM. This machine boasts Coffee Lake processors, either a four-core, four-thread Core i3 base model or the six-core, 12-thread Core i7 chip as found in my review system. This processor is paired with up to 64GB socketed, user-serviceable RAM. Storage has also been shaken up. Instead of a range of hybrid and SSD options, the new Mac mini is all SSD, from 128GB to 2TB. There are four Thunderbolt 3 ports, one wired Ethernet port (usually gigabit, but optionally upgraded to 10 gigabit), an HDMI 2 port, two USB 3.1 generation 1 ports, and a 3.5mm headset jack.
It turns out that hardware can get a lot better when you wait four years between upgrades.
|Specs at a glance: Apple Mac mini (2018)|
|Base spec||Top spec||As reviewed|
|OS||macOS 10.14 Mojave|
|CPU||Intel Core i3-8100 (4 core, 4 thread, 3.6GHz, no turbo)||Intel Core i7-8700B (6 core, 12 thread, 3.2GHz, 4.6GHz turbo)|
|GPU||Intel UHD Graphics 630|
|RAM||8GB DDR4 2666MHz||64GB DDR4 2666MHz||32GB DDR4 2666MHz|
|Storage||128GB NVMe||2TB NVMe||1TB NVMe|
|Wireless networking||802.11a/b/g/n/ac, Bluetooth 5.0|
|Wired networking||1 gigabit Ethernet||10 gigabit Ethernet|
|Ports||4 Thunderbolt 3, 2 USB 3.1 generation 1, HDMI 2.0, 3.5mm headset|
|Size||7.7×7.7×1.4 inches (197mm×197mm×36mm)|
|Price||$ 799||$ 4,199||$ 2,199|
T2: Great movie, great chip
The new system includes Apple’s new T2 security chip, and frankly this is one area where Apple’s ability and willingness to build things that aren’t quite PCs is a virtue. Approximately a thousand years ago, or perhaps in the early 2000s, various key players in the PC industry came together to try to make computers “trusted.” What “trusted” means here is providing a system wherein the PC can detect, and block, certain kinds of tampering.
Some of these are valuable to end users: for example, a system can ensure that neither its firmware nor operating system have been modified, thereby blocking any attempts to attack a system with boot kits or modifications to core operating system files. Windows’ BitLocker encryption uses the TPM to store encryption keys, with the TPM only letting BitLocker see the keys when it can show that it hasn’t been modified. But other capabilities are more contentious: the same protection against tampering could be used to enforce DRM in digital media, for example.
The major output of the Trusted Computing project was the “Trusted Platform Module” (TPM). This is usually a small chip that contains some private cryptographic keys, a random number generator, some storage for secrets, and some cryptographic hardware. (Modern Intel and AMD systems also offer a firmware-based TPM.) TPMs are abundant in PC laptops and in corporate desktops, but they are often omitted from enthusiast systems and motherboards—while lots of boards have a slot for the TPM, it’s usually left empty. Trusted Computing and the TPM engendered a lot of mistrust among certain parts of the PC community, with the DRM implications being of particular concern.
Some of Apple’s earliest x86 systems, the ones used by software developers ahead of the company’s actual transition away from PowerPC, included a TPM on the motherboard. However, Apple never actually used it, and no Macs today include a TPM. But they do include a T2 chip… which is a TPM and then some.
The T2 has a number of similarities with a TPM. To start, it includes secure storage for keys, which it uses to validate the boot process to protect against firmware and operating system tampering. But it goes further. It includes SSD controllers, and T2 transparently encrypts and decrypts everything written and read to the SSDs in the system. In a sense, it essentially converts any SSD into a self-encrypted drive. Apple has moved a range of encryption and key management tasks to the T2, making it an integral part of the platform.
It’s also likely that the T2 can be used in all the bad ways that caused so much concern with Trusted Computing and the TPM. Still, the security implications are compelling, and in many ways the world seems to have made peace with DRM. The utility of streaming media services is overwhelming, and in general the DRM is so well hidden that you never really notice that it’s there.
This is useful innovation, and it’s a kind that’s much easier for Apple to do (as Apple doesn’t have the same compatibility concerns) than the PC industry. There’s nothing in particular preventing a PC manufacturer from building its own SSD controller, high performance encryption engine, and secure TPM or TPM-like chip; they just haven’t. It’s probably not worth it for any individual PC manufacturer, because you need the software support within Windows, and not even Microsoft has the power to enforce this kind of thing from above. The company wanted to make TPMs mandatory on desktop systems to get a designed for Windows sticker but had to relent and remove the requirement.
Listing image by Peter Bright