[akvadrako]

The T2 does so much, essentially running an OS comparable to iOS. The author even suggests it might allow apps.

It doesn't seem like it's a gain in security. Instead of attacking the "main system", you can just attack the T2; it's similar in complexity, meaning it will have similar vulnerabilities.

[IMcD23]

Try pulling data off my iPhone with physical access. Now, try pulling data off a pre-T2 Mac. The T2 brings many security improvements to the Mac.

[akvadrako]

It's not because of the T2 though - it's because of the Secure Enclave holding the keys for disk encryption and firmware/kernel signatures.

They might have bundled them together, but the layer around the secure part is just another system - it doesn't make anything more secure. All it's functions could have been taken up by the main system.

The only possible security win is by making BridgeOS simpler and less likely to have vulnerabilities.

[lloeki]

I'd still say it's a net gain overall†, although the Great Bundling is questionable and definitely concerning in terms of attack surface, yet the synergies when finding and fixing vulnerabilities should not be taken lightly.

† It's overall a good thing evil maid/law enforcement/whatever doesn't get to have trivial access to the user's device anymore.