In this KB, you will learn to find out whether your Mac device has a T2 chip, then understand the steps to perform secure erasure to wipe T2 Chip Mac devices using BitRaser Drive Eraser Software.
The Apple T2 Security Chip is Apple's second-generation chip that delivers capabilities to your Mac, such as encrypted storage and secure boot capabilities, enhanced image signal processing, and security for Touch ID data. Introduced in MacBook Pro in 2018, the T2 chip now resides in almost all Mac devices, including Mac mini, MacBook, MacBook Pro (MBP), MacBook Air (MBA), and Mac Pro. Due to the security chip booting the Mac device using a third-party application in order to wipe Mac with T2 requires thorough diligence while following the instructions.
How to Find if Your Mac Has a T2 Security Chip?
Step 1: Go to the Apple logo and click on 'About this Mac'.
Step 2: Click on 'System Report'.
Step 3: Click on 'Controller'.
Note: In the Model Name on T2 machines, it will read Apple T2 Security Chip.
Now that you have found that your Mac has a T2 chip, you can start the process of erasing your device using BitRaser Drive Eraser for Mac. BitRaser Drive Eraser for Mac is deployed through a bootable USB, which is created using the instructions below.
Prerequisites to Wipe Mac T2 machines:
Operating System: MacOS
Internet: WiFi or Ethernet
RAM: 8 GB (Min) 16GB (Recommended)
USB Device: 32 GB or more to create BitRaser bootable
How to Create BitRaser Bootable USB?
Step 1: Post-purchasing BitRaser Drive Eraser for Mac, you will receive a link to download ‘BitRaser USB Creator for Mac ’.
‘BitRaser USB Creator for Mac’ is a utility that helps you create a bootable drive for erasing Mac Machines that have T1, T2, M1, M1 Max, M1 Pro, M2, or Intel chips.
Step 2: Download the ‘BitRaser USB Creator for Mac’ application from the support section of the BitRaser Cloud Console.
Step 3: Once downloaded, drag and drop the downloaded file into applications to install it.
Step 4: Connect a USB drive (32 GB Minimum) to your Mac machine & go to applications, then double-
click on the ‘BitRaser USB Creator for Mac ’ application to launch it.
Step 5: After launching the application, select the T2 chip and click ‘Next’.
Step 6: From the dropdown menu, select the USB drive connected to your machine to create a bootable USB and click on ‘Create’.
Step 7: Click on 'Continue' when prompted with a warning screen that informs that the selected USB will be formatted and all data will be lost. The process of creating a bootable BitRaser USB will start.
Note: After completing the USB creation process, you can boot the Mac using the USB flash drive to perform wiping. While booting the Mac you will face either of the below-mentioned scenarios. Choose the steps according to the scenario faced by you.
Scenarios for Booting Mac T2 machines:
Due to the advanced security features in Mac devices with T2 chips, a user might face the following four scenarios when attempting to erase Mac with T2 Chip:
- The OS is Present, and the boot from USB option is enabled.
- The OS is Present, the boot from USB option is disabled, and the user knows the admin password.
- The OS is Present, and the user doesn't know the admin password.
- The OS is not installed, and the Boot from USB is disabled.
Scenario 1: The OS is Present, and the boot from USB option is enabled.
Step 1: Restart the machine and press the 'option' for selecting the startup disk.
Step 2: Select the 'BitRaser USB' as a Startup disk and boot from that.
Scenario 2: The OS is Present, the boot from USB option is disabled, and the user knows the admin password.
The user needs to allow the 'boot from USB' from the 'Recovery Mode' as per the below instructions:
Step 1: After pressing the power button, immediately press and hold the 'Command + R' button until the 'Recovery mode' screen appears.
Step 2: Choose the 'Startup Security' Utility from the Utilities menu when you see the macOS Utilities window.
Step 3: When you're asked to authenticate, click 'Enter MacOS password,' then choose a local administrator account and enter its password.
Step 4: In Startup Security Utility:
- A. Set the Secure Boot option to 'No Security'.
- B. Set External Boot to 'Allow booting from external media'.
Step 5: After that, select 'Restart'.
Step 6: Press the 'option' button to select the startup disk.
Step 7: Select the 'BitRaser USB' as a Startup disk and boot from that.
Scenario 3: The OS is Present, and the user doesn't know the admin password.
Before booting from USB, first, the user needs to RESET the password through the following:
Step 1: After pressing the power button, immediately press and hold the 'Command + R' button until the Recovery mode screen appears.
Step 2: Choose Terminal from the Utilities menu when you see the macOS Utilities window.
Step 3: Type 'resetpassword' in the Terminal and press enter.
Step 4: Enter and verify the new password, then click 'Next'.
Step 5: Now, Click on 'Exit to Recovery Utilities'.
Note: Your Password is now Reset.
Scenario 4: The OS is not installed, and the Boot from USB is disabled.
The user must first install the OS in the machine and then allow boot for USB with similar steps as in Scenario 2.
Steps to Wipe Mac with T2 Chip:
Once you have created a bootable USB and the Mac device has booted using 'BitRaser Drive Eraser (Mac)' software, the wiping process can be initiated. Now using the BitRaser application you can erase Mac with T2 Chip.
Step 1: Open the BitRaser application; it will prompt you for a password. The password by default is 1234 and click 'OK'.
Step 2: Select the Erasure method (For SSDs, NIST 800-88 Purge is the recommended method), drive to be wiped, and verification type, then click on 'Erase'.
Step 3: A new window requires you to fill in your 'BitRaser Cloud Console' credentials shared on your mail (post-purchase) to download erasure licenses. After entering credentials, click 'Login'. The software will authenticate the credentials and will fetch your erasure licenses.
Step 4: Click 'Close' to go back to the previous window and then press 'Erase' again to begin the erasure process.
Note: You have successfully erased your MacBook with the T2 chip & the reports and certificates of erasure have been uploaded to your BitRaser cloud account. You can also download and view the Erasure report and certificates on your Mac machine.
