The Apple T2 Security Chip is Apple's second-generation chip that delivers capabilities to your Mac, such as encrypted storage and secure boot capabilities, enhanced image signal processing, and security for Touch ID data. Introduced in MacBook Pro in 2018, the T2 chip now resides in almost all Mac devices, including Mac mini, MacBook, MacBook Pro (MBP), MacBook Air (MBA), and Mac Pro. Due to the security chip, booting the Mac device using a third-party application to wipe the Mac with T2 requires thorough diligence while following the instructions.
For your convenience, we have divided the KB into 4 stages:
Stage 1: How to Find Out if Your Mac Has a T2 Security Chip?
Step 1: Go to the Apple logo and click on 'About this Mac' then click on ‘More Info’. Scroll down and then click on 'System Report'. (Refer to Image 1)
Step 2: Click on 'Controller'.
Note: In the Model Name on T2 machines, it will read ‘Apple T2 Security Chip’. (Refer to Image 2)
Image 1: Scroll Down and Click on System Report
Image 2: Click Controller Model Name is Apple T2 Security Chip
Now that you have found that your Mac has a T2 chip, you can start the process of erasing your device using 'Cloud Variant Mac: BitRaser Drive Eraser'. BitRaser Drive Eraser for Mac is deployed using a bootable USB, which is created using the instructions below.
Prerequisites to Wipe Mac T2 machines:
- Operating System: MacOS
- Internet: Ethernet or Wi-Fi
- RAM: 8 GB (recommended) / 4 GB (minimum)
- USB Device: USB 3.0 with at least 32 GB space to create BitRaser bootable.
Stage 2: How to Create BitRaser Bootable USB for Wiping Mac?
Step 1: Post-purchasing BitRaser Drive Eraser for Mac, you will receive a link to the secure BitRaser Cloud Console for downloading ‘Cloud Variant Mac: BitRaser Drive Eraser’. You can download the application (.dmg file) from the 'Download BitRaser' section using the cloud console login credentials received in your e-mail and then install the BitRaser software on your Mac. (Refer to Image 3a)
Image 3a: Downlaod BitRaser Drive Eraser for Mac
The 'BitRaser USB Creator for Mac' utility is installed on your Mac that helps you create a bootable drive for erasing Mac Machines with M3, M2, M1, M1 Pro, M1 Max, T2, and Intel chips.
Step 2: Now, connect a USB drive (32 GB Minimum) to your Mac machine & go to applications, then double-click on the ‘BitRaser USB Creator for Mac’ application to launch it.
Step 3: After launching the application, select ‘T2 & above’ and then click ‘Next’. Now, from the dropdown menu, select the USB drive connected to your machine to create a bootable USB and click on ‘Create’. (Refer to Images 3b & 4)
Image 3b: Select T2 and above, then Click Next
Image 4: Select USB, then Click Create
Step 4: Click on 'Continue' on the alert screen that informs that all data on the selected USB will be wiped. The process of creating a bootable BitRaser USB will start. (Refer to Images 5 & 6)
Image 5: Click Continue on the Alert Screen
Image 6: Bootable Media Creation Progress Screen
Once the bootable USB is created, the application will prompt you to 'Customize the USB.' Click on 'Yes' to customize the BitRaser bootable USB. Customization allows you to configure settings like erasure method, verification, auto erase functionality, etc., helping you save time and automate repetitive tasks. (Refer to Image 6a)
Image 6a: BitRaser USB Creator Customize USB Screen
Note: After completing the USB creation process, you should boot the Mac device that you want to wipe with the bootable USB flash drive.
While booting the Mac with a T2 chip, you can face either of the below-mentioned scenarios. Choose the steps according to the scenario faced by you.
Stage 3: What Scenarios You Might Face in Booting Mac with T2 Chip?
Scenario 1: The OS is Present, and the boot from USB option is enabled.
Step 1: Restart the machine and press the 'option' for selecting the startup disk.
Step 2: Select the ‘Install macOS' as a Startup disk and boot from that. (Refer to Image 7)
Image 7: In the Boot Menu, Select Install macOS
Now, follow the instructions in Stage 4.
Scenario 2: The OS is Present, the boot from USB option is disabled, and the user knows the admin password.
The user needs to allow the 'boot from USB' from the 'Recovery Mode' as per the below instructions:
Step 1: After pressing the power button, immediately press and hold the 'Command + R' button until the 'Recovery mode' screen appears.
Step 2: Choose the 'Startup Security' Utility from the Utilities menu when you see the macOS Utilities window. (Refer to Image 8)
Image 8: Select Startup Security Utility
Step 3: When you are asked to authenticate, click 'Enter MacOS password,' then choose a local administrator account and enter its password. (Refer to Image 9)
Image 9: Enter Mac Admin Password
Step 4: In Startup Security Utility:
- A. Set the Secure Boot option to 'No Security'.
- B. Set External Boot to 'Allow booting from external media'. (Refer to Image 10)
Image 10: In the Startup Security Utility Allow Booting from External Media
Step 5: After that, restart your T2 Mac by selecting 'Restart' under the ‘Apple Logo’ in the top left corner.
Now, you can follow the steps mentioned under Scenario 1.
Scenario 3: The OS is Present, and the user doesn't know the admin password.
Before booting from USB, first, the user needs to RESET the password through the following:
Step 1: After pressing the power button, immediately press and hold the 'Command + R' button until the Recovery mode screen appears.
Step 2: Choose Terminal from the Utilities menu when you see the macOS Utilities window.
Step 3: Type 'resetpassword' in the Terminal and press enter. (Refer to Image 11)
Image 11: Type reset password in Terminal
Step 4: Enter and verify the new password, then click 'Next'. (Refer to Image 12)
Image 12: Enter New Password for T2 Mac
Step 5: Now, Click on 'Exit to Recovery Utilities'. (Refer to Image 13)
Image 13: Click Exit to Recovery Utilities
Note: Your Password is now Reset.
Scenario 4: The OS is not installed, and the Boot from USB is disabled.
The user must first install the OS in the machine and then allow boot for USB with similar steps as in Scenario 2.
Stage 4: Steps to Wipe Mac with T2 Chip
Once you have created a bootable USB and the Mac device has booted using 'BitRaser Drive Eraser (Mac)' software, you can begin the wiping process and erase your Mac device.
Step 1: Once your device restarts with BitRaser Drive Eraser software, you will see the ‘Recovery Screen’; select ‘Terminal’ from ‘Utilities’. (Refer to Image 14)
Image 14: Go to Recovery Screen and Select Terminal
Step 2: Type the following command in the ‘Terminal’ window /volumes/bitraser/run and then press ‘return’. (Refer to Image 15)
Image 15: Type volume bitraser run in T2 Mac Terminal
Step 3: You will be able to see all connected drives listed on the BitRaser Drive Eraser main interface. (Refer to Image 16)
Now, connect your device to the internet using Ethernet or Wi-Fi.
Image 16: BitRaser Main Interface with Connected Drives
Step 4: Once online, click on the 'Cloud Key' icon and log in to your BitRaser Cloud Console account using the credentials you received in the mail after purchasing BitRaser. It is necessary to automatically download erasure licenses and upload erasure reports.
Once connected, you will be able to see your erasure license count in the bottom right corner. (Refer to Image 17)
Image 17: Log in to BitRaser Cloud Console
Step 5: Now go back to the main interface and select the drive to erase, the Erasure Method and the verification type to be done, and then click ‘Erase’.
An alert window pops up informing you that all data will be erased beyond recovery. Click ‘Yes’. (Refer to Image 18)
Image 18: Click Erase then Click Yes to Wipe T2 Mac
You can see the Erasure progress on your screen. (Refer to Image 19)
Image 19: Erasure Progress Screensaver T2 Mac
Once the process is completed, you have successfully erased your T2 Mac using BitRaser Drive Eraser. A tamper-proof data erasure report will be generated, like the one below. (Refer to the Report below)
Report: BitRaser Drive Eraser Report Erasing T2 Mac
+1-844-775-0101
