T2 Chip and Anka co-existence

Since the release of new 2018 mac minis, we have received several questions from users on the impact of T2 security chip included in the new mac minis on Anka Build setup. This blog describes in detail how Anka technology foundation is agnostic to T2 and can co-exist with it.

There is enough written about the new T2 mac security chip, but as a quick summary, let’s look at the areas where it impacts existing mac administration and management workflows. T2 security chip is a security processor that is in charge of securing the following components of Mac hardware.

  • It validates the boot process (secure boot).
  • It does on-the-fly encryption of storage. Its full encryption with no performance loss due to software encrypt/decrypt I/O.
  • It protects the hardware from malicious usage scenario with hardware disconnect
    that ensures the microphone disables whenever the lid closes.

  • By default, all the new Mac Hardware including mac mini 2018 and newer iMac Pros have the T2 security chip enabled. So, what does it mean?

    1. Only certified operating systems, macOS and Windows, can boot on this hardware.

    2. NetBoot is not possible with Macs that have T2 hardware even when it is disabled.

    How does this affect the existing workflows?

      Installing other OS on top of Mac bare metal

    Before the introduction of T2 chip, it was possible to install software like ESXi, etc. on the Mac hardware. Now, even after disabling T2, access to SSD is still restricted, so booting from external USB is the only way to install other OS on the hardware. In this scenario, the OS can’t use the fast SSD inside the mac and will run on top of the slow USB device.


    Netboot has primarily been used to implement imaging in order to manage a group of macs. Now, with Netboot not working on the newer Mac hardware, it’s impossible to image a large group of macs consistently. It’s quite challenging now to set up and administer mac infrastructure for iOS CI.

    Anka installation on newer Macs is not impacted with T2 enabled. This is because Anka virtualization for macs is built on top of macOS hypervisor.framework. It works like any other mac application, which leverages and can work with full security on, utilizing all of the Mac hardware resources, including the fast internal SSD for maximum performance. So, Anka VMs can run with no impact of T2 enabled on the host machines.

    Anka VM on 2018 mac mini

    Anka Build is an alternative to explore if you wish to set up an agile and scalable mac infrastructure to provision immutable, container-like macOS VMs on-demand for iOS/macOS CI. Anka Build now supports Mojave and APFS.

    Share this post

    Unlocking Superior macOS VM Network Performance: Introducing Anka's new networking mode for Apple Silicon
    Large and complex enterprises using Anka have many different demands, and we have worked to continue to develop innovative technology to meet these demands. Enterprise infrastructure hardware is often on the cutting edge, and they need advanced capabilities...
    Read More
    Anka Cloud Gitlab Executor
    Veertu’s Anka and the new Anka Cloud Gitlab Executor Veertu’s Anka is a suite of software tools built on the macOS virtualization platform. It enables the execution of single or multi-use macOS virtual machines (VMs) in a manner similar to Docker....
    Read More
    Real-Time CVE Scanning of your macOS Build Systems
    It’s common that an organization’s macOS build system will download thousands, sometimes tens of thousands of third-party dependencies every hour. When building and testing iOS applications, it typically downloads and installs third-party...
    Read More
    The ONLY Fully Automated Apple Silicon macOS VM Creation Solution
    Starting in Anka 3.1 we announced that Anka is now able to fully automate the macOS installation processes, disabling SIP, and enabling VNC — all previously manual steps users had to perform inside o the VM. At the time of writing this article,...
    Read More
    Scripting macOS UI User Actions With Anka Click
    Starting in Anka 3.2, we’ve introduced a solution for scripting macOS UI user actions. You may ask, “Why would I want to do that?”. Well, often macOS configuration and applications do not have a CLI allowing you to perform certain actions...
    Read More
    Real-time, continuous scan of file downloads on macOS for security vulnerabilities
    Today, we are announcing the Beta availability of the Mac Scan solution. Mac Scan software runs on macOS systems (bare metal, virtual, EC2 Mac) and scans downloads in real time for security vulnerabilities. There are multiple scenarios why you would...
    Read More
    Screen Shot 2022-10-17 at 10.13
    Anka 3.1- Fully automated VM macOS installation & The Behavior-Driven macOS UI Automation Framework
    We are very happy to announce the General Availability of Anka 3.1 for Apple Silicon / ARM macs. In this release, we are taking our approach to iOS CI automation one step further by introducing a Behavior-Driven macOS UI Automation Framework in Anka,...
    Read More
    Migrating from Anka on Intel to Anka on M1 Mac for iOS CI
    In this blog, we will cover the key topics for migrating from Anka on Intel to Anka on M1/M2 Macs. Anka is an IaaC solution from Veertu to set up an agile Container like CI for iOS CI using macOS VMs. Anka for Intel uses Apple’s Hypervisor.Framework virtualization...
    Read More
    World's first Security Vulnerability scanner for EC2 Mac AMIs
    We are excited to announce the General Availability of the world’s first security vulnerability scanner for EC2 Mac AMIs. EC2 Mac AMI Scan scans Intel and Apple Silicon macOS EC2 AMIs, detects security vulnerabilities in third-party packages, dependencies,...
    Read More
    It's time to migrate your iOS CI from ESXi Virtual Mac Infrastructure to native macOS Virtualization
    When VMWare ESXi started officially supporting Apple macOS Virtualization on Mac hardware in late 2012, it opened the doors for the possibility of iOS development to move to a Linux-like, agile, scalable CI infrastructure. Soon enough, many iOS enterprise...
    Read More