So, my new Intel Mac mini is in and working. I bought the basic version; Core Solo at 1.5GHz, 512MB. It fits nicely under my iSub woofer. My iMac G5 controls it over Ethernet for remote debugging, and after some initial setup it doesn’t need mouse, keyboard or display.
I’ve already restarted debugging XRay II as a Universal Binary and universal versions of some other stuff will be out soon. Stay tuned…
Well, people sure have short memories.
I’ve commented several times before (for instance, here [8 months ago!], here, here, or here), that Apple’s Intel Macs contain an Infineon TPM chip. This from the very first developer transition kit, up to the latest released machine.
See my first link for details, and John Gruber‘s excellent analysis.
Today I was surprised to find several indignant articles pointing out that:
It looks like Intel has embedded “Trusted Computing” DRM protection in its Infineon chip and forgot to tell people.
and
…nobody wants to admit that the Intel Macs currently on sale have a TPM chip.
This is not only old news, but has been extensively photographed and discussed. It’s well-known that Apple uses the TPM chip in increasing degree in Mac OS X 10.4.x, to prevent people installing it on generic PCs, and it’s certain that Mac OS X 10.5 will also do so.
Does Apple come right out and say so? Admittedly not. Indeed, the usual hardware developer notes which used to come out a few weeks after a new PowerPC Mac was released are still absent for all Intel Macs – not that these notes ever went into chip-level detail of any Apple hardware. At the same time, Apple withdrew publication of a few kernel source files for Darwin, the open-source base for Mac OS X. Both facts demonstrate that Apple’s security locks are still in flux and may change extensively in the near future. Will all these things be documented in the future? Hard to say. If the TPM chip’s encryption is sufficiently strong, they could be documented without defeating Apple’s purpose; but keeping details hidden always helps.
Is this evil? Well, depends on your definition of course. As Gruber points out, people who are incensed about this should also boycott Linux for its support of several TPM chips, including Infineon’s. Certainly, Apple has a right to enforce its current license terms which state that Mac OS X should run only on Apple hardware.
But what else will the chip be used for in the future? As I’ve repeatedly wrote here before, using it for DRM protection of media – which is what most of the critics claim to fear – isn’t likely. Mostly because, if you do the math, Intel Macs will be a minority for years and any such protected media would either not work at all or be open on PowerPC Macs, of which there are several tens of millions still in operation.
What’s far more likely – and we’ll know for sure in August – is that the TPM chip will be used to boot a trusted hypervisor at the EFI level. Apple has even patented a scheme to run tamper-resistant code and more than one OS at once. From the wording it’s obvious that the TPM chip is used for that:
In one embodiment the system comprises a processor and a memory unit coupled with the processor. In the system, the memory unit includes a translator unit to translate at runtime blocks of a first object code program into a blocks of a second object code program, wherein the blocks of the second object code program are to be obfuscated as a result of the translation, and wherein the blocks of the second object code program include system calls. The memory unit also includes a runtime support unit to provide service for some of the system calls, wherein the runtime support unit is to deny service for others of the system calls, and wherein service is denied based on a tamper resistance policy.
So, what I think likely is that the machine will boot into the trusted hypervisor. This will be encrypted into firmware and decrypted, and checked against tampering, by the TPM chip. Once this is running it will show a screen like the Boot Camp boot selector, with one important difference: you’ll be able to select more than one OS to boot up. All of them, including Mac OS X itself, will run inside a virtual machine.
What’s the advantage? Of course all OSes will run at near-native speeds if nothing else is running at the same time – the hypervisor’s overhead will be negligible. In fact, this scheme has been used and refined on mainframes for decades, where it is assisted by hardware; now that Intel’s Core processors have hardware virtualization support, it should be easy to do likewise.
But the main advantage is that the OSes for the virtual machines can be simplified. All the tricky little kexts and drivers you see on current PowerPC Macs will be substituted by one or two “generic” versions which will interface to the virtual peripherals simulated by the hypervisor, and the actual machine’s peripheral drivers will be in EFI or on the cards themselves. This reduces disk and RAM usage at the expense of performance, although this shouldn’t be a problem except for games – but then, as I said below, hardcore gamers will prefer to boot directly into “the most popular game loader” anyway.
Another extremely desirable gain for Apple will be that they’ll only have a version of Intel Mac OS X that runs on this trusted virtual machine. To get this running on a generic PC, people would have to reimplement the entire Apple hypervisor too, write drivers etc., and even this would be easily defeatable by the TPM chip. Still, it’s a major architectural change and for that reason we’ll only see this in Leopard.
OK, people have asked me to comment on Boot Camp Public Beta.
If you’ve been away for the last few weeks, the $13K+ prize to make Windows XP boot on an Intel Mac has been won by two puzzle addicts. Granted that their solution is complex to implement and runs slowly due to the lack of proper video drivers (and others), but it’s still impressive. My Intel Mac mini hasn’t arrived yet, so I can’t speak from firsthand experience, but it seems it overlays just enough legacy BIOS responses on the Mac’s EFI to interact with an complementarily modified Windows XP.
Well, Wil Shipley and others donated money to that effort, and this seems to have convinced Apple, about a week later, to make “Boot Camp” public. It consists of three parts: a firmware upgrade that puts the (optional) legacy BIOS support module into the firmware, a small utility that allows nondestructive repartitioning of an Intel Mac’s hard drive, and a CD containing XP drivers for most (though not all) Intel Mac peripherals. It’s a beta, and some things don’t work yet, but it’s much smoother than the hacked-together version. In effect, the Intel Macs can now be dual-booted with Windows XP; also, people report progress in booting some Linux variants, and Vista support may not be impossible anymore. Ah yes, Apple has also stated that something like this will be a part of Leopard aka Mac OS X 10.5, which will be demoed at the upcoming WWDC and may be out around the end of the year. And AAPL stock shot up nearly 10% over the next two days…
So much for the facts. Interpretations are diverse; in fact, I haven’t seen so many divergent comments since Intel Macs were announced last June.
As usual, after a couple of days, Gruber, Siracusa and a few others posted excellent analyses of the situation. However, much of the immediate commentary was – let’s charitably say – weird. Immediate doom has been predicted for Apple first and foremost, as well as for Microsoft, for Dell, and for software developers. Let’s look at that last idea first.
Most non-developers are saying that, obviously, Mac developers will now fold up and die, or migrate to become Windows developers in droves, or (if they support both platforms) discontinue Mac versions of their products. After all, all Mac support questions can now be answered by “boot into XP”. And Windows is where the money is, right?
Wrong. Let’s check each type of developer separately. There are the two big ones: Microsoft and Adobe. Microsoft obviously won’t close the Macintosh Business Unit (MBU); I hear it’s their top division in terms of income per employee. Obviously, most Mac users want Mac versions of their applications, even if they have to be from Microsoft. The same goes for Adobe products; most of them were, originally, ported from the Mac to Windows anyway. And even if Adobe is having a hard time porting their stuff from CodeWarrior to Xcode, eventually they’ll do so.
At the other end of the spectrum are small developers like myself, up to small 3- or 5-person shops. Very few of those are multiplatform. I can safely say that an overwhelming percentage are Mac-only because developing on the Mac, for the Mac, is enjoyable and lucrative. Read Wil Shipley’s interview and his WWDC Student Talk and see what I mean. Here’s a pertinent part:
I love the Mac user base because they tend to be people who are into trying out new software and recommending it to each other and giving the little guy a chance. Windows users have demonstrated, ipso facto, that they do not believe in the little guy.
The two types of Windows users I’ve identified at my café are:
a) I use Windows to run Word and Excel and browse the web (and read e-mail in my web browser), and
b) I’m a programmer and I spend all my time in a Windows IDE or hacking around with my system.
The problem is that market (a) already has all the software they think they’ll ever need, and clearly isn’t into looking beyond what they already have or they’d have noticed they could do all that they currently do, and more, but much easier, on a Mac. And market (b) is too small for me to aim any software at it.
No doubt most non-developers (and Windows developers like (b) above) believe that developers mostly hate their jobs and just do whatever distasteful thing is necessary to maximize their income. Well, it’s not really that way; granted that many of us have to work to pay for the groceries, and Mac-related jobs are not really plentiful (yet!), but many .NET slaves spend extra hours at their home Macs to write really cool software.
In other words, we write for the Mac because it’s satisfying and would do it even for free, all day, every day (assuming the grocery problem to be solved somehow). Would I migrate XRay to Windows? No way. The tools aren’t there, the APIs are uncool, and the Windows community – well, as far as I can tell, there’s no Windows community at all. And regarding the market size, better a small fish in a small pond, and all that.
So what about the middle-sized software companies? Here the situation may not be as clearcut. It depends a lot on company culture, I suppose. Are the people in charge active Mac users but also target Windows just because, well, they might sell a lot of copies over there? Or are they primarily Windows developers which also have a Mac version championed by a couple of vocal believers among their programmers? It could be either way, and only time will tell. But should some of the latter type close out their Mac support, they might have done it anyway sooner or later.
Now, game developers are a special case. Discounting for the moment some diehard Mac-only game developers, reactions among the multiplatform gamers have been very cautious. After all, a game user is the person most likely to dual-boot into Windows just to run the very latest game at full speed – though such a fanatic is still more likely to have a dedicated, souped-up PC just for that purpose. So, widespread availability of Boot Camp might, really, lead some game companies to neglect Mac versions, purely for economical reasons.
Update: Ouch, I forgot to put in John C. Randolph’s comment on this:
Apple now lets you use the most popular game loader!
…and he’s sooo right! 
Stay tuned for more comments on this…
Some posts ago, I mentioned a white paper on FW800; now James Wiebe has written an update:
f you are making storage decisions based on rollouts of FireWire 800 technology, your purchasing priorities are sadly out of order. Apple was the only champion of FireWire 800; a task it seemed to take reluctantly. Now, Apple is making marketplace moves that are absolving itself of FireWire 800.
Worth a read.
In other news, there’s no news on progress to make the new Intel iMacs boot anything else. There’s even a reward posted; I’ll be very surprised if someone collects it anytime soon (or even, at all). As the Apple/Intel FAQ notes, some people have suceeded in rendering their iMac unbootable by trying to change the EFI parameters. As that page also notes, it appears – despite some reports to the contrary – that the Core Duos Apple is using do report the VMX flag, which stands for Intel’s virtualization technology.
There’s a somewhat alarmist article out, regarding the Core Duo’s current 34 erratas, only one of which is slated to be fixed in subsequent production runs. Of course the number of such erratas is proportional to a chip’s complexity; both PowerPCs and older Intel chips have comparable numbers. I’ve looked over the list and couldn’t find anything immediately alarming, as nearly all of them have a software workaround and/or are not revelant to user code. Also, some of these seem to be inherited (and never fixed) issues from older Intel designs, meaning they’re considered harmless. All in all, you shouldn’t worry about this.
Some more…
The ever-busy Japanese have produced another series of photos of the iMac Core Duo’s innards. This one has good views of both sides of the motherboards, of the FireWire chip, and of the Airport and BlueTooth modules, as well as of the CPU turned over besides its socket.
A BusinessWeek article tries to estimate Apple’s margins on the new Mac. As expected, they conclude that the Intel CPU is over double the price of what Apple was probably paying for the G5 chip – but that this may be compensated, in part, by using stock Intel controller chips. In general, they agree with my estimate that current margins are slightly lower.
The Ars Technica review has some interesting commentary and benchmarks.
Felix Schwarz has measured power consumption on his 17″ iMac Core Duo; it ranges from 1.2W on standby to 61W while playing a DVD on full brightness. This contrasts with values of 2W and 115W for a 20″ iMac G5 (from MacInTouch); admittedly a larger and older model, still it looks like power consumption has gone down. Apple’s specs still show the same 180W “maximum” power draw of the previous model, though.
Some more tidbits, in no particular order, some with commentary.
A nice photo of the insides of the last 3 generations of the 17″ and 20″ iMacs. Seeing this, it’s obvious that very little has changed between the last iMac G5 and the first iMac Core Duo; the layouts are very similar. It becomes clear that the iMac G5 with iSight was for most purposes, except for the logic board, version 1.0 of the iMac Core Duo – that also explains why the design hasn’t changed, and why there are only a few months between the two versions. It also follows that some fears about the new iMac are unfounded; most of it already is second geration quality.
The Apple/Intel FAQ makes most of the same points I’ve been making here, in a nicely done order. They also have pages linking to System Profiler output and other info; very interesting. For instance, you can see that there are 5 USB buses implemented: one for the iSight (so will there be an USB iSight out soon…?), one for BlueTooth and the IR receiver, and 3 external ones. Elsewhere you can see that FireWire is running off an Apple controller chip over PCI-Express. They haven’t so far picked up on the TPM chip’s presence; the German site Heise, however, has.
Still regarding FireWire, it’s now clear that the new Macs still have the usual target mode and FW booting capability, and it won’t go away. USB is an asymmetric protocol, so target mode isn’t possible, by the way.
Apple hasn’t used a socketed CPU for many years (I believe the last ones were in the 68020 machines), but the photo shows they’re using the SL8VQ version of the Core Duo – that one uses the micro-FCPGA pinout, with 478 pins, and it’s mounted on a socket. Still, I hear that the service manuals have leaked and don’t mention the possibility of exchanging the CPU.
Opinions on the feasibility and desirability of booting the Intel Macs into pre-Vista Windows vary widely. Some people believe that Apple must have used a stock EFI binary from Intel, which therefore would incorporate the legacy compatibility module; some people even believe it would be in Apple’s interest to do so. Personally, I still think that Apple had nothing to gain by including legacy stuff in its version of EFI, and that there is no “stock binary” anyway.
The new Mac’s Airport module appears to support the less-used 802.11a WiFi standard, apparently as a side-effect of the Intel chip used. Apple doesn’t seem to be mentioning this in the specs, so it may be unsupported for now.
So far, the reports indicate that no “fully universal” version of Mac OS X 10.4.4 is available; the Intel machines come with the Intel version, the PowerPC come with the PowerPC version. Some applications and components on both versions are universal, but not all; we may not see such a unified version until Leopard. By the way, the retail version is still 10.4.3 (PowerPC). My hunch is that the Intel version will not be available separately from the Intel Macs any time soon.
Some time ago I wrote:
Rainer Brockerhoff wrote:
I think Apple will take OS-hardware integration to a new peak with the Intel Macs. They’ll have a gigabyte or so of flash memory where an encrypted version of the Mac OS X will reside – a return to the days of the first Mac 128, when most of the toolbox was in ROM and the “System” file just contained patches and late-minute additions.
Looks like I was wrong on that. The nuts nice people at Kodawari-san have just posted pictures of the innards of the new iMac Core Duo; there’s no huge amount of flash memory visible. Of course these may or may not be pictures of an actual production system, but chances are that they’re authentic.
I wish they’d done more and sharper pictures, but here’s what we can see:
Front and back views of the CPU board (or is it the other way around? no matter). It can’t be properly called a motherboard since there are no expansion slots. The RAM socket is in the same place as in the last iMac G5.
A shot of the Intel Core Duo processor. The T2400 designator says it’s a 1.83GHz clock version. There’s a liquid cooling block which displaces the heat to a position where the fans can blow it away.
This is the ATI graphics chip. No surprise there.
An Intel 82945GM controller, also known as the 945GM Express chipset. This chip interfaces the Core Duo processor to DDR2 SDRAM and to the I/O controller; the frontside bus to the processor runs at 667MHz and is 32 bits wide. The memory bus is 64 bits wide and also runs at up to 667MHz. Of note here is that it’s limited to 4GB of RAM. It supports internal graphics, LCDs, TV output and some other stuff not used in the iMac. It also has a PCI-Express bus to which (judging from the board layout) the ATI chip is connected.
Now look at this picture. It shows an Intel 82801GBM I/O Controller Hub chip. This chip does most everything else; it also has a PCI-Express interface, LAN controller, 8 USB ports, SATA, IDE, audio, you-name-it. No direct FireWire support; obviously Apple has connected a separate controller chip to it. Most interestingly, the somewhat blurry 28-pin chip to the right in this photo seems to be the Infineon TPM chip.
I’ve downloaded Intel’s manuals for these chips; it’s a huge mass of information (and, strangely, Preview won’t open most of them, although Acrobat Reader works). More details after I’ve read all that stuff…
The last-gen iMac G5’s hardware manual doesn’t seem to be available, but the one for the May’2005 version is (it’s the one I’m typing this on). The block diagram is somewhat similar; the “U3 Lite” corresponds to the 82945GM chip, the “Shasta” corresponds to the 82801GBM.
Apple stock went up again, closing at $85.59. With this, Apple surpassed Dell in market cap ($72 billion). May not mean much, but some people were looking forward to it.
Apparently the new Intel Macs have a file called /System/Library/Extensions/Dont Steal Mac OS X.kext.
A 2004 paper on FireWire (pdf!) by WiebeTech’s CEO is making the rounds again. Basically, it makes the point that Apple bungled FW800 and that it will continue to be a niche market for some pro peripherals; it also says that the upcoming FW1600 and FW3200 won’t make it to market, as SATA and SATA II are lower-cost and faster. For what it’s worth, I’ve personally seen only one FW800 drive and it wasn’t working at the time, although I have several FW400 peripherals and prefer them over the USB2.0 alternatives. So the missing FW800 on the new Macs is no hardship for me.
Seems that the previously little-known ExpressCard is the new generation PCCard/PCMCIA/Cardbus. Its high speed bus interface would allow a MacBook Pro to have two FW800 or one SATA drives connected. Apparently it’s one more technology from the PC side that languished unused until Apple picked it up; for instance, ExpressCard digital camera card readers have just been announced. (This is the only type of PCCard I found useful in my PowerBook…) There are several more products out; this should be interesting.
Heh; did Steve Jobs really cut some “very cool stuff” from the keynote because of last-minute snags? That would explain that first hour which consisted mostly of what Brazilians call, very pithily, “filling sausages”… let’s see what the next few months will bring.
There’s a blurry photo of the iMac Core Duo’s innards. About what I expected; this certainly isn’t a standard Intel motherboard.
More anon.
Photos licensed by Creative Commons license. Unless otherwise noted, content © 2002-2024 by Rainer Brockerhoff.
Iravan child theme by Rainer Brockerhoff, based on Arjuna-X, a WordPress Theme by SRS Solutions. jQuery UI based on Aristo.
