Apple's custom T2 chips are making their way into most new Apple Intel-based computers. The T2 chips were first added into iMacs in 2017, then included in MacBooks starting from 2018. These chips bring extra security to Apple machines. They feature a Secure Enclave coprocessor, which provides the foundation for APFS encrypted storage, secure boot, and Touch ID on Mac. In addition to the security components, the T2 chip integrates several controllers found in other Mac systems—like the system management controller, image signal processor, audio controller, and SSD controller. In short, whenever the OS wants to talk to the internal data storage device (usually a customized NVMe), it has to do it through the T2 chip.

Blancco Drive Eraser can successfully boot on those T2 machines, but the NVMe cannot be seen, the NVMe is in fact detected on the kernel level but it is not possible to bind it, most likely because the T2 chip does not allow it. Further investigation indicates that, in order to bind the NVMe and communicate with it, a Linux driver supporting the Apple T2 NVMe SSD controller is required: such driver has not been developed yet.

As Blancco continues work to find alternative way to erase these machines, it is also recommended that our customers engage Apple directly to report such issue if impacting production environments. If you are experiencing this issue, please submit a new support ticket with the details of the affected machines and issue reports from the machines, and we will continue to collect all customer reports.

Workaround:  Blancco has just released LUN 2.3 for Unix, which includes support for CLEAR Level erasure of Apple laptops using the T2 chip.  The release notes can be found here: Blancco LUN Eraser (for UNIX) version 2.3 has been released!  Please contact support for more information.