“Secure all content and settings” vs “Erase” using disk utility on a Mac with a T2 chip

[Rumors_newbie]

I recently sold a MBP with a T2 security chip hoping that my data is completely erased, beyond recovery. My understanding is that the “Erase all content and settings” feature securely erases the encryption key stored somewhere (I forgot the name).

If I didn’t use this “Erase all content and settings” feature, and just went into disk utility and erased/reformatted the partition from there, can I be sure that the encryption key was securely erased? Because as “careless” as I am I just did that and didn’t read Apple’s specific T2 chip instructions.

 

[Rumors_newbie]

To clarify, I think I remember doing the steps this guy describes in the second part of the video:

 

[ondioline]

No, if you didn't use EACAS then the cryptographic key for encryption in the secure enclave is still the same.

 

[Rumors_newbie]

No, if you didn't use EACAS then the cryptographic key for encryption in the secure enclave is still the same.

Thanks for the response. Do you have a source?

Also, if the new user sets up their computer with migration assistant, will that reset/transfer the key in the Secure Enclave?

 

[chabig]

If I didn’t use this “Erase all content and settings” feature, and just went into disk utility and erased/reformatted the partition from there, can I be sure that the encryption key was securely erased?

I agree with ondioline. I believe the encryption key would still be in the Secure Enclave. But it wouldn't matter because you erased the data, right?

You can erase the Secure Enclave in Recovery mode using terminal.

How to Clear your Macbook's Touch Bar and Secure Enclave Data

The MacBook is one of the most powerful laptops with many functions and security features. Users can use a touch bar on MacBook devices for various

techviral.net

 

[ondioline]

Thanks for the response. Do you have a source?

Also, if the new user sets up their computer with migration assistant, will that reset/transfer the key in the Secure Enclave?

No, the thing EACAS erases is the 'media key' which wraps all the subsequent volume keys, it has to be explicitly changed to make decryption impossible. Although I doubt you need to be this paranoid, no one is going to recover your files lol

 

[FreakinEurekan]

Erase All Contents & Settings vs. erase via Disk Utility - either is fine. Erase All is far more convenient in that you don't have to then reinstall. But since it's done now - you're fine.