Search in book...
Toggle Font Controls
Create new playlist

Name your new playlist

Playlist description (optional)
Sign In

Email address

Password

Forgot Password?

or

Continue with Facebook

Continue with Google
Sign Up

Full Name

Email address

Confirm Email Address

Password

or

Continue with Facebook

Continue with Google

Learn M-Series Details

Apple’s M-series chips are profoundly different from the Intel generation they supersede. For those who have read up on the architecture of an iPhone or iPad, this series of Apple silicon processors will seem familiar; those who haven’t may feel at sea. In this chapter, I explain how a system on a chip (SoC) works, how Apple’s processors differ from Intel’s, and how Apple bakes security into silicon.

You don’t have to be a chip-head or a hardware expert to understand the details that follow, nor will there be a test at the end. The idea is to give you a sense of what’s new—and sometimes extraordinary—inside the chips, and how special features enable entirely new capabilities.

How Apple Silicon Works

A traditional CPU-based system wastes a lot of time and energy moving data between it and other chips across a circuit board. Every time memory is manipulated, a security coprocessor needs to perform encryption tasks, or graphics operations have to be offloaded to a GPU (graphics processing unit), there’s a huge amount of signaling and voltage that consumes power, delays actions, and generates heat.

A computer will often also have separate chips for each type of controller, a combination of firmware and processor that manages communication with hardware devices. That includes standards like Thunderbolt, USB, and PCIe that connect your computer to printers, displays, and drives. (PCIe is typically used to connect expansion cards in computers with slots.)

Separate Controllers Allow Greater Throughput

Some controllers come in multiples to create separate data paths, or buses, for different ports or sets of ports. Each USB/Thunderbolt bus in M-series Macs can carry up to 40 Gbps in each direction simultaneously plus a certain amount of video data. The more buses, the more monitors that can be supported, more or less.

Apple provides two USB/Thunderbolt buses with its M1 and M2 chips. Based on the designs, I believe the M1 Pro and M1 Max have two and four buses, respectively. Apple doesn’t publish this spec, but you can extract it: hold down Option, go to  > System Utility, and select Thunderbolt/USB4 or a similar entry in the left-hand list under Hardware. The M1 Ultra has a slightly more robust configuration of buses, but those aren’t documented, either.

For reasons best known to Apple, the higher-end iMac models released at the end of April 2021 have four USB-C ports, but only two are Thunderbolt 3/USB4—the other two are “plain” USB 3.1 Gen 2 (10 Gbps) versions that don’t allow for video or networking. The Mac Studio model may explain it: it comes in an M1 Max version with a similar USB/Thunderbolt split, and an M1 Ultra flavor where all the USB-C ports support Thunderbolt 4. That indicates the chip includes an additional Thunderbolt bus compared to the other M1 chips.

A computer also needs radio chips for Bluetooth and Wi-Fi (and sometimes cellular), as well as storage chips packaged as solid-state drives (SSDs).

On an Intel-based Mac (or an AMD- or Intel-based computer of any kind), the processor is a generic model available to any manufacturer. The rest of the chips required to make up the computer are largely commodity items, sourced based on cost and features. Apple uniquely has often designed or had made to its spec some secondary chips to provide a specific set of features or meet certain performance criteria.

But taken altogether, every CPU-oriented computer is a Frankenstein, however nicely assembled and however well every part works together.

In contrast, a system on a chip combines most functions into a single hunk of silicon. It is more like an organism designed in the lab and produced from scratch, in which each part is designed to work with each other. Instead of lumbering along and occasionally delivering 100-page soliloquies (Go read Frankenstein! The monster really does that!), a SoC is a thing of efficient beauty, as described in detail below.

CISC and RISC

The reason for the rise of SoCs is coupled with a long-term shift in computing from processors that use CISC (Complex Instruction Set Computing) to RISC (Reduced Instruction Set Computing). AMD and Intel’s PC-oriented CPUs devote several processor cycles to each command, letting them carry out complicated tasks all in one go. However, simple commands take just as long as complicated ones. Coding for such processors is hard to optimize for both simplicity and complexity, and the processors are by nature larger and more complicated than those that rely on RISC.

A RISC processor carries out one command per cycle, requiring more instructions to complete a complex task, but executing simple tasks faster. This allows compiler designers and programmers a lot more room to optimize code. The processors are simpler by some definitions, too, as they don’t need to know how to process as many different instructions.

Apple originally used CISC processors (the Motorola 68000 series). As RISC emerged, and CISC-chip maker Intel seemed joined at the hip with Microsoft, Apple formed a partnership with IBM and Motorola to develop the RISC-based PowerPC architecture, which it deployed in 1994. However, PowerPC designs didn’t improve fast enough for Apple’s liking, and in 2006 they adopted Intel’s newest generation of CISC processors. Intel’s speed improvements petered out over a decade as RISC rose to prominence again, including in Apple’s iPhones and iPads. Apple’s move to their own RISC-based chip designs was to assert more control—and to advance performance.

RISC processors aren’t per se better than CISC ones in terms of tasks they can perform, but over time their sheer efficiency and simplicity seems to have allowed them to advance more rapidly, and thus outperform their CISC counterparts through maturity.

Along with components that appear in most computers, Apple has also built in a machine-learning silicon engine. The company has counted that for years as part of its key strategy in iPhones and iPads, and now it’s an unfolding part of its strategy for the future of macOS, too.

Tiny Transistors and More

A system on a chip combines a CPU and other components into a single chip. While there’s a large development cost for such a chip, it dramatically reduces the per-unit cost of manufacture, because there are fewer pieces required and less assembly, and less can go wrong.

SoCs date back 30 years in a limited fashion for personal computers. It then became common not long after in “embedded systems,” which are standalone devices like DVRs, security equipment and sensors, and other equipment that has a single-purpose computing need.

Apple began using SoCs with the first iPhone in 2007, and started producing SoCs with its own designs in 2010 with the A4 that appeared in the iPad. All new models of iPad, iPhone, iPod touch, and Apple TV that followed use Apple’s A-series chips, and other SoCs were designed in house for the Apple Watch, AirPods, and HomePod.

Apple has followed similar principles with its M-series chips (Figure 1). The SoC contains the CPU, GPU (graphics processing unit) that runs the display, memory, device controllers for USB, Thunderbolt, and other interfaces, security (the Secure Enclave and other elements), and caches that hold bits of code and data temporarily and often have a key role in improving processing throughput. The M1 and M2 series don’t package radio components or SSD storage.

Figure 1: The M1 Pro chip package is exposed here (photo: Apple). — **Figure 1:** The M1 Pro chip package is exposed here (photo: Apple).

Apple also built its M-series chips on the 5 nanometer (nm) process, which refers to the size of the tiniest units in the silicon. These small units have related heat and power advantages. The smaller the units, the less energy that’s consumed and the less heat generated. This allows smaller process chips to run faster without overheating, but also more efficiently. Combined, they conserve battery life better than comparable larger processes while requiring less cooling from fans or subsystems. “CPU performance per watt” is the measure, and Apple says its M1-series chips exceed all competitors (Figure 2). The M2 is even more efficient (Figure 3).

Figure 2: It’s almost ridiculous how much more energy-efficient Apple’s M1s are than comparable “PC” chips. (Chart: Apple) — **Figure 2:** It’s almost ridiculous how much more energy-efficient Apple’s M1s are than comparable “PC” chips. (Chart: Apple)

Figure 3: The M2 chip offers even greater power efficiency. (Chart: Apple) — **Figure 3:** The M2 chip offers even greater power efficiency. (Chart: Apple)

Smaller processes also allow more components to be packed into the same space, as there are substantial physical limits on the maximum size of a single chip.

Apple is the first company to build a computer around 5 nm process chips, and was one of two to use such tiny circuits in mobile phones, starting with the iPhone 12 series in 2020. (Huawei was the other.)

Apple’s first Intel chips were 65 nm process back in 2006, and Intel currently mostly fabricates 10 nm and 14 nm chips today with a plan to shift almost entirely to 10 nm by the end of 2021. Intel has a roadmap to introduced a long-delayed 7 nm size in 2022. (For technical reasons, Intel’s 10 nm are more like 7 nm chips from other makers and 7 nm more like 5 nm! The details are technical and tedious.) This probably played into Apple’s thinking about making its own transition.

Intel competitor’s AMD makes chips closer to Apple’s size, but there’s some vibrant discussion about whether the size labeling has any real value. And does it matter, even, when roadmap control, performance-per-watt, and overall performance are the key issues guiding Apple?

Many Cores, Some Fast and Some Slow

CPUs used to be serially monolithic: they could do one thing in a sequence at a one time. Some very clever people realized that as chips shrunk in size per the above-mentioned reduction in processes it was feasible to copy and paste multiple CPUs on the same single chip, allowing them to run in parallel.

Each of these mini-CPUs is counted as a core, and can provide huge performance improvements without proportionately increasing the cost of manufacture or the devices on which they run. Nowadays, it’s hard to find a single-core device, except for some very low-end notebook computer and mobile phones.

Multi-core processors work best for tasks that can be divided to run simultaneously. Fortunately, that’s true for a lot of the most processor-intensive operations involving audio, images, video, and animation, and it’s a reason you can find GPUs with more cores than CPUs. It also allows serial tasks to run separately on different cores, like background operations or even different apps altogether.

Apple not only hopped on the multi-core bandwagon early, but also modified macOS to break out system operations to work in parallel, as well as offering developers frameworks for parallelization in their apps.

They also engaged a different tactic in their A-series chips for iPhones and iPads. After first adding multiple cores of the same kind, they bifurcated: A-series chips now have fast and slow cores. Fast cores blaze through tasks, but also eat a battery charge faster; slow cores get the job done more slowly but more efficiently. iOS and iPadOS spend some of their time assigning tasks appropriately among these cores to offer long battery life without frustrating users streaming videos, playing games, or performing other tasks that lean on the CPUs.

M-series chips follow this practice. They’re designed as a combination of performance and efficiency cores. Apple’s use of the 5 nm process and this core approach allows for ridiculously long battery times on MacBook Air and MacBook Pro models, while also putting out very little waste heat. (See Work with Extended Battery Life for how to manage that extended life.) It likely also helped them design the super-thin display portion of M1-based iMac models.

The M-series chips also directly integrate a GPU, which is similarly very fast relative to previous GPUs, while also maintaining low energy consumption. You can see one improvement when switching among video resolutions on an Intel laptop: the change is not just instant, but there’s no momentary black screen as the display switches.

Apple went a step further with the M1 Ultra, which they said relies on a “secret” that was built into the M1 Max chips and not announced since they shipped in MacBook Pro models starting in late 2021. The M1 Max includes a connector strip that Apple calls UltraFusion, a massively high-throughput, low-power technology that connects what are effectively two separate M1 Max chips to form the M1 Ultra. This hidden connector let Apple extend their M1 technology before moving on to their new M2 series of chips.

The original M1 chip came in essentially a single configuration across all the models in which it appeared; the M1 Pro, M1 Max, and M1 Ultra have more options (Figure 4). The M2 chip has just a single version so far (Figure 5). Here’s how the current M1 and M2 chips vary, ordered by performance, not date introduction:

M1: All M1 chips have an 8-core CPU (4 performance/4 efficiency); all but two models have an 8-core GPU: the entry-level M1 MacBook Air and 24-inch iMac both have a 7-core GPU option paired with a 256 GB drive.

Figure 4: A family portrait of the M1 series of chips (left to right): M1, M1 Pro, M1 Max, and M1 Ultra. (Photo: Apple)
M2: The initial M2 chip has an 8-core CPU like the M1 and a 10-core GPU. An entry-level model available for MacBook Air configuration has an 8-core GPU paired, as with the similar M1, with a 256 GB SSD.

Figure 5: The M2 has more GPU cores and complexity than its predecessor, but it’s still more power efficient. (Photo: Apple)
M1 Pro: You can get an M1 Pro as a 8-core CPU/14-core GPU combo or as 10/14 or 10/16. In all cases, two CPU cores are the efficiency type.
M1 Max: The M1 Max features a 10-core CPU (8 performance/2 efficiency) with either a 24-core or 32-core GPU.
M1 Ultra: Because the M1 Ultra is two M1 Max chips, you can get the Ultra as a 20-core CPU (16 performance/4 efficiency) with either a 48-core or 64-core GPU.

Lots of Extras

The M-series builds in a number of additional components as well. These include:

Memory: An M-series Mac is just as limited to the amount of RAM it ships with as Intel Macs that had RAM soldered directly to the motherboard, because the memory circuitry is directly incorporated into the SoC. The M1 can be configured with 8 or 16 GB; the M2 with 8, 16, or 24 GB; the M1 Pro, 16 or 32 GB; the M1 Max, 32 or 64 GB; and the M1 Ultra, 64 GB or 128 GB.

Memory is used so much more rapidly and efficiently that a 16 GB M-series Mac seems to outperform Intel Macs with 32 GB or 64 GB.

Secure Enclave: As I discuss next in How Security Is Baked In and Manage System Security, the M-series chips include a Secure Enclave, also part of later A-series chips for iPhone and iPad and the T2 Security Chip found in recent Intel Macs. (Touch ID relies on the Secure Enclave, and is available on laptop Macs and on M-series Macs paired with the wireless Magic Keyboard with Touch ID.)
ProMotion: Macs incorporating an M1 Pro, M1 Max, or M1 Ultra can refresh video at up to 120 Hz on the internal display and dynamically adjust that rate as needed by the content. This optimizes battery life. But owners can also set fixed refresh rates if that is more comfortable or required for production purposes.
Media engine and ProRes support: The M2, M1 Pro, M1 Max, and M1 Ultra include a custom Apple media engine that allows a MacBook Pro to use substantially less power and achieve faster performance with video editing, processing, and playback at resolutions up to 1080p. But the chips also add a ProRes video encoder/decoder (codec) for professionals performing 4K and 8K editing and production. The M1 Pro and M2 have a single regular and ProRes engine, the M1 Max has two of each, and the M1 Ultra has four of each.
Controllers: Apple built the latest flavors of the most popular connection buses into their new chips: Thunderbolt 3 and USB4; the M2, M1 Pro, M1 Max, and M1 Ultra knock that up a notch with Thunderbolt 4 and USB4. (The difference between Thunderbolt 3 and 4 is that optional features in 3 are required for certification in 4.)
Neural Engine: Apple has increasingly designed and integrated circuitry for machine-learning processing into its A-series iPhone/iPad chips. The M-series builds on that. macOS on an M-series Mac can tap the Neural Engine for any AI-related task in Apple’s apps and third-party apps. This includes an intelligent framing operating in Final Cut Pro. Previously, Mac apps had to lean on the CPU for these tasks. This new capability remains to be explored. The M1 Ultra has a 32-core Neural Engine; other M-series chips have 16.

Newer iPad Models Have M1 Chips, But Aren’t (Yet) Macs

Apple began equipping iPads with M-series processors with the 12.9-inch iPad Pro in April 2021. The M1 iPad Pro comes in configurations with up to a whopping 2 TB of storage. The tablet also incorporates Thunderbolt 3 directly, instead of just USB 3.1 over USB-C (10 Gbps), found in Pro models from late 2018.

The 12.9-inch iPad Pro is in many ways nearly the same as a Mac, except that it has a touch screen and no integrated keyboard (though cases come close), and is running a different operating system.

Apple switched the iPad Air model to the M1 in March 2022, but the new Air still maxes out at 256 GB of storage and USB 3.1 (10 Gbps).

But Apple keeps adding Mac-like features to M-series iPads. In June 2022, they said they would offer Stage Manager in iPadOS 16, coming in fall 2022, with support for overlapping windows and extended desktop on external displays up to 6K—but only with an M1 iPad.

How Security Is Baked In

Starting with Intel Macs shipped in 2016, Apple added a security coprocessor. The T1 SoC was the first, but it appeared inside only the 2016 and 2017 MacBook Pro models with a Touch Bar, and handled just Touch ID and a few unrelated purposes.

The T2 security chip was much more significant. Built into Mac starting in 2017, it features the Secure Enclave, a component that began appearing in iPhones as part of Touch ID. With M-series Macs, the Secure Enclave is built in as part of the Apple silicon SoC. That’s an improvement, making it even harder to access physically.

M-series chips also have a few hardware-based upgrades as part of the ARM chip architecture that weren’t possible with Intel chips, which I discuss after the Secure Enclave.

Secure Enclave Keeps Secrets

The Secure Enclave is a vault that handles encryption secrets, biometric information, and many kinds of private data. It’s designed for a lot of one-way operations and queries, and many kinds of data cannot be retrieved from it.

A Mac with Touch ID lets you enroll your fingerprints and train the sensor to your ridges and whorls. It sends that data directly into the Secure Enclave, never to emerge. (This is true for any M-series laptop and any M-series Mac using the Magic Keyboard with Touch ID—and for all iOS and iPadOS devices with Touch ID or Face ID.)

When you attempt to use Touch ID in the future, your Mac derives the characteristics of your attempt and passes some information about it to the Secure Enclave. The Secure Enclave then replies with a, er, thumbs up or down, which macOS processes. You can’t modify your stored fingerprints, but have to delete one or more and re-enroll them if they become less accurately recognized over time.

Touch ID over Wireless

When Touch ID first came to the Mac, I thought, Apple should introduce some kind of new external keyboard that allows Touch ID through some clever pairing and secure communication process. It only took six years, and they certainly weren’t reading my mind.

The Magic Keyboard with Touch ID that appeared alongside the April 2021 M-series iMacs offers just that capability. Apple didn’t release technical details, but they said it communicates wirelessly with the Secure Enclave on a Mac.

Apple bundles the keyboard with some iMac models and it can be purchased separately in both regular and extended (numeric keypad) versions. It lets you use Touch ID with an M-series iMac, Mac mini, or Mac Studio, and provides an alternative Touch ID input for M-series laptop models.

Because it’s built into the M-series SoC, the Secure Enclave is as tamper resistant as the rest of the chip. Any attempt to extract or manipulate its contents with tiny tools will more than likely destroy the chip’s contents.

On an M-series Mac or an Intel Mac with a T2 chip, the Secure Enclave is used for a number of different purposes:

Touch ID: As noted above, fingerprints are enrolled and stored securely within, with macOS querying the Secure Enclave to confirm matches at login.
SSD encryption: All M-series Macs only use SSDs for internal storage, and they have hardware-based always-on disk encryption. This is intertwined with the separate FileVault technology; see Enable and Manage FileVault.
Boot integrity: The Secure Enclave has some hardcoded information that prevents subverting a Mac when it starts up. Startup is a bootstrap process, like “pulling oneself up by one’s bootstraps.” Little bits of software get more complicated pieces of software running in a cascade until the OS is running. With the Secure Enclave, the first stage is loaded from read-only memory—instructions burned permanently into silicon—and each subsequent stage relies on encrypted validation to ensure nothing has changed.
Storage of encryption keys: Apple uses the Secure Enclave to keep the raw stuff of encryption unavailable to anyone—even Apple. Developers can also make use of the Secure Enclave to manage keys they want their apps to store.
Per-file encryption: The M-series chips allow third-party developers to encrypt individual files using an Apple framework with the full protection of the Secure Enclave. Because the encryption is handled entirely within the SoC, performance remains as fast with encrypted files as with unprotected ones. A developer also doesn’t have to build their own encryption software, or rely on open-source or licensed encryption code that they don’t control.

The Secure Enclave has no management associated with it. It’s just neatly there carrying out cryptographic and validation operations behind the scenes.

If your Mac is lost or stolen and you want to erase its contents remotely, the Secure Enclave allows this process to happen almost instantly.

Other Hardware Security Upgrades

Beyond the Secure Enclave, the M1 series has additional hardware-based protections:

System integrity: Although system file protection first appeared in OS X 10.11 El Capitan, the M-series chips add a hardware-based system integrity element. Only a version of macOS approved by Apple can run, and while macOS is active, an M-series chip continuously validates every piece of system software that executes and every system file that’s read. See Manage System Security for more detailed information about how to work with these protections.
Hardware-based kernel protection: After macOS loads on an M-series Mac, the memory occupied by its central components—its kernel—is locked using “kernel integrity protection,” so it cannot be modified while macOS is running.
Locking memory for executing or writing: Apple silicon has a nifty feature that defines each segment of memory, or pages, used for apps as being locked in one of two exclusive states at any given time: executable (can run code) or writable (can store data). (In fact, the company tells developers that this technology is “Write XOR execute”: XOR means “exclusive or,” a logic term for “either of these but not both.”) This prevents malware from using a common hacking technique of exploiting errors in the operating system or app to overflow where an app stores data into a code area. The malicious code is then executed instead of the legitimate instructions. By locking each area in one state, it’s extremely difficult for this kind of attack to succeed.
Partitioning device access to memory: On an Intel Mac, any hardware connected via PCIe (an expansion bus used for connecting controllers for super-fast drives, external GPUs [eGPUs], and audio and video interface cards) can access any part of a pool of system memory. Compromising firmware in a peripheral or controller could allow access to all sorts of information on a Mac. With M-series Macs, PCIe devices are restricted to their own set of memory.

Note: The M-series Macs have internal PCIe connections; we haven’t yet seen external support for eGPUs.
Security with a new architecture: The ARM architecture and changes in the built-in version of the Secure Enclave and other security features in M-series chips avoid a couple of nasty bugs that can be exploited with Intel Macs. A full explanation can be found at this Apple Insider article.

..................Content has been hidden....................

You can't read the all page of ebook, please click here login for view all page.

Table of Contents for Learn M-Series Details

Create new playlist

Sign In

Sign Up