T2 chip encryption benefits: "Your encrypted SSDs automatically mount and decrypt when connected to you mac."

Solution 1:

If you examine it at a glance it definitely looks useless - but if you look closer at the details, there are actually benefits to be had here:

First the case of the SSD being separated from the laptop is not as far fetched as you seem to indicate. I wouldn't be thinking of a scenario of a foreign intelligence breaking in and removing the SSD from your laptop without a trace of anything happening. Rather think of some day in the future where you hand in your laptop for repairs to have a bigger disk installed, or to have it replaced due to bad blocks ^[1].

You get your laptop back with a shiny new disk, but you have some certainty that the old disk isn't readable anymore as you've still got your T2 with the key. Similarly if you scrap your laptop, you can scrap the disk and the T2 separately and be reasonable sure that the disk cannot be read ^[2].

However, the main practical benefits comes by providing quicker responses to the average user. When you buy a new laptop and want to encrypt your drive, that can be done in the blink of the eye with this system, as the drive is already encrypted - you just need to protect the key with the user passphrase. This I assume would make more users encrypt their drives, as some could be put off by having to wait hours or days for the drive to encrypt (even though they can keep using the computer while it does so).

Similarly you can safely erase the drive in the blink of an eye. Just ask the T2 to erase the key, and you (and others) no longer have access to the contents on the drive. If the drive hadn't been encrypted in the first place - it is actually very difficult, if not almost impossible, to securely erase it. This can now be done even when the user has never activated FileVault.

^[2]I.e. breaking the main-board PCB into two pieces. It is relatively easy as the SSD and the T2 are separated by a narrow piece of PCB.