Anti-Competitive Apple Disables Trim Support On 3rd Party SSDs In OS X

One of the disadvantages to buying an Apple system is that it generally means less upgradeability and flexibility than a system from a traditional PC OEM. Over the last few years, Apple has introduced features and adopted standards that made upgrading or using third-party hardware progressively more difficult. Now, with OS X 10.10 Yosemite, the company has taken another step down the path towards total vendor lock-in and effectively disabled support for third-party SSDs.

We say "effectively" because while third-party SSDs will still work, they'll no longer perform the TRIM garbage collection command. Being able to perform TRIM and clean the SSD when its sitting idle is vital to keeping the drive at maximum performance -- without it, an SSD's real world performance will steadily degrade over time. Exactly how far depends a great deal on workloads, available free space, and how much idle garbage collection the drive controller performs independently of the OS TRIM command.

TRIM support has been baked into Windows and OS X for long enough that new SSDs aren't typically tested to evaluate the impact of not running TRIM has on the drive. Tests from 2010-2011 show that performance could degrade by 30-50% between a tortured SSD without TRIM and a drive where TRIM had run. Letting the drive perform its own garbage collection without running TRIM typically improved performance, but rarely back to baseline.

Why Apple Removed TRIM Support From Third-Party Drives:

The first thing to know is that Apple has long had a history of only enabling TRIM for Apple drives by default. If you installed a third-party SSD, you had to use a third-party tool to enable TRIM functionality. This was relatively easy to do, and there are a number of guides dedicated to showing users how to install an SSD of their own choosing while still enabling TRIM support.

What Apple did with OS X 10.10 is introduce kext (Kernel EXTension) driver signing. Kext signing means that at boot, the OS checks to ensure that all drivers are approved and enabled by Apple. It's conceptually similar to the device driver checks that Windows performs at boot. If a third-party SSD is detected, the OS will detect that a non-approved SSD is in use, and Yosemite will refuse to load the appropriate driver.

Attempt to boot a third-party SSD with Yosemite installed, and at least some users are apparently being met with a grey stop sign, as shown below:



If you're feeling generous, Apple likely made this change to improve device security under OS X. If you're feeling not-so-generous, Apple made this change to protect its profit margins. Apple charges $800 to upgrade a $1999 MacBook Pro from 256GB to 1TB of PCIe storage; our price checks suggest that drive should cost $800 if purchased separately. A 256GB SSD upgrade to a Mac Mini costs $200 -- more than you'd pay for a 256GB SSD separately.

There's a way to disable the driver signing that causes this problem, but here's the kicker -- it's an all-or-nothing procedure that requires you shut off the entire security system. You can either have TRIM support, or you can have driver security, but you can't have both.

The Shortsightedness of Apple's Approach

Here's why this is such a bad idea. Apple is now guaranteeing that a subset of its users -- typically its power users and biggest spenders -- are going to be forced to disable important security systems to make full use of their hardware. This comes as more iPhone attacks that use OS X as a vector are hitting the wild.

Microsoft, for all its many and numerous faults, always did one thing right when it came to protecting its users:  Even if you're a Windows pirate, you get full access to security updates. The company didn't make this decision out of the goodness of its heart -- it recognized that the herd immunity is as valuable online as it is in real life. Every user running with kext signing disabled is a potential attack vector.

Barring a change to Apple's own policies, there's little that third-party software vendors can do. There are more details here, but the bottom line is that users now have to choose -- you can have better security, or you can have better SSD performance at a reasonable price, but you can't have both on an Apple system.

Show comments blog comments powered by Disqus