Thundergate: Apple’s alleged blocking of Thunderbolt 3 Devices

There seems to be quite a stir around Apple’s new 2016 MacBook Pro and its Thunderbolt 3 compatibility. Thunderbolt 3 devices released *before* the MacBook Pro that are purported to use the TI TPS65982 chipset are completely incompatible with the MacBook Pro, which allegedly supports only the newer TPS65983. Well, this is what the media claim. So far I’ve been unable to verify if this USB Type-C controller chip is to blame, if Apple are at fault, or if there’s a more complicated issue at the root of it.

I asked several manufacturers for comment, but haven’t received anything close to an explanation. These older TPS65982 devices appear at first glance to be deliberately blocked by Apple, but why? While some claim this is a typical Apple business move, I’m not convinced.

With no first-party Thunderbolt 3 products to their name, and relying entirely upon LG’s range of Ultrafine monitors to serve as the official choice of dock for their new range of MacBook Pros, Apple don’t appear to have much of a reason to block older Thunderbolt 3 devices. Of course, they could be intentionally handing an advantage to LG, but that seems like the sort of unscrupulous practise that would place such a public company in hot water, not least of all with the body responsible for maintaining the sanity of Thunderbolt 3.

One sensible hypothesis is that a lack of “certification” of these devices with macOS has forced their hand. And with Apple keeping the lid tight on their product releases until they’re ready to be announced, it’s not surprising that older devices missed out on the opportunity to gain certification with Apple’s, at the time, non-existent computer.

But what the heck is this certification process anyway? Surely Thunderbolt 3 is a specification, and any device that’s compliant with the specification should be compatible with any host that’s complaint with the specification. Why is there a need to check operating system compatibility on a device-by-device basis?

And why is the compatibility predicated on operating system? What if Windows 11 comes out, or macOS Banana? Must these new operating systems also block compatibility, or do they inherit it from their predecessors? If you know, please tell me! I’ve yet to find details of these processes.

From Thunderbolt’s own website (https://thunderbolttechnology.net/tech/certification):

Thunderbolt certification is a rigorous process in order to ensure an optimal user experience. Peripheral devices are certified to be compatible with specific operating systems and the devices are not end user upgradeable for additional operating system compatibility.

If certification is, indeed, a necessary process for all Thunderbolt 3 devices then it’s quite evident why those that predate the MacBook Pro are not compatible; it didn’t exist at the time.

Perhaps all implementations of the Thunderbolt 3 specification, including Apple’s, are beholden to this certification and forbidden from allowing compatibility with uncertified devices. It’s hard to picture an Apple doing what they’re told, but this may simply be a case of that. Perhaps the behemoth everyone loves to hate has simply fallen afoul of Intel’s gatekeeping efforts.

So is there a retrospective certification process to deliver compatibility with the MacBook Pro? Or has the switch to the newer TPS65983 chipset- which TI explictly recommend for Thunderbolt 3 devices in their list of applications- simply left old devices in the lurch with certification being too costly to be worth the effort? It seems like the latter, because every single dock and device manufacturer out there has moved on, either building a new product, or delaying an existing one so it can be certified.

I’m also curious to know if there’s something inherent with the design of the TPS65982 that prevents it from being certified? It would seem a low-hanging fruit to a manufacturer to simply certify an existing device, rather than build an entirely new one just for Apple’s computers. Specially when they *actually work with the MacBook Pro*. Could the TPS65982-based devices prevent an edge-case danger to Apple’s computers that isn’t present in Windows 10 implementations?

The fact remains, the “blocked” devices are actually compatible with Apple’s new MacBook Pro.

Don’t take my word for it; in my quest to not accept “no” for an answer when setting up the StarTech Thunderbolt 3 to Dual DisplayPort adapter with a MacBook Pro for my review I stumbled upon 9to5mac’s guide for using TB3 Enabler.

TB3 Enabler is a third-party Python script which, if macOS’s system integrity protection is disabled (ugh), will backup and patch the kernel extension responsible for gatekeeping Thunderbolt 3, magically making these non-certified, unsupported devices work.

I used StarTech’s Dual DisplayPort adaptor with a 13″ TouchBar MacBook Pro. After disabling system integrity, rebooting, patching and finally rebooting and patching again the product worked like a dream. My two 2560×1440 Dell displays sprang into life, a bitter insult thrown at my own Razer Blade laptop, which in most cases will only drive a single display over Thunderbolt 3.

That sounds super complicated, but TB3 Enabler isn’t wizardry; you can pretty much see the sum of what it does in a single glance right here: https://github.com/KhaosT/tb3-enabler/blob/master/tb3-enabler.py.

After doing some digging into what the patcher was actually doing, I decided to disassemble the ‘search’ and ‘replace’ instructions. Despite them both being 18 bytes long, only four of those bytes differ. Four bytes! Let’s have a look at them:

Before:


00000001 4889E5 mov rbp,rsp
00000004 4157 push r15
00000006 4156 push r14
00000008 4155 push r13

After:


00000001 4889E5 mov rbp,rsp
00000004 31C0 xor eax,eax
00000006 5D pop rbp
00000007 C3 ret
00000008 4155 push r13

These instructions set a return value, restore the state the calling function, and then simply exit. They do virtually nothing but return true, short-circuiting the “is this device supported” check in Apple’s code.

The simple fact that an four byte tweak to multiple in-lined copies of the same code in Apple’s IOThunderboltFamily.kext makes “unsupported” devices suddenly work seems to confirm the existence of a deliberate block, and it raises all sorts of questions about why it exists.

With Apple not willing to say more than “they’re not certified” perhaps we’ll never really know, but it’s clearly left a number of notable manufacturers of existing Thunderbolt 3 devices in the lurch, and many manufacturers with products in the pipeline have had to go back to the drawing board.

So what does this all mean?

If you’re willing to compromise the security and potentially the stability of your MacBook Pro, you can use the StarTech Thunderbolt 3 to Dual DisplayPort Adapter and many other Thunderbolt 3 docks to your heart’s content. It works. I’ve tried it. But you’ll be in for a painful experience with every new macOS update potentially breaking the hack, and having system integrity protection disabled risks either you, or some malware, trashing the sensitive parts of your operating system. Basically, read Apple’s own description of what it does before you continue..

But, you’re better off waiting. There are plenty of “macOS certified” devices in the pipeline, and the safe, stable and sane plug-and-play experience of using one of these will be well worth the wait. Using third party hacks, as much as they may work, in lieu of patience is a really bad idea. Without knowing exactly *why* they’re blocked, you could be putting your device or your computer at risk, and unless you absolutely understand what you’re doing; don’t.