USB ports on Apple Silicon Macs: Accessory Security and liquid detection
If you have a laptop Apple silicon Mac, you’ll no doubt have discovered one of its novel features: connect a USB or Thunderbolt peripheral to one of its USB-C ports, and you could be asked whether to allow it to connect, as a result of its Accessory Security. This isn’t available in desktop models, though. This article explores how it works and how it’s associated with liquid detection.
Accessory Security setting
At the foot of the Privacy & Security section of System Settings in capable Macs is an extra control Allow accessories to connect. In macOS Sequoia this has four options:
Ask Every Time, which prompts you to approve every time you connect a peripheral to a USB-C port.
Ask for New Accessories, which only prompts you to approve devices that it hasn’t connected previously. However, if your Mac is locked for three days or more, it may ‘forget’ devices that it approved previously, and require you to approve each again.
Automatically When Unlocked, which connects all devices without prompting, so long as that’s done when that Mac is unlocked.
Always, which will never prompt you to approve a device.
This novel security mechanism is intended to prevent laptop Macs from being attacked using plug-in USB or Thunderbolt devices intended to breach their security. Apple considers laptop models to be most at risk, but surprisingly still hasn’t offered this as an option in any of its desktop models.
Approval
When you connect a USB or Thunderbolt device to one of your Mac’s USB-C ports, there will be a momentary delay and, if your approval is required, an alert will be displayed.
To approve or refuse that invitation, you’ll first need to unlock your Mac if it’s locked. Peripherals such as hubs and docks that can charge your Mac will still be able to do that even if you don’t allow them to connect, but all other features will be blocked until you click on Allow.
How it works
To examine how Accessory Security works, I connected a Thunderbolt 4 hub to a USB-C port on a MacBook Pro M3 Pro, which supports this feature, and a Mac mini M4 Pro, which doesn’t. The setting for the laptop was to Ask Every Time. I then captured their logs using LogUI and compared the contents of each.
Port activation
This consisted of a long sequence of entries from IOAccessoryManager detailing port activation and initial configuration. Here are some waymarks among those, with elapsed time given in seconds:
0.883 IOAccessoryManager IOPortTransportState::setActive(): [Port-USB-C@2: CC] active: YES (transportType: 1 [CC])
0.883 IOAccessoryManager IOServiceNotificationManager::handleServiceReregistration(): [Port-USB-C@2/CC] Re-registering service…
0.883 IOAccessoryManager IOPortTransportState::initWithTransportType(): Initializing IOPortTransportStateUSB3… (transportType: 3)
0.884 IOAccessoryManager IOPortTransportState::initWithTransportType(): Initializing IOPortTransportStateUSB2… (transportType: 2)
0.884 IOAccessoryManager IOPort::_updateConnectionActive_block_invoke(): [Port-USB-C@2] m_connectionActive: YES, m_connectionCount: 1, m_connectionUUID: F53E1B0B-8347-4528-B77C-FC79E8A657C5
The last entry there records the connection’s UUID.
Is it authorised?
Next, authorisation was assessed:
0.885 IOAccessoryManager IOPort::_updateAuthorizationState(): [Port-USB-C@2] Updating authorization state…
0.885 IOAccessoryManager IOPort::_updateAuthorizationState_block_invoke(): [Port-USB-C@2] authorizationRequired: NO -> YES, authorizationPending: NO -> NO, userAuthorizationPending: NO -> NO, supervisedTransportActive: NO -> NO
Those will still appear in the log of a desktop Mac, but will say NO throughout.
There are repeated updates of the port’s pin configuration:
0.885 IOAccessoryManager IOAccessoryManagerUSBC::setPinConfiguration(): Updating pin configuration…
0.885 IOAccessoryManager IOAccessoryManagerUSBC::setCableActive(): activeCable: NO
0.885 IOAccessoryManager 1605 IOAccessoryManagerUSBC::setCableOptical(): opticalCable: NO
0.885 IOAccessoryManager IOAccessoryManagerUSBC::setDisplayPortPinAssignment(): dpPinAssignment: 0
0.885 IOAccessoryManager IOAccessoryManagerUSBC::setPlugOrientation(): plugOrientation: 2
0.885 IOAccessoryManager IOPortTransportStateUSB::setDataRole(): [@: IOPortTransportStateUSB3] Setting data role… (dataRole: 2 [Host])
Liquid detection
A little while later, in the laptop only, a hardware liquid detection sensor was checked, to see if there was any liquid present in the receptacle (port):
0.887 liquiddetectiond Starting LDCM Now
0.887 liquiddetectiond LDCM Discovery is enabled.
0.889 liquiddetectiond LDCM – Matched with V4…
0.890 liquiddetectiond LDCM – checkIsReceptacleEmpty: 0
0.890 liquiddetectiond LDCM – Handling LDCM interrupt event for port 2
0.890 IOAccessoryManager IOPortFeatureLDCMUserClient::_copyData(): Copying LDCM data… (target: Port-USB-C@2/LDCM)
0.890 liquiddetectiond LDCM – Feature Status: 0, Completion Status: 0, Measurement Pin: 0 Mitigations Status: 0, Wet: 0, Wet State Duration: 0
0.890 liquiddetectiond LDCM – checkIsReceptacleEmpty: 0
0.890 liquiddetectiond LDCM: liquidDetected: 0, receptacleEmpty: 0, shouldShow: 0
On a desktop Mac running Sequoia, you’ll only see LDCM is not supported on this device.
Approval
Preparations are then made to display the approval dialog, and authorisation status is updated:
1.116 IOAccessoryManager IOPort::_updateAuthorizationState_block_invoke(): [Port-USB-C@2] authorizationRequired: YES -> YES, authorizationPending: NO -> YES, userAuthorizationPending: NO -> YES, supervisedTransportActive: NO -> YES
As promised in Apple’s documentation, charging from the peripheral is enabled before approval:
2.639 IOAccessoryManager IOPortFeaturePower::_addPowerSource(): [Port-USB-C@2/Power In] Adding power source (powerSourceName: Brick ID)…
and the power chime may be sounded
2.718 gui/501/com.apple.powerchime xpcproxy spawned with pid 1677
Once approval is given in the dialog, this is recorded and the connection is then established fully:
4.709 IOUIAgent Received notification response! (userNotification: 0x620364480, .responseReceived: 1, .notificationCancelled: 0, .notificationDismissed: 0, userAuthorizationStatus: 2, port: <private>)
4.709 IOAccessoryManager IOPortUserClient::setUserAuthorizationStatus(): Setting user authorization status… (target: Port-USB-C@2, newUserAuthorizationStatus: 2 [Authorized])
Authorisation
Although Accessory Security settings are in Privacy & Security, much of which is concerned with controls implemented by TCC, protection and authorisation is here controlled by IOAccessoryManager. Its list of previously approved devices isn’t exposed to the user, and the only control is its single setting.
Liquid detection
The surprise feature is liquid detection, in the liquiddetectiond service and LDCM. This is a new feature in macOS Sequoia, and the following models:
MacBook Air M3 and later
MacBook Pro with M3 Pro or Max
MacBook Pro with M4 base, Pro or Max.
If there’s liquid in one of their USB-C receptacles (ports) when a USB-C cable is connected to it, a sensor should detect it and alert the user, advising them to shut the Mac down, disconnect all cables and leave it to dry. Full details are given in this support note, dated 23 November 2024.
Previously, reports of this feature claimed that it was intended for use by Apple to determine whether a laptop Mac had been damaged by liquid ingress. Like all laptops, internal components of MacBook Air and Pro models contain several liquid sensors already intended to reveal whether ingress has occurred. Sensors in the USB-C receptacles are clearly different, and are being used to prevent damage by corrosion inside the receptacle, rather than limit warranty or AppleCare+ repairs.
Summary
Accessory Security is available in all laptop Apple silicon Macs, and intended to prevent attack by malicious devices.
A single control in Privacy & Security settings determines when approval will be required for devices to be connected to a USB-C port.
This is controlled by IOAccessoryManager, which manages the initialisation and preparation of USB-C ports. TCC is not involved.
Some laptop M3 and M4 models have liquid detectors in each USB-C port. These will alert you if liquid is found when connecting to a USB-C port. This is intended to prevent corrosion occurring inside the receptacle, not to detect damage caused by liquid ingress.
