
Data is unrecoverable on macbooks with secure boot if T2 firmware gets corrupted - 0x402DF854
https://vimeo.com/421292722
======
olliej
I mean yes, the firmware guards the encryption keys, if the firmware is
corrupt then access to the key is corrupt.

If the key could be recovered with a corrupt firmware, then the SEP would be
open to an attack to extract the keys by forcing firmware corruption and then
using that as a path to compromising the device.

~~~
rasz
I mean I own the hardware. I should be able to backup the key.

~~~
olliej
you back up the data - the security model for an HSM (e.g. the T2) is that
secrets cannot be extracted. Once the key can be extracted it then that
security model is broken.

