
Apple’s Secure Enclave Processor (SEP) Firmware Decrypted - wonderous
https://hackaday.com/2017/08/18/apples-secure-enclave-processor-sep-firmware-decyrpted/
======
runesoerensen
Previously discussed here
[https://news.ycombinator.com/item?id=15039460](https://news.ycombinator.com/item?id=15039460)

------
LeoPanthera
August 18, 2017

Also, don't be mislead by the headline. To quote a comment on the article:

"Imagine the Secure Enclave as a vault. Apple hung a big, dark curtain over it
to prevent anyone from even seeing the vault. Now, that curtain has been
opened and people can see the vault. The vault, however, is still locked as
securely as ever."

~~~
wonderous
Maybe for a casual reader, but nothing is misleading about the headline unless
you don’t understand how Apple’s Secure Enclave Processor (SEP) works.

For more on that, as mentioned in the linked page, there’s the “Demystifying
the Secure Enclave Processor” talk from Blackhat:

[https://www.youtube.com/watch?v=7UNeUT_sRos](https://www.youtube.com/watch?v=7UNeUT_sRos)

Or here’s the PDF:

[https://www.blackhat.com/docs/us-16/materials/us-16-Mandt-
De...](https://www.blackhat.com/docs/us-16/materials/us-16-Mandt-Demystifying-
The-Secure-Enclave-Processor.pdf)

~~~
rubyfan
> _unless you don’t understand how Apple’s Secure Enclave Processor (SEP)
> works._

So basically it’s only misleading to 99.9999% of people?

~~~
CapacitorSet
Not on HN, where I expect most readers to understand what is firmware and what
happens when you have its binaries and/or source code.

~~~
geofft
Even if you understand firmware (which I wouldn't expect of _most_ readers,
just some; the reason we develop abstractions is so our fellow hackers can
hack on new things instead of studying the same things we already studied and
hacked), it's extremely common for companies that keep security software
secret to rely on that secrecy for security. You need to understand the Secure
Enclave in particular _and_ believe that the Apple folks are both talented and
honest enough to implement what they say they're implementing to know that, in
this case, that's not what's happening.

------
abalone
_> It’s a black box that we’re not supposed to know anything about_

Nope. Apple published a whitepaper that details how the SEP works.[1]
Decrypting the firmware does help researchers look for vulnerabilities in the
implementation, but it's not like Apple is relying on it being a black box.

[1]
[https://www.apple.com/business/docs/iOS_Security_Guide.pdf](https://www.apple.com/business/docs/iOS_Security_Guide.pdf)

~~~
Cyph0n
Can you point out the section in that whitepaper that describes SEP in detail?
Because all I see is a high-level marketing document.

~~~
abalone
Says the PhD candidate in hardware security. You may want more low-level
details but it's inaccurate characterize it as "marketing". That's just snark.
It presents numerous details on the implementation of the SEP throughout the
document.

~~~
Cyph0n
The article claimed that SEP is a black box, which you _strongly_ denied based
on the contents of the security whitepaper. But when confronted, you failed to
present which part of the document presents how SEP is implemented _in
detail_.

If you would like to avoid such replies in the future, try to avoid making
strong, absolute statements. When I talk about topics I am unfamiliar with, I
tend to use phrases like "I think" and "I believe" quite sparingly.

> Says the PhD candidate in hardware security.

Again, the fact of the matter is that the Apple security whitepaper is a
marketing document. I'm not sure what my background has to do with that
though.

------
LeonM
How does one find such a key? It's my understanding the brute forcing such key
would take billions of years on a regular CPU, so can anyone here explain how
this was (probably) achieved?

------
nateberkopec
The link makes it sound like SEP only handles TouchID - is this true, or does
the SEP also deal with passcodes?

~~~
ikawe
It does more than that.

From the [ios security guide]:

> The Secure Enclave provides all cryptographic operations for Data Protection
> key management and maintains the integrity of Data Protection even if the
> kernel has been compromised.

e.g. you can encrypt and decrypt, referencing a key by id, but without having
the private key ever leave the enclave, even if the app or iOS kernel gets
compromised.

[ios security guide]
[https://www.apple.com/business/docs/iOS_Security_Guide.pdf](https://www.apple.com/business/docs/iOS_Security_Guide.pdf)

The Secure Enclave section is pretty short and the entire document is very
approachable.

~~~
DennisP
Sounds like basically what a cryptocurrency hardware wallet does.

Several months ago I saw a project making wallet software that used the
enclave. I forget who they were but I think they'll have a hard sell; everyone
just reflexively assumed it was insecure because it was on a phone.

~~~
iancarroll
Indeed, cryptocurrency hardware wallets and the SEP are basically just HSMs
(hardware security modules).

It's unfortunate people would draw negative connotations from it being on a
mobile device. The security architecture of iOS and the SEP combined with the
relatively wide deployment of iPhones makes for a great number of use cases.

~~~
yyzhero
The secure enclave uses secp256r1 while blockchain typically use secp256k1.
Since private keys can't be imported, blockchain devs still require software
interface until one or the others adopts the scheme.

~~~
onetom
[https://www.trustedkey.com](https://www.trustedkey.com) actually uses the
Enclave and also the equivalent component (Secure Element) in Android phones.

Both of these modules use the secp256r1 curve at least, so the signature
verification algo which runs on the blockchain can be the same for both types
of devices. (You can find some more details on this topic here:
[http://blog.enuma.io/update/2016/11/01/a-tale-of-two-
curves-...](http://blog.enuma.io/update/2016/11/01/a-tale-of-two-curves-
hardware-signing-for-ethereum.html))

Since the Byzantium fork there are some precompiles available for curve
operations. Using those for the r1 curve signature verification in EVM code
brought down the gas cost to practical levels.

------
hendersoon
This was actually cracked back in August, and sites quoted Apple as saying
they have no plans to fix it, presumably because obscurity is not security and
they originally encrypted it because well, why _not_?

Ultimately there will be some exposure from this, and they'll address each
exploit as it comes just like the rest of the system.

------
runeks
This is interesting. I hope Apple has some hefty bug bounties on SEP
vulnerabilities. I also hope Apple has chosen a sensibly safe language for the
SEP firmware code, since correctness is of essential importance here.

~~~
tyingq
See this blackhat paper for some detail.
[https://www.blackhat.com/docs/us-16/materials/us-16-Mandt-
De...](https://www.blackhat.com/docs/us-16/materials/us-16-Mandt-Demystifying-
The-Secure-Enclave-Processor.pdf)

------
log78
This article is extremely misleading to most people

