
Apple confirms iOS kernel code left unencrypted intentionally - shritesh
https://techcrunch.com/2016/06/22/apple-unencrypted-kernel/
======
headShrinker
A move like this fits with a more general ideology Apple has been advocating
for the last three years. Privacy, security, and ultruism. Tim Cook has put is
mark on the company. One of the first things he did was apologize, (for maps)
something unheard of in Apple's culture. I haven't drank the cool-aid and
Apple has a lot of issues. I do see they however are making attempts at
differentiating from the general corporate behavior of the telecoms and
Google. Cook is differentiating from Jobs as well.

~~~
Kristine1975
>altruism

Then why does Apple avoid paying taxes?

Let's not kid ourselves: Apple is a company, and companies are only
"altruistic" if they expect that it will help their bottom line.

~~~
adrianN
Billings Learned Hand once said:

> Any one may so arrange his affairs that his taxes shall be as low as
> possible; he is not bound to choose that pattern which will best pay the
> Treasury; there is not even a patriotic duty to increase one's taxes.

If we want companies to pay more taxes (which I think we do want) we should
change the laws. You can't blame anybody for only paying the legally required
amount of taxes.

~~~
Kristine1975
_> You can't blame anybody for only paying the legally required amount of
taxes._

Of course I can (and I do). Apple and various other companies go to great
lengths to pay the least amount of taxes they can get away with.

~~~
lowtolerance
Why would anyone - individual or corporation - pay more taxes than they are
legally obligated to pay?

Don't get me wrong: I believe that corporations _should_ be obligated to pay
much more in taxes than most currently do, but I'm going to assume that you
don't knowingly pay more in taxes than you owe. If I'm wrong about that, then
I'm interested in hearing your reasoning as to why you feel like the
government is entitled to money to which they have explicitly stated that you
aren't required to pay if you meet certain conditions.

~~~
ScaryRacoon
> Why would anyone - individual or corporation - pay more taxes than they are
> legally obligated to pay?

Because they can't afford the accountants and lawyers required to pull of the
funneling of funds through various bodies and countries to get said reduction
in tax burden?

------
gcr
Is there _any_ modern kernel in widespread use that runs while encrypted in
RAM?

What kind of attacks would encrypting a running kernel prevent? The kernel and
hardware work together to enforce memory safety, so it can't be to prevent a
rogue process from reading kernel memory...

 _Edit:_ Is this talking about encrypting the kernel image in permanent
storage, or encrypting a running kernel in RAM? When booting Linux for
example, the boot loader will load the Linux kernel image into memory as a
gzip-compressed blob. The kernel's first instructions are a small decompressor
program that unpack the rest of the kernel image into memory and then jumps
into the uncompressed kernel. Did previous iOS versions do something similar
to their saved kernel image?

~~~
crypty
> encrypting a running kernel in RAM

How is that supposed to work? Ok, the CPU can fetch an encrypted instruction,
decrypt it and execute it, but when it needs to jump, how is it supposed to
know where to jump? Also encrypting each instruction separately and
independently would be trivial to reverse.

Is there any system that really runs encrypted code from RAM? Any papers
describing such a system?

~~~
evgen
A company that Facebook acquired a couple of years ago (PrivateCore) realized
that the L1 cache had grown large enough that you could run a hypervisor out
of it. You use a TPM secure boot chain to ensure you are booting the code you
need into the hardware you expect, load up the hypervisor and its keys, and
then this hypervisor is used to encrypt _everything_. Now you have encrypted
RAM, so physical possession of a running device gets you nothing at all.

~~~
Dylan16807
L1 had grown large enough? What do you mean? L1 was 32KB in the Pentium II
days, and for the last ten years of Intel chips it's been an unchanging 64KB.
Why would it have to fit into L1 specifically, rather than L2/L3? (If you do
use L2/L3, that's also been big enough to spare the space for a hypervisor
since the Pentium II, which had 512KB.)

~~~
wepple
Looks like they do use L3, alongside an number of other intel x86 features
(not surprisingly things like AES-NI)

[https://privatecore.com/wp-content/uploads/2014/02/pr-
privat...](https://privatecore.com/wp-content/uploads/2014/02/pr-privatecore-
vcage-general-availability.pdf)

Sorry couldn't copy/paste relevant section; formatting went horrible.

------
AdmiralAsshat
I suppose this is the only way to definitively stop any three-letter agencies
from asking you to backdoor your kernel.

~~~
matthewaveryusa
Also, all you need is one insider kernel developer to get all the source code
anyways. I always find these kinds of initiatives silly -- A lot of companies
think that an insider is a side-channel attack when really it's the main
vector.

~~~
iofj
Also, given enough money available, why ask people to build vulnerabilities in
? Does anyone seriously think Apple's (or anyone's) kernel team doesn't have a
single guy/girl that made at least one mistake ?

~~~
duaneb
Of course there are bugs, but they are hugely expensive to find.

------
justinsaccount
"The kernel cache doesn’t contain any user info, and by unencrypting it we’re
able to optimize the operating system’s performance without compromising
security," an Apple spokesperson told TechCrunch.

"Apple confirms iOS kernel code left unencrypted intentionally"

Which is it, cache (of what?) or code?

~~~
jevinskie
The spokesperson is talking out of their ass regarding performance. The kernel
is decrypted by iBoot once at boot, using the hardware AES engine. It remains
decrypted until the device is shutdown/rebooted. Decompressing _and_
decrypting the kernel takes less than a second at boot.

Also, TechCrunch fails to note that the kernelcache keys for most 32-bit
kernels (and all iOS versions) are publicly available. Private individuals
have dumped the keys for 64-bit kernels but they are not available publicly.
Even without the keys, any jailbreak allows for dumping of the kernel.
However, a kernel dump is missing very helpful MachO headers (handy for
kloading) and, for 64-bit kernels, the EL3 TrustZone Watchtower module aka
Kernel Patch Protection.

~~~
culturestate
> The spokesperson is talking out of their ass regarding performance.

I'm fairly certain that this statement was vetted by Craig Federighi himself
or, at minimum, a high-level engineering manager.

~~~
ghshephard
Both statements could be true - I wouldn't be too surprised to see Apple
stretch the truth; yes, it's true, performance on a 25 second boot (my iphone
6s) from cold was improved to 24 seconds. Doesn't really move the needle, but
still true, to some degree. A second here, and a second there - starts to add
up though, particularly on boot up, for those of us who end up doing that
multiple times a day.

Also, in general, any time you can remove code from a system, that isn't
contributing in any meaningful way, is just a good thing to do - both from
reducing attack surfaces, as well as general reduction in code size, and the
advantages that come along with that.

~~~
BillinghamJ
iOS 10 running on my iPhone 6S Plus is currently booting in about 5 seconds.
Not sure how though...

Also that's when I hold down the home and lock buttons, in order to force-
reboot. Perhaps now that doesn't fully reboot the phone.

~~~
jevinskie
I was curious so I benchmarked "decrypting" kernelcache.release.n66 on an
iPhone 6S and it took about 60 milliseconds to decrypt. It wasn't encrypted in
the first place so the decryption results in garbage, but it should be a valid
benchmark. The quick boot time with iOS 10 sure is nice, but it isn't because
the kernel isn't encrypted.

[https://gist.github.com/jevinskie/40df60e3e9d76ad05304be9bd5...](https://gist.github.com/jevinskie/40df60e3e9d76ad05304be9bd550d6ad)

------
ericmsimons
Could this be an invitation for researchers to find a backdoor the NSA
required Apple to put in there? Or are they just utilizing the crowd to help
secure against NSA attacks?

~~~
godzillabrennus
That would make sense. They have been on the offensive for protecting their
customers.

Trouble is auditing TrueCrypt cost $25k and it took massive rumors of a
backdoor to raise that. I'm not sold that auditing this will happen anytime
soon.

~~~
n42
Slightly off topic; but does anyone have any resources that go into a higher
level detail (I'm not very knowledgable of low-level programming type stuff)
of how an audit like the one done on TrueCrypt or a hypothetical security
audit on the iOS kernel works? How can anyone know with that degree of
certainty that software is secure and someone else won't find some exploitable
bit?

------
comex
The kernel and the root FS are now unencrypted - but not other things, such as
the bootloaders (iBoot, LLB) and the firmware for the SEP (Secure Enclave
Processor, used to handle things like Touch ID).

------
gionn
“The kernel cache doesn’t contain any user info, and by unencrypting it we’re
able to optimize the operating system’s performance without compromising
security,”

This is probably the only true part of the article, it means that they
disabled a kernel feature of cache encryption to speed-up performances.

It has nothing to do with source code nor binaries of the kernel.

~~~
spiderfarmer
Does the same count for the watchOS kernel? I mean, the performance
enhancements they claim to have realized have to come from somewhere.

~~~
djrogers
> the performance enhancements they claim to have realized have to come from
> somewhere

Even in the first beta, the performance enhancements are real. Numerous Apple
folks, including Craig Federighi, have said that with WatchOS1 and 2 they
'overshot' how conservative they needed to be with RAM and CPU (out of respect
for battery life), and with WatchOS 3 they have rebalanced that.

Time will tell how much of a hit battery life will take from this, but for a
beta things look good so far.

~~~
NEDM64
This, and they also realized they had leftover RAM.

------
fowl2
Hopefully they didn't tie their integrity/authenticity enforcement to their
encryption...

Although I'm guessing the whole segment is loaded into ram and verified by the
bootloader at boot then never touched again.

------
peterkelly
In other news: Google admits source code used in Android kernel can be
accessed by hackers

~~~
krastanov
I do not think they are talking about source code, rather about some compiled
code cache. I am not completely certain that the author of the article knows
what they are talking about (but I am quite confused myself and I will
appreciate an explanation).

Also, I thought a lot of the Darwin MacOS kernel had already publicly
available source code.

~~~
jevinskie
Some of the kernel is released months/years later as open source. You are
correct about the releases being macOS only, iOS xnu has never been open
sourced but it is, for the most part, identical. Apple has also been moving
code out of the open source kernel releases and into private, closed source
kexts. Kernel extensions like Sandbox have never been released.

~~~
jevinskie
I forgot to mention launchd. It was open source then was closed and split into
launchd/libxpc. It has always been a critical security component of macOS/iOS.
Many CVEs have been written about it even after it was closed via binary
reversing and fuzzing. Having the source again would be nice.

------
majewsky
> This would have been an incredibly glaring oversight, like forgetting to put
> doors on an elevator

You mean a paternoster? :)

~~~
rimantas
For the not familiar/lazy:
[https://en.wikipedia.org/wiki/Paternoster](https://en.wikipedia.org/wiki/Paternoster)

------
chronid
> The kernel manages security and limits the ways applications on an iPhone or
> iPad can access the hardware of the device, making it a crucial part of the
> operating system.

The kernel technically _is_ the OS, TC! Come on... :)

------
dguido
This is stupid. Anyone interested in writing jailbreaks for iOS would have
already had access to these binaries. People are blowing this way out of
proportion.

~~~
willstrafach
not true. 64-bit kernel was previously not possible to examine.

additionally: we now know what Watchtower looks like, something that was
previously a mystery and even incorrectly thought to be something that ran on
SEP instead of the AP.

~~~
dguido
If Stefan says it will you believe me?

[https://twitter.com/i0n1c/status/745922795977187329](https://twitter.com/i0n1c/status/745922795977187329)

You just used a kernel privesc that you probably already had to read it. NOT A
BIG DEAL.

~~~
jevinskie
That gets you a kernel dump, a decrypted kernelcache gives you very handy
MachO headers. And as Will said, the well known kernel dumping methods do not
dump Watchtower. I'm not sure if anyone has privately been able to dump
Watchtower with a kernel privsec or if it has only been possible with the
kernelcache keys.

------
NEDM64
Must be a revolutionary new feature called "jailbreak bait"...

