
Apple T2 Security Chip: Security Overview [pdf] - chillaxtian
https://www.apple.com/mac/docs/Apple_T2_Security_Chip_Overview.pdf
======
hyperrail
One interesting point in the discussion of UEFI secure boot: it appears there
is no way to boot OSes other than Mac OS and Windows without disabling secure
boot entirely.

> _By default, Mac computers supporting secure boot only trust content signed
> by Apple. However, in order to improve the security of Boot Camp
> installations, support for secure booting Windows is also provided. The UEFI
> firmware includes a copy of the Microsoft Windows Production CA 2011
> certificate used to authenticate Microsoft bootloaders._

> _NOTE: There is currently no trust provided for the the Microsoft
> Corporation UEFI CA 2011, which would allow verification of code signed by
> Microsoft partners. This UEFI CA is commonly used to verify the authenticity
> of bootloaders for other operating systems such as Linux variants._

It isn't clear whether new root CAs can be added or if there is a customer-
accessible setup mode for secure boot at all.

Another part of the discussion is about the various levels of secure boot
enforcement. In the default "Full Security" mode, the Mac OS setup (or Boot
Camp assistant for Windows boot) requests that Apple sign the OS boot loader
with a signature derived from the T2 chip's unique ID, and then the boot
firmware on the T2 checks for this machine-specific signature on boot. As I
understand it, Apple claims that by simply changing its online service to deny
signing certain boot loaders, it can prevent many OS downgrades to versions
with known vulnerabilities.

~~~
tetrep
> As I understand it, Apple claims that by simply changing its online service
> to deny signing certain boot loaders, it can prevent many OS downgrades to
> versions with known vulnerabilities.

That seems like a very reasonable ability considering that "Full Security"
mode says, "This mode requires a network connection at software installation
time."

I'd guess it's a challenge/response deal with the T2 in your Mac issuing a
challenge to Apple. The response could be as simple as Apple signing the
signature of its software with the challenge, i.e. response = sign(challenge +
sign(MacOS))

Presumably it's whatever Apple currently does for iOS, as my understanding is
that it has the same downgrade protection feature and that is part of what
makes jailbreaking so precious, you need to be on the vulnerable version of
iOS in the relatively short window it's still being served by Apple (aka
before Apple patches some or all of your exploit chain).

~~~
saagarjha
Last time this came around I believe it was shown that the process was similar
to the one used in iOS.

~~~
Wowfunhappy
With the very important difference that on the Mac, it can actually be turned
off.

~~~
dev_dull
For now.

------
voctor
"All Mac portables with the Apple T2 Security Chip feature a hardware
disconnect that ensures that the microphone is disabled whenever the lid is
closed." It's interesting, I don't know if other brands do that?

~~~
nabla9
Why you need security chip to ensure that?

~~~
SpikeDad
So no malware can be installed to override a software based interlock. No
malware can alter the contents of the T2 chip so code there cannot be changed,
altered or mitigated.

~~~
Dunedan
The T2 chip is just an ARM CPU running a customized version of watchOS. So in
theory malware could take over control of the T2 chip.

I also wonder what implications on features like the mentioned microphone
disconnect that'd have. My guess is that the T2 chip which also acts as audio
controller, simply doesn't forward audio signals received from the microphone
to macOS if the lid is closed.

Edit: Never mind. After reading further it becomes clear that it's really
disconnected in hardware:

> This disconnect is implemented in hardware alone, and therefore > prevents
> any software, even with root or kernel privileges in macOS, and even > the
> software on the T2 chip, from engaging the microphone when the lid is >
> closed.

------
techie128
What happens if the T2 Chip fails? Is it possible to recover data on the disk?
Or do we have to recover data from the last backup?

~~~
shittyadmin
I'm just waiting for the Rossmann video when someone manages to spill some
Coke on their T2 chip...

Shit like this is why I will never buy another Apple product. With my
encrypted drives I can pull them out, put them in another machine and decrypt
them no issues.

~~~
pilif
And the same goes for whoever steals/subpoenas your machine.

Shit like this is why I only buy Apple products.

The data I care about I have (encrypted) backups of. Not having backups and
hoping that a specific hardware failure will not affect my ability to restore
is equivalent to, well, just not having backups to begin with.

~~~
shittyadmin
> And the same goes for whoever steals/subpoenas your machine.

Yes, because clearly all other encryption technologies are so vulnerable to
theives and cops. There's only a pile of evidence of TrueCrypt and Bitlocker
being quite effective in the field against both criminals and law enforcement
agents.

And that's not to mention SSD-based technologies which still allow for
portability while mitigating some of the more theoretical attacks.

> The data I care about I have (encrypted) backups of. Not having backups and
> hoping that a specific hardware failure will not affect my ability to
> restore is equivalent to, well, just not having backups to begin with.

This is a good strategy, I too employ it with the majority of my important
data, but it's just not realistic for normal people. And I'm sure I'm
forgetting some scratch note or IDA database file that I'd be missing if I
lost my desktop drive today...

------
saagarjha
Is there anything different in the T2 chip introduced today in MacBook Air and
the one in the MacBook Pro released earlier this year?

~~~
josephmosby
Doesn't appear to be. Apple lists the MBP and iMac chips as one and the same -
assume that the MBA would be added to this list.
[https://support.apple.com/en-us/HT208862](https://support.apple.com/en-
us/HT208862)

------
JumpCrisscross
> _line-speed encrypted storage_

What does this mean?

> _The Mac unique ID (UID) and a device group ID (GID) are AES 256-bit keys
> fused (UID) or compiled (GID) into the Secure Enclave during manufacturing.
> No software or firmware can read the keys directly_

Does anyone know the details underlying this?

~~~
conradev
More information on the GID/UID can be found in the iOS Security Guide:

> With the exception of the Apple A8 and earlier SoCs, each Secure Enclave
> generates its own UID (Unique ID) during the manufacturing process. Because
> the UID is unique to each device and because it’s generated wholly within
> the Secure Enclave instead of in a manufacturing system outside of the
> device, the UID isn’t available for access or storage by Apple or any of its
> suppliers.

> Software running on the Secure Enclave takes advantage of the UID to protect
> device-specific secrets. The UID allows data to be cryptographically tied to
> a particular device. For example, the key hierarchy protecting the file
> system includes the UID, so if the memory chips are physically moved from
> one device to another, the files are inaccessible. The UID isn’t related to
> any other identifier on the device. The GID is common to all processors in a
> class of devices (for example, all devices using the Apple A8 processor).

[https://www.apple.com/business/site/docs/iOS_Security_Guide....](https://www.apple.com/business/site/docs/iOS_Security_Guide.pdf)

------
jsgo
anyone who uses eGPUs (w/ Nvidia): whenever I setup my MBP shortly after
buying (middle of this year), one of the steps required disabling Secure Boot
and another security item via terminal. Is that still the case? Pretty sure my
T2 chip is disabled due to this. Not a major loss if it must remain that way,
but wasn't sure if it was just mitigating something that is no longer an
issue.

~~~
saagarjha
> one of the steps required disabling Secure Boot and another security item
> via terminal

Probably SIP from Recovery Mode. This doesn't disable your T2 chip completely,
since it's still necessary do things like control your camera and microphone
or read from your SSD, but it disables certain protections.

------
solatic
I'm of two minds about how the T2 safeguards access to storage. On the one
hand, safeguards like these are a great step forward for endpoint security to
guard against device theft. On the other hand, if you break your machine in
some way that your storage is still intact - too bad, you're locked out.

What Apple is really saying with this kind of design is that you need to treat
your machine as if it were disposable. You won't worry about losing your data
if your laptop only has a cached copy. If your machine breaks, ditch it, get
another one, redownload your data from the cloud.

But most customers don't actually use their Macs this way. They don't see
their highly-priced luxury machines as disposable. They don't pay for cloud
storage; if they do, then they don't keep all their data backed up to their
cloud storage accounts, and they expect that their original data will still be
available. They don't have 3-2-1 backup strategies and they don't plan for
being locked out of their cloud backups.

So this doesn't feel to me like Apple focusing on security. It feels like the
security-focused extension of Apple's general strategy: rising prices and
declining repairability as the basic formula for strategic revenue growth from
their Western upper-class customer base. And that's something to be resisted.

------
jrochkind1
upvoting because I want people who know more than me about security to see and
comment. :)

