What's the benefit of hardware-based security tech? Is it actually doing anything special, or just doing what security software is doing, but in hardware?
Take for example the secure enclave on an iPhone. If the FaceID / TouchID was implemented in software then you could read it from memory if you compromise the A11 chip. Instead you have to now compromise both the secure enclave and the A11 since it is isolated from the A11.
General-purpose processors have to be secure while executing untrusted code, providing a large number of features, and providing good performance.
The secure enclave isn't subject to these constraints, allowing for more conservative design decisions.
You've found a privilege-escalation attack that can let sandboxed apps escape their sandbox? Still secure if the chip can't run apps in the first place. You've found a bug in the USB disk mode emulation code? Still secure if the chip doesn't have any USB code on it. You've found a bug in branch prediction? Still secure if your chip didn't use it. You've found a way to abuse the third party developers' debugging interface? Still secure if your chip provides no such interface...
Yes, it absolutely is more than 2x harder. The attack surface of the secure enclave is considerably smaller than the attack surface of the AXX chip as a whole, and you need a significant jailbreak/compromise before you could even target the SE.
Because you need two compromises and hacking the secure enclave is a much harder proposition than finding a exploit that allows you to read the memory of an iPhone. Public information about how the secure enclave really works has been hard to come by.
Yes but you can detect that. The enclave can sign a statement that you could verify with a public key for that enclave. So if you replace the hardware there is no way to do that anymore as you cannot extract the private key from the original enclave.
