undefined | Better HN

0 pointsnetizen-9368244y ago0 comments

Not that I use any apple hardware in the first place but I'm definitely not going to trust that assertion. Just buy a shitty burner

0 comments

3 comments · 1 top-level

olliej4y ago· 2 in thread

Apple details how the boot chain works in the platform security document. The early boot governed by an erase install is stripped all the way back to that.

There is no “firmware” at that point, it’s literally a boot rom, and the only thing that can be installed from that point is an apple signed binary.

If you don’t trust that assertion then there is no system you can trust, because at that point your threat model is people injecting malware at the fab.

netizen-936824OP4y ago

Has Apple's platform security document been independently verified?

olliej4y ago

The best I can say is no one has found a place where they've lied, and I'm sure that at this point some jailbreaker would have published something. They certainly had no problem doing so with the iphone4 (I think?) era bootrom bug.

On devices with a secure boot chain (Android verified boot on the better android devices), chromebook's secure boot (which a brief googling would imply is distinct from android's), or fuchsia's VX there is similarly an absence of independent audit.

So the question is, do you think Google, Apple, etc are lying about how their secure systems work? If you do, then the same applies to any other piece of hardware with a secure boot chain as well.

If you don't think they're lying, lets look at how a device reset works on apple hardware, to see how hard it would be to break device reset.

To understand how device reset works, we need to understand how apple devices work (at least the modern ones: Axx, Mx, intel devices with a T2 coprocessor). On these systems all storage is encrypted by keys held in the secure component of the SoC/T2. This encryption is done in hardware, in the interface between the system and the nand. It is impossible for anything at any privilege level, or in any other part of the SoC to ever see the raw bits in the nand.

"Erasing" the storage means resetting the storage keys. That's it. Because those keys are now gone it isn't possible for any malware (or anything at all) to have data persist across a reset. The only way it would be possible for anything to survive would be if a reset did not actually reset the encryption keys.

Even if the bootrom did fail to reset the storage keys, it doesn't read anything from the nand (why would it?), so nothing in the nand can stop the next step: the bit where it loads the install image being pushed over the physical connection to your computer (this is the bit that the limera1n exploit hit). The bootrom verifies the signature of the install image (using keys also burned into the rom), and starts that. The first thing that does is create a new filesystem[s?], so even if the bootrom had a catastrophic bug that meant it hadn't reset the storage key, the OS installer has blown away the content of the storage.

Basically, on an apple device, getting something to persist across a reset would almost certainly get you a golden pwnie :D

If the device you're concerned about lacks a secure boot system, then yeah, I would not be surprised if someone did manage to make malware they could persist a full reset/format/reinstall. I'd be really impressed, but not surprised.

1 more reply

j / k navigate · click thread line to collapse