YetanotherHackerNewsdigest.com
HN Theater | HN Academy | HN Books

HN Theater @HNTheaterMonth

The best talks and videos of Hacker News.
Rankings: this week · month (mar/apr) · year (2024) · all time
digests · search

Hacker News Comments on
Demystifying the Secure Enclave Processor

Black Hat · Youtube · 2 HN points · 1 HN comments
HN Theater has aggregated all Hacker News stories and comments that mention Black Hat's video "Demystifying the Secure Enclave Processor".
Youtube Summary
by Tarjei Mandt & Mathew Solnik & David Wang

The secure enclave processor (SEP) was introduced by Apple as part of the A7 SOC with the release of the iPhone 5S, most notably to support their fingerprint technology, Touch ID. SEP is designed as a security circuit configured to perform secure services for the rest of the SOC, with with no direct access from the main processor. In fact, the secure enclave processor runs it own fully functional operating system - dubbed SEPOS - with its own kernel, drivers, services, and applications. This isolated hardware design prevents an attacker from easily recovering sensitive data (such as fingerprint information and cryptographic keys) from an otherwise fully compromised device.

Despite almost three years have passed since its inception, little is still known about the inner workings of the SEP and its applications. The lack of public scrutiny in this space has consequently led to a number of misconceptions and false claims about the SEP.

In this presentation, we aim to shed some light on the secure enclave processor and SEPOS. In particular, we look at the hardware design and boot process of the secure enclave processor, as well as the SEPOS architecture itself. We also detail how the iOS kernel and the SEP exchange data using an elaborate mailbox mechanism, and how this data is handled by SEPOS and relayed to its services and applications. Last, but not least, we evaluate the SEP attack surface and highlight some of the findings of our research, including potential attack vectors.
HN Theater Rankings

Hacker News Stories and Comments

All the comments and stories posted to Hacker News that reference this video.
Nov 26, 2017 · 2 points, 0 comments · submitted by wonderous
Maybe for a casual reader, but nothing is misleading about the headline unless you don’t understand how Apple’s Secure Enclave Processor (SEP) works.

For more on that, as mentioned in the linked page, there’s the “Demystifying the Secure Enclave Processor” talk from Blackhat:

https://www.youtube.com/watch?v=7UNeUT_sRos

Or here’s the PDF:

https://www.blackhat.com/docs/us-16/materials/us-16-Mandt-De...

rubyfan
> unless you don’t understand how Apple’s Secure Enclave Processor (SEP) works.

So basically it’s only misleading to 99.9999% of people?

floatingatoll
Back when this was first posted, the headline on HN from an article was “Secure Enclave decrypted”, which couldn’t be further from the truth. The more nuanced “Secure Enclave firmware decrypted” replaced it, and is vastly more accurate. Both headlines fail a general public test IMO, but at least the “firmware” is factually true!
CapacitorSet
Not on HN, where I expect most readers to understand what is firmware and what happens when you have its binaries and/or source code.
kbenson
I think the best you can hope for, even here, is that the majority says "from the headline I'm not sure what that means in practice, so I'll reserve judgment until I look into this."

And even that's a tall order.

askafriend
I think you’re a bit out of touch in that regard.

I think that 99.99% applies to even HN and it certainly applies to me.

geofft
Even if you understand firmware (which I wouldn't expect of most readers, just some; the reason we develop abstractions is so our fellow hackers can hack on new things instead of studying the same things we already studied and hacked), it's extremely common for companies that keep security software secret to rely on that secrecy for security. You need to understand the Secure Enclave in particular and believe that the Apple folks are both talented and honest enough to implement what they say they're implementing to know that, in this case, that's not what's happening.
HN Theater is an independent project and is not operated by Y Combinator or any of the video hosting platforms linked to on this site.
~ yaj@
;laksdfhjdhksalkfj more things
yahnd.com ~ Privacy Policy ~
Lorem ipsum dolor sit amet, consectetur adipisicing elit, sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.