←back to thread

Private Cloud Compute Security Guide

(security.apple.com)
398 points djoldman | 4 comments | 06 Nov 24 13:48 UTC | HN request time: 0.629s | source
Show context
jagrsw ◴[06 Nov 24 14:25 UTC] No.42062732[source]
If Apple controls the root of trust, like the private keys in the CPU or security processor used to check the enclave (similar to how Intel and AMD do it with SEV-SNP and TDX), then technically, it's a "trust us" situation, since they likely use their own ARM silicon for that?

Harder to attack, sure, but no outside validation. Apple's not saying "we can't access your data," just "we're making it way harder for bad guys (and rogue employees) to get at it."

replies(6): >>42062974 #>>42063040 #>>42063051 #>>42064261 #>>42065655 #>>42078881 #
skylerwiernik ◴[06 Nov 24 14:44 UTC] No.42063040[source]
I don't think they do. Your phone cryptographically verifies that the software running on the servers is what it says it is, and you can't pull the keys out of the secure enclave. They also had independent auditors go over the whole thing and publish a report. If the chip is disconnected from the system it will dump its keys and essentially erase all data.
replies(4): >>42063402 #>>42063626 #>>42065085 #>>42073964 #
1. HeatrayEnjoyer ◴[06 Nov 24 15:18 UTC] No.42063626[source]
How do you know the root enclave key isn't retained somewhere before it is written? You're still trusting Apple.

Key extraction is difficult but not impossible.

replies(3): >>42063692 #>>42067336 #>>42078961 #
2. jsheard ◴[06 Nov 24 15:22 UTC] No.42063692[source]
> Key extraction is difficult but not impossible.

Refer to the never-ending clown show that is Intels SGX enclave for examples of this.

https://en.wikipedia.org/wiki/Software_Guard_Extensions#List...

3. yalogin ◴[06 Nov 24 18:53 UTC] No.42067336[source]
Can you clarify what you mean by retained and written?
4. abalone ◴[07 Nov 24 17:44 UTC] No.42078961[source]
According to Apple,

"A randomly generated UID is fused into the SoC at manufacturing time. Starting with A9 SoCs, the UID is generated by the Secure Enclave TRNG during manufacturing and written to the fuses using a software process that runs entirely in the Secure Enclave. This process protects the UID from being visible outside the device during manufacturing and therefore isn’t available for access or storage by Apple or any of its suppliers."[1]

But yes of course, you have to trust the manufacturer is not lying to you. PCC is about building on top of that fundamental trust to guard against a whole variety of other attacks.

[1] https://support.apple.com/guide/security/secure-enclave-sec5...