(security.apple.com)

295 points djoldman | 1 comments | 06 Nov 24 13:48 UTC | HN request time: 0.21s | source

Show context

jagrsw ◴[06 Nov 24 14:25 UTC] No.42062732[source]▶

>>42062230 (OP) #

If Apple controls the root of trust, like the private keys in the CPU or security processor used to check the enclave (similar to how Intel and AMD do it with SEV-SNP and TDX), then technically, it's a "trust us" situation, since they likely use their own ARM silicon for that?

Harder to attack, sure, but no outside validation. Apple's not saying "we can't access your data," just "we're making it way harder for bad guys (and rogue employees) to get at it."

replies(5): >>42062974 #>>42063040 #>>42063051 #>>42064261 #>>42065655 #

ozgune ◴[06 Nov 24 14:41 UTC] No.42062974[source]▶

>>42062732 #

+1 on your comment.

I think having a description of Apple's threat model would help.

I was thinking that open source would help with their verifiable privacy promise. Then again, as you've said, if Apple controls the root of trust, they control everything.

replies(2): >>42063861 #>>42063907 #

1. dagmx ◴[06 Nov 24 15:36 UTC] No.42063907[source]▶

>>42062974 #

Their threat model is described in their white papers.

But essentially it is trying to get to the end result of “if someone commandeers the building with the servers, they still can’t compromise the data chain even with physical access”

↑

Private Cloud Compute Security Guide