[X-Istence]

You are missing the bigger picture in your attempt to immediately discard the original articles premise because you feel like it comes off as fanboy-fluff.

No other device on the market currently provides a secondary processor that runs full validation of the UEFI firmware before allowing the processor to start booting.

It's not just secure boot, which has been around for a while, it's everything around it.

On almost all other devices you could write new data to a flash chip and that now becomes the UEFI boot loader that is used (and can bypass secure boot). There is no verification of the UEFI boatloader that is possible because it's sitting in NVRAM or Flash... and you can't trust it to self-verify because it may have been tampered with.

[josteink]

> On almost all other devices you could write new data to a flash chip and that now becomes the UEFI boot loader that is used (and can bypass secure boot).

Let me see if I understand you completely.

What you're saying that if an attacker is willing to physically dismantle the machine, he can then, using SPI-flasher HW, replace the UEFI firmware on the machine with a custom UEFI firmware which does not enforce secure-boot...

And thus the machine's security is compromised?

If so, let me just state my opinion: If that's the kind of attacker you are trying to protect against, no matter of security measures is going to keep you fully secure.

And if we're going down that lane: what prevents an attacker this sophisticated from doing the same with the T2-chip's firmware?

What Apple offers with the T2 chip, for most people, has almost zero value, while providing lots of drawbacks over traditional UEFI Secure Boot.

This is all about Apple extending their platform lock-in to no longer only apply to mobile and tablet-space, but also to their traditional computer-line of products.

There's nothing noble being done here. It's just a plain-in-sight money-grab.

[X-Istence]

> What you're saying that if an attacker is willing to physically dismantle the machine, he can then, using SPI-flasher HW, replace the UEFI firmware on the machine with a custom UEFI firmware which does not enforce secure-boot...

Yeah, that's kind of the classic evil maid attack, and it is not unheard of for various spy agencies to dismantle devices to gain access or install bugs.

> If that's the kind of attacker you are trying to protect against

That is exactly what the T2 chip is designed to protect against, and more.

The T2 chip also runs all of the encryption/decryption for the integrated storage, this way all data on the flash is encrypted at all times.

I can imagine that the T2 chip over time will be able to do much more to help provide extra verification and security to the device and help keep users safe.

> And if we're going down that lane: what prevents an attacker this sophisticated from doing the same with the T2-chip's firmware?

Because the firmware on the T2 chip is signed and the way the chip is designed the only way to get firmware on it is to decap it because it is stored internal to the chip itself.

With your stock standard x86 motherboard that is not the case because the firmware is loaded from an unencrypted and unverified flash chip.

> What Apple offers with the T2 chip, for most people, has almost zero value

We'll have to agree to disagree, because the T2 chip also does full line-rate encryption/decryption of the storage with no OS involvement at all. This means if your laptop falls in the wrong hands, now people can't get at the data even by reading directly from the flash chips.

----

You are the one that claimed that the article was fanboy-fluff, I just described a feature that no other machine has... and you immediately consider it a money-grab rather than something to laud Apple for. Yet SecureBoot is good enough? Why not keep improving upon the status quo? Why not make it easier for people to keep their data private and secure?

It's all about defense in depth, and Apple added one more depth to their platform.

[josteink]

> Because the firmware on the T2 chip is signed

So is pretty much all UEFI firmware too though. It may not be encrypted, but it is certainly verified. Feel free to ask the Coreboot people about details here.

> We'll have to agree to disagree, because the T2 chip also does full line-rate encryption/decryption of the storage with no OS involvement at all.

But for people who has been using BitLocker or LUKS transparently (because it's built into the OS) for half a decade+, there are absolutely zero new things offered, and no visible improvements offered.

The only effective change is restrictions in end-user freedom.

> Yet SecureBoot is good enough? Why not keep improving upon the status quo? Why not make it easier for people to keep their data private and secure?

If a security feature which can easily be implemented (securely) in the OS is moved to firmware, I could be willing to consider that a good thing, but not it comes at the cost of end-user freedom.

And here it certainly does.

[dingaling]

> That is exactly what the T2 chip is designed to protect against

The point the OP was making is that if your threat has the technical ability to dismantle down to the circuit level and rebuild then you've got bigger problems. Such as corporal or legal jeopardy.

They could just beat you with a rubber hose until you log in. Or throw you in jail for five years for contempt of court.

The classic 'evil maid' attack is more like script-kiddie threat compared to that, and Secure Boot was sufficient protection.

[walterbell]

> No other device on the market currently provides a secondary processor that runs full validation of the UEFI firmware before allowing the processor to start booting.

HP laptops have a secondary processor (SureStart) for firmware integrity, http://h10032.www1.hp.com/ctg/Manual/c05163901