[bluegreyred]

> Intel is selling it as a way to keep secrets safe inside the processor against attackers with root/hypervisor software access or even physical access. Of course, a bevy of attacks in the recent months have demonstrated that this isn’t really achievable given the extremely large attack surface.

As a layman I have to wonder, should we expect similar attacks on Apple's Secure Enclave in the future?

[_0w8t]

It greatly helps Apple that T2 is a separated chip specially designed to do one function well, that is to do crypto in a secure way even in presence of physical attacks. How to do that has been known for quite some time. For example, modern SIM cards or cards for satellite tv are very secure and a physical attack is possible if one is willing to spend like over 100K per card.

What Intel is trying to do is to allow a general purpose secure computing with minimal extra cost. This is relatively new and as various bugs demonstrates may not even archivable. I.e. it may be possible to create provably secure chip, but its cost will make it a niche product.

[baybal2]

> physical attack is possible if one is willing to spend like over 100K per card.

Firmware recovery from "hardened" microcontrollers costs $15-25k here, and even that's most likely a "special foreigner price"

[baby]

It’s not about firmware recovery: it’s about tampering it in a non-intrusive way OR extracting keys from its secured non volatile memory.

[baybal2]

Yes, MCU with intentionally hardened flash blocks are what those firmware recoverers specialize. They do things like gemalto chips sim and credit cards.

[baby]

the firmware should not be in internal flash though, where the keys are

[baby]

It looks to me that having a standalone chip is not great in general due to hardware attacks: you can easily MITM the system bus for example. Whereas a number of attacks become much harder once you use an integrated secure element.

The form factor of the iPhone of course almost makes the T2 secure enclave an integrated secure module. I also don’t think hardware attacks are really considered anyway (and as we see most researchers focus on software attacks)

[kohtatsu]

Apple's Secure Enclave is a coprocessor designed specifically to reduce attack surface, and minimize the surface area of untrusted code.

It physically separates the ephemeral secret-storing (touch/face ID) and the hardcoded crypto keys (not even the SE firmware has access to the key material, it's just allowed to run the circuits).

Check out the iOS Security Guide whitepaper.

[Twisell]

Interesting question would love to read some insights about that too. From my really basic understanding Apple Secure Enclave is a co-processor so other rules should apply but I'm also a poor layman in hardware design.